Skip to content
/ hybrid-infra-azure-intern-project Public

Internship as a System Expert #Azure#devOps#WebApp#M365[Entra+Intune]#WindowsServer#Security#AD

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

koushik80/hybrid-infra-azure-intern-project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

213 Commits

azure-functions/my-project-demo

azure-functions/my-project-demo

 
 

config

config

 
 

lab

lab

 
 

requirements for the the internship

requirements for the the internship

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Hi there! Here is my Project information

Me & Microsoft



IT System Expert Internship

Hybrid Infrastructure with Azure

Welcome to the overview of my IT System Expert(Cross-Functional Role) Internship overview! At Taitotalo, I was presented with a unique opportunity to explore various IT roles, including System Expert, Network Expert, Application Expert, Information and Communication Technology Solutions Consultant, Information and Communication Technology Operator, and Cybersecurity Expert. However, I didn't limit myself to just one area of expertise; while I had the option to specialize in a single role, I chose to embrace a dynamic approach by working across multiple domains.

Throughout this internship, I leveraged my proficiency in scripting languages and ventured into diverse areas such as Networking(a requirement for Network Experts) Azure and on-premise Security Technologies, various Microsoft 365 applications (a requirement for Application Experts), DevOps practices, and Web Application Deployment, SQL Server config in addition to fulfilling the requirements of the System Expert role.

This hands-on experience was meticulously crafted to equip me with practical knowledge in managing and sustaining a plethora of technologies that constitute the backbone of contemporary IT Infrastructure. As an intern in this project, I had the privilege of engaging with a wide spectrum of tools and platforms, actively contributing to the Setup, Configuration, Security, and Management of critical systems. My work environment was Hybrid in nature, characterized by the utilization of my own technical arsenal, consisting of both Mac and Windows machines, in conjunction with Azure resources.

Throughout the course of my internship, I relied on a combination of resources for learning and growth. Microsoft Labs served as a primary platform for hands-on experience, supplemented by multiple study resources such as Udemy, YouTube, Cisco-skillsforall, A Cloud Guru,spiceworks and Petri. I was also fortunate to receive personal guidance from an experienced Udemy Instructor, Kevin Brown, who specializes in Windows, Azure, AWS, Cisco, and Security, and is an accomplished author in the field. His mentorship significantly enriched my learning journey.

In this overview, I will delve deeper into the specific projects, challenges, and achievements that shaped my internship experience as an IT System Expert at Taitotalo. This journey has been a testament to my commitment to continuous learning and my enthusiasm for exploring the ever-evolving landscape of Information Technology.

Objective: 📓

The primary purpose of this internship is to familiarize me with key IT systems and technologies commonly found in enterprise environments. Through practical experience and guided learning, I am gaining valuable skills in System Administration, Security, Networking, and Cloud Services. By the end of the internship, I will have a solid understanding of how these components integrate to create a cohesive and efficient IT environment.

Organisation: Taitotalo 🏪

Supervisors: Kari Vikman & Jarkko Tornberg, Taitotalo 👥

Evaluators: Kari Vikman, Taitotalo & Mikko Sävilahti[external], Founder at Haltu Oy 👥

Requirements:

The student can

↘️ Manage the system
↘️ Develop and Maintain the system.

The student demonstrates his skills on the screen in system administration, development and maintenance tasks in an information and communication technology environment.

✳️ Manage the system

📌 Criteria: Works in accordance with the service production process.

  • I know the basic IT service production processes of my workplace, e.g., ITIL and I acted accordingly.

📌 Criteria: Knows the layer structure of the data network to solve data and network problems.

  • I know and can use and make limitations in fault diagnosis of the network topology of my operating environment and the most important devices and services, considering the principles of the model.

📌 Criteria: Manages virtualized platforms.

  • I have installed and maintained Hyper-V and VMware as well as Azure-based virtual servers and services, using the services' own management tools, system center, Intune, O365 and Azure management websites and, if necessary, e.g., PowerShell.

📌 Criteria: Supports and guides system users.

  • In my duties, I have also worked in user support, supporting and guiding customers in the use of workstations, mobile and peripheral devices and applications.

📌 Criteria: Resolves system-level service requests.

  • My responsibility also includes the maintenance and management of the domain environment's basic services and M365 and Azure, as well as solving support tasks.

📌 Criteria: Messages to system users in exceptional situations.

  • If necessary, i.e., in the most significant disruptions affecting the production environment, maintenance work and matters related to information security, I also inform customers well in advance if necessary and possible. Information is provided via Intra's/Entra's webpages, e-mail and social media tools.

📌 Criteria: Uses cloud environment management tools.

  • I have installed and maintained Azure-based virtual servers and services using the services' own management tools, Windows Admin Center, Intune, Office 365 and Azure management websites and, if necessary, e.g., PowerShell.

✳️ Develop and maintain the system

📌 Criteria: Schedules and plans system maintenance.

  • System updates and maintenance work are scheduled and partially automated, and workstation updates are handled centrally, mostly based on standardized schedules.

📌 Criteria: Manages the system and prepares and implements system-level changes.

  • I have installed physical and virtual servers considering the hardware requirements. My duties include servicing, monitoring, maintaining and updating server and workstation hardware and peripherals. I have installed Windows Server 2019 server operating systems with basic services and standard Windows 10 workstations.

📌 Criteria: Monitor server activity and predict problem situations using monitoring tools.

  • I maintain AD's/Microsoft Entra ID's structure, groups/users with the help of ADUC, Azure management, Admin center and Intune and, if necessary, using PowerShell.I monitor servers and the most critical server applications with local operating system and server manufacturer tools, System Center and Azure management monitoring tools, and proactively strive to implement maintenance and device/resource management.

📌 Criteria: Automate system-level tasks.

  • I manually and automatically update servers and workstations and, if necessary, test before.

📌 Criteria: Implements system backup and recovery policies.

  • I know the security procedures and applications of my workplace and can restore systems/data if necessary.

📌 Criteria: Ensures system functionality and information security.

  • Fault diagnosis and management of the IT side is part of my daily job description. In the maintenance of On-premises/Cloud environments, I have considered information security, e.g., GPOs, hardening and firewall/anti-malware.

ITIL Framework:

The project adheres to ITIL (Information Technology Infrastructure Library) principles, which provide a structured approach to IT service management. ITIL ensures that IT services align with business needs and are delivered effectively and efficiently. It involves various processes, including incident management, change management, and service request handling, which I tried to tailor as much as possible to the development environment.

Mapping and description of the operating environment: 💹

For my internship project, I have chosen to explore multiple domains and engage with various approaches to the IT environment. I aim to address challenges presented by new technologies, covering aspects such as configuration, diagnostics, monitoring, security, risk management, and end-user support.

Mapping and describing the IT operating environment within a hybrid IT setup involves documenting the diverse components, systems, and processes that constitute an organization's IT infrastructure. A hybrid IT environment typically combines on-premises infrastructure with cloud-based services. Here is a step-by-step process for mapping and describing the hybrid IT operating environment:

1. Identify Key Stakeholders:

  • Begin by determining the key stakeholders who should participate in the mapping and description process, including IT administrators, system architects, and business stakeholders.

2. Gather Information:

  • Collect comprehensive information about your IT environment, encompassing on-premises hardware, software, networking components, and cloud services. Additionally, consider data centers, server rooms, and remote locations.

3. Create an Inventory:

💹 Develop a comprehensive inventory list that includes:

Hardware: Servers, storage devices, networking equipment, workstations, laptops, mobile devices, etc.

Software: Operating systems, applications, databases, and middleware.

Network: Routers, switches, firewalls, load balancers, VPNs, and other network components.

Cloud Services: Enumerate all the cloud services in use, such as AWS, Azure, Google Cloud, or specific SaaS applications.

Data: Identify where data is stored, whether on-premises or in the cloud.

4. Define Relationships:

  • As a System Expert, ascertain how these components and services are interconnected and detail the flow of data and information between them. This may involve creating network diagrams, data flow diagrams, and noting integration points.

5. Document Dependencies:

  • Identify dependencies between different components and services. For instance, determine which applications rely on specific databases or cloud services.

6. Security and Compliance:

  • Evaluate the security measures in place, including firewalls, encryption, access controls, and authentication methods. Additionally, specify any compliance requirements relevant to your industry or organization.

7. Performance Metrics:

  • Include information about performance monitoring tools and processes, describing how to monitor the health and performance of your IT environment and how to respond to issues.

8. Disaster Recovery and Business Continuity:

  • Explain disaster recovery and business continuity strategies, and provide details about backup processes, recovery points, and failover procedures.

9. Scalability and Growth:

  • Discuss how the IT environment can scale to accommodate growth or changes in demand, which might involve cloud auto-scaling or hardware upgrades.

10. Vendor and Service Contracts:

  • List contracts and service-level agreements (SLAs) with third-party vendors, cloud providers, and software providers. Include contact information and renewal dates.

11. Diagrams and Visuals:

  • Create diagrams, flowcharts, or visual representations of the hybrid IT environment to facilitate understanding for stakeholders.

12. Documentation Repository:

  • Establish a central repository for all this information, such as a document management system or a wiki. Ensure regular updates are made.

13. Review and Validation:

  • Share the documentation with relevant stakeholders for review and validation, ensuring it accurately represents the current state of the hybrid IT environment.

14. Maintenance and Updates:

  • Recognize that IT environments evolve over time, necessitating the establishment of a process for regular reviews and updates to keep the documentation current.

15. Disaster Recovery and Incident Response Plans:

  • While not part of the mapping and description process, it is crucial to document disaster recovery and incident response plans separately from the general environment documentation.

Creating a mapping and description of the hybrid IT operating environment is an ongoing, collaborative effort among IT teams and stakeholders. Maintaining up-to-date documentation is essential for effective IT management and decision-making.

Implementations: 🔌

In this project, my implementations are included (continuous implementation):

✔️ Hybrid Environment: Configuring and managing a Hybrid IT environment that combines on-premises and cloud resources.
✔️ Windows Server: Setting up and managing Windows Server instances, including user management, file sharing, and roles.
✔️ Active Directory(AD): Working with Active Directory to control access, manage users and groups, and implement Security Policies.
✔️ Microsoft Azure: Gaining familiarity with Azure services, resource management, and basic cloud architecture.
✔️ Azure Active Directory(AAD)/Microsoft Entra ID: Exploring cloud-based identity and access management, integrating with on-premises AD, and learning about single sign-on.
✔️ Azure Virtual Desktop(AVD): Configuring and maintaining Virtual Desktop infrastructure in Azure, enabling remote work capabilities.
✔️ Security Technologies: Learning about security best practices, implementing Firewalls & Defender, Encryption, and Multi-Factor Authentication(MFA).
✔️ Networking: Understanding networking fundamentals, including IP addressing, Subnets, Routing, Security and Troubleshooting.
✔️ Monitoring: Exploring monitoring tools to keep track of system performance, availability, and security incidents.
✔️ Instant Messaging: Setting up and managing messaging platforms like Microsoft Teams for effective communication and collaboration.
✔️ Microsoft 365: Understanding cloud-based productivity tools and services, including email, document sharing, and collaboration.
✔️ Azure App Service: Dive into Azure's Platform-as-a-Service(PaaS) offering, deploying web applications with ease.
✔️ Container Services: Introduction to containerization using services like Docker & Kubernetes, exploring its benefits and deployment.
✔️ Azure Databases: Learn about Azure's database offerings and their configuration.
✔️ Azure Functions: Understanding Microsoft's event-driven serverless solution, different triggers like HTTP trigger, Timer trigger, Azure Blob Storage trigger, Azure Event Grid trigger.

Getting Started 🚦

To review my work, follow these steps:

⏩ Review in the respective folders for each technology area.
⏩ Engage with hands-on exercises/LABS to translate theory into practice.
⏩ Participated in team discussions and ask questions in the designated communication channels.

Learning Objectives: 📈

By the end of this Internship, I will be able to:

1. IT Service Production Processes (e.g., ITIL):


  • Gain a comprehensive understanding of IT service production processes.
  • Apply ITIL principles effectively in daily tasks and projects.
  • Continuously stay updated on the latest developments and best practices in IT service management.

2. Network Topology and Fault Diagnosis:


  • Develop expertise in analyzing and diagnosing network topology and identifying limitations.
  • Master the principles of fault diagnosis and troubleshooting in the context of network systems.
  • Apply these skills to improve Network reliability and performance.

3. Virtualization and Cloud Services:


  • Become proficient in installing, maintaining, and troubleshooting Hyper-V, VMware(npt applied/installed in my environment), and Azure-based Virtual Servers and Services.
  • Learn to use management tools like Windows Admin Center, Intune, O365, and Azure management websites effectively.
  • Automate tasks using PowerShell where applicable.

4. User Support and Customer Guidance:


  • Enhance my communication and problem-solving skills to provide excellent user support.
  • Develop the ability to guide and assist users with workstations, mobile devices, peripherals, and applications.
  • Stay updated with emerging technologies and trends in user support.

5. Domain Environment and M365/Azure Management:


  • Master the maintenance and management of domain environment basic services.
  • Proficiently manage Microsoft 365(M365) and Azure services.
  • Develop problem-solving skills for support tasks related to these environments.

6. Communication during Disruptions:


  • Learn how to effectively communicate with customers during significant disruptions or maintenance work.
  • Utilize various communication channels such as webpages, email, and social media tools.
  • Ensure customers are well-informed and minimize disruptions to their work.

7. Server Hardware and Software Management:


  • Acquire expertise in installing, monitoring, maintaining, and updating physical and virtual servers.
  • Consider hardware requirements for Server installations.
  • Efficiently manage server Hardware and Peripherals.

8. Windows Server and Workstations:


  • Gain proficiency in installing and managing Windows Server 2019, Windows Server 2022 and Windows 10 Pro workstations.
  • Handle system updates and maintenance efficiently, following standardized schedules.

9. Active Directory and Azure AD:


  • Maintain AD/Azure AD structures and manage user accounts and groups using appropriate tools, including PowerShell.
  • Implement Security Policies and best practices for AD and Azure AD.

10. Server and Application Monitoring:


  • Learn to monitor Servers and critical server applications using various tools.
  • Proactively implement maintenance and device/resource management based on monitoring data.

11. Security Procedures and Applications:


  • Familiarize myself with workplace security procedures and applications.
  • Acquire the skills to restore systems and data in case of Security Incidents.

12. Azure Services and Technologies:


  • Explore Azure's Platform-as-a-service (PaaS) offerings, such as Azure App Service and Container Services.
  • Learn about Azure databases, hybrid environments, and Azure Virtual Desktop.
  • Gain a fundamental understanding of Azure architecture and management.

13. Security Technologies and Networking:


  • Implement Security best practices, including Firewalls, Defender, encryption, and Multi-Factor Authentication(MFA).
  • Understand Networking, including IP addressing, Subnets, Routing, and Troubleshooting.

14. Monitoring and Collaboration:


  • Use monitoring tools effectively to track system performance, availability, and security incidents.
  • Set up and manage messaging platforms like Microsoft Teams for effective communication and collaboration.

15. Microsoft 365:


  • Understand cloud-based productivity tools and services within Microsoft 365.
  • Master email, document sharing, and collaboration features.

These learning objectives helped me build a strong foundation and continuously develop the skills and knowledge required to excel in my role within the IT environment. I will set specific goals and regularly assess my progress towards achieving these objectives.

Systems and Services:


✅ Hyper-V Manager
✅ Cisco Packet Tracer 8.2.1
✅ PuTTY 0.78
✅ MobaXterm 23.3
✅ Wireshark 4.0.8
✅ Azure Backup Agent
✅ Azure Migrate
✅ Bastions
✅ PowerShell
✅ Windows Terminal
✅ Active Directory Domain Service(ADDS)
✅ AVD(Azure Virtual Desktop)
✅ Azure Active Directory(AAD)/Microsoft Entra ID
✅ Azure AD Connect V2
✅ Azure Key Vault(Cloud service for securely storing and accessing secrets)
✅ Windows Defender(Security)
✅ Network Security Group(NSG)
✅ Application Security Group(ASG)
✅ Firewall Rules
✅ Identity and Access Management[IAM]: Multi-Factor Authentication(MFA)
✅ MAF Authenticator App(In mobile device)
✅ Virtual Gateway & Virtual WAN
✅ Azure Load Balancer
✅ Azure Site Recovery Provider
✅ Microsoft 365 Admin[Teams Admin + SharePoint Admin + Ticketing System in SharePoint + Exchange Admin + Power BI Desktop(learning phase) + Power Apps + Intune Admin Center]
✅ System Center Configuration Manager(SCCM)
✅ SQL Server 2022
✅ Azure App Service
✅ API Management Service
✅ .NET SDKs
✅ OpenID Connect
✅ MSAL(Microsoft Authentication Library)
✅ Apache Kudu zip
✅ Azure DevOps
✅ Azure Functions
✅ Azure Storage
✅ Azure Monitor
✅ Azure SQL Database + Azure Data Studio
✅ VS Code
✅ draw.io

