Hello fellow IT industry professionals! I’m Preston K. Parsard, and I’m truly excited to bring you some awesome automation opportunities, so to start, let’s consider these scenarios:
1. You’re an IT professional and to stay competitive, relevant and enhance your ability to manage large volumes of resources, you would like to quickly develop one or more of the following skills.
You also don’t want to worry about the details of building this lab yourself from scratch.
2. Maybe you’re more of an IT or business decision maker instead and would like to offer opportunities for your technical staff to quickly provision an on-demand training environment without having to invest in any capital expenditures. Furthermore, you want to allow your staff to deprovision those resources just as easily when required to reduce operational expenses.
3. What about if you’re a trainer for any or all the training topics mentioned above and need a convenient way to provide an individual lab environment for each attendee in your class, where each sand-box is customized and segregated for all participants?
If you fit any of these roles and intentions, your responsibilities, including tracking and updating the configuration of this type of solution may soon become a little easier now. After all, what if your automated lab building solution was already documented as some sort of declarative (i.e. infrastructure as…) code? What if all you had to do was run a script and enter a few parameters to trigger and cascade a set of templates to provision your lab for you?
Azure Automation Lab
Disclaimer
This project is meant for training or demonstration only and should not be construed as suitable for production purposes. Although it may be cloned, enhanced and customized to a production solution using recommended architectural patterns, the effort required for those enhancements will be at your or your organizations own discretion and responsibility.
Please see the Azure Reference Architectures for guidance on production level planning and design projects.
This article briefly outlines the project without focusing on the specific details, which are available in the README.md file referenced in the project link in the references section at the end.
Welcome to the 0026-azure-automation-plus-dsc-lab project! Ok, I admit that’s a little long, so we can just call it Project 0026 for short.
This solution will deploy a new lab environment fairly quickly once you review the training goals and meet the requirements. The process includes downloading a script, running it and supplying a few parameters. After that, you can do something else, like go to lunch, then come back later to find the completed deployment in about an hour. I do realize that some of you may first want to pause and review the source code before running it. I get that and completely recommend that look-before-you-leap approach anyway. The total solution is probably about 4,000 lines of code, mostly based on Java Script Object Notation (JSON) ARM templates, Desired State Configuration and PowerShell scripts. After you or your favorite IT or Cybersecurity folks review Project 0026 and you’re comfortable, then subsequent deployments can be initiated in about the same time it takes daylight from the sun to reach the earth. Reference: https://en.wikipedia.org/wiki/Sunlight
Pre-requisites
So let’s cover what we’ll need to actually make this work now.
Lab Infrastructure
The environment will consist of a minimum of 2, up to a maximum of 11 servers depending on the values of the include... or exclude... parameters used; All machines consists of 9 Windows and 2 Linux, and some supporting resources such as:
The VM roles that will be deployed are:
Domain Controllers
Three Windows 2019 Data Center Core domain controllers, where only 1 will be promoted to a domain controller named AZRADS##03.dev.adatum.com. Both AZRADS##01.dev.adatum.com & AZRADS##02.dev.adatum.com are optional based on the value of the -includeAds parameter and are only member servers until you promote them.
Development/Jump Server
One Windows 2019 Data Center Development/Jump/DSCPull/DSCPush server with the Visual Studio 2019 Community Edition VM image. This will be AZRDEV##01.dev.adatum.com.
Web Servers
Two optional Windows 2019 Data Center Core servers, initially deployed as standalone servers but which can later be configured after deployment as web servers using something like Desired State Configuration or an imperative PowerShell script. These are named AZRWEB##01.dev.adatum.com and AZRWEB##02.dev.adatum.com.
Database Servers
Two optional Windows 2019 Data Center servers (without the SQL image), initially deployed as standalone servers but which can be configured after deployment as SQL 2019 servers, again using either Desired State Configuration or imperative PowerShell. These are AZRSQL##01.dev.adatum.com and AZRSQL##02.dev.adatum.com
Linux Server
One optional CentOS 7 server, which can be used to demonstrate or practice PowerShell 7 or PowerShell DSC for Linux concepts. This is AZRLNX##01.
One optional Ubuntu server, which can also be used as an additional Linux workload. This is AZRLNX##02.
PKI Server
One optional Windows 2019 Data Center with a GUI PKI server named AZRPKI##01.dev.adatum.com. This is really just a base Windows VM image that you can also practice configuring as an actually PKI server. Hey, it could be a great exercise to build this with Desired State Configuration, right?
So these are all the 11 servers that can be deployed for your lab if you don't exclude any of them with either the -exclude... or -include... workload parameter switches. Remember that the details are available in the README.md file for the Azure Automation Plus DSC Lab, or better yet, if you’re more of a visual learner, with slide animations and demos, here’s the video!
Deploying the Solution
PowerShell Method
To deploy this project, you can either download the script or clone the GitHub repository to your desired target directory on your machine or a file share. Make sure to unblock the script Deploy-AzureResourceGroup.ps1 so it will execute if your PowerShell execution policy is set to something like Remote Signed. Next open your PowerShell editor or console such as the Windows PowerShell ISE, PowerShell, Visual Studio Code, Visual Studio 2019 as an administrator and run the script.
Once the script starts, follow these seven simple steps to initiate the deployment:
Azure CLI (bash) Method
You can also use the Azure CLI method if you prefer. An example set of commands and explanatory comments are also provided in the README.md file for this project.
Connecting to your Lab
If you use the PowerShell deployment method, your RDP prompt will open automatically for you to authenticate, otherwise using the Azure CLI method will require you to connect to the jump/development VM from the portal at https://portal.azure.com
After Deploying the Template
This solution includes Azure Bastion connectivity, where you can RDP or SSH to your VMs securely with a TLS (TCP 443) connection from the Internet. Initially, an RDP connection to the jump server is provisioned, but an attempt is made to deploy Azure Bastion. If the Azure Bastion deployment is successful, then the previously deployed public IP address for the jump server is disconnected and all the relevant Network Security Group firewall rules are updated accordingly. The Azure Bastion deployment however may fail if it is not currently available in your region, in which case the jump server connection method will be used. To see the latest supported regions, please refer to the online documentation here.
Ok, so now you have a lab infrastructure to explore. Although we don’t provide exactly what excercises to practice or learn, there is a basic outline of recommended training objectives, such as building the Dev server as a Desired State Configuration push/pull server to simulate an on-premises push/pull scenario based in Azure.
I say we above because I anticipate that some of you just can’t wait to help me out with this later on by filing issues, recommending features, submitting pull requests, and even contributing, right?
Target State Diagram
After the deployment, this is what the end result should look like:
Summary
So we’ve covered some of the benefits of Project 0026, what’s required to get started, what’s included in the lab infrastructure, as well as a couple of methods that can be used to perform this deployment. Next, we wrapped it up with how to connect once the solution is provisioned, along with some recommended guidance on what skills you can develop and a target state diagram to reference as you learn. Note also that the ARM templates provide configuration as code documentation. This means for those of you who are, like a magnetic compass needle pulled towards the north pole, are more compelled to investigate the details of the JSON files to see what was actually done and how, the Project 0026 world is now your virtual oyster.
I’d really love to hear any feedback you may have on how we can make this project better for everyone. So what else can we do to help make you a hero (cape not included)?
Well that’s it for now IT superstars. I say superstars because I believe anyone interested in reducing administrative effort and leveraging open source contributions to accelerate learning can be nothing less than either a current or future star. Am I right?
References
Project 0026
1. https://github.com/autocloudarc/0026-azure-automation-plus-dsc-lab
Links
1. Azure ARM templates
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
2. Azure Automation:
https://docs.microsoft.com/en-us/azure/
3. Desired State Configuration:
https://docs.microsoft.com/en-us/powershell/dsc/overview
4. Desired State Configuration for Linux:
https://docs.microsoft.com/en-us/powershell/dsc/lnxgettingstarted
5. Powershell Core:
6. Example Scenario:
7. Azure Pricing Calculator:
https://azure.microsoft.com/en-us/pricing/calculator/
Videos
1.How to Build an Azure Automation Lab
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.