Learn how to get started with Microsoft Azure.

I have received many requests from readers to put together technical articles about the Cloud and especially Microsoft Azure and Citrix Cloud. According to the VDILIKEAPRO 2018 survey, Microsoft Azure is the first cloud provider for cloud-host Citrix deployments. If you are looking to deploy Citrix products in the Cloud, there is a big chance that you will consider Microsoft Azure. In this first article, we will review how to start with Microsoft Azure and we will dig in with few basic configurations to get the environment ready for Citrix Cloud.

Make sure to catch up this series' previous posts first!

 

What is Microsoft Azure?

Microsoft Azure is a cloud computing service launched in 2010 by Microsoft that supports IaaS, PaaS, SaaS and more. As of today 600 services are supported on Azure, not only Windows services and applications but also open-source tools and technologies. The main competitor is Amazon AWS.

Architecture

See below the target design of this lab:

Azure Architecture
Azure Architecture

Getting started

In this article you will learn the following:

  • How to create an Azure account
  • Create a new Azure Global Administrator
  • Configure a custom domain with a public DNS
  • How to configure an Hybrid Azure Active Directory with your own Active Directory located on-premises
  • Learn how to install and configure Azure AD Connect
  • How to create virtual Networks, subnets, storage accounts, resource groups, virtual machines
  • How to enable Azure AD DS
  • Connect to a virtual machine hosted on Azure via RDP
  • Join a server hosted on Azure to an hybrid Azure Active Directory
  • How to install and configure Azure PowerShell SDK and remotely access your Azure subscription
  • How to upgrade your Trial subscription to Pay-As-You-Go

Requirements:

  • Credit Card
  • Microsoft account
  • A working Active Directory hosted on-premises (Ex: citrixguru.lab)
  • A public domain name (Ex: citrixguru.com)
  • A service account in your on-premises AD with “Enterprise Admins” permissions

Important: Azure Trial is limited to a ridiculous 4vCPU usage in the same region. To unlock more, you have to move to a pay-as-you-go subscription model.

Create your Microsoft Azure account

Go to https://azure.microsoft.com.

Microsoft Azure Website
Microsoft Azure Website

Click on the Start Free button.

Start Free
Start Free

Then select Start Free on the second screen.

Start Free Azure
Start Free Azure

Microsoft Azure is compatible with Microsoft Accounts, so if you want you can link your Azure account with your regular Microsoft Account. That’s also great because Citrix Cloud supports Azure AD. You will be able to administrate both Citrix Cloud and Microsoft Azure with the same credentials.

Microsoft Account
Microsoft Account

Select Yes to continue.

Stay signed
Stay signed

Next step is to configure your account details.

About you
About you

Enter your phone number do the phone verification step.

Phone verification 1/2
Phone verification 1/2
Phone verification 2/2
Phone verification 2/2

The next step is to configure your credit credit card information. Nothing is free. And with Microsoft Azure you will learn that very quickly.

Credit Card information
Credit Card information

 

Once you have all configured, accept the subscription agreement. I would tell you to read it but it is so long.

Agreement
Agreement

You will be redirect to the Microsoft Azure dashboard (In case it is here: https://portal.azure.com/). On this screen, you will be able to see what’s going on on your environment.

Microsoft Azure Dashboard
Microsoft Azure Dashboard

That’s all for your account setup.

You can check your subscription in the Cost Management – Billing menu. As you see on the screenshot below, we are using the Free Trial for this article. We are limited to $200 credit from Microsoft. You will see very soon that it is not much in the Microsoft Azure world.

Subscription verification
Subscription verification

Before starting to build virtual machines

Add a custom domain

I will use my own public domain in this setup and I will use my local AD server located on premises. I figured that most corporations already have an active directory locally and will do the same steps as below. So the first step here is to add a custom domain in the Azure AD configuration. By default you are getting something like nicolasignotomsn.microsoft.com. In this example, I’ll be using citrixguru.com as my primary domain.

