This is multipart project overview. The brief here was to create a high level design for a virtual datacentre in Azure for a company looking to move the contents of a datacentre and few other sites with On-premise server infrastructure to the cloud.
Part Four goes through the included server infrastructure resources for the design. These are extremely minimal as they simply demonstrate the options, a DC is deployed specifically so we can repoint the VNet to it for DNS resolution.
All code and documentation is available at https://github.com/jmattmacd/AzureVirtualDatacentre
Part One – Overview and Scoping
Part Two – General Azure Resources
Part Three – Network Resources
Part Four – Server Infrastructure Resources
Hop Box
A hop box AZHOP01 [10.$IP.200.4] is created on the management subnet. This will be accessible for RDP from the On-Premise network and have RDP access to all Azure tiers. It is not specified as a domain member by this design.
It is set to turn off every evening so is only brought online when required.
A code snippet to create this machine is included below. The script includes an administrative password which must be changed before the script is used for deployment. It also specifies the VM size as Standard_D2_V2 which may need to be changed for operational reasons or if MS change the available machines in your region [08] – Build Hop Box.ps1
# connect-azurermaccount
# change the admin account details!
$VMName = "AZHOP01"
$VMSize = "Standard_D2_V2"
$MachineUserName = "JMMAdmin"
$MachinePassword = "JMMSecurePassword!"
$MachineSecurePassword = ConvertTo-SecureString $MachinePassword -AsPlainText -Force
$MachineCredential = New-Object System.Management.Automation.PSCredential ($MachineUserName, $MachineSecurePassword);
$IPconfig = New-AzureRmNetworkInterfaceIpConfig -Name "IPConfig1" -PrivateIpAddressVersion IPv4 -PrivateIpAddress "10.$IP.200.4" -Subnet (Get-AzureRmVirtualNetworkSubnetConfig -name ManagementSubnet -VirtualNetwork (Get-AzureRmVirtualNetwork -name JMM_VNet01 -ResourceGroupName JMM_RG01))
$NICName = $VMName+'_NIC01'
$NICObj = New-AzureRmNetworkInterface -Name $NICName -ResourceGroupName JMM_RG01 -Location UKSouth -IpConfiguration $IPconfig -WarningAction SilentlyContinue
$VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -Windows -ComputerName $VMName -Credential $MachineCredential -ProvisionVMAgent -EnableAutoUpdate
$VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $NICObj.Id
$VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName 'MicrosoftWindowsServer' -Offer 'WindowsServer' -Skus '2016-Datacenter' -Version latest
$VirtualMachineObj = New-AzureRmVM -ResourceGroupName JMM_RG01 -Location UKSouth -VM $VirtualMachine -WarningAction SilentlyContinue
Build DC and install Domain Services
To complete the design we really want to point the VNet DNS at our correct resolution point, therefore I have included a DC build in the design and the extension of on premise AD DS to the cloud. You could of course have an entire new domain (or forest) in your cloud side if you were moving to a identity based paradigm and didn’t need to extend the directory.
The script again defines the admin credential which, even though you will be promoting the machine to a DC, should be changed. It also specifies the VMName and the size. [09] – Build DC.ps1
# connect-azurermaccount
# change the admin account details!
$VMName = "AZDC01"
$VMSize = "Standard_D2_V2"
$MachineUserName = "JMMAdmin"
$MachinePassword = "JMMSecurePassword!"
$MachineSecurePassword = ConvertTo-SecureString $MachinePassword -AsPlainText -Force
$MachineCredential = New-Object System.Management.Automation.PSCredential ($MachineUserName, $MachineSecurePassword);
$IPconfig = New-AzureRmNetworkInterfaceIpConfig -Name "IPConfig1" -PrivateIpAddressVersion IPv4 -PrivateIpAddress "10.$IP.190.20" -Subnet (Get-AzureRmVirtualNetworkSubnetConfig -name InfrastructureSubnet -VirtualNetwork (Get-AzureRmVirtualNetwork -name JMM_VNet01 -ResourceGroupName JMM_RG01))
$NICName = $VMName+'_NIC01'
$NICObj = New-AzureRmNetworkInterface -Name $NICName -ResourceGroupName JMM_RG01 -Location UKSouth -IpConfiguration $IPconfig -WarningAction SilentlyContinue
$VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -Windows -ComputerName $VMName -Credential $MachineCredential -ProvisionVMAgent -EnableAutoUpdate
$VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $NICObj.Id
$VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName 'MicrosoftWindowsServer' -Offer 'WindowsServer' -Skus '2016-Datacenter' -Version latest
$VirtualMachineObj = New-AzureRmVM -ResourceGroupName JMM_RG01 -Location UKSouth -VM $VirtualMachine -WarningAction SilentlyContinue
Remove-Item .\ADscript.ps1
New-Item -ItemType File -Path .\ADscript.ps1
$Content = 'install-windowsfeature AD-Domain-Services'
Add-Content .\ADscript.ps1 $Content
Invoke-AzureRmVMRunCommand -ResourceGroupName JMM_RG01 -Name $VMName -CommandId 'RunPowerShellScript' -ScriptPath .\ADscript.ps1
Remove-Item .\ADscript.ps1 Once built the machine should be promoted to a domain controller and joined to the existing domain. The domain can then be extended with a new site “Azure” and the new domain controller and 10.$IP.0.0/16 subnets configured in the AD site.
The domain controller can then be set to use itself for DNS and appropriate forwarders to corporate DNS servers created.
Setting the VNet DNS Server
Now we have our DC runnign and serving DNS we can set the VNet to look at it for DNS. Long term this is likely to be augmented by multiple servers however this is out of scope for this project [10] – Set VNet DNS Server.ps1
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName JMM_RG01 -name JMM_VNet01
$vnet.DhcpOptions.DnsServers = 10.$IP.190.20
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet 