Since I am dealing with a lot of Azure Stack installations I also want to share some interesting tools you can leverage like the Azure Stack Capacity Calculator and others. One of the latest I want to share with you is the Azure Stack Readiness Checker PowerShell module called AzsReadinessChecker. This PowerShell module helps you to run validations of your environment and resources before you deploy Azure Stack. The AzsReadinessChecker module for example validates things like:
- Certificates
- Azure Active Directory
- Azure Accounts
- Azure Subscriptions
The Start-AzsREadinessChecker cmdlet also helps to generate a Certificate Signing Request (CSR) which you can summit to your CA or your CA provider to get the specific certificates.
Install the AzsReadinessChecker PowerShell module
To install the AzsReadinessChecker PowerShell module, you can simply run the following command to install it from the PSGallery:
Install-Module Microsoft.AzureStack.ReadinessChecker
Generate CSR for Azure Stack Certificates
To generate the Certificate Signing Request (CSR) for the Azure Stack Public Certificates, you can use the simple command. You will need to enter all the information from your Azure Stack deployment like Region, FQDN and more.
$regionName = 'swiss01' $externalFQDN = 'azurestack.thomasmaurer.ch' $subjectHash = [ordered]@{"OU"="AzureStack";"O"="ThomasMaurer";"L"="Zurich";"ST"="Baselland";"C"="CH"} Start-AzsReadinessChecker -regionName $regionName -externalFQDN $externalFQDN -Subject $subjectHash -IdentitySystem AAD -requestType SingleCSR
This will then generate the .req file.
Validate Azure Stack Certificates
After you got your generated Azure Stack Certificates, you can validate them. For that you can also simply use the Start-AzsReadinessChecker cmdlet.
$password = Read-Host -Prompt "Enter PFX Password" -AsSecureString Start-AzsReadinessChecker -CertificatePath .\Certificates\ -PfxPassword $password -RegionName swiss01 -FQDN azurestack.thomasmaurer.cch -IdentitySystem AAD
Validate Azure Readiness for Azure Stack
As mentioned you will need other resources in Azure to deploy Azure Stack. With the AzsReadinessChecker, you can also validate these. Here are some examples for the validation. For a full list check out the Azure Stack documentation page for: Start-AzsReadinessChecker cmdlet reference
Validate Azure AD identity for Azure Stack
$serviceAdminCredential = Get-Credential -Message "Enter Credentials for Service Administrator of Azure Active Directory Tenant e.g. [email protected]" Start-AzsReadinessChecker -AADServiceAdministrator $serviceAdminCredential -AzureEnvironment AzureCloud -AzureDirectoryTenantName azurestack.thomasmaurer.ch
Validate Azure Subscription for Azure Stack
$registrationCredential = Get-Credential -Message "Enter Credentials for Subscription Owner"e.g. subscriptionowner@thomasmaurer.ch" $subscriptionID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX" Start-AzsReadinessChecker -RegistrationAccount $registrationCredential -RegistrationSubscriptionID $subscriptionID -AzureEnvironment AzureCloud