$subnetPrefixData = "10.5.3.

0/24"

echo "Creating subnet data"

az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"

az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's

$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --

name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --

name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80
echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --

name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"

az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"

az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's

$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --

name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --

name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389
az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"
--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --

name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"

az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"

az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's

$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --

name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --

name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"
--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --

name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389$subnetPrefixData = "10.5.3.0/24"

echo "Creating subnet data"

az network vnet subnet create --address-prefix $subnetPrefixData --name
$subnetDataName --resource-group $resourceGroup --vnet-name $vNetName

>>> Criando subnet Active Directory

>>Criar NSG's
$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Creating nsg's"

az network nsg create --resource-group $resourceGroup --name "nsgApg" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgWeb" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgBusiness" --
location "$location"
az network nsg create --resource-group $resourceGroup --name "nsgData" --location
"$location"
az network nsg create --resource-group $resourceGroup --name "nsgADDS" --location
"$location"

>>Criando regras para os NSG's

$resourceGroup = "rg-ntier"
$location = "eastus"

echo "Criando regras para nsgApg"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --
name Allow-HTTP --access Allow --protocol Tcp --direction Inbound --priority 100 --
source-address-prefix Internet --source-port-range "*" --destination-address-prefix
"*" --destination-port-range 80

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgApg" --

name Gateway --access Allow --protocol Tcp --direction Inbound --priority 101 --
source-address-prefix GatewayManager --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 65200-65535

echo "Criando regras para nsgWeb"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgWeb" --

name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

echo "Criando regras para nsgBusiness"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority
110 --source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgBusiness"

--name AllowBusiness --access Allow --protocol Tcp --direction Inbound --priority
100 --source-address-prefix "10.5.1.0/24" --source-port-range "*" --destination-
address-prefix "10.5.2.0/24" --destination-port-range 80

echo "Criando regras para nsgData"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --

name AllowRDP --access Allow --protocol Tcp --direction Inbound --priority 1000 --
source-address-prefix "10.5.4.0/24" --source-port-range "*" --destination-address-
prefix "10.5.3.0/24" --destination-port-range 3389cruso
João .
Para:Você
Ter, 01/08/2023 08:25

Trilha 1 - Mastercloud

https://microsoftlearning.github.io/AZ-204-DevelopingSolutionsforMicrosoftAzure/

joao
Devadmin9106

adminjoao
Devadmin@123 -- git

kennethreitz/httpbin:latest

Service Endpoint
Acessar PaaS sem ir para a internet

Private Link
Reduz regras de firewall, link privado do PaaS --> para a VNET

powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools

powershell.exe Remove-Item -Path 'C:\inetpub\wwwroot\iisstart.htm'
powershell.exe Add-Content -Path 'C:\inetpub\wwwroot\iisstart.htm' -Value $
($env:computername)

Ordem criação ambiente:

1. VNET
2. Subnet
3. NSG (Liberar porta 80)
4. VM (Ip publico e privado)
- Rodar Script powershell
 5. App-gateway
- Criar Backendpool
6. Criar Webapp com URL publica
- Criar PrivateLink

DefaultEndpointsProtocol=https;AccountName=imgstorjoaocloud;AccountKey=JCAiY2whn68S
QtuynShrZevgyYmn4xk66RVFZI0CnWs1CEpxpHAcAYtwaxdce8u6c6ELEpjWwwxR+AStpTY8ng==;Endpoi
ntSuffix=core.windows.net

az webapp deployment source config-zip --resource-group ManagedPlatform --src

api.zip --name imgstorapijoaocloud

wget https://jornadacloudexpert.blob.core.windows.net/scripts/web.zip

ApiUrl=https://imgstorapijoaocloud.azurewebsites.net

az webapp deployment source config-zip --resource-group ManagedPlatform --src

web.zip --name imgstorjoaoweb

[11:57] Josue Vidal (Convidado)

https://microsoftlearning.github.io/AZ-305-
DesigningMicrosoftAzureInfrastructureSolutions/

[11:57] Josue Vidal (Convidado)

https://microsoftlearning.github.io/AZ-204-DevelopingSolutionsforMicrosoftAzure/

[11:58] Josue Vidal (Convidado)

https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator

o produto
1 - Videos (YOUTUBE / Microsoft Learn) - CONTEUDO
2 - LABs realizar (APRENDE NA PRATICA) - CONCEITO
3 - LER ARTIGO - FIXAR CONHECIMENTO - (MICROSOFT LEARN)
4 - RESUMO - 2x FIXAR CONHECIMENTO
5 - SIMULADOS - VALIDAÇÂO DOS CONHECIMENTOS

$resourceGroup --vnet-name $vNetName

>>Criando subnet Web

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetWebName = "subnet-web"
$subnetPrefixWeb = "10.5.1.0/24"

echo "Creating subnet Web"

az network vnet subnet create --address-prefix $subnetPrefixWeb --name
$subnetWebName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Business

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetBusinessName = "subnet-business"
$subnetPrefixBusiness = "10.5.2.0/24"

echo "Creating subnet Bussiness"

az network vnet subnet create --address-prefix $subnetPrefixBusiness --name
$subnetBusinessName --resource-group $resourceGroup --vnet-name $vNetName

>>Criando subnet Data

$resourceGroup = "rg-ntier"
$vNetName = "vnet-ntier"
$subnetDataName = "subnet-data"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgData" --

name MSSQLRule --access Allow --protocol Tcp --direction Inbound --priority 1001 --
source-address-prefix "10.5.2.0/24" --source-port-range "*" --destination-address-
prefix "*" --destination-port-range 1433

echo "Criando regras para nsgADDS"

az network nsg rule create --resource-group $resourceGroup --nsg-name "nsgADDS" --

name AllowBastion --access Allow --protocol Tcp --direction Inbound --priority 110
--source-address-prefix "10.5.254.0/27" --source-port-range "*" --destination-
address-prefix "*" --destination-port-range 3389

>>>Associar os NSG's às subnets.

$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$subnetNameApg = "subnet-apg"
$subnetWebName = "subnet-web"
$subnetBusinessName = "subnet-business"
$subnetDataName = "subnet-data"
$subnetADDSName = "subnet-adds"
$nsgApg = "nsgApg"
$nsgWeb = "nsgWeb"
$nsgBusiness = "nsgBusiness"
$nsgData = "nsgData"
$nsgADDS = "nsgADDS"

echo "Associando nsgApg ao subnetNameApg"

az network vnet subnet update --vnet-name $vNetName --name $subnetNameApg --
resource-group $resourceGroup --network-security-group $nsgApg

echo "Associando nsgWeb ao subnetWebName"

az network vnet subnet update --vnet-name $vNetName --name $subnetWebName --
resource-group $resourceGroup --network-security-group $nsgWeb

echo "Associando nsgBusiness ao subnetBusinessName"

az network vnet subnet update --vnet-name $vNetName --name $subnetBusinessName --
resource-group $resourceGroup --network-security-group $nsgBusiness

echo "Associando nsgData ao subnetDataName"

az network vnet subnet update --vnet-name $vNetName --name $subnetDataName --
resource-group $resourceGroup --network-security-group $nsgData

echo "Associate nsgADDS ao subnetADDSName"

az network vnet subnet update --vnet-name $vNetName --name $subnetADDSName --
resource-group $resourceGroup --network-security-group $nsgADDS

>> Criar bastion host

$resourceGroup = "rg-ntier"
$location = "eastus"
$vNetName = "vnet-ntier"
$publicIpBastionName = "publicIpBastion"
$bastionName = "bastionNTier"

az network public-ip create --resource-group $resourceGroup --name

$publicIpBastionName --sku Standard --location $location

az network bastion create --name $bastionName --public-ip-address

$publicIpBastionName --resource-group $resourceGroup --vnet-name $vNetName --
location $location