How Do I Set Up A Secure Remote Developer VM? - azure

We have a bring your own device program in our company but after a security review we can't let users/developers have admin access, use removable drives, download Azure data etc.
Essentially, we need them to do all their work on VMs instead of their own PCs.
The simplest solution here seems to be to create remote VMs (i.e. not locally using Virtualbox) for developers to do their work on instead of using their PCs directly.
Is there a way to do this using Azure or do we have to purchase a Citrix license?

Related

Development with offline Azure Active Directory

We are developing a HTML5/Angular web application with a server backend that willb be hosted in MS Azure which will also authenticate via the Azure Active Directory. However, during development, there is occasionally the need to work offline and disconnected from the internet. When this happens it is not possible to debug and test the application as it is not possible to reach Active Directory to authenticate.
It is possible to create a local Virtual Machine in VirtualBox with all the necessary AD functionality included and then switch the software to use that local VM in development mode but then Azure AD in release mode?
If it is, what steps/roles etc.. will need to be installed in my local Server VM.
Many thanks
Alan
No, it is impossible to use the feature provide by Azure AD without internet connect.
It is possible to create a local Virtual Machine in VirtualBox with all the necessary AD functionality included and then switch the software to use that local VM in development mode but then Azure AD in release mode?
If you want to use the authentication, you may need to setup your own Identity Provider server when you are working off-line. There are a lot of open source library can help to setup the Identity Provider server like IndentyServer,
AspNet.Security.OpenIdConnect.Server etc.

Share Azure Virtual Machine

Is it possible to setup a virtual machine on Azure and have that same instance of the virtual machine visible to multiple users?
We are an ISV. Our users are scattered globally. We would like to use an Azure virtual machine to guide users though setup of our software. Ideally our helpdesk would demonstrate our software on the VM while the new user looked on.
The software is ultimately installed on the users local machine. The virtual machine is just for offering support.
We see this as a potential alternative to a product that allows the helpdesk to remote into the user's machine.
Yes. You can just use the users and groups dialog in Windows Server to create multiple users, and then give those users Remote Desktop access. This isn't specific to Azure though, it's just the capability of Windows Server.
See: https://technet.microsoft.com/en-us/library/cc732336.aspx
On the other hand there is a limit for user quantity by default. See
https://serverfault.com/questions/549297/how-to-enable-the-2-concurrent-1-console-sessions-on-windows-server-2012

Intsalling two servers on an Azure virtual machine

Can we install 2-3 windows servers on a single Azure virtual machine? Or, can we only install one operating system on a single virtual machine?
I would encourage you to look at Azure Websites. Azure Websites provides "slots" that can be configured as dev/test/staging/production very easily and you can run your entire environment on a single VM or multiple VM's (exactly what you were asking for). Websites also provides excellent publishing capabilities, whether directly from Visual Studio, TFS, Git or whatever.
Websites supports scheduled or auto-scaling, custom domains, SSL, scheduled backups (including the database) and if you need Worker Role (back-end processing) capabilities, WebJobs are built in and are easy to use.
Definitely worth checking out. It is extremely rare that I use VM's to host anything anymore. Azure Websites pretty nearly can handle anything.
Hope that helps.

Extending on-premises Active Directory for virtual machine

We currently have an off-shore resource tunneling into a physical machine from the other side of the world, and we're finding that productivity is being impacted.
I've done some reading on the Azure site, but I'm wondering if someone could tell me directly whether my thought is feasible or not. I'd like to extend our Active Directory into Azure, and have the offshore resource work in an Azure Virtual Machine based off a corporate image. We'd like this user to be able to access network resources like file shares, web servers, TFS, etc... My thought is that the resource will be able to work more efficiently off an Azure VM as his node will be closer.
Is this possible?
Thanks!
Chris
While technically absolutely possible, what you target is not allowed by the licensing party.
In order to fully achieve your goal, you will need a fully licensed RDS (Remote Desktop Services). Which currently does not cover any public cloud environments.
You can check more on VM FAQ section here. What you need is "RDS", check it there and do regular checks on that page, because this might change in the future.

Access internet on Azure VM

Recentely, I deploy a worker role that it will connect to internet and attemp to access some websites (For example: http://somewebsite.redmond.corp.microsoft.com/en-us/library/).
It successfully access the websites on my development machine running on emulator. But on the Azure virual machine that I deploy my worker role to, it is not able to access the websites. I try to open the websites on VM browering in IE, it is also not able to.
Have u emcounter similar issues? How do u deal with it?
This has nothing to do with accessing the Internet. The URL you provided isn't publicly visible (at least I can't access it from my machine). This means you're attempting to visit a URL behind a firewall, possibly requiring a VPN to access.
Windows Azure VM's, whether worker roles, web roles, or Virtual Machines, are in a public cloud and not behind any firewall. If you wanted to access it from a Windows Azure VM, you'd need to set up a Virtual Network, introduced in the Spring 2012 update. More information here.
Try using Elevated premissions for this. Once,I tried to access internet through RDP of a Role, It was working at that time hence it should be possible for you to access internet. But if are trying to download exes and execute, I Think that isn't possible.Please post you Results here.
Regards,
Vijay.

Resources