Shareing Virtual Machines Between Different Azure Accounts
I have 10 plus developers in my group. All have MSDN licenses and we are exploring the use of Azure to do our SharePoint development. In order to setup SharePoint properly you need 3 Virtual Machines, a DC, a SQL Server and a SharePoint server. It would be nice if between the 10 developers they could share a DC and SQL Server and only have a SharePoint server unique to them. Of course, doing this in a secure fashion is key.
It is now possible to share images across subscriptions in the same AAD tenant using the Shared Image Gallery.
Shaine Ismail commented
Hi Corey, this would be really useful.shaine
Surely this is already possible? unless I'm missing something fundamental in the question!
I have a number of developers / subscriptions and have simply created a virtual network in each subscription and then linked them all together with VPN. That way you can have an AD server in one, a SQL server in another etc...
This is completely secure as it is closed to anyone outside of the VPN
Rajinder Singh commented
Most clients run dev/test/stage and prod in separate azure subscriptions. Most VM's require active directory. Right now clients are forced to deploy multiple AD Servers in each subscription. This is expensive and even the security guys balk at the idea of running a domain controller per subscription.
Yes there is a real need to be able to group subscriptions together to pool resources but also to allow easy comms between resources on those subscriptions.
Olav Tollefsen commented
Yes, I often see this need in enterprise accounts. There are needs to deploy some common infrastructure on one subscription, deploy test / dev resources for various separate business units on their own subscriptions and deploy production resources for various separate business units on another set of subscriptions.
However in many cases systems from one business unit needs to communicate over a private network to the systems owned / developed by another business divisions or to be able to access common infrastructure like an integration bus / active directory / dns etc.
Today one needs to deploy all the resources to a single subscription in order for the resources to be able to communicate between them over a private network. But, then you end up with too many admins having access to systems owned by other business units and you also have no way to report on costs per system or per business unit.
So, there are clearly need for different models on how to do this.