AZ104 – PT4 – 5155 – Case Study

Overview

WebMagic is an online training company. They have an on-premise data center and an Azure subscription. The subscription is linked to a tenant named WebMagic.com.

Requirements

They want to deploy the following resources to Azure

• A new Azure virtual network with an address space of 10.0.0.0/16. The virtual network is located in the West US region.
• Two Azure Windows virtual machines to host the web tier of an application named WebMagicapp.
• Two Azure Windows virtual machines to host the database tier of an application named WebMagicapp.
• Use an Azure Bastion Host for RDP connectivity to the virtual machines.
• They want to deploy the Azure Firewall service for inspecting the traffic that flows out of the web tier.
• They also want to ensure daily backups are taken for the Azure virtual machines. The daily retention period for the web servers would be one week and for the database servers, 15 days.

The Azure virtual network contains the following subnets

Below are the security requirements

• A user of a particular Azure AD group should be able to join their devices to the Azure AD tenant.
• Users who join their devices should use an additional authentication method during the process of joining devices.
• The database servers should only allow traffic from the web servers.
• The security events log for all virtual machines need to be sent to a Log Analytics workspace. The overview of the Log Analytics workspace created for this purpose is shown below.