Baridiilo PoromonAn application security group (ASGs) enables you to group together servers with similar functions, such as web servers.
To create an Application Security Group enter and select Application security group in the search box of the Azure portal. Click + Create.
On the Basics tab of create an application security group, enter the required information: Select your subscription, Resource group "RG1" Name "app-backend-asg" and Region "East US". Select Review + create and then select Create.
A network security group (NSG) secures network traffic in your virtual network. NSGs contain a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated with subnets and/or individual network interfaces attached to Azure Virtual Machines (VM).
To Create and Associate a Network Security Group enter and select Network Security Group in the search box of the Azure portal. Click + Create.
On the Basics tab of Create network security group, enter the required information: Select your subscription, Resource group "RG1", Name "app-vnet-nsg, Region "East US".
Select Review + create and then select Create.
The next steps are to associate the network security group with the subnet of the virtual network that was created earlier.
Enter and select Network security group in the search bar.
Select "app-vnet-nsg" from the list of network security groups.
Select Subnets from the Settings section of app-vnet-nsg.
In the Subnets page, select + Associate
Under Associate subnet, select app-vnet (RG1) for Virtual network. and select Backend for Subnet, and then select OK.
A network security group (NSG) secures network traffic in your virtual network.
To create Network Security Group rules, enter and select Network security group in the Azure portal search bar.
Select app-vnet-nsg from the list of network security groups.
Select Inbound security rules from the Settings section of app-vnet-nsg.
Select + Add.
On the Add inbound security rule page, enter the information required:
Property Value
Source Any
Source port ranges *
Destination Application Security group
Destination application security group app-backend-asg
Service SSH
Action Allow
Priority 100
Name AllowSSH
Deploy an ARM template using Cloud Shell to create the VMs needed
In the Azure portal, open the Azure Cloud Shell by selecting the icon in the top right of the Azure Portal.
If prompted to select either Bash or PowerShell, select PowerShell.
Deploy the following ARM template using Cloud Shell to create the VMs needed for this exercise:
$RGName = "RG1"
New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json
to Verify that both the VM1 and VM2 virtual machines are running, navigate to the RG1 resource group and select VM1 then validate that the status of the virtual machine is Running.
Repeat the previous step for VM2.
Associate the application security group to the network interface of the VM
When you created the VMs, Azure created a network interface for each VM, and attached it to the VM.
Add the application security group you created previously to the network interface of VM2.
Navigate to the RG1 resource group in the Azure portal and select VM2.
Go to the networking tab of the VM, select + Add application security groups from the Application security groups section.
Select app-backend-asg from the list of application security groups.
Select Add.
