Cloud Computing and Microsoft Azure

 AZ 900 & 104 By Touseef Ahmed

On premises system dis-adv (Space Hardware & costly, Need large IT team, Pwer supply, Down time and high availability issues , No fully utilization of physical hardware)

Vitrualiation - Virtualization allow to divide physical hardware into multiples logical unit. We can creats multiples VM, can increase RAM, CPU, HD.

Two types of virtualization (1. desktop based that need OS, like VMware virtal pc - Hiper-v) (2. No need OS can intsall Directly on hardware, ESXI, Citirix)

Firmware is specialized, low-level software embedded directly into hardware devices, providing essential instructions on how the device operates, communicates, and functions. 

What is cloud computing ?

On demand delivery of computer resources over intenet.

Advantage - no space required, no hardware, no large IT team, High availability in anywhere in world, low cost according to use as compare to on premises. Resources ( RAM, CPU, HD) can be increase.

Disadv - Can not be use without internet, require money.

what are public cloud computing platform ?

Public cloud computing platforms are third-party services—such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud—that deliver computing resources like servers, storage,  and applications over the internet on a pay-as-you-go basis. They enable organizations to reduce infrastructure costs, access, and scale resources instantly.

what is microsoft azure ?

Microsoft Azure is a comprehensive public cloud computing platform offering hundreds of services, including computing, storage, networking, AI, and analytics, web hosting, File Folder sharing, Data base SQL service.

Azure is used for various purposes, including hosting websites, running backend services, big data analytics, AI development, and secure storage.

What is Azure Administrator Associate (AZ-104) ?

Azure Administrator Associate helps learners to understand practical and conceptual concepts like Azure Storage, Active Directory, Virtual Machines, Web Apps in Azure and Azure Monitor.

AZ Cloud Type of Services

Infrastructure as service (Iaas) - When you use physical hardware resources not software and OS 

Plateform as service (Paas) - When you use physical hardware resources including OS not software or data

Software as service (Saas) - When you use physical hardware resources including OS and application software (Mircosoft 365 is example)

below pictures for batter understanding

How to Create Azure Free tier account  ? go to Portal.azure.com It will be good if you have outlook/hotmail account. Follow instructions and fill form proceed further.

Now We will perform 2 labes ICNT Gyann

 Lab1 - VM - Windows server 2022 - IIS Webserver- host simplet web page

 Lab2 - VM -Windows server - attach data disk SAN storage and configure

 Lab3 - VM - Linux - Apache - host web page

Press Virtual Machine

Creats resurce group - VM name without space - Region (optional for now) - Avialability option (no infrastructure for now) - Security standard - image (Chose OS) -

 - Size (chose vm size for now DS1 V2) - Username (admin1/password) - RDP(enable option http - RDP) - press next you will move to disk tab

Disk tab - os disk type choose standard ssd or standard HD - Press next move networking tab

Networking tab - Press next until last tab review creats it will creat VM

Vicidial Go-Autodial 3.3 Complete Step by Step

 Vicidial  Go-Autodial 3.3 Complete Step by Step

Download Gautodial 3.3 ISO and Install File

Type Setup command on putty and configure IP's for server

When you are done installation you need to run command to update server IP in Database.

You can login with password that you setup during installation process.

root

vicidial

http://192.168.5.47/vicidial/admin.php
admin 
vicidialnow

You can access phpmyadmin you need to allow from.
vi /etc/httpd/conf.d/phpmyadmin.conf    - Then enter your IP to access it.

PHP My Admin wested time due to link
http://192.168.5.47/phpMyAdmin/index.php

root

vicidialnow

Linux Cli you can acces database

mysql -p

password vicidialnow

USE asterisk;   --------- select database

below command use to change vicidial user password login and phone

update vicidial_users set pass='password123',phone_pass='password123' where user_level=1;

update phones set conf_secret='password123',pass='password123' where 1;

2. Webmin config for GUI access

Webmin conf file under vi /etc/webmin/miniserv.conf

Change ssl= from 1 to 0 for http

http://192.168.5.47:10000/

root

vicidial

3.

limesurvey

http://192.168.5.47/limesurvey/admin/admin.php

admin

kamote1234

Mikrotik --> Site To Site Connectivity using L2TP

You should have Static Public IP  addr for both side.

Lets Start From Main Site A or Head office where you have all servers.

1.PPP --> Interface --> L2TP Server - ( Enable YEs - Use IPsec Yes - IPsec secret Password - ) apply ok

2.PPP --> Profile --> Default encryption -->(USE Encryption yes - Limits only one no -)

3.PPP --> Secret --> (Name = username, password = your password, service = l2tp, profile = default encryption, local add = your site local ip, remote add = other site local address,) apply ok.

4.IP -->  Route --> Plus sign -> (Dst. add: = You have to add other site IP and network address for example (Dst addr: 192.198.0.1/24 Gateway = 192.168.0.1) ok apply 

5. Let's Move to Other site Mikrotik Configuration.

Site B

PPP --> Interafce --> plus sign --> L2tp Client (Dial out , connect to = First(other) site IP, User/pass = that was created in first(other) site under screts, profile = default encryption,

check mark use IPsec, IPsec Secret = password that was setup in first(other) site under l2tp server,) apply ok

interafce-- select your VPN -- dial out At the botton check status should be = connected

6.IP -->  Route --> Plus sign -> (Dst. add: = You have to add other site IP and network address for example (Dst addr: 192.198.1.1/24 Gateway = 192.168.1.1) ok apply

7. you can try ping and share resource from both end

 

Firewall Concepts and Firewall Rule understanding

 `Firewall --> Rules of firewall and direction of firewall is very important to manage any firewall. Three rules available for fire wall Filter rule, NAT, Mangle

1. Filter Rule --> When we try to allow/deny web traffic, SSH, Download, Telnet or want to block specific ip, pool we need to setup Filter Rule. 

NAT --> 

Direction of Firewall -- > INPUT  , OUTPUT , FORWARDING

1. INPUT --> Means traffic coming from towards/terminating at firewall

2. OUTPUT--> Means traffic originating from firewall and going towards client/servers

3. FORWARDING --> Means traffic going through firewall (from client to webserver)

The Way You Secure Your Mikrotik Router

 1. First you need to check for available updates or latest version so you can have security patches too. Click System --> Packages --> Check For Updates, if you see latest verison available click Download & Install.

You can see below  It's downloading

2. You need setup a different Username and password other than admin. Don't use command words in User/password always include capital/small words, special characters
Click Systems --> Users --> Plus sign from window, then fill Name(Username ), Group(Full), Password. apply ok.

Logout/ login with new User and see if it works

Now, You can disable admin user.

3. Third step to disable neighbor discover, like when you open winbox it shows all mikrotik it,s os veriosn ip address etc. Select IP--> Neighbors --> Discovery Settings, then select all from interface, chek mark small box. apply ok

You will see effect like below. 192.168.5.89 is not available in winbox

4. Step four disable unnecessary service. IP --> Services  choose and disable, api provides mikrotik access on mobile, www provides access on web browser.

5. Fifth Step is to disable all unused interfaces. Click Interafce --> Ethernet, select interafce, rite click on it press disable.

6. Allow Mikrotik access to specific IP address and deny all, it will block access weather a person know ID/password. You need to apply Filter Rules to Choose Chain (input) becasue of internal, Src addres (192.168.5.97) computer ip, Protocl (6tcp), Dst. Port(8291) winbox for mikrotik, Selection Action

Now Creat another rule to block rest all ip's in your LAN.

You need to place this rule after allowing rule becasue first match rule applies the policy.

If you want to record IP trying to login mikrotik then choose below under action

Now You are good to go with Mikrotik.

Mikrotik Firewall

1. IP -- > Firewall - you can creats all/deny wesites rules under filter rules

2. First Creat Address list in address list, click plus sign -> List name then IP address or range, hit apply ok.

3. Click Filter Rules --> Plus sign --> under genreal Chain(forward) Src. addr (192.168.2.0/24) ip or pool, Select Src. address list ( block youtube ) that created in address lists. hit ok apply

4. Drag and drop rules in appropriate order which rule which should be first match.