You will extend milestone 1 into a complete multi-tier environment: web, app, and data subnets behind a load balancer, secured with NSGs and observed with Azure Monitor. By the end you will have a production-shaped topology.

Learning Objectives

  • Add app and data subnets with scoped NSGs.
  • Front the web tier with a load balancer.
  • Connect monitoring and alerts.
  • Time: ~10 hours · Difficulty: Advanced · Prereqs: Milestone 1 completed.

Architecture Overview

Environment Setup

  • The VNet/VM from Milestone 1.
  • The Azure CLI and a Log Analytics workspace.

Step-by-Step Execution

01
Add app and data subnets
az network vnet subnet create --vnet-name vnet -n data --address-prefixes 10.0.3.0/24
02
Front the web tier with a load balancer
az network lb create -n web-lb --sku Standard --frontend-ip-name fe --backend-pool-name web-pool
03
Connect monitoring
$ az monitor diagnostic-settings create --name diag --resource $LBID --workspace $WID
"provisioningState": "Succeeded"

Progress So Far

Testing & Validation

curl -s -o /dev/null -w "%{http_code}\n" http://$(az network public-ip show -n web-lb-ip --query ipAddress -o tsv)

The load balancer front end should return 200 from a backend VM, and tiers should only talk to adjacent tiers. Milestone 2 is complete.

Troubleshooting
  • LB returns no response: add a health probe and ensure backend pool membership.
  • Tier reachable it should not be: tighten the subnet NSG rules.
  • No diagnostic data: confirm the diagnostic setting targets the workspace.

Extension Ideas

  • Promote the whole build to the Cloud Capstone.
  • Replace VMs with AKS.
  • Codify the environment with IaC.

Key Results

  • Extended to a 3-tier topology with scoped NSGs.
  • Load-balanced the web tier behind a public front end.
  • Connected diagnostics and monitoring.
  • Achieved a production-shaped environment.