'Creating a lab using Azure Lab Services with no Public IP
I am considering to use Azure Lab Services and I'm trying to find a way to create everything in it with no Public IPs but I can't find a way. I noticed I can make the VMs from each lab to use private IP using a peered Vnet with a selected address space but when I create a lab it creates the Template VM with Public IP so I tried to search for a way to change it but there were no options on changing it neither in the Azure Lab Services site or in the infrastructure. I thought maybe using Azure CLI I could create a Lab using Azure Lab Services with no Public IP but this is all the CLI PowerShell commands I found. I'd be really grateful if anyone knows if there's a way to create a Template VM without a Public IP or if there isn't yet I'd like to know it too.
Solution 1:[1]
This is by design in Azure Lab Services. Azure Lab Services is a SaaS solution, which means that the resources needed by Lab Services are handled for you. The lab account is hosted in your subscription. The student VMs, along with the resources needed to support the VMs are hosted in a subscription owned by Lab Services. Here is the basic architecture:
Each organization or school will set up their own network in a way that best fits their needs. Because Azure Lab Services runs in the public cloud, some extra configuration may be needed to allow students to access their VM when connecting from the campus network, like setting firewall rules that block RDP or SSH connections to machines outside their own network.
So, each lab uses a single public IP address and multiple ports. All VMs, both the template VM and student VMs, will use this public IP address. The public IP address will not change for the life of lab. However, each VM will have a different port number. The port numbers range from 49152 to 65535. The combination of public IP address and port number is used to connect instructor and students to the correct VM.
Here are some more FAQs about Azure Lab Services.
Solution 2:[2]
Creating a lab that uses a private ip is now possible with the April 2022 Update of Azure Lab Services, with some caveats. An advanced networking feature call vnet-injection allows users to have more control over the network used for the lab.
You can see advanced networking architecture diagram in the using shared server article. (Sorry, I can't post images yet.)
You would need to:
- Create a virtual network in your subscription.
- Create a subnet that is delegated to
Microsoft.LabServices/labplans. - Create a lab plan with advanced networking and connect it to previously created subnet.
- Create lab using the previous lab plan.
- Update NSG to deny traffic through public ip.
CAVEAT: The 'connect' button Azure Lab Services website will no longer work for students. (Known issue on the team's backlog.) You will need to provide a separate rdp file for students to use. It would contain something like:
full address:s:10.0.0.1:3389
prompt for credentials:i:1
administrative session:i:1
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Bhargavi Annadevara |
| Solution 2 | PlanetMaher |