Setting Up a Simulated Hybrid Cloud Environment for Testing // Cloud architect insights

Setting Up a Simulated Hybrid Cloud Environment for Testing

Microsoft Azure provides a flexible and scalable platform for creating test environments that simulate a hybrid cloud setup. This article walks you through the process of setting up a simulated hybrid cloud test environment using two separate Azure virtual networks and a VNet-to-VNet connection.

This setup simulates a hybrid cloud production environment consisting of:

A simulated and simplified on-premises network hosted in an Azure virtual network (the TestLab virtual network).
A simulated cross-premises virtual network hosted in Azure (TestVNET).
A VNet-to-VNet connection between the two virtual networks.
A secondary domain controller in the TestVNET virtual network.

This configuration provides a common starting point for you to:

Develop and test applications in a simulated hybrid cloud environment.
Create test configurations of computers, some within the TestLab virtual network and some within the TestVNET virtual network, to simulate hybrid cloud-based IT workloads.

There are four major phases to setting up this hybrid cloud test environment:

Configure the TestLab virtual network
Create the cross-premises virtual network (TestVNET)
Create the VNet-to-VNet VPN connection
Configure the secondary domain controller (DC2)

Phase 1: Configure the TestLab virtual network

Start by following the instructions in the Base Configuration Test Environment to set up the DC1, APP1, and CLIENT1 computers in an Azure virtual network named TestLab.

Next, open an Azure PowerShell prompt and log in to your account. Use the following commands to add a gateway subnet to the TestLab virtual network, request a public IP address for the gateway, and create the gateway itself.

# Log in to your Azure account
Login-AzureRMAccount

# Get your subscription name
Get-AzureRMSubscription | Sort SubscriptionName | Select SubscriptionName

# Set your Azure subscription
$subscr="<subscription name>"
Get-AzureRmSubscription –SubscriptionName $subscr | Select-AzureRmSubscription

# Add a gateway subnet to the TestLab virtual network
$rgName="<name of your resource group for the TestLab virtual network>"
$locName="<Azure location name for the TestLab virtual network, e.g., West US>"
$vnet=Get-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name TestLab
Add-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 10.255.255.248/29 -VirtualNetwork $vnet
Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

# Request a public IP address for the TestLab gateway
$gwpip=New-AzureRmPublicIpAddress -Name TestLab_pip -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic

# Create the TestLab gateway
$vnet=Get-AzureRmVirtualNetwork -Name TestLab -ResourceGroupName $rgName
$subnet=Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
$gwipconfig=New-AzureRmVirtualNetworkGatewayIpConfig -Name TestLab_GWConfig -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
New-AzureRmVirtualNetworkGateway -Name TestLab_GW -ResourceGroupName $rgName -Location $locName -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased

After completing these steps, configure the CORP domain on DC1 so that computers and users use their local domain controller for authentication.

Phase 2: Create the TestVNET virtual network

Next, create the TestVNET virtual network and protect it with a network security group using these PowerShell commands:

# Create the TestVNET virtual network and gateway subnet
$rgName="<name of your resource group for the TestLab virtual network>"
$locName="<Azure location name for the TestLab virtual network, e.g., West US>"
$locShortName="<Azure location name from $locName in lowercase with spaces removed, e.g., westus>"
$testSubnet=New-AzureRMVirtualNetworkSubnetConfig -Name "TestSubnet" -AddressPrefix 192.168.0.0/24
$gatewaySubnet=New-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -AddressPrefix 192.168.255.248/29
New-AzureRMVirtualNetwork -Name "TestVNET" -ResourceGroupName $rgName -Location $locName -AddressPrefix 192.168.0.0/16 -Subnet $testSubnet,$gatewaySubnet -DNSServer 10.0.0.4

# Create a network security group to allow RDP traffic to the TestSubnet
$rule1=New-AzureRMNetworkSecurityRuleConfig -Name "RDPTraffic" -Description "Allow RDP to all VMs on the subnet" -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
New-AzureRMNetworkSecurityGroup -Name "TestSubnet" -ResourceGroupName $rgName -Location $locShortName -SecurityRules $rule1
$vnet=Get-AzureRMVirtualNetwork -ResourceGroupName $rgName -Name TestVNET
$nsg=Get-AzureRMNetworkSecurityGroup -Name "TestSubnet" -ResourceGroupName $rgName
Set-AzureRMVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name "TestSubnet" -AddressPrefix 192.168.0.0/24 -NetworkSecurityGroup $nsg

# Create the TestVNET gateway
$gwpip=New-AzureRmPublicIpAddress -Name TestVNET_pip -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$vnet=Get-AzureRmVirtualNetwork -Name TestVNET -ResourceGroupName $rgName
$subnet=Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
$gwipconfig=New-AzureRmVirtualNetworkGatewayIpConfig -Name "TestVNET_GWConfig