Windows Server Administration Labs
Labs 00, 01, & 02, Written by: Edward Bigos, 2023
Lab 00
Creating the Azure Education Login
Overview
This assignment sets up the login for Azure.
Cautions and Warnings
Browser Issues
The documentation was created using Firefox on an Ubuntu host. Any browser should work, but we have not tested the process on other browsers.
One specific problem encountered involved data retention from a prior user. On each screen verify the username is your username and not any other user’s information.
If the username information deviates from your information stop the process, open a blank tab, exit all the Microsoft screens, then clear all the browser information (Firefox shown below).
Do not Enter a Credit Card
If you see this image STOP. You will not need a credit card to access the education portal. Exit the process and start over.
Use Your STCC Education Login
Use your STCC login to access the education portal. If you do not see the STCC login you will not have access to the free credits.
Procedure – Creating the Azure Education Account
-
Access the education portal at the link below.
https://azureforeducation.microsoft.com/devtools
-
Click Sign In
-
Wait for the login. Choose the sign-in options at the bottom of the window.
-
Choose Sign Into an Organization.
-
Enter the domain name as studentstcc.edu or stcc.edu.
-
Enter the user's email account name.
-
Select Next and wait for the redirect.
-
Use your STCC single sign-on credentials to log in.
-
Choose “Stay Signed In” only if this is your computer. For public computers choose “No”.
-
You will need a phone number to identify your account. This is to ensure there is a human associated with the account. The simplest method is for the user to check the “Text Me” button after entering a valid mobile phone number. A verification code will be sent to the mobile phone. Enter the SMS code into the Verification Code box. Press the Verify Code button.
-
Agree to the terms. Uncheck the other boxes.
-
After verification, the Azure Portal page will be displayed. The next step is to apply for the Azure $100.00 credit. Select the Sign Up Now button.
-
Select the green Start Free button.
-
Wait for the confirm your account screen to complete.
-
Enter your contact information.
-
Agree to the terms. Press the Sign-up button.
-
While the account is created, Azure requests feedback.
-
On success, the portal page is displayed.
- You are all set, you have setup your access to Microsoft Azure.
Lab 01
Azure Virtual Machine Introduction
Overview
This assignment creates the first virtual machine in Azure. This lab demonstrates the process of creating a Windows 2016 Server virtual machine in Azure, connecting to the server using Remote Desktop, and then removing the virtual machine.
Deliverables / What to submit
Take two screen snapshots as listed in the directions.
-
A screenshot of the Azure Portal showing the running Windows 2016 Server instance.
-
A screen snapshot of the Windows 10/11 workstation’s Remote Desktop connection to the Windows 2016 Server’s public IPV4 address.
- A screenshot of your deleted VM.
Log into the Azure for Education Portal
Log into the Azure Education Portal using your STCC credentials.
Procedure – Create an Azure Windows 2016 Server
-
The portal page lists common tasks and resources.
-
Select Virtual Machines. No virtual machines are listed.
-
Choose Create to create the first virtual machine.
-
Choose the Create new link to create a new resource group.
-
Select a name for the resource group. This lab used “vm1”. Select OK.
-
Choose the US East 1 region.
-
Select the Image drop-down to select a new operating system image. Choose Windows 2016 data center for the operating system.
-
Enter a username for the server administrator account.
-
Enter a password. This lab used RaspDell@7654X for the password. This virtual machine will be exposed to the Internet so a complex and secure password is necessary. Use your password, but be sure to record it somewhere.
Select Next Disks at the bottom of the page.
-
Choose a standard SSD for the disk.
Select Next Networking at the bottom of the page.
-
Review the default network settings. No changes are required.
Select Next Management at the bottom of the page.
-
Enable Auto Shutdown. Set the time to 7:00 PM EST.
Select Next Monitoring at the bottom of the page.
-
Review the monitoring options. No changes are necessary.
Select Next Advanced at the bottom of the page.
-
Review the options on the Advanced page.
Select Next Tags at the bottom of the page.
-
No tags will be specified for this virtual machine.
Select Next Review Create at the bottom of the page.
-
Review the specification of the virtual machine. Azure runs a validation check on the specification. Wait for the process to complete.
Validation completed.
-
Choose Create to build and start the virtual machine.
-
Wait for the deployment to complete.
-
The deployment is complete. The virtual machine is running. Choose Go To Resource.
-
Review the running virtual machine’s specifications. Note the public IPV4 address.
STOP. Take a screen snapshot of this screen for the lab submission.
-
Start a Windows 10 or 11 client. Remote Desktop is not available on the Windows 10/11 Home Editions. The images below are from a Windows 10 client.
