Public IPs
π― Lab Objectives
In this hands-on lab, you will learn how to:
- Understand the purpose and types of Azure Public IP addresses
- Manually provision Public IPs and Network Interfaces (NICs)
- Associate Public IPs with NICs and attach them to Virtual Machines
- Configure different SKUs and allocation methods for Public IPs
- Test connectivity to VMs using the assigned Public IPs
- Understand security implications of public IP assignment
Goal: Configure public IP connectivity for Windows and Linux VMs by creating and associating network components.
π Please sign in to launch lab.
ποΈ Pre-Provisioned Environment
The following Azure resources have been pre-deployed in your environment:
Resource Overview
| Resource Type | Resource Name | Configuration | Purpose |
|---|---|---|---|
| Resource Group | PublicIP-Lab-RG | Contains all lab resources | Logical container |
| Virtual Network | PublicIPLab-VNet | Address space: 10.0.0.0/16 | Network foundation |
| Subnet | LabSubnet | Range: 10.0.0.0/24 | VM network segment |
| Windows VM | WinVM | Windows Server 2019 | Target for RDP access |
| Linux VM | LinuxVM | Ubuntu 20.04 LTS | Target for SSH access |
Network Architecture
PublicIPLab-VNet (10.0.0.0/16)βββ LabSubnet (10.0.0.0/24) βββ WinVM (No NIC/Public IP - to be configured) βββ LinuxVM (No NIC/Public IP - to be configured)VM Details
| VM | Operating System | Default State | Access Method |
|---|---|---|---|
| WinVM | Windows Server 2019 | No public connectivity | RDP (port 3389) |
| LinuxVM | Ubuntu 20.04 LTS | No public connectivity | SSH (port 22) |
π Note: VMs are deployed without NICs or Public IPs - youβll create and attach these components during the lab.
π Lab Exercises
Part 1: Create Public IP Addresses
Step 1: Navigate to Public IP Creation
- Open the Azure Portal
- Navigate to PublicIP-Lab-RG resource group
- Click + Create
- Search for βPublic IP addressβ
- Select Public IP address by Microsoft
- Click Create
Step 2: Create Windows VM Public IP
Configure the first Public IP:
| Setting | Value | Notes |
|---|---|---|
| Subscription | Your subscription | Pre-selected |
| Resource group | PublicIP-Lab-RG | Use existing |
| Name | WinVM-PublicIP | Descriptive name |
| Region | Same as resource group | Must match VNet |
| IP Version | IPv4 | Standard protocol |
| SKU | Standard | Recommended for production |
| Availability zone | Zone-redundant | High availability |
| Tier | Regional | Single region |
| IP address assignment | Static | Permanent IP |
Step 3: Configure Additional Settings
| Setting | Value | Purpose |
|---|---|---|
| Routing preference | Microsoft network | Optimal routing |
| Idle timeout | 4 minutes | Default value |
| DNS name label | winvm-[your-initials]-[random] | Optional: Creates FQDN |
- Click Review + create
- Click Create
Step 4: Create Linux VM Public IP
Repeat the process with these settings:
| Setting | Value | Notes |
|---|---|---|
| Name | LinuxVM-PublicIP | Linux VM identifier |
| SKU | Standard | Same as Windows VM |
| IP address assignment | Static | Permanent assignment |
| DNS name label | linuxvm-[your-initials]-[random] | Optional FQDN |
β±οΈ Creation Time: Public IPs typically create within 1-2 minutes.
Part 2: Create Network Interfaces (NICs)
Step 1: Navigate to NIC Creation
- In PublicIP-Lab-RG, click + Create
- Search for βNetwork interfaceβ
- Select Network interface by Microsoft
- Click Create
Step 2: Create Windows VM Network Interface
Configure the first NIC:
| Setting | Value | Notes |
|---|---|---|
| Subscription | Your subscription | Pre-selected |
| Resource group | PublicIP-Lab-RG | Use existing |
| Name | WinVM-NIC | Windows VM NIC |
| Region | Same as resource group | Must match VNet |
| Virtual network | PublicIPLab-VNet | Target network |
| Subnet | LabSubnet | VM subnet |
| Network security group | Advanced | Configure NSG |
| Configure network security group | Create new | New NSG for RDP |
Step 3: Configure NSG for Windows
- Click Create new for NSG
- Name it:
WinVM-NSG - Add inbound rule:
| Setting | Value | Purpose |
|---|---|---|
| Source | My IP address | Your current IP |
| Source port ranges | * | Any source port |
| Destination | Any | Any destination |
| Service | RDP | Remote Desktop |
| Action | Allow | Permit RDP |
| Priority | 1000 | Rule precedence |
| Name | Allow-RDP | Descriptive name |
- Click OK to create NSG
Step 4: Associate Public IP
| Setting | Value | Notes |
|---|---|---|
| Public IP address | Associate | Enable public IP |
| Public IP address | WinVM-PublicIP | Previously created IP |
| Private IP address assignment | Dynamic | DHCP assignment |
- Click Review + create
- Click Create
Step 5: Create Linux VM Network Interface
Repeat the process with these settings:
| Setting | Value | Notes |
|---|---|---|
| Name | LinuxVM-NIC | Linux VM NIC |
| Virtual network | PublicIPLab-VNet | Same network |
| Subnet | LabSubnet | Same subnet |
| Network security group | Create new: LinuxVM-NSG | SSH access |
| Public IP address | LinuxVM-PublicIP | Previously created |
Step 6: Configure SSH Rule for Linux NSG
Add inbound rule for SSH:
| Setting | Value | Purpose |
|---|---|---|
| Source | My IP address | Your current IP |
| Service | SSH | Secure Shell |
| Action | Allow | Permit SSH |
| Priority | 1000 | Rule precedence |
| Name | Allow-SSH | Descriptive name |
Part 3: Attach NICs to Virtual Machines
Step 1: Stop Virtual Machines
- Navigate to WinVM
- Click Stop in the toolbar
- Wait for VM to fully stop (Status: Stopped (deallocated))
- Repeat for LinuxVM
β οΈ Important: VMs must be fully stopped (deallocated) before attaching NICs.
Step 2: Attach NIC to Windows VM
- Go to WinVM
- In the left menu, click Networking
- Click Attach network interface
- Select WinVM-NIC
- Click OK
Step 3: Set Primary Network Interface
- In WinVM networking settings
- Click WinVM-NIC
- Click Set as primary
- Confirm the action
Step 4: Attach NIC to Linux VM
- Go to LinuxVM
- In the left menu, click Networking
- Click Attach network interface
- Select LinuxVM-NIC
- Click OK
- Set LinuxVM-NIC as primary
Part 4: Test Connectivity
Step 1: Start Virtual Machines
- Navigate to WinVM
- Click Start
- Wait for VM to fully start
- Repeat for LinuxVM
Step 2: Get Public IP Addresses
- Click on WinVM-PublicIP
- Copy the IP address from the overview page
- Record:
WinVM Public IP: _______________ - Repeat for LinuxVM-PublicIP
- Record:
LinuxVM Public IP: _______________
Step 3: Test RDP to Windows VM
- Open Remote Desktop Connection on your local machine
- Enter the WinVM Public IP address
- Click Connect
- Use these credentials:
- Username:
azureuser - Password:
LabPassword123!
- Username:
- Expected Result: β Successful RDP connection
Step 4: Test SSH to Linux VM
- Open Command Prompt or Terminal
- Run the SSH command:
ssh azureuser@[LinuxVM-Public-IP]# Password: LabPassword123!- Expected Result: β Successful SSH connection
Step 5: Verify Network Configuration
From within each VM, verify the network setup:
Windows VM (Command Prompt):
# Check network configurationipconfig /all
# Test internet connectivityping 8.8.8.8Linux VM (Terminal):
# Check network configurationip addr show
# Test internet connectivityping -c 4 8.8.8.8
# Check routingip route showPart 5: Advanced Configuration & Testing
Step 1: Test DNS Resolution
If you configured DNS name labels, test FQDN access:
# Test with FQDN instead of IPssh azureuser@winvm-[your-initials]-[random].[region].cloudapp.azure.comStep 2: Modify Public IP Properties
- Navigate to WinVM-PublicIP
- Click Configuration in the left menu
- Experiment with settings:
| Setting | Options | Impact |
|---|---|---|
| Assignment | Static vs Dynamic | IP persistence |
| Idle timeout | 4-30 minutes | Connection timeout |
| DNS name label | Custom name | FQDN availability |
Step 3: Monitor Public IP Usage
- In WinVM-PublicIP, click Metrics
- View available metrics:
- Bytes In/Out
- Packets In/Out
- Port counts
π§ Troubleshooting Guide
Common Issues and Solutions
| Issue | Possible Cause | Solution |
|---|---|---|
| Canβt attach NIC to VM | VM not fully stopped | Ensure VM shows βStopped (deallocated)β |
| RDP connection fails | NSG rule missing/incorrect | Verify RDP rule allows your IP |
| SSH connection fails | Wrong credentials/NSG | Check SSH rule and credentials |
| No internet from VM | Route table issues | Check default route exists |
| Public IP not accessible | NSG blocking traffic | Review inbound security rules |
NSG Rule Verification
| Protocol | Port | Source | Action |
|---|---|---|---|
| RDP | 3389 | Your IP | Allow |
| SSH | 22 | Your IP | Allow |
| HTTP | 80 | Any (optional) | Allow |
| HTTPS | 443 | Any (optional) | Allow |
π§ͺ Additional Experiments
Try these optional exercises to deepen your understanding:
- Multiple NICs: Attach additional NICs to VMs
- Basic vs Standard SKU: Compare different Public IP SKUs
- IPv6 Support: Configure IPv6 public addresses
- Load Balancer Integration: Use Public IPs with load balancers
- NAT Gateway: Implement outbound-only connectivity
π Key Takeaways
After completing this lab, you should understand:
- Public IP addresses enable internet connectivity to Azure VMs
- NICs (Network Interface Cards) connect VMs to virtual networks
- NSG rules control traffic to public-facing resources
- Standard SKU provides enhanced features and availability
- Static assignment ensures IP addresses donβt change
- DNS name labels provide user-friendly FQDNs
- Security configuration is critical for public-facing resources
π Public IP Configuration Summary
SKU Comparison
| Feature | Basic SKU | Standard SKU |
|---|---|---|
| Assignment methods | Dynamic, Static | Static only |
| Security | Open by default | Secure by default (NSG required) |
| Availability zones | Not supported | Supported |
| Load balancer support | Basic LB only | Basic + Standard LB |
| Cost | Lower | Higher |
Allocation Methods
- Static: IP address assigned permanently
- Dynamic: IP address may change when VM is deallocated