Day 5 - Build Your Hybrid Infrastructure on Windows Azure IaaS

7/25/2019 Day 5 - Build Your Hybrid Infrastructure on Windows Azure IaaS

1/83

Microsoft Partner Network Internal Use Only

Cloud OS: Build yourinfrastructure on Windows AzureIaaS

Wesley FernandesPartner Technical Consultant

[email protected]


2/83

About Your Presenter

Wesley Fernandes Vieira

Partner Technical [email protected] - [email protected]

Consultor de infraestrutura desde 2005

Desde 2008 como consultor na Microsoft (MCS)

Desde 2012 como Partner Technical Consultant

Especialista em Datacenter
mailto:[email protected]:[email protected]:[email protected]:[email protected]


3/83

About Your Presenter

Alfredo Fortenboher

Partner Technical [email protected] [email protected]

15 anos de experincia em TI e telecomunicaes

Desde 2006 na Microsoft

Desde 2013 como Partner Technical Consultant

Especialista em Datacenter
mailto:[email protected]:[email protected]:[email protected]:[email protected]


4/83


Sessions tools

Content download

Shared Notes

Feedback


5/83Microsoft Partner Network Internal Use Only

Roadmap Microsoft Cloud OS

Microsoft Cloud OS

There are more apps, more devices, and now,more data than ever all driven by the riseof cloud computing and the use of cloudservices. With these technologies playing an

ever present role in businesses, how can ITdrive more efficiency and deliver new forms of

value? Microsofts answer is the Cloud OS.


6/83Microsoft Partner Network Internal Use Only

Cloud OS Building Blocks Sessions

Date Title

Live sessions27 Jan Cloud OS Implementao e Configurao de Failover Cluster no Windows 2012 R2

03 Fev CloudOS - Atualizao e preparao do Active Directory para o CloudOS

10 Fev Cloud OS - Construa a sua infraestrutura hbrida com Windows Azure IaaS

17 Fev Cloud OS Migrao de infraestrutura de plataformas de terceiros para Hyper-V e Wind

On-Demand sessions

Cloud OS - Construo de solues: Windows Server 2012 R2 StorageCloud OS - Construo de solues: System Center 2012 R2

Cloud OS - Virtual Machine Manager, Service Templates


7/83


Agenda

Agenda

Windows AzureIaaS: Concepts

In this session we aregoing to present how to

extend the corporateinfrastructure in a HybridCloud scenario by usingWindows Azure IaaScapabilities.

Windows Azure IaaS

Virtual MachinesHow to Create a

Windows Azure VM

Cloud OSDisk and Storage Monitoring VMs Resources


8/83


Windows Azure IaaS: Concepts


9/83

47 percent of new apps are on-premises

88 percent of sockets in corporate datacenter

98 percent of large organizationshave some degree of virtualization

20 percent of organizations haveprivate clouds

Majority of cloud growth is IaaS

Majority of new cloud apps are Productas a Service (PaaS)

Most efficient model for clouddevelopment

Evolving Hosting Options


10/83


What is Windows Azure IaaS?

Infrastructure Services are the lower level of building blocks

Virtual Machines

Cloud Services

Virtual Networks


11/83


Cloud Service is a management, configuration, securinetworking and service model boundary

Cloud Services, Roles and Instances


12/83


Virtual Machines are roles with exactly one instance

Virtual Machines


13/83


Virtual Machines

Virtual Machines: deliver on-demand, scalable compu

infrastructure when you need to quickly provision resomeet your growing business needs.With Virtual Machines, you get choice of Windows SeLinux operating systems in multiple configurations on trustworthy Windows Azure foundation.

