Preparation for Azure lab


Recently I have been completing some test work with Azure, Azure AD and ADFS.  In the next week or two I will be doing some work with the Enterprise Mobility Suite (Intune for MDM, Azure AD Premium and Azure Rights Management).

Hopefully I will be able to blog some random information from my experiences, but this post is to identify potential speed bumps before you attempt to use Azure, Azure AD and ADFS.

Money/MSDN
Using Azure virtual machines and storage costs money.  When you sign up you must provide valid credit card information.  You are given a £125 trial for a month, but after that it will cost you.  You can configure spend limits which will stop surprise bills being racked up each month.

If you have a Visual Studio or MSDN subscription you actually get free credits.  I have a Visual Studio Ultimate Subscription through my work so I get £95 a month to spend in Azure (which is plenty for labs).

MSDN Credits

Make sure you turn off your Cloud Instance when you are not using it.  This will drastically reduce the cost of running your lab from the cloud.

Domain
Buy yourself a domain name.  Doesn't matter what as long as you like it.  I'd be tempted to use a popular registrar such as GoDaddy as the verification mechanism for Azure works really simply with the big registrars.  My registrar had to manually load some DNS TXT records which couldn't be completed in my admin interface.

Wildcard Certificate
The wildcard vs named certificates is an interesting debate which will continue forever I suspect.  I can see the pros and cons, but in this environment it is MUCH easier to have a publicly trusted wildcard certificate.  These can be quite pricey from some Certificate Authorities.  I used a CA called StartSSL who actually charge you on verification rather than per certificate.

StartSSL

You can create a free account and generate free named certificates, but you will soon hit a brick wall with certain services which required alternate names etc.

StartSSL Verified (which allows you to create as many wildcard/SAN certificates as you like) will set you back about $60 per year.  To complete this process you have to send them some personal documentation which did make me a little uneasy, however saving a few hundred quid was worth it I think.

StartSSL Verified

Internet Connection without outbound port blocking
This one will only apply to a small portion of the population.  Wherever you plan on connecting to your Azure cloud instance from, make sure they do not block outbound ports.  Most companies only allow a small set of ports outbound like 80,443,25 etc.  These are all used for business purposes but the likelihood of them allowing 3389 through the firewall is low.

Have a chat with your network team at work or connect to Azure Cloud Instance from home.

Lastly some links
Here are some articles I read to help me build my labs

http://office365support.ca/setting-up-the-first-web-application-proxy-servers-ad-fs-proxy-in-windows-azure-for-office365-single-sign-on/
http://tristanwatkins.com/changing-adfs-url-windows-server-2012-r2/
https://4sysops.com/archives/building-a-byod-lab-in-microsoft-azure/
http://www.cloudcomputingadmin.com/articles-tutorials/public-cloud/configure-windows-server-2012-r2-test-lab-microsoft-azure.html

Have fun!



Comments

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

Power Automate: Get first item in output

De-selectable radio buttons - Power Apps