Building my EMS Lab – Part 1: Setting up the Infrastructure

  • Article

Microsoft is becoming a mobile-first, cloud-first company, and the centerpieces are the Enterprise Mobility Suite and Office 365.

Beyond the vision is a lot of technology, which I like to experiment with in my role as a technical presales. In the upcoming series of posts, I’d like to walk you through how I set everything up, starting from scratch.

 

Where I got the inspiration?

Milad Aslaners posts on “Building an EMS Lab in one day” have been very inspirational and some parts in this guide are identical. The initial idea was to write out the videos he made, but I found that the tools released in the mean time (AD Sync and AD Connect) provide a much nicer experience.

 

What are we building?


The lab is set up in three big parts:

  1. Setting up the infrastructure (this post): because I actually don’t have 4 servers sitting around in my house (only 1 actually, and it’s a production environment J), I set it up on Azure IaaS. The steps within the VMs are identical whether they are hosted on premise or on Azure IaaS, with some caveats that we’ll point out.

  2. Setting up the on-premise components: configuring the domain controller (DC1), active directory federation services (ADFS), the web application proxy (WAP) and the Configuration Manager server (SCCM).

  3. Setting up the cloud part: once we have connected the on-premise part to the cloud the hard part is over. Here we set up the EMS components and Office 365 for the full mobility experience.

     

Prerequisites

You need a couple of things that are not trivial to obtain and may incur a cost, depending on what you/the company you are working for will provide you:

  1. An Azure account – you can get a free trial here

  2. A domain name with access to the DNS records – for example with GoDaddy, approx. 10 EUR/yr

  3. An SSL certificate for that domain (preferably a wildcard one) – approx. 250 EUR/yr at GoDaddy

NOTE: If you are a Microsoft employee, click here to get an Azure account, here to get a domain name, here to get modify to the DNS records and here to get an SSL certificate.

 

Steps

NOTE: For simplicity: if a field is not described, leave it to the default value.

  1. Decide on the name of your lab
    I chose emdemo.be, and will be using this throughout the guide. You can Find & Replace this with your labname unless indicated otherwise.

  2. Open your Azure admin console

    1. Go to Settings > Affinity Groups > Add

      1. Name = EMDemo, Description is whatever you like it to be. Location = West Europe (choose the region that is closest to you)

    2. Go to Cloud Services > New > Custom Create

      1. URL = EMDemo.cloudapp.net, Affinity = EMDemo

    3. Go to Storage > New > Quick Create

      1. URL = EMDemo, Affinity = EMDemo

      2. I chose “Locally Redundant” for cost reasons, but you are free to choose whatever you like

    4. Once your storage account is created, drill down (by clicking on the ‘->’) and click Containers

      1. Click Add (not New)

      2. Type “VHDs”

    5. Go to Virtual Network > New > Quick Create

      1. Name = EMDemo, Location = West Europe

    6. Go to Active Directory > New > Directory > Custom Create

      1. Name = EMDemo, Domain Name = emdemo.onmicrosoft.com, Country = Belgium

      2. Create an Azure AD Admin Account

        1. In your newly created directory, click Users > Add User

        2. New User in your Organization
          NOTE: This will be your cloud administrator. To make your life easier, use the same username as your on-premise administrator, but they will both live their separate lives

        3. Role = Global Administrator

      3. Set the Azure AD Admin Account

        1. Open an in-private browsing session, browse to https://myapps.microsoft.com

        2. Log in with the credentials provided

        3. Choose the admin password

    7. Go to Virtual Machines

      1. We’ll create 4 virtual machines: DC1, ADFS, WAP, SCCM. The process for creating them is identical:

        1. Choose New > From Gallery > From Gallery

        2. Choose Windows Server 2012 R2 Datacenter, click Next

        3. Choose the latest release date, type the VM name, choose a tier (I used Basic for cost reasons), choose a size (I used A2 to have some speed but they also cost a bit more), choose a local admin user & pw and click Next.

          Pro-tip: don’t choose an account that you will be using later throughout the demo (eg. your first name). This will be your admin account and it is not recommended to run demos using your admin account. I used Wouter (and will use it throughout the guide) but I recommend you choose something else, eg. emdemoadmin.

        4. Choose cloud service = EMDemo, storage account = EMdemo, click Next. And Next again to create the VM.
          NOTE that you can only create one VM at a time so this takes some time.

  3. Once your VMs are up & running it’s time to connect to them

    1. Use RDCMan to easily switch between them (Microsoft employees: look here for the latest version)

    2. The address you need to connect to is emdemo.cloudapp.net, with the admin credentials you provided. You can find the port number for RDP when you drill down in your VM > Endpoints > Remote Desktop > Public Port

 

The End Result

Your Azure components should like like this, which gives you the following VMs. Click here to go to the next part.