Windows の踏み台インスタンスを使用したセキュアな RDP の構成: チャレンジラボ のレビュー

Eini Netanel · 約3年前にレビュー済み

Good lab

Prajapati Hitesh · 約3年前にレビュー済み

Naseem Usama · 約3年前にレビュー済み

my pc doesn't support RDP. I couldn't complete the last task

Chigicherla Divya · 約3年前にレビュー済み

Saha Bajradeepon · 約3年前にレビュー済み

Puli Masthan · 約3年前にレビュー済み

Wu AiJing · 約3年前にレビュー済み

7 Oleksandr · 約3年前にレビュー済み

Camou JR · 約3年前にレビュー済み

Tawil Suleiman · 約3年前にレビュー済み

Pathan Sohel · 約3年前にレビュー済み

Awesome

Nuke Priyo · 約3年前にレビュー済み

Coetzer Claudette · 約3年前にレビュー済み

Chaigne Hyacinthe · 約3年前にレビュー済み

Kumar Behera Sritam · 約3年前にレビュー済み

Patel Ashish · 約3年前にレビュー済み

good

s Pruthvi · 約3年前にレビュー済み

Mishra Ashish Indradev · 約3年前にレビュー済み

Priambodo Eko · 約3年前にレビュー済み

N Sowmya · 約3年前にレビュー済み

Hu Xinhua · 約3年前にレビュー済み

Lopes de Souza Benchimol Bruno · 約3年前にレビュー済み

I did everything on the lab Configure Secure RDP using a Windows Bastion Host https://www.cloudskillsboost.google/focuses/1737?parent=catalog Yet i only managed to score 45/100 and i am clueless on what to do since i managed to do every task on challenge. I did install IIS as requested and tested using telnet on port 80 (GET /) and it answered. Same on web browser. Tried a lot of trial and error to guess what labs needs to be done but i am not having problems to get proper directions You can check what's running on gcp with followings : # Task: Create a new VPC network with a single subnet. student_03_574313ec5f5f@cloudshell:~ (qwiklabs-gcp-03-b3cc8f995aad)$ gcloud compute networks subnets list --network=securenetwork NAME: subnet1 REGION: us-central1 NETWORK: securenetwork RANGE: 10.10.1.0/24 STACK_TYPE: IPV4_ONLY IPV6_ACCESS_TYPE: INTERNAL_IPV6_PREFIX: EXTERNAL_IPV6_PREFIX: # Task: Create a firewall rule that allows external RDP traffic to the bastion host system. # Task: Configure a firewall rule to allow HTTP access to the virtual machine. student_03_574313ec5f5f@cloudshell:~ (qwiklabs-gcp-03-b3cc8f995aad)$ gcloud compute firewall-rules list --filter=network=securenetwork NAME: http-firewall-rule NETWORK: securenetwork DIRECTION: INGRESS PRIORITY: 1000 ALLOW: tcp:22,tcp:80 DENY: DISABLED: False NAME: securenetwork-allow-rdp NETWORK: securenetwork DIRECTION: INGRESS PRIORITY: 65534 ALLOW: tcp:3389 DENY: DISABLED: False # Task: Deploy two Windows servers that are connected to both the VPC network and the default network. student_03_574313ec5f5f@cloudshell:~ (qwiklabs-gcp-03-b3cc8f995aad)$ gcloud compute instances list NAME: http-server ZONE: us-central1-a MACHINE_TYPE: e2-small PREEMPTIBLE: INTERNAL_IP: 10.10.1.4,10.128.0.5 EXTERNAL_IP: 104.197.244.209 STATUS: RUNNING NAME: lab-monitor ZONE: us-central1-a MACHINE_TYPE: f1-micro PREEMPTIBLE: INTERNAL_IP: 10.128.0.2 EXTERNAL_IP: 35.224.245.226 STATUS: RUNNING NAME: vm-bastionhost ZONE: us-central1-a MACHINE_TYPE: e2-medium PREEMPTIBLE: INTERNAL_IP: 10.10.1.3,10.128.0.4 EXTERNAL_IP: 23.236.57.123 STATUS: RUNNING NAME: vm-securehost ZONE: us-central1-a MACHINE_TYPE: e2-medium PREEMPTIBLE: INTERNAL_IP: 10.128.0.3,10.10.1.2 EXTERNAL_IP: STATUS: RUNNING # Task: Create a virtual machine that points to the startup script. student_03_574313ec5f5f@cloudshell:~ (qwiklabs-gcp-03-b3cc8f995aad)$ gcloud compute instances describe http-server --zone=us-central1-a canIpForward: false confidentialInstanceConfig: enableConfidentialCompute: false cpuPlatform: Intel Broadwell creationTimestamp: '2022-12-28T09:27:39.052-08:00' deletionProtection: false description: '' disks: - architecture: X86_64 autoDelete: true boot: true deviceName: http-server diskSizeGb: '10' guestOsFeatures: - type: UEFI_COMPATIBLE - type: VIRTIO_SCSI_MULTIQUEUE - type: GVNIC index: 0 interface: SCSI kind: compute#attachedDisk licenses: - https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-11-bullseye mode: READ_WRITE source: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/zones/us-central1-a/disks/http-server type: PERSISTENT displayDevice: enableDisplay: false fingerprint: ybWwdOrRORk= id: '3212181060024648293' keyRevocationActionType: NONE kind: compute#instance labelFingerprint: 42WmSpB8rSM= lastStartTimestamp: '2022-12-28T09:27:43.796-08:00' machineType: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/zones/us-central1-a/machineTypes/e2-small metadata: fingerprint: dz5bOHRK8No= items: - key: startup-script value: |- #!/bin/bash sudo apt update sudo apt -y install apache2 - key: enable-oslogin value: 'true' kind: compute#metadata name: http-server networkInterfaces: - accessConfigs: - kind: compute#accessConfig name: External NAT natIP: 104.197.244.209 networkTier: PREMIUM type: ONE_TO_ONE_NAT fingerprint: oStyJIVKhnw= kind: compute#networkInterface name: nic0 network: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/global/networks/securenetwork networkIP: 10.10.1.4 stackType: IPV4_ONLY subnetwork: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/regions/us-central1/subnetworks/subnet1 - fingerprint: yHUJXFqysIk= kind: compute#networkInterface name: nic1 network: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/global/networks/default networkIP: 10.128.0.5 stackType: IPV4_ONLY subnetwork: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/regions/us-central1/subnetworks/default reservationAffinity: consumeReservationType: ANY_RESERVATION scheduling: automaticRestart: true onHostMaintenance: MIGRATE preemptible: false provisioningModel: STANDARD selfLink: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/zones/us-central1-a/instances/http-server serviceAccounts: - email: 955082225501-compute@developer.gserviceaccount.com scopes: - https://www.googleapis.com/auth/devstorage.read_only - https://www.googleapis.com/auth/logging.write - https://www.googleapis.com/auth/monitoring.write - https://www.googleapis.com/auth/servicecontrol - https://www.googleapis.com/auth/service.management.readonly - https://www.googleapis.com/auth/trace.append shieldedInstanceConfig: enableIntegrityMonitoring: true enableSecureBoot: false enableVtpm: true shieldedInstanceIntegrityPolicy: updateAutoLearnPolicy: true startRestricted: false status: RUNNING tags: fingerprint: fVXbcdHqnyU= items: - http - ssh - www zone: https://www.googleapis.com/compute/v1/projects/qwiklabs-gcp-03-b3cc8f995aad/zones/us-central1-a ## Other Tasks: I managed to reset password and login on both servers using gcloud compute reset-windows-password vm-bastionhost --user app_admin --zone us-central1-a and RDP to bastion and inside bastion RDP to secure host.

Lopes de Souza Benchimol Bruno · 約3年前にレビュー済み

Patil Mandar · 約3年前にレビュー済み