Hands-On Azure Labs: Building Redundant Cloud Solutions
This PREMIUM COLLECTION of interactive and interconnected hands-on Azure labs guides you through the end-to-end deployment of a fully redundant, multi-region web application—an essential skill set for IT professionals.
Lab Overview
Are you ready to elevate your Azure cloud expertise with real-world, hands-on experience? This interactive and interconnected hands-on Azure lab course guides you through the end-to-end deployment of a fully redundant, multi-region web application—an essential skill set for cloud engineers, architects, and IT professionals.
This hands-on Azure training course is designed for IT professionals who want to go beyond theory and apply practical Azure solutions in a structured, hands-on Azure environment. Whether you’re preparing for an Azure certification, expanding your cloud engineering skills, or adding real-world experience to your resume, this course will equip you with the expertise to design, deploy, and manage enterprise-grade cloud architectures in Microsoft Azure.
Module 1: Build Network Infrastructure
In this section, you will build the foundational network infrastructure for the cloud environment by deploying a resource group, virtual networks, subnets, and NAT gateways. These components will serve as the backbone for all subsequent deployments, ensuring proper organization, security, and scalability.
LAB 1: Deploy a Resource Group in Azure for the Project
In this lab, you will create a resource group that will serve as the primary management container for all resources deployed throughout this course. A resource group in Azure provides a structured way to organize, monitor, and control related resources as a single unit. This setup allows for centralized administration, making it easier to manage access, enforce security policies, track costs, and apply configurations consistently across all resources. By deploying a resource group at the start of the course, you establish a foundation for the infrastructure that will be built in subsequent labs.
LAB 2: Deploy a Virtual Network and Subnet in West US
In this lab, you’ll deploy a virtual network and subnet to establish the foundational network infrastructure for resources in the West US region. This configuration will ensure that virtual machines and other components can communicate securely while maintaining network segmentation for improved organization and performance. By setting up this virtual network, you’ll create an isolated, structured environment to support the deployment of a highly available and geographically distributed web application.
LAB 3: Deploy a Virtual Network and Subnet in East US
In this lab, you’ll deploy a virtual network and subnet to establish the foundational network infrastructure for resources in the East US region. This configuration will ensure that virtual machines and other components can communicate securely while maintaining network segmentation for improved organization and performance. By setting up this virtual network, you’ll create an isolated, structured environment to support the deployment of a highly available and geographically distributed web application.
LAB 4: Deploy a NAT Gateway in the West US Region
In this lab, you’ll deploy a NAT gateway to provide secure and scalable outbound internet connectivity for virtual machines that will be deployed in the West US region later in this course. This configuration ensures that all outbound traffic is routed through a single, managed gateway rather than relying on individual public IP addresses for each virtual machine. This approach improves security, simplifies network management, and ensures a consistent outbound IP address for internet-based communication.
LAB 5: Deploy a NAT Gateway in the East US Region
In this lab, you’ll deploy another NAT gateway to provide secure and scalable outbound internet connectivity for virtual machines that will be deployed in the East US region later in this course. This configuration ensures that all outbound traffic is routed through a single, managed gateway rather than relying on individual public IP addresses for each virtual machine. This approach improves security, simplifies network management, and ensures a consistent outbound IP address for internet-based communication.
Module 2: Deploy Azure Bastion
In this section, you’ll configure virtual network peering between vNet-West and vNet-East and then deploy Azure Bastion to provide secure remote access to your virtual machines without exposing them to the public internet.
LAB 6: Connect Virtual Networks with vNet Peering Connection
In this lab, you’ll configure vNet peering to establish connectivity between the virtual networks that you deployed in the West US and East US regions. This setup will allow seamless and secure communication between resources in both regions without requiring VPN gateways, public IP addresses, or additional networking appliances.
