I wanted to share some additional tips and trick for getting the most out of Using Microsoft Azure Lab Services within your labs and classes
One of the main requirement most institutions have for the provision of lab resoruces is the ability for educators and students to log into lab VMs using our AAD credentials, rather than using VM-local accounts.
At present the solution to AAD support to your Azure Lab images is
A workaround that has been used in some Universities is to create a custom image that, at startup, performs the following steps through PS1 scripts:
1. Join the VM to the AAD domain
2. Add the appropriate AAD Users (aka students for the course) to the VM, so that they can log into it using their AAD credentials
At present adding machines to AAD via Powershell isnt available see https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/20399941-all-powershell-bash-script-azure-ad-join
So the Lab Machine template will first need to be edited and then saved and then published or republished to all the users.
Joining Windows 10 VM to a domain
https://docs.microsoft.com/en-us/azure/active-directory/devices/azuread-joined-devices-frx
Windows Server
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm
Linux
Adding the VM to AAD https://docs.microsoft.com/en-us/azure/virtual-machines/linux/login-using-aad
Adding a user to the VM https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cloudinit-add-user
- Linked to the above, using our OneDrive storage as a preconfigured network volume on the VMs -- this is our institution-preferred way for students to store files and we'd be keen to link it into our teaching for data that wasn't amenable to being put into github
- https://docs.microsoft.com/en-us/onedrive/use-group-policy#OptInWithWizard
- https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/Migrate-Your-Files-to-OneDrive-Easily-with-Known-Folder-Move/ba-p/207076
With the latest versions of OneDrive it is possible to configure the client at the machine level (rather than the user level): https://docs.microsoft.com/en-us/onedrive/per-machine-installation
- Being able to preserve storage on VMs for a longer-duration class that needs the underlying VM reconfigured. Ie, as a class progresses, moving from using lower-spec VMs to using GPU-enabled VMs, or moving between Linux and Windows, but preserving the equivalent of the user homespace in cloud storage. This could be the OneDrive solution above, but would be good to have a faster, more Azure-local storage solution if possible.
- We've had some problems logging in to linux lab instances with ssh from OS X, where we get control path length issues due to the length of the hostname. Some experimenting suggests that there is a total string length of 83 characters for port number plus user@host.domain. With a 75-character hostname.domainname and a 5 character port number there's not much spare space 🙂
- How are incoming connection rules handled, and can we modify them to allow particular inbound ports? It looked like there's some inbound rewriting going somewhere on as the labs vm seemed to be listening on port 22 for ssh, which didn't correspond to our inbound port specified on the command line. Is there a possibility to allow extra inbound port exceptions/forwarding other than ssh and rdp ?
- Can we change the underlying 'hardware' of the labs image whilst the lab is running? A particularly useful option would be to switch from a lower cost image for general use up to a GPU-enabled image for later ML classes. This is a 'moderately useful' one for us which we could easily go either way on -- on the one hand students like having longer-term home directory systems, on the other hand emphasising that work systems should be able to be low-cost-rebuilt out of backups and SCM is a good thing 🙂
- Is there a way to both have scheduled hours for classes and not have automatic shutdown of systems at the end of those hours? Having set hours each week which don't count against user quota sounds useful, but where students might be using their systems for additional work following on from the end of the classes it would be very useful not to have a mandated system shutdown. We can easily work around this by just adding the number of class hours as quota, but it would be nice if we could have some split between 'core quota' and 'extra hours'.
- Can we do anything to preserve user data over a template re-publish? I guess this comes under the 'user data on network volume' discussed in previous mails with regard to using OneDrive, but before this is rolled out is there any option to, for example, have user home directories in cloud storage? This is another 'moderately useful' one for us as we can template systems based on packaging rather than the published image, so apply rolling updates to the setup via package manager rather than the core lab template.