Day 5 - Build Your Hybrid Infrastructure On Windows Azure IaaS

Cloud OS: Build your
infrastructure on Windows Azure

IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com
Microsoft Partner Network Internal Use Only
About Your Presenter

Wesley Fernandes Vieira
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com
Consultor de infraestrutura desde 2005

Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter
About Your Presenter

Alfredo Fortenboher
alforten@microsoft.com - latampts@microsoft.com
15 anos de experincia em TI e telecomunicaes

Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter
Sessions tools
Feedback
Content download
Shared Notes
Roadmap Microsoft Cloud OS

Microsoft Cloud OS
There are more apps, more devices, and now,
more data than ever all driven by the rise
of cloud computing and the use of cloud
services. With these technologies playing an
ever present role in businesses, how can IT
drive more efficiency and deliver new forms of
value? Microsofts answer is the Cloud
OS.
Cloud OS Building Blocks Sessions

Date
Title
Live sessions
27 Jan
Cloud OS Implementao e Configurao de Failover Cluster no Windows 2012 R2
03 Fev
CloudOS - Atualizao e preparao do Active Directory para o CloudOS
10 Fev
Cloud OS - Construa a sua infraestrutura hbrida com Windows Azure IaaS
17 Fev
Cloud OS Migrao de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure
On-Demand sessions
Cloud OS - Construo de solues: Windows Server 2012 R2 Storage
Cloud OS - Construo de solues: System Center 2012 R2

Cloud OS - Virtual Machine Manager, Service Templates
Agenda
Agenda
Windows Azure IaaS
In this session we are
going to present how to
extend the corporate
infrastructure in a Hybrid
Cloud scenario by using
Windows Azure IaaS
capabilities.
Windows Azure
IaaS: Concepts
Virtual Machines
How to Create a
Windows Azure VM
Hybrid Deployment
DiskCloud
and Storage
OS
Monitoring VMs
Resources
Demos
Windows Azure IaaS: Concepts
Evolving Hosting Options
47 percent of new apps are onpremises

88 percent of sockets in corporate data
center
98 percent of large organizations

have some degree of virtualization
20 percent of organizations have

private clouds
Majority of cloud growth is IaaS
Majority of new cloud apps are Product

as a Service (PaaS)
Most efficient model for cloud
development
About 16 percent of new apps qualify

as Software as a Service (SaaS)
Business model, not hosting model;
there are on-premises SaaS apps
What is Windows Azure IaaS?

Infrastructure Services are the lower level of building blocks
Virtual Machines
Cloud Services
Virtual Networks
Cloud Services, Roles and Instances

Cloud Service is a management, configuration, security,
networking and service model boundary
Virtual Machines
Virtual Machines are roles with exactly one instance
Virtual Machines
Virtual Machines: deliver on-demand, scalable compute
infrastructure when you need to quickly provision resources to

meet your growing business needs.
With Virtual Machines, you get choice of Windows Server and
Linux operating systems in multiple configurations on top of the
trustworthy Windows Azure foundation.
- Provision compute infrastructure at the pace your business requires
- Enterprise grade support with enterprise ready products
- Use the tools you know and be ready for tomorrow
- Monitor, alert and auto scale
Virtual Machines and Cloud Services

Multiple Virtual Machines can be hosted within the same cloud
service
Fault Domains and Update Domains

Fault Domains
Represent groups of resources anticipated to fail
together
i.e. Same rack, same server
Windows Azure Fabric spreads instances across fault at
least 2 fault domains
Update Domains
Represents groups of resources that will be updated
together
Host OS updates honour service update domains
Specified in service definition
Default of 5 (up to 20)
Fabric spreads role instances across Update
Domains and Fault Domains
Storage Accounts
Gives your applications access to Windows Azure Blob, Table, and
Queue services located in a geographic region.

The storage account represents the highest level of the
namespace for accessing the storage services.
A storage account can contain more than 99TB of blob, queue,
and table data.
You can create many storage accounts for your Windows Azure
subscription.
Affinity Groups
Closely locate your compute,
network and storage resources in
the same datacenter
Get better performance
Get lower latency
Reduce egress costs
Virtual Networks
Enables you to create a logically isolated section in Windows
Azure and securely connect it to your on-premises datacenter or a

single client machine using an IPsec connection.
Virtual Network makes it easy for you to take advantage of
Windows Azures scalable, on-demand infrastructure while

providing connectivity to data and applications on-premises,
including systems running on Windows Server, mainframes and
UNIX.
Bringing all the concepts together

Availability Set - Frontend
VM
VM
VM
VM
VM
VM
Update
Domain
Update
Domain
Update
Domain
Fault Domain
Fault Domain
Fault Domain
Availability Set - Backend
VIRTUAL NETWORK
AFFINITY GROUP
Network Endpoints
foo.cloudapp.net VIP (Virtual IP)
Input Endpoint
VIP: Input Endpoint
Load balanced endpoint. Stable VIP per cloud service.

