Validating Virtual Network Connectivity

Scenario

A. Datum now wish to test the new Azure networking configuration, and validate the connectivity between the A. Datum HQ and branch virtual networks. For test purposes, one of your virtual machines has been configured (in the deployment script) as a DNS server, so that you can test name resolution between linked virtual networks. You will RDP into these virtual machines.

The main tasks for this exercise are as follows:

1. Connect to A. Datum Virtual Machines 2. Testing TCP/IP Connectivity between Sites 3. Testing Name Resolution

 Task 1: Connect to A. Datum Virtual Machines

1. Connect to AdatumWestSvr1 using D:\Labfiles\Lab02\Starter\AdatumWestSvr1.rdp.

2. If a Remote Desktop Connection warning message appears, select the Don’t ask me again for connections to this computer check box, and click Connect.

3. In the Windows Security dialog box, type the following credentials, and click OK:

o User name: Student o Password: Pa$$w0rd123

4. If another Remote Desktop Message appears, select the Don’t ask me again for connections to this computer check box, and click Yes.

5. Minimize the AdatumWestSvr1 RDP session.

6. Connect to AdatumEastSvr1 using D:\Labfiles\Lab02\Starter\AdatumEastSvr1.rdp.

7. If a Remote Desktop Connection warning message appears, select the Don’t ask me again for connections to this computer check box, and click Connect.

8. In the Windows Security dialog box, type the following credentials, and click OK:

o User name: Student o Password: Pa$$w0rd123

9. If another Remote Desktop Message appears, select the Don’t ask me again for connections to this computer check box, and click Yes.

10. Minimize the AdatumEastSvr1 RDP session.

 Task 2: Testing TCP/IP Connectivity between Sites

1. Maximize the AdatumEastSvr1 session, and ensure that Windows Firewall is turned off for all profiles.

2. Minimize the AdatumEastSvr1 RDP session.

3. Maximize the AdatumWestSvr1 session, and ensure that Windows Firewall is turned off for all profiles.

4. In the AdatumWestSvr1 session, ping AdatumEastSvr1 (10.0.2.4) from AdatumWestSvr1 by IP address.

5. Maximize the AdatumEastSvr1 RDP session.

6. Ping AdatumWestSvr1 (10.0.1.4) from AdatumEastSvr1 by IP address.

MCT USE ONL Y. STUDENT USE PROHIBITED

2-32 Implement and Manage Virtual Networks

 Task 3: Testing Name Resolution

1. Use the PowerShell Test-NetConnection cmdlet to ping AdatumEastSvr1 from AdatumWestSvr1 by fully qualified domain name.

2. Use the PowerShell Test-NetConnection cmdlet to ping AdatumWestSvr1 from AdatumEastSvr1 by fully qualified domain name.

Results: After completing this exercise, you will have verified that virtual machines can communicate between virtual networks.

Exercise 3: Configuring a Point-to-Site VPN

Scenario

A. Datum now wish to implement secure communications from on-premises resources to Azure, and wish to start by configuring and testing a point-to-site VPN connection to one of the gateways you created in Exercise 3.

Only complete this lab if you have sufficient time remaining.

Important: Even if you do not complete this exercise, you must ensure you complete the Reset the Environment task. This task resets your Azure subscription in preparation for later labs and ensures that no unnecessary costs accrue.

The main tasks for this exercise are as follows:

1. Configuring a VPN from Client to HQ Virtual Network 2. Connecting to the HQ Virtual Network

3. Reset the Environment

 Task 1: Configuring a VPN from Client to HQ Virtual Network Enable point-to-site connectivity for the ADATUM-HQ-VNET virtual network.

1. Use the Windows key, and then type Command.

2. Right-click Command Prompt, and then click Run as administrator.

3. In the User Account Control dialog box, click Yes.

4. At the Command Prompt, type the following command, and press Enter:

CD C:\Program Files (x86)\Windows Kits\8.1\bin\x64

5. At the Command Prompt, type the following command, and press Enter:

makecert -sk exchange -r -n "CN=AdatumRootCertificate" -pe -a sha1 -len 2048 -ss My

"AdatumRootCertificate.cer"

6. On the ADATUM-HQ-VNET CERTIFICATES page in the Azure Management Portal, upload the self-signed root certificate.

MCT USE ONL Y. STUDENT USE PROHIBITED

Implementing Microsoft Azure Infrastructure Solutions 2-33

7. Switch to the Command Prompt.

8. At the Command Prompt, type the following command, and press Enter:

makecert.exe -n "CN=AdatumClientCertificate" -pe -sk exchange -m 96 -ss My -in

"AdatumRootCertificate" -is my -a sha1

9. Verify client certificate installation in Internet Explorer.

 Task 2: Connecting to the HQ Virtual Network

1. Configure VPN client by downloading the 64-bit Client VPN Package, and installing it on the local client.

2. From the local client, connect to the VPN, and verify VPN connection using ipconfig/all.

3. Verify the VPN connection by browsing files on \\adatumwestsvr1.adatum.msft\c$.

4. Disconnect the VPN connection.

 Task 3: Reset the Environment

1. Close all open applications without saving any files.

2. On the taskbar, right-click Microsoft Azure PowerShell, and then click Run as administrator. In the User Account Control dialog, click Yes.

3. Type the following command, and then press Enter:

Reset-Azure

4. When prompted, sign in using the Microsoft account associated with your Azure subscription.

Note: This script may remove Azure services in your subscription. It is therefore recommended that you use an Azure trial pass that was provisioned specifically for this course, and not your own Azure account.

The script will take 5-10 minutes to reset your Microsoft Azure environment, ready for the next lab.

The script removes all storage, VMs, virtual networks and gateways, cloud services, and resource groups.

Important: The script may not be able to get exclusive access to a storage account to delete it (you will see an error, if this occurs). If you find objects remaining after the reset script is complete, you can re-run Reset-Azure script, or use the full Azure Management Portal to manually delete all the objects in your Azure subscription, with the exception of the default directory.

Results: After completing this exercise, you will have configured and tested a point-to-site VPN connection.

MCT USE ONL Y. STUDENT USE PROHIBITED

2-34 Implement and Manage Virtual Networks

Module Review and Takeaways

In this module, you learned about:

 Planning virtual networks in Microsoft Azure.

 Implementing and managing virtual networks.

 Configuring inter-site connectivity with Microsoft Azure networks.

Review Question(s)

Question: What considerations are there for choosing a name resolution solution for an Azure virtual network-based deployment?

MCT USE ONL Y. STUDENT USE PROHIBITED

3-1

Module 3