DEV Community

Cover image for Azure Management Tasks
Nwafor Somadina Emeka
Nwafor Somadina Emeka

Posted on

Azure Management Tasks

#azure #cloudcomputing #management #learning

This document outlines a series of technical laboratory exercises designed to complement Microsoft Learn training modules. The provided curriculum focuses on the administration of cloud infrastructure, specifically guiding users through the management of virtual networks and virtual machine configurations. Students also learn to implement security protocols for data storage and apply governance tools such as resource tags and locks. The final stage of the learning path ensures environmental efficiency by detailing the necessary clean-up procedures. Altogether, these resources offer a structured practical framework for developing essential IT competencies within the Microsoft ecosystem.

The core steps for managing virtual network infrastructure within the context of Microsoft skilling exercises include:

  • Prepare: Initial setup and readiness for the infrastructure tasks.
  • Update the virtual network: Modifying and maintaining the network configurations.
  • Manage virtual machines: Overseeing the computing resources connected to the network.
  • Control storage access: Managing how data and storage resources are accessed within the infrastructure.
  • Manage tags and locks: Organizing resources for better tracking and applying protections to prevent accidental deletion or modification.
  • Clean up: Finalising tasks and removing unnecessary resources to maintain an efficient environment.

1. Create a resource group

In order to make clean-up easy at the end, start with creating a new resource group to hold the resources for this guided project. Using resource groups to organize things is a quick way to ensure you can manage resources when a project is over.

  • Login to Microsoft Azure Login to Microsoft Azure at https://portal.azure.com
  • From the Azure portal home page, in the search box, enter resource groups.

  • Select Create.

  • Enter guided-project-rg in the Resource group name field.

  • The Region field will automatically populate. Leave the default value.

  • Select Review + create.

  • Select Create.

Create a virtual network with one subnet

  • From the Azure portal home page, in the search box, enter virtual networks.
  • Select virtual networks under services.
  • Select Create.
  • Scroll down to the Instance details section and enter guided-project-vnet for the Virtual network name.
  • Select Review + create.
  • Select Create.

  • Wait for the screen to refresh and show Your deployment is complete.

  • Select Home to return to the Azure portal home page.

Create a virtual machine

  • From the Azure portal home page, in the search box, enter virtual machines.
  • Select virtual machines under services.

  • Select Create and then select Virtual machine

  • Select guided-project-rg for the Resource group.
  • Enter _guided-project-vm _for the Virtual machine name.
  • For the Image, select one of the Ubuntu Server options. (For example, Ubuntu Server 24.04 LTS - x64 Gen2)
  • Continue further on the Basics page to the Administrator account section.
  • Select Password for authentication type.
  • Enter guided-project-admin for the admin Username.
  • Enter a password for the admin account.
  • Confirm the password for the admin account.
  • Leave the rest of the settings as default settings. You can review the settings if you like, but shouldn’t change any.
  • Select Create to confirm the resource cost and create the virtual machine.

  • Select Home to return to the Azure portal home page.

Create a Storage account

  • From the Azure portal home page, in the search box, enter storage accounts.

  • Select Storage accounts under services.

  • Select Create.
    Note: The subscription and resource group should automatically fill in. Verify that the information filled in matches the correct subscription and the new resource group created for the guided project (guided-project-rg if you’re following along with the naming conventions).

  • Scroll down to the Instance details section and enter a name for the storage account. Storage accounts must be globally unique, so you may have to try a few different times to get a storage account name.

  • Select Review + create. Screenshot of the server manager menu with the alert icon displayed.
  • Select Create.

  • Wait for the screen to refresh and show Your deployment is complete.

  • Select Home to return to the Azure portal home page.

2. Update the virtual network

You’re helping an Azure Admin maintain resources. While you won’t be responsible for maintaining the entire infrastructure, the Admin will ask you to help out by completing certain tasks. Currently, there’s a Linux virtual machine (VM) that’s underutilized, and a need for a new Linux machine to serve as an FTP server. However, the Azure admin wants to be able to track network flow and resource utilization for the needed FTP server, so has asked you to start out by provisioning a new subnet. The current subnet should be left alone, as there are future plans for using it for additional VMs.