Resource Allocation:


Hardware:

  • Apple MacBook Pro x86-based [Processor: 2,3 GHz 8-Core Intel Core i9, 1TB HDD, Memory: 32 GB 2667 MHz DDR4]
  • HP ELITEBOOK 840 G5 x64-based [Processor: i5-8350OU CPU @ 1.70, 1896 GHz Intel ®️ Core TM , 500GB HDD, 16GB RAM]
  • Elisa Internet
  • Seagate External HDD
  • USB Drive
  • External Mirror HUB for MacBook Pro (Multifunctional Converter: HDMI | USB 3.0 | USB 3.0 | SD | TF | RJ45 | VGA | 3.5 audio)
  • Huawei Wi-fi Router
  • Samsung Wireless Keyboard

OS:

  • Windows Server 2019
  • Windows Server 2022
  • Windows 10 Pro
  • Windows 10 Enterprise
  • macOS Ventura 13.5.1
  • macOS Sonoma14.0 (Updated on 3rd October)

dns:

  • YritysX.local
  • koushikdey.online
  • bliz1980.online

User Centric Planning: 📋

As the project aims to integrate on-premises and Azure resources, with a focus on Microsoft technologies such as Hyper-V, Azure services, Active Directory, and Microsoft 365.

Work Plan: During my project, a comprehensive plan outlined tasks, responsibilities, and migration of virtual machines (VMs) to Azure.

Information Network Structure: In the project I established a network topology that includes NAT, DHCP, gateway configuration, and virtual networks within Azure.

User Support: System-side user support includes guidance, user rights management, and case resolution processes, ensuring a seamless experience for end-users.

Service Requests Handling: Service requests are managed through a ticketing system, which streamlines maintenance, updates, installations, system failure, and other service-related tasks. For handling Tickets I followed virtual labs on www.spicewprks.com and a few YouTube videos.

Communication in Exceptional Situations: Exceptional situations, like maintenance interruptions or security breaches, are communicated through various channels such as email, Teams, and SMS.I practised in M365 how to communicate with the end-users.

Maintenance Schedule: I practiced how to organize scheduled maintenance tasks, including daily, weekly, and periodic updates, backups, and system checks.

Ensuring Functionality: I implemented fault tolerance, monitoring, updates, security policies, firewalls, anti-malware solutions, and backups to ensure system functionality and data integrity.

Technical Information: ℹ️


Hybrid Architectural Diagram

Development Environment with Network Topology: 💻


My Implementation involves creating a hybrid environment, combining on-premises servers and Azure services for a seamless user experience and is structured as below:


Virtualization Management:

  • Hyper-V is employed for virtualization, enabling efficient management of VMs.

Remote Connectivity:

  • Tools like TeamViewer, RD(Remote Desktop), and Teams are used for remote user workstation connectivity.

Network Configuration:

  • Network services like NAT, DHCP, and gateway settings are meticulously configured to facilitate secure and efficient communication between devices and services.

DNS Configuration:

  • Ensured DNS is correctly configured on the domain controllers. They use each other for DNS resolution and avoid external DNS servers.

Naming Conventions:

  • Forest and Domain name: YritysX.local
  • DHCP (Dynamic Host Configuration Protocol): server01.yritysx.local,
    • Scope name: Wks,
    • Scope Description: Työasemat
  • NetBIOS name: YRITYSX

IP Details(followed IPv4):

  • Server01: 192.168.100.30
  • WKS1: 192.168.100.160
  • WKS2: 192.168.100.32
  • DHCP Scope: 192.168.100.0
  • DHCP start IP: 192.168.100.150
  • DHCP end IP: 192.168.100.200
  • Default gateway: 192.168.100.1
  • Preferred DNS server: 192.168.100.30

Server Naming:

  • Host machine with Windows 10 Pro.
  • Two Virtual Machines with Windows Server 2019 & 2022 Datacentre are named Server01 & Server02 as WKS2.
  • One Virtual Machine with Windows 10 Enterprise named WKS1.
  • Printer: Canon LBP6650dn

Active Directory Roles:

  • One of the Windows Server 2019 machines is set up as a domain controller.
  • WKS2 is set up as a secondary domain controller & used for other roles where I installed SCSM and SQL Server.
  • WKS1 is set up for the users and M365 implementation.

Organizational Unit (OU) Structure:

Refined OU structure to reflect the organization's hierarchy as below:


My AD


Group Policy Objects (GPOs):

  • Implements GPOs for managing security and configuration settings. Created separate GPOs for different purposes, like one for workstation settings, one for server settings, one for password character length and others.

Security Groups:

  • Used security groups to manage permissions and access control more efficiently. Created groups for different job roles or departments and assigned permissions accordingly.

Printer Naming:

  • Canon LBP6650dn printer name is set to Office-Printer.

Security Measures:

  • Implemented strong password policies, enabled Multi-Factor Authentication(MFA) where possible, MFA authenticator app in mobile, anti-malware, Firewalls, hardening, secure network connections, encryption, Identity Management/Access Control(IAM), and regularly reviewed and audit user and group memberships for security compliance.

Cloud Management Tools:

  • Azure and M365 management tools Entra & Intune are showcased in the images, enabling efficient cloud environment management.