- Provision compute infrastructure at the pace your busin

- Enterprise grade support with enterprise ready product

- Use the tools you know and be ready for tomorrow

- Monitor, alert and auto scale


14/83


Multiple Virtual Machines can be hosted within the saservice

Virtual Machines and Cloud Services


15/83


Fault Domains Represent groups of resources anticipated to fail

together i.e. Same rack, same server

Windows Azure Fabric spreads instances across fault atleast 2 fault domains

Update Domains Represents groups of resources that will be updated

together Host OS updates honour service update domains

Specified in service definition

Default of 5 (up to 20)

Fabric spreads role instances across Update

Domains and Fault Domains

Fault Domains and Update Domains


16/83


Gives your applications access to Windows Azure Blob

Queue services located in a geographic region. The storage account represents the highest level of th

namespace for accessing the storage services. A storage account can contain more than 99TB of blo

and table data.

You can create many storage accounts for your Windosubscription.

Storage Accounts


17/83


Affinity Groups

Closely locate your compute,network and storage resources in

the same datacenter

Get better performance

Get lower latency

Reduce egress costs


18/83


Enables you to create a logically isolated section in W

Azure and securely connect it to your on-premises dasingle client machine using an IPsec connection.

Virtual Network makes it easy for you to take advantaWindows Azures scalable, on-demand infrastructure wproviding connectivity to data and applications on-preincluding systems running on Windows Server, mainfrUNIX.

Virtual Networks


19/83


Bringing all the concepts together

AFFINITY GROUP

VIRTUAL NETWORK

Availability Set - Frontend

Availability Set -Backend

Fault Domain Fault Domain Fault Domain

UpdateDomain

UpdateDomain

UpdateDomain

VM VM VM

VM VM VM


20/83


Network Endpoints

VIP: Input Endpoint

Internal Endpoint

Load balanced endpoint. Stable VIP per clo

Single port per endpoint

Supported protocols: HTTP, HTTPS, TCP

Input Endpoint

Instance-to-instance communication

Supported Protocols: TCP, UDP

Port ranges supported

Communication boundary = Deployment b

Internal Endpoint

foo.cloudapp.net VIP (Virtual IP)


21/83


Port Forwarding Input Endpoints


22/83


Virtual Machines


23/83


Size of the Virtual Machines

l f


24/83


Platform Images

Windows Server 2012 DatacenterWindows Server 2012 R2Windows Server 2008 R2 SP1

OpenSUSECentOS by Open LogicCanonical UbuntuSUSE Linux Enterprise

Mi f d P I


25/83


Microsoft and Partner Images


26/83


Create a Virtual Machine


27/83


How to Create aWindows Azure VM Deployme

Diff t l t


28/83


Different elements

SCENARIOS

Azure deployment

Create an AFFINITY GROUP

- Create a CLOUD SERVICE- Create a VIRTUAL NETWORK

- Create a STORAGE ACCOUNT

- Create VIRTUAL MACHINES

Affi it G


29/83


To create an affinity group, open the Settings areaof the Management Portal, click Affinity Groups,and then click ADD

Affinity Group

Vi t l N t k


30/83


Virtual Network

To create a Virtual Network, click in the lower left-

hand corner of the screen, click New. In thenavigation pane, click Networks, and then clickVirtual Network. Click Custom Create to begin theconfiguration

Name: name your virtual network.

Affinity Group: from the drop-down list, select Cgroup or select one created before.

Affinity groups are a way to physically group Wintogether at the same data center to increase perfvirtual network can be assigned an affinity group

Region: from the drop-down list, select the desirnetwork will be created at a datacenter located in

Affinity Group Name: name the new affinity gro

Vi t al Net o k


31/83


Virtual Network

DNS Servers: (optional) enter the DNS server nameand IP address that you want to use. This setting doesnot create a DNS server, it refers to an alreadyexisting DNS server.

Virtual Network Address Spaces: enter thefollowing info and then click the checkmark on thelower right to configure your network. Address space

must be a private address range, 10.0.0.0/8,172.16.0.0/12, or 192.168.0.0/16:

Address Space: click CIDR in the upper right cornerto modify.

Add subnet: add subnets as needed.

Cloud Service


32/83


Cloud Service

Use Cloud Services to deploy an application as acloud service in Windows Azure

URL: enter a subdomain name to use in thepublic URL for accessing your cloud service inproduction deployments.

Region or Affinity Group: select the geographicregion or affinity group to deploy the cloud

service to.

