Lab 2

20533 - Module 2, Lab Answer Keys
Classic Portal showing a Gateway
How to activate point-to-site
Lab A: Creating Virtual Networks

Scenario
A. Datum has two large office buildings in different regions an HQ and a main branch
office. In order to serve these locations rapidly, you plan to have separate Azure virtual
networks in the two regions that match the office locations. Your Azure architects have
provided a script that creates a virtual machine in each virtual network. You have been
asked to create the planning virtual networks and use the scripts to populate them.
Exercise 1: Creating the Virtual Network
Task 1: Connect to Windows Azure with Windows Azure PowerShell
1.
Ensure that you are logged on to 20533B-MIA-CL1 as Student with the password Pa$$w0rd.
On the task bar, right-click Microsoft Azure PowerShell and click Run ISE as
Administrator. Click Yes when prompted.
2. In the Windows PowerShell ISE, in the command prompt pane, enter the following command
and then press Enter to add an Azure account to the local PowerShell environment:
Add-AzureAccount
When prompted, sign in using the Microsoft account associated with your Azure subscription.
3. In the Windows PowerShell ISE, click File and then click Open.
4. In the Open dialog, browse to D:\Labfiles\Lab02\Starter\.
5. Click ExampleCommands.ps1 and then click Open.
6. If the Script pane is not visible, on the View menu, click Show Script Pane.
and press Enter:
Get-AzureSubscription
8. In the Windows PowerShell ISE, in the command prompt pane, select the subscription name,
then right-click, and click Copy.
In the Windows PowerShell ISE, in the Script pane, paste the subscription name.
and press Enter:
Update-help
to clear the screen and press Enter:
cls
11. Leave the Windows PowerShell ISE window open.

12. In the Windows PowerShell ISE, in the Script pane, type your Location 1 and Location 2
details into ExampleCommands.ps1.
13. In the Windows PowerShell ISE, click File, and then click Save.
Note: For Location 1 and Location 2 use two Azure regions close to your physical
location. Your instructor will provide this information.
Task 2: Create Virtual Networks in the Management Portal and in PowerShell
1.
In the Windows Taskbar, click Internet Explorer.
In Internet Explorer, browse to the full Azure Management Portal at

https://manage.windowsazure.com, and sign in using the Microsoft account that is
associated with your Microsoft Azure subscription.
2. Click the NETWORKS node.
3. In the lower left-hand corner of the screen, click New.
4. In the navigation pane, click Network Services, click Virtual Network, and then click
Custom Create.
5. In the Virtual Network Details dialog box, in the NAME field, enter ADATUM-HQ-VNET.
6. Under LOCATION, select your Location 1, then click the right arrow.
7. In the DNS Servers and VPN Connectivity page, under DNS SERVERS, in the NAME box,
type ADATUM-DNS, in the IP ADDRESS box, type 10.0.1.4, and click the right arrow.
8. In the Virtual Network Address Spaces page, in the ADDRESS SPACE section, change
the STARTING IP to 10.0.1.0, and under CIDR (ADDRESS COUNT) select /24 (256).
9. In the Virtual Network Address Spaces page, in the SUBNETS section, ensure that the
STARTING IP is 10.0.1.0, and under CIDR (ADDRESS COUNT) select /25 (128); if you cannot
view the CIDR list, delete the 10.0.1.0 under STARTING IP, then type 10.0.1.0 again.
10. Note the Usable address range.
11. Click the check mark on the bottom right of the dialog box.
12. You have now set up a virtual network in Microsoft Azure.
13. On the bottom of the networks page, click the EXPORT button.
14. In the Export network configuration dialog box, ensure your subscription is selected, and
click the checkmark.
15. On the pop-up box, click Save, then click Save as.
16. Save the NetworkConfig.xml file to the desktop on your computer.
17. On the Windows Taskbar, click File Explorer and navigate to the desktop.
18. Right-click NetworkConfig.xml and click Edit.
19. Copy everything between <VirtualNetworkSites> and </VirtualNetworkSites>.
20. Paste the copied text just before </VirtualNetworkSites>; you should now have two identical
VirtualNetworkSite sections in the XML file.
21. Make the following changes to the second VirtualNetworkSite section in the XML file file:
a. <VirtualNetworkSite name="ADATUM-BRANCH-VNET" Location="Your Location 2">
b. Under <AddressSpace>, <AddressPrefix>10.0.2.0/24
c. Under <Subnet name=Subnet-1>, <AddressPrefix>10.0.2.0/25
d. Do not change any other text
22. On the File menu, click Save.
Close Notepad
23. Switch to the Windows PowerShell ISE.

and press Enter:.
Set-AzureVNetConfig C:\path\NetworkConfig.xml
Replace path with the path to your desktop.
25.
26.
27.
28.
29.
Note the OperationStatus value of Succeeded.

Switch to Internet Explorer.
On the networks page, click Refresh.
Next to ADATUM-BRANCH-VNET, click the arrow.
On the adatum-branch-vnet page, click CONFIGURE.
Note the settings under virtual network address spaces.

Task 3: Populate the Virtual Network
1. Switch to the Windows PowerShell ISE.

and press Enter:
CD D:\Labfiles\Lab02\Starter
and press Enter:
.\CreateVirtualMachines1.ps1
Important: The command starts with dot backslash.

4. When prompted for your primary Azure region, enter the number of your Location 1, and
press Enter.
5. The script may take 20 - 25 minutes to complete; when the script has completed, verify that
the following information is displayed:
Name: AdatumWestSvr1
IPAddress: 10.0.1.4
InstanceStatus: ReadyRole
PowerState: Started
6. Close the Windows PowerShell ISE. Important: do not run the second script in the same
instance of PowerShell.
7. On the task bar, right-click Microsoft Azure PowerShell and click Run ISE as
Administrator. Click Yes when prompted.
and press Enter:
CD D:\Labfiles\Lab02\Starter
and press Enter:
.\CreateVirtualMachines2.ps1
Important: The command starts with dot backslash

10. When prompted for your secondary Azure region, enter the number of your Location 2, and
press Enter.
11. The script may take 10 - 15 minutes to complete; when the script has completed, verify that
the following information is displayed:
Name: AdatumEastSvr1
IPAddress: 10.0.2.4
InstanceStatus: ReadyRole
PowerState: Started
12. Do not proceed to the next exercise until the script operation is complete.
Lab B: Connecting Virtual Networks

Scenario
You have been asked to implement connectivity to the two A. Datum virtual networks you
created earlier. You want to use a VNet-to-VNet VPN to connect the VNets. You also want to
implement a point-to-site VPN so that you can connect from your administrative computer.
Exercise 1: Connecting the Virtual Networks
Task 1: Create a Virtual Network Gateway
1. Switch to Internet Explorer.

2. On the adatum-branch-vnet page, click the large left arrow.
3. On the networks page, click LOCAL NETWORKS.
4. Click ADD A LOCAL NETWORK.
5. On the Specify your local network details page, in the NAME box, type ADATUM-HQLOCALNET, and in the VPN DEVICE IP ADDRESS box, type 1.1.1.1 (as a temporary
placeholder address), and then click the right arrow.
6. On the Specify the address space page, under STARTING IP type 10.0.1.0, and under
CIDR (ADDRESS COUNT) select /24 (256).
8. At the bottom right of the page, click + NEW, and then click ADD LOCAL NETWORK.
9. On the Specify your local network details page, in the NAME box, type ADATUMBRANCH-LOCALNET, and in the VPN DEVICE IP ADDRESS box, type 2.2.2.2 (as a temporary
placeholder address), and then click the right arrow.
10. On the Specify the address space page, under STARTING IP type 10.0.2.0, and under
CIDR (ADDRESS COUNT) select /24 (256).
12. On the networks page, click VIRTUAL NETWORKS.
13. On the networks page, next to ADATUM-HQ-VNET, click the arrow.
14. On the adatum-hq-vnet page, click CONFIGURE.
15. On the adatum-hq-vnet page, select the Connect to the local network check box.
16. In the LOCAL NETWORK box, select ADATUM-BRANCH-LOCALNET.
17. Click add gateway subnet.
18. At the bottom of the page, click SAVE.
19. At the warning message, click YES.
20. On the adatum-hq-vnet page, click the large left arrow.
21. Repeat steps 13 to 19, to configure ADATUM-BRANCH-VNET to connect to ADATUM-HQLOCALNET; note that if a gateway subnet already exists, you cannot create another one.
24. On the adatum-hq-vnet page, click DASHBOARD; note that the page shows that a
gateway has not yet been created.
25. At the bottom of the page, click CREATE GATEWAY, and then click Dynamic Routing.
26. At the Do you want to create a gateway message, click YES.

28. Repeat steps 23 to 26, to create a dynamic routing gateway for ADATUM-BRANCH-VNET.
29. Note that it will take 20-25 minutes for the gateways to be created; do not proceed until
gateway creation is complete.
Task 2: Connect the Virtual Networks

3. On the adatum-hq-vnet page, click DASHBOARD; note that the page now shows that a
gateway has been created, but is not yet connected.
4. Make a note of the GATEWAY IP ADDRESS:
_______________________________________
5. Repeat steps 2 to 4 above, and note the GATEWAY IP ADDRESS for ADATUM-BRANCHVNET:
_______________________________________

8. Click ADATUM-HQ-LOCALNET, and at the bottom of the page, click EDIT.
9. On the Specify your local network details page, in the VPN DEVICE IP ADDRESS box,
type the gateway IP address for ADATUM-HQ-VNET that you noted in step 4 above, and then
click the right arrow.
10. On the Specify the address space page, click the check mark on the bottom right of the
dialog box.
12. Click ADATUM-BRANCH-LOCALNET, and at the bottom of the page, click EDIT.
13. On the Specify your local network details page, in the VPN DEVICE IP ADDRESS box,
type the gateway IP address for ADATUM-BRANCH-VNET that you noted in step 5 above, and
then click the right arrow.
14. On the Specify the address space page, click the check mark on the bottom right of the
dialog box.
15. Switch to Windows PowerShell ISE.
16. At the Windows PowerShell ISE prompt, type the following command, and press Enter:
Set-AzureVNetGatewayKey -VNetName ADATUM-HQ-VNET

-LocalNetworksiteName ADATUM-BRANCH-LOCALNET -sharedKey
abcdefgh1234
Set-AzureVNetGatewayKey -VNetName ADATUM-BRANCH-VNET

-LocalNetworksiteName ADATUM-HQ-LOCALNET -sharedKey abcdefgh1234
19. On the networks page, click VIRTUAL NETWORKS.
21. On the adatum-hq-vnet page, click DASHBOARD; note that the page now shows that a
gateway has been created, and connected; note that it may take several minutes for the
configuration to be updated in the portal.
23. On the networks page, next to ADATUM-BRANCH-VNET, click the arrow.
24. On the adatum-branch-vnet page, click DASHBOARD; note that the page now shows that
a gateway has also been created and connected for this virtual network; note that it may take
several minutes for the configuration to be updated in the portal.
25. Switch to Windows PowerShell ISE.
Get-AzureVNetConnection -VNetName ADATUM-HQ-VNET| ft

LocalNetworkSiteName, ConnectivityState
27. Verify that the ConnectivityState of ADATUM-BRANCH-LOCALNET shows as Connected.

Get-AzureVNetConnection -VNetName ADATUM-BRANCH-VNET| ft

LocalNetworkSiteName, ConnectivityState
29. Verify that the ConnectivityState of ADATUM-HQ-LOCALNET shows as Connected.
Exercise 2: Validating Virtual Network Connectivity

Task 1: Connect to A. Datum Virtual Machines
1. On the task bar, click File Explorer, and navigate to D:\Labfiles\Lab02\Starter.

2. Double-click AdatumWestSvr1.
3. If a Remote Desktop Connection warning message appears, select the Dont ask me again
for connections to this computer check box, and click Connect.
4. In the Windows Security dialog box, type the following credentials, and click OK:
User name: Student
Password: Pa$$w0rd123
5. If another Remote Desktop Message appears, select the Dont ask me again for
connections to this computer check box, and click Yes.
6. Minimize the AdatumWestSvr1 RDP session.
7. On the task bar, click File Explorer, and navigate to D:\Labfiles\Lab02\Starter.
8. Double-click AdatumEastSvr1.
9. If a Remote Desktop Connection warning message appears, select the Dont ask me again
for connections to this computer check box, and click Connect.
User name: Student
11. If another Remote Desktop Message appears, select the Dont ask me again for
connections to this computer check box, and click Yes.
12. Minimize the AdatumEastSvr1 RDP session.
Task 2: Testing TCP/IP Connectivity between Sites

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
Maximize the AdatumEastSvr1 RDP session.

On the Networks page, click No.
In Server Manager, click Local Server.
If the status of Windows Firewall shows as On for the Public profile, click Public:On.
In Windows Firewall, click Turn Windows Firewall on or of.
Under Public network settings, click Turn of Windows Firewall, and then click OK.
Close Windows Firewall.
Minimize the AdatumEastSvr1 RDP session.
Maximize the AdatumWestSvr1 RDP session.
On the Networks page, click No.
In Server Manager, click Local Server.
If the status of Windows Firewall shows as On for the Public profile, click Public:On.
In Windows Firewall, click Turn Windows Firewall on or of.
Under Public network settings, click Turn of Windows Firewall, and then click OK.
Close Windows Firewall.
In the AdatumWestSvr1 RDP session, on the task bar, click Windows PowerShell ISE.
At the Windows PowerShell ISE prompt, type the following command, and press Enter:
18.
19.
20.
21.
22.
Verify that AdatumEastSvr1 responds to ICMP messages.

