Establish And Set Up Network Security Groups (NSGs).
lotanna obianefo

lotanna obianefo @lotanna_obianefo

About: Hi, I'm Lotanna Obianefo. A cloud enthusiast with a background in cloud engineering and data analysis. I’m currently exploring the world of FinOps, where cloud strategy meets financial accountability

Location:
United Kingdom
Joined:
Mar 16, 2025

Establish And Set Up Network Security Groups (NSGs).

Publish Date: May 20
0 0

Network Security Groups (NSGs) are critical components in Azure for controlling and securing network traffic to resources within a virtual network. This technical paper details the procedures for establishing and configuring Network Security Groups (NSGs)

The frontend subnet hosts web servers accessible from the internet, necessitating an Application Security Group (ASG) for these servers. The ASG must be linked to the network interfaces of all virtual machines within the group to facilitate streamlined management of the web servers.

The backend subnet contains database servers utilized by the frontend web servers, requiring a Network Security Group (NSG) to regulate this traffic. The NSG should be associated with the network interfaces of virtual machines accessed by the web servers.

For testing purposes, we will deploy a virtual machine in the frontend subnet (VM1) and another in the backend subnet (VM2). The IT team has supplied an Azure Resource Manager template to provision these Ubuntu servers.

Establish the network infrastructure required for the deployment.

Launch a Cloud Shell session by clicking the icon in the top right corner, or directly access it via https://shell.azure.com.

If prompted to choose between Bash and PowerShell, opt for PowerShell. Storage is unnecessary for this task. Select your subscription and confirm the changes.

Execute the following commands to deploy the virtual machines needed for this exercise.

( $RGName = "RG1"

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json )

hgvgvfjgffg

In the portal search for and select virtual machines. Verify both vm1 and vm2 are Running

jvgfdeseh

Create Application Security Group

Within the portal, locate and select Application security groups via the search function. Click + Create and proceed to configure the application security group. You are creating the application security group in the same region as the existing virtual network.

Resource group==>RG1
Name==>app-frontend-asg
Region==>East US

skkgfoe
lkfdkvosgag
lkjsajda
hgyfeseh

Link the Application Security Group to the network interface of the virtual machine.

Connect the Application Security Group to the virtual machine's network interface.
In the Azure portal, locate and select VM1 using the search functionality. Navigate to the Networking blade, access Application security groups, and click Add application security groups. Choose app-frontend-asg and confirm by selecting Add.

jgdxdf
judsiuHDUA
JVCJSDSF
KFZOIJIAJI

Establish and Link the Network Security Group.

Network Security Groups (NSGs) safeguard network traffic within a virtual network. In the portal, use the search function to locate and select Network security group. Click + Create to establish and configure the Network Security Group and input this specific values.

Resource group==>RG1
Name==>app-vnet-nsg
Region==>East US

Select Review + create and then select Create.

jxzhjbhc
HGTFRDSESJ
jfdygtf

Associate the NSG with the app-vnet backend subnet.

Network Security Groups (NSGs) can be linked to subnets and/or specific network interfaces connected to Azure virtual machines.

Click Go to resource or navigate directly to the app-vnet-nsg resource. In the Settings blade, access Subnets. Click + Associate, then choose app-vnet (RG1) followed by the Backend subnet, and confirm by selecting OK.

ijhygrd
ijhyguy
ihygrdedt

Create Network Security Group rules
A Network Security Group (NSG) employs security rules to regulate inbound and outbound network traffic.

In the portal's top search bar, type "Network security groups" and select Network security groups from the results. Choose app-vnet-nsg from the available list of Network Security Groups. Navigate to the Settings blade and select Inbound security rules. Click + Add to create and configure a new inbound security rule by inputting these values.

Source==>Any
Source port ranges==>*
Destination==>Application Security group
Destination application security group==>app-frontend-asg
Service==>SSH
Action==>Allow
Priority==>100
Name==>AllowSSH

hdesdef

fdrrd5yn
jhyfrdy
lkhyft
Ifdrde
oiuttr5

In general, Application Security Groups (ASGs) facilitate the organization of virtual machines and the application-specific definition of network security policies. An Azure Network Security Group (NSG) filters traffic between Azure resources within a Virtual Network, with each subnet or network interface assignable to zero or one NSG. NSGs contain rules to allow or deny inbound and outbound traffic to Azure resources. Virtual machines are joined to ASGs, which are then specified as sources or destinations in NSG rules for targeted traffic management.

Comments 0 total

    Add comment