Sandbox environments provide an efficient and cost-effective means of testing new features, assessing security configurations, isolating code executions, and troubleshooting technical issues. Through shared testing instances, they can also be powerful tools for collaboration, all without impacting your production environment.
By leveraging Azure Virtual Machines alongside multiple storage options, Azure Sandbox allows you to experiment with application development, application testing, training and onboarding, and even proof of concept demonstrations alongside Azure capabilities, features, and services. However, you must first define both your use case and your security policies.
This piece provides an overview of how to create, configure, and launch Azure Sandbox for testing and training, along with recommended best practices.
By creating a sandbox environment in Azure, you gain all the benefits of a full IT lab at a fraction of the cost. This allows you to accelerate both software development and sales enablement without the considerable expense that normally entails. More importantly, you can do this without disrupting or exposing your production environment.
When you create your Microsoft Azure account, you’ll start as a free user with the option of a trial period and $200 in credit. If you intend to leverage Azure for anything other than personal use, this is not recommended. In order to create an Azure Sandbox, you’ll need a subscription.
Before you can start creating sandboxes, you must first set up Azure Cloud. Start by creating a resource group (or several, if you have more than one use case for Azure Sandbox). Next, you’ll want to determine how you provision your resources.
You have several options:
With your resources created and provisioned, create a virtual network through the Azure portal, then create one or more subnets. Finally, create a Network Security Group with inbound and outbound access rules and assign it to your subnets. These rules should be based on a zero trust network access (ZTNA) framework.
Although your Azure Sandbox is separate from your production environment, sandbox accounts can still be incredibly valuable to threat actors. Not only can they potentially gain access to sensitive resources, they may be able to probe a simulation of your network for vulnerabilities. To keep both your sandbox and your Active Directory deployment safe, you should employ the following security measures:
Once Azure Cloud is configured, you can create an Azure Sandbox environment with the following steps:
In order to keep your production environment fully separate from your development and testing environment, it may be worthwhile to create a separate Azure subscription exclusively for Azure Sandbox. This also provides you with more control over your sandbox environments, as you can apply whatever policies you require without worrying about their impact on production.
You can further streamline your Azure Sandbox deployments by automating resource and configuration management through a tool like Azure DevOps. Automation can also help reduce unnecessary spend by cleaning unused or underutilized resources, preventing unauthorized access, and applying updates.
Azure comes with a number of built-in tools for quota management that you can use to limit resource usage for both individual sandbox instances and resource groups. It is recommended that you leverage these capabilities. Otherwise, you may be hit with unexpected costs.
Similarly, you should also limit the regions in which users can create resources, both to reduce latency and to reduce the likelihood of forgotten instances.
Azure DevOps, one of the many utilities packaged with the Azure Cloud, includes built-in source control tools to help your team keep track of changes in both testing and production. You can also use a repository such as Git.
One of the most powerful services available through Azure is the capacity to create a sandboxed Azure DevTest Lab .
This virtual IT lab that can be used for everything from testing and training to development. The service allows users to quickly create and share both infrastructure-as-a-service virtual machines and platform-as-a-service environments. These instances can be created via preconfigured bases, Azure Resource Manager templates, or custom artifacts.
The process for creating a DevTest lab is very similar to creating an Azure Sandbox — log into the Azure Portal, click on Create a Resource, search for and select DevTest Labs, and enter in all requisite information.
Azure Sandbox is an incredibly versatile service, made all the more valuable by the Azure Cloud’s extensive toolkit. But that versatility can be a double-edged sword. An improperly-configured cloud or sandbox can do more harm than good, driving up costs and exposing sensitive assets to bad actors.
That’s where CloudShare comes in. Our nimble, on-demand sandbox environments are the perfect complement for Azure Cloud, and we ensure that no matter how complex your requirements and use case are, spinning up a new instance requires only a few clicks. Our specialized virtual IT labs offer simplified setup wizards, VM import, and a huge library of licensed templates while also integrating readily with the most popular development tools.
Ready to get started with your next Azure sandbox? Learn more about sandboxing with CloudShare and how it can save time, reduce costs, and support collaborative software development in your organization.