Create a new subnet on an existing virtual network (vNet).

  • Select virtual networks under services.
  • Select the guided-project-vnet virtual network.

  • From the guided-project-vnet blade, under settings, select Subnets.
  • To add a subnet, select + Subnet.

  • For Subnet purpose leave it as Default.
  • For Name enter: ftpSubnet.
  • Leave the rest of the settings alone and select Add.

  • Select Home to return to the Azure portal home page.

we have completed the creation of a subnet. This subnet is only going to be used for SFTP traffic. To increase security, you need to configure a Network security group to restrict which ports are allowed on the subnet.

Create a network security group

  • From the Azure portal home page, in the search box, enter virtual networks.
  • Select virtual networks under services.
  • Select Network security groups.

  • Select + Create.

  • Verify the subscription is correct.
  • Select the guided-project-rg resource group.
  • Enter _ftpNSG _for the network security group name.
  • Select Review + create.

  • Once the validation is complete, select Create.

  • Wait for the screen to refresh and display Your deployment is complete.

  • Select Go to resource.

  • Create an inbound security rule

  • Under settings, select Inbound security rules.

  • Select + Add.

  • Change the Destination port ranges from 8080 to 22.
  • Select TCP for the protocol.
  • Set the name to ftpInbound.
  • Select Add.

  • Select Home to return to the Azure portal home page.

Now, you’ll need to associate the new network security group with the ftpSubnet.

Associate a network security group to a subnet

  1. From the Azure portal home page, in the search box, enter virtual networks.
  2. Select virtual networks under services.
  3. Select the guided-project-vnet virtual network.
  4. Under settings, select Subnets.
  5. Select the ftpSubnet you created.
  6. On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.
  7. Select Save.

3. Manage virtual machines

With the network settings updated to support segmenting the Linux virtual machine, you’re ready to manage the virtual machine itself. The first thing the Azure admin asks you to complete is moving the virtual machine to the new subnet you created in the previous exercise.

Move the virtual machine network to the new subnet

  • From the Azure portal home page, in the search box, enter virtual machines.
  • Select virtual machines under services.
  • Select the guided-project-vm virtual machine.

If the virtual machine is running, select Stop. Note: In order to make some configuration changes, such as changing the subnet, the VM will need to be restarted. You can request the change without stopping the VM, but Azure will force a restart before completing the change.

  • Wait for the Status field to update and show Stopped (deallocated).

  • Within the Networking subsection of the menu, select Network settings.

  • Select the Network interface / IP configuration hyperlink for the VM.

  • On the IP Configurations page, update the Subnet to ftpSubnet.
  • Select Apply.

Vertically scale the virtual machine

  1. From the Azure portal home page, in the search box, enter virtual machines.
  2. Select virtual machines under services.
  3. Select the guided-project-vm virtual machine.
  4. Locate the Availability + scale submenu and select Size.
  5. Select a new VM size D2s_v5 for example. (Note: If you don’t see the same size as shown in this exercise, select something similar.)
  6. Select Resize. Note: The VM size may not update in the Azure UI until the VM is restarted.

Attach data disks to a virtual machine

  1. From the Azure portal home page, in the search box, enter virtual machines.
  2. Select virtual machines under services.
  3. Select the guided-project-vm virtual machine.
  4. Locate the settings submenu and select Disks.

  1. Select Create and attach a new disk.
  2. Leave LUN as default.
  3. Enter ftp-data-disk for the Disk name.
  4. Leave the Storage type as default.
  5. Enter 20 for the Size.
  6. Select Apply to create the new storage disk and attach the disk to the machine.

  1. Select Home to return to the Azure portal home page.

The final thing the Azure admin is concerned about is the cost of running the computer 24 hours a day. The first thing they’ll do every morning is start up the FTP server. However, they’d like you to configure it to automatically shutdown every day at 7 PM Coordinated Universal Time (UTC).

Configure automatic shutdown on a virtual machine

  1. From the Azure portal home page, in the search box, enter virtual machines.
  2. Select virtual machines under services.
  3. Select the guided-project-vm virtual machine.
  4. Under the Operations submenu, select Auto-shutdown.
  5. In order to let late uploads finish, set the Scheduled shutdown to 7:15:00 PM.
  6. Select Save.

