Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 15)

If you would like to read the other parts in this article series please go to:

Introduction

In part 14 of this article series revolving around what the Windows Azure service is all about as well as how you deploy an Exchange hybrid deployment in Windows Azure, we talked about the identity models that are available when setting up an Exchange hybrid between an on-premises Exchange organization and Exchange Online. In addition, we covered the state of the nation, when it comes to directory synchronization.

Creating the two Virtual AD FS Machines in Windows Azure

We have reached the moment where we are ready to deploy additional virtual machines in our Azure-based lab environment. This time the two internal virtual AD FS servers that will be used to establish identity federation between the on-premises Active Directory forests and the Azure Active Directory tenant as depicted in Figure 1.

Figure 1: Deploying the AD FS Farm

To do so, in the Windows Azure Management portal, click “Virtual Machines” in the left pane. Under the “Virtual Machine Instances” tab, click “New” in the lower left corner.

Figure 2: Virtual Machine Instances

In the wizard, select “From Gallery”.

Figure 3: Creating Virtual Machine from Gallery

In the gallery, select the “Windows Server 2012 R2 Datacenter” image and click the arrow in the lower right corner.

Figure 4: Choosing the proper image from the gallery

Now we need to provide a name (which will also become the NetBIOS name of the server) for the virtual machine and specify the building block to use. Since I want to keep compute power as low as possible, I will configure the virtual AD FS servers with the “Extra Small (shared core, 768 MB memory)” building block.

Note:
You can switch between the building blocks at any time after the virtual machine has been provisioned if you require more compute power for the respective virtual machines during specific periods.

Also, enter the admin account name and provide a complex password for it and then click the arrow in the lower right corner.

Figure 5: Specifying name, building block and admin credentials for the virtual machine

We are brought to the page where we can configure the cloud service, network, storage account and availability set.

In the “Cloud Service” drop-down menu, you will be able to see a list of the cloud services created so far. Since this is the first AD FS server we are deploying and because we don’t want it on an existing cloud service, select “Create a new cloud service”.

In the cloud service name, we should enter the DNS name through which the AD FS virtual machine(s) should be accessible from the Internet. We do not plan to have the AD FS servers accessible directly from the Internet as we will use WAP servers to publish them (other than through remote desktop and PowerShell), but in order to place the servers in the same Availability Set, we also need to place them in the same Cloud Service. We will call the Cloud Service “AzureLabADFS”, so that it is not bound to a single AD FS server name-wise.

Note:
All servers placed in a cloud service will by default be available from the Internet via “<insert_name>.cloudapp.net”. However, we can use CNAME or A-records if we want to use custom domain names, which we will in this article series.

In the “Region/Affinity Group/Virtual Network” drop-down menu, we will select the virtual network we created earlier on in the article, which is “VirtualNetwork1”.

Under “Storage Account” we will use the one we previously created as shown in Figure 6.

Finally, under “Availability Set”, select “Create an availability set” and set a name for it. I will call it “AzureLabADFS” as I wish to use this for both AD FS Servers that are being deployed in my lab environment.

Scroll down to the next section of the page.

Figure 6

Here we can add, modify or delete endpoints for the respective virtual machine. Endpoints are the TCP or UDP protocol based ports through which it should be possible to access the virtual machine/cloud service from the Internet. Notice that the public port for remote desktop is set to “auto”, which means that a random port number will be configured during the provisioning of the virtual machine.

For the AD FS role, we will leave the defaults as is and click the arrow in the lower right corner.

Figure 7: Virtual Machine Endpoints

On the “Virtual machine configuration” page, leave the defaults as is and click the check mark in the lower right corner to create and provision the virtual machine.

Figure 8: Virtual Machines Agent that will be installed

Now repeat the above steps in order to create the second virtual machine for the AD FS service. The only difference should be the name of the server as shown in Figure 9.

Figure 9

We have now created and provisioned the AD FS servers which will be used to establish identity federation between our “on-premises” Active Directory forest and the Azure Active Directory tenant.

This concludes part 15 of this multi-part article in which I provide you with an explanation of what Windows Azure is and how you configure an Exchange 2013 hybrid lab environment in Windows Azure.

If you would like to read the other parts in this article series please go to: