Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Migrate Windows & SQL workloads to Azure

Task 02 - Create on-premises resources

Introduction

Tailspin Toys is embarking on a comprehensive modernization effort, moving critical workloads from their on‑premises datacenter into Azure while continuing to manage selected services through Azure Arc. To prepare for this journey, you’ll first create a simulated on‑premises environment in Azure. This environment represents the starting point for the four exercises in the lab:

  • Lab 1: Migrate a SQL Server database to Azure SQL Managed Instance using MI‑Link, with high availability and disaster recovery enabled.
  • Lab 2: Migrate a containerized web application to Azure Kubernetes Service.
  • Lab 3: Enable Extended Security Updates (ESU) for Windows Server and SQL Server instances through Azure Arc.
  • Lab 4: Apply security controls to protect workloads and ensure compliance.

By deploying the simulated on‑premises environment now, you’ll have a realistic foundation to practice each of these migration and management scenarios in the exercises that follow.

Description

In this task, you will use a custom Azure Resource Manager (ARM) template to provision the baseline infrastructure. This template creates both the supporting Azure resources and the simulated on‑premises environment from which Tailspin Toys will migrate.

The key activities are:

  1. Retrieve your user information from Entra ID to parameterize the deployment.
  2. Deploy the ARM Template into your Azure subscription.
  3. Verify that all resources have been successfully created and are ready for use in later tasks.

Success Criteria

  • You have obtained the required Entra ID information to customize the deployment.
  • The ARM template has been deployed without errors.
  • All simulated on‑premises resources are visible in the Azure portal and ready for subsequent migration steps.

Solution

Expand this section to view the solution

Create a resource group

  1. Navigate to the Azure portal.

  2. Under Azure services select Resource groups.

    Resource groups is highlighted under Azure services on the Azure portal home page.

  3. On the Resource groups blade, select Create.

    The Create button is highlighted on the Resource groups blade.

  4. On the Create a resource group Basics tab:

    • Subscription: Select the subscription you are using for the lab.
    • Resource group name: Enter a name, such as rg-tailspin.
    • Region: Select one of the following regions:
      • East US
      • North Central US
      • Sweden Central
      • West US

      • West US 3

        On the Basics tab of the Create a resource group dialog, the resource group name is populated, and the subscription and region are selected. The Next button is highlighted.

        IMPORTANT: If you select a region not in the list above, your deployment will fail because the custom VM image required for Exercise 3 is only replicated into those regions.

  5. Select Next to go to the Tags tab.

  6. On the Tags tab, enter the following tag to allow temporarily bypassing some security policy settings for 14 days:

    • Name: SecurityControl
    • Value: Ignore

    The SecurityControl and Ignore name and value textboxes are highlighted on the Tags tab.

  7. Select Review + create, then select Create to deploy the resource group.

Deploy Azure resources

  1. Open a browser and navigate to the Lab Deployment Scripts readme file in the GitHub repository.

    If you’re deploying to Azure Gov, open a browser with your corporate account profile loaded in it.

  2. Select Deploy to Azure button on the Lab Deployment Scripts page to launch a custom deployment blade in the Azure portal.

    GitHub page with Deploy to Azure button highlighted

    If you’re deploying to Azure Gov, select the Deploy to Azure Gov button.

  3. If prompted, sign in with an account that is an owner of the Azure Subscription.

  4. From the Custom deployment page in the Azure portal, select the Cloud Shell icon from the top bar of the Azure portal to open a cloud shell panel at the bottom of the browser window.

    The Azure Cloud Shell icon is highlighted on the top bar in the Azure portal.

  5. At the Cloud Shell prompt, run the following Azure CLI command to retrieve your Entra ID information:

     az ad signed-in-user show --query "{id:id, upn:userPrincipalName}" -o json

    Copy the id and upn values from the JSON output. Leave the cloud shell panel open, as you will paste these values into the template parameters in the next step.

    Command-line output with signed in user's Id and UPN from Entra ID.

    IMPORTANT: The ARM Template uses this Entra ID account as the administrator for the SQL Managed Instance. It must be an Entra ID user, not a personal Microsoft account.

    To look up an alternative user, run the following command, replacing the <azure-login> placeholder with the user’s email login. (e.g., user@domain.onmicrosoft.com)

    az ad user show --id <azure-login>

  6. On the Custom deployment page, enter values for the required ARM template parameters.

    • Subscription: Ensure the correct Azure Subscription is selected.
    • Resource group: Select the resource group you created above.
    • Region: Verify the selected region is the same location you used when creating your lab resource group.
    • Azure Ad User Id: Paste the id value from the Cloud Shell.
    • Azure Ad User Login: Paste the upn value from the Cloud Shell.

    • Onprem VM Size: Select Change size and choose a VM size with available quota.

      Run az vm list-usage -l <location> -o table to check quota in a region.

    • Sqlmi Sku: Select GP_Gen5 (General Purpose - Gen 5).
    • Sqlmi V Cores: Select 4.

    • Accept the default values for the Repository settings and select Review + create to continue to the next tab.

      Azure Portal Create a new deployment standard window with entries to add all options needed to deploy the ARM template.

  7. On the Review + create tab, review the terms and conditions and select Create.

    On average, the custom deployment takes 20 minutes to complete. Monitor its progress via the Azure portal to ensure there are no problems.

    NOTE: While automation can make things simpler and repeatable, sometimes it can fail. If at any time during the ARM template deployment there is a failure, review the failure, delete the Resource Group, and try the ARM template again, adjusting for errors.

  8. Once the deployment completes, select Go to resource group to view the deployed resources. Verify that the VMs, networking, and SQL Managed Instance are present.

    Azure Portal notification window showing deployment complete with Go to resource group link highlighted.