Creating a Virtual Private Cloud Lab Report

User Generated

zlzl9800

Computer Science

Description

Unformatted Attachment Preview

1 Student ITCSProfessor February 1, 2023 Ubuntu Linux Install Lab Report Abstract Using an Infosec Learning virtual lab environment, the user will attempt to install, update, and upgrade an Ubuntu Linux distribution. Introduction In this lab, the user was given steps on how to install a Linux distribution of Ubuntu, based on Debian, in virtual machine (VM) environment. After a successful installation, the software updater will be used to install any patches and upgrade to the newest version of the OS. Procedure The virtual lab starts by asking the user to install an Ubuntu workstation. The user is prompted to choose a language and click the install option. Before continuing there is a request to prepare for the install and prompted for an installation type. Out of the two options, instead of “erasing the disk”, the user selects the alternative option which was “something else”, allowing to resize the partition. Shown below the user can configure custom partitions using the entire disk with the file system EXT4 for device sda (name of primary disk) and start to allocate new partition tables. The first partition created was the /boot folder sized to 750MB. Next, the user is instructed to add swap space of 2000MB, followed by mounting 10000MB for the /root folder, and lastly 8725MB for the /home folder. Below it shows that the disk is ready to copy the ISO file and begin the installation after one last following option of inputting a chosen time zone. 2 After installation, user information can be input with the keyboard, and this will default as the administrator or root account. When the user enters their name into the first box it will auto populate a computer name and the username for the user. The last two lines will be the chosen password with a radio button option to allow the user to either login automatically or require a password at login. And lastly there is an option to encrypt the home folder before reboot. At this time the system starts, and the boot menu will show. The user is directed to select the default entry. After the installation is fully completed, the user is then prompted to restart. This is where pressing the enter key would simulate removing the installation media used that had the ISO file. 3 With the system rebooted, the user now enters their password to verify the Ubuntu install. Selecting the Ubuntu Software Updater application, the system will look for any packages to update and install patches to resolve bug and software vulnerabilities along with checking for upgrades to the OS. Analysis During the installation I had some challenges but was easily recoverable. The first was when trying to download the repository, the system kept asking for “check your internet connection”, even though the server was connected. Another issue was when trying to upgrade the OS, it would abort since the system claimed it did not have enough free disk space. 4 Additionally, it said that the upgrade needed a total of 3273M on disk ‘/’ or free an additional 78.0M, suggesting emptying the trash or remove temporary packages. The trash was verified to be empty, so it was necessary to open the terminal application to remove the temporary packages with ‘sudo apt-get clean’. Lastly, before the system finished and was cleaning up the file system was when another error for low disk space on ‘filesystem root’, which only had 379.6MB disk space remaining, but this error was recognized by the system and prompted the user to choose either “Examine” or “Ignore”, before continuing to close. 5 Discussion This lab taught me how to successfully install Ubuntu Linux through a virtual machine. There were guided steps throughout the lab to allow for mistakes with the opportunity to find solutions. Although I have installed many Linux distros before, this lab made me more knowledgeable on configuring custom partitions and the EXT4 file system. I enjoyed this lab with its hands on experience to add to my skill set. My only issue was the somewhat vague questions that could have been clearer and challenging for the user. Lab: Creating a Virtual Private Cloud Lab overview Traditional networking is difficult. It involves equipment, cabling, complex configurations, and specialist skills. Amazon Virtual Private Cloud (Amazon VPC) hides the complexity and simplifies the deployment of secure private networks. This lab shows you how to build your own virtual private cloud (VPC) and how to deploy resources into it. Objectives After completing this lab, you should be able to do the following: • • • Explain the basic components of a VPC Deploy a basic VPC with public subnets Deploy an EC2 instance into a VPC At the end of this lab, your architecture will look like the following example: In the preceding diagram, an EC2 instance is deployed into a VPC. Duration This lab requires approximately 45 minutes to complete. Prerequisites This lab requires the following: • Access to a notebook computer with Wi-Fi running Microsoft Windows, macOS, or Linux (Ubuntu, SUSE, or Red Hat) • • For Microsoft Windows users, administrator access to the computer The latest version of an internet browser such as Chrome or Firefox Note: This lab is incompatible with Internet Explorer 11. Use a different browser to launch this lab. AWS service restrictions In this lab environment, access to Amazon Web Services (AWS) services and service actions might be restricted to only the ones that you need to complete the lab instructions. You might encounter errors if you attempt to access other services or perform actions beyond the ones that this lab describes. Accessing the AWS Management Console 1. At the top of these instructions, choose Start Lab to launch your lab. A Start Lab panel opens displaying the lab status. 2. Wait until you see the message Lab status: ready, and then choose X to close the Start Lab panel. 