Alternatively, if you are on a Linux machine, you can use the Remmina Remote Desktop Viewer to access the remote environment.Search for and open the Windows Settings menu. Select System.
-
Select Remote Desktop.
-
Enable Remote Desktop.
-
Search for the Remote Desktop app then start the application.
-
Copy the public IPV4 address of your virtual machine to the clipboard. Paste it into the Computer field in Remote Desktop. Select Show More Options.
-
Enter the username for the Windows 2016 Server. Choose connect.
-
Enter the password. Enter Yes to the security warning.
-
Windows 10 initiates a remote desktop connection to the Windows 2016 server using the public IPV4 address.
-
The remote desktop to the Windows 2016 Server. Browse through the Windows server to convince yourself this is the same server used in the ProxMox labs.
STOP. Take a screen snapshot of this screen for the lab submission.
-
Check the red items. These features need to be configured.
-
Close Server Manager. The controls for Remote Desktop are at the top of the screen. Click on the “X” to disconnect the Remote Desktop from the Windows 2016 Server.
Disconnection message.
The server has been disconnected.
-
Review the status of the Windows 2016 Server in the Azure Portal.
-
Stop the virtual machine.
-
Wait until the virtual machine stops.
-
Delete the virtual machine. This exercise was to step through the process. The next lab will create another virtual machine to replace it.
Select delete for the OS disk, the network interfaces, and the public IP address.
Select Delete.
STOP. Take a screen snapshot of this screen for the lab submission.
-
The portal does not update to show the virtual machine has been deleted. Review the messages and refresh the page.
Lab 02
Creating an Azure Network
Overview
This assignment sets up a software-defined network for Azure.
Deliverables / What to Submit
-
Take a screenshot of the web page to submit for credit.
-
From the Azure Portal choose Home then VM2. Take a screenshot of the vm2 configuration. Include your username on the right side of the screen.
-
Examine the code to create the rule to allow HTTP traffic through webnsg in Part 2 step 10.
Getting Started
-
Login to https://portal.azure.com. From the Home screen choose All Resources.
-
Note the names of your existing resources. Your resources may look different from the image below.
-
Choose Export to CSV. Save the file for later use.
-
Create a new tab on the browser. Open https://shell.azure.com on this new tab. This step opens an Azure shell command line interface (CLI).
-
Select Bash Shell.
-
Choose Create Storage. This creates permanent storage for the CLI shell operations.
-
The storage may take several minutes to create. Wait until it is complete.
-
On completion, the Bash shell will appear.
-
Create SSH keys for the CLI using the ssh-keygen command.
-
List the directory using ls -la. The keys are stored in the .ssh directory. Use ls -la .ssh to display the key files id_rsa and id_rsa.pub.
Use the cat commands to display the contents of the public key.
Creating a Software Defined Network (SDN)
Azure uses a software-defined network (SDN) to provide network services to virtual machines (VMs). This set of steps will create an SDN for the next set of VMs. It helps to visualize the parts of the SDN.
-
The SDN is composed of virtual networks and subnets (including IP address pools). We will create two subnets.
-
Virtual network interface cards.
-
One or more public IP addresses.
-
Internal DNS name and optional public DNS names for external name resolution
-
Network security groups and rules are used to secure and control the flow of network traffic. This function works the same way a regular firewall controls the flow of packets.
Part 1 - Setting up the network
-
Create a Network Interface. Select the Home page on the Azure Portal. Choose Create resource. In the search box enter Network. Select Network interface.
-
Select Network interface and then Create.
Resource group: vm2
Name: webvnic
Region: East US
Virtual network: virtualNetwork1
-
Examine the subnet addresses. The 10.1.1.0/16 class B is reduced to 10.1.1.0/24. Select Edit subnet.
Select Edit subnet.
Use the following values.
Name: websubnet
Starting address: 10.1.1.0
Subnet size: /24 (256)
Save the subnet changes.
Select the Static IP radio button.
Private IP address assignment: static
Private IPv4 address: 10.1.1.4
Save the interface configuration. After validation choose Create.
View the webvnic configuration.
Notice there is no public IPv4 address listed on the interface.
From the Home screen choose Create, Network, Public IP address.
Enter the following values.
Resource group: vm2
Name: webPublicIP
Save the public IP address. Validate and create the IP address.
Associate the public IP address with the network interface. Note: the screens use the name webPublicIP2 but you will be using webPublicIP.
Examine the webPublicIP configuration.
Choose the Associate button.
Select Interface from the Resource drop-down.
Choose the webvnic interface.
View the webvnic configuration. Note the public IP address.