Minimize the AdatumWestSvr1 RDP session.
On the task bar, click Windows PowerShell ISE.
Ping 10.0.2.4
Ping 10.0.1.4
23. Verify that AdatumWestSvr1 responds to ICMP messages.

24. Minimize the AdatumEastSvr1 RDP session.
Task 3: Testing Name Resolution

1.
2.
3.
Maximize the AdatumWestSvr1 RDP session.

Switch to the Windows PowerShell ISE window.
Test-NetConnection AdatumEastSvr1.adatum.msft
4. Verify that AdatumEastSvr1 responds to ICMP messages, and note the IP address that
responds:
_______________________________________
5.
6.
7.
8.
9.
Close the AdatumWestSvr1 RDP session.

In the Remote Desktop Connection dialog box, click OK.
Switch to the Windows PowerShell ISE window.
Test-NetConnection AdatumWestSvr1.adatum.msft
10. Verify that AdatumWestSvr1 responds to ICMP messages, and note the IP address that
responds:
_______________________________________
11. Close the AdatumEastSvr1 RDP session.

12. In the Remote Desktop Connection dialog box, click OK.
Exercise 3: Configuring a Point-to-Site VPN

Task 1: Configuring a VPN from Client to HQ Virtual Network
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Switch to Internet Explorer.

On the networks page, click VIRTUAL NETWORKS.
On the networks page, next to ADATUM-HQ-VNET, click the arrow.
On the adatum-hq-vnet page, click CONFIGURE.
Select the Configure point-to-site connectivity check box.
At the bottom of the page, click SAVE.
At the warning message, click Yes.
Press the Windows key, and then type Command.
Right-click Command Prompt, and then click Run as administrator.
In the User Account Control dialog box, click Yes.
At the Command Prompt, type the following command, and press Enter:
CD C:\Program Files (x86)\Windows Kits\8.1\bin\x64 [DC1]
12. At the Command Prompt, type the following command, and press Enter:
makecert -sk exchange -r -n "CN=AdatumRootCertificate" -pe -a sha1 -len

2048 -ss My "AdatumRootCertificate.cer"
14. On the adatum-hq-vnet page, click CERTIFICATES.
15. Click UPLOAD A ROOT CERTIFICATE.
16. In the Upload Certificate dialog box, click BROWSE FOR FILE.
17. In the Choose File to Upload dialog box, navigate to C:\Program Files (x86)\Windows
Kits\8.1\bin\x64[DC2] , select AdatumRootCertificate, and click Open.
18. In the Upload Certificate dialog box, click the check mark.
19. Switch to the Command Prompt.
20. At the Command Prompt, type the following command, and press Enter:
makecert.exe -n "CN=AdatumClientCertificate" -pe -sk exchange -m 96 -ss

My -in "AdatumRootCertificate" -is my -a sha1
22. Press ALT, then click Tools, and then click Internet Options.
23. In Internet Options, click the Content tab, and then click Certificates.
24. Verify that the AdatumClientCertificate and AdatumRootCertificate are shown in the
Personal store.
25. Close Certificates.
26. Close Internet Options.
Task 2: Connecting to the HQ Virtual Network
1. In Internet Explorer, on the adatum-hq-vnet page, click DASHBOARD.

2. In the quick glance section, click Download the 64-bit Client VPN Package.[DC3]
3. At the Do you want to run or save [file name].exe from
mdsbrketwprodsn1prod.blob.core.windows.net? warning, click Run.
4. At the [filename].exe is not commonly downloaded and could harm your computer
warning, click Actions.
5. At the SmartScreen Filter dialog box, click More Options, and then click Run anyway.
6. At the User Account Control dialog box, click Yes and then, at the adatum-hq-vnet dialog
box, click Yes.
7. Click Start, and then type Network.
8.
9.
10.
11.
12.
13.
Click Network and Sharing Center.

