WS-013 Azure

Stack HCI

© Copyright Microsoft Corporation. All rights reserved.

Module 2: Operating and
maintaining Azure Stack
HCI
Module overview

You can operate and maintain Azure Stack hyperconverged infrastructure (HCI) by using the
same tools you use in traditional on-premises deployments. You can also leverage the
extensibility and feature set offered by Windows Admin Center, including integration with
Azure-based services, such as Azure Monitor, Azure Backup, Azure Site Recovery, and Update
Management. In this lesson, you’ll learn about these tools.
• Lessons:
o Implementing and managing workloads on Azure Stack HCI

o Maintaining Azure Stack HCI

Lesson 1: Implementing
and managing workloads
on Azure Stack HCI
Lesson 1 overview

Azure Stack HCI is designed to optimize performance, resiliency, and scalability of specific
types of workloads. In this lesson you will learn about implementing these workloads:
• Topics:
o Implement guest clustering with shared disks

o Demonstration: Implement guest clustering with shared disks

o Implement shielded VMs

o Implement VDI workloads

o Implement containerized workloads

o Implement Azure Network Adapter

o Demonstration: Implement Azure Network Adapter

o Implement Azure File Sync

o Demonstration: Implement Azure File Sync

o Manage Azure Stack HCI workloads with Azure Arc

Implement guest clustering with shared disks

• VHD Set files in Azure Stack HCI scenarios offer many benefits:
o Allows for sharing virtual disks across Microsoft Hyper-V VMs
o Leverages Cluster Shared Volume (CSV)

o Supports Hyper-V Replica and host-level backup

• To implement VHD Set files in Azure Stack HCI:

1. Create VHD Set files by using:
• Failover Cluster Manager (New Virtual Hard Disk Wizard)
• Hyper-V Manager
• The New-VHD PowerShell cmdlet
2. Attach the VHD Set to a SCSI controller of VMs hosting cluster nodes:
• Failover Cluster Manager (VM Settings)
• Add-VMHardDiskDrive PowerShell cmdlet with the -
SupportPersistentReservations parameter
Demonstration:
Implement guest
clustering with
shared disks
 Create a VHD Set
 Attach the VHD Set to a VM
Implement shielded VMs (1 of 6)

Shielded VMs have a number of dependencies, including:

• Guarded fabric infrastructure managed by fabric admins, and consisting of:
o A Host Guardian Service (HGS) host or cluster

o Guarded Hyper-V hosts

• Shielding data file (.pdk file) encrypted by tenants, which contains:

o Tenant secrets (admin passwords, RDP certificates)

o Digital signatures of template disks available in the guarded fabric

o One or more key protectors, designating trusted guarded fabrics

Implement shielded VMs (2 of 6)

• To implement guarded fabric:

o Deploy an HGS cluster:
1. Install Windows Server 2019 on servers that will become HGS hosts
2. Join the servers to a dedicated, single-domain AD DS forest
3. Obtain signing and encryption certificates that will be used by guarded Hyper-V
hosts
4. Initialize HGS hosts by configuring the attestation mode
Implement shielded VMs (3 of 6)

o Deploy guarded Hyper-V hosts:

1. Configure DNS name resolution between the HGS cluster and Hyper-V hosts
2. Configure attestation:
a. For TPM-trusted attestation:
▫ Capture TPM IDs
▫ Create a CI policy
▫ Establish a TPM baseline
b. For host key attestation
▫ Create a host key pair
▫ Store the private key on the Hyper-V hosts
▫ Copy the public key to the HGS hosts
Implement shielded VMs (4 of 6)

• There are two main scenarios that result in a deployment of a shielded VM into guarded
fabric:
o Provisioning a shielded VM from a disk template within a guarded fabric on guarded
Hyper-V hosts
o Shielding an existing VM provisioned outside a guarded fabric or shielding a VM
based on a non-shielded disk template
Implement shielded VMs (5 of 6)

• Provisioning a shielded VM from a disk template:

1. The tenant or the guarded fabric admin creates a template disk that will be used to
provision a new shielded VM (the Template Disk Wizard in the Shielded VM Tools
available as part of Remote Server Administration Tools)
o The disk must be digitally signed and encrypted with BitLocker Drive
Encryption
2. The tenant retrieves the HGS metadata that designates the target guarded fabric
3. The tenant creates a shielding data file (the Shielding Data File Wizard, with the
Shielding data for Shielded templates option)
4. The tenant provides the shielding data (and, if applicable, the template disk) to the
guarded fabric admin
5. The tenant creates a shielded VM from a template within the guarded fabric
Implement shielded VMs (6 of 6)
Shielding an existing VM provisioned outside a guarded fabric or shielding a VM based on a
non-shielded disk template:
1. The tenant retrieves the HGS metadata that designates the target guarded fabric

2. The tenant creates a shielding data file (the Shielding Data File Wizard, with the
Shielding data for existing VMs and non-Shielded templates option)
3. The tenant creates a helper VHDX, which will be used to convert the existing VM into
shielded VM (on a Hyper-V host with the Shielded VM Tools installed):
a. The tenant provisions a Gen 2 VM with a fixed or dynamically expanding disk
running Windows Server 2019
b. The tenant shuts down the OS and initializes the VHDX as a VM-shielding helper
disk (the Initialize-VMShieldingHelperVHD PowerShell cmdlet)
4. The tenant enables BitLocker on all disks attached to the VM to be shielded

5. The tenant exports the VM to be shielded and provides it to the fabric administrator
along with the helper VHDX and the shielding data file
6. The fabric administrator uses the shielding data file and the helper VHDX to convert
the existing VM into a shielded VM
Implement VDI workloads

• VDI is one of the recommended workloads to be hosted on Azure Stack HCI, with Microsoft
RDS or equivalent third-party offerings serving the role of a virtual desktop broker:
o Customers should consider using Microsoft RDS

• To implement guarded fabric:

1. Determine the preferred licensing model and procure enough RDS CALs

2. Obtain SSL certificates for the RD Gateway and RD Connection Broker servers

3. Deploy RDS infrastructure components into Azure Stack HCI

4. Configure high availability of the RD Connection Broker and RD Gateway

5. Create session collections that will contain VMs you intend to make available to VDI
users (managed pooled, unmanaged pooled, managed personal, or unmanaged
personal)
6. Use Storage Spaces Direct to store UPDs

7. Integrate VDI instances with Azure Update Management and Azure Security Center
by using Windows Admin Center
8. If necessary, deploy Remote Desktop client to client devices
Implement containerized workloads

• Kubernetes v1.14 and later supports Windows Server 2019 as cluster nodes and container
images
• Azure Stack HCI further enhances the agility and resiliency inherent to Kubernetes
deployments
• Implementation of Kubernetes on Azure Stack HCI typically involves the use of third-party
tools
• Windows Admin Center includes the Containers extension, which simplifies:
o Assessing health status of containers running within the Azure Stack HCI

o Troubleshooting performance and stability issues

Implement Azure Network Adapter

• Azure Network Adapter is a convenient tool to:

o Provision an Azure VPN gateway resource in an Azure virtual network
o Establish a P2S VPN connection to that gateway

• To implement Azure Network Adapter:

1. Create an Azure virtual network or identify an existing one

2. Register Windows Admin Center with Azure:

a. Create and register an Azure AD app directly from within Windows Admin Center
b. Pre-create an Azure AD app and use it during registration
3. Windows Admin Center will automatically:

a. Create GatewaySubnet within the virtual network (if needed)

b. Provision a VPN gateway of the SKU you select
c. Configure the VPN gateway for P2S VPN with the client IP address space you
designate
Demonstration:
Implement Azure
Network Adapter
 Register Windows Admin Center with
Azure
 Create an Azure virtual network
 Add an Azure Network Adapter
Implement Azure File Sync (1 of 7)

\\<account>.file.core.windows.net\<share> Storage Sync

Service
Storage account
• Accounting
share
• Sales share Cloud Cloud
endpoin endpoin
t t

Accounting Sales
sync group sync group

Azure Backup

Registered server D:\Accounting D:\Sales

Azure File Sync agent (Server endpoint) (Server endpoint)
Implement Azure File Sync (2 of 7)

Azure File Sync benefits:

