Activity Overview: In this graded activity, students will utilize what they’ve learned in this course to evaluate a cloud-migration business case, with the intent to offer a viable Return on Investment (ROI) to the requesting organization.

Students will determine which cloud services best suit the pre-existing assets and services, then build a cost-estimate for 1 year of usage. Finally, students will summarize their findings with the intent to deliver them to high-level executives.

Utilize what you’ve learned about Cloud Services during this course to determine a good financial outcome for the business case below. Be creative, and think critically!

Activity Outcomes: After completing this activity students will be able to:

• Identify comparable cloud-services to on-premise assets
• Assess differences in network operational and capital expenditures
• Create a high-level Cost Analysis for Cloud-based services

Deliverable: Upload all requested deliverables below, as a .pdf export from the editor of your choosing.

Naming convention: “lastnamefirstinitial_Activity#” e.g: “smithp_A1.1.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

The Business Case: Holiday Emporium

Holiday Emporium is a seasonal distributor of Winter holiday promotional items (decorations, cards, costumes, etc.). They service nationally, and recently identified major flaws in their current financial model which include IT expenditures.

You have been asked to consult with Holiday Emporiums’ internal IT team to help assess the potential viability of migrating IT assets and services to a Cloud Service Provider. The CIO of the organization has determined that Microsoft Azure is their only viable path at this time, considering all of their current architecture is built around Microsoft products, and established these other constraints which must be followed:

Use your knowledge of cloud services gained during this course to identify the appropriate method to migrate the below hardware assets. We discussed and configured the following Azure items which may help determine what cloud services to use in replacement of the current assets, and the lowest outcome Total Cost of Ownership (TCO):

• VM’s and VM sizes
• Virtual Networks
• Network Peering
• Virtual Gateways (VNet – VNet VPN and Site to VNet VPN)
• Load-Balancers
• App Services (Serverless Apps)
• Scaling VM’s and App Services
• Firewalls

All servers (web and SQL) are of the following specifications:

• 8-core CPU’s
• 4 TB HDD or SSD Storage (beyond the baked-in temporary storage)
• 32 GB RAM

Utilize the given I/O and request information to research the possibility of down-sizing certain compute resources (web and SQL), as well as potential scaling options for peak-season/off-season changes. Keep in mind, that App Services (Serverless Applications) might be a great solution for some of the below services, considering the variation of traffic and workload throughout the year.

Include the following Capital Expenditure in your ROI assessment: Holiday Emporium spends an additional average of $70,000 per year for tech-refresh of the IT assets listed below.

Assets/Services Requested for Migration:

1. There are currently three (3) regional hubs:
   1. California (Annual TCO = $75,000):
      1. Three (3) Load-Balanced, public web-hosting servers which handle approximately 10,000 requests per day during the periods of October – January (peak-season). During other months, requests dwindle to an average of 500 per day (off-season).
      2. One (1) VPN router connecting internal systems to the other two regional sites (2 connections), pushing approximately 2 TB I/O per month each, year-round.
      3. One (1) Firewall pushing approximately 4 TB I/O per month during the peak season, and 2 TB during off-season.
   2. Texas (Annual TCO = $100,000):
      1. Two (2) Load-Balanced, private web-hosting servers which provide employee access to local SQL databases. These servers handle approximately 1,000 requests per day, year-round, and push approximately 2 TB I/O per month, year-round.
      2. Four (4) SQL Databases with 4 TB of storage each. These DB’s are load-balanced in a 2×2 fashion. One set of DB’s is for customer data, the other set is for warehouse inventory tracking.
      3. One (1) VPN router connecting to the other two sites (2 connections), pushing approximately 2 TB I/O per month each, year-round.
      4. One (1) Firewall pushing approximately 2 TB I/O per month, year-round.
   3. Pennsylvania (Annual TCO = $50,000):
      1. Two (2) Load-Balanced, private web-hosting servers which provide general administration access for the company. These servers handle approximately 5,000 requests per day, year-round.
      2. One (1) VPN router connecting to the other two sites (2 connections), pushing approximately 1 TB I/O per month.
      3. One (1) Firewall pushing approximately 1 TB I/O per month.

Cost Analysis

One of the first steps in preparing a project plan for migration of assets and services to the cloud is to assess the potential Return on Investment (ROI). To do this (at a high level) is to simply identify what assets/services should be migrated, and calculate their cost over an appropriate period of time.

This factor of time will be different across industries and organizations, but generally a 1-3 year assessment will yield enough data to identify whether or not migration is in the best interest of your organization.

Using the above business case as a reference, utilize the to create a 1-year cost assessment to integrate into your ROI evaluation.

Assemble an itemized pricing inventory for all requested assets/services into a spreadsheet format (Excel or Google Sheets is appropriate). Azure Pricing Calculator can export your work into an Excel spreadsheet for further editing.

You will use this cost prediction to help determine whether or not cloud migration is a viable option for the Holiday Emporium.

You will need to investigate your options and perform additional research to make your determinations and service selections.

Summarize your findings and recommendations in a 300-500 word essay to be included with your deliverable.

Example of the Azure Pricing Calculator for Two SQL server VM’s with 100 million transactions for 1- year of usage

Exported spreadsheet of the calculated cost for the SQL servers shown above. Note the changes to description, and inclusion of the current cost listed on the right.

Activity Overview: In this graded activity, students will learn how to create an IPSec VPN tunnel on a Cisco network (via Packet Tracer). Students will configure end-to-end connectivity between two private networks, ISAKMP and IKE policies, and verify connectivity across the IPSec tunnel.

Activity Outcomes: After completing this activity students will be able to:

• Demonstrate configuration of IPSec S2S VPN tunnels
• Identify components of a functional S2S VPN
• Demonstrate verification of connectivity across S2S VPN

Deliverable: Upload all requested screenshots below, as a .pdf export from the editor of your choosing.

Naming convention: “lastnamefirstinitial_Activity#.pdf” e.g: “smithp_A1.1d.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

Virtual Private Networks

In a modern organization, workers need to have access from anywhere in the world. In addition, many organizations are geographically-dispersed globally. Much of the information workers need to access is heavily controlled by internal and external policies and regulatory guidance.

The best method for ensuring both global access and data security, is through the use of Virtual Private Networks (VPN). These logical “tunnels” create an encrypted path which disregards traditional public network-traversal. VPN also provides authentication and authorization services, to ensure the data is from a trusted source and has not been tampered with. There are many methods for establishing VPN, and in the course of this lab you will be provisioning one type of Site-to-Site IPSec tunnel using Cisco Packet Tracer.

As you progress through this activity, your instructor will request that you capture a screenshot periodically (on Mac OS: “command+shift+3” to capture the whole screen, or “command+shift+4” then drag the cursor over the area you would like to capture). These screenshots are part of your required deliverable and will be graded.

Install and run Cisco Packet Tracer

Go to the website and create an account. You need to create an account in order to download the latest version of Packet Tracer. Network Academy will very likely put a short (24-48hr) hold on your account while they validate the information, so get this account created ASAP. Failure to create your account prior to the final weekend is not an excuse for missing this deliverable. See below for the backup plan. Please watch the Week 4 Part 1 lecture for further guidance, if needed.

Once logged in, navigate to the “Getting Started with Packet Tracer” course via the search bar at the top of the screen. Sign up for the course, then once you’ve accessed it, scroll down the main area of the course until you see the link to download packet tracer. Then, select the version of Packet Tracer which is compatible with your current Operating System, and install.

If you have issues creating an account or downloading the latest version from either site, here is a direct Gdrive link to download the software:

These versions have “guest login” capability. They do not require any account to function – each file is limited to 3 saves, however.

0:00 / 38:40

1x

VPN Activity Walkthrough

Topology of the network you will be creating during this activity

Provision Resources in Packet Tracer

1. Once Packet Tracer is installed and running, create and connect these devices:

Three (3) 1941 Routers
Two (2) 2960 Switches
Two (2) PC Clients

Connect the clients (eth0) to the switches (fa0/1) with straight-through cables

Connect the switches (gi0/1) to the routers (gi0/1) with straight-through cables

Connect R1 (gi0/0) to R2 (gi0/0) with a cross-over cable

Connect R2 (gi0/1) to R3 (gi0/0) with a cross-over cable

2. Configure port access-modes on both switches:

Input the following commands on both S1 and S2:

“enable > conf t > interface fa0/1 > switchport mode access” (enables access-mode for the client connection)

“interface gi0/1 > switchport mode trunk” (enables trunk mode for the router connection)

“do write” (saves the running-configuration to the startup-configuration, “do” enables this command to be input at any privilege level)

3. Configure the Default Gateway and IP Address on both clients:

C1: IP Address 192.168.0.100, Default Gateway 192.168.0.1
C2: IP Address 192.168.1.100, Default Gateway 192.168.1.1

Example of Client 1 gateway settings

Example of Client 1 NIC settings

Configure Routers (Remember to save your CLI configurations OFTEN – “wr” or “do wr”)

1. Configuration inputs for the three routers:

Router 1:

hostname LNFI-R1 (names the device, global config)

interface g0/0 (“enable > conf t > interface g0/0”, interface config)
ip address 10.0.0.1 255.255.255.0 (gives this interface an IP address)
no shut (turns the interface on)

interface g0/1
ip address 192.168.0.1 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 10.0.0.2 (establishes a static route to R2 – the “public” router from any network to any network, Global Config)

Router 2 (this router only needs to know its own IP addresses):

hostname LNFI-R2

interface g0/0
ip address 10.0.0.2 255.255.255.0
no shut

interface g0/1
ip address 10.0.1.2 255.255.255.0
no shut

Router 3:

hostname LNFI-R3

interface g0/0
ip address 10.0.1.1 255.255.255.0
no shut

interface g0/1
ip address 192.168.1.1 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 10.0.1.2

Before moving forward, verify your connectivity from both clients to their respective gateway via “ping”, by clicking on the client, then entering the desktop tab and clicking on “command prompt”.

