In this chapter, we start to extend our actual simulated on-premises infrastructure with the additional servers we need in order to demonstrate and configure different capabilities. In the following diagram, we introduce the complete environment we'll have configured after working through all the labs in the book:

In this chapter, we will add YD1APP01 and YD1URA01 to our environment. YourDomain1 (YD1) is used to identify the machine in the correct domain. In our case, we used INODEMOAPP01 as an example. You need to provision the machines with the previous values.

You already deployed the YDADS01 domain controller in Chapter 2, Understanding Identity Synchronization. For all future virtual servers, use the same Azure subscription, the same resource group, and the same virtual network. Join the virtual machines to your existing Active Directory. For the domain controller installation, we used inovitlabs.ch as an example. In the following chapters, we will use similar DNS suffixes. To be clear, we use inovitdemos.ch as a continuous representation of inovitlabs.ch and we will add azureid.ch and leano.ch for the different scenarios.

For a better understanding, we show one example for an additional virtual machine, and you should run into the following result if you have provisioned all virtual machines by the end of the book:

For INODEMOSAPP01 (YDAPP01), we use a Standard B4ms (4 VCPUs, 16 GB memory) virtual machine with Windows Server 2019. This virtual machine will be the host for running an SQL Server instance, most of our demo apps, and Visual Studio. For this reason, we use such a big machine type:

• Always use the same resource group
• Always use the same subscription
• Use the size from the previous screenshot (recommended)
• Always use the same virtual network
• Always configure a DNS name for a virtual machine

You can use the Connect button to download the RDP-connection file:

To make the labs as easy as we can, we define for every machine an RDP inbound rule at creation time, and configure a static internal IP address for the virtual machine:

If you click on Network Interface, you can configure the static IP:

Next, we need to click on the virtual network to configure our YDADS01 domain controller as the primary DNS server:

Now we are ready to go, and you can follow the same steps for any additional virtual machines. We also provide a scripting solution in the code package of the book.

For this chapter, and specifically the YD1URA01 virtual machine, we need to configure two additional inbound port rules to provide external access to our Web Application Proxy. We need to open port 80 TCP (HTTP) and 443 TCP (HTTPS). The expected configuration should look like the following:

Now that we have discussed the virtual machine setup, you should deploy the YD1APP01 and YD1URA01 servers to run the following labs in this chapter.