  1. Select Home to return to the Azure portal home page.

Control storage access

The Azure admin wants you to get more familiar with storage accounts, containers, and file shares. They anticipate needing to share an increasing number of files and need someone who is skilled using these services. They’ve given you a task of creating a storage container and a file share and uploading files to both locations.

Create a storage container

  • Login to Microsoft Azure at https://portal.azure.com
  • From the Azure portal home page, in the search box, enter storage accounts.
  • Select storage accounts under services.
  • Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)

  • On the storage account blade, under the Data storage submenu, select Containers.
  • Select + Add container.

  • In the Name field, enter storage-container.
  • Select Create.

Great! With a storage container created, you can upload a blob to the container. Locate a picture that you can upload, either on your computer or from the internet, and save it locally to make uploading easier.

Upload a file to the storage container

  • Select the storage container you just created.

  • Select Upload and upload the file you prepared.

  • Once the file is ready for upload, select Upload.

  • With the file uploaded, notice that the Access tier is displayed. For something we uploaded just for testing, it doesn’t need to be assigned to the Hot access tier. In the next few steps, you’ll change the access tier for the file.

Change the access tier

  • Select the file you just uploaded (the file name is a hyperlink).
  • Select Change tier.

  • Select Cold.
  • Select Save.

Note: You just changed the access tier for an individual blob or file. To change the default access tier for all blobs within the storage account, you could change it at the storage account level.

  • Select Home to return to the Azure portal home page.

Good job! You’ve successfully uploaded a storage blob and changed the access tier from Hot to Cold. Next, you’ll work with file shares.

Create a file share

  • From the Azure portal home page, in the search box, enter storage accounts.
  • Select storage accounts under services.
  • Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)
  • On the storage account blade, under the Data storage submenu, select File shares.
  • Select + File share.

  • On the Basics tab, in the name field enter file-share.

  • On the Backup tab, uncheck Enable backup.
  • Select Review + create.

  • Select Create.

  • Once the file share is created, select Upload.
  • Upload the same file you uploaded to the blob storage or a different file, it’s up to you.

  • Select Home to return to the Azure portal home page.

Create a shared access signature token

  • From the Azure portal home page, in the search box, enter storage accounts.
  • Select storage accounts under services.
  • Select the storage account you created in the Prepare exercise.
  • On the storage account blade, select Storage browser.
  • Expand Blob containers.
  • Note: Blob container is another name for the storage containers. Items uploaded to a storage container are called blobs.
  • Select the storage container you created earlier, storage-container.
  • Select the ellipses (three dots) on the end of the line for the image you uploaded.
  • Select Generate SAS.

Note: When you generate a shared access signature, you set the duration. Once the duration is over, the link stops working. The **Start automatically populates with the current date and time.

  • Set Signing method to Account key.
  • Set Signing key to Key 1.
  • Tip: There are two signing keys available. You can choose either one, or create SAS tokens with different durations.
  • Set Stored access policy to None.
  • Set Permissions to Read.
  • Enter a custom start and expiry time or leave the defaults. Screenshot of the secure access token settings.
  • Set Allowed protocols to HTTPS only.
  • Select Generate SAS token and URI.

  • Copy the Blob SAS URL and paste it in another window or tab of your browser. It should display the image you uploaded. Keep this tab or window open.

Tip: You can configure SAS tokens for files shares and blob containers using the same process.

With the SAS token created, anyone with that link can access the file for the duration that was set when you created the SAS token. However, controlling access to a resource or file is about more than just granting access. It’s also about being able to revoke access. To revoke access with a SAS token, you need to invalidate the token. You invalidate the token by rotating the key that was used.

Rotate access keys

  • From the Azure portal home page, in the search box, enter storage accounts.
  • Select storage accounts under services.
  • Select the storage account you created in the Prepare exercise.
  • Expand the Security + networking submenu.
  • Select Access keys.

  • For Key 1, select Rotate key.
  • Read and then acknowledge the warning about regenerating the access key by selecting Yes.

