The journey towards NFV has been underway for some time, with a pivotal milestone being the establishment of the NFV Industry Specification Group (ISG) by the European Telecommunications Standards Institute (ETSI). ETSI ISG NFV played a vital role in defining open-source standards for NFV and creating open-source implementations of NFV.

NFV Component Architecture

The foundation of NFV relies on three key components:

1. NFV Infrastructure (NFVI): NFVI encompasses all the software and hardware elements constituting the environment where NFVs operate. When NFVI spans multiple sites, the connecting network is considered an integral part of the NFVI.

2. Virtualized Network Functions (VNF): VNFs are network functions that can be implemented as software and deployed within the NFVI environment. Examples of VNFs include firewalls, software-defined WAN (SD-WAN) solutions, routing capabilities, and Quality of Service (QoS) management.

3. Management, Automation, and Network Orchestration (MANO): NFV MANO orchestrates and manages VNFs within the NFVI. It encompasses functional blocks, data repositories, reference points, and interfaces that facilitate communication while orchestrating and managing both NFVI and VNFs.

Network Functions Virtualization Use Cases

NFV finds application in various use cases, some of which include:

1. Service Chaining: Communication Service Providers (CSPs) can chain and interlink services or applications such as firewalls and SD-WAN network optimization, offering them as on-demand services.

2. Software-Defined Branch and SD-WAN: SD-WAN network optimization and SD-Branch security functionalities can be virtualized as NFVs, enabling their provisioning as fully virtualized services.

3. Network Monitoring and Security: NFV allows the implementation of firewalls, offering fully virtualized network flow monitoring and the application of security policies for traffic routed through the firewall.

NFV vs. SDN

NFV and Software-Defined Networking (SDN) are often viewed as complementary options for shaping the future of networks.

SDN abstracts network infrastructure into application, control plane, and data plane layers, making network control directly programmable. This facilitates automated provisioning and policy-based resource management. For instance, network changes can be made in software, eliminating the need for manual cable rearrangements.

NFV can be considered a use case of SDN, and vice versa. However, it’s entirely feasible to implement VNFs independently of SDN, and conversely.

Benefits of Network Functions Virtualization (NFV)

NFV offers several advantages, including:

1. Cost Reduction: Traditional physical appliances require purchasing, configuration, and consume space, power, and cooling. NFVs run on standard servers, often with significantly lower overhead requirements.

2. Rapid Deployment: NFVs are software-based, enabling swift deployment and easy updates. Compared to physical systems, initial deployment and updates are more time and resource-efficient.

3. Automation Support: As software entities, NFVs can be configured and managed programmatically. This allows organizations to leverage automation for rapid configuration changes or large-scale updates.

4. Enhanced Flexibility: NFVs, being software-based, can dynamically scale up or down by allocating more or fewer resources as needed. This flexibility is not feasible with physical appliances, which require the acquisition of additional units in fixed-size increments.

5. Reduced Vendor Lock-In: Physical security appliances often lead to vendor lock-in due to the complexity and expense of switching platforms. NFVs, capable of running on diverse hardware, empower organizations to choose hardware that aligns best with their specific needs.

Below is a relevant link for a technical article on Network Functions Virtualization (NFV):

ETSI NFV ISG – Official page of the European Telecommunications Standards Institute (ETSI) NFV Industry Specification Group, providing detailed information on NFV standards.

If you have struggled to remote desktop to a virtual machine in Azure, then it is likely to be a Windows Server or Desktop machine.

Azure uses the AzureAADLogin extension to enable the capabilities of user logins with their domain credentials.

It doesn’t always work and in my experience, I haven’t had much success with it up until now when I have finally figured out how to successfully rdp into a azure ad-joined vm in Azure.

Below are the steps needed to successfully achieve our objective.

Step 1: Create a Virtual Machine

az group create --name your-resourcegroup-name --location westus

az vm create \
    --resource-group your-resourcegroup-name \
    --name your-vm-name \
    --image Win2019Datacenter \
    --assign-identity \
    --admin-username localadminuser \
    --admin-password yourpassword

Although this extension can be installed at the time of creation of the virtual machine, using the following bash commandlet would still install the extension for you.

Step 2: Install Required Extensions

az vm extension set \
    --publisher Microsoft.Azure.ActiveDirectory \
    --name AADLoginForWindows \
    --resource-group your-resourcegroup-name \
    --vm-name your-vm-name

This article is intended to fix a peculiar problem encountered in remote desktop connections to Windows Server Virtual Machines on Azure. With the local administrator account, I could remote desktop to the virtual machine but not with domain accounts.

Figure 1.0 – The Logon Attempt Failed.

Install required extensions for the virtual machine
Install WindowsAADLogin Extension with RBAC

Enable Remote Desktop Access | 3389 on the NSG
This can be done at the creation of the virtual machine.

Now that you’ve created the VM and enabled the appropriate extension(s), you need to configure an Azure RBAC policy to determine who can log in to the VM. Two Azure roles are used to authorize VM login.

Add either of these IAM Roles to RBAC User

Users who have this role assigned can log in to an Azure virtual machine with regular user privileges.

Users who have this role assigned can log in to an Azure virtual machine with administrator privileges.

$username=$(az account show --query user.name --output tsv)
$rg=$(az group show --resource-group your-resourcegroup-name --query id -o tsv)

az role assignment create \
    --role "Virtual Machine Administrator Login" \
    --assignee $username \
    --scope $rg

Mitigation | Steps I followed to fix this issue.

Windows Key + R

Type sysdm.cpl a

Uncheck the Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended) box.

Edit the RDP file
Add the following lines to the RDP Connection file with a text editor of your choosing. Save the file ensuring its not formatted as any other file type except with the extension *.rdp

authentication level:i:2
enablecredsspsupport:i:0

Add a space character before the AzureAD domain.

#optional line – make a note of the full-stop character before the \azuread\

full address:s:10.X.Y.Z:3389
prompt for credentials:i:1
administrative session:i:1


authentication level:i:2
enablecredsspsupport:i:0

username:s:.\azuread\username@domain.com

.\azuread\username@domain.ext

If you are not interested in the optional line configuration, then you will now need to enter your credentials once connection is initiated as thus;

username: azuread\user@domain.com
password: **************

make a note of the space character before the AzureAD domain

Initiate Connection to Virtual Machine

If you have followed the above steps diligently, then the attempt to login failure should no longer exist.

Below is a helpful community article addressing this challenge.

If you want to learn more of how to troubleshoot virtual machines, then please follow this useful resource from Microsoft.

Configure a Linux virtual machine in Azure using Terraform

How to Create Azure Standard Load Balancer with Backend Pools in Terraform

Below is a list of parts which constitutes this build.

• Resource Group
• Virtual Machines
• Network Interfaces
• Standard Loadbalancer
• Availability Sets

As it appears in Azure

Open your IDE and create the following Terraform files;
providers.tf
network.tf
loadbalancer.tf
virtualmachines.tf

Clone the Git Code Repository

git clone https://github.com/expertcloudconsultant/createazureloadbalancer.git

#Create the providers providers.tf

#IaC on Azure Cloud Platform | Declare Azure as the Provider
# Configure the Microsoft Azure Provider
terraform {

  required_version = ">=0.12"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>2.0"
    }
  }


}

provider "azurerm" {
  features {}
}

#Create the virutal network and subnets with with Terraform. network.tf

#Create Resource Groups
resource "azurerm_resource_group" "corporate-production-rg" {
  name     = "corporate-production-rg"
  location = var.avzs[0] #Avaialability Zone 0 always marks your Primary Region.
}



#Create Virtual Networks > Create Spoke Virtual Network
resource "azurerm_virtual_network" "corporate-prod-vnet" {
  name                = "corporate-prod-vnet"
  location            = azurerm_resource_group.corporate-production-rg.location
  resource_group_name = azurerm_resource_group.corporate-production-rg.name
  address_space       = ["10.20.0.0/16"]

  tags = {
    environment = "Production Network"
  }
}


#Create Subnet
resource "azurerm_subnet" "business-tier-subnet" {
  name                 = "business-tier-subnet"
  resource_group_name  = azurerm_resource_group.corporate-production-rg.name
  virtual_network_name = azurerm_virtual_network.corporate-prod-vnet.name
  address_prefixes     = ["10.20.10.0/24"]
}

#Create Private Network Interfaces
resource "azurerm_network_interface" "corpnic" {
  name                = "corpnic-${count.index + 1}"
  location            = azurerm_resource_group.corporate-production-rg.location
  resource_group_name = azurerm_resource_group.corporate-production-rg.name
  count               = 2

  ip_configuration {
    name                          = "ipconfig-${count.index + 1}"
    subnet_id                     = azurerm_subnet.business-tier-subnet.id
    private_ip_address_allocation = "Dynamic"

  }
}

#Create the standard load balancer with Terraform. loadbalancer.tf

#Create Load Balancer
resource "azurerm_lb" "business-tier-lb" {
  name                = "business-tier-lb"
  location            = azurerm_resource_group.corporate-production-rg.location
  resource_group_name = azurerm_resource_group.corporate-production-rg.name

  frontend_ip_configuration {
    name                          = "businesslbfrontendip"
    subnet_id                     = azurerm_subnet.business-tier-subnet.id
    private_ip_address            = var.env == "Static" ? var.private_ip : null
    private_ip_address_allocation = var.env == "Static" ? "Static" : "Dynamic"
  }
}

#Create Loadbalancing Rules

#Create Loadbalancing Rules
resource "azurerm_lb_rule" "production-inbound-rules" {
  loadbalancer_id                = azurerm_lb.business-tier-lb.id
  resource_group_name            = azurerm_resource_group.corporate-production-rg.name
  name                           = "ssh-inbound-rule"
  protocol                       = "Tcp"
  frontend_port                  = 22
  backend_port                   = 22
  frontend_ip_configuration_name = "businesslbfrontendip"
  probe_id                       = azurerm_lb_probe.ssh-inbound-probe.id
  backend_address_pool_ids        = ["${azurerm_lb_backend_address_pool.business-backend-pool.id}"]
 

}

#Create Probe

#Create Probe
resource "azurerm_lb_probe" "ssh-inbound-probe" {
  resource_group_name = azurerm_resource_group.corporate-production-rg.name
  loadbalancer_id     = azurerm_lb.business-tier-lb.id
  name                = "ssh-inbound-probe"
  port                = 22
}

#Create Backend Address Pool

#Create Backend Address Pool
resource "azurerm_lb_backend_address_pool" "business-backend-pool" {
  loadbalancer_id = azurerm_lb.business-tier-lb.id
  name            = "business-backend-pool"
}

#Automated Backend Pool Addition

#Automated Backend Pool Addition > Gem Configuration to add the network interfaces of the VMs to the backend pool.
resource "azurerm_network_interface_backend_address_pool_association" "business-tier-pool" {
  count                   = 2
  network_interface_id    = azurerm_network_interface.corpnic.*.id[count.index]
  ip_configuration_name   = azurerm_network_interface.corpnic.*.ip_configuration.0.name[count.index]
  backend_address_pool_id = azurerm_lb_backend_address_pool.business-backend-pool.id

}

This line of configuration is what intelligently adds the network interfaces to the backendpool. I call it a gem because it took me quite sometime to figure it all out.

 ip_configuration_name   = azurerm_network_interface.corpnic.*.ip_configuration.0.name[count.index]

Create the Linux Virtual Machines virtualmachines.tf

# Create (and display) an SSH key
resource "tls_private_key" "linuxvmsshkey" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

#Custom Data Insertion Here
data "template_cloudinit_config" "webserverconfig" {
  gzip          = true
  base64_encode = true

  part {

    content_type = "text/cloud-config"
    content      = "packages: ['nginx']"
  }
}



# Create Network Security Group and rule
resource "azurerm_network_security_group" "corporate-production-nsg" {
  name                = "corporate-production-nsg"
  location            = azurerm_resource_group.corporate-production-rg.location
  resource_group_name = azurerm_resource_group.corporate-production-rg.name


  #Add rule for Inbound Access
  security_rule {
    name                       = "SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = var.ssh_access_port # Referenced SSH Port 22 from vars.tf file.
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}


#Connect NSG to Subnet
resource "azurerm_subnet_network_security_group_association" "corporate-production-nsg-assoc" {
  subnet_id                 = azurerm_subnet.business-tier-subnet.id
  network_security_group_id = azurerm_network_security_group.corporate-production-nsg.id
}



