DEPLOYING A WINDOWS SERVER VIRTUAL MACHINE RUNNING IIS

Let's start off by with the question What is IIS?

Internet Information Services (IIS) is a flexible, general purpose Microsoft web server that runs on Windows operating system and is used to exchange static and dynamic web content. It is used to host, deploy and manage web applications using technologies like ASP.NET and PHP.

In this blog be deploying the following things with Microsoft Azure:

1. Create a windows Server with IIS installed
2. Create an Application Security Group (ASG) in the same region as your Server.
3. Go the Server's Network Security Group (NSG) and Add an inbound rule on port 80 and Port 443.
4. Create firewall and attach it to the Server's Vnet to secure your environment from malicious threats.
5. Copy your Public IP to a browser and ensure there is connectivity.

Prerequisite
First thing login to your Microsoft Azure Portal by going to https://portal.azure.com.
If you do not have an azure account sign up and create an account for free with this link https://azure.microsoft.com/en-us/free/. Registration will require a phone number and a debit or credit card details to validate your account even for the free account. You have a choice between the free or pay as you go account.

Create a Windows Server with IIS installed.

Step 1: Go to the search bar at the top centre of the Azure portal and type Virtual Machines, then click it from the list of resources.

Step 2: Click Create on the Virtual machine page. From the drop-down menu click Azure virtual machine.

Step 3: Project details

• Subscription: Choose your subscription. Here we will be using the default Azure subscription, if you have others, you can select another.
• Resource group: We will be creating a new one for the purpose of this exercise. Select Create new and type a name and select OK.

Step 5: Instance details

-Virtual machine name: Give your VM a name and it should be unique throughout the Azure network.
- Region: Select a location you want your VM, from the dropdown menu. [ A region is the geographical location with data centres that host services and infrastructures, with each operating independently and self-contained]
- Availability options: we leave on the default Availability zone.
- Availability zone: Select the zone or zones you would like your VM to be located

- Security type: We leave on the default Trusted launch virtual machines.
- Image: Select from the dropdown menu a Window Server image. I will be using the Windows Server 2019 Datacenter x64 Gen2 for this exercise.

For this exercise leave the remaining setting as they are and follow the next steps below.

Step 6: Administrator Account

• Username: Name your administrator account
• Password: type your password and confirm the password

Step 7: Network tab
Click the Networking tab towards the top of the page ensure that your Network interface is populated especially the

- Virtual network
- Subnet
- Public IP

If the not populated, click the Create new underneath the blank boxes by Virtual network. Select the defaults and click Ok.

The fields then get populated. If yours was populated already then click Review + Create, at the bottom of the screen.

Step 8: When your Validation passed then click Create at the bottom right of the page.
Step 9: Once Deployment is completed Click Go to resource.

Step 10: Connect to your Windows Server virtual machine so we can install IIS. You do this by clicking Connect besides the search bar to the right of your page. A dropdown menu shows and click Connect.

• Click on the Download RDP file. Your browser may ask if you want to keep the file click Keep/Save.

• A Remote Desktop Connection pop up appears on your screen click Connect.

• Enter the password to your Windows Server and Click Ok.
• Another Remote Desktop Connection prompt appears on your screen click Yes.

Wait for the Virtual Machine to setup. You are now Logged into your Windows Server.

Step 11: Installing IIS on our Windows Server.

• Click on Add roles and features in the Server Manager.

• The Add Roles and Features Wizard comes up click Next to the get to Installation Type.
• Ensure Role-based or feature-based installation is selected and click Next.

• Server selection you should see the server you deployed. Select it and click Next.

Server Roles scroll down the list of Roles till you see Web Server (IIS) check the box, a second window appears click Add features and click Next.

• Click Next till you get to Confirmation then you click Install.

While the installation process is going on open your Azure Portal on a New Tab on your web browser to Create an Application Security Group (ASG).

2. Application Security Group (ASG)

Step 1: Search for a Application Security Group at the top centre search bar of your portal at click.

Step 2: Click Create

Step 3: In the Create an application security group page. Begin with the Basics and fill out the Project details and Instance details.

• Subscription: Select your Subscription
• Resource group: Select the resource group you created for this project from the deployment of the Windows Server Virtual Machine, from the dropdown menu.
• Instance details:
  • Name: Give your Application Security Group a Name
  • Region: Ensure the region is the same as that of your Windows Server Virtual Machine

• Click Review + Create at the bottom of the page.
• After the Validation is passed Click Create at the bottom left of the page.
• Once the Deployment is completed click Go to resource.

With this you have successfully created your Application Security Group. Now we will be creating a Network Security Group.

3. Network Security Group (NSG)

Go to the Search bar at the top of the portal page and search for Network Security Group (NSG) and click.

You will notice that Azure has already created a NSG for your server, so we go ahead with the creating inbound rule on port 80 and port 443.

Add an inbound rule on port 80 and Port 443 in your Network Security Group (NSG)

Step 1: Click on the Network Security Group Created.
Step 2: Go to Inbound Security rules at the right side of the page underneath Settings dropdown menu.
Step 3: Click Add to set a new rule for there to be Inbound access to our Server.

Step 4: Adding Inbound security rule. We will be changing only the following below

• Destination: Click the dropdown menu and select Application security group.

• A new option appears Destination application security group, from the dropdown menu select the application security group you created.

• Destination port ranges: change the ports to 80, 443 (for http and https ports).
• Priority: Scroll down to priority and change it to 100 or 150. The lower the number the higher the priority it is given.
• Name: Give this rule a name.
• Click Add

You have added a new Inbound rule to your Network security group.

Adding the Application Security Group to our Windows Server

Step 1: Go to Virtual Machine through the Search bar at the top of the portal and go to the Windows Server.
Step 2: Go to Application Security group underneath the Networking menu, the click Add application Security groups.

Step 3: A window opens and as long as you ensured you place everything in the same region the Application Security Group you created will appear as an option select it and click Add.

4. Create firewall and attach it to the Server's Virtual Network

Step 1: Search for Firewall in the search bar of the portal and click

Step 2: Click Create

Step 3: Create a firewall.

• Subscription: choose your subscription
• Resource group: Select the Resource Group from the dropdown menu you have been using for this project.
• Name: Give your firewall a name
• Region: It should be the same as your windows server
• Availability zone: same as your windows server

• Firewall SKU: Select Premium
• Firewall policy: Click Add new.
  • Policy name: Give it a name.
  • Region: it should be the same region as the Windows Server
  • Policy tier: Select Premium Click Ok

Before we can move forward and add Virtual network and Public IP address, we need to take a detour and create a firewall Network subnet.

I would suggest duplicating the tab or opening your azure portal in another tab and follow the steps below.

To Create a firewall subnet, go to the Search bar at the top of the portal and type Virtual Network and click.

Next Select your network of your Server

Below the Virtual Network Search go to Settings and select Subnets

Below the Virtual Network Search go to Settings and select Subnets.

Select +Subnet towards the right of the Virtual Network Search

In the Add a subnet window

• Subnet purpose: Select Azure Firewall.
• Leave it everything at the default and Click Add.

Now we can go back to the tab where we were about Create Azure Firewall. Refresh the tab and fill in the previous information In Step 3 of Creating Firewall till we get to the point where we digressed to creating a subnet.

Choose a virtual network: Select Use existing.
Virtual Network: Select your Windows Server vnet
Public IP address: Click Add. Give it a name and click ok

Click Next: Tags >, then Next: Review + create> then click Create all at the bottom of the portal

Your firewall is up and running.

5. Copy your Public IP to a browser and ensure there is connectivity.

Navigate back to the Tab with your Windows Server Virtual Machine. Copy the Public IP address of your Windows Server VM

Paste it in your browser.

A Windows Server Virtual Machine running IIS and secured it with a firewall on Microsoft Azure has just been deployed. Give it a try.