Onboarding VM with Azure based Azure Resource Manager Template
- 09 Jan 2025
- 15 Minutes to read
- Contributors
- Print
- DarkLight
Onboarding VM with Azure based Azure Resource Manager Template
- Updated on 09 Jan 2025
- 15 Minutes to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
CloudLabs Template is the base of the Hands-on-Lab environment. You can do a variety of configurations under Templates such as adding pre-requisites, enabling roles and policies for users, and much more.
In this document you will be going through with the below topics:
Link to be replaced
Here you will learn more about how to work with CloudLabs Template.
Add Template
Navigate to Templates section that is available in the left menu and click on + ADD button given in the top right corner.
For your convenience, this page is divided into three sections:
A. The fields and their functionality are listed below:
Name: To identify the lab, give a name to the Template.
Cloud Platform: CloudLabs supports three cloud platforms - Microsoft Azure, Amazon Web Services & Google Cloud Platform. Based on our requirments we will use Microsoft Azure
Cloud Resource Usage: This feature helps the system in calculating the cost of a Virtual Machine or the total cost of all Cloud resources. You can select any option from the drop-down menu, but we recommend selecting Cloud Resource Usage.
Code: Use a code as an internal identifier; this code will also be concatenated in the name of the user Resource Group. As an example, if you use the code demolab, you'll be able to tell that the template is about a demo lab. The user's Resource Group will be named ODL-demolab-xxxxxx, where demolab is a lab code, ODL is the default prefix, and xxxxx is the CloudLabs-assigned user unique ID.
Lab Code: Leave it as default
Subscription Type: Choose Shared Subscription as your Subscription Type.
Description: Provide a brief description to describe your lab, its resources and technologies as well as its learnings and benefits. It will be visible to the end users as well.
Lab Launch Page Description: Lab Launch page is basically where you launch your lab environment. You can add any additional instructions to this page that you think are relevant for the users.
B. Moving on to next section, we will learn about the fields listed below:
Custom Page Title: In case you want to customize the title of the Hands-on-Lab Registration page, you can provide a title in this field.
Custom Logo URL: In case you want to customize the logo of the Hands-on-Lab Registration page, you can provide the URL of logo in this field.
Note: The default page title and logo will be displayed, but if you wish to change them, you can use this field. End-users will be able to see it on the Hands-on Lab registration page, allowing you to customize what you want them to see.
Owner Email: In this field you have to provide Email address of the person who is responsible to build the Template.
Reviewed By: This field can be used to have reviewer information who will be reviewing the template configurations.
Deployment Plan: This allows you to choose a number of Resource Groups required in your lab. The selected number of Resource Groups will be pre-created in your environment. To onboard a VM with Azure based lab, please select Single Resource group.
Lab Guide URL: A lab guide is a document that gives users all of the directions they need to complete a hands-on lab. The Lab guide URL can be entered here, and it will appear on the users' lab details page. The lab guide will be available to them once they have accessed the URL.
Demo URL: If you want to provide the users with some samples or quickstarts files for the lab, you can provide the file URL here.
Help Document URL: If you want to provide users with a help manual that will assist them in completing the lab, you can place that document URL here.
Usage Policy URL: Usage policy is used to monitor cores/clusters of Azure resources. In the policy, we have to define a maximum limit of cores/clusters that is allowed for a user.
Copy and paste the mentioned URL in Usage Policy coloumn : https://cloudlabsai.blob.core.windows.net/policy/CommonUsagepolicy.json
Prerequisites URL: If you wish to give people visibility into how the lab is set up or how the pre-requisites for the lab are defined, you may write a document and enter the URL here.
Note To allow the URLs to be entered here, all documents should be in GitHub or PDF format. The users will be able to access these documents by just clicking on the URLs.
Github Master Document URL: This is a JSON-formatted document that is used to arrange the lab guide to a coherent way. We should first prepare the document in JSON format, with section-by-section raw GitHub URLs, as it only supports GitHub raw URLs. Once the document is complete, we can upload it to an Azure blob storage account and use the blob storage URL as directed here.
The URL is included here for a reason. We have a feature named Enable VM Access Over Http which allows you to connect to the VM via browser. When your lab is ready, the environment you receive includes a VM on the left side of the browser and the Lab Guide on the right as sown below:
For a successful setup of both the VM and the Lab Guide, we have some configurations to be done. In the next sections, we will learn more about Enable VM Access Over Http feature(involves the setup of VM) and for now, we will focus on the Master document that involves Lab guide setup.
A master document contains the following information:
Name: Here you have to provide a name for your Lab.
Language: English
Files: In this section we provide the Raw File Path and Order of the file lab guide that should be available in GitHub.
Raw File Path: This is the raw URL of the pages in your lab guide.
Order: Defines the sequence of the pages in your lab guide such as what all should come first and so on.
Example: You have a lab guide in GitHub which includes - Introduction to the Lab, three Exercises to be performed, and a Summary. Rather than preparing one lengthy document, we'll break it down into individual pages on GitHub and fetch the Raw URL for each page. We will add the Raw URL of the pages in Raw File Path, with respect to the order value.
Therefore, the lab guide's final output will follow the flow shown below:
Introduction of the Lab
Exercise 1
Exercise 2
Exercise 3
Summary
For your reference, here is a Master document sample - https://cloudlabsai.blob.core.windows.net/master-doc/master-doc.json
Note : You can store the file in Azure Blob Storage from where you can have the URL of the stored file that can be accessible.
Approx. Deployment Duration: As we are deploying just a VM, you can add 5 minutes of deployment duration in this section. The expected deployment duration will be defined throughout this time period. The period you enter in this area will be displayed to users as a countdown to the start of the Lab.
Region: Here you can choose one or more Azure regions where you want to have the Azure resource deployments. The selected regions will automatically get reflected in the Lab setup. for the VM with Azure based lab you can add two regions as EastUS and WestUS.
Attendee Lab Cost Limit : Leave it as Default.
Attendee Duration Limit(in Mins): Leave it as Default.
Excluding Output Parameters: You can add one or more output parameter names that needs to be excluded from the Environment details tab. Enter trainerUserName and trainerUserPassword in the coloumn.
User Lab Experience Types: Leave it as Default.
Idleness Resources: Leave it as Default.
Synchronization Resources: Leave it as Default.
Control Panel Resources: Leave it as Default.
C. In the last section, we will learn about the features that can be enabled:
Create Service Principal: This feature is used to create a Service Principal as a part of pre-requisites. On checking this box, a Service Principal will automatically get created in the user environment. On checking Create Service Principal box, two more features will appear on the page as given below:
Send Service Principal: The details of the Service Principal, such as Application Id, Application secret key, subscription ID, Tenant ID, and Tenant domain, will be exposed to users in the lab details page.
Is Service Principal Dependent: Enable this check box if you need to use the SPN in your pre-requisite configuration OR if any pre-requisite resources require the SPN during deployment.
Allow Global Admin Privilege: Check the box if you want to assign Global Admin Privileges to the users.
Users that hold this role have access to all Azure Active Directory administration functions as well as services that use Azure Active Directory identities like Microsoft 365 security center, SharePoint Online and much more.
Global Administrators also have the authority to manage all Azure subscriptions and management groups by elevating their access.
Using the corresponding Azure AD Tenant, Global Administrators can have complete access to all Azure resources.
Enable Lab Validation: This is not a required field but if needed it can be enabled.
Info Lab validation enables you to check whether lab tasks are completed appropriately. In case the user had issues performing the lab, that can be checked under validations. To onboard the lab validation kindly reach out to your point of contact or CloudLabs Support).
Enable Custom RG Name: Checking this box will create resource groups with custom-suffix as its name. [Once the RG is deployed, it will have -RG as the suffix.
For example: You provide a name say Demo. So in your environment, the Resource Group name will be Demo-RG. ]
Enable VM Access Over Http: This option allows you to access the virtual machine through a web browser. If the Microsoft RDP client does not allow you to connect to the VM, here is another method is to connect to the VM via a browser. After enabling this functionality, we must complete further setups in order to set up RDP over HTTPS access, which we will cover in Virtual Machine Configuration.
Enable VM Shadow: COVID-19 has changed the way training and workshops are conducted. Virtual workshops are the new normal in the learning industry now. Shadow feature allows instructors to shadow the user's environment / VMs (virtual machines) and provide support in real-time.
Shadow student’s lab environment
Provide Support in real-time
Observe progress
Collaboration
Dynamic RGs Available: Leave the box Unchecked.
Delete Deployment Info After Success: You can check the box, if you want to clean up the deployment history from Azure Portal. This will not effect the deployed resources in the Azure.
Any Post Manual Steps Required : Leave the box Unchecked.
Any Pre Manual Steps Required: Leave the box Unchecked.
Enable Optimize Disk Cost: Leave the box Unchecked.
Show Resources Tab: Leave the box Unchecked.
Install VM Agent For Idle Detection: Leave the box Unchecked.
Enable Lab Preview: Leave the box Unchecked.
At last, click on SUBMIT button to save all the configurations. Once you've submitted the template, you'll be directed to the main Template page where the template you created will be listed as shown in the image below.
Now you have to reopen the template to configure other available functionalities, so click on Edit button.
Here you will have access to the following functionalities in order to fully configure a CloudLabs Template:
ARM Template
Template Permissions
Custom Handlers
MS Cloud Licenses
Deployment Script Repository
Virtual Machine Configuration
Course Details
Template Audit
Now we'll have a look at each of the features to understand how they work.
ARM Template
As the name suggests, you will provide the ARM template files here to provision your lab environment. These ARM template and Parameter files must uploaded to a publicly accessible Azure Storage Container, refer to the below image on how to copy the file URL from a Azure storage account Container. If your lab does not need pre-deployed Azure resources, you can skip this step and move on to the next step.
ARM template file: The ARM Template is a JavaScript Object Notation (JSON) file that outlines your project's infrastructure and settings. The resources required for deployment as well as their properties must be specified in the template.
An ARM Template has the following sections:
Parameters - In the parameters section of the template, you specify which values you can input when deploying the resources.
Variables - In the variables section, you construct values that can be used throughout your template. You don't need to define variables, but they often simplify your template by reducing complex expressions
Resources - In the resources section, you define the resources that are deployed
Outputs - In the outputs section, you specify values that are returned from deployment. Typically, you return values from resources that were deployed.
Parameter file: Rather than passing parameters as inline values in your ARM Template, you can use a JSON file that contains the parameter values. The parameter names in your parameter and template files The parameter names in your parameter file must match.
To learn more about ARM Template, check Create and deploy your first ARM template.
Take the steps below to get started:
Click on the + ADD button.
Fill up the below given sections:
Resource Group: Select a resource group from the drop down.
Custom Suffix: This option will be available only if you select Enable Custom RG Name box that was mentioned in the previous section. Here you can give a custom name to your Resource Group.
ARM Template URL: Copy and paste the below mentioned URL:
Below ARM template is having all the required resources to create a basic Windows Server 2016-Datacenter VM on Azure.
https://cloudlabsai.blob.core.windows.net/templates/deploy-03.jsonBelow ARM template is having all the required resources to create a basic Ubuntu Server 20.04 LTS VM on Azure.
https://cloudlabsai.blob.core.windows.net/templates/deploy-04.jsonIf you want to create an ARM template with specific VM configurations for Windows VM and Linux VM, navigate to the below mentioned URL:
Parameter Template URL: Copy the appropriate Operating Systems's parameter file URL from the below mentioned URLs and paste it in the CloudLabs template's Parameter Template URL section::
Below Parameters file is having all the required Parameters that is needed to create a basic Windows Server 2016-Datacenter VM on Azure.
https://cloudlabsai.blob.core.windows.net/templates/deploy-03-parameters.jsonBelow Parameters file is having all the required Parameters that is needed to create a basic Ubuntu Server 20.04 LTS VM on Azure.
https://cloudlabsai.blob.core.windows.net/templates/deploy-04-parameters.jsonClick on SUBMIT to save the configurations.
TEMPLATE PERMISSIONS
To provide access at a certain scope, such as resource group and subscription, you assign roles to users, groups, service principals. Template permissions allow you to control who has access to Azure resources, along with what they can do with them and what areas they may access.
Here are some examples of what you can do with Template permissions:
Allow one user to create/manage Azure resources in a particular Resource Group by assigning them a Contributor role on the resource group.
Allow user to view all resources in a subscription, but do not allow to make any changes by assigning them Reader role on subscription level.
Allow a specific size of the virtual machine and restrict all other sizes.
Allow users to create only a storage account.
Now we will learn how to assign permissions on CloudLabs Template.
Click on the + ADD button.
Now fill up the following sections:
Permission Type: Here we have three types of Permissions -
Azure Built-in Role: Roles that are available in Azure itself.
Azure Custom Role: If the Azure built-in roles don't meet the specific needs of your lab, you can create your own custom roles.
Custom ARM Policy: Restricts a user by scaling the compliance of Azure resources.
All further configurations are based on the permission type you select. To make it easier for you to understand that how each permission type works, we have divided them into three cases:
Case 1: If you select Azure Built-in Role, then you will have the following configurations available:
Profile Type: Here we have three types of Profiles:
Attendee: Select this option if you want to assign permission to a User.
