After my visit of MVP Summit and speaking on ExpertsLive I’ve finally some time to produce some blogposts which were staying @ the backlog of my blog. Starting with the last part in the series ‘how to deploy your cloud-only RDS environment’. In part 1 till 4 the environment is described and also the instructions how to create the same environment in your own subscription. In this last blogpost I’m describing how to deploy the RDS environment with a Azure ARM template. In part 3 and 4 I already explained the scripts used by the template to deploy a Storage Spaces Direct cluster and the Remote Desktop Services environment. With a Azure ARM template we can deploy all the needed resources on Azure and also execute the scripts on these servers.

The template which I’m publishing today is based on a cloud-only template using the following technologies: Azure Active Directory Domain Services and Azure Active Directory Application Proxy. This implies that the deployment of an Active Directory and deployment of RD Gateway servers in the DMZ is not part of this template. Later this month I will publish a template which will deploy a RDS environment in an existing Active Directory using RD Gateway servers in the DMZ. This template has the following pre-requisites:

1. Azure Active Directory Domain Services ( link );
2. Azure Active Directory Application Proxy ( link );
3. Azure Key Vault for securely storing passwords ( link );
   • Save your local administrator password of the servers to a secret named: localadminCO;
   • Save your certificate password to a secret named: certificatepsswd;
   • Save your password of the domain join user to a secret named: domainjoinpsswd;
4. Azure Storage account for hosting the certificate used in your RDS environment;

Next step is to download both the template file and the parameters file from my GitHub account and save both files to a local location in your workstation. Next step is to change the parameter file to your environment. At least the following parameters need to be adjusted to your own environment:

• adminPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
• CertifcatePFXName: Change this value to the name of the certificate which you have upload to the storage account created in step 4;
• CertifcatePFXPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
  
• DomainJoinUserPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
  
• DomainFQDN: Change this value to the Fully Qualified Domain Name on your Active Directory domain;
  
• DomainFQDNExt: Change this value to the Fully Qualified Domain Name of your public domain;
  
• AssetStorageAccount: Change this value to the Storage Account Name created in Step 4;
  
• AssetStorageAccountKey: Change this value to the Storage Account Key created in Step 4;
  

Note: Within the RDS environment a valid certificate is needed for configuring the specific roles. This certificate need to be upload to a private storage account protected with a key. You can use an existing or a new storage account.

When you have adjusted the template and the parameter to your needs you can deploy the template by using the ‘Deploy-AzureResourceGroup.ps1‘ which you can also find on my GitHub account. You need to pass the following parameters to this file:

• ResourceGroupLocation: the location of the Resource Group of all Azure Resources deployed through this template;
• ResourceGroupName: the location of the Resource Group of all Azure Resources deployed through this template;
• TemplateFile: the template which you have saved and changed in the above step;
• ParametersFile: the parameters file which you have saved and changed in the above step;
• Test: Set this Boolean to true if you want to test the deployment and set this Boolean to false if you want to deploy the template;

Note: This is the FIRST release of this template. I’ve tested the template in multiple environments but errors can exist so take care with deploying. If you receive any errors please let me know! If you want to have additional features let me know and I will try to add these to a next version of the template.