Application Security Groups (ASG) are a feature within Azure that helps simplify the management of Network Security Group (NSG) rules. In this lab, you will have the opportunity to learn about how to create and implement an ASG for some pre-configured network resources. After completing this lab, you will be familiar with the purpose of an ASG, how to create one, and how to associate it with a virtual machine and NSG.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create an Application Security Group
Use the Azure Portal to perform the following tasks. Please log in with the credentials provided to you for this lab.
Please take note of the region in use for all of the resources that have been deployed for you, as we will need to use the same region in the following steps.
Create an Application Security Group
- Click on the + Create a resource option.
- Search for application security group.
- Choose the Application security group option. Then click on ‘Create’
- Create the application security group with the following settings:
- Subscription: Select the existing subscription.
- Resource group: Select the existing resource group.
- Name: Enter webvms-asg.
- Region: Select the region in use for your existing resources.
- Click on Review + create.
- Associate WEBVM1 with the Application Security Group
Use the Azure Portal to perform the following tasks. Please log in with the credentials provided to you for this lab.
We need to associate our WEBVM1 with the application security group that we just created.
Associate WEBVM1 with the Application Security Group
- Click on Virtual machines option.
- Select the provided virtual machine.
- Click on Networking.
- Choose the Application security groups.
- From the dropdown that appears, select the security group that we created. Then select Save.
- Update the Network Security Group to Use the Application Security Group
Use the Azure Portal to perform the following tasks. Please log in with the credentials provided to you for this lab.
Update the Network Security Group to use the Application Security Group
- Navigate to the network security group,
shared-nsg, which has been created for you. You may search forshared-nsg, access via all resources, or through the Network Security Groups service page. - Click on Inbound security rules in the Settings section of the resource menu on the left-hand side.
- Click on the existing rule,
allow_rdp_webservers, within the working pane (middle of the screen). - Set the Destination to be Application security group.
- Select
webvms-asg, which you created in a previous objective, for the Destination application security group. - Click on Save.
Note: You may now choose to verify that the network security group is working as expected by connecting to
webvm1using RDP.To do so, use an RDP client from your computer, and connect via the public IP address.
The credentials are as follows:
- Username:
azureuser - Password: (Use password provided in the credentials section)
