In the next two blogposts I want to describe how you can create a cloud-only RDS environment with using as much Azure PaaS services as possible. In these two blogposts I want to focus on setting up a RDS environment based on Windows Server 2016 and using Azure AD Domain Services, Azure AD Application Proxy and Azure SQL Database. The support for these Azure PaaS services is added in Windows Server 2016. So this blogpost is not compatible with earlier versions of RDS. This blogpost will focus on setting up the virtual networks, virtual network peering and the Azure Active Directory including Domain Services. The second blogpost will focus on deploying the RDS environment in this newly created environment.

First I want to describe what is needed to create the complete RDS environment. The following components need to be part of this deployment:

• [Blogpost 1]: 2 Azure VNETs (Classic for Azure AD Domain Services and ARM for hosting IaaS components)
• [Blogpost 1]: 1 Azure Active Directory with Azure AD Domain Services
• [See Link for details]: 2 Azure AD Application Proxy Connector servers
• [Blogpost 2]: 2 RD Web/RD Gateway servers
• [Blogpost 2]: 2 RD Connection Brokers servers combined with RD Licensing
• [Blogpost 2]: 2 RD SessionHost Servers
• [Blogpost 2]: 1 Azure SQL PaaS Database
• [Blogpost 2]: 2 Azure Internal Load Balancers for the RD Web/RD Gateway and the RD Connection Broker

The idea is to create all components with PowerShell and/or Azure ARM templates, some components cannot be created through PowerShell and/or ARM templates and need to be created through the Azure Portal. The RDS team did a great job in providing us templates which can be used to deploy complete RDS environments. Based on those templates I want to deploy the RDS environment (described in Part 2). Now we start with creating the virtual networks and configuring the VNET peering between the classic VNET and the ARM-based VNET. The classic VNET is needed for Azure AD Domain Services, currently the product doesn’t support ARM-Based VNETs. Since we want to deploy the RDS environment based on ARM templates we need to create a connection between those VNETS. In this post I want to show you how that can be done by using VNET peering. So let’s start with creating the VNETs and configure VNET peering between both networks. The following PowerShell script will create both virtual networks and also create the peering between the networks:

#ARM based login to Azure
Login-AzureRmAccount 

#Classic based login to Azure
Add-AzureAccount

##################################
#
# Create Classic VNET - Commands
#
##################################

#Get the current configuration of your Classic Azure Networks
Get-AzureVNetConfig -ExportToFile C:\tmp\classic_vnet.xml

# Add the following XML code to the <VirtualNetworkSites> section
#     <VirtualNetworkSite name="RDSCloudonly-Classic" Location="West Europe">
#        <AddressSpace>
#            <AddressPrefix>192.168.0.0/24</AddressPrefix>
#        </AddressSpace>
#        <Subnets>
#            <Subnet name="LAN">
#            <AddressPrefix>192.168.0.0/24</AddressPrefix>
#        </Subnet>
#        </Subnets>
#      </VirtualNetworkSite>
#
# Save the XML file

#Applies the new configuration based on the XML file
Set-AzureVNetConfig -ConfigurationPath C:\tmp\classic_vnet.xml

#Check if the VNET is created
Get-AzureVNetSite -VNetName 'RDSCloudonly-Classic'

# Result should looks like:
#   AddressSpacePrefixes : {192.168.0.0/24}
#   Location             : West Europe
#   AffinityGroup        : 
#   DnsServers           : {}
#   GatewayProfile       : 
#   GatewaySites         : 
#   Id                   : 7e5f43be-e32b-4735-8d8c-d0093bdccf54
#   InUse                : False
#   Label                : 
#   MigrationState       : 
#   Name                 : RDSCloudonly-Classic
#   State                : Created
#   Subnets              : {LAN}
#   OperationDescription : Get-AzureVNetSite
#   OperationId          : dffa9a7a-bd25-06aa-8c1f-1e5f8b018833
#   OperationStatus      : Succeeded

####################################
# 
# Create ARM-based VNET - Commands 
#
####################################

#Create Resource Group
$RGName     = 'RDSCloudonly'
$Location   = 'westeurope'
$VnetName   = 'RDSCloudonly-ARM'

# Create the ResourceGroup for the RDS Environment components
New-AzureRmResourceGroup -Name $RGName -Location $Location

# Create the ARM Based VNET
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $RGName -Name $VnetName -AddressPrefix 192.168.1.0/24 -Location $Location

#Add the Subnet Configuration to the VNET configuration
Add-AzureRmVirtualNetworkSubnetConfig -Name LAN -VirtualNetwork $vnet -AddressPrefix 192.168.1.0/24

#Apply the Subnet configuration
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

####################################
# 
# Create vNet Peering - Commands 
#
####################################

$arm_vnet     = Get-AzureRmVirtualNetwork -Name $VnetName -ResourceGroupName $RGName

#Copy the ResourceID of your Classic VNET and past it to the variable below
$classic_vnet = '/subscriptions/<< SUBSCRIPTION ID >>/resourceGroups/Default-Networking/providers/Microsoft.ClassicNetwork/virtualNetworks/RDSCloudonly-Classic'

#Create the VNET Peering
Add-AzureRmVirtualNetworkPeering -name RDSCloudOnly-Peering -VirtualNetwork $arm_vnet -RemoteVirtualNetworkId $classic_vnet

# The result of above command should look like this:
#   Name                             : RDSCloudOnly-Peering
#   Id                               : /subscriptions/<< SUBSCRIPTION ID >>/resourceGroups/RDSCloudonly/providers/Microsoft.Network
#                                      /virtualNetworks/RDSCloudonly-ARM/virtualNetworkPeerings/RDSCloudOnly-Peering
#   Etag                             : W/"cfb38ee4-13f8-4c0b-a5cc-0863cd8b0944"
#   ResourceGroupName                : RDSCloudonly
#   VirtualNetworkName               : RDSCloudonly-ARM
#   PeeringState                     : Connected
#   ProvisioningState                : Succeeded
#   RemoteVirtualNetwork             : {
#                                        "Id": "/subscriptions/<< SUBSCRIPTION ID >>/resourceGroups/Default-Networking/providers/Mi
#                                      crosoft.ClassicNetwork/virtualNetworks/RDSCloudonly-Classic"
#                                      }
#   AllowVirtualNetworkAccess        : True
#   AllowForwardedTraffic            : False
#   AllowGatewayTransit              : False
#   UseRemoteGateways                : False
#   RemoteGateways                   : null
#   RemoteVirtualNetworkAddressSpace : null

Next step is to create the Azure AD and the Azure AD domain Services, since no PowerShell cmdlets are available this should be done from the Azure portal (https://manage.windowsazure.com)

1. Login to the Portal and go to Active Directory:
   

2. Click on the New icon to create a new Azure Active Directory domain. Enter the Name, Domain Name and the Country of this Azure Active Directory and click on the icon to start the creation:

   

3. The creation process should start:

   

4. [OPTIONAL] Next step is to add your ‘custom’ domain to your Azure Active Directory. This is not a requirement to proceed but gives your users a more user-friendly username.
5. The next step is to create a group which will be your special admins group within your Active Directory:

   

6. Next step is to create a user and make that user member of that group:

   

7. Now go to the configure section of your Azure Active Directory and activate Azure AD Domain Services. Note that you have to select the right DNS domain Name and Virtual Network:

   

8. Click on save to start the deployment of Azure AD Domain Services. You should see the following after saving:

   

9. When the provisioning process is finished you should see the IP address of the first domain controller:

   

10. To test both the Azure AD Domain Services functionality as well the VNET Peering we need to create a VM. You can do this using the portal, PowerShell or an ARM Template.
11. When the VM is deployed connect through RDP to the server and ping the deployed Domain Controller to check if the VNET Peering is working:

    

12. Next step is to configure the DNS server on the VNET so that this VM gets the domain controller as the primary DNS server. This can be done by executing the following PowerShell cmdlet:

    $RGName     = 'RDSCloudonly'
    $VnetName   = 'RDSCloudonly-ARM'
    $arm_vnet   = Get-AzureRmVirtualNetwork -Name $VnetName -ResourceGroupName $RGName
    
    $arm_vnet.DhcpOptions.DnsServers = '192.168.0.4'
    
    Set-AzureRmVirtualNetwork -VirtualNetwork $arm_vnet
    

     

13. Next Step is to reboot the machine and add the Test-VM01 to the AD domain using the useraccount which you created above. The result should look like this:

    

When you can add the Test-VM to the AD domain the configuration of the Virtual Networks (including VNET peering) and the Azure AD domain services is successful. In the next blog I want to continue to deploy RDS 2016 in this environment using Azure ARM templates.