LAB 7: Perform an Automated Azure Bastion Deployment
In this lab, you’ll deploy Azure Bastion to establish a secure, fully managed remote access solution for virtual machines in your cloud environment. By implementing Bastion, you’ll eliminate the need for public IP addresses on virtual machines, reducing exposure to external threats while enabling browser-based RDP and SSH access through the Azure portal.
Module 3: Deploy and Configure Load Balancers
In this section, you’ll deploy and configure two public Azure Load Balancers—one in the West US region and one in the East US region. These load balancers will distribute incoming traffic across the virtual machines in their respective regions, ensuring that requests are handled efficiently and reliably.
LAB 8: Deploy and Configure a Public Load Balancer in West US
In this lab, you’ll deploy and configure a public load balancer in the West US region to distribute incoming web traffic across multiple virtual machines that will be deployed later. This load balancer will ensure that requests are evenly distributed, improving the performance, availability, and fault tolerance of the web application. By implementing a load balancer, the infrastructure will be better equipped to handle traffic fluctuations while preventing service disruptions in the event of a virtual machine failure.
LAB 9: Deploy and Configure a Public Load Balancer in East US
In this lab, you’ll deploy and configure a public load balancer in the East US region to distribute incoming web traffic across multiple virtual machines that will be deployed later. This load balancer will ensure that requests are evenly distributed, improving the performance, availability, and fault tolerance of the web application. By implementing a load balancer, the infrastructure will be better equipped to handle traffic fluctuations while preventing service disruptions in the event of a virtual machine failure.
Module 4: Deploy Resilient Azure VMs in West US
In this section, you’ll deploy and configure two West US virtual machines that will serve as two of the four web servers for your distributed web application. As part of this deployment, you’ll install Internet Information Services on them remotely and add them to the backend pool of the LB-West load balancer.
LAB 10: Deploy and Configure the WEST01 Virtual Machine
In this lab, you’ll deploy and configure a Windows Server 2019 virtual machine named WEST01 in the West US region. This virtual machine will be placed within an availability set to enhance redundancy and fault tolerance. It will serve as one of the backend instances for the load-balanced web application, ensuring that incoming traffic can be distributed efficiently. This deployment is a crucial step in building a scalable and resilient cloud infrastructure.
LAB 11: Install IIS on WEST01 Remotely via PowerShell
In this lab, you’ll install Internet Information Services on the WEST01 virtual machine using the Run Command feature in the Azure portal. This allows remote installation without requiring direct RDP access, providing a secure and efficient way to configure web services. Installing Internet Information Services on WEST01 is a crucial step in setting up the web infrastructure for the distributed cloud-based application.
LAB 12: Deploy and Configure the WEST02 Virtual Machine
In this lab, you’ll deploy another NAT gateway to provide secure and scalable outbound internet connectivity for virtual machines that will be deployed in the East US region later in this course. This configuration ensures that all outbound traffic is routed through a single,
In this lab, you’ll deploy and configure a Windows Server 2019 virtual machine named WEST02 in the West US region. This virtual machine will be placed within an availability set to enhance redundancy and fault tolerance, and it will serve as one of the backend instances for the load-balanced web application, ensuring that incoming traffic can be distributed efficiently.
LAB 13: Install IIS on WEST02 Remotely via PowerShell
In this lab, you’ll install Internet Information Services on the WEST02 virtual machine using the Run Command feature in the Azure portal. This allows remote installation without requiring direct RDP access, providing a secure and efficient way to configure web services. Installing Internet Information Services on WEST02 is a crucial step in setting up the web infrastructure for the distributed cloud-based application.
Module 5: Deploy Resilient Azure VMs in East US
In this section, you’ll deploy and configure two East US virtual machines that will serve as two of the four web servers for your distributed web application. As part of this deployment, you’ll install Internet Information Services on them remotely and add them to the backend pool of the LB-East load balancer.