After creating the Cloud Service, you can uploada Certificate

Cloud Service


33/83


Cloud Service

Click Quick Start (the icon to the left of Dashboard) to open the QuickStart page, shown below. (You can also deploy your cloud service byusing Upload on the dashboard.)

Click either New Production Deployment or New Staging Deployment.

Deployment name: enter a name for the new deployment.

Package: use Browse to select the service package file (.cspkg)

Configuration: use Browse to select the service configure file

Storage Account


34/83


Click Create New, click Storage, and then clickQuick Create

URL: enter a subdomain name to use in the storageaccount URL. To access an object in storage,you will append the object's location to the endpoint.

Region/Affinity Group: select a region or affinitygroupfor the storage. Select an affinity group insteadof a region if you want your storage services to bein the same data center with other Windows Azureservices thatyou are using.

Geo-replication is enabled by default so that, in the event of a major disaster in the primary location, stosecondary location. A secondary location in the same region is assigned and cannot be changed. After a secondary location becomes the primary location for the storage account, and stored data is replicated tlocation.

Storage Account

Virtual Machine


35/83


Virtual Machine

Click Create New, click Compute, click Virtual Machine

and then From Gallery.

Image: is a template that you use to create a new virtualmachine. An image doesnt have specific settings like arunning virtual machine, such as the computer name and useraccount settings. If you use an image to create a virtualmachine, an operating system disk is automatically createdfor the new virtual machine.

Disk: is a VHD that you can boot and mount as a runningversion of an operating system. After an image is provisioned,it becomes a disk. A disk is always created when you use animage to create a virtual machine. Any VHD that is attachedto virtualized hardware and that is running as part of aservice is a disk.

Virtual Machine


36/83


Virtual Machine

Select one image from Platform Images.

Version Release Date: If multiple versions of the image are available,pick the version you want to use.

Virtual Machine Name: type the name that you want to use forthe virtual machine.

Size: select the size of the virtual machine. The size you should selectdepends on the number of cores required to run your application.

New User Name: type a name for the administrative account that you want to use to manage the server

New Password: type a strong password for the administrative account on the virtual machine. In Confirmpassword.

Virtual Machine


37/83


Virtual Machine

Cloud Service: you can place virtual machines together under a cloud service toprovide robust applications,

Cloud Service DNS Name: type a name that uses between 3 and 24 lowercaseletters and numbers. This name becomes part of the URI that is used to contactthe virtual machine through the cloud service. If you selected an existing CloudService, skip this.

Region/Affinity Group/Virtual Network: select where you want to locate thevirtual machine.

Virtual Network Subnets: this option is available if you configure your VirtualNetwork before.

Storage Account: you can select a storage account where the VHD file is stored.

Availability Set: create an availability set if needed.

Virtual Machine


38/83


Virtual Machine

Endpoints: new endpoints are created to allow connectionsfor Remote Desktop and Windows PowerShell remoting.(Endpoints allow resources on the Internet or other virtualnetworks to communicate with a virtual machine.) You canadd more endpoints now, or create them later.

Logon in the Virtual Machine


39/83


Logon in the Virtual Machine

In Virtual Machines, select the virtual machine.

On the command bar, click Connect.

Configure Network Endpoints


40/83


Select the virtual machine that you want to configure and click Endpoints.

Click Add. Choose whether to add the endpoint to a load-balanced set and

then click the arrow to continue.

- In Name, type a name for the endpoint.

- In protocol, specify either TCP or UDP.

- In Public Port and Private Port, type port numbers that you want to use.These port numbers can be different. The public port is the entry point forcommunication from outside of Windows Azure and is used by the Windows

Azure load balancer. You can use the private port and firewall rules on thevirtual machine to redirect traffic in a way that is appropriate for yourapplication.

- Click Create a load-balancing set if thisendpoint will be the first one in a load-balanced set.Then, on the Configure the load-balanced set page,specify a name, protocol, and probe details.

Configure Network Endpoints


41/83


Hybrid Deployments

Extends your Datacenter


42/83


Extends your Datacenter

Point-to-Site connectivity: connect your Azure VirtualNetwork directly with your computers through VPN.

Site-to-Site connectivity: extend your companysnetwork and connect it to Azure Virtual Machine

Point-to-Site VPN


43/83


ADDRESS SPACE: The address space that you wantto assign to cross-premises clients connectingthrough a point-to-site connection. Click to configure

and adjust the address space accordingly. Click addaddress space to add additional address space.

Address space rules:

Address space must be private

Address space must be a private address range,specified

in CIDR notation 10.0.0.0/8, 172.16.0.0/12, or192.168.0.0/16

Cannot overlap other virtual network or localnetwork sites

Required if you have selected to configure point-to-site connectivity

Point to Site VPN

Point-to-Site VPN


44/83


Virtual Network Address Spaces: you will create the privateaddress space for your new virtual network:

ADDRESS SPACE: The address space for your virtual network.

Click to configure and adjust the address space accordingly.Click add address space to add additional address space.

Add subnet: The names and IPs for subnets to be created in yourvirtual network. Click add subnet to add additional subnets.Subnet rules:

Subnet IPs must be within the virtual network address space. You can add multiple subnets to a virtual network. Subnet IP addresses cannot overlap within the virtual network. The smallest supported subnet is /29. Adding a subnet is optional.

Add gateway subnet: Specify the IP addresses to be used foryour virtual network gateway subnet.You can add one gateway subnet for your virtual network.

Point to Site VPN

Point-to-Site VPN


45/83


After clicking the checkmark, your virtual network will beginto create.When your virtual network has been created, you will see

Created listed under Status on the networks page in theManagement Portal.

Click Create Gateway, located at the bottom of theDashboard page.A message will appear asking Do you want to create agateway for virtual network yournetwork. Click Yes to begincreating the gateway.

Point to Site VPN

Point-to-Site VPN


46/83


Certificates are used to authenticate VPN clients for point-to-site VPNs. You must generate a self-signed certificate along with client certificates chained to the self-signed root certificate.You can then install the client certificates on every client computer that requires connectivity.

Upload the root certificate to Management Portal. Verify that the certificate is in .cer format and that youuploading the root certificate and not a chained client certificate. You can upload up to 20 certificates in support multiple certificate chains.

In the Management Portal, on the Certificates page for your virtual network, click Upload a root certificat

On the Upload Certificate page, browse for the .cer VPN root certificate, and then click the checkmark.

Point to Site VPN

Point-to-Site VPN


47/83


Point to Site VPN

Install the client certificate

A client certificate must be installed on every computer that you want to connect to the virtual networclient computer, double-click the .pfx file in order to install it. Enter the password when requested. Do the installation location.

Once the client certificate has been installed, you can start the VPN client configuration.

Point-to-Site VPN


48/83


Now you can download the VPN client to connect your computers to the Virtual Network

Point-to-Site VPN


49/83


Start VPN connection from computer

Site-to-Site VPN


50/83


On DNS Servers and VPN Connectivity, select

Configure site-to-site VPN.

DNS SERVERS: Enter the DNS server name and IPaddress that you want to use for name resolution.Typically this would be a DNS server that you use foron-premises name resolution.This setting does not create a DNS server.

Site-to-Site VPN


51/83


On Site-To-Site Connectivity page, specify the VPN Device IPaddress that you use for this virtual network and configurethe address space used for your site-to-site connection.

NAME: The name that you want to use to refer to your localnetwork site.

VPN DEVICE IP ADDRESS: This is the public-facing IPv4address for your VPN device. Note that the VPN devicecannot be located behind a NAT.

ADDRESS SPACE: The address space that you want toassign to cross-premises clients connecting through a site-

to-site connection.Click to configure and adjust the address space accordingly.Click add address space to add additional address space.Address space rules:

Cannot overlap other virtual network or local networksites

Required if you have selected to configure site-to-siteconnectivity

Site-to-Site VPN


52/83


ADDRESS SPACE: The address space for your virtualnetwork. Address space rules:

Address space must be a private address range (10.0.0.0/8,172.16.0.0/12 or 192.168.0.0/16)

Cannot overlap other virtual network or local networksites

add subnet: The names and IPs for subnets to be created inyour virtual network. Subnet rules:

Subnet IPs must be within the virtual network addressspace.

