Azure Labs Deployment
An Ode To My Unwillingness To Self-Promote
Relatively recently, I’ve worked with some business units building out training environments in Azure Labs, specifically to replace existing training solutions on legacy VMware hardware. There was a project in place to build out a learning environment for the entire company across all the various hardware and software, however this was something that would be years in the making. I wanted to create something that would have a good workflow for the end user now and in the future once the new learning environment was implemented.
Major concerns:
- Existing training solutions rely on aging hardware in on-premise datacenter(s) using VMware ESXi cloned pools.
- Existing training solutions utilize a mixture of third-party solutions to allow instructors to monitor student progress.
- Existing training solutions had a near non-existent method for performing updates to applications often requiring IT assistance.
Process: I specifically worked with a manager of the training environments, we’ll call him Bob for the purpose of this article. I discussed with Bob the limitations of the current set up and it seemed that Azure Labs was a prime candidate for the new solution.
Azure Labs truthfully has always been something of a red-headed step-child in the Azure world, however I was confident that we could design an environment that would work quite well as a stop-gap to immediately get off the VMware cluster and wait for the integrations from the global team.
We began with creating a new subscription for the environment so that we could have a clean delineation for billing purposes. Inside this environment we created an Azure Lab Account for the deployment as Lab Accounts were more stable than Lab Plans at the time, and also Lab Accounts had a special feature to them that made the global security team very happy. Lab Accounts were spun up in a standalone Microsoft subscription (in fact all fully managed on Microsoft’s side) not tied to our existing networking in Azure, and so the implications were that we did not have to open any firewall rules or allow any special resources. It was all handled in Microsoft’s own environment. Specifically rules like allowing RDP access from anywhere, which as any IT person knows, that’s a big no-no. This is a student environment, but still RDP from anywhere? heck no.
We built a golden image in Azure with all the necessary software, and exported that to the Azure Compute Gallery for use in additional labs. Each lab environment is built off of that golden image so every lab was fundamentally the same, just potentially different hardware depending on the needs of the class. We set up VMs that students when registered for the class via the learning management system would automatically get assigned, and then once the class was over the LMS could issue the command to redeploy the machines from the template VM thus creating a sterile classroom environment for students.
End Results:
- Total removal of the on-prem hardware in several US based datacenters.
- Bob and his team of instructors were fully able to deploy new image updates as various softwares in use needed updating, without intervention from IT.
- Seamless integration with scheduling software for classes, so that end user of the training was able to sign up for a class, and then the instructor would be able to approve and add into a particular class.
- Once this solution was proven to work on the US / Americas side, there was then a project implemented to replicate this solution in other regions globally, specifically Germany and India.
For more information, I guess you'll just have to look at my social media.