Set up an Azure Stack Cloud Operator and Developer Workstation Environment

If you are responsible for managing and operating Azure Stack, you will need to enable a couple of tools to manage Azure Stack. This post should give you a summary of what you should do to setup your Azure Stack Operator and Developer workstation environment.

Operating System

First of all, you should set up a clean base system. I usually use the latest version of Windows 10, right now the latest Windows 10 version is the Fall Creators Update which gives you some great features like the OpenSSH client or the Windows Subsystem for Linux build in, or I use Windows Server 2016 with Desktop Experience. Make sure you install all the latest updates for Microsoft Update.

Install Visual Studio Code

Visual Studio Code is a new, free, lightweight cross-platform code editor for building modern web and cloud applications on Mac OS X, Linux, and Windows. It is perfect for editing JSON files and even writing some code. And it has a built-in Terminal, so you don’t have to switch between different windows.

I recommend you install the following Extensions:

code --install-extension ms-vscode.vscode-azureextensionpack
code --install-extension ms-vscode.powershell
 
code --list-extensions

Install SSH Client or Windows Subsystem for Linux (WSL)

To manage if you need to manage the hardware switches, border switches, Linux Virtual Machines running on Azure Stack is connected, SSH is the way to access it. Windows 10 now comes with several builtin options like the OpenSSH Client which you can install as an additional feature or for example the Windows Subsystem for Linux (WSL) which allows you to run several Linux tools on Windows directly. If you are using another version of Windows, the third-party application PuTTY is your friend.

• How to install the OpenSSH Client as an optional Windows 10 feature
• How to install the Windows Subsystem for Linux (WSL)

You can also use PowerShell to install it:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
 
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
 
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Install Azure Stack PowerShell

Azure Stack compatible Azure PowerShell modules are required to work with Azure Stack. PowerShell commands for Azure Stack are installed through the PowerShell gallery. You can run the following commands to install it (Make sure there are no other Azure PowerShell Modules installed, if there are, the commands will remove them). If you also install Visual Studio, install Visual Studio first before you install the Azure Stack PowerShell.

# Trust the PowerShell Gallery
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
 
# Remove Existing Azure PowerShell Modules
Get-Module -ListAvailable | where-Object {$_.Name -like “Azure*”} | Uninstall-Module
 
# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper
 
# Install and import the API Version Profile required by Azure Stack into the current PowerShell session.
Use-AzureRmProfile -Profile 2017-03-09-profile -Force
 
#Install Azure Stack Module
Install-Module -Name AzureStack -RequiredVersion 1.2.11
 
# Verify Installation
Get-Module -ListAvailable | where-Object {$_.Name -like "Azure*"}

If you need to install it on a machine which does not have access to the internet. check out the official Microsoft page: Install PowerShell for Azure Stack

Install Azure Stack tools

AzureStack-Tools is a GitHub repository that hosts PowerShell modules that you can use to manage and deploy resources to Azure Stack. This brings you several functionalities for Azure Stack management:

• Deployment of Azure Stack – Helps prepare for Azure Stack deployment.
• Resource Manager policy for Azure Stack – Constrains Azure subscription to the capabilities available in the Azure Stack.
• Connecting to Azure Stack – Connect to an Azure Stack instance from your personal computer/laptop.
• Setting up Identity for Azure Stack – Create and manage identity-related objects and configurations for Azure Stack
• Azure Stack Service Administration – Manage plans and subscriptions in Azure Stack.
• Azure Stack Compute Administration – Manage compute (VM) service in Azure Stack.
• AzureRM Template validator – Validate Azure ARM Template Capabilities
• Azure Stack Infrastructure Administration – Manage Azure Stack Infrastructure

You can get the Azure Stack tools from GitHub:

# Change directory to the root directory
cd \
 
# Download the tools archive
Invoke-WebRequest https://github.com/Azure/AzureStack-Tools/archive/master.zip -OutFile master.zip
 
# Expand the downloaded files
Expand-Archive master.zip -DestinationPath . -Force
 
# Change to the tools directory
cd AzureStack-Tools-master

You can directly open that folder in Visual Studio Code:

code C:\AzureStack-Tools-master

Configure Azure Stack PowerShell environment

As an Azure Stack user, you can configure your Azure Stack PowerShell environment. After you have configured the environment, you can use PowerShell to manage Azure Stack resources such as subscribe to offers, create virtual machines, deploy Azure Resource Manager templates, etc.

For an Azure Stack deployment which is using Azure Active Directory (AAD) as an Identity Provider, you can use the following commands:

# Navigate to the downloaded folder and import the **Connect** PowerShell module
Set-ExecutionPolicy RemoteSigned
Import-Module .\Connect\AzureStack.Connect.psm1
 
# For Azure Stack development kit, this value is set to https://management.local.azurestack.external. For a real Azure Stack solution this will be https://maangement.-region-.-fqdn-
$ArmEndpoint = "<Resource Manager endpoint for your environment>"
 
# For Azure Stack development kit, this value is set to https://graph.windows.net/.
$GraphAudience = "<GraphAudience endpoint for your environment>"
 
# Register an AzureRM environment that targets your Azure Stack instance
Add-AzureRMEnvironment `
-Name "AzureStackUser" `
-ArmEndpoint $ArmEndpoint
 
# Set the GraphEndpointResourceId value
Set-AzureRmEnvironment `
-Name "AzureStackUser" `
-GraphAudience $GraphAudience
 
# Get the Active Directory tenantId that is used to deploy Azure Stack
$TenantID = Get-AzsDirectoryTenantId `
-AADTenantName "<myDirectoryTenantName>.onmicrosoft.com" `
-EnvironmentName "AzureStackUser"
 
# Sign in to your environment
Login-AzureRmAccount `
-EnvironmentName "AzureStackUser" `
-TenantId $TenantID

Install and configure CLI for use with Azure Stack

You can also use the Azure CLI 2.0 to manage Azure Stack.

