Extending on-premises Active Directory for virtual machine - azure

We currently have an off-shore resource tunneling into a physical machine from the other side of the world, and we're finding that productivity is being impacted.
I've done some reading on the Azure site, but I'm wondering if someone could tell me directly whether my thought is feasible or not. I'd like to extend our Active Directory into Azure, and have the offshore resource work in an Azure Virtual Machine based off a corporate image. We'd like this user to be able to access network resources like file shares, web servers, TFS, etc... My thought is that the resource will be able to work more efficiently off an Azure VM as his node will be closer.
Is this possible?
Thanks!
Chris

While technically absolutely possible, what you target is not allowed by the licensing party.
In order to fully achieve your goal, you will need a fully licensed RDS (Remote Desktop Services). Which currently does not cover any public cloud environments.
You can check more on VM FAQ section here. What you need is "RDS", check it there and do regular checks on that page, because this might change in the future.

Related

What is a good Azure architecture for Web App Services

I have been researching for a couple days and looking at pluralsight courses but I Can't seem to find a decent answer on how to setup a proper Azure infrastructure.
I have a client app, api backend, and a database as a core of my overall application. I know I need 2 different Web App services and an SQL database.
I also have a need to only allow access to all 3 from our company's IP address.
I'm getting lost with all the VNET and VPN talk and I am wondering if that is even required. Is it considered good to do IP restrictions and call it a day? Should I add an Application Gateway infront of the client application none the less?
If VNETs are required, is it a must to do site-to-site? (don't think we have the authority to do that) If not, how do we access the backend services like the database and API if everything is locked down?
Any help is appreciated because there is too much information and I can't seem to make sense of any of it.
Thanks
It depends a lot on both the purpose of your client application, web application and database, as well as the capabilities that currently exist within your organisation. Have you had a look at the references architectures Microsoft has as a starting point ?
If you are looking at a fairly simple application, deployed to Azure with minimal internal only use, then use something like this reference architecture: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn. You can actually simplify that a little further by removing the load balancers etc if you think traffic will be generally low.
If you are looking for an external application that can only be managed internally, you should adopt something similar to this reference architecture: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server. Maybe even add a VPN component to the management jump box similar to this architecture: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn.
Even this, however may be too complicated for your use case. If your application is pretty basic, is secured using username/password or identity federation, and has low risk data associated with it, then just the basic web application architecture would do fine, just read through the various considerations here: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/basic-web-app

Azure Sql Database - how do you determine the app service name from the database logs?

We're having some issues with Azure Sql Databases, and their host name from sp_who reports back something like 'RD000xxxxxxx' for the hostname.
How can you determine the app service that is connecting to the database from this hostname?
RD000* is the VM hostname if not set explicitly. If you have the access to your deployments, you may be able to check it using APIs (or in case of VM RDP for example). If you suspect that it is not from your deployment, then, i strongly suspect, there is no way to detect who is it (perhaps, technical support may, but i doubt). With some possibility, it will change as well.
I've found it, but not through the management api or the portals.
https://[your-app-name].scm.azurewebsites.net/Env
It's under Machine Name.

Intsalling two servers on an Azure virtual machine

Can we install 2-3 windows servers on a single Azure virtual machine? Or, can we only install one operating system on a single virtual machine?
I would encourage you to look at Azure Websites. Azure Websites provides "slots" that can be configured as dev/test/staging/production very easily and you can run your entire environment on a single VM or multiple VM's (exactly what you were asking for). Websites also provides excellent publishing capabilities, whether directly from Visual Studio, TFS, Git or whatever.
Websites supports scheduled or auto-scaling, custom domains, SSL, scheduled backups (including the database) and if you need Worker Role (back-end processing) capabilities, WebJobs are built in and are easy to use.
Definitely worth checking out. It is extremely rare that I use VM's to host anything anymore. Azure Websites pretty nearly can handle anything.
Hope that helps.

Multiple Web Sites/Roles on Azure, Impact of staging server

I'm looking to set up two web roles or websites on my Azure Cloud Service.
The websites need to share the same database schema. I use NHibernate ORM, so I have to make sure that both projects are always using the same data model, or else it will cause major problems.
I've researched setting up multiple websites on a single web role (which seems odd to me, can't I just run multiple web roles, each with a single site)?
http://msdn.microsoft.com/en-us/library/windowsazure/gg433110.aspx
Like any good developer, I use a staging server. If I have to manually set the domain name is configuration files, how will azure know not to be sending people who visit that domain to the staging server?! I.E. If they visit blah.foo.com and I have two deployments (staging and production), is IIS going to be able to know only to send people to the production environment?
Please advise on the best way to go about doing this.
First, you can certainly have multiple web roles, each with a single site; however, each role instance will be deployed to different virtual machines. For example, if you do set up two web roles when you deploy this with one instance each then there are two virtual machines you'll be paying for. If you want the SLA to apply to your deployment you'd need to actually set the instance count to 2 for each web role, which now means you have four virtual machines running. By combining web sites onto the same web role you'll cut down on the number of instances you need to run and still get the SLA; however, that option is not without some considersations. The link you provided is how you can set up multiple websites to run on the same virtual machine when deployed. Note that there are some gotchas with using that method. I'd suggest reading Michael Collier's Tips for Publishing Multiple Sites in a Web Role.
Second, if you do NOT need to have a lot of control over the virtual machine (such as registering special components, etc.) you might want to look at Windows Azure Web Sites as an option. You can elect to take one of the paid levels of Web Sites and still have dedicated machines, but you can deploy the websites separately. I will say though, that your requirement of having both sites in lock step because they share the underlying database schema means that it will be less likely you will want to deploy separate changes, but it is still possible.
Finally, regarding the staging server. If you are testing locally you'll want to modify your hosts file to get the host names to point to your local address. Wade Wegner has a post on Running Multiple Websites in a Windows Azure Web Role. Once you deploy to Windows Azure you'd want to change your hosts file back, or comment them out. If you are using the actual idea of the Staging deployment slot you can use the same trick with the hosts file to point to the IP address of the staging deployment when testing.

What is the difference between Azure Web Site and Azure Cloud service

We are looking to host a website (some css,js, one html file but not aspx, one generic handler).
We deployed in as:
1) Azure Web Site
2) Azure Cloud Service
Both solutions work. There is a question though: which way of hosting it is better and why? Second thing: as there might be a lot of traffic - which solution would be cheaper?
Thanks in advance,
Krzysztofuncjusz
You may want to review this article that explains the primary differences. Web Sites are best for running web applications that are relatively isolated (that do not require elevated security, remote desktop, network isolation...). Cloud services are more advanced because they give you more control over web sites while still remaining flexible. And VMs are for full control over applications that need to be installed and configured (like running SQL Server for example).
I think that main difference in abilities to modify VM and possibility to configure scalability. Web sites is something like classic hosting, without ability to login by rdp. Cloud Services allows you to configure VM and if necessary setup scalability and availability.

Resources