Group management is necessary to have governance and compliance in check. The main idea of any governance talk is to have Azure Policies and A
As a trainer, I always have a set of prerequisites when I’m about to deliver a training. Usually those prerequisites are sent weeks in advance but most of the times if not all, the participants never have them installed. What I have in my back pocket is an ARM template with two-three predefined images which I mass deploy before a training and provide access to the participants so we prevent this hassle.
The reality is that having this approach is complicated. My images are created with Packer within a an Azure DevOps pipeline and while it’s all fun and geeky to do everything by yourself, you don’t always have time to update the packages, you forget VMs running and so on.
I was stoked when Microsoft came out with a new feature in Azure called Lab Services which opened up the possibility of doing everything I just mentioned, in a simple, secure setting.
This feature / offering is similar to DevTest labs but it provides a new portal where the Lab creators and Lab participants can open without much hassle.
So how can we use it?
Creating and using the Azure Lab Service is pretty simple as shown below:
Creating a Lab services account is pretty simple, you go to the Azure Portal, type in Lab Services and create it in a resource group.
After you created the lab, your next step is to add yourself and or other people as the Lab Creator RBAC role via the IAM blade because even if you’re owner, you will not be able to use the labs. Once that’s done, you can proceed to https://labs.azure.com
On a first look, the lab portal is pretty simple. If it’s newly created, you will be prompted to create a new lab.
Step by step process
If you want to create a new lab, go to the new lab icon in the upper left corner, type in a name and set the maximum number of VMs per lab. Don’t worry the number you set there is not permanent and you can change it later if required.
After you press save, you will be presented with the next screen where you can select what virtual machine you will want to use for your template. You have a number of virtual machines presented in that list but if you want to expand that list, you have to go to the Azure portal on the Labs resource and select the Marketplace images from the policies tab where you have the option of enabling other type of images.
Once you select the image that you want and press next, you will be prompted with the next screen where you will input the username and password for the template VM and all the VMs that will be created after it.
After you press create, the template will be created and you’re going to have to wait a while for it to be completed ?
Next up is the configuration phase where you will connect to the VM, do your configuration and then complete the lab configuration.
Next screen is a review screen where you can either publish the lab or save for later.
The publishing phase takes a while so this is the time to get a donut or hit that Netflix show ?
How does it look like?
Once the lab is done, it will pop up in the main screen where if you’re a lab creator, you will have the option of customizing some settings for the lab like:
- Re-configuring the template
- Republishing the lab
- Set up on/off schedule for the VMs
- Configure a restricted user list for the labs or make it public if they have the registration link.
One of the minor caveats of the solution is that the participants require to log in using either an MSA or a work account. I call it minor because most of the times, the participants have an MSA or work account, but there are times when you’re doing public hands-on labs, workshop settings and others where you cannot expect that all of the participants have that.
The solution to this problem is Azure B2C. You create an Azure B2C tenant, link it to your Azure Subscription and create B2C accounts and add them to the lab services. That’s the best solution out there for these kinds of cases because you don’t deal with e-mail accounts and any other PII information and second, you have complete control over the user accounts.
Another issue that I found is that if you’re Lab Creator owner with the same account on multiple labs, it will not prompt you which lab you want so waiting for a fix on that.
For the final notes, this is an excellent offering for me as I will be using it heavily for my training session or workshops.