Instructor: Select this option if you want to assign permission to an Instructor/Mentor/Proctor.
Group Member: Select this option if you want to assign permission to a user who is an Azure Active Directory Group Member.
Identity: Select AAD User from the drop down.
Scope Type: Select Azure from the drop down.
Scope Level: With Azure Built-in Role selected as permission type, you can specify a scope at the resource group level.
Permission: Here we have four permissions available, they are:
Reader: You can view all resources but you are not allowed to make any changes in the resource group.
Contributor: Allows you to manage all resources in the resource group, however, you can't assign roles in Azure RBAC.
Owner: Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
Storage Blob Data Owner: Provides full access to Azure Storage blob containers and data.
Launch Type: We have two options available here, they define that when should the restriction be applied.
Apply at Launch: This will apply for the role before starting the deployment of the lab.
Apply Manually: Here, you have to apply for the role manually, it won't get assigned automatically.
At last, click on the SUBMIT button to save it.
Case 2: If you select Azure Custom Role, then you will have the following configurations available:
Profile Type: Here we have three types of Profiles:
Attendee: Select this option if you want to assign permission to a User.
Instructor: Select this option if you want to assign permission to an Instructor/Mentor/Proctor.
Group Member: Select this option if you want to assign permission to a user who is an Azure Active Directory Group Member.
Identity: Select AAD User from the drop down.
Scope Type: Select Azure from the drop down.
Scope Level: With Azure Built-in Role selected as permission type, you can specify a scope at the resource group level.
Permission Data: Copy and paste the below mentioned URL.
https://cloudlabsai.blob.core.windows.net/policy/Rbac.jsonNote : If you are creating your own Rbac permissions make sure you are storing the publically accessible Storage Blob and provide URL in the coloumn.
Launch Type: We have two options available here, they define that when should the restriction be applied.
Apply at Launch: This will apply for the role before starting the deployment of the lab.
Apply Manually: Here, you have to apply for the role manually, it won't get assigned automatically.
At last, click on the SUBMIT button to save it.
Case 3: If you select Custom ARM Policy, then you will have the following configurations available:
Scope Type: Select Azure from the drop down.
Scope Level: With Azure Built-in Role selected as permission type, you can specify a scope at subscription as well as resource group level.
Permission Data: Copy and paste the below mentioned URL.
https://cloudlabsai.blob.core.windows.net/policy/policy.jsonNote : If you are creating your own Policy rules make sure you are storing the publically accessible Storage Blob and provide URL in the coloumn.
Launch Type: We have two options available here, they define that when should the restriction be applied.
Apply at Launch: This will apply for the role before starting the deployment of the lab.
Apply Manually: Here, you have to apply for the role manually, it won't get assigned automatically.
At last, click on the SUBMIT button to save it.
MS CLOUD LICENSES
There are some conditions that must be met before a user can access Microsoft products. To fulfill those conditions, we have Microsoft licenses to provide software services and hosted applications for the users performing your lab.
This function grants you access to a variety of Microsoft licences which include Power BI Pro, Office 365 Business Essentials, Azure Active Directory Premium P1 and much more. Some of those are shown in the image below:
Now we have a set of instructions listed below that will show you how to add a License:
Click on the + ADD button.
Perform the following steps to pick a license:
MS Cloud License: Select the required license from drop down.
Click on SUBMIT to save the configurations.
VIRTUAL MACHINE CONFIGURATION
This feature allows you to configure your host virtual machine and complete the setup for RDP over HTTPS access. As we stated earlier that once your lab is ready, the environment you receive will include a VM on the left side of the browser and the Lab Guide on the right.
Therefore, by providing the required configuration here, it will reflect your host VM in your lab environment.
Take the steps below to get started:
Click on the + ADD button.
Under Add VM Configuration, add following values:
Name: Enter labvm-{GET-DEPLOYMENT-ID}.
Type: Choose RDP
Server DNS Name: Enter LabVM DNS Name
Server User Name: Enter LabVM Admin Username
Server Password: Enter LabVM Admin Password
Instructor Username: Enter TrainerUserName
Instructor Password: Enter TrainerUserPassword
At last, click on SUBMIT to save the configurations.
Leave the COURSE DETAILS , TEMPLATE LAB ASSET , TEMPLATE AUDIT tabs as default.
Scroll to the top and click on Submit to save the configurations.
