Team Foundation Server in Azure Government

Michael S. Hansen

Visual Studio Team Services (VSTS) is a great platform for orchestrating your DevOps. It makes it easy to mix and match the tools you like to use for your CI/CD environment while providing a hosted platform for tying it all together. However, the Software as a Service (SaaS) version of VSTS is not always the right choice. Specifically, an organization may want to keep their DevOps server private or the organization may be deployed in the Microsoft Azure Government cloud where VSTS is not yet available. In that scenario it makes sense to deploy Team Foundation Server (TFS).

A typical TFS deployment includes the TFS server itself, a backend SQL database, and one or more build agents. Deploying these resources can be a bit difficult so to assist with this process we have written a set of Azure Resource Manager templates that can help an organization get the process started. The resources will likely need to be adjusted for a specific deployment scenario, but the templates can serve as inspiration for what a deployment could look like.

The topology in the templates looks something like this:


In a virtual network it establishes a new domain with two domain controllers and deploys a TFS server, a database, and a TFS agent. To access the virtual network, the pattern includes a jump box; another strategy would be to add a VPN gateway, but for simplicity we are going with the jump box.

You can find the template here:

This deployment actually consists of two nested deployments that you could choose to deploy individually. The first one, core-network, establishes the virtual network with jump box and domain controllers. The second one, TFS, establishes the DevOps resources

Establishing the domain with associated reboots, etc. takes time and installing TFS is not swift, so expect the complete deployment to take about an hour to complete. By the end of it, you should be able to log into the jump box and type the URL (http://tfs:8080/tfs) of the TFS server and start creating projects and setting up build pipelines and be fully automated. The build agent has Visual Studio 2017 installed and you can use that as a development box as well or add another VM into the network to serve as a development workstation. The TFS installation will not be accessible outside the virtual network.

In addition to establishing the DevOps resources, the pattern illustrates a few different things:

  1. How to establish domain controllers and configure them with Desired State Configuration DSC. There are several other examples online for how to do that, see for instance this one.
  2. How to join a SQL server VM to a domain and add the domain enterprise administrator as a sysadmin on the database server using DSC. It is mainly done in this script. This script also makes sure the firewall is open for the database.
  3. How to install TFS using DSC. It is done with this script.
  4. How to install the VSTS/TFS agent on a node using DSC.

Please try to deploy it in the Government clouds and us know if you run into any problems!

Please be aware that running TFS in production mode generally requires a license and is not free.


Discussion is closed.

Feedback usabilla icon