Single port per endpoint
Supported protocols: HTTP, HTTPS, TCP
Internal Endpoint
Instance-to-instance communication
Supported Protocols: TCP, UDP
Port ranges supported
Communication boundary = Deployment boundary
Internal Endpoint
Port Forwarding Input Endpoints
Virtual Machines
Size of the Virtual Machines
Platform Images
Windows Server 2012 Datacenter
Windows Server 2012 R2
Windows Server 2008 R2 SP1
OpenSUSE
CentOS by Open Logic
Canonical Ubuntu
SUSE Linux Enterprise
Microsoft and Partner Images
Create a Virtual Machine
How to Create a
Windows Azure VM Deployment
Different elements
SCENARIOS
- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Affinity Group
To create an affinity group, open the Settings area

of the Management Portal, click Affinity Groups,
and then click ADD
Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.
Affinity Group Name: name the new affinity group.

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.
Cloud Service
Use Cloud Services to deploy an application as a
cloud service in Windows Azure
URL: enter a subdomain name to use in the
public URL for accessing your cloud service in
production deployments.
Region or Affinity Group: select the geographic
region or affinity group to deploy the cloud
service to.
After creating the Cloud Service, you can upload
a Certificate
Cloud Service
Click Quick Start (the icon to the left of Dashboard) to open the Quick
Start page, shown below. (You can also deploy your cloud service by
using Upload on the dashboard.)
Click either New Production Deployment or New Staging Deployment.
Deployment name: enter a name for the new deployment.

Package: use Browse to select the service package file (.cspkg) to use.
Configuration: use Browse to select the service configure file (.cscfg) to use.
Storage Account
Click Create New, click Storage, and then click
Quick Create
URL: enter a subdomain name to use in the storage
account URL. To access an object in storage,
you will append the object's location to the endpoint.
Region/Affinity Group: select a region or affinity
groupfor the storage. Select an affinity group instead
of a region if you want your storage services to be
in the same data center with other Windows Azure
services thatyou are using.
Geo-replication is enabled by default so that, in the event of a major disaster in the primary location, storage fails over to a
secondary location. A secondary location in the same region is assigned and cannot be changed. After a geo-failover, the
secondary location becomes the primary location for the storage account, and stored data is replicated to a new secondary
location.
Virtual Machine
Click Create New, click Compute, click Virtual Machine
and then From Gallery.
Image: is a template that you use to create a new virtual
machine. An image doesnt have specific settings like a
running virtual machine, such as the computer name and user
account settings. If you use an image to create a virtual
machine, an operating system disk is automatically created
for the new virtual machine.
Disk: is a VHD that you can boot and mount as a running
version of an operating system. After an image is provisioned,
it becomes a disk. A disk is always created when you use an
image to create a virtual machine. Any VHD that is attached
to virtualized hardware and that is running as part of a
service is a disk.
Virtual Machine
Select one image from Platform Images.
Version Release Date: If multiple versions of the image are available,
pick the version you want to use.
Virtual Machine Name: type the name that you want to use for
the virtual machine.
Size: select the size of the virtual machine. The size you should select
depends on the number of cores required to run your application.
New User Name: type a name for the administrative account that you want to use to manage the server.
New Password: type a strong password for the administrative account on the virtual machine. In Confirm Password, retype the
password.
Virtual Machine
Cloud Service: you can place virtual machines together under a cloud service to
provide robust applications,
Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase
letters and numbers. This name becomes part of the URI that is used to contact
the virtual machine through the cloud service. If you selected an existing Cloud
Service, skip this.
Region/Affinity Group/Virtual Network: select where you want to locate the
virtual machine.
Virtual Network Subnets: this option is available if you configure your Virtual
Network before.
Storage Account: you can select a storage account where the VHD file is stored.
Availability Set: create an availability set if needed.
Virtual Machine
Endpoints: new endpoints are created to allow connections

for Remote Desktop and Windows PowerShell remoting.
(Endpoints allow resources on the Internet or other virtual
networks to communicate with a virtual machine.) You can
add more endpoints now, or create them later.
Logon in the Virtual Machine

In Virtual Machines, select the virtual machine.
On the command bar, click Connect.
Configure Network Endpoints

Select the virtual machine that you want to configure and click Endpoints.
Click Add. Choose whether to add the endpoint to a load-balanced set and
then click the arrow to continue.
- In Name, type a name for the endpoint.
- In protocol, specify either TCP or UDP.
- In Public Port and Private Port, type port numbers that you want to use.
These port numbers can be different. The public port is the entry point for
communication from outside of Windows Azure and is used by the Windows
Azure load balancer. You can use the private port and firewall rules on the
virtual machine to redirect traffic in a way that is appropriate for your
application.
- Click Create a load-balancing set if this
endpoint will be the first one in a load-balanced set.
Then, on the Configure the load-balanced set page,
specify a name, protocol, and probe details.
Hybrid Deployments
Extends your Datacenter

Point-to-Site connectivity: connect your Azure Virtual
Network directly with your computers through VPN.
Site-to-Site connectivity: extend your companys
network and connect it to Azure Virtual Machine
Point-to-Site VPN
ADDRESS SPACE: The address space that you want
to assign to cross-premises clients connecting
through a point-to-site connection. Click to configure
and adjust the address space accordingly. Click add
address space to add additional address space.
Address space rules:
Address space must be private
Address space must be a private address range,
specified
in CIDR notation 10.0.0.0/8, 172.16.0.0/12, or
192.168.0.0/16
Cannot overlap other virtual network or local
network sites
Required if you have selected to configure pointto-site connectivity
Point-to-Site VPN
Virtual Network Address Spaces: you will create the private
address space for your new virtual network:
ADDRESS SPACE: The address space for your virtual network.
Click to configure and adjust the address space accordingly.

Click add address space to add additional address space.
Add subnet: The names and IPs for subnets to be created in your
virtual network. Click add subnet to add additional subnets.
Subnet rules:
Subnet IPs must be within the virtual network address space.
You can add multiple subnets to a virtual network.
Subnet IP addresses cannot overlap within the virtual network.
The smallest supported subnet is /29.
Adding a subnet is optional.
Add gateway subnet: Specify the IP addresses to be used for
your virtual network gateway subnet.
You can add one gateway subnet for your virtual network.
Point-to-Site VPN
After clicking the checkmark, your virtual network will begin
to create.
When your virtual network has been created, you will see
Created listed under Status on the networks page in the
Management Portal.
Click Create Gateway, located at the bottom of the
Dashboard page.
A message will appear asking Do you want to create a
gateway for virtual network yournetwork. Click Yes to begin
creating the gateway.
Point-to-Site VPN
Certificates are used to authenticate VPN clients for point-to-site VPNs. You must generate a self-signed root
certificate along with client certificates chained to the self-signed root certificate.
You can then install the client certificates on every client computer that requires connectivity.
Upload the root certificate to Management Portal. Verify that the certificate is in .cer format and that you are
uploading the root certificate and not a chained client certificate. You can upload up to 20 certificates in order to
support multiple certificate chains.
In the Management Portal, on the Certificates page for your virtual network, click Upload a root certificate.
On the Upload Certificate page, browse for the .cer VPN root certificate, and then click the checkmark.
Point-to-Site VPN
Install the client certificate
A client certificate must be installed on every computer that you want to connect to the virtual network. On the
client computer, double-click the .pfx file in order to install it. Enter the password when requested. Do not modify
the installation location.
Once the client certificate has been installed, you can start the VPN client configuration.
Point-to-Site VPN
Now you can download the VPN client to connect your computers to the Virtual Network
Point-to-Site VPN
Start VPN connection from computer
Site-to-Site VPN
On DNS Servers and VPN Connectivity, select
Configure site-to-site VPN.
DNS SERVERS: Enter the DNS server name and IP
address that you want to use for name resolution.
Typically this would be a DNS server that you use for
on-premises name resolution.
This setting does not create a DNS server.
Site-to-Site VPN
On Site-To-Site Connectivity page, specify the VPN Device IP
address that you use for this virtual network and configure
the address space used for your site-to-site connection.
NAME: The name that you want to use to refer to your local
network site.
VPN DEVICE IP ADDRESS: This is the public-facing IPv4
address for your VPN device. Note that the VPN device
cannot be located behind a NAT.
ADDRESS SPACE: The address space that you want to
assign to cross-premises clients connecting through a siteto-site connection.
Click to configure and adjust the address space accordingly.
Click add address space to add additional address space.
Address space rules:
Cannot overlap other virtual network or local network
sites
Required if you have selected to configure site-to-site
connectivity
Site-to-Site VPN
ADDRESS SPACE: The address space for your virtual
network. Address space rules:
Address space must be a private address range (10.0.0.0/8,
172.16.0.0/12 or 192.168.0.0/16)
Cannot overlap other virtual network or local network
sites
add subnet: The names and IPs for subnets to be created in
your virtual network. Subnet rules:
Subnet IPs must be within the virtual network address
space.
You can add multiple subnets to a virtual network.
Subnet IP addresses cannot overlap within the virtual
network.
The smallest supported subnet is /29.
Adding a subnet is optional.
add gateway subnet: Specify the IP addresses to be used for
your virtual
network gateway subnet. You can add one gateway subnet
for your virtual network. Required.
Site-to-Site VPN
After clicking the checkmark, your virtual network will begin to
create.
When your virtual network has been created, you will see
Created listed under Status on the networks page in the
Management Portal.
Click Create Gateway, located at the bottom of the Dashboard
page.
There are two options: Static Routing or Dynamic Routing.
Select Dynamic Routing if you want to use this virtual network
for point-to-site connections in addition to site-to-site.
Note that the Gateway creation it may take up to 15 minutes.
Site-to-Site VPN
After the gateway has been created, youll need to gather
the following information that will be used to configure the
VPN device:
Gateway IP address: is located on the virtual network
DASHBOARD page
Shared key: is located on the virtual network DASHBOARD
page.
Click Manage Key at the bottom of the screen, and then copy
the
key displayed in the dialog box.
VPN device configuration script template: on DASHBOARD
left pane.
Select the vendor, platform, and operating system for your
companys
VPN device.
Site-to-Site VPN
Configure the VPN device: the device that you have selected to use is compatible with virtual network. Check MSDN
article for device compatibility.
To configure the VPN device:
Modify the VPN configuration script. You will configure the following:
Security policies
Incoming tunnel
Outgoing tunnel
Run the modified VPN configuration script to configure your VPN device.
Test your connection
Disks and Storage
VM disk layout
VM disk layout
VM disk layout
Persistent Disk Management

Capability
OS Disk
Data Disk
Host Cache Default ReadWrite
None
Max Capacity
127 GB
1 TB
Imaging Capable
Yes
No
Hot Update
Cache Setting
Requires Reboot
Change Cache Without

Reboot, Add/Remove without
Reboot.
C:\ = OS Disk
D:\ = Non-Persistent Cache Disk
E:\, F:\. G:\ ... Data Disks

Attach an Empty Disk to a VM

Select Virtual Machine and click Attach and select Attach
Empty Disk.
The Virtual Machine Name, Storage Location, File Name,
and Host Cache Preference are already defined for you.
Enter the size that you want for the disk.
All disks are created from a VHD file in Windows Azure storage. You can provide a
name for the VHD file that is added to storage, but Windows Azure generates the
name of the disk automatically.
Add an existing VHD disk to a VM

Select Virtual Machine and click Attach and select Attach Disk.
Select the data disk that you want to attach to the virtual machine
You can upload and attach a data disk that already contains data to the
virtual machine. The virtual machine is not stopped to add the disk.
You are limited in the number of disks that you can attach to a virtual
machine based on the size of the machine.
Monitoring VMs
Configure monitoring for cloud services

Select the Cloud Service and MONITOR tab.
- Add Metrics and select your metric for the source
VM
Configure Rules (alerts)

Select the Cloud Service, MONITOR tab and click in a
Metric.
Add Rule and define the alert options and conditions
Monitoring metrics available

Cloud Services
- Monitoring metrics from the cloud service host operating system
- Performance counters collected from the cloud service guest virtual machine
- Web endpoint status metrics
Virtual Machines
- Monitoring metrics from the virtual machine host operating system
- Web endpoint status metrics
Web Sites
- Web site alert rules on monitoring metrics from web site endpoint status.
Mobile Services
- Mobile service alert rules on monitoring metrics from mobile endpoint status.
Create a Virtual Machine Environment
System Center Integration
System Center integration

Connect App Controller to a Windows Azure subscription
- On the Clouds page, click Connect and then click Windows Azure Subscription.
- In the Connect dialog box, enter a name for this subscription. This name is displayed in the Name column
of the Clouds page.
- Add an optional description in the Description text box.
- In the Subscription ID field, enter the subscription ID for this connection. The Windows Azure subscription
ID is a GUID and can be found in the Windows Azure Management Portal.
- To import the required management certificate, select the Personal Information Exchange (.pfx) file for the
public key you uploaded to Windows Azure and enter the password for the certificate.
- Click OK to create the connection.
Integration
Azure
App
Controller
Portal
Service
Manager
Service
Manager
Portal
CMDB
SM Data
Warehouse
Integration
Pack
CI Connector
Active
Directory
OM Data
Warehouse
Orchestrator
Virtual
Machine
Manager
VMM/OM Integration
Hyper-V
Operations
Manager
Reporting
Data
Windows Azure Pack
Customers
IT Admin
Windows Azure
Customers
IT Admin
In your datacenter
Customers
IT Admin
In your datacenter
Customers
IT Admin
Windows
Azure
Pack
Tenant experience
Homepage
Customer
ONE
Microsoft
Consistent
Platform
Service
Provider
Tenant experience
Dashboard
Customer
ONE
Microsoft
Consistent
Platform
Service
Provider
Resources
Study Reference Links

Windows Azure Portal
http://www.windowsazure.com
Start your Azure Trial
http://www.windowsazure.com/en-us/pricing/free-trial
Windows Azure SLA
http://www.microsoft.com/windowsazure/sla
Introduction To Windows Azure Training
http://www.microsoftvirtualacademy.com/training-courses/introduction-to-windows-azure
Windows Azure - MSDN Blogs

http://blogs.msdn.com/b/windowsazure
Study Reference Links

Windows Azure Training Kit
http://www.microsoft.com/en-us/download/details.aspx?id=8396
Hybrid Networking Offerings in Windows Azure
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz
Windows Azure Active Directory
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309
Windows Azure DOCUMENTATION
http://www.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=it-it
Partner Services Contact Information
http://aka.ms/mpnsupport
latampts@microsoft.com
http://aka.ms/supportcommunities
Thank you!
latampts@microsoft.com
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for
informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION.

Day 5 - Build Your Hybrid Infrastructure On Windows Azure IaaS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Day 5 - Build Your Hybrid Infrastructure On Windows Azure IaaS

Uploaded by

Copyright:

Available Formats

Cloud OS: Build your

infrastructure on Windows Azure

Microsoft Partner Network Internal Use Only

About Your Presenter

Consultor de infraestrutura desde 2005

About Your Presenter

15 anos de experincia em TI e telecomunicaes

Microsoft Partner Network Internal Use Only

Roadmap Microsoft Cloud OS

Microsoft Partner Network Internal Use Only

Cloud OS Building Blocks Sessions

Cloud OS Implementao e Configurao de Failover Cluster no Windows 2012 R2

CloudOS - Atualizao e preparao do Active Directory para o CloudOS

Cloud OS - Construa a sua infraestrutura hbrida com Windows Azure IaaS

Cloud OS Migrao de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure

Cloud OS - Construo de solues: System Center 2012 R2

Microsoft Partner Network Internal Use Only

Microsoft Partner Network Internal Use Only

Windows Azure IaaS: Concepts

Microsoft Partner Network Internal Use Only

Evolving Hosting Options

47 percent of new apps are onpremises

98 percent of large organizations

20 percent of organizations have

Majority of new cloud apps are Product

About 16 percent of new apps qualify

What is Windows Azure IaaS?

Microsoft Partner Network Internal Use Only

Cloud Services, Roles and Instances

networking and service model boundary

Microsoft Partner Network Internal Use Only

Microsoft Partner Network Internal Use Only

infrastructure when you need to quickly provision resources to

Virtual Machines and Cloud Services

Microsoft Partner Network Internal Use Only

Fault Domains and Update Domains

Represent groups of resources anticipated to fail

i.e. Same rack, same server

Windows Azure Fabric spreads instances across fault at

least 2 fault domains

Represents groups of resources that will be updated

Fabric spreads role instances across Update

Domains and Fault Domains

Microsoft Partner Network Internal Use Only

Queue services located in a geographic region.

Microsoft Partner Network Internal Use Only

Azure and securely connect it to your on-premises datacenter or a

Virtual Network makes it easy for you to take advantage of

Windows Azures scalable, on-demand infrastructure while

Microsoft Partner Network Internal Use Only

Bringing all the concepts together

Availability Set - Backend

Load balanced endpoint. Stable VIP per cloud service.

Port Forwarding Input Endpoints

Microsoft Partner Network Internal Use Only

Microsoft Partner Network Internal Use Only

Size of the Virtual Machines

Microsoft Partner Network Internal Use Only

Microsoft and Partner Images

Microsoft Partner Network Internal Use Only

Create a Virtual Machine

Microsoft Partner Network Internal Use Only

Microsoft Partner Network Internal Use Only