Drive consistency with Azure Stack and CSP

 Robert Kuehfus, Cloud Solutions Architect, One Commercial Partner (OCP)

To best show the process of deployment, this blog will guide you through a sample tenant created through the Cloud Solution Provider (CSP) program to connect a Microsoft Azure Stack deployment (ASDK) to an Azure Subscription. In this scenario, I'm playing the role as a Microsoft Partner with CSP and have a need for a hybrid cloud for one of my customers. In this case my customer would like to do development on-premise and run production in the public cloud. I will be showing several screenshots to help walk you through the process.

To get started, I need to have my CSP customer created with a few services. In the Microsoft Partner Center portal, let's create a new customer and make sure they have Azure Active Directory Basic and an Azure Subscription. In my case, I called the customer OCP Az Stack MSP, and anAzure Subscription called Microsoft Azure Stack Sub.

Note: If you plan to follow along, head over to our Quickstart for evaluating Azure Stack and use the Azure Active Directory and Azure Subscription from above when deploying Azure Stack.

Once your deployment is complete you can verify that you are properly connected by logging into the Azure Stack Administration Portal with your Azure AD credential from above. From here, I verified by looking at the top right once I opened the Administration portal that the directory information was correct after the install.

After I deployed the Azure Stack Development Kit (ASDK), I connected the Azure Subscription created in the tenant (created in CSP) to Azure Stack to pull down Marketplace items by running the following PowerShell.

Add-AzureRmAccount -EnvironmentName "AzureCloud"

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.AzureStack

Import-Module C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1


$AzureContext = Get-AzureRmContext

$CloudAdminCred = Get-Credential -UserName AZURESTACK\CloudAdmin -Message "Enter the cloud domain credentials to access the privileged endpoint"

Set-AzsRegistration `

   -CloudAdminCredential $CloudAdminCred `

   -PrivilegedEndpoint AzS-ERCS01 `

   -BillingModel Development


Once the script complete, if you sign in to your Azure subscription from the Azure Portal you should see an Azure Stack resource type “Microsoft.AzureStack/registrations” in the “All resources” view. Also, check out the Activity log and you will find some interesting events initiated by the Azure Bridge.

From Azure Stack Administration Portal, I was able to pull down images and extensions from the Marketplace.

Now that I have the Azure Stack environment properly configured to my Tenant and initial default subscription, it is time to create some offerings. As a CSP, I want to make sure these offerings are linked to their own subscription in Azure Stack to easily track billing and consumption (quotas). In this scenario, my developers for the eStore product need to work in both Azure Stack and Azure.

Back on the Microsoft Partner Portal, I created my users in my customers tenant and assigned them an Azure Active Directory Basic license.

I then logged into my Azure portal, went to Azure Active Directory and created a group and assigned users (more on this later).

Now, let's log into Azure Stack Administration Portal and create some offerings, plans and a subscription for the eStore development team.

  1. Create a new plan called "Standard_IaaS" and select Microsoft.Compute, Microsoft.Network and Microsoft.Storage.
  2. I want to make sure I set some boundaries around how much capacity my development team can use, so I set quotas for Storage, Network and Compute (example below). For each resource type I set a quota.


3. Once the quotas are setup, I created the plan “Standard IaaS” and selected my three services and quotas.

4. Next, I created a second plan called "Standard_IaaS_x2_Addon" for my development team to add additional capacity (if needed). In this case, I reused the same quotas I created above

Now that I have two plans for my development team to use, let’s create an offer for the deployment team so they can use these plans in their own subscription. Under Offers, I created a new one called Offer_IaaS and I also made sure to select the standard-iaas base plan. Although my screen shot below does not show it, I did select my standard-iaas-x2-addon plan for the Add-on plans.

Once created, you may notice we do not have a User Subscription assigned to this Offer. So let’s create that next.

Under User Subscription in the Azure Stack Administration Portal, let’s create a new User Subscription and call it eStore Development. I will also configure the User (which will be the owner), the directory tenant and select the Offer I created previously.



I’m not sure if you noticed (how could you miss it), but when we were in the Offer, there was a warning about it being private. Let's go back and switch that to Public so that our eStore developers can use it.

One other thing, we need to configure access to our Azure Stack for our eStore developers by going to the Default Provider Subscription and configuring the correct level of access. In this example, I'm going to grant them Contributor across the board.

Now if I log into the Azure Stack Portal with one of my eStore developer accounts I do indeed have a subscription available to me, but it initially does not have the Add-On plan.


But I can easily add the Standard_IaaS_x2_Addon to my subscription from the “Add plan” button.

Before I start deploying VMs, I want to make sure I have registered the providers for my Subscription so head over to the Resource providers and make sure you have them registered.

Now let's deploy our first VM in our new Azure Stack User Subscription which is associated up to our tenant created in CSP.

And there we have it!

Hopefully this gets you thinking about the possibilities around using Azure, Azure Stack and CSP. One of the next scenarios I plan to test is using the new Remote Desktop Modern Infrastructure (RDMI) with Azure Stack to keep critical workloads on-premise, but move some of the overhead and access to Azure.

Applications and Infrastructure Technical Community


Comments (0)

Skip to main content