In this post, we will understand how can we create a Virtual Machine in Azure inside a Virtual Network (VNET).
Table of Contents
- Creating a Resource Group
- Creating a Virtual Network and Subnet
- Creating an Application Security Group
- Creating a Network Security Group (NSG)
- Creating a Virtual Machine
- Attaching ASG to Virtual Machine
- Connecting with Remote Desktop
1. Creating a Resource Group
First, create a new resource group in Azure. We will be using the same resource group for creating further resources in this tutorial.
In Azure, Resource Group acts as a logical container for other Azure resources.
2. Creating a Virtual Network and Subnet
Next, we will create a Virtual Network (VNET) as we can't create a VM without a VNET in Azure. So, we will first create a VNET and later put our VM inside that VNET.
Good to know:
- A VNET can have multiple subnets.
- Create a Subnet to divide a VNET into multiple sub-networks.
- In Azure, while creating a VNET, a default subnet is created automatically.
2.1. Creating a Virtual Network
Create a VNET in the same Resource Group (RG). See below picture, we have used the same RG that we created above.
2.2. Creating Subnet
Move on to the next tab IP Addresses. Here you will get following things:
- IP address range for the VNET
- Default subnet
We won't modify anything here, and will go with the defaults.
3. Creating an Application Security Group
Create an Application Security Group (ASG) in the same RG.
Good to know:
Purpose of creating an ASG is to get more control over security policy.
For example, you have 6 VMs in your resource group. Out of those, 3 belongs to frontend and 3 belongs to backend.
- Now, you can create 2 ASGs, one for each i.e. Frontend-ASG & Backend-ASG.
- You can attach these ASGs to respective category Virtual Machine's Network Interface Card.
- Later, you can create 2 different NSGs with different security rules.
- Finally, you can attach frontend NSG <> Frontend-ASG & backend NSG <> Backend-ASG.
This ways, ASG provides you more flexibility to logically group your Azure Resources as per their nature or role, and also enables you to apply NSG or security rules at more granular level.
4. Creating a Network Security Group (NSG)
Next, we will create an NSG and will allow 3389 port for remote desktop access.
4.1. Creating Network Security Group
4.2. Add Inbound rule for RDP (Port 3389)
Click on Inbound Security rules in left blade and click on Add button.
Now, select Application Security Group and allow port 3389 as shown below.
You can see, a rule for remote desktop access is now added in the inbound rules. This will allow RDP access to only those Virtual Machines (Network Interface more specifically) which are part of selected ASG.
A Network Interface Card (NIC) is a component without which a computer can not be connected over a network. NIC acts as a bridge between a computer and a computer-network.
4.3. Attach NSG to Subnet
Now, attach the NSG that we created above to the subnet.
Remember, we can either attach an NSG to a Subnet level or an NIC level.
5. Creating a Virtual Machine
Now, we will create a Virtual Machine step by step by following the wizard.
5.1. Create Virtual Machine
Go to the Compute and select Virtual Machine.
Fill out basic information as given below. Remember, to keep the RG same.
Next, fill out the username and password for the VM. Also, select None in public inbound ports, because, if you allow inbound ports from here, then it will create a new NSG, and we don't want that as we have already created one.
Next tab, Disks, select Premium SSD.
Next tab, Networking.
- Step 1 & 2: Create a Public IP for the VM.
- Step 3: Don't attach NSG to NIC as we have already attached NSG with default subnet.
- Step 4: Go to Management tab.
Now click next, next and press Review + Create in the last tab.
After successful validation, click on create button.
Once the Virtual Machine is provisioned successfully, you will see a screen like below.
5.2. Revisit Resource Group
Now, let's go back to our resource group and see how many resources have been created so far. You can see that once you provision a Virtual Machine, a Network Interface Card and OS Disk resource is also provisioned in the background.
6. Attaching ASG to Virtual Machine
Now, go to the Virtual Machine and Networking tab, and click on configure ASG as per below picture.
Select the ASG that we created above.
See that selected ASG is now attached to the NIC of VM.
7. Connecting with Remote Desktop
Now, let's go to the Virtual Machine again and click on connect and download RDP file.
Double click on RDP file and enter the credential that you created in first step of Wizard.
After successful authentication, you will be able to access your VM through RDP.
That's how we created and configured a Virtual Machine step by step in Azure. Also, we understood concepts of ASG and NSG, and how to leverage them to implement security.