SlideShare uma empresa Scribd logo

Azure powershell management

C
Christian Toinard

This is the second part of the course about Azure Cloud Security. Mainly, how to use powershell to create an infrastructure with a consistent firewalling.

Engenharia
1 de 19
Baixar para ler offline
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Azure powershell management Professor Christian Toinard [The screens of experiment are copyrighted from the author of this presentation] [For further documentation please visit the Microsoft Azure Web Site]
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Usage of AzureRM Azure RM is a set of powershell commands enabling to manage a Cloud infrastructure and services. It includes cmdlets for managing and automating administration, supervision and security of an Azure Information System. https://docs.microsoft.com/en-us/powershell/module/?view=azurermps- 6.13.0
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Installation of AzureRM
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Creation of a VM
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Looking for the listening ports inside the VM
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Allowing port 80 to the Security Group
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Viewing the added rule through the portal
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Adding an IIS service inside the VM
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the IIS service from outside Azure
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security A more complete infrastructure through powershell https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security https://docs.microsoft.com/en-us/azure/firewall/scripts/sample-create-firewall-test #ResourceGroup name and location $RG="AzfwSampleScriptEastUS" $Location="East US" #User credentials for JumpBox and Server VMs $securePassword = ConvertTo-SecureString 'P@$$W0rd010203' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ("AzfwUser", $securePassword) #Create new RG New-AzureRmResourceGroup -Name $RG -Location $Location #Create Vnet $VnetName=$RG+"Vnet" New-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName -AddressPrefix 192.168.0.0/16 -Location $Location #Configure subnets $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName Add-AzureRmVirtualNetworkSubnetConfig -Name AzureFirewallSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.1.0/24 Add-AzureRmVirtualNetworkSubnetConfig -Name JumpBoxSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.0.0/24 Add-AzureRmVirtualNetworkSubnetConfig -Name ServersSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.2.0/24 Set-AzureRmVirtualNetwork -VirtualNetwork $vnet #create Public IP for jumpbox and LB $LBPipName = $RG + "PublicIP" $LBPip = New-AzureRmPublicIpAddress -Name $LBPipName -ResourceGroupName $RG -Location $Location -AllocationMethod Static -Sku Standard $JumpBoxpip = New-AzureRmPublicIpAddress -Name "JumpHostPublicIP" -ResourceGroupName $RG -Location $Location - AllocationMethod Static -Sku Basic # Create an inbound network security group rule for port 3389 $nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleSSH -Protocol Tcp -Direction Inbound - Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow # Create a network security group $NsgName = $RG+"NSG" $nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RG -Location $Location -Name $NsgName -SecurityRules $nsgRuleRDP #Create jumpbox $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName $JumpBoxSubnetId = $vnet.Subnets[1].Id # Create a virtual network card and associate with jumpbox public IP address $JumpBoxNic = New-AzureRmNetworkInterface -Name JumpBoxNic -ResourceGroupName $RG -Location $Location -SubnetId $JumpBoxSubnetId -PublicIpAddressId $JumpBoxpip.Id -NetworkSecurityGroupId $nsg.Id $JumpBoxConfig = New-AzureRmVMConfig -VMName JumpBox -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows - ComputerName JumpBox -Credential $cred | Set-AzureRmVMSourceImage -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2012-R2-Datacenter" -Version latest | Add-AzureRmVMNetworkInterface -Id $JumpBoxNic.Id New-AzureRmVM -ResourceGroupName $RG -Location $Location -VM $JumpBoxConfig #Create Server VM $ServersSubnetId = $vnet.Subnets[2].Id $ServerVmNic = New-AzureRmNetworkInterface -Name ServerVmNic -ResourceGroupName $RG -Location $Location -SubnetId $ServersSubnetId $ServerVmConfig = New-AzureRmVMConfig -VMName ServerVm -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName ServerVm -Credential $cred | Set-AzureRmVMSourceImage -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2012-R2-Datacenter" -Version latest | Add-AzureRmVMNetworkInterface -Id $ServerVmNic.Id New-AzureRmVM -ResourceGroupName $RG -Location $Location -VM $ServerVmConfig #Create AZFW $GatewayName = $RG + "Azfw" $Azfw = New-AzureRmFirewall -Name $GatewayName -ResourceGroupName $RG -Location $Location -VirtualNetworkName $vnet.Name - PublicIpName $LBPip.Name #Add a rule to allow *microsoft.com $Azfw = Get-AzureRmFirewall -ResourceGroupName $RG $Rule = New-AzureRmFirewallApplicationRule -Name R1 -Protocol "http:80","https:443" -TargetFqdn "*microsoft.com" $RuleCollection = New-AzureRmFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $Rule -ActionType "Allow" $Azfw.ApplicationRuleCollections = $RuleCollection Set-AzureRmFirewall -AzureFirewall $Azfw
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security #Create UDR rule $Azfw = Get-AzureRmFirewall -ResourceGroupName $RG $AzfwRouteName = $RG + "AzfwRoute" $AzfwRouteTableName = $RG + "AzfwRouteTable" $IlbCA = $Azfw.IpConfigurations[0].PrivateIPAddress $AzfwRoute = New-AzureRmRouteConfig -Name $AzfwRouteName -AddressPrefix 0.0.0.0/0 -NextHopType VirtualAppliance - NextHopIpAddress $IlbCA $AzfwRouteTable = New-AzureRmRouteTable -Name $AzfwRouteTableName -ResourceGroupName $RG -location $Location -Route $AzfwRoute #associate to Servers Subnet $vnet.Subnets[2].RouteTable = $AzfwRouteTable Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the Internet access from the Jump host
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the firewall inside the Workload server
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Destroy the resource group
© Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security