Part 2 - Configuration with the CLI
Now that we have setup our first network manually, we will now add the rest of our networks and VM to the configuration. To speed up this process, we will use the Azure CLI to mass create networks and VM's for our networks.
Open a new tab on the browser to https://shell.azure.com
-
Create the remote security group remotensg.
az network nsg create --resource-group vm2 --name remotensg
-
Create the remote network security group rules. Paste the code below into the Bash shell.
az network nsg rule create --resource-group vm2 --nsg-name remotensg --name allowssh --protocol tcp --priority 100 --destination-port-range 22 --access allow
-
Create the remote subnet 10.1.2.0/24 with the subnet name remotesubnet and security group remotensg.
az network vnet subnet create --resource-group vm2 --vnet-name vnet-eastus-1 --name remotesubnet --address-prefix 10.1.2.0/24 --network-security-group remotensg
-
Create the Ubuntu 22.04 Linux web server.
az vm create --resource-group vm2 --name webvm --nics webvnic --image Ubuntu2204 --size Standard_B1ms --admin-username azuremol --generate-ssh-keys
-
Create the Ubuntu 22.04 Linux JumpBox server.
az vm create --resource-group vm2 --name remotevm --vnet-name vnet-eastus-1 --subnet remotesubnet --nsg remotensg --public-ip-address remotepublicip --image Ubuntu2204 --size Standard_B1ms --admin-username azuremol --generate-ssh-keys
-
Test the connection to the jump box. Commands are in bold (use your IP address, the one below is an example).
edward [ ~ ]$ eval $(ssh-agent) Agent pid 301
edward [ ~ ]$ ssh-add
Identity added: /home/edward/.ssh/id_rsa (edward@cc-c9c2859c-
58c96f7cb4-ldm8p)
edward [ ~ ]$ ssh -A azuremol@74.235.35.186
The authenticity of host '74.235.35.186 (74.235.35.186)' can't be established.
ED25519 key fingerprint is
SHA256:+lbhwT+eEeB9LXHoOKwRJ3fav5OtSvaHXB1C6yeREzA.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '74.235.35.186' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1037-azure x86_64)
-
Documentation: https://help.ubuntu.com
-
Management: https://landscape.canonical.com
-
Support: https://ubuntu.com/advantage
System information as of Tue May 2 03:17:47 UTC 2023
System load: 0.0732421875 Processes: 101
Usage of /: 5.0% of 28.89GB Users logged in: 0
Memory usage: 13% IPv4 address for eth0: 10.1.2.4
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
azuremol@remotevm:~$
-
-
Connect to the webvm server.
azuremol@remotevm:~$ ssh 10.1.1.4
The authenticity of host '10.1.1.4 (10.1.1.4)' can't be established.
ED25519 key fingerprint is
SHA256:1pFU2M0so/8idcudTOHBV0ZDnaQ4trDEwdIeBtTkUDI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.1.1.4' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-1037-azure x86_64)
-
Documentation: https://help.ubuntu.com
-
Management: https://landscape.canonical.com
-
Support: https://ubuntu.com/advantage
System information as of Tue May 2 03:19:18 UTC 2023
System load: 0.0 Processes: 95
Usage of /: 5.0% of 28.89GB Users logged in: 0
Memory usage: 13% IPv4 address for eth0: 10.1.1.4
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details.
azuremol@webvm:~$ ls azuremol@webvm:~$ uname -a
Linux webvm 5.15.0-1037-azure #44-Ubuntu SMP Thu Apr 20 13:19:31 UTC
2023 x86_64 x86_64 x86_64 GNU/Linux azuremol@webvm:~$
-
-
Install the webserver on webvm.
sudo apt update && sudo apt install -y apache2
Open port 80 for the web server. Log out from Linux server webvm. Log out from Linux server remotevm. Enter the commands from the Azure CLI shell.
-
Create the web network security group webnsg
az network nsg create --resource-group vm2 --name webnsg
-
Create the webnsg rules for the HTTP port 80.
az network nsg rule create --resource-group vm2 --nsg-name webnsg --name allowhttp --protocol tcp --priority 100 --destination-port-range 80 --access allow
-
Associate the webnsg rule with the webvnic.
az network nic update --name webvnic --resource-group vm2 --network-security-group webnsg
-
Test the web server by opening a connection to your public IP address. The syntax is http://publicipaddress, where publicipaddress is your server's public Ip address which can be found on your VM's information tab. In my case, it would be http://20.81.63.106.
Be sure to use http and not https!
STOP. Take a screen snapshot of this screen for the lab submission.
Refer to deliverables 2 & 3 at the top of the lab for the other two lab requirements.