Monitoring and Automation:

  • Several Monitoring tools like Reliability Monitor, Windows Admin Center, Task Manager & Resource Monitor, Windows Performance Monitor & Data Collector Set, Event Viewer, ping, ipconfig, Tracert/Traceroute, NSLookup, Azure Monitor are also used to ensure the health of the environment, automate routine tasks, and alert on critical events.

Alerting Mechanisms:

  • Configured alerting within monitoring tools to receive notifications when a device or service experiences issues. Set thresholds for what constitutes a "fault."

Logs and Diagnostics:

  • Reviewed logs generated by devices and services. Analyzed error messages, logs, and event records to identify the root cause of faults.

Testing and Redundancy:

  • Tested AD configuration periodically to ensure it functions correctly.
  • Considered implementing redundancy for critical services like DHCP and domain controllers. This helped identify weaknesses in the network.Redundant paths and failover mechanisms minimized faults and downtime.

Backup and Recovery:

  • Robust backup solutions are implemented, including Windows Server backup, Azure backup, and M365/OneDrive, Time Machine(external HDD), with regular recovery testing to ensure data integrity.

Response Plan:

  • Thought a clear response plan outlining steps to take when a fault is detected. Assigned responsibilities and timeframes for resolution.

Continuous Improvement:

  • Continuously assessed fault diagnosis procedures and adapted them as my network evolved. Learned from past faults to prevent future occurrences.

Migration 🔀

I migrated my on-premises Hyper-V environment to Azure using the Azure Migrate service. This service simplifies migration, modernization, and optimization, including discovery, assessments, and right-sizing for infrastructure, data, and applications. It supports third-party tool integration.

The Migration and Modernization tool offers agentless replication for Hyper-V VMs without needing any installation on the VMs themselves. This tool is specifically optimized for Hyper-V migration.

Additionally, Azure provides Site Recovery for disaster recovery purposes, sharing some technology components with the Migration and Modernization tool but serving different use cases.

Architecture 🔧

  • I installed the Microsoft Azure Site Recovery provider on Hyper-V hosts and registered it with the Migration tool.

  • The provider handles replication for Hyper-V VMs, while the Azure Recovery Service agent manages data replication to Azure.

  • Replicated data was stored in an Azure subscription storage account.

  • The Migration tool processed the replicated data and applies it to replica disks for creating Azure VMs.

  • I installed the necessary components from a single setup file provided by the Migration tool.

  • The provider and appliance establish secure, encrypted outbound HTTPS connections on port 443 to communicate with the Migration tool.

Technical Procedures:

  • I set up an Azure Host VM in the Azure Portal with a VNET and two NICs.

  • Then, I established an Azure Bastion for secure access to Azure VMs without public endpoints and protection against brute force exploits targeting OS credentials. Additionally, I added a subnet to the VNET used for the Host VM.

  • Afterwards, I initiated the Host VM with Bastion connectivity and created two folders, "D:\VHDs" and "D:\VMs," within it. I downloaded the Windows Server 2022 VHD file from Windows Server Evaluations and placed it in the "D:\VHDs" folder.

  • Using Hyper-V Manager, I created a new VM, specifying "D:\VMs" as the location and connecting it to "D:\VHDs." I renamed the new VM to HDC1.

  • In the next phase, I set up an Azure Migrate project in the Azure Portal. For this project, I configured a VNET called "mig-vnet" with an individual IP address and subnet. Additionally, I created another VNET named "test-vnet" with an IP address and subnet.

  • Lastly, I established a standard LRS (Locally Redundant Storage) account named "migstore80" in the Azure Portal.

Deploy and configure the Azure Migrate appliance

  • In Azure Portal, go to Azure Migrate | Get Started, and selected "Discover, assess, and migrate" under Servers, databases, and web apps.

  • On the Azure Migrate | Servers, databases, and web apps page, choose "Discover" in the Azure Migrate: Discovery and Assessment section.

  • Ensure "Discover using the appliance" is selected and verified that my server is virtualized with Hyper-V.

  • Entered a name of my appliance (e.g., HDC1) and clicked "Generate Key" in the Discover page.

  • Selected the ".VHD file" option in the "Download Azure Migrate appliance" textbox and saved it to the D:\VMs folder.

  • After the download, extracted the content of the ZIP file into the D:\VMs folder.

  • In Hyper-V Manager, selected my VMs (e.g., WKS1 and WKS2), and choose "Import Virtual Machine" to start the wizard.

  • Started the newly imported VM in Hyper-V Manager and ensured it's running and connected.

  • Accepted the License terms in the VM connection window.

  • Set the password for the built-in Administrator account in the VM connection window's Customize settings page and clicked "Finish."

  • In the Appliance Configuration Manager, add credentials with Friendly Name, User Name, and Password.

  • In the Appliance Configuration Manager's Provide Hyper-V host/cluster details section, selected "Add discovery source" Choose "Hyper-V Host/Cluster" in the Discovery source dropdown, and specified the IP address/FQDN and saved settings.

  • Enabled the "Disable the slider if you don't want to perform these features" toggle and started the discovery.

Configure, Run and View Assessment

  • Went back to Azure Migrate | Servers, databases, and web apps in the Azure portal, clicked "Refresh," and selected "Assess" under Azure Migrate: Discovery and Assessment. Choose "Azure VM" in the dropdown.

  • Specified necessary settings on the Assessment settings page and saved them.

  • In the Migration and Modernization section, selected "Discover" and configure the necessary settings.

  • On the Discover page, under "Prepare Hyper-V host servers," downloaded the Hyper-V replication provider software installer by clicking the first "Download" link.

  • Once the download completed, opened the file to start the Azure Site Recovery Provider Setup (Hyper-V server) wizard and installed it.

  • From the Discover Machines page, downloaded the registration key.

  • In the Provider installation page of the Azure Site Recovery Provider Setup (Hyper-V server) wizard, selected "Register" to begin the Microsoft Azure Site Recovery Registration Wizard. Followed the steps to set up the Vault, and completed the installation wizard.

  • Refreshed the browser window and it's redirected to Azure Migrate | Servers, databases and web apps page. On the Azure Migrate | Servers, databases and web apps page, in the Migration and modernization section, selected the Discover link and then selected Finalize.

Configure Replication of Hyper-V VM

  • Once the registration was finalized, browsed back to the Azure Migrate | Servers, databases and web apps page and then, in the Migration and modernization section, selected the Replicate link.
  • On the Basics tab of the Replicate page, in the "Are your machines virtualized?" drop-down list, selected Yes, with Hyper-V and then selected Next.
  • On the Virtual Machines tab of the Replicate page, specified the necessary settings(selected WKS1 & WKS2) and selected Next.
  • On the Target settings tab of the Replicate page, specified the necessary settings(selected mig-vnet) and selected Next.
  • On the Compute tab of the Replicate page, ensured that the Standard_D2s_v3 is selected in the Azure VM Size drop-down list. In the OS Type drop-down list, selected Windows and then selected Next.
  • On the Disks tab of the Replicate page, accepted the default settings and selected Next.
  • On the Tags tab of the Replicate page, accepted the default settings and selected Next.
  • On the Review + Start replication tab of the Replicate page, selected Replicate.
  • To monitor the status of replication, back on the Azure Migrate | Servers, databases and web apps page, selected Refresh and then, in the Migration and modernization section, selected the Replicating servers entry. On the Migration and modernization | Replicating machines page, examineed the Status column in the list of the replicating machines.
  • After 15 minutes the status changed as Protected.

Perform Migration of Hyper-V VM

  • On the Azure portal, on the Migration and modernization | Replicating machines page, selected the entry representing the HDC1 virtual machine.
  • On the HDC1 VM page, selected Test migration.
  • On the Test migration page, in the Virtual network drop-down list, select test-vnet and then selected Test migration.
  • On the Azure portal, in the Search resources, services, and docs text box, on the toolbar, search for and selected Virtual machines and then, on the Virtual machines page, noted the entry representing the newly replicated virtual machine WKS1 and WKS2.
  • On the Azure portal, browse back to the Migration and modernization | Replicating machines page, selected Refresh, and then verified that the WKS1 and WKS2 vms virtual machines are listed with the Cleanup test failover pending status.
  • On the Migration and modernization | Replicating machines page, selected the entry representing the WKS1 and WKS2 virtual machines.
  • On the WKS1 and WKS2 replicating machines page, selected Clean up test migration.
  • On the Test migrate cleanup page, selected the checkbox Testing is complete. Delete test virtual machine and then selected Cleanup Test.
  • Once the test failover cleanup job completed, refreshed the browser page displaying the WKS1 and WKS2 replicating machines page and noted that the Migrate icon in the toolbar automatically became available.
  • On the Migrate page, selected Yes to Shutdown virtual machines and perform a planned migration with no data loss? drop-down list, and then selected Migrate.
  • To monitor the status of migration, browsed back to the Azure Migrate | Servers, databases and web apps page. In the Migration and modernization section, selected the Replicating servers entry and then, on the Migration and modernization | Replicating machines page, examined the Status column in the list of the replicating machines. Also verified that the status displayed the Planned failover finished status.

Replication Process 🔄

  • When I enabled replication for a Hyper-V VM, initial replication began.
  • A Hyper-V VM snapshot was taken.
  • VHDs on the VM are replicated one-by-one until they are all copied to Azure. Initial replication time depended on the VM size and network bandwidth.
  • Disk changes that occurred during initial replication are tracked using Hyper-V Replica, and stored in log files (hrl files).
    • Log files are in the same folder as the disks.
    • Each disk-associated hrl file that's sent to secondary storage.
    • The snapshot and log files consumed disk resources while initial replication was in progress.
  • After the initial replication was finished, the VM snapshot was deleted, and delta replication began.
  • Incremental disk changes were tracked in hrl files. Replication logs were periodically uploaded to an Azure storage account by the Recovery Services agent.

Diagrams and Visuals: 🌌


I have published a few images of my work to be evaluated.


Migrating Hyper-V VMs to Azure by using Azure Migrate[AZ-801]



Migration Architecture Azure Backup Agent(Source: Microsoft)
Migration architecture initial-backup-process_Azure Backup Agent
Discovery_initiated Hyper-V Source
Discovery_initiated Hyper-V Source
Migration Migration
Mig1 Mig2
Migration Migration
Mig3 Mig4
Migration Migration
Mig5 Mig6
Migration Migration
Mig7 Mig8
Migration Migration
Mig9 Mig10
Migration Migration
Mig11 Mig12
Migration Migration
Mig13 Mig14

On-premise management



On-premise management On-premise management
opm1 opm2
On-premise management On-premise management
opm3 opm4
On-premise management On-premise management
opm5 opm6
On-premise management On-premise management
opm7 opm8
On-premise management On-premise management
opm9 opm10
On-premise management On-premise management
opm11 opm12
On-premise management On-premise management
opm13 opm14
On-premise management On-premise management
opm15 opm16
On-premise management On-premise management
opm17 opm18
On-premise management On-premise management
opm19 opm20
On-premise management On-premise management
opm21 opm22
On-premise management On-premise management
opm23 opm24
On-premise management On-premise management
dm1 dm2
On-premise management On-premise management
dm3 dm4
On-premise management On-premise management
dm5 dm6

Microsoft-365-Identity-and-Services[MS-100T00]



Microsoft 365 Microsoft 365
m365a m365b
Microsoft 365 Microsoft 365
m365c m365d
Microsoft 365 Microsoft 365
m365e m365f
Microsoft 365 Microsoft 365
m365g m365h
Microsoft 365 Microsoft 365
m365i m365j
Microsoft 365 Microsoft 365
Entra Entra2
Microsoft 365 Microsoft 365
intune1 intune2
Microsoft 365 Microsoft 365
sql1 teams

Microsoft-365-Endpoint Administrator[MD-102T00]



Microsoft 365-Entra & Intune Microsoft 365-Entra & Intune
entra1 entra2
Microsoft 365-Entra & Intune Microsoft 365-Entra & Intune
entra3 entra4
Microsoft 365-Entra & Intune Microsoft 365-Entra & Intune
entra5 intune5

VNET GATEWAY & Virtual WAN Connection[AZ-700]



Designing and Implementing Microsoft Azure Networking Solutions Designing and Implementing Microsoft Azure Networking Solutions
vnetGatewayA vnetGatewayB
Designing and Implementing Microsoft Azure Networking Solutions Designing and Implementing Microsoft Azure Networking Solutions
vnetGatewayC vnetGatewayD
Designing and Implementing Microsoft Azure Networking Solutions Designing and Implementing Microsoft Azure Networking Solutions
vnetGatewayE vnetGatewayF
Designing and Implementing Microsoft Azure Networking Solutions Designing and Implementing Microsoft Azure Networking Solutions
vWAN vWAN-connected vnet
Designing and Implementing Microsoft Azure Networking Solutions Designing and Implementing Microsoft Azure Networking Solutions
vWAN-vnet-connection vWANHub

Developing Solutions for MicrosoftAzure[AZ-204]



App Service & Web App App Service & Web App
az-dev1 az-dev2
App Service & Web App App Service & Web App
az-dev3 az-dev4
Implement Azure Functions Implement Azure Functions
az-dev5 az-dev6
Implement Azure Functions Implement Azure Functions
az-dev7 az-dev8

Retrieve Azure Storage resources and metadata by using the Azure Storage SDK for .NET

Retrieving resources Retrieving resources
Retrieve AZ resrc az-dev9
Retrieve blob Uniform Resource Identifiers Create a new container by using the SDK
az-dev10 az-dev11
Access blob URI by using the SDK Access blob URI by using the SDK
az-dev12 az-dev13
Construct a polyglot data solution Construct a polyglot data solution
Data Solution Architecture az-dev14
Construct a polyglot data solution Construct a polyglot data solution
az-dev15 az-dev16
Authenticate by using OpenID Connect, MSAL, and .NET SDKs Authenticate by using OpenID Connect, MSAL, and .NET SDKs
authentication-architecture az-dev17
Authenticate by using OpenID Connect, MSAL, and .NET SDKs Authenticate by using OpenID Connect, MSAL, and .NET SDKs
az-dev18 az-dev19

Access resource secrets more securely across services

Access Resource Securely_Architecture_Diagram keyVault
diagram keyVault
Access Resource Securely_Architecture_Diagram publish_functionApp
funcApp publish_functionApp
connect_funcApp access_storage
funcApp access_storage

Create a multi-tier solution by using Azure services

API Management Service API Management Service
http1 http2
API Management Service API Management Service
http3 http4
API Management Service API Management Service
http5 http6
API Management Service API Management Service
http7 http8

Monitor services that are deployed to Azure


Monitor services Monitor services
m1 m2

Azure App Service & DevOps



React, Node & DevOps:



React Book Store React Book Store
az-devops1 az-devops2
React Book Store React Book Store
az-devops3 az-devops4
React Book Store React Book Store
az-devops5 az-devops6
React Book Store React Book Store
az-devops7 az-devops8
React & Azure DevOps React & Azure DevOps
react-admin-dash1 react-admin-dash2
React & Azure DevOps React & Azure DevOps
react-admin-dash3 react-admin-dash4
React & Azure DevOps React & Azure DevOps
react-admin-dash5 react-admin-dash6
React & Azure DevOps React & Azure DevOps
react-admin-dash7 react-admin-dash8
React & Azure DevOps React & Azure DevOps
devop1 devop2
React & Azure DevOps React & Azure DevOps
devop3 devop4
React & Azure DevOps React & Azure DevOps
devop5 devop6
React & Azure DevOps React & Azure DevOps
devop7 devop8
React & Azure DevOps React & Azure DevOps
devop9 devop10
Azure Kubernetes Azure Kubernetes
kube1 kube2
Azure Kubernetes Azure Kubernetes
kube3 kube4

Azure Virtual Desktop[AZ-140]



Azure Virtual Desktop Azure Virtual Desktop
AVD1 AVD2
Azure Virtual Desktop Azure Virtual Desktop
AVD3 AVD4
Azure Virtual Desktop Azure Virtual Desktop
AVD5 AVD6

Azure Functions



Azure Functions Azure Functions
az-fn1 az-fn2
Azure Functions Azure Functions
az-fn3 az-fn4
Azure Functions Azure Functions
az-fn4 az-fn5
Azure Functions Azure Functions
az-fn5 az-fn6
Azure Functions Azure Functions
az-fn7 az-fn8

Azure Security Technologies[AZ-500]



Firewall Firewall
Firewall1 Firewall2
Firewall Firewall
Firewall3 Firewall4
Firewall Firewall
Firewall5 Firewall6
Firewall Firewall
Firewall7 Firewall8
Config and Secure ACR & AKS Config and Secure ACR & AKS
ACR & AKS1 ACR & AKS2
Config and Secure ACR & AKS Config and Secure ACR & AKS
ACR & AKS3 ACR & AKS4