LAB 14: Deploy and Configure the EAST01 Virtual Machine
In this lab, you’ll deploy and configure a Windows Server 2019 virtual machine named EAST01 in the East US region. This virtual machine will be placed within an availability set to enhance redundancy and fault tolerance. It will serve as one of the backend instances for the load-balanced web application, ensuring that incoming traffic can be distributed efficiently. This deployment is a crucial step in building a scalable and resilient cloud infrastructure.
LAB 15: Install IIS on EAST01 Remotely via PowerShell
In this lab, you’ll install Internet Information Services on the EAST01 virtual machine using the Run Command feature in the Azure portal. This allows remote installation without requiring direct RDP access, providing a secure and efficient way to configure web services. Installing Internet Information Services on EAST01 is a crucial step in setting up the web infrastructure for the distributed cloud-based application.
LAB 16: Deploy and Configure the EAST02 Virtual Machine
In this lab, you’ll deploy and configure a Windows Server 2019 virtual machine named EAST02 in the East US region. This virtual machine will be placed within an availability set to enhance redundancy and fault tolerance. It will serve as one of the backend instances for the load-balanced web application, ensuring that incoming traffic can be distributed efficiently. This deployment is a crucial step in building a scalable and resilient cloud infrastructure.
LAB 17: Install IIS on EAST02 Remotely via PowerShell
In this lab, you’ll install Internet Information Services on the EAST02 virtual machine using the Run Command feature in the Azure portal. This allows remote installation without requiring direct RDP access, providing a secure and efficient way to configure web services. Installing Internet Information Services on EAST02 is a crucial step in setting up the web infrastructure for the distributed cloud-based application.
Module 6: Test Load Balancers
In this section, you’ll configure the private IP addresses of the four virtual machines as static to prevent IP changes that could cause disruptions in network configurations, load balancing, and traffic rules. You’ll then test the load balancing functionality of both LB-West and LB-East.
LAB 18: Ensure Virtual Machine IP Addresses Are Static
In this lab, you’ll configure the private IP addresses of all deployed virtual machines to use static allocation. This ensures that each virtual machine retains a consistent private IP address, preventing potential disruptions to networking configurations.
LAB 19: Test Load Balancing Functionality in West US
In this lab, you’ll test the load balancing functionality of LB-West to ensure that traffic is properly distributed between the WEST01 and WEST02 virtual machines. This verification process involves confirming that incoming requests are routed to both virtual machines and simulating a failure scenario to observe how the load balancer automatically redirects traffic when one of the VMs becomes unavailable.
LAB 20: Test Load Balancing Functionality in East US
In this lab, you’ll test the load balancing functionality of LB-East to ensure that traffic is properly distributed between the EAST01 and EAST02 virtual machines. This verification process involves confirming that incoming requests are routed to both virtual machines and simulating a failure scenario to observe how the load balancer automatically redirects traffic when one of the VMs becomes unavailable.
Module 7: Deploy & Configure Azure Blob Storage
In this section, you’ll deploy and configure Azure Storage Accounts to provide scalable and highly available blob storage for your distributed website. More specifically, you’ll create two Azure Storage Accounts—one in the West US region and one in the East US region. Each storage account will contain a blob storage container named “images,” which will serve as a repository for storing website images that the virtual machines will serve up to website visitors.
LAB 21: Deploy Blob Storage in the West US Region
In this lab, you’ll deploy a storage account in the West US region to serve as part of a repository for website images. This storage account will contain a blob container and will later be integrated with Azure Front Door CDN to optimize content delivery. By setting up this storage account and enabling anonymous access at the container level, you’ll ensure that website images can be accessed efficiently without requiring authentication. This step is essential for building a scalable and highly available web infrastructure.
LAB 22: Deploy Blob Storage in the East US Region
In this lab, you’ll deploy a storage account in the East US region to serve as part of a repository for website images. This storage account will contain a blob container and will later be integrated with Azure Front Door CDN to optimize content delivery.