#Availability Set - Fault Domains [Rack Resilience]
resource "azurerm_availability_set" "vmavset" {
  name                         = "vmavset"
  location                     = azurerm_resource_group.corporate-production-rg.location
  resource_group_name          = azurerm_resource_group.corporate-production-rg.name
  platform_fault_domain_count  = 2
  platform_update_domain_count = 2
  managed                      = true
  tags = {
    environment = "Production"
  }
}


#Create Linux Virtual Machines Workloads
resource "azurerm_linux_virtual_machine" "corporate-business-linux-vm" {

  name                  = "${var.corp}linuxvm${count.index}"
  location              = azurerm_resource_group.corporate-production-rg.location
  resource_group_name   = azurerm_resource_group.corporate-production-rg.name
  availability_set_id   = azurerm_availability_set.vmavset.id
  network_interface_ids = ["${element(azurerm_network_interface.corpnic.*.id, count.index)}"]
  size                  =  "Standard_B1s"  # "Standard_D2ads_v5" # "Standard_DC1ds_v3" "Standard_D2s_v3"
  count                 = 2


  #Create Operating System Disk
  os_disk {
    name                 = "${var.corp}disk${count.index}"
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS" #Consider Storage Type
  }


  #Reference Source Image from Publisher
  source_image_reference {
    publisher = "Canonical"                    #az vm image list -p "Canonical" --output table
    offer     = "0001-com-ubuntu-server-focal" # az vm image list -p "Canonical" --output table
    sku       = "20_04-lts-gen2"               #az vm image list -s "20.04-LTS" --output table
    version   = "latest"
  }


  #Create Computer Name and Specify Administrative User Credentials
  computer_name                   = "corporate-linux-vm${count.index}"
  admin_username                  = "linuxsvruser${count.index}"
  disable_password_authentication = true



  #Create SSH Key for Secured Authentication - on Windows Management Server [Putty + PrivateKey]
  admin_ssh_key {
    username   = "linuxsvruser${count.index}"
    public_key = tls_private_key.linuxvmsshkey.public_key_openssh
  }

  #Deploy Custom Data on Hosts
  custom_data = data.template_cloudinit_config.webserverconfig.rendered

}

If you are interested in using the UI to create a solution as above, then follow Microsoft’s Get started with Azure Load Balancer by using the Azure portal to create an internal load balancer and two virtual machines.

Configure Your Environment

Configure Deployment Parts

Create your vars.tf file

#Variable file used to store details of repetitive references
variable "location" {
  description = "availability zone that is a string type variable"
  type    = string
  default = "eastus2"
}

variable "prefix" {
  type    = string
  default = "emc-eus2-corporate"
}

Create your providers.tf file

#Variable file used to store details of repetitive references
variable "location" {
  type    = string
  default = "eastus2"
}

variable "prefix" {
  type    = string
  default = "emc-eus2-corporate"
}

In the next steps, we create the main.tf file and add the following cmdlets.

Create a virtual network

#Create virtual network and subnets
resource "azurerm_virtual_network" "emc-eus2-corporate-network-vnet" {
  name                = "emc-eus2-corporate-network-vnet"
  location            = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  address_space       = ["172.20.0.0/16"]

  tags = {
    environment = "Production"
  }
}

Create a subnet

#Create subnet - presentation tier
resource "azurerm_subnet" "presentation-subnet" {
  name                 = "presentation-subnet"
  resource_group_name  = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  virtual_network_name = azurerm_virtual_network.emc-eus2-corporate-network-vnet.name
  address_prefixes     = ["172.20.1.0/24"]
}

#Create subnet - data access tier
resource "azurerm_subnet" "data-access-subnet" {
  name                 = "data-access-subnet"
  resource_group_name  = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  virtual_network_name = azurerm_virtual_network.emc-eus2-corporate-network-vnet.name
  address_prefixes     = ["172.20.2.0/24"]
}

Create a public IP address

#Create Public IP Address
resource "azurerm_public_ip" "emc-eus2-corporate-nic-01-pip" {
  name                = "emc-eus2-corporate-nic-01-pip"
  location            = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  allocation_method   = "Dynamic"
}

Create a network security group and SSH inbound rule

# Create Network Security Group and rule
resource "azurerm_network_security_group" "emc-eus2-corporate-nsg" {
  name                = "emc-eus2-corporate-nsg"
  location            = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name = azurerm_resource_group.emc-eus2-corporate-resources-rg.name

  security_rule {
    name                       = "SSH"
    priority                   = 1001
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

Create a virtual network interface card

# Create network interface
resource "azurerm_network_interface" "corporate-webserver-vm-01-nic" {
  name                = "corporate-webserver-vm-01-nic"
  location            = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name = azurerm_resource_group.emc-eus2-corporate-resources-rg.name

  ip_configuration {
    name                          = "corporate-webserver-vm-01-nic-ip"
    subnet_id                     = azurerm_subnet.presentation-subnet.id
    private_ip_address_allocation = "Dynamic"
    public_ip_address_id          = azurerm_public_ip.corporate-webserver-vm-01-ip.id
  }
}

Connect the network security group to the network interface

# Connect the security group to the network interface
resource "azurerm_network_interface_security_group_association" "corporate-webserver-vm-01-nsg-link" {
  network_interface_id      = azurerm_network_interface.corporate-webserver-vm-01-nic.id
  network_security_group_id = azurerm_network_security_group.emc-eus2-corporate-nsg.id
}

Create a storage account for boot diagnostics

# Generate random text for a unique storage account name
resource "random_id" "randomId" {
  keepers = {
    # Generate a new ID only when a new resource group is defined
    resource_group = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  }
  byte_length = 8
}

Create a storage account for boot diagnostics

# Create storage account for boot diagnostics
resource "azurerm_storage_account" "corpwebservervm01storage" {
  name                     = "diag${random_id.randomId.hex}"
  location                 = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name      = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

Create SSH Key

# Create (and display) an SSH key
resource "tls_private_key" "linuxsrvuserprivkey" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

Create a virtual machine

# Create virtual machine
resource "azurerm_linux_virtual_machine" "emc-eus2-corporate-webserver-vm-01" {
  name                  = "emc-eus2-corporate-webserver-vm-01"
  location              = azurerm_resource_group.emc-eus2-corporate-resources-rg.location
  resource_group_name   = azurerm_resource_group.emc-eus2-corporate-resources-rg.name
  network_interface_ids = [azurerm_network_interface.corporate-webserver-vm-01-nic.id]
  size                  = "Standard_DC1ds_v3"

  os_disk {
    name                 = "corpwebservervm01disk"
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-focal"
    sku       = "20_04-lts-gen2"
    version   = "latest"
  }

  computer_name                   = "corporate-webserver-vm-01"
  admin_username                  = "linuxsrvuser"
  disable_password_authentication = true

  admin_ssh_key {
    username   = "linuxsrvuser"
    public_key = tls_private_key.linuxsrvuserprivkey.public_key_openssh
  }
}

Terraform Plan

The terraform plan command evaluates a Terraform configuration to determine the desired state of all the resources it declares, then compares that desired state to the real infrastructure objects being managed with the current working directory and workspace. It uses state data to determine which real objects correspond to which declared resources, and checks the current state of each resource using the relevant infrastructure provider’s API.

terraform plan

Terraform Apply

The terraform apply command performs a plan just like terraform plan does, but then actually carries out the planned changes to each resource using the relevant infrastructure provider’s API. It asks for confirmation from the user before making any changes, unless it was explicitly told to skip approval.

terraform apply

Command to find an image based on the SKU.

samuel@Azure:~$ az vm image list -s "2019-Datacenter" --output table
You are viewing an offline list of images, use --all to retrieve an up-to-date list
Offer          Publisher               Sku              Urn                                                          UrnAlias           Version
-------------  ----------------------  ---------------  -----------------------------------------------------------  -----------------  ---------
WindowsServer  MicrosoftWindowsServer  2019-Datacenter  MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest  Win2019Datacenter  latest
samuel@Azure:~$ 

samuel@Azure:~$ az vm image list -s "18.04-LTS" --output table
You are viewing an offline list of images, use --all to retrieve an up-to-date list
Offer         Publisher    Sku        Urn                                      UrnAlias    Version
------------  -----------  ---------  ---------------------------------------  ----------  ---------
UbuntuServer  Canonical    18.04-LTS  Canonical:UbuntuServer:18.04-LTS:latest  UbuntuLTS   latest

Command to find an image based on the Publisher.

samuel@Azure:~$ az vm image list -p "Microsoft" --output table
You are viewing an offline list of images, use --all to retrieve an up-to-date list
Offer          Publisher               Sku                                 Urn                                                                             UrnAlias                 Version
-------------  ----------------------  ----------------------------------  ------------------------------------------------------------------------------  -----------------------  ---------
WindowsServer  MicrosoftWindowsServer  2022-Datacenter                     MicrosoftWindowsServer:WindowsServer:2022-Datacenter:latest                     Win2022Datacenter        latest
WindowsServer  MicrosoftWindowsServer  2022-datacenter-azure-edition-core  MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition-core:latest  Win2022AzureEditionCore  latest
WindowsServer  MicrosoftWindowsServer  2019-Datacenter                     MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest                     Win2019Datacenter        latest

samuel@Azure:~$ az vm image list -p "Canonical" --output table
You are viewing an offline list of images, use --all to retrieve an up-to-date list
Offer         Publisher    Sku        Urn                                      UrnAlias    Version
------------  -----------  ---------  ---------------------------------------  ----------  ---------
UbuntuServer  Canonical    18.04-LTS  Canonical:UbuntuServer:18.04-LTS:latest  UbuntuLTS   latest

At this point, the required pieces to build a Linux Virtual Machine on Azure is complete. It’s time to test your code.

You can learn more from Hashicorp by visiting the following link.
This article was helpful in troubleshooting issues with the Ubuntu SKU.

As strain increases on a website or business application, eventually, a single server cannot support the full workload. To meet demand, organizations spread the workload over multiple servers. Called “load balancing,” this practice prevents a single server from becoming overworked, which could cause it to slow down, drop requests, and even crash.

Load balancing lets you evenly distribute network traffic to prevent failure caused by overloading a particular resource. This strategy improves the performance and availability of applications, websites, databases, and other computing resources. It also helps process user requests quickly and accurately.

Pre-requisites

• Resource Group
• Virtual Network
• Subnet
• Network Security Group

Create Resource Group

az group create --name resouceGroupName --location $location

Create Virtual Network and Subnet

az network vnet create \
		--resource-group resouceGroupName \
		--name virtualnetworkName \
		--address-prefixes 172.16.0.0/16 \
		--subnet-name subnetName \
		--subnet-prefixes 172.16.10.0/24

Create NSG on Azure and Inbound Rule

az network nsg create \
--resource-group resouceGroupName \
--name myNSG

Create NSG Inbound Rule

az network nsg rule create \
		--resource-group resouceGroupName \
		--nsg-name myNSG \
		--name myNSGRuleHTTP \
		--protocol '*' \
		--direction inbound \
		--source-address-prefix '*' \
		--source-port-range '*' \
		--destination-address-prefix '*' \
		--destination-port-range 80 \
		--access allow \
		--priority 200

Associate NSG to Subnet

azure network vnet subnet set --resource-group resouceGroupName \
		--vnet-name virtualnetworkName \
		--name subnetName \
		--network-security-group-name myNSG
	

Create Load Balancer

az network lb create \
		--resource-group resouceGroupName \
		--name myLoadBalancer \
		--sku Standard \
		--public-ip-address myPublicIP \
		--frontend-ip-name myFrontEnd \
		--backend-pool-name myBackEndPool

Create Frontend IP

az network public-ip create \
		--resource-group resouceGroupName \
		--name myPublicIP \
		--sku Standard \
		--zone 1 2 3

Create Backend Pool

array=(myNicVM1 myNicVM2)
  for vmnic in "${array[@]}"
  do
    az network nic ip-config address-pool add \
		--address-pool myBackendPool \
		--ip-config-name ipconfig1 \
		--nic-name $vmnic \
		--resource-group resouceGroupName \
		--lb-name myLoadBalancer
  done

Create Load Balancing Rules – Port 80 allows access to the webservers over HTTP

az network lb rule create \
		--resource-group resouceGroupName \
		--lb-name myLoadBalancer \
		--name myHTTPRule \
		--protocol tcp \
		--frontend-port 80 \
		--backend-port 80 \
		--frontend-ip-name myFrontEnd \
		--backend-pool-name myBackEndPool \
		--probe-name myHealthProbe \
		--disable-outbound-snat true \
		--idle-timeout 15 \
		--enable-tcp-reset true

Create Health Probes

az network lb probe create \
		--resource-group resouceGroupName \
		--lb-name myLoadBalancer \
		--name myHealthProbe \
		--protocol tcp \
		--port 80

Create Network Interfaces for VMs

array=(myNicVM1 myNicVM2)
  for vmnic in "${array[@]}"
  do
    az network nic create \
        --resource-group resouceGroupName \
        --name $vmnic \
        --vnet-name myVNet \
        --subnet myBackEndSubnet \
        --network-security-group myNSG
  done

Create Virtual Machines

Create Virtual Machine #1

az vm create --resource-group resouceGroupName \
		--name webservervm1 \
		--vnet-name virtualnetworkName  \
		--subnet subnetName \
		--nics myNicVM1 \
		--image "Canonical:UbuntuServer:20.04-LTS:latest" \
		--admin-username azureuser \
		--generate-ssh-keys

Create Virtual Machine #2

az vm create --resource-group resouceGroupName \
		--name webservervm1 \
		--vnet-name virtualnetworkName  \
		--subnet subnetName \
		--nics myNicVM2 \
		--image "Canonical:UbuntuServer:20.04-LTS:latest" \
		--admin-username azureuser \
		--generate-ssh-keys

Add virtual machines to load balancer backend pool

array=(myNicVM1 myNicVM2)
  for vmnic in "${array[@]}"
  do
    az network nic ip-config address-pool add \
		--address-pool myBackendPool \
		--ip-config-name ipconfig1 \
		--nic-name $vmnic \
		--resource-group resouceGroupName \
		--lb-name myLoadBalancer
  done

Option for Outbound Connectivity for your Virtual Machines – Outbound Rules

Outbound rules enable you to explicitly define SNAT (source network address translation) for a standard SKU public load balancer. This configuration allows you to use the public IP or IPs of your load balancer for outbound connectivity of the backend instances.

Create NAT gateway

az network public-ip create \
		--resource-group resouceGroupName \
		--name myNATgatewayIP \
		--sku Standard \
		--zone 1 2 3

Create NAT gateway resource
Use az network nat gateway create to create the NAT gateway resource. The public IP created in the previous step is associated with the NAT gateway.

az network nat gateway create \
		--resource-group resouceGroupName \
		--name myNATgateway \
		--public-ip-addresses myNATgatewayIP \
		--idle-timeout 10

Associate NAT gateway with subnet
Configure the source subnet in virtual network to use a specific NAT gateway resource with az network vnet subnet update.

az network vnet subnet update \
		--resource-group resouceGroupName \
		--vnet-name myVNet \
		--name myBackendSubnet \
		--nat-gateway myNATgateway

Install NGINX on Ubuntu Servers

sudo apt-get -y update
sudo apt-get -y install nginx

Use vim to edit the default debian page on Ubuntu
Browse to the location of the index file. Make sure you are a super user in order to make the changes.

Customise your nginx webserver for both virtual machines

cd /var/www/html/
alpha-weu-production-webservers-vm01:/var/www/html$ ls -ltra
total 12
drwxr-xr-x 3 root root 4096 Apr 23 16:18 ..
-rw-r--r-- 1 root root  672 Apr 23 17:08 index.nginx-debian.html
drwxr-xr-x 2 root root 4096 Apr 23 17:08 .
alpha-weu-production-webservers-vm01:/var/www/html$

Modify the Index file

Topology of your perfectly load balanced linux webservers

Download Windows Server 2016

Click on Create New Virtual Machine

Customise Hardware

Create Disk Size

Choose Number of Processor Cores

Choose RAM Size

Create Virtual Machine – Name

Select Image

Choose Image from Location

Create the VM based on the Chosen Image

Create Virtual Machine

Power On

EFI Network Timeout

Fix the EFI Network Time – Press CTRL + ALT + Insert

Operating System Booting

Windows Server 2016 ready for Setup

Scenario:
HQ(Site A) has a dedicated 10Gbps leased link to DR(Site B). As a network engineer, you have been asked to take advantage of the speed and capacity of the inter-site link to extend capabilities of storage systems, backups and replications to the DR site which is Site B. You have been asked to stay away from traditional vlans and ensure the interlink is purely Layer-3 with no possibility of VLANS spanning across to the other site.

OTV is an IP-based functionality that has been designed from the ground up to provide Layer 2 extension capabilities over any transport infrastructure: Layer 2 based, Layer 3 based, IP switched, label switched, and so on. The only requirement from the transport infrastructure is providing IP connectivity between remote data center sites. In addition, OTV provides an overlay that enables Layer 2 connectivity between separate Layer 2 domains while keeping these domains independent and preserving the fault-isolation, resiliency, and load-balancing benefits of an IP-based interconnection.

With OTV you can deploy virtual computing resources and clusters across geographically distributed data centers, delivering:

1. Transparent workload mobility
2. Business resiliency
3. Superior computing resource efficiencies

VXLAN (Virtual extensible LAN ) an open IETF specification designed to standardise an overlay encapsulation protocol, capable of relaying layer-2 traffic over IP networks.

Using VXLAN to Extend L2 Networks Across Layer 3 Links

Aruba has some recommended steps for configuring VXLAN Tunnels
The base requirement for the above topology and use case is a VXLAN: (VXLAN uses the UDP Port 4789 by default). The RFC7438 might be a good read in your spare time. Let’s get right into it.

VXLAN is an overlay technology that extends Layer 2 VLANS across a Layer 3 IP Network. It creates a Layer 2 Tunnel also called a VXLAN Segment between 2 Virtual Tunnel Endpoints also known as VTEP.

VXLAN (Virtual Extensible LAN) – The technology that provides the same Ethernet Layer 2 network services as VLAN does today, but with greater extensibility and flexibility.

VNID (Vxlan Network Identifier) – 24 bit segment ID that defines the broadcast domain. Interchangeable with “VXLAN Segment ID”.

VTEP (Virtual Tunnel Endpoint) – This is the device that does the encapsulation and de-encapsulation.

NVE (Network Virtual Interface) – Logical interface where the encapsulation and de-encapsulation occur.

What is VXLAN?
VXLAN is a technology which allows overlaying a Layer 2 (L2) network over a Layer 3 (L3) underlay with use of any IP routing protocol. It uses MAC-in-UDP Encapsulation.

VXLAN solves three main problems:

1. 16M VNIs (broadcast domains) versus the 4094 offered by traditional VLANs.
2. Allows L2 to be extended anywhere in an IP network.
3. Optimized flooding.

Why VXLAN?

1. VLAN Scalability – VXLAN extends the L2 Segment ID field to 24-bits, which potentially allows up to 16 million unique L2 segments over the same network.
2. L2 Segment Elasticity over L3 Boundary – VXLAN encapsulates an L2 frame in an IP-UDP header, which allows L2 adjacency across router boundaries.
3. Leverages multicast in the transport network in order to simulate flooding behavior for broadcast, unknown unicast, and multicast in the L2 segment.
4. Leverage Equal Cost Multi-pathing (ECMP) in order to achieve optimal path usage over the transport network.

Figure 1.2 | Overlay Network(VXLAN) and Underlay Network (VTEP)

Below is the existing configuration for Point-to-Point Interlink between the Core Switches

Core Switch 1: Interface A1

Core-1# 

interface A1
   name "10GB Interlink Leased Link"
   untagged vlan 100
   exit
Core-1#

Core Switch 2: Interface A1

Core-2# 
interface A1
   name "10GB Interlink Leased Link"
   untagged vlan 100
   exit

Core Switch 1: Interface Configuration

Core-1#
vlan 100
   name "Intersite Leased 10 Gbps Pipe"
   untagged A1
   ip address 10.10.10.1 255.255.255.252
   ip ospf 10.10.10.1 area backbone
   ip ospf 10.10.10.1 network-type point-to-point
   exit
Core-1#

Core Switch 2: Interface Configuration

Core-2# 
vlan 100
   name "Intersite Leased 10 Gbps Pipe"
   untagged A1
   ip address 10.10.10.2 255.255.255.252
   ip ospf 10.10.10.2 area backbone
   ip ospf 10.10.10.2 network-type point-to-point
   exit
Core-2#

A VTEP performs these two roles:

Receive Layer 2 traffic from a source, such as a VM, in an Ethernet broadcast domain, encapsulating it within a VXLAN frame and sending it to the destination
VTEP. Receive the VXLAN frame, stripping the encapsulation to reveal the encapsulated Ethernet frame, and forwarding the frame toward the destination included in the encapsulated Ethernet frame.
VXLAN tunnel which carries the encapsulated data is called an overlay network.
The IP physical network that switches and routes the tunnels that make up the overlay is called the underlay network.(This is your traditional network, mostly your existing vlans and trunks.)

Configuration Steps:

1. Disable v2 modules

Cannot create a Virtual Network when the switch is in compatibility mode. The compatibility mode can be disabled by executing the [no] allow-v2-modules command.

2. Enable VXLAN
3. Create a Virtual-network (VNI) and associate a vlan
4. Create a Vxlan tunnel and define source and destination VTEP’s
5. Map the tunnel to a overlay network

Core Switch-1: Configure a loopback interface for the tunnel’s source.

interface loopback 0
ip address 1.1.1.1

Enable VXLAN – Disallow V2 Modules(Will not work with allowed v2 modules)

no allow-v2-modules
vxlan enable

Configure Virtual Network Interface (VNI)

virtual-network 100 20 "Server 1" (vlan is 20 and VNI is 100)

Configuring GRE Tunnels and VXLAN for VLAN Overlays

interface tunnel 1
   tunnel name "Server-1 Network"
   tunnel mode vxlan

Specify the source and destination of the tunnel:

   tunnel source 1.1.1.1
   tunnel destination 2.2.2.2
   exit

Overlay Tunnel with VLAN 20

vxlan tunnel 1 overlay-vlan 20

Configure Static Route towards Tunnel Loopback Interface on Core B

ip route 2.2.2.2 255.255.255.255  10.10.10.2

Core Switch-2:Configure a loopback interface for the tunnel’s source

interface loopback 0
ip address 2.2.2.2

Enable VXLAN - Disallow V2 Modules(Will not work with allowed v2 modules)

no allow-v2-modules
vxlan enable

Configure Virtual Network Interface (VNI)

virtual-network 100 20 "Server 2" (vlan is 20 and VNI is 100)

Configure Tunnel Interface

interface tunnel 2
   tunnel name "Server-2 Network"
   tunnel mode vxlan

Specify the source and destination of the tunnel:

   tunnel source 2.2.2.2
   tunnel destination 1.1.1.1
   exit

Overlay Tunnel with VLAN 20

vxlan tunnel 2 overlay-vlan 20

Configure Static Route towards Tunnel Loopback Interface on Core A

ip route 1.1.1.1 255.255.255.255  10.10.10.1

Verify Tunnel Interface States

Core-1# show interfaces tunnel brief

 Status - Tunnel Information Brief


  Tunnel                   : 251659490
  Mode                     : VXLAN Tunnel
  Source Address           : 1.1.1.1
  Destination Address      : 2.2.2.2
  Configured Tunnel Status : Enabled
  Current Tunnel State     : Up

Core-1#

Core-1# show interfaces tunnel

 Tunnel Configuration :

  Tunnel               : 251659490
  Tunnel Name          : VXLAN_Tunnel01
  Tunnel Status        : Enabled
  Source Address       : 1.1.1.1
  Destination Address  : 2.2.2.2
  Mode                 : VXLAN Tunnel
  TOS                  : -1
  TTL                  : 64
  IPv6                 : n/a
  MTU                  : 1450


 Current Tunnel Status :

  Tunnel State              : Up
  Destination Address Route : 2.2.2.2/32
  Next Hop IP               : 10.10.10.2
  Next Hop Interface        : vlan-10
  Next Hop IP Link Status   : Up
  Source Address            : 1.1.1.1


Core-1#

Server Configuration for Server 1:

Ethernet adapter Ethernet 1:

   Connection-specific DNS Suffix  . : expertnetworkconsultant.com
   Link-local IPv6 Address . . . . . : fe80::8051:832b:99:60c7%20
   Link-local IPv6 Address . . . . . : fe80::ab47:d863:23d2:5ffd%20
   IPv4 Address. . . . . . . . . . . : 10.100.200.99
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : ::

Server Configuration for Server 2:

Ethernet adapter Ethernet 1:

   Connection-specific DNS Suffix  . : expertnetworkconsultant.com
   Link-local IPv6 Address . . . . . : fe80::8051:832b:99:60c7%20
   Link-local IPv6 Address . . . . . : fe80::ab47:d863:23d2:5ffd%20
   IPv4 Address. . . . . . . . . . . : 10.100.200.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : ::

Perform Verification:

Core-Switch-1(config)# show interfaces tunnel 1
 Tunnel Configuration :

  Tunnel               : 251659491
  Tunnel Name          : Storage Server 1
  Tunnel Status        : Enabled
  Source Address       : 1.1.1.1
  Destination Address  : 2.2.2.2
  Mode                 : VXLAN Tunnel
  TOS                  : -1
  TTL                  : 64
  IPv6                 : n/a
  MTU                  : 1280

Core-Switch-1# show interfaces tunnel type vxlan statistics 251659490
  Tunnel Name                                  : Storage Server 1
  Rx Packets                                   : 0
  Tx Packets                                   : 0
  Rx 5 Minute Weighted Average Rate (Pkts/sec) : 0
  Tx 5 Minute Weighted Average Rate (Pkts/sec) : 0
Core-Switch-2:

Core-Switch-2# show interfaces tunnel 2
 Tunnel Configuration :

  Tunnel               : 251659491
  Tunnel Name          : Storage Server 2
  Tunnel Status        : Enabled
  Source Address       : 2.2.2.2
  Destination Address  : 1.1.1.1
  Mode                 : VXLAN Tunnel
  TOS                  : -1
  TTL                  : 64
  IPv6                 : n/a
  MTU                  : 1280

Core-Switch-2# show interfaces tunnel type vxlan statistics 251659491
  Tunnel Name                                  : Storage Server 2
  Rx Packets                                   : 0
  Tx Packets                                   : 0
  Rx 5 Minute Weighted Average Rate (Pkts/sec) : 0
  Tx 5 Minute Weighted Average Rate (Pkts/sec) : 0
Core-Switch-2:

Now that you are satisfied with the configuration of both tunnels, let us test connectivity between Server-1 and Server-2.

Ping Server 1:

Ping Server 2:

Applications:
Storage Replications to DR Site(s). Imagine your HQ has a 10Gbps link to another site which serves as the Disaster Recovery Site. NetApp SnapMirror® for example replicates between sites. Sometimes, the link between the sites may be a routed link which will not permit the extension of a layer 2 vlan across. Creating a Tunnel tied with a VXLAN ensures that the NetApp SnapMirror® would work over layer 2 as an overlay over the routed inter-site link.

Download Cisco VXLAN Document BRKDCT-2404

Microsoft has an excellent article which applies to Hyper-V over VXLAN technology which I find might be a good read for you.

The next steps will be to secure the point to point GRE over IPSEC. Ciso has a good article on Point-to-Point GRE over IPSEC which is a good read.

More Cisco OTV Resources.
Some useful Cisco VXLAN Labs

GNS3 labs must be rich and cover contexts of networking which gives great hands-on experience for the student and professional alike. Imagine being able to configure site-to-site vpns between your ASAv and a Cloud Instance, and being able to perform a myriad of tasks in order to understand how the real world expectation might be between the chosen technologies?

The beauty of scalability that comes with virtualised appliances in network design architectures to prove a concept or test and troubleshoot scenarios?

With the Cisco® Adaptive Security Virtual Appliance (ASAv), you have the flexibility to choose the performance you need for your business. ASAv is the virtualized option of our popular ASA solution and offers security in traditional physical data centers and private and public clouds. Its scalable VPN capability provides access for employees, partners, and suppliers—and protects your workloads against increasingly complex threats with world-class security controls.

Create the initial master template for your ASAv

Download the ASAv qcow2 file with the OS version of your choice from Cisco.com.
Open GNS3 and click on File > + New Template >

Select Firewalls from the GNS3 Appliances List

Install the Appliance on GNS3 VM as Recommended

Choose “Default” for the VM type and hit next. Name the VM (ASAV 9.8.1 for example) and hit next. Select the x86_64 Qemu binary and set the RAM to 2048mb. Hit next.

Select ASAv Version and Install and Click Next

GNS3 would locally locate the downloaded *qcow2 appliance and populate the list for you to make a choice. Select your ASAv version and click Next.

Click Next and Continue

It is a good idea to trial your idea with a single ASAv and once this has worked out well, apply it to the master template as the gold image for future replica ASAv firewalls.

Create a new GNS3 Project

Drag ASAv into Workspace

Right click on ASAv and change the symbol (this is an optional step)

Select Symbol for your ASAv,change the category to Security Devices, and set the console type to vnc. We will change this to telnet later in the guide as we apply this to our master ASAv appliance.

Select vnc from the drop down to set console type to vnc

Uncheck Use as linked base VM(This is recommended initially until you’ve got it all working as should)

(It is recommended to perform all the necessary configurations before enabling this option which will make newer instances inherit the global settings. We shall do it as the final step once we get each bit done.)

Configure Cisco ASAv on GNS3 for Hands-on Labs

Start the ASAv and Click open with Console

Configure Terminal

Set Telness Access: Follow steps below

copy coredump.cfg from the coredumpinfo directory to disk0:/

ciscoasav#conf t
ciscoasav#cd disk0:/coredumpinfo/
ciscoasav#copy coredump.cfg disk0:/use_ttyS0

Verify you work (always check if what you did worked)

ciscoasav# dir disk0:/

Directory of disk0:/

10     drwx  4096         07:29:52 Dec 18 2020  smart-log
8      drwx  4096         07:28:58 Dec 18 2020  log
11     drwx  4096         07:29:56 Dec 18 2020  coredumpinfo
7      -rwx  59           07:36:44 Dec 18 2020  use_ttyS0

1 file(s) total size: 59 bytes
8571076608 bytes total (8549355520 bytes free/99% free)

ciscoasav# 

Once the above steps are completed, go ahead and configure the master template. Now that we are happy that the telnet access works,

Set Console Type to Telnet

Now that you have set the use_ttyS0 on the ASAv, go ahead and power the ASAv off.

You must power the ASAv off to do this. You can change it with the device powered on, but you would encounter the error “No connection could be made because the target machine actively refused it”.

Click the Advanced settings tab. Uncheck the “Use as a linked base VM” box. We will check this later in the guide. Click OK then Apply > OK to save the device. This device will be configured as the “master template” for the ASAv.

Configure the ASAv for telnet access

Close the preferences page, click Apply > OK to save the template.

Now that we have Cisco ASAv working exceptionally well in GNS3, let us now go into configuring a sample Cisco ASA 5506-X Deployment Topology.

Figure 1.0 Sample Cisco ASA 5506-X Deployment Topology

In this lab we shall Configure ASAv for the Internet using the following configuration sample.

Figure 1.1: ASA 5506-X Factory Default Configuration

!
interface GigabitEthernet1/0
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0 
!

interface GigabitEthernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute 
!

!
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8 
 name-server 8.8.4.4 
object network obj_any
 subnet 0.0.0.0 0.0.0.0
!


!
object network obj_any
 nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 8.8.8.8 1
!


!
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
!


!
class-map inspection_default
 match default-inspection-traffic
!

!
policy-map global_policy
 class inspection_default
  inspect icmp 
!

Thanks for stopping by to read this article on how to Configure Cisco ASAv on GNS3 for Hands-on Labs. Below is a related article: How to Configure Cisco ASA 5506-X for Internet

Network engineers do not only deal with physical network elements but in recent times have had to build virtual network infrastructure thanks to virtualisation to complement their network architecture and operations. Imagine you need to build a small Data Centre running DHCP using Microsoft Servers or use a Hypervisor to run a network appliance of any favourite vendor like Cisco, F5, Checkpoint, Palo and Fortigate, you need to have knowledge of virtualisation and today our focus is purely on the worlds renowned virtualisation platform, VMWare.

In this step by step guide, I am going to show you how to install VMWare Workstation on Ubuntu. This tutorial works for Ubuntu versions 12 and up. I am running the Desktop version of Ubuntu 20.04 in this post.

You will learn:

• How to install VMware Workstation prerequisites
• How to download VMware Workstation
• How to install VMware Workstation
• How to start VMware Workstation

Let us begin by downloading VMWare Workstation for Linux: Download VMWare Workstation for Linux

Figure 1.0 – Download VMWare Workstation Pro.

Figure 1.1 – Download VMWare Workstation Pro for Linux.

Step 1:
Always start with an update

$ sudo apt update

Step 2:
Install the Essentials

$ sudo apt install build-essential

Figure 1.1 – Install Build Essentials

Step 3:
Install all the required libraries

sudo apt install libcanberra-gtk-module
sudo apt install libaio1 libcanberra-gtk-module build-essential linux-headers &&  -$(uname -r)

dpkg -l | grep linux-headers 

Now, press Y and then press to confirm the installation.

How to Install VMWare Workstation 15 on ubuntu 20.04

Step 4:
Browse to the Downloads folder where the VMWare Workstation Installer was saved.

ubuntu-20.04-Desktop:/$ cd ~/Downloads/
VMware-Workstation-Full-15.5.2-15785246.x86_64.bundle

Locate Installer
Figure 1.2 – Once the VMware Workstation Pro installer is downloaded, navigate to the ~/Downloads directory with the following command:

Step 4b:

As you can see, the VMware Workstation Pro installer file is here. Copy the filename.
$ ls -lh

Figure 1.3 – Copy VMWare Workstation Bundle filename for the remainder of the steps

Temporarily disable host access control with the following command:

$ xhost +

Figure 1.4 – Disable Host Access Control.

Step 5:
Apply Permissions

$ chmod +x VMware-Workstation-Full-15.5.2-15785246.x86_64.bundle

Figure 1.5 – Use CHMOD +X to apply the appropriate permissions for the installer file VMware-Workstation-Full-15.5.2-15785246.x86_64.bundle

Step 6:
Begin Installation of VMWare Workstation Pro.
Locate the previously downloaded VMware Workstation PRO for Linux bundle file and begin the installation. Please note that the file name might be different:

$ sudo VMware-Workstation-Full-15.5.2-15785246.x86_64.bundle

Figure 1.6 – Install VMWare Workstation on Ubuntu

Begin the installation of the VMware Workstation PRO for Linux on Ubuntu 20.04
Be patient. Wait for the installation to finish.

Step 7:
Launch VMware Workstation Pro.

Congratulations, You have just successfully installed VMWare Workstation for Ubuntu.

Use a Trial Evaluation or apply license to enjoy the amazing virtualisation platform.

Sometimes, you may encounter issues with VMWare Workstation not able to run your virtual machines and throwing up a series of errors. Below are some very popular ones you are likely to encounter.

Error 1:
“Could not open /dev/vmmon: No such file or directory.
Please make sure that the kernel module `vmmon’ is loaded.”

Error 2:
“Failed to initialize monitor device.”

Error 3:
“Unable to change virtual machine power state: Transport (VMDB) error -14: Pipe connection has been broken.”

Apply the following commands to Troubleshoot these errors.

Generate key pairs for vmmon and vmnet components

1) sudo openssl req -new -x509 -newkey rsa:2048 -keyout VMWARE.priv -outform DER -out VMWARE.der -nodes -days 36500 -subj "/CN=VMware/"

Attach the generated key to the vmmon and vmnet components

2) sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./VMWARE.priv ./VMWARE.der $(modinfo -n vmmon)
3) sudo /usr/src/linux-headers-`uname -r`/scripts/sign-file sha256 ./VMWARE.priv ./VMWARE.der $(modinfo -n vmnet)

4) sudo mokutil --import VMWARE.der

Create and confirm a password:

Test

5) mokutil --test-key VMWARE.der

A better fix as that has always worked for me is to Disable Secured Boot from Bios. That works very well.

Reboot PC and Enter Bios Menu

Disable Secured Boot

Reboot and then run:
sudo vmware-modconfig –console –install-all {Not always necessary but might be helpful}

Now that you have a fully working VMWare Workstation, let us build a quick lab by spinning up a Virtual Machine and working on a Network Address Translation lab as per this guide here: Configure NAT on Cisco and VyOS