Académique Documents
Professionnel Documents
Culture Documents
1. Login to Azure
For this challenge, you have either elected to use your own subscription or have created a new Azure
subscription using the provided Azure Pass (or Free Trial). If you want to switch to use the provided Azure Pass
the promotion code is displayed on the My Account page on the http://challenge.azurecon.com web site. If
there is no promo code displayed, you will need to use the free trial - http://azure.microsoft.com/pricing/freetrial.
Azure has TWO management portals - the classic portal (http://manage.windowsazure.com) and a new portal
that is in Preview at http://portal.azure.com. You will use both portals in this challenge.
1.
2.
Enter your Microsoft Account email address and password for the Microsoft Account you
associated with your Azure Pass.
3.
Open a new tab in your browser and go to http://manage.windowsazure.com (this is the classic
portal)
4.
You will now be in your Azure subscription and from here you can create and manage Azure services.
First part of the challenge will be done in the Azure Classic Portal.
In the Azure Classic Portal on the main menu, choose Active Directory
2.
On the Active Directory pane press the arrow next to the Default Directory.
3.
On the default directory pane press the Users link which will take you to the list of users currently part of your subscription. At the moment,
this should contain only your current user. Press the Add User link placed at the bottom of the page.
Page | 1
4.
5.
For the User Name we suggest you use a unique user name. Press the right arrow to go to next blade.
6.
On the User Profile blade, add the following information and press the right arrow to go to next blade:
Role: User
7.
On the Get temporary password press create, which will create the new user. Please write down the full username, which will be something like
aztrainpass86432rbac@aztrainpass86432outlook.onmicrosoft.com and the generated password. Without those you wont be able to finish this
challenge.
8.
Open a new In-private window in your browser, and go to the Azure Preview Portal (https://portal.azure.com). You need to open an In-private
window in order to be able to log in as a different user to Azure (you may need to close and launch the browser again or launch an alternate
browser).
9.
Fill in your user name and password from step 7, and change the password to P@ssWord1.
10.
You will be able to browse the portal, but you wont be able to see, or add anything.
Using the browser instance that you are logged into your Azure account with, navigate to the Azure Preview Portal at http://portal.azure.com and
press the +New button
2.
3.
4.
Press the Create button and then choose Edit Template. Your screen should look something like this:
Page | 2
5.
In the Edit template blade, select all the code and remove it.
6.
web-app-sql-database/azuredeploy.json copy the whole code from there and Paste it in the Edit template window.
7.
Examine the code you have just pasted. You parameters for the App Service Plan, and the Web App, a SQL Database Server and for a SQL
Database database. There are as well, configuration sections for the connection string used by the Web App.
8.
9.
For the Site Name you need to use a unique name. Note: the template editor will not notify you if the value is not unique. Append a few numbers
to the end of the name to ensure it is unqiue.
10.
11. For the Site Location use any one of these 4 values: West US, South Central US, Central US and East US, and then press OK. Please
note that the name of the zones is case sensitive.
12.
Specify a unique name for the server name. Note: the template editor will not notify you if the value is not unique. Append a few numbers to the
end of the name to ensure it is unqiue.
13.
For the Server Location use the same location as you used for Site Location.
14.
15.
16.
17.
On the Resource Group blade press the Or create new link, and choose Rbacrg1 as the name of you Resource Group.
18.
On the resource group location use the same location you used for the Site Location.
19.
20. On the legal terms press Buy, to indicate that you agree with the Legal Terms (there is no purchase involved, but some resources cost money, so
that is why Microsoft chose this word).
21.
Make sure that Pin to Startboard is selected, and the press the Create button.
22. After a while (usually less than 2 minutes), depending on the load on Azure at the time, your deployment is created and a blade with your resource
group will be open.
23. You dont have to wait for the deployment to finish, you can just move to the next task.
Page | 3
4. Create another Web App with a SQL Database in a new Resource Group
In this task we are going to create again the services from the previous task
1.
Repeat all the steps from the previous task using the following value for the parameters:
a.
Site Name: rbacwa2
b. Hosting Plan Name: rbacap2
c.
Site Location: use any one of these 4 values: West US, South Central US, Central US and East US. Please note that the
name of the zones is case sensitive.
d. Specify a unique name for the server name. Note: the template editor will not notify you if the value is not unique. Append a few
numbers to the end of the name to ensure it is unqiue.
e.
Server Location: use the same location as you used for Site Location
f.
Administrator Login: azureadmin
g. Administrator Password: Pass@Word1
h. Database Name: rbacdb2
i.
Resource Group: Rbacrg2
5. Give the new user different permissions to the newly created resource groups
In this task you will grant permissions to the user you created in step 2, to access the resource groups created in step 3.
1.
In your first browser window (not the In-private one) go to the Azure Preview Portal tab (https://azure.portal.com).
2.
On the left hand side choose Browse and then choose Resource Groups or Resource Groups if you can see it on your Favorite list.
3.
Select the Rbacrg1 Resource Group, and then press on the access Icon the right hand side.
4.
On the Users blade press Add and then choose Contributor from the Select a role list.
Page | 4
5.
On the Add users list select the user created in Task 1 (Azure Rbac), and then press Select and OK on the Add access blade.
6.
Repeat the steps 1-5 for the Rbacrg2 Resource Group, but instead of adding the user to the Contributor role, add it to the Reader role.
Switch back to the In-Private window. If you closed that down, open a new In-private window go to https://portal.azure.com and login using the
user name and password you created in task 2.
2.
In the portal press the New button on the top left corner, then choose Compute, and then Windows Server 2012 R2 Datacenter.
3.
4.
On the Windows Server 2012 R2 Datacenter blade, select the Resource Manager Deployment model, and press Create.
On the Basics blade fill in the following values for the Parameters and the press OK:
5.
6.
7.
Name
VMRbac1
User Name
azureadmin
Password
P@ssWord1
Resource Group
Location
On the Size blade choose D1 as size for your VM and then press Select.
On the Settings blade accept the default values and press Ok
On the Summary blade press Ok.
Because the user is a Contributor for the Rbacrg1 resource group the deployment will succeed and in about 2 minutes you will have one more VM in the
resource group.
8.
Page | 5
VMRbac2
User Name
azureadmin
Password
P@ssWord1
Resource Group
Location
Because the user is a Reader for the Rbacrg2 resource group the deployment will fail and you will be informed that you dont have the permissions to
do it.
RBAC is a very powerful feature of Azure because it gives you control over who can access your resources on the cloud.
--- END OF LAB --Go back to the AzureCon Challenge web site (http://challenge.azurecon.com) and complete the challenge question to get your points.
REMEMBER: You only have one chance at the question, make sure you really know the answer!
Page | 6