You can add multiple subnets to a virtual network.

Subnet IP addresses cannot overlap within the virtualnetwork. The smallest supported subnet is /29. Adding a subnet is optional.

add gateway subnet: Specify the IP addresses to be used foryour virtualnetwork gateway subnet. You can add one gateway subnetfor your virtual network. Required.

Site-to-Site VPN


53/83


After clicking the checkmark, your virtual network will begin tocreate.When your virtual network has been created, you will see

Created listed under Status on the networks page in theManagement Portal.

Click Create Gateway, located at the bottom of the Dashboardpage.

There are two options: Static Routing or Dynamic Routing.Select Dynamic Routing if you want to use this virtual networkfor point-to-site connections in addition to site-to-site.

Note that the Gateway creation it may take up to 15 minutes.

Site-to-Site VPN


54/83


After the gateway has been created, youll need to gatherthe following information that will be used to configure theVPN device:

Gateway IP address: is located on the virtual networkDASHBOARD page

Shared key: is located on the virtual network DASHBOARDpage.Click Manage Key at the bottom of the screen, and then copythekey displayed in the dialog box.

VPN device configuration script template: on DASHBOARDleft pane.Select the vendor, platform, and operating system for yourcompanysVPN device.

Site-to-Site VPN


55/83


Configure the VPN device: the device that you have selected to use is compatible with virtual network. article for device compatibility.

To configure the VPN device:

Modify the VPN configuration script. You will configure the following: Security policies Incoming tunnel Outgoing tunnel

Run the modified VPN configuration script to configure your VPN device.

Test your connection
http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspxhttp://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspxhttp://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspxhttp://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx


56/83


Disks and Storage

VM disk layout


57/83


VM disk layout


58/83


VM disk layout


59/83


Persistent Disk Management


60/83


C:\ = OS Disk

D:\ = Non-Persistent Cache Disk

E:\, F:\. G:\ ... Data Disks

Capability OS Disk Data Disk

Host Cache Default ReadWrite None

Max Capacity 127 GB 1 TB

Imaging Capable Yes No

Hot Update Cache SettingRequires Reboot

Change Cache WithouReboot, Add/Remove

Reboot.

Attach an Empty Disk to a VM


61/83


Select Virtual Machine and click AttaEmpty Disk.

The Virtual Machine Name, Storagand Host Cache Preference are alreEnter the size that you want for the

All disks are created from a VHD file in Windows Azure storage. You can provide aname for the VHD file that is added to storage, but Windows Azure generates thename of the disk automatically.

Add an existing VHD disk to a VM


62/83


Select Virtual Machine and click Attach and

Select the data disk that you want to attach

You can upload and attach a data disk that already contains data to thevirtual machine. The virtual machine is not stopped to add the disk.You are limited in the number of disks that you can attach to a virtualmachine based on the size of the machine.


63/83


Monitoring VMs

Configure monitoring for cloud services


64/83


Select the Cloud Service and MONITORtab.

- Add Metrics and select your metric for the sourceVM

Configure Rules (alerts)


65/83


Select the Cloud Service, MONITORtab and click in a

Metric.

Add Rule and define the alert options and conditions

Monitoring metrics available


66/83


Cloud Services

- Monitoring metrics from the cloud service host operating system- Performance counters collected from the cloud service guest virtual machine- Web endpoint status metrics

Virtual Machines- Monitoring metrics from the virtual machine host operating system- Web endpoint status metrics

Web Sites- Web site alert rules on monitoring metrics from web site endpoint status.

Mobile Services- Mobile service alert rules on monitoring metrics from mobile endpoint status.