Try to ping the distant client from each side (C1->C2, C2->C1), and notice that the pings will not be able to reach their destination. This is because there is no actual routes established for the two private 192.168.x.x networks.

We’re going to fix that with our VPN configurations.

2. Install the Security License Module on all three (3) routers:

license boot module c1900 technology-package securityk9 (enable>conf t, global config)

Type “y” when prompted

Remember to write your running-config to the startup-config (“wr”), then type:

“reload” or “do reload” (depending on what configuration mode you are in) all three routers.

3. Configure IPsec on the routers at each end of the VPN tunnel (R1 and R3)

Router 1 (Global Config):

crypto isakmp policy 10 (establishes the policy to be configured)
encryption aes 256 (the type of encryption to be used in this policy)
authentication pre-share (establishes that this policy will use a pre-shared password)
group 5 (establishes the Diffie-Hellman group to be used for this policy)

crypto isakmp key Fullsail1! address 10.0.1.1 (establishes the pre-shared key and the router to be shared with)

crypto ipsec transform-set R3 esp-aes 256 esp-sha-hmac (establishes the combination of encryption and hashing to be used for this specific R1-R3 IPSec tunnel)

crypto map IPSEC 10 ipsec-isakmp (establishes the settings for the overall VPN tunnel)
set peer 10.0.1.1 (identifies what device will be allowed to peer with this map)
set pfs group5 (establishes the Diffie-Hellman group for perfect forward security)
set security-association lifetime seconds 86400 (lifespan of the established connection regardless of time-outs)
set transform-set R3 (links the previously created transform set to this map)
match address 100 (links the access-list 100 to this map to permit communication)

interface GigabitEthernet0/0
crypto map IPSEC (attaches the previously created crypto map to this interface)

access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 (creates the ACL for communication between private networks on either side of the VPN tunnel, Interface Config)

Router 3:

crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5

crypto isakmp key Fullsail1! address 10.0.0.1

crypto ipsec transform-set R1 esp-aes 256 esp-sha-hmac

crypto map IPSEC 10 ipsec-isakmp
set peer 10.0.0.1
set pfs group5
set security-association lifetime seconds 86400
set transform-set R1
match address 100

interface GigabitEthernet0/0
crypto map IPSEC

access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

Verify Connectivity and Tunnel Functionality

Once all configurations have been input and saved for each device, you can verify that the IPSec tunnel is up and functional in two ways:

1. Open the command prompt on each of your clients, then ping the distant client’s IP (Keep in mind you will likely have to ping multiple times before the IPSec tunnel establishes a connection):
   1. C1 -> C2 “ping 192.168.1.100” (SCREENSHOT)
   2. C2 -> C1 “ping 192.168.0.100” (SCREENSHOT)
2. Access the CLI for R1 and verify that the pings above have properly transversed the IPSec tunnel:
   1. In “enable” mode, type: “show crypto ipsec sa”
   2. There should be a number of packets listed by “pckts encap” and pckts encrypt” which demonstrates that the ping traversal was successful. (SCREENSHOT)
3. Repeat Step 2 on R3 (SCREENSHOT)

Example of “show crypto ipsec sa” output from Router 1 after successful transmission across the VPN tunnell

Required Screenshots and Configuration Text

Take your screenshots/copy running-config text after all configurations and lab steps have been completed.

1. Running-configurations: On each of the below devices (in “enable” mode) type: “show run”. Press spacebar until all of the information is listed and you are returned to the CLI prompt. Select all of the text output and copy this text into your deliverable document.
   1. Switch 1
   2. Switch 2
   3. Router 1
   4. Router 3
2. Take a screenshot of your successful PING outputs from:
   1. Client 1 to Client 2
   2. Client 2 to Client 1
3. Take a screenshot of the output from “show crypto ipsec sa” from:
   1. Router 1
   2. Router 3
4. Take a screenshot of your topology AFTER all connections have been verified functional (links should all be GREEN)

For you easy

Activity Overview: In this graded activity, students will determine subnet scopes, assess routing metrics and paths, identify aspects of ACL’s and Firewalls, and design an IPv4 address space.

Activity Outcomes: After completing this activity you should be able to

• Apply IP-Addressing conventions to subnet composition
• Identify ACL and Firewall rules, and their components
• Understand routing metrics and path determination
• Identify commonly used TCP/UDP ports (quiz)

Deliverable: Upload your answers to the items below as a .pdf export from the editor of your choosing. Then complete the external Lab 1.2.1 Knowledge Check.

Naming convention: “lastnamefirstinitial_L1.2.1.pdf” e.g: “smithp_L1.2.1.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

Grading Rubric:

40% – Subnet Scope Exercises

30% – IP-Address Space Design

20% – Routing Metrics and Path-Determination Exercises

10% – Document Organization, File Format, and File Naming Convention

Subnet Scope Exercises

Determine the Network ID, Host Range, and Broadcast ID for the following IP Addresses:

You are REQUIRED to utilize an online subnet calculator of your choosing, here are two: ()

or

YOUR ANSWERS MUST BE SCREENSHOTS FROM THE OUTPUT OF YOUR CHOSEN CALCULATOR

IP-Address Space Design

You are REQUIRED to utilize an online subnet calculator () or

Create a subnet scheme that includes the following:

A) Subnet scheme that can fit 200 subnets with a minimum size of 1,024 IP’s using a Class A private address space (10.x.x.x)

B) Subnet scheme that can fit 80 subnets with a minimum size of 256 IP’s each, using a Class B private address space (172.16.x.x)

C) 3 (three) subnets for Router-to-Router connections using private Class C /30 address space (192.168.x.x.)

