Deploying Software and Joining domains on Azure VMs RRS feed

  • Question

  • Hi all,

    Relatively new to Azure, but since Forefront Identity Manager is now supported in Windows Azure VMs, I'm looking at how to deploy it there, with the purpose of building a how to.

    The two things I think I understand, but just hoping people could confirm for me:

    1) How do I deploy MS software to my Azure VM?

    I have MSDN Universal and after confirming that my license covers using the software in Azure for dev/test/demo purposes, I now want to install it.

    As far as I can see, to do this I basically need to download the iso to my VM and install it from there.

    The other option would be to build my own Hyper-V VM, and upload the VHD, or alternatively choose from one of the in-built templates in Azure? None of the latter 

    Is there a better way that I'm missing? I would expect in this sort of situation, that I might have an "app store" situation where I could do a one-click deploy. After all, it was about that easy to setup the VM!

    2) How do I join a domain?

    So as far as I can see, I can't/shouldn't join my Azure VM to my Azure AD domain. Is that right? My understanding is this isn't what it's meant for.

    With that in mind, on the MS Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines, under "Why deploy Windows Server AD DS on Windows Azure Virtual Machines?", it says this:

    "Finally, you may want to deploy a network application on Windows Azure, such as SharePoint, that requires Windows Server Active Directory but has no dependency on the on-premises network or the corporate Windows Server Active Directory. In this case, deploying an isolated forest on Windows Azure to meet the SharePoint server’s requirements is optimal. Again, deploying network applications that do require connectivity to the on-premises network and the corporate Active Directory is also supported."

    Okay, so from this I can infer that my Azure VM can join to on-premise domains... but in this case, it's a demo environment I'm setting up and it suits me to have this hosted in the cloud.

    In that case, it sounds like the best way to move forward is to create a new VM in my Windows Azure environment and promote it to be a DC.

    Am I on the right track?

    - Ross Currie

    FIMSpecialist.com | MCTS: FIM 2010 | Now Offering ECMA1->ECMA2 Upgrade Services

    Saturday, June 1, 2013 3:51 PM


  • 1) If the Microsoft software you want is not pre-provisioned in a gallery image (SQL Server, BizTalk Server, SharePoint) then you do need to install it yourself. I would recommend you use a stock gallery image and do the deployments in the cloud. Otherwise, you face the time it takes to upload a VHD which could take some time (depending on your bandwidth).

    if you do this a lot you might want to investigate scripting the initial deployment, as well as the use of images.

    2) You certainly can join a VM to a domain created in Windows Azure. Microsoft provides the following online documentation:

    Install a new Active Directory forest in Windows Azure (also shows how to add a VM to the domain)

    Guidelines for deploying Windows Server Active Directory on Windows Azure Virtual Machines

    The Windows Azure Platform Training Kit is an essential (free) resource that contains a wealth of hands-on labs including a couple showing how to deploy Active Directory using the Portal or PowerShell.

    Anton Staykov has a nice short post describing the creation of a domain in Windows Azure.

    (If memory serves, once you deploy a VM into the domain you need to reboot it for the settings to be picked up.)

    Saturday, June 1, 2013 4:31 PM