Base Configuration dev/test environment

Summary: Create a simplified intranet as a dev/test environment in Microsoft Azure.

This article provides you with step-by-step instructions to create the following Base Configuration dev/test environment in Azure:

Figure 1: The Base Configuration dev/test environment

Phase 4 of the Base Configuration in Azure with the CLIENT1 virtual machine

The Base Configuration dev/test environment in Figure 1 consists of the Corpnet subnet in a cloud-only Azure virtual network named TestLab that simulates a simplified, private intranet connected to the Internet. It contains three Azure virtual machines running WIndows Server 2016:

  • DC1 is configured as an intranet domain controller and Domain Name System (DNS) server

  • APP1 is configured as a general application and web server

  • CLIENT1 acts as an intranet client

This configuration allows DC1, APP1, CLIENT1, and additional Corpnet subnet computers to be:

  • Connected to the Internet to install updates, access Internet resources in real time, and participate in public cloud technologies such as Microsoft Office 365 and other Azure services.

  • Remotely managed using Remote Desktop connections from your computer that is connected to the Internet or your organization network.

You can use the resulting test environment:

  • For application development and testing.

  • As the initial configuration of an extended test environment of your own design that includes additional virtual machines, Azure services, or other Microsoft cloud offerings such as Office 365 and Enterprise Security + Mobility (EMS).

There are four phases to setting up the Base Configuration test environment in Azure:

  1. Create the virtual network.

  2. Configure DC1.

  3. Configure APP1.

  4. Configure CLIENT1.

If you do not already have an Azure subscription, you can sign up for a free trial at Try Azure. If you have an MSDN or Visual Studio subscription, see Monthly Azure credit for Visual Studio subscribers.

Note

Virtual machines in Azure incur an ongoing monetary cost when they are running. This cost is billed against your free trial, MSDN subscription, or paid subscription. For more information about the costs of running Azure virtual machines, see Virtual Machines Pricing Details and Azure Pricing Calculator. To keep costs down, see Minimizing the costs of test environment virtual machines in Azure.

Test Lab Guides in the Microsoft Cloud

Tip

Click here for a visual map to all the articles in the One Microsoft Cloud Test Lab Guide stack.

Phase 1: Create the virtual network

First, start an Azure PowerShell prompt.

Note

The following command sets use the latest version of Azure PowerShell. See Get started with Azure PowerShell cmdlets.

Sign in to your Azure account with the following command.

Login-AzureRMAccount

Tip

Click here to get a text file that contains all the PowerShell commands in this article.

Get your subscription name using the following command.

Get-AzureRMSubscription | Sort Name | Select Name

Set your Azure subscription. Replace everything within the quotes, including the < and > characters, with the correct name.

$subscr="<subscription name>"
Get-AzureRmSubscription -SubscriptionName $subscr | Select-AzureRmSubscription

Next, create a new resource group for your Base Configuration test lab. To determine a unique resource group name, use this command to list your existing resource groups.

Get-AzureRMResourceGroup | Sort ResourceGroupName | Select ResourceGroupName

Create your new resource group with these commands. Replace everything within the quotes, including the < and > characters, with the correct names.

$rgName="<resource group name>"
$locName="<location name, such as West US>"
New-AzureRMResourceGroup -Name $rgName -Location $locName

Next, you create the TestLab virtual network that will host the Corpnet subnet of the base configuration and protect it with a network security group.

$rgName="<name of your new resource group>"
$locName=(Get-AzureRmResourceGroup -Name $rgName).Location
$corpnetSubnet=New-AzureRMVirtualNetworkSubnetConfig -Name Corpnet -AddressPrefix 10.0.0.0/24
New-AzureRMVirtualNetwork -Name TestLab -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.0.0.0/8 -Subnet $corpnetSubnet -DNSServer 10.0.0.4
$rule1=New-AzureRMNetworkSecurityRuleConfig -Name "RDPTraffic" -Description "Allow RDP to all VMs on the subnet" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
New-AzureRMNetworkSecurityGroup -Name Corpnet -ResourceGroupName $rgName -Location $locName -SecurityRules $rule1
$vnet=Get-AzureRMVirtualNetwork -ResourceGroupName $rgName -Name TestLab
$nsg=Get-AzureRMNetworkSecurityGroup -Name Corpnet -ResourceGroupName $rgName
Set-AzureRMVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name Corpnet -AddressPrefix "10.0.0.0/24" -NetworkSecurityGroup $nsg

This is your current configuration.

Phase 1 of the Base Configuration in Azure with the virtual network and subnet

Phase 2: Configure DC1

In this phase, we create the DC1 virtual machine and configure it as a domain controller for the corp.contoso.com Windows Server Active Directory (AD) domain and a DNS server for the virtual machines of the TestLab virtual network.

To create an Azure virtual machine for DC1, fill in the name of your resource group and run these commands at the Azure PowerShell command prompt on your local computer.

$rgName="<resource group name>"
$locName=(Get-AzureRmResourceGroup -Name $rgName).Location
$vnet=Get-AzureRMVirtualNetwork -Name TestLab -ResourceGroupName $rgName
$pip=New-AzureRMPublicIpAddress -Name DC1-PIP -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic=New-AzureRMNetworkInterface -Name DC1-NIC -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -PrivateIpAddress 10.0.0.4
$vm=New-AzureRMVMConfig -VMName DC1 -VMSize Standard_A1
$cred=Get-Credential -Message "Type the name and password of the local administrator account for DC1."
$vm=Set-AzureRMVMOperatingSystem -VM $vm -Windows -ComputerName DC1 -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRMVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version "latest"
$vm=Add-AzureRMVMNetworkInterface -VM $vm -Id $nic.Id
$vm=Set-AzureRmVMOSDisk -VM $vm -Name "DC1-OS" -DiskSizeInGB 128 -CreateOption FromImage -StorageAccountType "StandardLRS"
$diskConfig=New-AzureRmDiskConfig -AccountType "StandardLRS" -Location $locName -CreateOption Empty -DiskSizeGB 20
$dataDisk1=New-AzureRmDisk -DiskName "DC1-DataDisk1" -Disk $diskConfig -ResourceGroupName $rgName
$vm=Add-AzureRmVMDataDisk -VM $vm -Name "DC1-DataDisk1" -CreateOption Attach -ManagedDiskId $dataDisk1.Id -Lun 1
New-AzureRMVM -ResourceGroupName $rgName -Location $locName -VM $vm

You will be prompted for a user name and password for the local administrator account on DC1. Use a strong password and record both the name and password in a secure location.

Next, connect to the DC1 virtual machine.

Connect to DC1 using local administrator account credentials

  1. In the Azure portal, click Resource Groups > [the name of your new resource group] > DC1 > Connect.

  2. Open the DC1.rdp file that is downloaded, and then click Connect.

  3. Specify the DC1 local administrator account name:

    • For Windows 7:

      In the Windows Security dialog box, click Use another account. In User name, type DC1\[Local administrator account name].

    • For Windows 8 or Windows 10:

      In the Windows Security dialog box, click More choices, and then click Use a different account. In User name, type DC1\[Local administrator account name].

  4. In Password, type the password of the local administrator account, and then click OK.

  5. When prompted, click Yes.

Next, add an extra data disk as a new volume with the drive letter F: with this command at an administrator-level Windows PowerShell command prompt on DC1.

Get-Disk | Where PartitionStyle -eq "RAW" | Initialize-Disk -PartitionStyle MBR -PassThru | New-Partition -AssignDriveLetter -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "WSAD Data"

Next, configure DC1 as a domain controller and DNS server for the corp.contoso.com domain. Run these commands at an administrator-level Windows PowerShell command prompt.

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest -DomainName corp.contoso.com -DatabasePath "F:\NTDS" -SysvolPath "F:\SYSVOL" -LogPath "F:\Logs"

You will need to specify a safe mode administrator password. Store this password in a secure location.

Note that these commands can take a few minutes to complete.

After DC1 restarts, reconnect to the DC1 virtual machine.

Connect to DC1 using domain credentials

  1. In the Azure portal, click Resource Groups > [your resource group name] > DC1 > Connect.

  2. Run the DC1.rdp file that is downloaded, and then click Connect.

  3. In Windows Security, click Use another account. In User name, type CORP\[Local administrator account name].

  4. In Password, type the password of the local administrator account, and then click OK.

  5. When prompted, click Yes.

Next, create a user account in Active Directory that will be used when logging in to CORP domain member computers. Run this command at an administrator-level Windows PowerShell command prompt.

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false

Note that this command prompts you to supply the User1 account password. Because this account will be used for remote desktop connections for all CORP domain member computers, choose a strong password. Record the User1 account password and store it in a secured location.

Next, configure the new User1 account as an Enterprise Administrator. Run this command at the administrator-level Windows PowerShell command prompt.

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=corp,DC=contoso,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Schema Admins,CN=Users,DC=corp,DC=contoso,DC=com"

Close the Remote Desktop session with DC1 and then reconnect using the CORP\User1 account.

Next, to allow traffic for the Ping tool, run this command at an administrator-level Windows PowerShell command prompt.

Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -enabled True

This is your current configuration.

Phase 2 of the Base Configuration in Azure with the DC1 virtual machine

Phase 3: Configure APP1

APP1 provides web and file sharing services.

-> [!NOTE]
-> The following command set creates CLIENT1 running Windows Server 2016 Datacenter, which can be done for all types of Azure subscriptions. If you have an Visual Studio-based Azure subscription, you can create CLIENT1 running Windows 10 with the Azure portal.

To create an Azure Virtual Machine for APP1, fill in the name of your resource group and run these commands at the Azure PowerShell command prompt on your local computer.

$rgName="<resource group name>"
$locName=(Get-AzureRmResourceGroup -Name $rgName).Location
$vnet=Get-AzureRMVirtualNetwork -Name TestLab -ResourceGroupName $rgName
$pip=New-AzureRMPublicIpAddress -Name APP1-PIP -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic=New-AzureRMNetworkInterface -Name APP1-NIC -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id
$vm=New-AzureRMVMConfig -VMName APP1 -VMSize Standard_A1
$cred=Get-Credential -Message "Type the name and password of the local administrator account for APP1."
$vm=Set-AzureRMVMOperatingSystem -VM $vm -Windows -ComputerName APP1 -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRMVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version "latest"
$vm=Add-AzureRMVMNetworkInterface -VM $vm -Id $nic.Id
$vm=Set-AzureRmVMOSDisk -VM $vm -Name "APP1-OS" -DiskSizeInGB 128 -CreateOption FromImage -StorageAccountType "StandardLRS"
New-AzureRMVM -ResourceGroupName $rgName -Location $locName -VM $vm

Next, connect to the APP1 virtual machine using the APP1 local administrator account name and password, and then open a Windows PowerShell command prompt.

To check name resolution and network communication between APP1 and DC1, run the ping dc1.corp.contoso.com command and verify that there are four replies.

Next, join the APP1 virtual machine to the CORP domain with these commands at the Windows PowerShell prompt.

Add-Computer -DomainName corp.contoso.com
Restart-Computer

Note that you must supply the CORP\User1 domain account credentials after running the Add-Computer command.

After APP1 restarts, connect to it using the CORP\User1 account, and then open an administrator-level Windows PowerShell command prompt.

Next, make APP1 a web server with this command at the Windows PowerShell command prompt on APP1.

Install-WindowsFeature Web-WebServer -IncludeManagementTools

Next, create a shared folder and a text file within the folder on APP1 with these PowerShell commands.

New-Item -path c:\files -type directory
Write-Output "This is a shared file." | out-file c:\files\example.txt
New-SmbShare -name files -path c:\files -changeaccess CORP\User1

This is your current configuration.

Phase 3 of the Base Configuration in Azure with the APP1 virtual machine

Phase 4: Configure CLIENT1

CLIENT1 acts as a typical laptop, tablet, or desktop computer on the Contoso intranet.

To create an Azure Virtual Machine for CLIENT1, fill in the name of your resource group and run these commands at the Azure PowerShell command prompt on your local computer.

$rgName="<resource group name>"
$locName=(Get-AzureRmResourceGroup -Name $rgName).Location
$vnet=Get-AzureRMVirtualNetwork -Name TestLab -ResourceGroupName $rgName
$pip=New-AzureRMPublicIpAddress -Name CLIENT1-PIP -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic=New-AzureRMNetworkInterface -Name CLIENT1-NIC -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id
$vm=New-AzureRMVMConfig -VMName CLIENT1 -VMSize Standard_A1
$cred=Get-Credential -Message "Type the name and password of the local administrator account for CLIENT1."
$vm=Set-AzureRMVMOperatingSystem -VM $vm -Windows -ComputerName CLIENT1 -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRMVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version "latest"
$vm=Add-AzureRMVMNetworkInterface -VM $vm -Id $nic.Id
$vm=Set-AzureRmVMOSDisk -VM $vm -Name "CLIENT1-OS" -DiskSizeInGB 128 -CreateOption FromImage -StorageAccountType "StandardLRS"
New-AzureRMVM -ResourceGroupName $rgName -Location $locName -VM $vm

Next, connect to the CLIENT1 virtual machine using the CLIENT1 local administrator account name and password, and then open an administrator-level Windows PowerShell command prompt.

To check name resolution and network communication between CLIENT1 and DC1, run the ping dc1.corp.contoso.com command at a Windows PowerShell command prompt and verify that there are four replies.

Next, join the CLIENT1 virtual machine to the CORP domain with these commands at the Windows PowerShell prompt.

Add-Computer -DomainName corp.contoso.com
Restart-Computer

Note that you must supply your CORP\User1 domain account credentials after running the Add-Computer command.

After CLIENT1 restarts, connect to it using the CORP\User1 account name and password, and then open an administrator-level Windows PowerShell command prompt.

Next, verify that you can access web and file share resources on APP1 from CLIENT1.

Verify CLIENT access to APP1

  1. In Server Manager, in the tree pane, click Local Server.

  2. In Properties for CLIENT1, click On next to IE Enhanced Security Configuration.

  3. In Internet Explorer Enhanced Security Configuration, click Off for Administrators and Users, and then click OK.

  4. From the Start screen, click Internet Explorer, and then click OK.

  5. In the Address bar, type http://app1.corp.contoso.com/, and then press ENTER. You should see the default Internet Information Services web page for APP1.

  6. From the desktop taskbar, click the File Explorer icon.

  7. In the address bar, type \\app1\Files, and then press ENTER. You should see a folder window with the contents of the Files shared folder.

  8. In the Files shared folder window, double-click the Example.txt file. You should see the contents of the Example.txt file.

  9. Close the example.txt - Notepad and the Files shared folder windows.

This is your final configuration.

Phase 4 of the Base Configuration in Azure with the CLIENT1 virtual machine

Your Base Configuration in Azure is now ready for application development and testing or for building additional test environments.

Tip

Click here for a visual map to all of the articles in the One Microsoft Cloud Test Lab Guide stack.

Minimizing the costs of test environment virtual machines in Azure

To minimize the cost of running the test environment virtual machines, you can do one of the following:

  • Create the test environment and perform your needed testing and demonstration as quickly as possible. When complete, delete the resource group for the test environment.

  • Shut down your test environment virtual machines into a deallocated state.

To shut down the virtual machines with Azure PowerShell, fill in the resource group name and run these commands.

$rgName="<your resource group name>"
Stop-AzureRMVM -ResourceGroupName $rgName -Name "CLIENT1" -Force
Stop-AzureRMVM -ResourceGroupName $rgName -Name "APP1" -Force
Stop-AzureRMVM -ResourceGroupName $rgName -Name "DC1" -Force

To ensure that your virtual machines work properly when starting all of them from the Stopped (Deallocated) state, you should start them in the following order:

  1. DC1
  2. APP1
  3. CLIENT1

To start the virtual machines in order with Azure PowerShell, fill in the resource group name and run these commands.

$rgName="<your resource group name>"
Start-AzureRMVM -ResourceGroupName $rgName -Name "DC1"
Start-AzureRMVM -ResourceGroupName $rgName -Name "APP1"
Start-AzureRMVM -ResourceGroupName $rgName -Name "CLIENT1"

See Also