YOUR ANSWERS MUST BE DELIVERED AS SCREENSHOTS FROM THE SUBNET CALCULATOR OUTPUT (THERE WILL BE FIVE(5) TOTAL)

Please join us for live lecture or watch the archive if you need a reminder on this process.

Routing Metric Exercise

Complete both sets of routing metric exercises below. The goal is to determine the path between each network with the lowest total “cost”. The metrics for each path are identified on each connecting line. See the example answer for possible formatting.

THERE ARE TWELVE(12) TOTAL ANSWERS FOR THIS SECTION OF THE ACTIVITY

Please refer to the Week 1 Part 1 Lecture recording if you have any questions.

• What is the most efficient path to take, based upon the metrics given? (Remember: the lower the metric, the more efficient the path, you can pass through networks to get to others)
  1. Network A – Network B
  2. Network A – Network C
  3. Network A – Network D
  4. Network B – Network C
  5. Network B – Network D
  6. Network C – Network D

Possible format “Router #(Total Path Cost)“:

“Network A – Network D: Router1(Total Cost 0), 2(1), 3(2), 5(4), 8(5), 10(6), Router11(Total Cost 8)”

So long as each path chosen is easily identified, formatting can be however the student deem fit. Students may screenshot the each diagram and trace out lines visually for each path (please color-code, or use a separate screenshot per path).

Use the image above to answer the first set of routing metric questions

• What is the most efficient path to take, based upon the metrics given?
  1. Network A – Network B
  2. Network A – Network C
  3. Network A – Network D
  4. Network B – Network C
  5. Network B – Network D
  6. Network C – Network D

Format “Router #(Total Path Cost)“:

“Network A – Network D: 1(0), 2(1), 3(2), 5(4), 8(5), 10(6), 11(8)”

Use the image above to answer the second set of routing metric questions

Activity Overview: In this graded activity, students will provision a virtual network, virtual machines, ACL/firewall rules, and their prerequisite components in Azure Cloud Platform. Students will then generate back up templates and connect to their compute resources remotely.

Activity Outcomes: After completing this activity will be able to

• Demonstrate configuration of cloud-based virtual network functions
• Demonstrate configuration of cloud-based ACL and firewall rules
• Demonstrate the creation of backup/templates in Azure
• Demonstrate remote connectivity to compute resources in the cloud

Deliverable: Upload all requested screenshots below, as a .pdf export from the editor of your choosing.

Naming convention: “lastnamefirstinitial_Assignment#.pdf” e.g: “smithp_A1.1.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

Provisioning Resources in Azure

Microsoft Azure Cloud Platform offers the ability to provision many cloud-based resources, including virtual appliances (VM’s and Containers), and virtual network functions (VNF). The process to create and configure these resources is reliable and quick within a cloud platform, so the reliance on our knowledge of theory and how these resources work together becomes paramount.

Follow this link to log in to the Azure Portal. Virtual Machines (and many other billed resources), must be disabled/deleted via the Azure dashboard to prevent continuous billing. Shutting down a VM within the OS will not disable them.

After you have completed this activity, you will delete all created resources, then verify with screenshots.

Do not create any resources unless you are specifically requested to. This runs a very high risk of your student account credits ($200 cap) being spent in their entirety, at which point you will no longer be able to access any of the resources required for this course, and future courses.

In this lab, you will be provisioning:

• One (1) Virtual Network
• Two (2) virtual NIC’s
• One (1) static public IP (VIP – standard SKU)
• One (1) firewall
• One (1) network security group
• One (1) private address spaces with two (2) subnets
• Two (2) Virtual Machines

Whenever you see “LNFI” input your last name and first initial (ex: smithp)

As you progress through this activity, your instructor will request that you capture a screenshot periodically (on Mac OS: “command+shift+3” to capture the whole screen, or “command+shift+4” then drag the cursor over the area you would like to capture). These screenshots are part of your required deliverable and will be graded.

Please attend or view Live Lecture (Week 2 Part 1) when available for the latest walkthrough. It is important to understand Cloud Service Provider (CSP) platforms change frequently, so the available recording here may look differently than what you see. You are welcome to use your best judgement to navigate any differences, or wait until the Live Lecture recording becomes available for further elaboration.

Diagram of Activity Outcome

Lab Steps and Configuration Requirements

1. Resource Group
   1. Name: LNFI-MMYYYY
   2. Region: ANY REGION THAT ALLOWS YOU TO CREATE VM’S, I use “East” as a naming example here
2. Public IP
   1. SKU: Standard (Static)
   2. Name: cnw-region-PIP-LNFI
   3. DNS name label: cnwLNFI
   4. Resource Group: Use the one created above
   5. Availability Zone: Zone-redundant
3. Virtual Network
   1. Name: cnw-east-LNFI “east” or whatever region you are using
   2. Address Space: 10.0.1.0 /24
   3. Subnet: 10.0.1.64 /26
      1. Name: cnw-east-compute-LFNI
   4. Firewall: Enabled
      1. Name: cnw-east-fw-LNFI
      2. Firewall Subnet Address Space: 10.0.1.0 /26
      3. Public IP Address: Use Existing (the PIP created above)
4. Network Interface 1
   1. Name: cnw-east-client01
   2. Virtual Network: Same as above
   3. Subnet: cnw-east-compute…
   4. Static address assignment
   5. Private IP Address: 10.0.1.80
   6. Network Security Group: None
   7. Resource Group: Same as above
5. Network Interface 2 (same as above unless noted below)
   1. Name: cnw-east-websrv
   2. Private IP Address: 10.0.1.70
6. Network Security Group
   1. Name: cnw-east-compute
   2. Resource Group: Same as above
7. Configure Network Security Group – Apply to Subnet:
   1. Virtual Network: Network created above
   2. Subnet: cnw-east-compute…
8. Configure inbound rule for NSG (to allow Remote Desktop Connections)
   1. Add Inbound Security Rule:
      1. Source: IP Addresses
      2. Source IP: Public IP on your end (use the link above to identify it)
      3. Source Port Ranges: * (* means ALL)
      4. Destination: Service Tag
      5. Destination: VirtualNetwork
      6. Destination Port Ranges: 3389
      7. Protocol: Any
      8. Action: Allow
      9. Priority: 100
      10. Name: RDP_in_allow
      11. Description: in your own words
9. Firewall Rules > Add NAT Rule Collection
   1. “cnw-east-compute-LFNI” Priority 100
      1. Rule 1:
         1. Name: RDP-allow-websrv
         2. Protocol: TCP, UDP
         3. Source Address: (your public IP)
         4. Destination Address: (Azure Public IP)
         5. Destination Port: 33890
         6. Translated Address: 10.0.1.70
         7. Translated Port: 3389
      2. Rule 2 (same as above unless otherwise noted):
         1. Name: RDP-allow-client01
         2. Destination Port: 33891
         3. Translated Address: 10.0.1.80
10. Virtual Machine 1 (These will auto-generate a new NIC which you will remove and replace with the earlier NIC’s you’ve created)
    1. Name: cnw-client01
    2. Region: East US
    3. User Name: LNFI
    4. Password: Fullsail11!!
    5. Availability Options: None
    6. Image: Windows 10 Enterprise, 22h2, any generation – Note that any version of Windows 10 should be okay if those aren’t listed for you
    7. Size: Standard D2s_v3
    8. Disks: Standard SSD, Use Managed Disks
    9. Network: cnw-east-compute
    10. Public IP: NO
    11. NIC Security Group: None
    12. Management: All options OFF, Security: Basic
    13. Advanced: All options OFF
11. Virtual Machine 2 (These will auto-generate a new NIC which you will remove and replace with the earlier NIC’s you’ve created)
    1. Name: cnw-websrv
    2. Region: East US
    3. Username and Password: same as above
    4. Availability Options: None
    5. Image: Windows Server 2019, 2022, or 2025 (2025 may or may not work, but any version of these OS’ should be okay, see the walkthrough for more detail)
    6. Size: Standard D2s v3
    7. Disks: Standard SSD, Use Managed Disks
    8. Network: cnw-east-compute
    9. Public IP: NO
    10. NIC Security Group: None
    11. Management: All options OFF, Security: Basic
    12. Advanced: All options OFF

Final Configurations and Testing

1. Go to the Virtual Machine overview and select “STOP” at the top of the list, this will turn the VM’s off. (may take a couple of minutes)
2. Go to each of the VM’s overview and select “Networking”
   1. Attach the NIC you’ve previously created for the VM you are configuring.
   2. Once the new NIC is attached, detach the auto-generated one.
3. Go to Network Interfaces in the sidebar, and delete both of the auto-generated NIC’s
4. Go to Virtual Networks in the sidebar, select your virtual network
   1. Select DNS Servers, change to “Custom”
   2. Input two DNS Servers: 10.0.1.70 and 8.8.8.8
   3. Be sure to save your changes
5. Go to Virtual Machine overview and select “START” for both VM’s. (this may take a couple of minutes)
6. Download the Microsoft Remote Desktop client applicable for your computer
   1. Select “+” to add a new RDP connection
   2. Connection Name: CNW-websrv
   3. PC Name: x.x.x.x:33890 (x.x.x.x = your Azure public IP)
   4. No gateway configured
   5. User name and password: As configured for each VM above
   6. Close out the configuration window, and double click to connect to your server
   7. Repeat this procress for your client machine
      1. Connection Name: CNW-client01
      2. PC Name: x.x.x.x:33891 (x.x.x.x = same IP as above)
      3. Close out the window and connect to your client

PLEASE NOTE: If you have verified that your NSG and ingress access rules are configured correctly, but still cannot RDP into your VM’s, please just note that RDP was not able to connect and any troubleshooting steps you took, in place of the RDP screenshots. Sometimes, depending on the network a student is using, RDP is unable to traverse the home network or hot-spots.

Required Screenshots

The following screenshots should show the configurations identified in lab, for each component (PLEASE NUMBER AND LABEL YOUR SCREENSHOTS):

1. Resource Groups – Resource Group “LNFI-MMYYYY” Properties Page (showing all provisioned resources for this activity)
2. Public IP’s – Public IP “cnw-east-PIP-LNFI” Overview Page
3. Virtual Networks – Virtual Network “cnw-east-LNFI” Overview Page
   1. Subnets Page – showing the two configured subnets
   2. Diagram Page – showing 2 VM’s, 2 NIC’s, 1 NSG, 2 Subnets
4. Network Interfaces – List of both NIC’s created (conforming to lab requirements)
5. Net Security Groups – NSG “cnw-east-compute” Overview Page
   
6. Firewalls – “cnw-east-fw-LNFI” > Rules > NAT Rule list for “cnw-east-compute-LNFI” showing the two RDP inbound rule configurations
7. Virtual Machines:
   1. Overview page for CNW-CLIENT01
   2. Overview page for CNW-WEBSRV
8. While connect to each VM via RDP:
   1. “ipconfig /all” on CNW-WEBSRV
   2. “ipconfig /all” on CNW-CLIENT01
   3. PLEASE NOTE: If you have verified that your NSG and ingress access rules are configured correctly, but still cannot RDP into your VM’s, please just note that RDP was not able to connect and any troubleshooting steps you took, in place of the RDP screenshots. Sometimes, depending on the network a student is using, RDP is unable to traverse the home network or hot-spots.
9. All Resources Page showing all resources deleted (not on the list)

There should be 13 individual screenshots.

Activity Overview: In this graded activity, students will learn how to create a publicly-accessible load-balancing solution in a cloud environment. Students will provision the resources necessary through Azure Portal, then configure them via PowerShell CLI (via Run Command) and Azure Portal.

Activity Outcomes: After completing this activity students will be able to:

• Demonstrate configuration cloud-based network resources
• Demonstrate configuration of a cloud-based load-balancer
• Demonstrate web-hosting principles

Deliverable: Upload all requested screenshots below, as a .pdf export from the editor of your choosing.

Naming convention: “lastnamefirstinitial_Assignment#.pdf” e.g: “smithp_A1.1.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

Load-Balancing in Azure

Part of the advantage in hosting an environment on a Cloud platform is the ease of access to resources from anywhere in the world. In order to leverage this advantage, organizations must provide publicly-accessible web content in a highly-available, scalable, yet cost-efficient manner. Technicians must be familiar with many of these deployment models, along with the various methods to implement them.

Load-Balancing is a necessary solution to maintain availability of publicly accessible resources. These configurations also allow for transparent “scale-out, scale-in” provisioning as the need for more back-end resources arises.

Follow this link to log in to the Azure Portal. Virtual Machines (and many other billed resources), must be disabled/deleted via the Azure dashboard to prevent continuous billing. Shutting down a VM within the OS will not disable them.

After you have completed this activity, you will delete all created resources, then verify with screenshots.

Do not create any resources unless you are specifically requested to. This runs a very high risk of your student account credits ($100 cap) being spent in their entirety, at which point you will no longer be able to access any of the resources required for this course, and future courses. Please contact your instructor ASAP if this occurs.

In this lab, you will be provisioning:

• One (1) Resource Group
• One (1) Virtual Network
• One (1) Load-Balancer
• One (1) Public IP
• One (1) Network Security Group
• Two (2) Virtual Machines

As you progress through this activity, your instructor may request that you capture a screenshot periodically (on Mac OS: “command+shift+3” to capture the whole screen, or “command+shift+4” then drag the cursor over the area you would like to capture). These screenshots are part of your required deliverable and will be graded.

Please attend or view Live Lecture (Week 3 Part 1) when available for the latest walkthrough. It is important to understand Cloud Service Provider (CSP) platforms change frequently, so the available recording here may look differently than what you see. You are welcome to use your best judgement to navigate any differences, or wait until the Live Lecture recording becomes available for further elaboration.

Provision Resources via Azure Portal

1. 
   Wherever you see “LNFI”, input your last name followed by your first initial (e.g. cnw-lb-LNFI = cnw-lb-smithp)
   1. Create a new Resource Group
      1. name: cnw-lb-LNFI
      2. location: westus3 (or any region that allows VM creation)
   2. Create a new Virtual Network
      1. name: cnw-LNFI
      2. resource-group: cnw-lb-LNFI
      3. address-prefixes: 10.0.0.0/24
      4. subnet-name: cnw-web
      5. subnet-prefix: 10.0.0.64/26
2. Create a new Public IP named “lb-pip” – This must match the Standard SKU of your Load Balander
3. Create a Load Balancer
   1. Name: cnw-lb
   2. Region: West US 3
   3. SKU: Standard
   4. Type: Public
   5. Tier: Regional
   6. Public IP Address: “lb-pip” (Use Existing) there may be an issue using a pre-created Public IP, in which case create a new public IP in this wizard.
   7. SKIP the rest of the configuration options during the creation of the Load Balancer, we will be configuring the items below after it has been provisioned.
4. Configure Load Balancer Functions
   1. Create a new backend pool
      1. Name: cnw-VMbackend
   2. Create a new health probe
      1. Name: cnw-VMHP
      2. Protocol: TCP
      3. External / Frontend Port: 80
      4. Internal / Backend Port: 80
      5. Interval: 5 seconds
   3. Create a new load balancing rule
      1. Name: cnw-LB-http
      2. Backend Pool: cnw-VMbackend
      3. Frontend / External Port: 80
      4. Backend / Internal Port: 80
      5. Health Probe: cnw-VMHP
5. Create a new Network Security Group
   1. Name: cnw-webNSG
   2. Location: West US 3 (or the region you’ve selected)
   3. Create a new Inbound Security Rule
      1. Source: Service Tag
      2. Source ST: Internet
      3. Source Ports: *
      4. Destination: Any
      5. Destination Port Ranges: 80
      6. Protocol: Any
      7. Action: Allow
      8. Priority: 100
      9. Name: inbound_allow
   4. Associate the NSG to the “cnw-web” Subnet
6. Create Virtual Machines (2)
   1. VM 1 Name: web01 / VM 2 Name: web02
   2. Region: West US 3 (or the region in which you are working)
   3. Availability Options: None
   4. OS: Windows Server (any datacenter version, 2025 may not work)
   5. OS Disk Type: Standard SSD
   6. Use Managed Disks: Yes
   7. Virtual Network: cnw-LNFI
   8. Subnet: cnw-web
   9. Public IP: None – Important
   10. NIC NSG: None
   11. Place VM behind existing LB solution: Yes
   12. Options: Azure Load Balancer
   13. Load Balancer: cnw-lb-LNFI
   14. Backend Pool: cnw-VMbackend
   15. Management: All options OFF

Be sure to double-check the above VM settings on the “Review+Create” page, as provisioning certain VM configurations may change previously set ones.

Configure IIS via “Run Command”

It is possible to configure a virtual machine without the need for SSH or RDP, through Azure’s “Run Command” option within the Azure Portal. This is an extremely useful tool when a VM cannot be connected to while troubleshooting through normal remote means.

Complete the following steps on both of your provisioned VM’s:

1. From the Azure Portal, select the VM
2. Under “Operations” select “Run Command”
3. Select “RunPowerShellScript”
4. Copy and paste the following command string (all three lines):

Install-WindowsFeature -name Web-Server -IncludeManagementTools

remove-item C:inetpubwwwrootiisstart.htm

Add-Content -Path “C:inetpubwwwrootiisstart.htm” -Value $(“Hello World from ” + $env:computername)

This process will take a few minutes, but you can proceed to the second VM in another tab while the first script runs. You will need screenshots of the output for both VM’s once the commands are successful.

Verify HTTP Connectivity and Load-Balancing

1. Navigate to your Load Balancer’s Overview page and copy the front-end public IP
2. Open your browser and paste the public IP to access the load-balanced website
3. Check to see which VM is posting the webpage by the name displayed
4. Reload the website a few times to see if the VM name changes (this may take quite a few reloads). It’s possible that your browser cached the first page to load, and reloading will not show the other VM’s website.
5. If the page isn’t alternating, go to your Virtual Machines and select “Stop” on the VM that is showing up when you access the website.
6. Once the VM is fully stopped, reload the website and you should see the other VM’s name.
7. To force this on the other VM, simply swap which VM is “On”

Required Screenshots

Take your screenshots after all configurations and lab steps have been completed.

The following screenshots should show the configurations identified in lab:

1. Virtual Machines
   1. Overview for cnw-LNFI-web01
   2. Overview for cnw-LNFI-web02
2. Virtual Networks
   1. Diagram for cnw-lb-LNFI
3. Network Security Groups
   1. Inbound Security Rules
   2. Subnets
4. Load Balancers
   1. Overview
   2. Backend Pools (with the list expanded to show both VM’s)
   3. Load Balancing Rules
5. Screenshot of web browser accessing:
   1. cnw-LNFI-web01
   2. cnw-LNFI-web02
6. All Resources
   1. Showing all provisioned resources for this lab deleted

There should be 11 individual screenshots.

Activity Overview: In this graded activity, students will learn how to publicly host web-content via two alternative methodologies. Students will host a static website directly via storage, and a server-less application.

Activity Outcomes: After completing this activity will be able to

• Demonstrate configuration of storage accounts
• Demonstrate configuration of server-less applications
• Demonstrate web-hosting principles

Deliverable: Upload all requested screenshots below, as a .pdf export from the editor of your choosing.

Naming convention: “lastnamefirstinitial_Activity#.pdf” e.g: “smithp_A1.1.pdf”

Be sure to include your name, student number, and course (CNW-2511) at the top of your document.

Hosting Web Content in Azure

Part of the advantage in hosting an environment on a Cloud platform is the ease of access to resources from anywhere in the world. In order to leverage this advantage, organizations must provide publicly-accessible web content in a highly-available, scalable, yet cost-efficient manner. Technicians must be familiar with many of these deployment models, along with the various methods to implement them.

Utilizing a Command-Line Interface (CLI) is often preferable to a Graphical User Interface (GUI) in a production environment. Provisioning, automation, and configuration become far more efficient when a technician can perform tasks in this way.

Follow this link to log in to the Azure Portal. Virtual Machines (and many other billed resources), must be disabled/deleted via the Azure dashboard to prevent continuous billing. Shutting down a VM within the OS will not disable them.

After you have completed this activity, you will delete all created resources, then verify with screenshots.

Do not create any resources unless you are specifically requested to. This runs a very high risk of your student account credits ($100 cap) being spent in their entirety, at which point you will no longer be able to access any of the resources required for this course, and future courses.

In this lab, you will be provisioning:

• One (1) Resource Group
• One (1) Storage Account
• One (1) Storage Blob
• One (1) App Service Plan
• One (1) App Service

As you progress through this activity, your instructor may request that you capture a screenshot periodically (on Mac OS: “command+shift+3” to capture the whole screen, or “command+shift+4” then drag the cursor over the area you would like to capture). These screenshots are part of your required deliverable and will be graded.

Please attend or view Live Lecture (Week 3 Part 1) when available for the latest walkthrough. It is important to understand Cloud Service Provider (CSP) platforms change frequently, so the available recording here may look differently than what you see. You are welcome to use your best judgement to navigate any differences, or wait until the Live Lecture recording becomes available for further elaboration.

Host a Static Website via Storage

1. Create a new Resource Group
   1. Region: East US 2
   2. Name: CNW-WEB
2. Create a new Storage Account
   1. Resource Group: CNW-WEB
   2. Storage Acct Name: “firstinitiallastname”web
   3. Location: East US 2
   4. Performance: Standard
   5. Account Kind: StorageV2
   6. Replication: Locally Redundant (LRS) or no redundancy, if available
   7. Access-Tier: Standard (Whichever option is least expensive, this is considered Cool storage)
      
3. Create a Static Website from within the Storage Account
   1. In the sidebar, under “Data Management” click “Static Website”
   2. Click “Enabled”
   3. Index Document Name: “index.html”
   4. Note the Primary Endpoint URL (this is the public URL to access your static website)
   5. Access “$web” container and upload “index.html” (download the .zip below and extract)
   6. Leave upload blob setting as their defaults
4. Access your static website via the Endpoint URL (great color, huh!?) – screenshot
5. Return to to “Data Management > Static Website” and click “$web” to access the container
6. Click “Index.html” then select “Edit Blob”
7. On line 19, change the “bgcolor” Hex value to “FFFF00” (yellow) and click “Save” – screenshot
8. Access your website URL to see the changes (you may need to reload a few times)

• 1 KB

Host a Website via Server-less App

1. Create an App Service Plan
   1. Name: “firstinitiallastname“web
   2. Resource Group: CNW-WEB
   3. OS: Windows
   4. Location: Central US
   5. Pricing Tier: F1 Free
2. Create an App Service
   1. Name: cnw1″firstinitiallastname“
   2. Resource Group: CNW-WEB
   3. App Service Plan: The plan you just created (should be selected by default)
   4. Application Insights: Disabled
   5. OS: Windows
   6. Runtime Stack: .NET Core 2.1 (or the nearest version if 2.1 is not available)
3. Configure App Service to display static website
   1. Navigate to your storage blob website
   2. Right click on the page, and select “View Page Source”
   3. Select all (cmd+a), then copy (cmd+c)
   4. Navigate back to your App Service
   5. In the sidebar, select “Development Tools > App Service Editor”
   6. Click “Go”
   7. Select “WWWROOT > hostingstart.html”
   8. Select all (cmd+a), then paste the copied html from step C
   9. On line 19 or 20, change the “bgcolor” hex value to “F00200” (red)
   10. Navigate to the App Service’s public URL (which can be found on the overview page) – it should be “cnw1firstinitallastname.azurewebsites.net”

Required Screenshots

The following screenshots should show the configurations identified in lab, for each component:

1. Storage Account
   1. Overview page
   2. Static Website page
2. Browser displaying the blob-hosted website (purple) – be sure to capture the entire browser window
3. Browser displaying the blob-hosted website (yellow) – be sure to capture the entire browser window.
4. App Service Plan Overview page
5. App Services
   1. Overview page
   2. App Services Editor displaying HTML for the hosted website
6. Browser displaying the App Services-hosted website (red) – be sure to capture the entire browser window
7. All Resources page showing that all resources have been completely deleted (it should be empty)

There should be 9 individual screenshots.

Solve the the assignment

“Saya ingin memahami rumus dan langkah-langkah menghitung luas segitiga sama sisi. Jika diketahui panjang sisi adalah 6 cm, berapakah luasnya? Mohon jelaskan dengan jea de