3. At the top of these instructions, choose AWS . The AWS Management Console opens in a new browser tab. The system automatically signs you in. Tip: If a new browser tab does not open, a banner or icon at the top of your browser typically indicates that your browser is preventing the site from opening pop-up windows. Choose the banner or icon, and then choose Allow pop-ups. 4. Arrange the AWS Management Console tab so that it displays along side these instructions. Ideally, you should be able to see both browser tabs at the same time to make it easier to follow the lab steps. Do not change the Region unless specifically instructed to do so. Part 1: Exploring the default VPC Task 1: Explore the default VPC configuration In this lab, you begin by exploring the default VPC that is automatically included with each AWS account. A VPC is a virtual network that is dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch AWS resources, such as Amazon Elastic Compute Cloud (Amazon EC2) instances, into the VPC. In the preceding diagram, an VPC is deployed into an AWS region. 5. In the AWS Management Console on the Services menu, enter VPC. From the search results, choose VPC. 6. In the left navigation pane, choose Your VPCs. There is a default VPC that is provided so that you can launch resources as soon as you start using AWS. 7. Notice that the default VPC is configured with the CIDR range of 172.31.0.0/16. This CIDR range includes all addresses from 172.31.0.0 through 172.31.255.255, which is a total of 65,536 addresses. Task2: Explore a default Subnet In this task, you explore a public subnet. A subnet is a subrange of IP addresses in the VPC. AWS resources can be launched into a specified subnet. Use a public subnet for resources that must be connected to the internet, and use a private subnet for resources that must remain isolated from the internet. The preceding diagram includes the default VPC and four subnets that reside inside it. Note: You might find more than four subnets in the default VPC. 8. In the left navigation pane, choose Subnets. Notice that all of the default subnets are associated with the same VPC, the default VPC. Also notice that each subnet has an IPv4 CIDR range. Each subnet CIDR range is a distinct subset of the addresses available in the VPC. When designing your subnets, you must ensure that the CIDR ranges do not overlap with address ranges used in other subnets. 9. From the list of subnets, choose the subnet with the IPv4 CIDR range 172.31.0.0/20. The VPC has a CIDR block of 172.31.0.0/16, which includes all 172.31.x.x IP addresses. This subnet has a CIDR block of 172.31.0.0/20, which includes addresses 172.31.0.0 through 172.31.15.255. These CIDR ranges might look similar, but the subnet is smaller than the VPC because of the /20 in the CIDR range. This subnet uses the first 4,096 addresses available in the VPC. The console shows that only 4,091 addresses are available to use. This is because AWS always reserves five addresses in each subnet for IP networking purposes. 10. Notice that the value for Auto-assign public IPv4 address is Yes, which means that it is turned on. This means that the subnet automatically assigns a public IP address for all instances that are launched into it. Task 3: Explore the internet gateway In this task, you explore the VPC's internet gateway. An internet gateway allows communication between the resources in a VPC and the internet. It is a horizontally scaled, redundant, and highly available VPC component. It imposes no availability risks or bandwidth constraints on network traffic. In the preceding diagram, an internet gateway provides access to the internet to two subnets that reside in the VPC. An internet gateway serves the following two purposes: • • To provide a target in route tables that connects to the internet To perform network address translation (NAT) for instances that were assigned public IPv4 addresses 11. In the left navigation pane, choose Internet Gateways. 12. The internet gateway should already be selected. If it isn't, select it. Notice that the State of the internet gateway is Attached. The internet gateway is attached to the VPC shown under VPC ID. This is the VPC ID of the default VPC. Task 4: Explore the route table In this task, you explore the route table used by the default VPC. You verified that an internet gateway exists and that it is attached it to the default VPC. Before the subnets can access the internet gateway, the route table associated with the subnets must be configured to use the internet gateway. A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in a VPC must be associated with a route table because the table controls the routing for the subnet. A subnet can be associated with only one route table at a time, but you can associate multiple subnets with the same route table. To use an internet gateway, a subnet's route table must contain a route that directs internet-bound traffic to the internet gateway. If a subnet is associated with a route table that has a route to an internet gateway, it is known as a public subnet. In the preceding diagram, the route table directs traffic locally inside the VPC, and sends public traffic to the internet gateway. 13. In the left navigation pane, choose Route Tables. One route table is displayed, and it is associated with the default VPC. 14. In the lower half of the page, choose the Routes tab. There are two routes: a local route and a public route. All traffic that is destined for 172.31.0.0/16 (which is the range of the default VPC) is routed locally. This route allows all subnets in a VPC to communicate with each other. All public traffic (0.0.0.0/0) is routed to the internet gateway. 15. Choose the Subnet associations tab. 16. In the Subnets without explicit associations section, notice that the subnet with the IPv4 CIDR 172.31.0.0/20 is included in the list. This is the same subnet that you reviewed earlier. All of the subnets in this list are public subnets because they have a route table entry that sends traffic to the internet through the internet gateway. Task 5: Explore the default security group In this task, you explore and update the security group used by the default VPC subnets. A security group acts as a virtual firewall for instances to control inbound and outbound traffic. Security groups operate at the level of the elastic network interface for the instance. Security groups do not operate at the subnet level. Thus, each instance can have its own firewall that controls traffic. If you do not specify a particular security group at launch time, the instance is automatically assigned to the default security group for the VPC. In the preceding diagram, the security group rules allow access to all ports for traffic that comes from the security group. The rules allow outbound access to the internet (0.0.0.0/0). In this task, you review the default security group and update it to allow users to access resources using HTTP. 17. In the left navigation pane, choose Security Groups. The default security group should already be selected. 18. In the lower half of the page, choose the Outbound rules tab. You should find one rule. This rule allows All protocols and All port ranges to send traffic to any IP address (0.0.0.0/0). 19. Choose the Inbound rules tab. You should find one rule for incoming traffic. This rule allows incoming traffic to All protocols and All port ranges from resources that use the default security group. In a later step, you deploy an EC2 instance with a website into the default VPC. For incoming traffic from sources outside your VPC to access this website, you must add a new security group rule. Because you should not make changes to the default security group, you create a new one. Then, you add a rule to your new security group that permits HTTP (port 80) traffic that comes from anywhere on the internet (0.0.0.0/0). 20. Choose Create security group. 21. For Security group name, enter Web-Server-SG . 22. For Description, enter Allows HTTP access . 23. Keep the VPC selection. 24. In the Inbound rules section, choose Add rule, and then configure the following settings: For Type, choose HTTP. o From the Source type dropdown list, choose Anywhere IPv4. o For Description, enter Allow web access . 25. Choose Create security group. o Task 6: Deploy an EC2 instance To test that your VPC is correctly configured, launch an EC2 instance into the public subnet. You also confirm that you can access the EC2 instance from the internet. In the preceding diagram, an EC2 instance is deployed into a public subnet in the default VPC. A security group is associated with the EC2 instance. 26. On the Services menu, choose EC2. 27. Choose Launch instance, and then choose Launch instance from the dropdown list. Configure the following options: o In the Name and tags pane, in the Name text box, enter Web-Server . o Choose an Amazon Machine Image (AMI). ▪ In the Application and OS Images (Amazon Machine Image) section, choose Amazon Linux. o Choose an instance type: ▪ Select t2.micro. o In the Key pair (login) section, from the Key pair name - required dropdown list, choose Proceed without a key pair (Not recommended). o In the Network settings section, choose Edit. o For Firewall (security groups), choose Select an existing security group. o In the Common security groups dropdown list, choose the security group named Web-Server-SG. o In the Advanced Details section, for IAM instance profile, choose Work-Role. o In the Advanced Details section, copy the following commands, and paste them into the User data text box: #!/bin/bash # Install Apache Web Server and PHP yum install -y httpd mysql amazon-linux-extras install -y php7.2 # Download Lab files wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-EDNETW-160961/1-lab-getting-started-vpc/s3/inventory-app.zip unzip inventory-app.zip -d /var/www/html/ # Download and install the AWS SDK for PHP wget https://github.com/aws/aws-sdk-php/releases/download/3.62.3/aws.zip unzip aws -d /var/www/html # Turn on web server chkconfig httpd on service httpd start o In the Summary section, choose Launch instance. A message indicates that you successfully initiated the launch of your instance. 28. 29. Choose View all instances. 30. Wait for the application server to fully launch. It should display the following status: • Instance State: Running You can choose refresh occasionally to update the display. 30. Select Web-Server. 31. From the Details tab, copy the Public IPv4 address address. 32. Open a new browser tab, paste the IP address that you just copied, and then press Enter. If you configured the VPC correctly, the Inventory application and this message should appear: Please configure Settings to connect to database. You have not configured any database settings yet, but the appearance of the Inventory application demonstrates that the public subnet was correctly configured. If the Inventory application does not appear, wait for 60 seconds and refresh the page to try again. It can take a couple of minutes for the EC2 instance to boot and run the script that installs the software. Part 2: Creating a VPC Being able to use the default VPC when you are first learning about and working with AWS cloud is very convenient. However, in the real world, you often need to create custom VPCs to meet a customer's requirements. For example, a customer might have already used the CIDR range of the default VPC in their on-premises network configuration. A customer might also want to vary how many addresses are included in each subnet. Because it is not possible to change the CIDR ranges assigned to the VPC or its subnets, you need to create a new VPC for your customer. In this scenario, you create a new VPC. Your customer provided the following network requirements for the VPC's CIDR ranges: Top-leve VPC • VPC IPv4 CIDR - 10.0.0.0/16 Availability Zones: • They need to deploy their resources to two Availability Zones. Two public subnets: • • Public Subnet 1 - 10.0.0.0/24 Public Subnet 2 - 10.0.1.0/24 Two private subnets: • • Private Subnet 1 - 10.0.2.0/24 Private Subnet 2 - 10.0.3.0/24 The default VPC that you explored earlier did not have any private subnets. Remember that the difference between a public subnet and a private subnet is whether they can be reached directly from the internet. The route table associated with a public subnet includes a route to an internet gateway, and the route table for a private subnet does not. Task 7: Create a custom VPC You can configure the VPC by defining its IP address range and creating subnets. You can also configure route tables, network gateways, and security settings. The VPC console provides a wizard that can automatically create several VPC architectures. You use this wizard to create a new VPC. If the configuration of a setting is not mentioned in these steps, leave the default value. 33. Return to the browser tab with the AWS console. 34. In the AWS Management Console on the Services menu, enter VPC. From the search results, choose VPC. 35. In the left navigation pane, choose Your VPCs. 36. Choose Create VPC and configure the following settings: o For Resources to create, choose VPC and more o For Name tag auto-generation, enter Lab . o For IPv4 CIDR block, ensure that the value is 10.0.0.0/16 . o For Availability Zones (AZs), choose 2. o For Number of public subnets, choose 2. o For Number of private subnets, choose 2. o Expand Customize subnets CIDR blocks. o Update the subnet CIDR block values using the ranges provided by your customer. 37. Take a moment to review the Preview diagram provided in the wizard. 38. Choose Create VPC. The wizard immediately starts creating your VPC. After it finishes, you have a VPC that has all of the components that you explored earlier: subnets, route tables, an internet gateway, and a default security group. The VPC wizard also automatically configures the routes in the route tables for both the public subnets and the private subnets. Like the default security group you explored earlier, the default security group created by the wizard blocks incoming traffic from the internet. To reach a web server in the new VPC, you need to add a rule to this default security group. 39. Choose View VPC. Recall that a VPC's default security group does not allow traffic from outside the VPC. Because you should not change the default security group, you add a new security group to your custom VPC. 40. In the left navigation pane, choose Security Groups. 41. Choose Create security group. 42. For Security group name, enter Web-Server2-SG . 43. For Description, enter Allows HTTP access . 44. For VPC, clear the selection and then choose Lab-vpc. 45. In the Inbound rules section, choose Add rule, and then configure the following settings: o For Type, choose HTTP. o From the Source type dropdown list, choose Anywhere IPv4. o For Description, enter Allow web access . 46. Choose Create security group. Task 8: Deploy an EC2 instance into your custom VPC To test that your custom VPC is correctly configured, launch an EC2 instance into the public subnet. You also confirm that you can access the EC2 instance from the internet. 47. On the Services menu, choose EC2. 48. Choose Launch instance, and then choose Launch instance from the dropdown list. Configure the following options: o In the Name and tags pane, in the Name text box, enter Web-Server2 . o Choose an Amazon Machine Image (AMI). ▪ In the Application and OS Images (Amazon Machine Image) section, choose Amazon Linux. o o o o o o o o o o Choose an Instance Type: ▪ Select t2.micro. In the Key pair (login) section, from the Key pair name - required dropdown list, choose Proceed without a key pair (not recommended). In the Network settings section, choose Edit. For VPC - required, choose Lab-vpc. For Subnet, choose the subnet with public1 in the name. For Auto-assign public IP, choose Enable. For Firewall (security groups), choose Select an existing security group. From the Common security groups dropdown list, choose the WebServer2-SG security group. In the Advanced Details section, for IAM instance profile, choose Work-Role. In the Advanced Details section, copy the following commands, and paste them into the User data text box: #!/bin/bash # Install Apache Web Server and PHP yum install -y httpd mysql amazon-linux-extras install -y php7.2 # Download Lab files wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-EDNETW-160961/1-lab-getting-started-vpc/s3/inventory-app.zip unzip inventory-app.zip -d /var/www/html/ # Download and install the AWS SDK for PHP wget https://github.com/aws/aws-sdk-php/releases/download/3.62.3/aws.zip unzip aws -d /var/www/html # Turn on web server chkconfig httpd on service httpd start o In the Summary section, choose Launch instance. A message indicates that you successfully initiated the launch of your instance. 49. 50. Choose View all instances. 51. Wait for the application server to fully launch. It should display the following status: • Instance State: Running You can choose refresh occasionally to update the display. 51. Select Web-Server2. 52. From the Details tab, copy the Public IPv4 address address. 53. Open a new browser tab, paste the IP address that you just copied, and then press Enter. If you configured the VPC correctly, the Inventory application and this message should appear: Please configure Settings to connect to database. You have not configured any database settings yet, but the appearance of the Inventory application demonstrates that the public subnet was correctly configured. If the Inventory application does not appear, wait for 60 seconds and refresh the page to try again. It can take a couple of minutes for the EC2 instance to boot and run the script that installs the software. Lab complete Congratulations! You have completed the lab. 54. Choose End Lab at the top of this page, and then choose Yes to confirm that you want to end the lab. A panel indicates that DELETE has been initiated... You may close this message box now. Lab resources are terminating. 55. Select the X in the upper-right corner to close the panel. Your feedback is welcome and appreciated. If you would like to share any suggestions or corrections, please provide the details in the AWS Training and Certification Contact Form. ©2022 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
Purchase answer to see full attachment
Explanation & Answer:
1 Report
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

1

Title
Student Full Name;
Institutional Affiliation;
Course Full Title;
Instructor Full Name;
Due Date;

2

REPORT: CREATING A VIRTUAL PRIVATE CLOUD
Overview
This study thoroughly overviews the Virtual Private Cloud (VPC) creation procedure. A
VPC is an essential part of contemporary cloud computing infrastructure that enables businesses
to create a secure and segregated network environment inside the infrastructure of a public cloud
provider. The main factors and actions needed in setting up a VPC are covered in this study.
Introduction
Organizations increasingly use cloud computing to improve operational efficiency,
scalability, and cost-effectiveness in today's quickly changing digital landscape. Establishing a
Virtual Private Cloud (VPC) is crucial to this shift. A VPC allows enterprises to construct a
secure, isolated network environment within the infrastructure of a public cloud provider,
protecting the security and integrity of their data and applications (AWS, 2021).
Purpose of the Report
This paper aims to give companies thinking about or intending to move their
infrastructure to the cloud a thorough overview of constructing a Virtual Private Cloud (VPC).
To create a safe, scalable, and cost-effective cloud environment, it attempts to emphasize the
important procedures, concerns, and best practices in setting up a VPC.
Research Review
The idea of a Virtual Private Cloud (VPC) in cloud computing has attracted much
attention lately. VPCs are designed to offer organizations the benefits of cloud computing while
maintaining control over network security and privacy (Google Cloud, 2021). Research indicates

3

that VPCs are integral to modern cloud infrastructure, enabling organizations to create
segmented and secure network environments that cater to their unique business needs (Microsoft
Azure, 2021).
The VPC Architecture Design
Several subnets should be used to divide resources logically in the VPC's design.
Allocate subnets for various uses, including databases, application servers, and web servers.
Planning subnet sizes should take future expansion into account.
IP Addressing Protocol
Design a system for IP addressing that effectively uses IP addresses and reduces
conflicts. Plan how public and private IP addresses will be distributed within the VPC.
Groups for secur...


Anonymous
Just what I was looking for! Super helpful.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags