Adding Multi-Cloud Template
Overview
CloudLabs Templates are the base of every hands-on lab environment. You can do a variety of configurations under Templates, such as adding prerequisites, enabling roles and policies for users, and much more.
Here, we will learn more about how to work with CloudLabs Templates.
Navigate to the Templates section in the left menu and click on the + ADD button from the top right corner.
Name: To easily identify the lab, add a name to the template.
Lab Code: The lab code is also used as an internal identifier. However, it is not used as any suffix or prefix in any of the resources deployed in your cloud environment.
Description: Provide a brief description of your lab, its resources, technologies, learnings and benefits. It will be visible to end users as well.
Lab Launch Page Description: The lab launch page is where you launch your lab environment. You can add any additional instructions to this page that you think are relevant for users.
Custom Page Title: In case you want to customize the title of the hands-on lab registration page, you can provide a title in this field.
Custom Logo URL: In case you want to customize the logo of the hands-on lab registration page, you can provide the URL of the logo in this field.
Note: The default page title and logo will be displayed, but if you wish to change them, you can use this field. End-users will be able to see it on the hands-on lab registration page, allowing you to customize what you want them to see.
Owner Email: In this field, you have to provide the email address of the person responsible for building the template.
Reviewed By: This field can be used to include the information of the reviewer who will be reviewing the template configurations.
Lab Guide URL: A lab guide is a document that gives users all of the directions they need to complete a hands-on lab. The lab guide URL can be entered here, and it will appear on the users' lab details page. The lab guide will be available to them once they have accessed the URL.
Demo URL: If you want to provide any kind of demonstration, like a video, document, simulation, etc., for the lab to your users, provide the link to the content here. Users will be able to see the link and navigate to it once the lab starts.
Help Document URL: If you want to provide users with a help manual that will assist them in completing the lab, you can place that document URL here.
Prerequisites URL: If you wish to give people visibility into how the lab is set up or how the prerequisites for the lab are defined, you may write a document and enter the URL here.
Approx. Deployment Duration: Your environment's prerequisite resources will take some time to deploy. The expected deployment duration will be defined throughout this time period. The period you enter in this area will be displayed to users as a countdown to the start of the lab.
Excluding Output Parameters: Here, you can specify values that are included in the Azure Resource Manager, CloudFormation, and Deployment Manager template outputs but want to exclude them from appearing in the parameters after creating a lab deployment. For instance, the values related to the trainer's username and password, access keys, and secret access keys.
User Lab Experience Types: This field contains mainly 2 options, namely RDP over HTTP and Integrated Databricks Workspace (iFrame Concept).
Control Panel Resources: Here, you can specify which resources you want to be visible and controlled from the control panel on the CloudLabs Admin Portal. The current options available to configure are Virtual Machine, SQL Data Warehouse, and Azure DevTest Labs. Once selected, you can perform operations like start, stop, restart, etc., directly from the control panel on the CloudLabs Admin Portal.
Enable Lab Validation: Lab validation enables you to check whether lab tasks are completed appropriately. In case the user had issues performing the lab, that can be checked under validations.
Enable Leaderboard: If desired, a leaderboard can be utilized to track a user's score based on their performance as measured by lab validation.
Delete Deployment Info After Success: Check the box if you wish to clean up the deployment history from the Azure Portal. Deleting this won't affect the deployed resources.
Enable Lab Preview: If checked, this feature allows attendees to get insights about the lab's content before launching any lab environment. For more details, refer to Lab Preview.
Pre-Deployment Allocation of CloudLabs Licenses: When checked, the CloudLabs licenses will be allocated to your deployments even before the user registers for them. If not checked, the CloudLabs license allocation will only happen for deployments when some user registers for it.
Now, we will move on to the next section where you have to provide the needed information for the cloud platform configuration.
Cloud Platform Configuration: Click on the + ADD button available at the top right corner.
Cloud Platform: Select the cloud platform where you want to deploy the lab infrastructure from the dropdown list. For example, Microsoft Azure, Amazon Web Services, Google Cloud Platform, and Oracle Cloud Infrastructure. Provide the necessary information for the selected cloud platform.
Note: The following fields will be changed based on the selected cloud platform. Here, we are selecting Microsoft Azure.
Platform Friendly Name: Unique name for the cloud platform.
Cloud Usage Type: This feature helps the system calculate the cost of a virtual machine or the total cost of all cloud resources. There are two options available, namely Cloud Resource Usage and VM Usage. Cloud Resource Usage will calculate the cost of all the resources deployed in the lab environment. However, VM Usage will only calculate the cost of the virtual machines and the related resources present in your cloud environment. Therefore, it is always recommended to select Cloud Resource Usage for efficient cost calculation.
Code: Use a code as an internal identifier. This code will also be concatenated in the name of the user Resource Group. As an example, if you use the code demolab, you will be able to tell that the template is about a demo lab. The user's Resource Group will be named ODL-demolab-xxxxxx, where 'demolab' is a lab code, 'ODL' is the default prefix, and 'xxxxx' is the CloudLabs-assigned user unique ID.
Subscription Type: This option is only available if you go for the Microsoft Azure cloud platform. For Amazon Web Services & Google Cloud Platform, it will be taken care of automatically.
CloudLabs provides three types of subscriptions, as listed below:
Shared Subscription: Here, a single subscription can be shared by multiple users, giving them access to the resource group level. Depending on the lab's needs and access constraints, you can use shared subscriptions.
Dedicated Subscription: A dedicated subscription is used when a lab requires subscription-level access. Here, each user gets access to a single subscription.
Dedicated Tenant: A dedicated tenant is used when a lab requires tenant-level access or global admin access. Here, each user has access to the entire tenant.
Deployment Plan: This allows you to choose several resource groups required in your lab. The selected number of resource groups will be pre-created in your environment.
Usage Policy URL: Usage policy is used to monitor cores/clusters of Azure resources. In the policy, we have to define a maximum limit of cores/clusters that is allowed for a user.
The usage policy revolves around these Azure resources - Virtual machines, CosmosDB accounts, SQL servers/databases, Virtual Machine Scale Sets, and Databricks clusters.
For example, you prepared a policy in which the allowed value for VM is set to 4 vCPU cores. Now, we have two users—User01 and User02—performing the same lab. User01 creates a VM that uses 2 cores, and User02 creates a VM that uses 8 cores.
Here, for both users, we will have two different cases as follows:
Case 1: User01 with 2 cores falls under the allowed value and will not violate the usage policy.
Case 2: User02 with 8 cores exceeds the allowed value, resulting in violating the usage policy.
Once the policy is violated, you will get alerted via email.
To receive the alert emails, a person/team can provide their email address while setting up the lab.
To view a sample of the Usage Policy, go to this link: Usage Policy Sample.
Region: This field allows you to select the region where you want to deploy the lab infrastructure on the cloud platform.
Create Service Principal: This feature is used to create a service principal as a part of prerequisites. On checking this box, a service principal will automatically get created in the user environment. On checking the Create Service Principal box, two more features will appear on the page as given below:
Send Service Principal: The details of the service principal, such as application ID, application secret key, subscription ID, tenant ID, and tenant domain, will be exposed to users on the lab details page.
Is Service Principal Dependent: Enable this check box if you need to use the SPN in your prerequisite configuration or if any prerequisite resources require the SPN during deployment.
Allow Global Admin Privilege: If checked, the Global Admin Privilege will be enabled for the ODL User.
Enable Custom RG Name: Checking this box will create resource groups with custom suffixes as their names. Once the RG is deployed, it will have -RG as the suffix.
Enable VM Access Over HTTP: This option allows you to access the virtual machine through a web browser. If the Microsoft RDP client does not allow you to connect to the VM, here is another method to connect to the VM via a browser. After enabling this functionality, we must complete further setups in order to set up RDP over HTTPS access, which we will cover in Virtual Machine Configuration. For more details, refer to Enable RDP/SSH over HTTPS.
Enable VM Shadow: COVID-19 has changed how training and workshops are conducted. Virtual workshops are the new normal in the learning industry now. The VM Shadow feature allows instructors to shadow the user's lab environment/VMs (virtual machines) and provide support in real-time.
- Shadow student’s lab environment
- Provide support in real-time
- Observe progress
- Collaboration
Dynamic RGs Available: Check the box in order if you want CloudLabs to fetch dynamic resource groups created by the deployments in your lab just for internal tracking.
Any Post-Manual Steps Required: Some steps cannot be automated as part of a lab's prerequisites. Therefore, you may have to do them manually. This feature serves as a reminder to you that there are manual actions that must be completed after your lab's automated deployment is complete.
Any Pre-Manual Steps Required: We may need to create VM images or snapshots in some scenarios because some VM customization is not feasible with the ARM template's custom script extensions. There are various requirements for using VM images or snapshots, such as having the images available in the expected regions and subscriptions that we are using for a lab.
We will ensure that the images are available in the required regions and subscriptions as a pre-manual step.
Enable Optimize Disk Cost: This feature helps in optimizing the virtual machine's disk cost in your lab environment. Once checked, you will be providing the related virtual machine name whose disk cost needs to be optimized. Suppose you have attached a premium disk to your virtual machine. In that case, CloudLabs will replace the disk with a more economical disk, like a standard HDD, when the VM is shut down and replace it with the premium disk when it is restarted without any data loss. This way, it helps avoid a higher cloud bill when the resource is not being used.
Show Resources Tab: If checked, users will be able to see the tab named Resources in their lab environment, from where they can perform operations like starting a VM, stopping a VM, etc.
Note: Similarly, if you select the Amazon Web Services cloud platform, the fields will be changed accordingly. The fields that will be available for configuration are shown below.
Once you have provided the necessary information for the cloud platform configuration, click on the Submit button to move on to the next section.
- In the Cloud Template section, you have to provide your IaC template based on the cloud platform you are using. If you are using Azure, then you have to enter the Azure Resource Manager template details. If you are using AWS, then you have to provide the CloudFormation template details.
Click on the + ADD button available at the top right corner.
For Cloud Platform type, select the cloud platform you are using from the dropdown list. Here, we are selecting Microsoft Azure.
Note: Similarly, if you are using AWS, then you have to select the AWS cloud platform from the dropdown list. A few fields will be changed accordingly.
Deployment Scope: This field allows you to select the deployment scope for your IaC template. The options available are Subscription and Resource Group.
Template Type: This field allows you to select the type of IaC template you are using. The options available are Cloud Provisioning and Terraform Script.
Note: If you select the Cloud Provisioning option, then you have to provide the Azure Resource Manager's template details. If you are selecting the Terraform Script option then you have to provide the Terraform Script's details.
Resource Group: This field allows you to select the resource group where you want to deploy the IaC template.
Cloud Template URL: This field allows you to provide the URL of the IaC template in JSON format.
Parameters Template URL: This field allows you to provide the URL of the parameters template in JSON format.
Note: The URLs must be coming from a public storage account.
Once you have provided the necessary information for the cloud template configuration, click on Submit.
In the Template Permissions section, you have to configure permissions that you would like to attach to AAD users or service principals for Azure and IAM users for AWS.
Click on the + ADD button available at the top right corner to add the template permission.
For Platform Friendly Name, choose Microsoft Azure, Amazon Web Service, or any other cloud platform from the dropdown menu.
Note: Fields which are mentioned below will change based on the cloud platform. Now, we are considering Microsoft Azure below.
For Permission Type, choose whether you want to attach built-in permissions or custom ones from the dropdown menu.
For Profile Type, choose Attendee, Instructor, or Group Member from the dropdown menu.
For Identity, choose from AAD User or Service Principal for Azure.
For Scope Type, select Azure from the dropdown.
For Scope Level, you can specify a scope at the resource group level or the subscription level based on the subscription type.
For Launch Type, we have two options available here. They define when the restrictions should be applied.
Apply at Launch: This will apply for the role before starting the deployment of the lab.
Apply Manually: Here, you have to apply for the role manually. It won't get assigned automatically.
At last, click on the SUBMIT button to save it.
MS CLOUD LICENSES
Some conditions must be met before a user can access Microsoft products. To fulfill those conditions, we have Microsoft licenses to provide software services and hosted applications for the users performing your lab.
This function grants you access to a variety of Microsoft licenses, which include Power BI Pro, Office 365 Business Essentials, Azure Active Directory Premium P1, and much more. Some of those are shown in the image below:
To attach the cloud license, click on the + ADD button available at the top right corner.
Perform the following steps to pick a license:
Platform Friendly Name: Currently, it is only available for Azure.
MS Cloud License: Select the required license from the dropdown.
Click on SUBMIT to save the configurations.
DEPLOYMENT SCRIPT REPOSITORY:
This feature allows you to run any or multiple PowerShell scripts, which can be utilized for automation in different scenarios, like the creation of any kind of Azure resources, Microsoft Entra ID objects, deletion of resources, etc. You can also choose to run the script at different instances of your choice, like the creation of a new deployment, the success of a new deployment, and more.
Follow the below steps to get started:
Click on the + ADD button.
Under Add Deployment Script, add the following values:
Platform Friendly Name: Choose your cloud platform from the dropdown.
Type: PowerShellV2
Name: Provide a name for your deployment script.
Script: Here, provide the PowerShell script you created, which performs certain actions in your lab. Note that you don't need to configure the authorization code block in your script, as CloudLabs does that for you!
Parameters: Here, you can add the custom parameters you have used in your script (if any). To do so, select ADD+ and provide the name and value of the parameters in the respective fields. The value you provide in the Value field will be passed to the parameter you have set, which the deployment script can then use.
Run: Choose Per User to run the script for every user of your lab environment specifically.
Run As: You can run the deployment script either using CloudLabs or any service principal you create. Select System to run the script through CloudLabs, or select AAD Service Principal if you want to run the script through another service principal conditionally. It is authorized to do so.
Run On: Here, you can choose when to run your script. You are provided with the following options, each running your script differently:
Deployment Initiation: This will run the script as soon as the deployment starts. You can choose this if your script doesn't have any dependencies on any of the resources deployed using the ARM template.
Deployment Success: This will run the script only after the deployment has succeeded. Choose this option if you have any kind of dependencies on any resource(s) deployed through the ARM template, which requires your ARM template to be deployed before the script runs.
Manual Run: This will not run the script automatically at any time during the complete deployment. You will only be able to run the script manually using the Run button on the CloudLabs Admin Portal whenever you want.
Deployment Deletion: This will run the script only after the deployment is deleted.
VIRTUAL MACHINE CONFIGURATION:
This feature allows you to configure your host virtual machine and complete the setup for RDP over HTTPS access. As we stated earlier, once your lab is ready, the environment you receive will include a VM on the left side of the browser and the lab guide on the right.
Therefore, by providing the required configuration here, it will reflect your host VM in your lab environment.
Follow the steps below to get started:
Click on the + ADD button.
Under Add VM Configuration, add the following values:
Note: Fields which are mentioned below will change based on the cloud platform.
Name: In this column, you must enter the exact name of the VM that you used in your ARM template.
Type: Here you have to choose the type of your virtual machine. There are two options available—RDP and SSH—so choose one based on the type of your VM.
Server DNS Name: From your ARM template, pick up the output parameter that has the VM DNS name stored in it and paste it into this field.
Server User Name: From your ARM template, pick up the output parameter that has the VM username stored in it and paste it into this field.
Server Password: From your ARM template, pick up the output parameter that has the VM password stored in it and paste it into this field.
Server Domain: Enter the domain name.
Enable Hyper-V Guest VMs Over HTTPS: If this lab is based on Hyper-V and you are required to access the Hyper-V Guest VMs over HTTPS (from a browser) just like the main host VM, then only mark this flag as enabled.
Is Default VM: If there is more than one VM configuration in your CloudLabs template, then you can check this box for the VM you want users to navigate to by default as soon as the lab launches. The users will always be able to switch to different VM(s) using a dropdown present on the top right of their lab.
Enable Audio Input: Check this flag to enable audio input for the virtual machine. It is an accessibility feature that reads out the contents of the screen aloud for those with visual impairment.
Instructor Username: From your ARM template, pick up the output parameter that has the instructor username stored in it and paste it into this field. It will be used in setting up the CloudLabs VM Shadow connection.
Instructor Password: From your ARM template, pick up the output parameter that has the Instructor password stored in it and paste it into this field. It will be used in setting up the CloudLabs VM Shadow connection.
At last, click on SUBMIT to save the configurations.
For AWS, follow: Enable VM Access over HTTPS for AWS.
Course Details:
This section allows you to configure PowerShell-based validations for your labs. Validations are used by CloudLabs to enable instructors to verify whether the students or attendees have done their labs in the way they are expected to. CloudLabs currently enables admins to author custom PowerShell validations based on Azure and AWS. In addition to cloud-specific PowerShell commands, you can utilize the capabilities of PowerShell to call APIs to author even more specific validation commands. For further details, refer to PowerShell-Based Validations.