• Multisite sync
Azure
Azure
File
File share
Share

File Sync File

Sync

Users
SMB
NFS Applications
Branch
HQ
File Server
File Server
Implement Azure File Sync (3 of 7)

Azure File Sync benefits:

• Multisite sync
• Cloud tiering Azure
Azure
File
File share
Share

File Sync File

Sync

Cloud Tiering
Users File 1
SMB
File 2
NFS Applications
File 3
Branch
HQ
File Server
File Server
Implement Azure File Sync (4 of 7)
Azure Backup
Azure File Sync benefits:
• Multisite sync
• Cloud tiering Azure
Azure
• Cloud backup File
File share
Share

File Sync File

Sync

Cloud Tiering
Users File 1
SMB
File 2
NFS Applications
File 3
Branch
HQ
File Server
File Server
Implement Azure File Sync (5 of 7)
Azure Backup
Azure File Sync benefits:
• Multisite sync
• Cloud tiering Azure
• Cloud backup File share

File Sync File

Sync

Cloud Tiering
File 1
File 2
File 3
Branch
Server fails
File Server
Implement Azure File Sync (6 of 7)
Azure Backup
Azure File Sync benefits:
• Multisite sync
• Cloud tiering Azure
Azure
• Cloud backup File
File share
Share
• Disaster recovery
File Sync File
Sync

Rapid DR Cloud Tiering

File 1 File 1
File 2 File 2
File 3 File 3
New Branch
File Server File Server
Implement Azure File Sync (7 of 7)
• To implement Azure File Sync:
1. Create an Azure file share in the same Azure region where you want to deploy Azure
File Sync
2. Deploy the Storage Sync Service
3. Install the Azure File Sync agent
4. Register Windows Server with Storage Sync Service
5. Create a sync group
6. Add on more server endpoints
• Windows Admin Center simplifies Azure File Sync deployment by managing:
• Creation of a Storage Sync service
• Creation of a storage account with an Azure file share
• Download and installation of Azure File Sync agent
• Registration of the managed Windows Server with the Storage Sync Service
• Creation of a sync group
• Configuration of cloud tiering
Demonstration:
Implement Azure
File Sync
 Run Azure File Sync from Windows Admin
Center
 Verify the results
Manage Azure Stack HCI workloads with Azure Arc (1 of 2)

• Azure Arc assigns a resource ID and an Azure resource group to each non-Azure computer
• This assignment serves as the basis for the following functionality:
o Azure Policy guest configuration, which supports:
• Auditing of the operating system, applications, and environment settings
• Configuring the time zone on the Windows operating system
o Resource-context access to Log Analytics data, enabling you to control access to
logs collected from on-premises computers the same way as for Azure resources, by
using:
• Access mode (workspace-context and resource-context)
• Access control mode (require workspace permissions, use resource or workspace
permissions)
o Installation of Azure VM extensions:
• Windows OS (CustomScriptExtension, DSC, Log Analytics Agent, Microsoft
Dependency agent)
• Linux OS (CustomScript, DSC, Log Analytics Agent, Microsoft Dependency agent)
Manage Azure Stack HCI workloads with Azure Arc (2 of 2)

To implement the Azure Arc functionality in Azure Stack HCI:

• Install Azure Connected Machine agent on VMs you intend to manage
o For smaller scale deployments use:
▫ Windows Installer package available from Microsoft Downloads
▫ An onboarding script available from the Azure portal
▫ Windows Admin Center
o For larger-scale deployments, use:
▫ PowerShell DSC and an Azure AD service principal
▫ TCP Port 443 for outbound connectivity to Azure
• Create and assign an Azure policy definition containing Azure Policy Guest
Configuration settings
• Configure and assign an Azure VM extension
Lesson 1: Test your knowledge

Refer to the Student Guide for lesson-review questions

Lesson 2: Maintaining
Azure Stack HCI
Lesson 2 overview

• You can optimize maintenance of Azure Stack HCI by leveraging services that simplify and
streamline traditional maintenance tasks, such as monitoring, backups, or patching. Some
of these services, such as Azure Monitor, Azure Backup, Azure Site Recovery, and Azure
Update Management are cloud-based, while others such as Cluster-Aware Updating, were
designed specifically for on-premises scenarios.
• Maintenance tasks also include adding and removing nodes of an Azure Stack HCI cluster:
o Topics:

• Implement Azure Monitor

• Demonstration: Implement Azure Monitor
• Implement Azure Backup
• Implement Azure Site Recovery
• Implement the Update Management solution in Azure Automation
• Deploy updates by using Cluster-Aware Updating
• Add and remove nodes in an Azure Stack HCI cluster
Implement Azure Monitor (1 of 2)

• Azure Monitor provides three main benefits:

o Monitoring and metrics dashboard
o Querying and analyzing logs

o Alerting and remediation

• Azure Monitor delivers focused, in-depth monitoring capabilities:

o Deep infrastructure monitoring

o Deep application monitoring

Implement Azure Monitor (2 of 2)

To implement the Azure Monitor functionality in Azure Stack HCI:

• In Azure:
1. Create a Log Analytics workspace and configure data collection

2. If needed, create and configure additional services such as Azure Automation or

monitoring solutions such as Change tracking and inventory
• On Azure Stack HCI (cluster nodes and/or VMs):
1. Install the Log Analytics agent (available for download directly from the Azure portal)

2. Run:
• Manually (specify workspace ID and one of two workspace-specific keys)
• Unattended or automated by using Azure Automation PowerShell DSC
• Using Windows Admin Center to automatically enable:
▫ Azure Monitor for VMs, including trending performance charts and dependency
map
▫ Windows Server 2019 Health Service telemetry collection
3. Install additional monitoring solutions and if applicable, additional agents
Demonstration:
Implement Azure
Monitor
 Run Azure Monitor setup from Windows
Admin Center
 Verify the results
Implement Azure Backup (1 of 5)

• Azure Backup offers the following backup options:

o Local file, folder, and system state backups by using Azure Backup on a Windows
Server
o Long-term storage of backups by using Microsoft Azure Backup Server
o Long-term storage of backups by using System Center Data Protection Manager
(DPM)
Implement Azure Backup (2 of 5)

To implement backups of Azure Stack HCI workloads with Azure Backup on a Windows Server:
• Use Windows Admin Center–guided procedure:

1. Sign into the Azure subscription that will host backups

2. Run the Set up Azure Backup step:
• Select the target Azure region, resource group, and vault (Windows Admin
Center automatically provisions Recovery Services vault if one does not already
exist)
3. Run the Select Backup Items and Schedule step:
• Select data to back up, which might include local files, folders, volumes, and
system state
• Specify frequency of backups and their retention period
4. Run the Enter Encryption Passphrase step:
• Specify a string of characters to be used for encrypting backups
• The passphrase is also required to recover data to a different server from the
one where the backup was performed
•
Implement Azure Backup (3 of 5)

To implement backups of Azure Stack HCI workloads with Microsoft Azure Backup Server:
1. Create an Azure Recovery Services vault

2. Set storage replication of the vault

3. Identify the server that will host Azure Backup Server

4. Download and extract Azure Backup Server binaries

5. Download the vault credentials

6. Install Azure Backup Server binaries

• Use the local Microsoft SQL Server instance included with the installation or
specify an existing one
• Provide the downloaded vault credentials to register the local Azure Backup Server
with the Azure Recovery Services vault
7. Configure storage pools and disks, which provide short-term storage for backups

8. Install Data Protection Manager protection agent on target servers that will be
backed up by using the Azure Backup Server
9. Configure protection settings for the target servers
Implement Azure Backup (4 of 5)
Azure Active
Directory
Azure
(primary
region)
Azure
Windows Server (secondary
VM with Microsoft Azure region)
Azure Backup Storage
Azure
server
Recovery
Services
vault
Domain
controller
VM Linux VM

SQL
Server Linux VM
VM
On-
Azure Stack HCI Premises

Azure
Import/Export
Implement Azure Backup (5 of 5)

To implement backups of Azure Stack HCI workloads with System Center DPM:
1. Create an Azure Recovery Services vault

2. Set storage replication of the vault

3. Download and install Recovery Services Agent on the DPM server

• Provide the downloaded vault credentials to register the DPM Server with the
Azure Recovery Services vault
4. If needed, configure storage pools and disks which provide short-term storage for
backups
5. Install DPM protection agent on target servers that will be backed up by using the
DPM server
6. Configure protection settings for the target servers
Implement Azure Site Recovery (1 of 6)

 Azure Site Recovery supports the following use cases:

o Failover and failback between two on-premises sites
o Failover and failback between an on-premises site and an Azure region

o Failover and failback between two Azure regions

 The choice of protection mechanism provided by Azure Site Recovery depends on:
o Location of the recovery site (on-premises or Azure)

o Type of computer to protect (physical or virtual)

o Virtualization platform (Hyper-V or VMware ESXi)

o Virtualization management software

o Replication mechanism

 In the context of Azure Stack HCI, the following two disaster recovery scenarios are
relevant:
o Disaster recovery of Hyper-V VMs not managed by SCVMM to Azure

o Disaster recovery of Hyper-V VMs managed by SCVMM to Azure

Implement Azure Site Recovery (2 of 6)

Azure Site Recovery architecture:

• Disaster recovery of Hyper-V VMs not managed by SCVMM to Azure:
o Azure components:

• An Azure Site Recovery vault serving as the central management point for disaster
recovery–related replication and orchestration
• An Azure general purpose, LRS or GRS Standard SKU storage account hosting
replicated disks
• An Azure virtual network for a planned or unplanned disaster recovery event
• An Azure virtual network for a disaster recovery test
o On-premises components:

• Windows Server 2019 Hyper-V servers hosting the protected VMs

• Protected Hyper-V VMs
• Azure Site Recovery Provider running on each Windows Server 2019 Hyper-V host
Implement Azure Site Recovery (3 of 6)

Azure Azure Active

(primary Directory
region)

Linux VM
Azure
(secondary
Orchestratio Azure region)
n Storage
Azure
Recovery
Linux VM Hyper-V Server Replication Services
vault

Windows
Server VM
Windows
Server
VM
On-
Azure Stack HCI Premises
Implement Azure Site Recovery (4 of 6)

Azure Site Recovery architecture:

• Disaster recovery of Hyper-V VMs managed by SCVMM to Azure
o Azure components: the same as with the disaster recovery of Hyper-V VMs not
managed by VMM to Azure (listed on previous slide)
o On-premises components

• Windows Server 2019 Hyper-V servers hosting the protected VMs

• Protected Hyper-V VMs
• A SCVMM 2019 deployment hosting one or more private clouds and logical
networks
• VMM virtual machine networks linked to logical networks associated with the
SCVMM clouds
▫ You map these networks to Azure virtual networks when creating a recovery
plan
• The Azure Site Recovery Provider running on the SCVMM server
▫ The provider manages communication with the Recovery Services vault
Implement Azure Site Recovery (5 of 6)

• Implement Azure Site Recovery for Azure Stack HCI VMs:

o By using a guided procedure on the Azure Site Recovery vault blade in the Azure
portal:
• Run the Prepare infrastructure step:
▫ Select protection goal
▫ Confirm deployment planning
▫ Designate source and a target
▫ Configure replication settings
• Run the Replicate Application step:
▫ Designate source
▫ Select VMs
▫ Configure replication settings
Implement Azure Site Recovery (6 of 6)

• Run the Manage Recovery Plans step:

▫ create and configure recovery plans
▫ A recovery plan identifies protected VMs and dictates the order of individual
steps during failover and a failback. You have the option of automating these
steps by using Azure Automation scripts and workflows.
o By using a guided procedure in Windows Admin Center:
▫ Enable VM protection functionality on the cluster (Set up VM protection)
▫ Select VMs to protect (Protect VM)
▫ For any subsequent steps, including creating a recovery plan, performing a
failover, and monitoring replication, use the Azure Site Recovery vault blade
in the Azure portal
Implement the Update Management solution in Azure Automation
(1 of 2)
• Update Management provides the following benefits:
o Delivers status of updates on managed servers
o Automates update deployments based on compliance status or group membership:
• Groups can be defined by:
▫ Using Log Analytics queries
▫ Imported using Windows Server Update Services (WSUS)
▫ Imported using Microsoft Endpoint Configuration Manager
o Supports update-specific searches of Azure Monitor logs collected from managed
servers
Implement the Update Management solution in Azure Automation

(2 of 2) Update Management on Azure Stack HCI:

Implement
• By using the Azure portal:
1. Create a Log Analytics workspace and an Azure Automation account:
• Ensure that the Azure regions you choose match those documented by Microsoft
2. Enable the Update Management solution (from the Azure Automation blade in the
Azure portal):
• Select the corresponding Log Analytics workspace
3. Onboard the on-premises VMs by installing the Log Analytics agent

4. Select the VMs to manage

5. Schedule updates (servers can obtain updates from any location supported by the
operating system, including WSUS and Endpoint Configuration Manager)
• By using Windows Admin Center (Set up Azure Update Management):
o Ensures correct choice of regions for Log Analytics workspace and an Azure
Automation account
o Doesn’t automatically onboard managed servers into Update Management:
Deploy updates by using Cluster-Aware Updating (1 of 3)

• Cluster-Aware Updating (CAU) eliminates overhead associated with installing updates on

cluster nodes
• CAU updates individual nodes, performing the same sequence of steps on each:
1. Placing a node into maintenance mode

2. Moving any clustered roles hosted on the local node to another one

3. Installing updates

4. Performing a restart if required

5. Terminating the maintenance mode on the local node

6. Moving clustered roles back to the local node

Deploy updates by using Cluster-Aware Updating (2 of 3)

CAU can operate in one of two modes:

• Self-updating mode:
o CAU is implemented as a clustered role within the managed cluster
o Details of update operations, such as scheduled times, are based on Updating Run
profiles
o When an Updating Run initiates, it triggers creation of the CAU Update Coordinator
process on the cluster node currently hosting the CAU clustered role
o The CAU role orchestrates orderly updates on all cluster nodes
o When it’s time to update the node hosting the CAU role, CAU initiates failover to
another node and continues the updates
• Remote-updating mode:
o Requires use of CAU admin tools from a computer that is not part of the target
cluster to invoke deployments
o Provides more visibility into status of Updating Runs
o Requires an administrative action to trigger updates
Deploy updates by using Cluster-Aware Updating (3 of 3)

To implement CAU on Azure Stack HCI, use either:

• Self-updating mode:
o Manual process:
1. Install the Failover Clustering Tools on all cluster nodes
2. Start the Cluster Aware Updating tool
3. Configure Updating Run profiles according to your requirements.
o Automated process:
▫ Use the Add-CauClusterRole PowerShell cmdlet
• Remote-updating mode.

1. Install the Failover Clustering tools on a remote computer with direct connectivity
to the cluster nodes
2. Invoke CAU from the remote computer
• Windows Admin Center supports CAU management, but this requires enabling the
CredSSP-based authentication and providing explicit credentials to connect to the
cluster nodes
Add and remove nodes in an Azure Stack HCI cluster

• To add a new server to an Azure Stack HCI cluster:

1. Obtain a physical server with matching hardware from the same Azure Stack HCI
vendor
2. Set up the server within your data center infrastructure:
o Details are hardware specific, but this typically involves rack mounting, cabling,
establishing network connectivity, configuring out-of-band management
controllers, applying the latest firmware, and running OEM validation tests
3. Configure the OS to comply with your standards and join it to the AD DS domain

4. Add the server as an additional node to the Azure Stack HCI cluster:
o Use the Add server(s) to the cluster pane in Windows Admin Center
5. Run cluster validation
• To remove a server from an Azure Stack HCI cluster:
1. Use the Add server(s) to the cluster pane in Windows Admin Center

2. Specify whether to remove the server's disks from the storage pool

3. Run cluster validation

Lesson 2: Test your knowledge

Refer to the Student Guide for lesson-review questions

Instructor-led lab:
Using Windows
Admin Center in
hybrid scenarios
 Provision the lab environment
 Integrate hyperconverged infrastructure
with Azure services
 Review Azure integration functionality
 Manage updates to hyperconverged
infrastructure
 Deprovision the Azure environment
Lab scenario (1 of 2)