Install Azure CLI on Windows using MSI

To install the CLI on Windows and use it in the Windows command-line, download and run the Azure CLI Installer (MSI).

Install with apt-get for Bash on Ubuntu on Windows (WSL)

1. Open the Bash shell.
2. Modify your sources list.

   echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ wheezy main" | \
   sudo tee /etc/apt/sources.list.d/azure-cli.list

3. Run the following sudo commands:

   sudo apt-key adv --keyserver packages.microsoft.com --recv-keys 52E16F86FEE04B979B07E28DB02C46DF417A0893
   sudo apt-get install apt-transport-https
   sudo apt-get update && sudo apt-get install azure-cli

4. Run the CLI from the command prompt with the az command.

Connect to Azure Stack using the Azure CLI

If you are using Public Certificates for your Azure Stack, this is pretty straight forward, if you are using the Azure Stack Development Kit or an Internal CA, make sure your client trusts the Azure Stack CA root Certificate. You can find more here: Install and configure CLI for use with Azure Stack

Register your Azure Stack environment by running the az cloud register command.

Register as a cloud administrative environment:

1. To register the cloud administrative environment, use:

   az cloud register \
   -n AzureStackAdmin \
   --endpoint-resource-manager "https://adminmanagement.-region-.FQDN-" \
   --suffix-storage-endpoint "-region-.FQDN-" \
   --suffix-keyvault-dns ".adminvault.-region-.FQDN-" \
   --endpoint-active-directory-graph-resource-id "https://graph.windows.net/" \
   --endpoint-vm-image-alias-doc <URI of the document which contains virtual machine image aliases>

2. Set the active environment by using the following commands.

   az cloud set \
   -n AzureStackAdmin

3. Update your environment configuration to use the Azure Stack specific API version profile. To update the configuration, run the following command:

   az cloud update \
   --profile 2017-03-09-profile

4. Sign in to your Azure Stack environment by using the az login command. You can sign in to the Azure Stack environment either as a user or as a service principal.

   az login \
   -u <Active directory global administrator or user account. For example: username@<aadtenant>.onmicrosoft.com> \
   --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com>

Register the user environment, use:

1. To register the user environment, use:

   az cloud register \
   -n AzureStackUser \
   --endpoint-resource-manager "https://management.local.azurestack.external" \
   --suffix-storage-endpoint "local.azurestack.external" \
   --suffix-keyvault-dns ".vault.local.azurestack.external" \
   --endpoint-active-directory-graph-resource-id "https://graph.windows.net/" \
   --endpoint-vm-image-alias-doc <URI of the document which contains virtual machine image aliases>

2. Set the active environment by using the following commands.

   az cloud set \
   -n AzureStackUser

3. Update your environment configuration to use the Azure Stack specific API version profile. To update the configuration, run the following command:

   az cloud update \
   --profile 2017-03-09-profile

4. Sign in to your Azure Stack environment by using the az login command. You can sign in to the Azure Stack environment either as a user or as a service principal.

   az login \
   -u <Active directory global administrator or user account. For example: username@<aadtenant>.onmicrosoft.com> \
   --tenant <Azure Active Directory Tenant name. For example: myazurestack.onmicrosoft.com>

Install the Microsoft Azure Storage Explorer

To access and manage Azure Stack Storage Accounts, you can also use the Microsoft Azure Storage Explorer tool. Microsoft Azure Storage Explorer (Preview) is a standalone app from Microsoft that allows you to quickly work with Azure Storage data on Windows, macOS, and Linux.

If you are running the Azure Stack Development Kit, you should again have a look at how you get the certificates in place, and you can find that here: Connect Storage Explorer to an Azure Stack subscription

1. Install the Microsoft Azure Storage Explorer
2. After Storage Explorer restarts, select the Edit menu, and then ensure that Target Azure Stack is selected. If it is not selected, select it, and then restart Storage Explorer for the change to take effect. This configuration is required for compatibility with your Azure Stack environment.
3. To connect to the Azure Stack account, select Add an account.
4. In the Connect to Azure Storage dialog box, under Azure environment, select Use Azure Stack Environment, and then click Next.
5. To sign in with the Azure Stack account that’s associated with at least one active Azure Stack subscription, fill in the Sign in to Azure Stack Environment dialog box.
   The details for each field are as follows: Environment name: The field can be customized by the user.
   ARM resource endpoint: The samples of Azure Resource Manager resource endpoints: For cloud operator:
   https://adminmanagement.-region-.-FQDN-
   For tenant:
   https://management.-region-.-FQDN-
   Tenant Id: Optional. The value is given only when the directory must be specified.

This should help you quickly set up an Azure Stack Cloud Operator Workstation. What other tools do you need to manage and operator your Azure Stack? Leave a comment.

If you want to know more about the responsibilities and toolset of an Azure Stack Operator, check out my blog post at the Microsoft IT OpsTalk blog.