Recomendados

Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguideAdarsh Patil
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
Docker For Azure Deployment Walkthrough
Docker For Azure Deployment WalkthroughDocker For Azure Deployment Walkthrough
Docker For Azure Deployment WalkthroughTimothy Wong
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Azure Expert Leading Camp UA - 2015
Azure Expert Leading Camp UA - 2015Azure Expert Leading Camp UA - 2015
Azure Expert Leading Camp UA - 2015Oleg Chorny
 
How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server Masahiro Nagano
 

Recomendados

Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguideAdarsh Patil
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
 
How to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieHow to scheduled jobs in a cloudera cluster without oozie
How to scheduled jobs in a cloudera cluster without oozieTiago Simões
 
Docker For Azure Deployment Walkthrough
Docker For Azure Deployment WalkthroughDocker For Azure Deployment Walkthrough
Docker For Azure Deployment WalkthroughTimothy Wong
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Azure Expert Leading Camp UA - 2015
Azure Expert Leading Camp UA - 2015Azure Expert Leading Camp UA - 2015
Azure Expert Leading Camp UA - 2015Oleg Chorny
 
How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server How to build a High Performance PSGI/Plack Server
How to build a High Performance PSGI/Plack Server Masahiro Nagano
 
Introducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNewsIntroducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNewsNobutoshi Ogata
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Naseem Khoodoruth
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Deploying to azure web sites
Deploying to azure web sitesDeploying to azure web sites
Deploying to azure web sitesGiant Penguin
 
Terraforming RDS
Terraforming RDSTerraforming RDS
Terraforming RDSMuffy Barkocy
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...IT Tech
 
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLHands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLAmazon Web Services
 
AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)正貴 小川
 
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会Miki Takata
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 
Moby and kubernetes entitlements
Moby and kubernetes entitlementsMoby and kubernetes entitlements
Moby and kubernetes entitlementsMoby Project
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesMichał Czeraszkiewicz
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)Wesley Beary
 
Enrique lima azure-it-pro-ps
Enrique lima azure-it-pro-psEnrique lima azure-it-pro-ps
Enrique lima azure-it-pro-psEnrique Lima
 
Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...OW2
 
Taking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) FamilyTaking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) FamilyBen Hall
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 
Hadoop on ec2
Hadoop on ec2Hadoop on ec2
Hadoop on ec2Mark Kerzner
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersSematext Group, Inc.
 
Itb session v_memcached
Itb session v_memcachedItb session v_memcached
Itb session v_memcachedSkills Matter
 
Deploying SharePoint @ Cloud
Deploying SharePoint @ CloudDeploying SharePoint @ Cloud
Deploying SharePoint @ CloudJuan Andrés Valenzuela
 
Provisioning in Microsoft Azure
Provisioning in Microsoft AzureProvisioning in Microsoft Azure
Provisioning in Microsoft Azureilagin
 

Mais conteúdo relacionado

Mais procurados

Introducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNewsIntroducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNewsNobutoshi Ogata
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Naseem Khoodoruth
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformHector Iribarne
 
Deploying to azure web sites
Deploying to azure web sitesDeploying to azure web sites
Deploying to azure web sitesGiant Penguin
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...IT Tech
 
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLHands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLAmazon Web Services
 
AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)正貴 小川
 
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会Miki Takata
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2IMC Institute
 
Moby and kubernetes entitlements
Moby and kubernetes entitlementsMoby and kubernetes entitlements
Moby and kubernetes entitlementsMoby Project
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)Wesley Beary
 
Enrique lima azure-it-pro-ps
Enrique lima azure-it-pro-psEnrique lima azure-it-pro-ps
Enrique lima azure-it-pro-psEnrique Lima
 
Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...OW2
 
Taking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) FamilyTaking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) FamilyBen Hall
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersSematext Group, Inc.
 
Itb session v_memcached
Itb session v_memcachedItb session v_memcached
Itb session v_memcachedSkills Matter
 

Mais procurados (20)

Introducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNewsIntroducing in-house PaaS in SmartNews
Introducing in-house PaaS in SmartNews
 
Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)Azure File Share and File Sync guide (Beginners Edition)
Azure File Share and File Sync guide (Beginners Edition)
 
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platformDrupal camp South Florida 2011 - Introduction to the Aegir hosting platform
Drupal camp South Florida 2011 - Introduction to the Aegir hosting platform
 
Deploying to azure web sites
Deploying to azure web sitesDeploying to azure web sites
Deploying to azure web sites
 
Terraforming RDS
Terraforming RDSTerraforming RDS
Terraforming RDS
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
 
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLHands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
 
AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)AWSをテラフォーミングする会(Terraformハンズオン)
AWSをテラフォーミングする会(Terraformハンズオン)
 
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
2011/1/27 Amazon Route53 使ってみた@第1回クラウド女子会
 
Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2Set up Hadoop Cluster on Amazon EC2
Set up Hadoop Cluster on Amazon EC2
 
Moby and kubernetes entitlements
Moby and kubernetes entitlementsMoby and kubernetes entitlements
Moby and kubernetes entitlements
 
HashiCorp's Vault - The Examples
HashiCorp's Vault - The ExamplesHashiCorp's Vault - The Examples
HashiCorp's Vault - The Examples
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
 
Enrique lima azure-it-pro-ps
Enrique lima azure-it-pro-psEnrique lima azure-it-pro-ps
Enrique lima azure-it-pro-ps
 
Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...Industrializing the creation of machine images and Docker containers for clou...
Industrializing the creation of machine images and Docker containers for clou...
 
Taking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) FamilyTaking advantage of the Amazon Web Services (AWS) Family
Taking advantage of the Amazon Web Services (AWS) Family
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
 
Hadoop on ec2
Hadoop on ec2Hadoop on ec2
Hadoop on ec2
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
 
Itb session v_memcached
Itb session v_memcachedItb session v_memcached
Itb session v_memcached
 

Semelhante a Azure powershell management

Provisioning in Microsoft Azure
Provisioning in Microsoft AzureProvisioning in Microsoft Azure
Provisioning in Microsoft Azureilagin
 
Charla - SharePoint en la Nube (17Jul2013)
Charla - SharePoint en la Nube (17Jul2013)Charla - SharePoint en la Nube (17Jul2013)
Charla - SharePoint en la Nube (17Jul2013)Juan Andrés Valenzuela
 
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...Windows Developer
 
Automating Windows Azure
Automating Windows AzureAutomating Windows Azure
Automating Windows AzureIdo Flatow
 
Dive into DevOps | March, Building with Terraform, Volodymyr Tsap
Dive into DevOps | March, Building with Terraform, Volodymyr TsapDive into DevOps | March, Building with Terraform, Volodymyr Tsap
Dive into DevOps | March, Building with Terraform, Volodymyr TsapProvectus
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAlexander Feschenko
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersDevOps.com
 
Moving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupMoving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupGiulio Vian
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scaleShapeBlue
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environmentsShapeBlue
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...MUG-Lyon Microsoft User Group
 
Playing with php_on_azure
Playing with php_on_azurePlaying with php_on_azure
Playing with php_on_azureCEDRIC DERUE
 
Software Defined Datacenter
Software Defined DatacenterSoftware Defined Datacenter
Software Defined DatacenterNETWAYS
 
How to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSHow to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSDenis Gundarev
 
Ansible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration ManagementAnsible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration ManagementShapeBlue
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayPlain Concepts
 

Semelhante a Azure powershell management (20)

Deploying SharePoint @ Cloud
Deploying SharePoint @ CloudDeploying SharePoint @ Cloud
Deploying SharePoint @ Cloud
 
Provisioning in Microsoft Azure
Provisioning in Microsoft AzureProvisioning in Microsoft Azure
Provisioning in Microsoft Azure
 
Charla - SharePoint en la Nube (17Jul2013)
Charla - SharePoint en la Nube (17Jul2013)Charla - SharePoint en la Nube (17Jul2013)
Charla - SharePoint en la Nube (17Jul2013)
 
Azure Powershell Tips
Azure Powershell TipsAzure Powershell Tips
Azure Powershell Tips
 
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...
Build 2017 - P4168 - Managing Secure, Scalable, Azure Service Fabric Clusters...
 
Automating Windows Azure
Automating Windows AzureAutomating Windows Azure
Automating Windows Azure
 
Dive into DevOps | March, Building with Terraform, Volodymyr Tsap
Dive into DevOps | March, Building with Terraform, Volodymyr TsapDive into DevOps | March, Building with Terraform, Volodymyr Tsap
Dive into DevOps | March, Building with Terraform, Volodymyr Tsap
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
 
Moving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway MeetupMoving a Windows environment to the cloud - DevOps Galway Meetup
Moving a Windows environment to the cloud - DevOps Galway Meetup
 
Building cloud stack at scale
Building cloud stack at scaleBuilding cloud stack at scale
Building cloud stack at scale
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
 
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
Global Windows Azure Bootcamp : Cedric Derue playing with php on azure. (spon...
 
Playing with php_on_azure
Playing with php_on_azurePlaying with php_on_azure
Playing with php_on_azure
 
Software Defined Datacenter
Software Defined DatacenterSoftware Defined Datacenter
Software Defined Datacenter
 
How to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWSHow to build a Citrix infrastructure on AWS
How to build a Citrix infrastructure on AWS
 
Ansible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration ManagementAnsible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration Management
 
UK Azure Users Group
UK Azure Users Group UK Azure Users Group
UK Azure Users Group
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps dayAprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
 
Monkey man
Monkey manMonkey man
Monkey man
 

Último

OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 

Último (20)

DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 

Azure powershell management

  • 1. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Azure powershell management Professor Christian Toinard [The screens of experiment are copyrighted from the author of this presentation] [For further documentation please visit the Microsoft Azure Web Site]
  • 2. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Usage of AzureRM Azure RM is a set of powershell commands enabling to manage a Cloud infrastructure and services. It includes cmdlets for managing and automating administration, supervision and security of an Azure Information System. https://docs.microsoft.com/en-us/powershell/module/?view=azurermps- 6.13.0
  • 3. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Installation of AzureRM
  • 4. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Creation of a VM
  • 5. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Looking for the listening ports inside the VM
  • 6. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Allowing port 80 to the Security Group
  • 7. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Viewing the added rule through the portal
  • 8. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Adding an IIS service inside the VM
  • 9. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the IIS service from outside Azure
  • 10. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security A more complete infrastructure through powershell https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
  • 11. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security https://docs.microsoft.com/en-us/azure/firewall/scripts/sample-create-firewall-test #ResourceGroup name and location $RG="AzfwSampleScriptEastUS" $Location="East US" #User credentials for JumpBox and Server VMs $securePassword = ConvertTo-SecureString 'P@$$W0rd010203' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ("AzfwUser", $securePassword) #Create new RG New-AzureRmResourceGroup -Name $RG -Location $Location #Create Vnet $VnetName=$RG+"Vnet" New-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName -AddressPrefix 192.168.0.0/16 -Location $Location #Configure subnets $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName Add-AzureRmVirtualNetworkSubnetConfig -Name AzureFirewallSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.1.0/24 Add-AzureRmVirtualNetworkSubnetConfig -Name JumpBoxSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.0.0/24 Add-AzureRmVirtualNetworkSubnetConfig -Name ServersSubnet -VirtualNetwork $vnet -AddressPrefix 192.168.2.0/24 Set-AzureRmVirtualNetwork -VirtualNetwork $vnet #create Public IP for jumpbox and LB $LBPipName = $RG + "PublicIP" $LBPip = New-AzureRmPublicIpAddress -Name $LBPipName -ResourceGroupName $RG -Location $Location -AllocationMethod Static -Sku Standard $JumpBoxpip = New-AzureRmPublicIpAddress -Name "JumpHostPublicIP" -ResourceGroupName $RG -Location $Location - AllocationMethod Static -Sku Basic # Create an inbound network security group rule for port 3389 $nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleSSH -Protocol Tcp -Direction Inbound - Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow # Create a network security group $NsgName = $RG+"NSG" $nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RG -Location $Location -Name $NsgName -SecurityRules $nsgRuleRDP #Create jumpbox $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VnetName $JumpBoxSubnetId = $vnet.Subnets[1].Id # Create a virtual network card and associate with jumpbox public IP address $JumpBoxNic = New-AzureRmNetworkInterface -Name JumpBoxNic -ResourceGroupName $RG -Location $Location -SubnetId $JumpBoxSubnetId -PublicIpAddressId $JumpBoxpip.Id -NetworkSecurityGroupId $nsg.Id $JumpBoxConfig = New-AzureRmVMConfig -VMName JumpBox -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows - ComputerName JumpBox -Credential $cred | Set-AzureRmVMSourceImage -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2012-R2-Datacenter" -Version latest | Add-AzureRmVMNetworkInterface -Id $JumpBoxNic.Id New-AzureRmVM -ResourceGroupName $RG -Location $Location -VM $JumpBoxConfig #Create Server VM $ServersSubnetId = $vnet.Subnets[2].Id $ServerVmNic = New-AzureRmNetworkInterface -Name ServerVmNic -ResourceGroupName $RG -Location $Location -SubnetId $ServersSubnetId $ServerVmConfig = New-AzureRmVMConfig -VMName ServerVm -VMSize Standard_DS1_v2 | Set-AzureRmVMOperatingSystem -Windows -ComputerName ServerVm -Credential $cred | Set-AzureRmVMSourceImage -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2012-R2-Datacenter" -Version latest | Add-AzureRmVMNetworkInterface -Id $ServerVmNic.Id New-AzureRmVM -ResourceGroupName $RG -Location $Location -VM $ServerVmConfig #Create AZFW $GatewayName = $RG + "Azfw" $Azfw = New-AzureRmFirewall -Name $GatewayName -ResourceGroupName $RG -Location $Location -VirtualNetworkName $vnet.Name - PublicIpName $LBPip.Name #Add a rule to allow *microsoft.com $Azfw = Get-AzureRmFirewall -ResourceGroupName $RG $Rule = New-AzureRmFirewallApplicationRule -Name R1 -Protocol "http:80","https:443" -TargetFqdn "*microsoft.com" $RuleCollection = New-AzureRmFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $Rule -ActionType "Allow" $Azfw.ApplicationRuleCollections = $RuleCollection Set-AzureRmFirewall -AzureFirewall $Azfw
  • 12. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security #Create UDR rule $Azfw = Get-AzureRmFirewall -ResourceGroupName $RG $AzfwRouteName = $RG + "AzfwRoute" $AzfwRouteTableName = $RG + "AzfwRouteTable" $IlbCA = $Azfw.IpConfigurations[0].PrivateIPAddress $AzfwRoute = New-AzureRmRouteConfig -Name $AzfwRouteName -AddressPrefix 0.0.0.0/0 -NextHopType VirtualAppliance - NextHopIpAddress $IlbCA $AzfwRouteTable = New-AzureRmRouteTable -Name $AzfwRouteTableName -ResourceGroupName $RG -location $Location -Route $AzfwRoute #associate to Servers Subnet $vnet.Subnets[2].RouteTable = $AzfwRouteTable Set-AzureRmVirtualNetwork -VirtualNetwork $vnet
  • 13. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
  • 14. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the Internet access from the Jump host
  • 15. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Testing the firewall inside the Workload server
  • 16. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
  • 17. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security
  • 18. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security Destroy the resource group
  • 19. © Christian Toinard Cloud Security 4AS Option INSA CVL Engineering school in Computer security