Note: Azure AD is not really an Active Directory. You cannot add machine in this AD except Windows 10 clients with Office 365 subscriptions. You either have to use your local network Active Directory (with Azure AD Connect) or setup your Active Directory directly in Azure by building at least 1 virtual machine and install the Active Directory role on it.

Directory overview
Directory overview

Select Custom domain names in the Azure Active Directory screen. And select Add custom domain.

Default directory configuration
Default directory configuration

Then add your selected domain, here it is citrixguru.com.

Add custom domain name
Add custom domain name

You will need to reconfigure you domain with Azure settings.

Azure custom domain configuration
Azure custom domain configuration

It will looks like that in your registrar DNS zone editor configuration.

Domain configured
Domain configured

Then and after waiting few minutes for replication, you can click on verify. Azure will automatically check the configuration of the domain.

Verification succeeded
Verification succeeded

Once you are ready. Select Make primary to put this custom domain as your primary directory.

Make primary
Make primary

Select Yes.

Primary Directory
Primary Directory

As you can see on the screenshot, it is needed to download Azure AD Connect and run that tool on your local network Active Directory Windows server. But first we will create a new Azure Global administrator for that new directory.

Create a new Azure Global administrator

Go to Azure Active Directory and you will notice that the custom domain previously created is now the default directory for this account.

New default directory
New default directory

My suggestion is to create a new Azure Global administrator.

Select Users in the left menu (under Manage) and then New User on the top. Configure the new user and don’t forget to assign the Global Administrator role.

Create new Azure Global Administrator
Create new Azure Global Administrator

Last step is to add this user in the current subscription.

Go to Cost Management + Billing and select Access Control (IAM). Select Add and look for the previously created account. Select the role OWNER for this account and save.

Add new owner in the subscription
Add new owner in the subscription
New owner is added
New owner is added 

Then logoff and logon with that user. You will have to change the password for the first time.

Connected with the new Azure Global Administration account
Connected with the new Azure Global Administration account

Install Azure AD Connect on-premises

My on-premises Active Directory is DC01 and is part of my home lab.

Azure AD Connect
Azure AD Connect

The domain citrixguru.lab is the domain running on my on-premises configuration. To be able to use Azure, I will need to create a suffix (UPN) in the Active Directory Domains and Trusts console.

Add UPN suffix
Add UPN suffix

There is additional configuration that needs to be done for the UPN but we will take a look at this later.

Next step is to enter your Azure credentials.

Azure AD - Credentials
Azure AD – Credentials

Make sure that your AD server has access to Internet. I also recommend you to create a new service account that will be used by Azure to connect to your Active Directory. In this article, the service account is CITRIXGURU\AzureSVC. This account is an Enterprise Administrator in my local domain citrixguru.lab.

Connect to AD DS
Connect to AD DS

As discussed before, my local domain is citrixguru.lab and the domain that will be used for Azure is citrixguru.com. This screen is here to remind you that users with citrixguru.lab upn won’t be able to logon to Azure AD. All accounts @citrixguru.lab will be transfered with the default directory UPN (ex: nicolasignotomsn.onmicrosoft.com). If you want to use accounts in Azure, you will have to change their UPNs in your local Active Directory.

Azure AD sign-in configuration
Azure AD sign-in configuration

Check Continue without any verified domains.

The next screen is a summary of what’s going to happen.

Ready to configure Azure AD Connect
Ready to configure Azure AD Connect

Select Install to start the process.

Depending of the size of your Active Directory, this operation can take a long time.

Configuration complete
Configuration complete

The following new services will be created:

  • ADSync
  • AzureADconnectHealthSyncInsights
  • AzureADConnectHealthSyncMonitor

You can check that the installation was a success in Azure. Go to Azure Active Directory and Go to Devices -> All Devices. The server where we have installed Azure AD Connect is now visible here.

On the main Azure Active Directory page, you can see that the Sync is working:

AD Connect Sync
AD Connect Sync

I am sure that the question in your mind is how to force a refresh?

The refresh is by defauLt every 30 minutes. It can be useful, especially during our tests, to force a sync with Azure.

And here is the output.

Force Azure AD Sync in PowerShell
Force Azure AD Sync in PowerShell

You can check that the local AD account are synchronized with Azure by going in Azure Active Directory and select Users (under Manage) in the menu.

Azure AD Sync is working
Azure AD Sync is working

The account highlighted in Red was configured with @citrixguru.com in my local AD and was properly synchronized with Azure AD.

Create a new resource group

A resource group is simply an identifier that Azure Resource Manager applies to resources to group them together. You can find more details about it here.

To create a new resource group go to Resource groups in the left menu. Then select Add.

Add new resource group in Azure
Add new resource group in Azure

The naming structure that i will use for Azure is CG (CitrixGuru) – RG (ResourceGroup) – Citrix (Role) and all my components will be located in East US.

New resource group details
New resource group details

 

Create a virtual network and subnets

To be able to create virtual machines, you need to have a working network (obviously). By default, there is nothing in Azure and it is your job to create everything. Go to Virtual Networks and Select Add.

Add new Azure virtual network
Add new Azure virtual network

Configure the first virtual network as below. We will create a first subnet reserved for servers with 128 IPs available. Note with Azure, many IP addresses will be reserved for Azure and won’t be available for you to use.

Note: make sure to prepare carefully this step as some of the settings are not modifiable.

New Azure virtual network configuration
New Azure virtual network configuration

Now select your newly created virtual network. Then go to Subnets. The first subnet that we created before should be here.

Azure virtual network subnets
Azure virtual network subnets

We need to create a new subnet for Windows 10 clients. Select Subnet on the top.

Add 2nd Azure subnet for W10 Clients
Add 2nd Azure subnet for W10 Clients

Note: not a lot of IP needed here as only few clients are planned in this design.

Azure Subnets configured
Azure Subnets configured

Create a new Azure Storage account

Go to Storage Accounts in the main menu and Select Create Storage account.

Azure Storage account configuration
Azure Storage account configuration

Note: you check this link out to have more details about Replication. Here we don’t need that so I picked the default.

Enable Azure AD DS

To complete the tasks listed in this article, you need:

  • A valid Azure subscription.
  • An Azure AD directory – either synchronized with an on-premises directory or a cloud-only directory.
  • The Azure subscription must be associated with the Azure AD directory.
  • You need global administrator privileges in your Azure AD directory to enable Azure AD Domain Services.

In the main menu, select Create a resource.

Select Azure AD Domain Services.

Select Azure AD Domain Services
Select Azure AD Domain Services

Most of the settings will be preconfigured.

Azure AD Domain Services Configuration
Azure AD Domain Services Configuration

Next screen is the network configuration. We are using everything that was configured earlier in this article.

Azure AD Domain Services - Network configuration
Azure AD Domain Services – Network configuration

Add an administrator from your Azure AD.

Azure AD DS - Add administrator
Azure AD DS – Add administrator

Here is the summary.

Azure AD DS summary
Azure AD DS summary

This can take a while.

Azure AD DS Creation

Once it is deployed. You still need to configure DNS.

Configure DNS for Azure AD DS
Configure DNS for Azure AD DS

Select Configure to update the Virtual Network.

Note: All Virtual machines in the network have to reboot to apply the change.

Create a new Azure virtual machine

Here we will create the first Citrix Cloud connector virtual machine. We will use that VM later to bridge Citrix Cloud in Microsoft Azure.

Few best practices for Citrix Cloud connectors:

  • At least 2 connectors should be deployed for 5000 VDA or less
  • Deploy using Azure managed Disks
  • Use Azure Availability Sets for H/A
  • Make sure that your Cloud connectors can be reached by your VDA

Go to Virtual Machines in the main menu then select Add.

Windows Server options in Azure
Windows Server options in Azure

Select Windows Server 2016 Datacenter. Does not really matter here. Then Select Create at the bottom of the page.

Next step is to configure that virtual machine.

Add a new Azure virtual machine
Add a new Azure virtual machine

Then select a template. Here we will pick a low perf configuration for the example. But usually D4s_v3 or D2s_V3 are recommended depending on the size of your environement.

Azure VM configuration
Azure VM configuration

Next Step is the optional features.

Configure Azure VM option features
Configure Azure VM option features

I’ve configured this VM to get a public IP and to have RDP (3389) allowed inbound to simplify my administration. In a production scenario, this should not be enabled as it exposes you from internet.

Everything else is disabled. See below the summary.

Azure new VM summary

A few minutes, the VM should be ready on your dashboard.

Click on CC01, and then on Connect to download a .rdp file.

CC01
CC01

Select Download RDP file to download the file.

Download RDP file
Download RDP file

Open the file, enter the credentials that we specified during the VM creation process (ex: azureadmin).

Windows 2016 VM hosted on Azure

The next step is to add that virtual machine in the citrixguru.com domain.

Note: you will need to change your password if you created the account before enabling Azure AD DS. If you don’t do that you will get an Account Locked Out error during the join. You can find more about this here.

Adding the Azure VM in Azure AD
Adding the Azure VM in Azure AD
AD virtual machine added in AD Azure
AD virtual machine added in AD Azure

Reboot is required at this time to apply to domain join.

Once rebooted, you can logon with your Azure AD credentials (here: [email protected]).

Azure VM added into Azure AD
Azure VM added into Azure AD

Make sure to disable IE Enhanced Security Configuration on the virtual machine.

Disable IE ESC
Disable IE ESC

Repeat these steps to create CC02 (Secondary Citrix Cloud Connector).

Getting started with Azure PowerShell SDK

Go to https://azure.microsoft.com/en-us/downloads/?fb=en-us and download the PowerShell SDK for Windows. Install it.

Open PowerShell and type the following command line to be prompted to logon on Azure:

Note: you need to logon as the owner or co-admin of the Azure account.

Then select your subscription, generate and download the settings file.

Generate Azure Publish Settings
Generate Azure Publish Settings

Then type the following command:

Now you can type command lines targeting directly your Azure account.

There are many cmdlets available to you. Check the documentation out: https://docs.microsoft.com/en-us/powershell/module/?view=azurermps-6.3.0

Upgrade Azure subscription to Pay-As-You-Go

Azure Free trial is limited to 4vCPU in the same region, which is a serious limitation. You will have to quickly upgrade to a Pay-As-You-Go plan.

Go to Cost Management (in the main left menu).

Note: you can access Azure Subscriptions via this link too: https://account.azure.com/Subscriptions 

You should see the following popup.

Azure subscription expiration warning
Azure subscription expiration warning

You will be prompted to give your subscription a friendly name. Ex: CitrixGuru Subscription.

Azure - Give your subscription a friendly name
Azure – Give your subscription a friendly name

There is NO support included in Azure by default. You can decide to buy support from Microsoft for a monthly fee.

Azure - Support
Azure – Support

After 10 mins, you will get an email mentioning that the subscription has been updated.

Note: the $200 credit will still be available when switching to the new plan. To be used within 30 days.

Azure - Pay As You Go Plan
Azure – Pay As You Go Plan

The offer is still Free Trial for now until the initial credit is used or until the 30 days limit. Then you will be charged for everything you do.

You can check the details of your billed computing or actions here: https://account.azure.com/Subscriptions

That’s all for the first article about Microsoft Azure. I hope you learned something that is useful for you. In the next article, we will take a look at how to get started with Citrix Cloud.

Make sure to catch up this series' previous posts first!