Last week I finally published my first Azure ARM template for deploying a RDS environment. This template was based on a Azure AD Domain Services environment and depends on the Azure AD Application Proxy for publishing the RD Web and RD Gateway role. The good news for this deployment was that no DMZ was necessary. The bad news was that the UPD channel of the RD gateway cannot be used. Today I will publish a template which is based on a existing Azure Active Directory (not specially Azure AD Domain Services) and on publishing the RD Web and RD Gateway roles in the DMZ for publishing the environment. This template is basically re-using 75% of the template and scripts of the Cloud Only Deployment.
Let’s start with giving the link to the template. I’ve published the template and the parameters files on Github:
Next step is to download both files from my GitHub account and save them both to a local location on your workstation. Next step is to change the parameter file to your environment. At least the following parameters need to be adjusted to your own environment:
- adminPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
- CertifcatePFXName: Change this value to the name of the certificate which you have upload to the storage account created in step 4;
- CertifcatePFXPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
- DomainJoinUserPassword: Change the KeyVault ID so it points to the Azure KeyVault created in step 3;
- DomainFQDN: Change this value to the Fully Qualified Domain Name on your Active Directory domain;
- DomainFQDNExt: Change this value to the Fully Qualified Domain Name of your public domain;
- DomainOURDServers: Change the DC values to the Fully Qualified Domain Name of your internal Active Directory domain;
- DomainOUS2DServers: Change the DC values to the Fully Qualified Domain Name of your internal Active Directory domain;
- AssetStorageAccount: Change this value to the Storage Account Name created in Step 4;
- AssetStorageAccountKey: Change this value to the Storage Account Key created in Step 4;
Note: Within the RDS environment a valid certificate is needed for configuring the specific roles. This certificate need to be upload to a private storage account protected with a key. You can use an existing or a new storage account.
When you have adjusted the template and the parameter to your needs you can deploy the template by using the ‘Deploy-AzureResourceGroup.ps1’ which you can also find on my GitHub account. You need to pass the following parameters to this file:
- ResourceGroupLocation: the location of the Resource Group of all Azure Resources deployed through this template;
- ResourceGroupName: the location of the Resource Group of all Azure Resources deployed through this template;
- TemplateFile: the template which you have saved and changed in the above step;
- ParametersFile: the parameters file which you have saved and changed in the above step;
- Test: Set this Boolean to true if you want to test the deployment and set this Boolean to false if you want to deploy the template;
Note: This is the FIRST release of this template. I’ve tested the template in multiple environments but errors can exist so take care with deploying. If you receive any errors please let me know! If you want to have additional features let me know and I will try to add these to a next version of the template.
Virtual Machines:
Load Balancers:
Storage Accounts:
SQL Server + Database: