← Back to Dashboard

Hybrid Lab Guide: The Complete Connectivity Handbook

This guide provides detailed, step-by-step instructions for implementing Hybrid Azure Designs by connecting your Pluralsight Sandbox (Ephemeral Compute) with your Azure Free Tier (Persistent Identity/SaaS).

Prerequisites:
  1. Pluralsight Sandbox: Active session (approx. 4 hours).
  2. Azure Free Tier: Active subscription (Pay-As-You-Go or Free Trial).
  3. Tools: PowerShell, Azure CLI, Remote Desktop (RDP).

πŸ—οΈ Core Connectivity Pattern

Since we cannot create VPNs between these environments, we use Public Internet Connectivity secured by Application-Layer Authentication.

  • Sandbox Resources: Have Public IPs (VMs, Load Balancers).
  • Free Tier Resources: Have Public Endpoints (Entra ID, DevOps, Cosmos DB).
  • Security: All traffic is encrypted via HTTPS (TLS 1.2+).

πŸš€ Design 47: DevSecOps (The Build Agent)

Goal: Use Azure DevOps (Free Tier) to build/deploy code on a Sandbox VM.

1. Free Tier Configuration (Azure DevOps)

  1. Create Organization: Go to dev.azure.com β†’ New Organization.
  2. Create Project: Name it Hybrid-DevOps.
  3. Create PAT (Personal Access Token):
    • User Settings (Top Right) β†’ Personal Access Tokens.
    • New Token β†’ Name: SandboxAgent.
    • Scopes: Select Agent Pools (Read & Manage).
    • Copy the Token. (You won't see it again).
  4. Create Agent Pool:
    • Project Settings β†’ Agent Pools β†’ Add Pool.
    • Type: Self-hosted.
    • Name: Sandbox-Pool.

2. Sandbox Configuration (The VM)

  1. Deploy VM: Windows Server 2019 (Standard_B2s).
  2. RDP into the VM.
  3. Download Agent:
    • In the VM browser, go to your DevOps Project β†’ Agent Pools β†’ Sandbox-Pool β†’ New Agent.
    • Click Download.
  4. Install Agent:
    • Extract the zip to C:\agent.
    • Open PowerShell (Admin).
    • Run .\config.cmd.
    • Server URL: https://dev.azure.com/{your-org-name}.
    • Auth Type: Press Enter for PAT.
    • Token: Paste the PAT from Step 1.
    • Pool: Sandbox-Pool.
    • Agent Name: Press Enter (default).
    • Run as Service: Type Y.
  5. Verify: Go back to DevOps β†’ Agent Pools. You should see the agent Online.

πŸ†” Design 49: Hybrid Identity (AD Connect)

Goal: Sync "On-Prem" Users (Sandbox) to Entra ID (Free Tier).

1. Free Tier Configuration (Entra ID)

  1. Create Global Admin:
    • Go to Entra ID β†’ Users β†’ New User.
    • Name: syncadmin.
    • Role: Global Administrator.
    • IMPORTANT: This must be a cloud-only account (e.g., syncadmin@yourtenant.onmicrosoft.com).

2. Sandbox Configuration (Domain Controller)

  1. Deploy VM: Windows Server 2019.
  2. Install AD DS:
    • Server Manager β†’ Add Roles β†’ Active Directory Domain Services.
    • Promote to DC: Create a new forest lab.local.
  3. Create Users: Open AD Users & Computers β†’ Create OU SyncUsers β†’ Create user JohnDoe.
  4. Install AD Connect:
    • Download Microsoft Entra Connect (V2) from Microsoft Download Center.
    • Run AzureADConnect.msi.
    • Express Settings: Use Express Settings.
    • Connect to Entra ID: User syncadmin@... (from Step 1).
    • Connect to AD DS: User LAB\Administrator (Local Admin).
    • Install: Click Install.

3. Verification

  1. Wait 2 minutes.
  2. Go to Entra ID (Free Tier) β†’ Users.
  3. You should see JohnDoe with Directory Synced = Yes.

πŸ•ΈοΈ Design 35: Azure Arc (Server Management)

Goal: Apply Azure Policy (Free Tier) to a Sandbox VM.

1. Free Tier Configuration (Arc)

  1. Search Azure Arc β†’ Servers.
  2. Click Add β†’ Add a single server.
  3. Prerequisites: Click Next.
  4. Resource Details:
    • Subscription: Your Free Tier Sub.
    • Region: East US.
    • OS: Windows (or Linux if using Linux VM).
  5. Download Script: Copy the generated PowerShell script.

2. Sandbox Configuration (The Target)

  1. RDP into your Sandbox VM.
  2. Open PowerShell (Admin).
  3. Paste & Run the script.
  4. Authenticate: A browser window will open. Sign in with your Free Tier credentials.
  5. Wait: The script will install the Connected Machine Agent.

3. Verification

  1. Go to Azure Arc (Free Tier).
  2. You will see the VM listed.
  3. Action: Go to Policies (in Free Tier) β†’ Assign a policy (e.g., "Audit VMs without Disaster Recovery") to this Arc Server.

πŸ“¦ Design 17: Multi-Tier App (Frontend-Backend)

Goal: App Service (Free Tier) connects to SQL/API (Sandbox).

1. Sandbox Configuration (Backend)

  1. Deploy VM: Windows Server or Linux.
  2. Install Service: Install SQL Server Express or run a Python API on Port 80.
  3. Network Security Group (NSG):
    • Go to the VM's Networking blade.
    • Add Inbound Rule:
      • Source: Any (For lab simplicity. In prod, restrict to App Service IPs).
      • Port: 1433 (SQL) or 80 (API).
      • Action: Allow.
  4. Get Public IP: Note the VM's Public IP (e.g., 20.55.1.1).

2. Free Tier Configuration (Frontend)

  1. Create App Service:
    • Plan: F1 (Free).
    • Runtime: Matches your code (Node, Python, .NET).
  2. Configure Connection:
    • Go to Configuration β†’ Application Settings.
    • Add New Setting: DB_CONNECTION_STRING.
    • Value: Server=20.55.1.1;Database=mydb;User Id=sa;Password=...;
  3. Deploy Code: Deploy your web app that reads this setting.

πŸ’Ύ Design 45: Data Mesh (Purview Scanning)

Goal: Azure Purview (Free Tier) scans Data (Sandbox Storage).

1. Sandbox Configuration (Data Source)

  1. Create Storage Account: Standard LRS.
  2. Upload Data: Upload some CSV files to a container.
  3. Get Access Key: Go to Access Keys β†’ Copy Key1.

2. Free Tier Configuration (Governance)

  1. Create Purview Account: (Note: Purview has a cost, check if Free Trial applies. If not, use Azure Policy scanning instead).
  2. Alternative (Free): Use Power BI Desktop (Free).
    • Open Power BI Desktop.
    • Get Data β†’ Azure Blob Storage.
    • Account Name: (Sandbox Storage Name).
    • Account Key: (Paste Key from Step 1).
    • Result: You are now analyzing Sandbox data in your local/Free Tier tool.

πŸ›‘οΈ Design 44: Mission Critical (Global Traffic)

Goal: Front Door (Sandbox) routes to AKS (Sandbox) + Cosmos (Free Tier).

1. Free Tier Configuration (Database)

  1. Create Cosmos DB:
    • Capacity Mode: Serverless or Provisioned (Free Tier discount).
    • API: NoSQL.
  2. Get Connection String: Go to Keys β†’ Copy Primary Connection String.

2. Sandbox Configuration (Compute & Routing)

  1. Create AKS Cluster: Basic Tier (Free).
  2. Deploy App:
    • Create a Kubernetes Secret with the Cosmos DB Connection String.
    • kubectl create secret generic db-secret --from-literal=connectionString="<paste-string>"
    • Deploy your Pods referencing this secret.
  3. Create Front Door:
    • Create a Front Door (Standard).
    • Origin: Point to your AKS Public IP (Load Balancer).
    • Routing: Route / to the AKS Origin.

πŸ‘‘ Design 50: The Ultimate Architecture (Orchestration)

Goal: Combine everything.

  1. Identity Layer (Free Tier):
    • Set up Entra ID users and groups.
    • Create a "Break Glass" account.
  2. Governance Layer (Free Tier):
    • Assign Policies to your Subscription.
    • Create Cost Budgets.
  3. Connectivity Layer (Sandbox):
    • Deploy the Hub VNet and Azure Firewall (Basic).
    • Deploy VPN Gateway (Basic).
  4. Workload Layer (Sandbox):
    • Deploy Spoke VNets peered to the Hub.
    • Deploy AKS and VMs in Spokes.
  5. Hybrid Link:
    • Install Arc Agent on the Hub Jumpbox VM.
    • Install DevOps Agent on a Spoke Build VM.

🧹 Cleanup Instructions

Sandbox

  • Action: Close the browser tab.
  • Result: All VMs, AKS clusters, Firewalls, and IPs are automatically destroyed.

Free Tier (Manual Cleanup Required)

  • Entra ID: Delete the syncadmin user and any synced users (JohnDoe).
  • Azure Arc: Delete the "Server - Azure Arc" resources (they will show as "Disconnected").
  • DevOps: Delete the Sandbox-Pool from Organization Settings.
  • App Service: Delete the App Service and App Service Plan to free up your F1 quota.