Contoso, Ltd. is a medium-size financial services company with its headquarters in London,
England. It’s currently operating almost entirely on-premises, with most if its compute
environment running on the Windows Server platform, including virtualized workloads on
Windows Server 2012 R2 and Microsoft Hyper-V hosts in Windows Server 2016. Its internal IT
staff is well-versed in Microsoft technologies, including its virtualization and software-defined
datacenter offerings.
In recent months, as part of datacenter consolidation and modernization initiatives, Contoso
IT migrated some of its applications to a range of Azure infrastructure as a service (IaaS) and
platform as a service (PaaS) services. However, several highly regulated workloads have to
remain in the on-premises datacenters.
Two of these workloads present a challenge due to their performance and resiliency
requirements. The first workload is a group of heavily utilized Microsoft SQL Server instances
hosting transactional databases for Contoso’s loan origination department. The second
workload is an isolated Virtual Desktop Infrastructure (VDI) farm for users in Contoso’s
securities research department, which is supposed to replace an aging Windows Server 2012
R2–based Remote Desktop Services (RDS) deployment.
Lab scenario (2 of 2)

Contoso’s Chief Information Officer (CIO) realizes that implementing these workloads will
require additional investment in hardware. Before making the investment, she wants to verify
that the extra expense will help the IT organization deliver a modern technological solution
and accelerate the datacenter consolidation initiative. She also wants to make sure that it
helps ensure a consistent management approach that leverages existing IT skills, and if
possible, integrates with some of the cloud services that Contoso is already benefiting from,
such as Azure Monitor. It’s also critical that the new solution provides multiple levels of high
availability and resiliency thereby protecting them from localized failures and facilitate
disaster recovery to another on-premises location.
IT management has started its search for solutions that would satisfy these requirements. As
lead system engineer, they have asked you to assist with the search and implement a proof-
of-concept environment that would help identify the most viable candidate.
To address the requirements for deployments of highly regulated workloads, you'll provision
the core compute and networking components of the lab environment and then test
integration of hyperconverged infrastructure with Azure services, including Azure Monitor and
Azure Automation. You'll also test Cluster-Aware updating.
Lab: Using Windows Admin Center in hybrid scenarios

 Exercise 1: Provision the lab environment by using PowerShell

 Exercise 2: Integrate hyperconverged infrastructure with Azure services
 Exercise 3: Review Azure integration functionality
 Exercise 4: Manage updates to hyperconverged infrastructure
 Exercise 5: Deprovision the Azure environment

Lab setup:
To connect to the lab VM, follow the steps the lab hosting provider provides you
Module-review questions (1 of 2)
1. Which two of the following components are required to shield an existing virtual machine
(VM) provisioned outside of guarded fabric?
a. TPM 2.0
b. VHD Set
c. Helper VHDX
d. .pdk file
e. .vmcx file
2. Which of the following components of Azure File Sync do you need to create first?

a. Storage Sync Service

b. Sync group
c. Cloud endpoint
d. Server endpoint
Module-review questions (2 of 2)
3. Which of the following tasks can be performed on Azure Stack HCI-hosted virtual machines
running Windows Server 2019 by leveraging Azure Arc functionality?
a. Install an Azure VM extension
b. Install a Windows Server role
c. Configure DNS settings
d. Configure the time zone
4. Which two Azure services are required to implement Azure Update Management of Azure
Stack HCI-hosted virtual machines running Windows Server 2019?
a. Azure Security Center
b. Azure Monitor
c. Azure Automation
d. Azure Sentinel
e. Azure Key Vault
Module-review answers
1. Which two of the following components are required to shield an existing virtual machine
(VM) provisioned outside of guarded fabric?
c. Helper VHDX
d. .pdk file
2. Which of the following components of Azure File Sync do you need to create first?

a. Storage Sync Service

3. Which of the following tasks can be performed on Azure Stack HCI-hosted virtual machines
running Windows Server 2019 by leveraging Azure Arc functionality?
d. Configure the time zone
4. Which two Azure services are required to implement Azure Update Management of Azure
Stack HCI-hosted virtual machines running Windows Server 2019?
b. Azure Monitor
c. Azure Automation
Thank you.

© Copyright Microsoft Corporation. All rights reserved.