Cloud Slice Guide - Microsoft Azure Setup
- 09 Sep 2024
- 4 Minutes to read
- Print
Cloud Slice Guide - Microsoft Azure Setup
- Updated on 09 Sep 2024
- 4 Minutes to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
This document explains the Skillable Studio platform permissions within each Microsoft Azure Subscription that it will use, and how to enable those subscriptions to be utilized by labs when creating Cloud Slice.
Cloud Addendum
This role requires the Organization to have a Cloud addendum on file.
Overview of Azure Cloud Slice
What Level of Access is Skillable Studio Provided?
When a subscription is enabled for Cloud Slice, Skillable Studio is provided the following access:
Global Administrator on the Tenant
Owner on the Subscription
Subscriptions are enabled for all resource providers
What Do I Need Before Getting Started?
Before getting started with Azure Cloud Slice, you should have the following:
A Microsoft Azure Active Directory Tenant
Recommendation
To minimize risk, Skillable strongly recommends:
This tenant is dedicated to only Skillable Studio Cloud Slice labs. Do not use a tenant that you also use for any other purposes.
You configure External collobaration settings in your dedicated Azure tenant such that Guest user access is highly restricted and that invitations can be sent only to a pre-approved list of external domains (or none at all). You can find these settings in the Azure portal by navigating to Default Directory | Users > Users | User Settings > External collaboration settings.
If you restrict invitations to external domains, please ensure you allow invitations to the skillable.com and learnondemandsystems.com domains.
One or More Azure Subscriptions
It is highly recommended these subscriptions are dedicated to only Skillable Studio cloud slice labs.
While only one subscription is needed to get started, it is recommended to use a group of subscriptions (otherwise known as a "pool") to provide load balancing across them
To aid in cost isolation, it is helpful to separate subscriptions for different purposes. Within Microsoft Azure, it is helpful to segregate these subscriptions within Management Groups.
Tutorials
Enable Cloud Slice support in your Microsoft Azure subscription
In Microsoft Azure, an application registration is used to create the cloud resources contained in each Cloud Slice and to provide students with the user account(s) that they will use for the duration of their lab. In order to make this possible, this application registration must be configured as owner over each Azure subscription from which it will create each Cloud Slice.
To enable Cloud Slice support, you must perform the following tasks for each tenant you are enabling subscriptions within:
To complete these steps, you must login using an account that is both a Global administrator on the Azure Active Directory and an Owner on the Azure Subscription(s). Without these permissions this process will likely fail.
Navigate to the Azure Portal.
From the Azure Portal, ensure your active tenant is the one containing the subscriptions you would like to configure.
From the Azure Portal, Open Azure Cloud Shell.
If prompted, select PowerShell.
If you are put into Bash, switch to PowerShell.
If prompted to create a storage account, do it in any subscription you want.
Within the Azure Cloud Shell PowerShell Prompt, submit the following command.
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/LearnOnDemandSystems/docs/master/lod/quick-starts/cloud-slice/subscription-setup.ps1'))Follow the prompts presented by the terminal and input the information it requests.
When asking you which subscriptions to use, input the number from the "number" column in the subscription list to select which subscription(s) to configure. Leave the field blank and press enter to proceed with setup, reset selections, or exit setup.
Add your subscription(s) to the Skillable Studio Platform
If you are creating a new subscription pool, begin at step 2. If you are adding subscriptions to an existing pool, begin at step 5.
Navigate to Subscription Pools and select + Create Subscription Pool within Skillable Studio.
Define the fields on the Basic Information tab, using the following settings:
Cloud Platform: Azure
Pool Type: ++Manual++
Subscription Mode: ++Shared++
All Other Fields: [Fill in with identifying information]
Health Checks: These are optional, but recommended at an interval you are most comfortable with.
If all or multiple of your subscriptions are within the same tenant, fill in the fields on the Authentication tab.
In the Tenant Name field, put the full domain name of the tenant (Ex. MyTenant.onmicrosoft.com). This is the domain name that user accounts will be created and displayed with.
If you have custom domains defined on your tenant (Ex. MyTenant.com) you may use one of these instead.
The Application ID and Secret should have been retrieved from the Enable Cloud Slice Support step if this is your first subscription(s) within this tenant, otherwise use the credentials you should have stored somewhere secure.
Click the Save button.
Navigate to the appropriate subscription pool.
If you just created one, simply continue from where you left off.
On the subscription pool page, select + Create Cloud Subscription
Add the subscription's name and ID, and optionally a description.
If the Subscription Pool has authentication information set at the pool level, and that information is to be used for this subscription as well, click OK and your subscription configuration is complete.
If the Subscription Pool does not have authentication information at the pool level, or the authentication information for this subscription is different than that information - go to the Authentication tab, select Override Pool Client Authentication, perform steps 4.1 and 4.2 above, and click OK.
Repeat steps 7-10 for as many subscriptions as you need to add to Skillable Studio.
Reference Materials
Was this article helpful?