  • For Key 1, select Rotate key.
  • Read and then acknowledge the warning about regenerating the access key by selecting Yes.

5. Manage tags and locks

The Azure admin hopes that you can wrap a few things up to help with monitoring and protecting resources. They want to know that someone can’t accidentally get rid of the virtual machine that’s running as an FTP server, and they want a quick way to see what department is using resources and the resource’s purpose.

Manage tags and locks on VMs

  • Login to Microsoft Azure at https://portal.azure.com
  • From the Azure portal home page, in the search box, enter virtual machines.
  • Select virtual machines under services.
  • Select the guided-project-vm virtual machine.
  • From the menu pane, select Tags.

  • On one line for Name enter Department and for Value enter Customer Service
  • On the next line, for Name enter Purpose and for Value enter FTP Server.
  • Select Apply.

While you’re working on the virtual machine, it’s a great time to add a resource lock.

Add a resource lock to a VM

  • If necessary, expand the Settings submenu.
  • Select Locks.

  • Select + Add.

  • For the name, enter VM-delete-lock.

  • For the Lock type, select Delete.

  • You may enter a note to help remind you why you created the lock.

  • Select OK.

Add tags to network resources

From the Azure portal home page, in the search box, enter virtual networks.

  • Select virtual networks under services.

  • Select the guided-project-vnet network.
  • From the menu pane, select Tags. Note: Notice that now you can select an existing tag to apply or add a new tag. You can also select just the name or value and apply create something new in the other field.

For the Name select Department.
For the Value enter IT.
Select Apply.

Now both the VNet and VM have are organized.

6. Clean up

Remove delete locks

If you attempt to delete a resource with a delete lock, you’ll receive a warning that the operation failed due to a delete lock being in place. To avoid that, it’s important to clear delete locks from resources you intend to delete before issuing the delete command.

  1. Login to Microsoft Azure at https://portal.azure.com

  2. From the Azure portal home page, in the search box, enter virtual machines.

  3. Select virtual machines under services.

  4. Select the guided-project-vm virtual machine.

  5. If necessary, expand the Settings submenu.

  6. Select Locks.

  7. Select Delete on the line for the VM-delete-lock submenu

  1. On the pop-up window, select Delete to confirm deletion of the lock.

Once the delete lock is removed, you’ll be able to delete the VM. While this was the only delete lock required by the exercise, if you applied other delete locks during the exercise, remove them now. When you’re done, select Home to return to the Azure portal home page.

Delete the project resource group

A key benefit of using resource groups is the ability to rapidly delete all of the resources assigned to a resource group at once.

  • From the Azure portal home page, in the search box, enter Resource groups.
  • Select resource groups under services.
  • Select the guided-project-rg resource group.

  • Select Delete resource group.

  • Select Apply force delete…
  • Enter guided-project-rg in the confirmation box.
  • Select Delete.

  • On the Delete confirmation pop-up, select Delete.

It will approximately 5 minutes before the resource group is fully deleted. You’ll need to refresh the resource group page every few minutes until the guided-project-rg is gone to confirm complete deletion.

Important: Recall at the beginning of the Guided Project you checked for a NetworkWatcherRG resource group. If there WAS a NetworkWatcherRG when you started, then you’re finished. However, if the NetworkWatcherRG was created for the guided project, you’ll need to delete the NetworkWatcherRG as well following a nearly identical process.

If you don’t need to delete the NetworkWatcherRG, you can head back to Learn now and complete the module. If you need to delete the NetworkWatcherRG, continue on for instructions.

Delete the NetworkWatcherRG

If the NetworkWatcherRG existed prior to starting the guided project, do not delete it as part of the guided project clean up.

  • From the Azure portal home page, in the search box, enter Resource groups.
  • Select resource groups under services.

  • Select the NetworkWatcherRG resource group.
  • Select Delete resource group.
  • Enter NetworkWatcherRG in the confirmation box.
  • Select Delete.

  • On the Delete confirmation pop-up, select Delete.

You’ll need to refresh the resource group page every few minutes until the NetworkWatcherRG is gone to confirm complete deletion.

Top comments (0)