67/83


Create a Virtual Machine Environment


68/83


System Center Integration

System Center integration


69/83


Connect App Controller to a Windows Azure subscription

- On the Clouds page, click Connect and then click Windows Azure Subscription.- In the Connect dialog box, enter a name for this subscription. This name is displayed in thof the Clouds page.- Add an optional description in the Description text box.- In the Subscription ID field, enter the subscription ID for this connection. The Windows AID is a GUID and can be found in the Windows Azure Management Portal.- To import the required management certificate, select the Personal Information Exchange

public key you uploaded to Windows Azure and enter the password for the certificate.- Click OKto create the connection.

Azure

Integration


70/83


Service

Manager

Service

Manager

Portal

CMDB

App

Controller

Portal

Hyper-V

S

W

O

WOrchestrator

Operations

Manager

Virtual

Machine

Manager

Active

DirectoryCI Connector

VMM/OM Integration

Integration

Pack

Reportin

Data


71/83


Windows Azure Pack


72/83

Windows Azure

IT Admin

Customers


73/83

IT Admin

In your datacenter


74/83

IT Admin

In your datacenter


75/83

Windows

AzurePack

IT Admin

Tenant experienceHomepage


76/83

Customer

ServiceProviderMicrosoft

ConsistentPlatform

ONE

Homepage

Tenant experienceDashboard


77/83

Customer

ServiceProviderMicrosoft

ConsistentPlatform

ONE

Dashboard


78/83


Resources

Study Reference Links


79/83


Windows Azure Portalhttp://www.windowsazure.com

Start your Azure Trialhttp://www.windowsazure.com/en-us/pricing/free-trial

Windows Azure SLAhttp://www.microsoft.com/windowsazure/sla

Introduction To Windows Azure Traininghttp://www.microsoftvirtualacademy.com/training-courses/introduction-to-windows-azure

Windows Azure - MSDN Blogshttp://blogs.msdn.com/b/windowsazure

Study Reference Links
http://www.windowsazure.com/http://www.windowsazure.com/en-us/pricing/free-trialhttp://www.windowsazure.com/en-us/pricing/free-trialhttp://www.microsoft.com/windowsazure/slahttp://www.microsoftvirtualacademy.com/training-courses/introduction-to-windows-azurehttp://www.microsoftvirtualacademy.com/training-courses/introduction-to-windows-azurehttp://blogs.msdn.com/b/windowsazurehttp://blogs.msdn.com/b/windowsazurehttp://blogs.msdn.com/b/windowsazurehttp://www.microsoftvirtualacademy.com/training-courses/introduction-to-windows-azurehttp://www.microsoft.com/windowsazure/slahttp://www.windowsazure.com/en-us/pricing/free-trialhttp://www.windowsazure.com/


80/83


Windows Azure Training Kithttp://www.microsoft.com/en-us/download/details.aspx?id=8396

Hybrid Networking Offerings in Windows Azurehttp://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz

Windows Azure Active Directoryhttp://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309

Windows Azure DOCUMENTATIONhttp://www.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=it-it

Partner Services Contact Information
http://www.microsoft.com/en-us/download/details.aspx?id=8396http://www.microsoft.com/en-us/download/details.aspx?id=8396http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYszhttp://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYszhttp://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309http://www.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=it-ithttp://www.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=it-ithttp://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYszhttp://www.microsoft.com/en-us/download/details.aspx?id=8396


81/83

http://aka.ms/mpnsupport [email protected] http://aka.ms/s
http://aka.ms/mpnsupportmailto:[email protected]://aka.ms/supportcommunitieshttp://aka.ms/supportcommunitiesmailto:[email protected]://aka.ms/mpnsupport


82/83

2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be re gistered trademarks and/or trademarks in the U.S. and/or other co

informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must respond to changing market conditions, it should

the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR ST

THIS PRESENTATION.

Thank [email protected]
mailto:[email protected]:[email protected]


83/83

Day 5 - Build Your Hybrid Infrastructure on Windows Azure IaaS

Documents

Transcript of Day 5 - Build Your Hybrid Infrastructure on Windows Azure IaaS