LAB 23: Configure Blob Storage Object Replication Between Regions
In this lab, you’ll configure Azure Blob Storage object replication to ensure that all website images stored in the images container of the surfcitywest999 storage account are continuously synchronized to the images container in the surfcityeast999 storage account. This replication process allows for automatic synchronization of all images between the two storage accounts, ensuring that the web application maintains consistent content across regions without requiring manual file transfers.
Module 8: Deploy and Configure Azure Front Door CDN
In this section, you’ll deploy and configure Azure Front Door CDN to optimize image delivery for your web application. Rather than having virtual machines displaying images directly from storage accounts, Azure Front Door will serve as the primary distribution service, reducing latency, improving scalability, and lowering storage access costs.
You’ll begin by deploying an Azure Front Door CDN profile and setting surfcitywest999 as the initial storage origin. Caching and compression will be enabled to optimize content delivery by storing frequently accessed images at edge locations and reducing file sizes. Next, you’ll enhance availability and resilience by adding surfcityeast999 as a secondary origin, ensuring failover protection. Finally, you’ll configure a custom domain for the CDN, allowing images to be accessed using a dedicated subdomain instead of a generic Azure-provided URL.
LAB 24: Deploy and Configure an Azure Front Door CDN Profile
In this lab, you’ll deploy and configure an Azure Front Door CDN profile named WebsiteImages to serve as the primary content distribution network for website images. Instead of virtual machines retrieving images directly from storage accounts, this setup ensures that all images are delivered through a globally optimized endpoint. This approach improves performance, reduces latency, and minimizes direct storage access costs by leveraging Azure’s content delivery network.
LAB 25: Add a Second Origin to the Azure Front Door CDN
In this lab, you’ll enhance the Azure Front Door CDN configuration by adding surfcityeast999 as a second origin in the default origin group. This adjustment ensures redundancy for website images, allowing traffic to be routed to an alternate storage account if the primary origin, surfcitywest999, becomes unavailable. By configuring multiple origins, the CDN will provide seamless failover protection, improving the overall resilience and availability of content delivery.
LAB 26: Configure a Custom Domain Name for AFD CDN
In this lab, you’ll configure img.surfcityboats.com as a custom domain for Azure Front Door CDN while keeping the primary surfcityboats.com domain managed in GoDaddy DNS. This setup ensures that all website images are delivered through a single, optimized CDN endpoint, improving performance, reducing latency, and ensuring global availability. By delegating the subdomain to Azure DNS, you gain control over DNS resolution for img.surfcityboats.com while maintaining the rest of the domain within GoDaddy’s DNS management.
Module 9: Deploy and Configure Azure Traffic Manager
In this lab, you will deploy and configure Azure Traffic Manager to manage global traffic distribution for a web application. You will create a Traffic Manager profile, configure performance-based routing, add regional endpoints, and integrate a custom DNS name to allow users to access the application through a branded URL.
LAB 27: Create and Configure a Traffic Manager Profile in Azure
In this lab, you’ll create and configure an Azure Traffic Manager profile to manage global traffic distribution for the web application. You’ll configure two endpoints and you’ll use performance-based routing to ensure users hit your website using the endpoint with the lowest latency.
LAB 28: Confirm Functionality of Azure Traffic Manager
In this lab, you’ll test the functionality of Azure Traffic Manager to verify that it routes users to your website. You’ll also simulate a failure scenario to confirm that Traffic Manager seamlessly redirects traffic in the event of a regional outage, demonstrating its ability to provide fault tolerance and high availability.
LAB 29: Configure a Custom Domain for Traffic Manager and Test Name Resolution
In this lab, you’ll configure DNS settings to create a CNAME record in GoDaddy DNS that maps a custom subdomain to the Azure Traffic Manager profile. This setup ensures that users can use a recognizable URL to access boat quotes, and that those requests are routed through Traffic Manager, allowing for global traffic distribution and failover protection. After configuring the DNS record, you’ll test name resolution by verifying that the subdomain successfully directs traffic to your test page on a backend virtual machine.
