Topic 2, Litware Office
Existing Environment
Network Environment
The Litware offices and the Fabrikam office connect by using a private circuit. Each office connects directly to the Internet.
Identity Environment
The Litware network contains an Active Directory forest named litwareinc.com. The forest and an Azure Active Directory (Azure AD) tenant named litwareinc.com are integrated by using Active Directory Federation Services (AD FS). Litware has an enterprise certification authority (CA).
The Azure subscriptions of Litware are associated to the litwareic.com Azure AD tenant.
Fabrikam also has an Azure AD tenant.
Azure Stack Hub Environment
Litware has the following two Azure Stack Hub integrated systems:
A fully operational integrated system in Boston that connects to the Internet and has the following configurations:
- Is managed by using an administrator management endpoint of:
https://adminportal.eastus.litwareinc.com
- Has an Azure App Service deployment that has two dedicated, large web workers
- Currently uses version 2005 of Azure Stack Hub
A newly delivered integrated system in Chicago that is disconnected from the Internet and will be managed by using an administrator management endpoint of: https://adminportal.northcentralus.litwareinc.com Datacenter Environment The Chicago datacenter of Litware contains the infrastructure shown in the following table.

Current Problems
During heavy usage, requests to App Service in Boston fail despite low utilization of the web workers.
Requirements
Planned Changes
Litware plans to implement the following changes:
Deploy an Event Hubs resource provider to the integrated system in Boston.
Make Azure Functions available to Azure Stack Hub users in Boston.
Prepare the integrated system in Chicago to be production-ready.
Technical Requirements
Litware identifies the following technical requirements:
Implement an infrastructure to support Azure Functions on the integrated system in Boston.
Provision the certificates required to deploy the Event Hubs resource provider to the integrated system in Boston.
Configure an identity provider for the integrated system in Chicago.
Locate the IP address of the privileged endpoint (PEP) of the integrated system in Chicago.
Ensure that only operators have control over the creation of subscriptions on the integrated system in Chicago.
Provision a certificate to provide access to the Azure Resource Manager endpoint of the integrated system in Chicago.
Identify which PowerShell setting on CLIENT1 and CLIENT2 must be modified to register the integrated system in Chicago.
Implement a management app that will use Azure Resource Manager to inventory the resources of the integrated system in Chicago.
Security and Compliance Requirements
Litware has the following security and compliance requirements:
All infrastructure software must run the latest version, including hotfixes.
Litware must have control over certificate revocations.
Business Requirements
Litware wants to ensure that the users at Fabrikam have secure access to the workloads on the integrated system in Boston.
Updates and Hotfixes
The current hotfixes and updates available for Azure Stack Hub are:
2005
2005 hotfix 1
2005 hotfix 2
2005 hotfix 3
2008
2008 hotfix 1
2008 hotfix 2
2011 (latest version)