SMBblueprint deployment

SMB Blueprint also provides possibilities to deploy a set of azure resources.
The resources can be deployed using the graphical user interface or directly using PowerShell. The different resources are grouped together in different templates. A mean template will then call out to those templates. Below you can see how the different resources are grouped to logial components as:

figure: SMB resource deployment template structure Azure deployment

In addition to the logical grouping a categorization needed based on the size of the company.

The Azure resources deployed are categorized as 'small', 'medium' and 'large'.
3 denominators targeted at SMB clients of different sizes and needs.

SMB categorization

The categorization allows to differentate on the number of the resources as well on the size of those resources.

Example: 1 or more servers in the deployment model depending on the company size
Example: A Standard_DS1_v2 (basic VM) or a more powerfull VM size like Standard_DS3_V2

The deployment serves as a starting point and is by no means limited to the set of resources deployed by the SMB blueprint solution below you can find an overview of the different sizes.

table: categorization

Size # users # of servers server type
Small =< 5 users 1 Standard_DS1_v2 (1 CPU - 3.5 GB RAM)
Medium =< 20 users 1 Standard_DS2_v2 (2 CPU - 7 GB RAM)
Large =< 50 users 3 Standard_DS4_v2 (8 CPU - 28 GB RAM)

Note that there is no increase in the number of servers between a small and medium deployment.

In de following topics we will elaborate on the resources deployed per category.
But independend of the categorization a standard set of resources are deployed.

For example; a virtual machine always needs a storage account and a network card The following resources will be deployed regardless of the type of deployment.

Common resources

Network resources

table: General network resources

Resource Category Description
Network The virtual network. The virtual network has a fixed ip range set to 10.3.0.0/16.
NSG Network security groups (ACL) to protect the different subnets in the virtual network
Network Card Per virtual machine a network card is deployed to enable communication
public IP a public ip address is created and assigned to each network card. A public ip enables external communications

Infrastructure resources

table: General infrastructure resources

Resource Category Description
storage account a storage account per VM. the storage account will hold the vhd file(s) that hold the OS and possible extra data disks
Primary VM the virtual machine that will host the ADDS, DNS and RDS roles

Operations Management resources

table: General Operations management resources

Resource Category Description
OMS workspace a storage account per VM. the storage account will hold the vhd file(s) that hold the OS and possible extra data disks
Automation Account the virtual machine that will host the ADDS, DNS and RDS roles

Size specific resources

Small and medium

The small and medium deployments only differ in compute sizes and not in resources. The default resources deployed are:

table: small and medium deployment resources

Resource Category Description
virtual machine The primary virtual machine. (sra-01))
storage account the storage account containing the vm vhd's (stauniqueid)
network card The network card attached to the virtual machine (nic-sra-01)
public ip the public ip attached to the network card to enable communications (pip-sra-01)
virtual network the virtual network with a default addressprefix 10.3.0.0/16. (customername-vnet-default)
network security group the acl linked to the vnet subnet (nsg-management)
oms workspace the oms workspace (customername-oms-uniqueid)
automation account the automation account containing the sample script to start\stop vms (customername-aa-uniqueid)

Small and medium deployment overview

Large

In a large deployment additional virtual machines are deployed to host the possible load of users connecting.

Resource Category Description
virtual machine 1 The primary virtual machine. (sra-01))
storage account 1 the storage account containing the vm vhd's (stauniqueid)
network card 1 The network card attached to the virtual machine (nic-sra-01)
public ip 1 the public ip attached to the network card to enable communications (pip-sra-01)
virtual machine 2 The second virtual machine. (sra-02))
storage account 2 the storage account containing the vm vhd's (stauniqueid)
network card 2 The network card attached to the virtual machine (nic-sra-02)
public ip 2 the public ip attached to the network card to enable communications (pip-sra-02)
virtual machine 3 The third virtual machine. (sra-03))
storage account 3 the storage account containing the vm vhd's (stauniqueid)
network card 3 The network card attached to the virtual machine (nic-sra-03)
public ip 3 the public ip attached to the network card to enable communications (pip-sra-03)
virtual machine jumpbox a jumpbox virtual machine. (sra-jumpbox))
storage account jumpbox the storage account containing the vm vhd's (stauniqueid)
network card jumpbox The network card attached to the virtual machine (nic-sra-jumpbox)
public ip jumpbox the public ip attached to the network card to enable communications (pip-sra-jumpbox)
virtual network the virtual network with a default addressprefix 10.3.0.0/16. (customername-vnet-default)
network security group the acl linked to the vnet subnet (nsg-management)
oms workspace the oms workspace (customername-oms-uniqueid)
automation account the automation account containing the sample script to start\stop vms (customername-aa-uniqueid)

large deployment overview

Additional resources

Azure recovery services

The foremost important additional service provides native backup capabilities. If opted in for the recovery services all Virtual machines in the default deployment and any additional VM's deployed using the SMBblueprint fast track solution are onboarded.

In addition a default policy is created and assigned to the VM's.

Additional virtual machine

VPN gateway

If a hybrid scenario is needed (onpremise and Azure resources connected) a VPN connection needs to be established.
The VPN will be deployed in a reserved subnet. The reserverd subnet is named Gateway subnet.
The default delpoyment already foresees the subnet and provides an ip range.

A VPN gateway exists in different SKU's, but only the sku's below are deployed using the SMBblueprint solution

Additional virtual machine

table: Additional virtual machine deployment options

deployment option characteristics
none N/A
basic Basic edition (100 Mbps)

After delpoyment additional configuration is needed

Local networks and establishing the VPN connection is a manuel configuration after deployment.
A guide on the configuration can be found on the Microsoft Azure documentation center

Note: A VPN gateway deployment takes around 45min.

Additional virtual machine

In addition to the default infrastructure being deployed you also have the option to deploy an additional virtual machine.
This enables organizations to deviate from the deployment characteristics determined by the size of the company.

If you opted in on Azure recovery services to provide backup capabilities the virtual machine will also be onboarded.

Additional virtual machine

table: Additional virtual machine deployment options

deployment option characteristics
none N/A
small Standard_DS1_v2 (1 CPU - 3.5 GB RAM)
medium Standard_DS2_v2 (2 CPU - 7 GB RAM)

Azure SQL database

The deployment foresees the possibility to depoy an Azure SQL database in addition of the default infrastructure deployment.

Azure SQL database

table: Azure SQL deployment options

deployment option characteristics
none N/A
small Basic edition

Storage type

The storage type for the virtual machines is configurable: | deployment option | characteristics | | -----------------|-------------| | Standard_LRS (default)| | Standard_ZRS| | Standard_GRS| | Standard_RAGRS| | Premium_LRS |

Note: in the large deployment, the jumpbox VM is always configured with Standard_LRS storage