Azure Management Task 2: Updating the Virtual Network

Introduction

In the previous task, we prepared the Azure environment by creating the core resources required for this guided project, including a resource group, virtual network, virtual machine, and storage account in Microsoft Azure.

With the environment ready, the next step is to update the network configuration. Proper network segmentation is important when managing cloud infrastructure because it allows administrators to control traffic flow, apply security policies, and isolate workloads.

In this task, we will create a new subnet and configure network security settings that will later support the deployment of an FTP server.

Scenario

You are assisting an Azure administrator with maintaining cloud resources. While you are not responsible for managing the entire infrastructure, the administrator may assign you specific operational tasks.

Currently, there is an existing Linux virtual machine that is underutilized, and a new Linux machine needs to be deployed to function as an FTP server. To properly monitor network flow and resource usage for this server, the administrator has requested the creation of a new subnet within the existing virtual network.

The current subnet must remain unchanged because there are plans to deploy additional virtual machines in it later. Therefore, a separate subnet will be provisioned specifically for the FTP server.

STEPS
1. Create a new subnet on an existing virtual network (vNet)

• Login to Microsoft Azure at https://portal.azure.com/auth/login

• From the Azure portal home page, search for and select virtual networks.

• Select the guided-project-vnet virtual network.

• Under Settings, select Subnets and click + Subnet.

• Leave Subnet purpose as Default.

• Enter a name for the subnet. Example:
  

ftpSubnet

• Keep the remaining settings as default and select Add.

2. Create a network security group

• From the Azure portal, search for and select virtual networks.

• Select Network security groups, then select + create.

• Confirm the subscription.

• Select the previously created resource group:
  

guided-project-rg

• Enter a name for the network security group:

ftpNSG

• Select Review + create, then create.

• Once deployment is complete, select Go to resource.

3. Create an inbound security rule
Within the Network Security Group:

• Navigate to Inbound security rules.

• Select + Add.

• Change the Destination port ranges from 8080 to:
  

22

• Select Protocol to TCP.

• Provide a name, for example:
  

ftpInbound

• Select Add.

3. Associate the Network Security Group with the subnet

• From the Azure portal home page, search for and select virtual networks.

• Select guided-project-vnet.

• Under settings, select Subnets.

• Choose the newly created subnet ftpSubnet.

• In the Security section, select the Network security group:
  

ftpNSG

• Select save.

Conclusion

In this exercise, we updated the virtual network by creating a new subnet and configuring a network security group to control inbound traffic. Segmenting the network in this way allows administrators to isolate workloads and apply security policies specific to different services.

By associating the network security group with the newly created subnet, we ensured that only approved traffic can reach resources deployed within that network segment.

In the next task, we will focus on managing virtual machines, including modifying configurations and preparing the infrastructure for additional workloads.