Click Change adapter settings.
Right-click ADATUM-HQ-VNET, then click Connect/Disconnect.
On the Networks page, click ADATUM-HQ-VNET, and then click Connect.
In the ADATUM-HQ-VNET dialog box, click Connect, and then click Continue..
Switch to the Command Prompt, and type the following command, and press Enter:
ipconfig /all
14. In the results, verify that there is a PPP adapter ADATUM-HQ-VNET section, and that you
have an assigned IP address and that the DNS server is set to 10.0.1.4 (AdatumWestSvr1).
15. Switch to File Explorer.
16. In File Explorer, in the Address box, type the following, and then press Enter:
\\adatumwestsvr1.adatum.msft\c$
User name: Student
18. Verify that you can browse files on AdatumWestSvr1 over the point-to-site VPN.
19. Switch to the Network Connections window.
20. Right-click ADATUM-HQ-VNET, and then click Connect/Disconnect.
21. In the Networks page, click the ADATUM-HQ-VNET VPN connection, and then click
Disconnect.
Task 3: Reset the Environment
1. Close all open applications without saving any files.

2. On the task bar, right-click Microsoft Azure PowerShell, and then click Run as
administrator. In the User Account Control dialog, click Yes.
3. Type the following command, and then press Enter:
Reset-Azure
4. When prompted, sign in using the Microsoft account associated with your Azure subscription.
Note: This script may remove Azure services in your subscription. It is therefore recommended
that you use an Azure trial pass that was provisioned specifically for this course, and not your
own Azure account.
The script will take 5-10 minutes to reset your Microsoft Azure environment, ready for the next
lab.
The script removes all storage, VMs, virtual networks and gateways, cloud services, and resource
groups.
Important: The script may not be able to get exclusive access to a storage account to delete it
(you will see an error, if this occurs). If you find objects remaining after the reset script is
complete, you can re-run Reset-Azure script, or use the full Azure Management Portal to
manually delete all the objects in your Azure subscription, with the exception of the default
directory.
[DC1]Path may change depending on version
[DC2]Path may change depending on version
[DC3]Check we are using a 64-bit client.
of VS we use
of VS we use

Lab 2

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Lab 2

Загружено:

Авторское право:

Доступные форматы

20533 - Module 2, Lab Answer Keys

Classic Portal showing a Gateway

How to activate point-to-site

Lab A: Creating Virtual Networks

11. Leave the Windows PowerShell ISE window open.

In the Windows Taskbar, click Internet Explorer.

In Internet Explorer, browse to the full Azure Management Portal at

23. Switch to the Windows PowerShell ISE.

Note the OperationStatus value of Succeeded.

Note the settings under virtual network address spaces.

1. Switch to the Windows PowerShell ISE.

Important: The command starts with dot backslash.

Important: The command starts with dot backslash

Lab B: Connecting Virtual Networks

1. Switch to Internet Explorer.

27. On the adatum-hq-vnet page, click the large left arrow.

Task 2: Connect the Virtual Networks

1. On the adatum-branch-vnet page, click the large left arrow.

6. On the adatum-branch-vnet page, click the large left arrow.

Set-AzureVNetGatewayKey -VNetName ADATUM-HQ-VNET

Set-AzureVNetGatewayKey -VNetName ADATUM-BRANCH-VNET

Get-AzureVNetConnection -VNetName ADATUM-HQ-VNET| ft

27. Verify that the ConnectivityState of ADATUM-BRANCH-LOCALNET shows as Connected.

Get-AzureVNetConnection -VNetName ADATUM-BRANCH-VNET| ft

29. Verify that the ConnectivityState of ADATUM-HQ-LOCALNET shows as Connected.

Exercise 2: Validating Virtual Network Connectivity

1. On the task bar, click File Explorer, and navigate to D:\Labfiles\Lab02\Starter.

Task 2: Testing TCP/IP Connectivity between Sites

Maximize the AdatumEastSvr1 RDP session.

Verify that AdatumEastSvr1 responds to ICMP messages.

23. Verify that AdatumWestSvr1 responds to ICMP messages.

Task 3: Testing Name Resolution

Maximize the AdatumWestSvr1 RDP session.

Close the AdatumWestSvr1 RDP session.

11. Close the AdatumEastSvr1 RDP session.

Exercise 3: Configuring a Point-to-Site VPN

Switch to Internet Explorer.

CD C:\Program Files (x86)\Windows Kits\8.1\bin\x64 [DC1]

makecert -sk exchange -r -n "CN=AdatumRootCertificate" -pe -a sha1 -len

makecert.exe -n "CN=AdatumClientCertificate" -pe -sk exchange -m 96 -ss

Task 2: Connecting to the HQ Virtual Network

1. In Internet Explorer, on the adatum-hq-vnet page, click DASHBOARD.

Click Network and Sharing Center.

Task 3: Reset the Environment

1. Close all open applications without saving any files.

Вам также может понравиться