Azure SQL Database + Data Studio



Azure SQL DB + Data Studio Azure SQL DB + Data Studio
az-sqldb1 az-sqldb2
Azure SQL DB + Data Studio Azure SQL DB + Data Studio
az-sqldb3 az-sqldb4

Azure Administrator[AZ-104]



Azure Storage Azure Storage
az-storage1 az-storage2
Azure Storage Azure Storage
az-storage3 az-storage4
Azure Storage Azure Storage
az-storage5 az-storage6
Azure Storage Azure Storage
az-storage7 az-storage8
Backup & Recovery Backup & Recovery
backupVM1 backupVM2
Backup & Recovery Backup & Recovery
backupVM3 backupVM4
Backup & Recovery Backup & Recovery
backupVM5 backupVM6
Backup & Recovery Backup & Recovery
backupVM7 backupVM8
Monitor Monitor
monitor1 monitor2
Monitor Monitor
monitor3 monitor4
Monitor Monitor
monitor5 monitor6
Azure VNET Azure VNET
N1 N2
Azure VNET Azure VNET
N3 N4
Azure VNET Azure VNET
N5 N6

Cisco Lab



Cisco Lab Cisco Lab
a1 a2
Cisco Lab Cisco Lab
a3 a4
Cisco Lab Cisco Lab
a5 a6

Assignment 1:

As a new member of the team at Taitotalo, I've been tasked with an exciting project-proposing a fresh network design. Taitotalo has been experiencing significant growth and success with its products, which means we're expanding. However, our current network setup, with a single IP network for all departments, is causing noticeable delays and inefficiencies. I'm working closely with the experienced sales team to come up with a solution. They've suggested enhancing network efficiency by implementing separate department networks with routing. I'm in the process of preparing a demonstration to show how this approach can greatly improve our network efficiency. Taitotalo opened a new branch office. I was asked to set up the LAN, network divices, connect those devices and hosts. I also configured IPV4 addressing on the end devices and verified that they can reach local and remote devices. Here are the details and visual aids that I have implemented:


Cisco Lab Cisco Lab
a7 a8
Cisco Lab Cisco Lab
a9 a10
Cisco Lab Cisco Lab
a11 a12
Cisco Lab Cisco Lab
a13 a14
Cisco Lab Cisco Lab
a15 a16

Customer Expectations: 💁

Clients can expect a secure, efficient, and highly available environment that seamlessly integrates on-premises and cloud resources. Regular maintenance, updates, and monitoring ensure optimal performance and proactive communication keeps users informed during exceptional situations.

Future Possibilities: 🌱

My project sets the stage for future enhancements, including the expansion of Azure services, optimization of workloads, and continuous improvement of security measures. Additionally, the project can serve as a foundation for future cloud-based initiatives, such as AI and Machine Learning implementations, further enhancing customer experiences.

In summary, in this project I have successfully implemented a hybrid cloud environment, aligning with ITIL principles, to deliver a reliable, secure, and scalable infrastructure. The integration of on-premises and Azure resources provides a robust foundation for current and future IT initiatives, ensuring ongoing value for any organization and its users.

✳️ Note: Feel free to reach out to me for guidance and assistance throughout the internship. I will be pleased to have you on board and your contributions to the world of IT system architecture! Thank you.


References: ℹ️

LAB AZ-104 | MicrosoftAzureAdministrator
LAB AZ-140 | Configuring-and-Operating-Microsoft-Azure-Virtual-Desktop
AZ-204-DevelopingSolutionsforMicrosoftAzure-LAB
AZ-204-DevelopingSolutionsforMicrosoftAzure-Supporting Files
AZ-204 | LAB VM Setup
LAB MS-700 | Managing-Microsoft-Teams
LAB MS-900 | Microsoft 365
LAB AZ-700 | Designing-and-Implementing-Microsoft-Azure-Networking-Solutions
LAB AZ-500 | AzureSecurityTechnologies
LAB AZ-801 | Configuring Windows Server Hybrid Advance Services
LAB SC-200T00A | Microsoft-Security-Operations-Analyst
Microsoft-365-Endpoint-Administrator | MD-102T00
Case Study AZ-305 | Designing Microsoft Azure Infrastructure Solutions
Microsoft-365-Identity-and-Services | MS-100T00
Manage_Users_and_Groups-Microsoft-365 | MS-100T00
Intune
vpn-gateway
Azure ARC
hyper-v to Azure
basic-hybrid-environment
hybrid join
solution-deployment-connectivity
hybrid-join-manual
app-service-hybrid-connections
office-365-and-migrate-to-exchange-online
set-up-a-hybrid-office-365-and-migrate-to-exchange-online
Office 365-migrate to exchange env
hybrid-configuration-wizard
Windows-Server-on-Azure
MS | Site recovery
AZ | backup
AZ | Migrate
AZ | Vault
AZ-140 | Azure Quick Start Template
React | Azure App Service | Azure DevOps
Azure Functions
SCCM
SCCM in Windows 2019
SCCM Instruction
Intune Video Lesson
eduhouse
GoDaddy
spiceworks
Microsoft-365-Endpoint-Administrator | MD-102T00
Azure DevOps





koushik@devHuß©️

About

Internship as a System Expert #Azure#devOps#WebApp#M365[Entra+Intune]#WindowsServer#Security#AD

Topics

react azure windows-10 windows-server azurefunctions azure-active-directory azure-storage azure-app-service azuresqldb azurefirewall azurenetworking azurevirtualdesktop azuresecurity azuredefender micorsoft365

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages