You are on page 1of 83

Cloud OS: Build your

infrastructure on Windows Azure
IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com

Microsoft Partner Network – Internal Use Only

About Your Presenter
Wesley Fernandes Vieira
Partner Technical Consultant
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com



Consultor de infraestrutura desde 2005
Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter

About Your Presenter
Alfredo Fortenboher
Partner Technical Consultant
alforten@microsoft.com - latampts@microsoft.com



15 anos de experiência em TI e telecomunicações
Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter

Sessions tools

Feedback
Content download
Shared Notes

Microsoft Partner Network – Internal Use Only

more devices. and now. how can IT drive more efficiency and deliver new forms of value? Microsoft’s answer is the Cloud OS. Microsoft Partner Network – Internal Use Only . With these technologies playing an ever present role in businesses.Roadmap Microsoft Cloud OS Microsoft Cloud OS There are more apps. more data than ever — all driven by the rise of cloud computing and the use of cloud services.

Construa a sua infraestrutura híbrida com Windows Azure IaaS 17 Fev Cloud OS – Migração de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure On-Demand sessions Cloud OS .Cloud OS Building Blocks Sessions Date Title Live sessions 27 Jan Cloud OS – Implementação e Configuração de Failover Cluster no Windows 2012 R2 03 Fev CloudOS .Construção de soluções: Windows Server 2012 R2 Storage Cloud OS .Construção de soluções: System Center 2012 R2 Cloud OS . Service Templates Microsoft Partner Network – Internal Use Only .Atualização e preparação do Active Directory para o CloudOS 10 Fev Cloud OS .Virtual Machine Manager.

Windows Azure IaaS: Concepts Virtual Machines How to Create a Windows Azure VM Hybrid Deployment DiskCloud and Storage OS Monitoring VMs Resources Demos Microsoft Partner Network – Internal Use Only .Agenda Agenda Windows Azure IaaS In this session we are going to present how to extend the corporate infrastructure in a Hybrid Cloud scenario by using Windows Azure IaaS capabilities.

Windows Azure IaaS: Concepts Microsoft Partner Network – Internal Use Only .

there are on-premises SaaS apps . not hosting model.Evolving Hosting Options  47 percent of new apps are onpremises  88 percent of sockets in corporate data center  98 percent of large organizations have some degree of virtualization  20 percent of organizations have private clouds  Majority of cloud growth is IaaS  Majority of new cloud apps are Product as a Service (PaaS)  Most efficient model for cloud development  About 16 percent of new apps qualify as Software as a Service (SaaS)  Business model.

What is Windows Azure IaaS? Infrastructure Services are the lower level of building blocks Virtual Machines Cloud Services Virtual Networks Microsoft Partner Network – Internal Use Only .

networking and service model boundary Microsoft Partner Network – Internal Use Only . security. configuration.Cloud Services. Roles and Instances • Cloud Service is a management.

Virtual Machines • Virtual Machines are roles with exactly one instance Microsoft Partner Network – Internal Use Only .

you get choice of Windows Server and Linux operating systems in multiple configurations on top of the trustworthy Windows Azure foundation.Monitor.Use the tools you know and be ready for tomorrow .Virtual Machines • Virtual Machines: deliver on-demand. alert and auto scale Microsoft Partner Network – Internal Use Only .Provision compute infrastructure at the pace your business requires .Enterprise grade support with enterprise ready products . scalable compute infrastructure when you need to quickly provision resources to meet your growing business needs. With Virtual Machines. .

Virtual Machines and Cloud Services • Multiple Virtual Machines can be hosted within the same cloud service Microsoft Partner Network – Internal Use Only .

Fault Domains and Update Domains • Fault Domains • Represent groups of resources anticipated to fail together • i.e. same server • Windows Azure Fabric spreads instances across fault at least 2 fault domains • Update Domains • Represents groups of resources that will be updated together • Host OS updates honour service update domains • Specified in service definition • Default of 5 (up to 20) • Fabric spreads role instances across Update Domains and Fault Domains Microsoft Partner Network – Internal Use Only . Same rack.

queue.Storage Accounts • Gives your applications access to Windows Azure Blob. • A storage account can contain more than 99TB of blob. Table. • You can create many storage accounts for your Windows Azure subscription. and table data. and Queue services located in a geographic region. • The storage account represents the highest level of the namespace for accessing the storage services. Microsoft Partner Network – Internal Use Only .

Affinity Groups Closely locate your compute. network and storage resources in the same datacenter Get better performance Get lower latency Reduce egress costs Microsoft Partner Network – Internal Use Only .

• Virtual Network makes it easy for you to take advantage of Windows Azure’s scalable. Microsoft Partner Network – Internal Use Only .Virtual Networks • Enables you to create a logically isolated section in Windows Azure and securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. mainframes and UNIX. on-demand infrastructure while providing connectivity to data and applications on-premises. including systems running on Windows Server.

Backend VIRTUAL NETWORK AFFINITY GROUP Microsoft Partner Network – Internal Use Only .Bringing all the concepts together Availability Set .Frontend VM VM VM VM VM VM Update Domain Update Domain Update Domain Fault Domain Fault Domain Fault Domain Availability Set .

HTTPS. UDP Port ranges supported Communication boundary = Deployment boundary Internal Endpoint Microsoft Partner Network – Internal Use Only .net  VIP (Virtual IP) Input Endpoint VIP: Input Endpoint Load balanced endpoint. Single port per endpoint Supported protocols: HTTP. TCP Internal Endpoint Instance-to-instance communication Supported Protocols: TCP.Network Endpoints foo. Stable VIP per cloud service.cloudapp.

Port Forwarding Input Endpoints Microsoft Partner Network – Internal Use Only .

Virtual Machines Microsoft Partner Network – Internal Use Only .

Size of the Virtual Machines Microsoft Partner Network – Internal Use Only .

Platform Images Windows Server 2012 Datacenter Windows Server 2012 R2 Windows Server 2008 R2 SP1 OpenSUSE CentOS by Open Logic Canonical Ubuntu SUSE Linux Enterprise Microsoft Partner Network – Internal Use Only .

Microsoft and Partner Images Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Microsoft Partner Network – Internal Use Only .

How to Create a Windows Azure VM Deployment Microsoft Partner Network – Internal Use Only .

Different elements
SCENARIOS

- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Microsoft Partner Network – Internal Use Only

Affinity Group

To create an affinity group, open the Settings area
of the Management Portal, click Affinity Groups,
and then click ADD

Microsoft Partner Network – Internal Use Only

Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.

Affinity Group Name: name the new affinity group.
Microsoft Partner Network – Internal Use Only

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.

Microsoft Partner Network – Internal Use Only

Cloud Service Use Cloud Services to deploy an application as a cloud service in Windows Azure URL: enter a subdomain name to use in the public URL for accessing your cloud service in production deployments. After creating the Cloud Service. Region or Affinity Group: select the geographic region or affinity group to deploy the cloud service to. you can upload a Certificate Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . Configuration: use Browse to select the service configure file (. Deployment name: enter a name for the new deployment.cspkg) to use. Package: use Browse to select the service package file (.Cloud Service Click Quick Start (the icon to the left of Dashboard) to open the Quick Start page.cscfg) to use. (You can also deploy your cloud service by using Upload on the dashboard.) Click either New Production Deployment or New Staging Deployment. shown below.

To access an object in storage. After a geo-failover. and stored data is replicated to a new secondary location.Storage Account Click Create New. the secondary location becomes the primary location for the storage account. storage fails over to a secondary location. in the event of a major disaster in the primary location. Select an affinity group instead of a region if you want your storage services to be in the same data center with other Windows Azure services thatyou are using. Region/Affinity Group: select a region or affinity groupfor the storage. click Storage. and then click Quick Create URL: enter a subdomain name to use in the storage account URL. A secondary location in the same region is assigned and cannot be changed. you will append the object's location to the endpoint. Geo-replication is enabled by default so that. Microsoft Partner Network – Internal Use Only .

Image: is a template that you use to create a new virtual machine. After an image is provisioned. If you use an image to create a virtual machine. click Virtual Machine and then From Gallery.Virtual Machine Click Create New. an operating system disk is automatically created for the new virtual machine. Microsoft Partner Network – Internal Use Only . Any VHD that is attached to virtualized hardware and that is running as part of a service is a disk. such as the computer name and user account settings. click Compute. A disk is always created when you use an image to create a virtual machine. An image doesn’t have specific settings like a running virtual machine. Disk: is a VHD that you can boot and mount as a running version of an operating system. it becomes a disk.

In Confirm Password. pick the version you want to use. Virtual Machine Name: type the name that you want to use for the virtual machine. retype the password.Virtual Machine Select one image from Platform Images. Microsoft Partner Network – Internal Use Only . Version Release Date: If multiple versions of the image are available. New Password: type a strong password for the administrative account on the virtual machine. The size you should select depends on the number of cores required to run your application. New User Name: type a name for the administrative account that you want to use to manage the server. Size: select the size of the virtual machine.

Microsoft Partner Network – Internal Use Only . Virtual Network Subnets: this option is available if you configure your Virtual Network before.Virtual Machine Cloud Service: you can place virtual machines together under a cloud service to provide robust applications. skip this. Region/Affinity Group/Virtual Network: select where you want to locate the virtual machine. Storage Account: you can select a storage account where the VHD file is stored. Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase letters and numbers. This name becomes part of the URI that is used to contact the virtual machine through the cloud service. Availability Set: create an availability set if needed. If you selected an existing Cloud Service.

Microsoft Partner Network – Internal Use Only . or create them later. (Endpoints allow resources on the Internet or other virtual networks to communicate with a virtual machine.Virtual Machine Endpoints: new endpoints are created to allow connections for Remote Desktop and Windows PowerShell remoting.) You can add more endpoints now.

Logon in the Virtual Machine In Virtual Machines. select the virtual machine. Microsoft Partner Network – Internal Use Only . click Connect. On the command bar.

specify either TCP or UDP.In Public Port and Private Port. Click Add. type a name for the endpoint. Then. These port numbers can be different. Microsoft Partner Network – Internal Use Only .In Name. .Click Create a load-balancing set if this endpoint will be the first one in a load-balanced set. on the Configure the load-balanced set page. and probe details. specify a name. The public port is the entry point for communication from outside of Windows Azure and is used by the Windows Azure load balancer. . You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application.Configure Network Endpoints Select the virtual machine that you want to configure and click Endpoints. . Choose whether to add the endpoint to a load-balanced set and then click the arrow to continue. type port numbers that you want to use.In protocol. protocol. .

Hybrid Deployments Microsoft Partner Network – Internal Use Only .

Site-to-Site connectivity: extend your company’s network and connect it to Azure Virtual Machine Microsoft Partner Network – Internal Use Only .Extends your Datacenter Point-to-Site connectivity: connect your Azure Virtual Network directly with your computers through VPN.

0.0/8.0. Click to configure and adjust the address space accordingly.0. specified in CIDR notation 10. 172. or 192.16. Address space rules: · Address space must be private · Address space must be a private address range.0/12.0/16 · Cannot overlap other virtual network or local network sites · Required if you have selected to configure pointto-site connectivity Microsoft Partner Network – Internal Use Only .Point-to-Site VPN ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection.168. Click add address space to add additional address space.0.

Click to configure and adjust the address space accordingly. · Subnet IP addresses cannot overlap within the virtual network. Add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. Click add address space to add additional address space. · You can add multiple subnets to a virtual network. Microsoft Partner Network – Internal Use Only . · Adding a subnet is optional. Subnet rules: · Subnet IPs must be within the virtual network address space. Click add subnet to add additional subnets.Point-to-Site VPN Virtual Network Address Spaces: you will create the private address space for your new virtual network: ADDRESS SPACE: The address space for your virtual network. · The smallest supported subnet is /29. Add subnet: The names and IPs for subnets to be created in your virtual network. You can add one gateway subnet for your virtual network.

Click Create Gateway. When your virtual network has been created. A message will appear asking Do you want to create a gateway for virtual network ‘yournetwork’. Microsoft Partner Network – Internal Use Only .Point-to-Site VPN After clicking the checkmark. your virtual network will begin to create. located at the bottom of the Dashboard page. you will see Created listed under Status on the networks page in the Management Portal. Click Yes to begin creating the gateway.

Upload the root certificate to Management Portal. On the Upload Certificate page.cer format and that you are uploading the root certificate and not a chained client certificate. on the Certificates page for your virtual network. click Upload a root certificate. browse for the . You must generate a self-signed root certificate along with client certificates chained to the self-signed root certificate.Point-to-Site VPN Certificates are used to authenticate VPN clients for point-to-site VPNs. Verify that the certificate is in . You can upload up to 20 certificates in order to support multiple certificate chains. You can then install the client certificates on every client computer that requires connectivity. In the Management Portal. Microsoft Partner Network – Internal Use Only .cer VPN root certificate. and then click the checkmark.

pfx file in order to install it. Do not modify the installation location. Microsoft Partner Network – Internal Use Only . you can start the VPN client configuration. Enter the password when requested. Once the client certificate has been installed. On the client computer.Point-to-Site VPN Install the client certificate A client certificate must be installed on every computer that you want to connect to the virtual network. double-click the .

Point-to-Site VPN Now you can download the VPN client to connect your computers to the Virtual Network Microsoft Partner Network – Internal Use Only .

Point-to-Site VPN Start VPN connection from computer Microsoft Partner Network – Internal Use Only .

This setting does not create a DNS server. Typically this would be a DNS server that you use for on-premises name resolution.Site-to-Site VPN On DNS Servers and VPN Connectivity. Microsoft Partner Network – Internal Use Only . DNS SERVERS: Enter the DNS server name and IP address that you want to use for name resolution. select “Configure site-to-site VPN”.

NAME: The name that you want to use to refer to your local network site.Site-to-Site VPN On Site-To-Site Connectivity page. specify the VPN Device IP address that you use for this virtual network and configure the address space used for your site-to-site connection. Note that the VPN device cannot be located behind a NAT. VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device. Click add address space to add additional address space. Click to configure and adjust the address space accordingly. ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a siteto-site connection. Address space rules: · Cannot overlap other virtual network or local network sites · Required if you have selected to configure site-to-site connectivity Microsoft Partner Network – Internal Use Only .

· The smallest supported subnet is /29.16. 172.Site-to-Site VPN ADDRESS SPACE: The address space for your virtual network.0.0/16) · Cannot overlap other virtual network or local network sites add subnet: The names and IPs for subnets to be created in your virtual network. You can add one gateway subnet for your virtual network.0. · Subnet IP addresses cannot overlap within the virtual network. Required. Subnet rules: · Subnet IPs must be within the virtual network address space.0. add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet.0/8. Microsoft Partner Network – Internal Use Only .0/12 or 192. · Adding a subnet is optional.0. · You can add multiple subnets to a virtual network.168. Address space rules: · Address space must be a private address range (10.

your virtual network will begin to create. Click Create Gateway. Microsoft Partner Network – Internal Use Only . located at the bottom of the Dashboard page. Note that the Gateway creation it may take up to 15 minutes. There are two options: Static Routing or Dynamic Routing. you will see Created listed under Status on the networks page in the Management Portal. When your virtual network has been created. Select “Dynamic Routing” if you want to use this virtual network for point-to-site connections in addition to site-to-site.Site-to-Site VPN After clicking the checkmark.

Microsoft Partner Network – Internal Use Only . Click Manage Key at the bottom of the screen. you’ll need to gather the following information that will be used to configure the VPN device: Gateway IP address: is located on the virtual network DASHBOARD page Shared key: is located on the virtual network DASHBOARD page.Site-to-Site VPN After the gateway has been created. platform. Select the vendor. VPN device configuration script template: on DASHBOARD left pane. and operating system for your company’s VPN device. and then copy the key displayed in the dialog box.

Test your connection Microsoft Partner Network – Internal Use Only . Check MSDN article for device compatibility. You will configure the following: · Security policies · Incoming tunnel · Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. To configure the VPN device: Modify the VPN configuration script.Site-to-Site VPN Configure the VPN device: the device that you have selected to use is compatible with virtual network.

Disks and Storage Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

Data Disks Microsoft Partner Network – Internal Use Only ... Add/Remove without Reboot. • C:\ = OS Disk • D:\ = Non-Persistent Cache Disk • E:\.Persistent Disk Management Capability OS Disk Data Disk Host Cache Default ReadWrite None Max Capacity 127 GB 1 TB Imaging Capable Yes No Hot Update Cache Setting Requires Reboot Change Cache Without Reboot. F:\. G:\ .

Attach an Empty Disk to a VM Select Virtual Machine and click Attach and select Attach Empty Disk. Storage Location. Enter the size that you want for the disk. The Virtual Machine Name. All disks are created from a VHD file in Windows Azure storage. File Name. You can provide a name for the VHD file that is added to storage. but Windows Azure generates the name of the disk automatically. Microsoft Partner Network – Internal Use Only . and Host Cache Preference are already defined for you.

Microsoft Partner Network – Internal Use Only .Add an existing VHD disk to a VM Select Virtual Machine and click Attach and select Attach Disk. You are limited in the number of disks that you can attach to a virtual machine based on the size of the machine. The virtual machine is not stopped to add the disk. Select the data disk that you want to attach to the virtual machine You can upload and attach a data disk that already contains data to the virtual machine.

Monitoring VMs Microsoft Partner Network – Internal Use Only .

Configure monitoring for cloud services Select the “Cloud Service” and MONITOR tab.Add Metrics and select your metric for the source VM Microsoft Partner Network – Internal Use Only . .

Add Rule and define the alert options and conditions Microsoft Partner Network – Internal Use Only .Configure Rules (alerts) Select the “Cloud Service”. MONITOR tab and click in a Metric.

Performance counters collected from the cloud service guest virtual machine .Web endpoint status metrics Web Sites . Mobile Services .Monitoring metrics from the virtual machine host operating system .Monitoring metrics from the cloud service host operating system .Monitoring metrics available Cloud Services . Microsoft Partner Network – Internal Use Only .Mobile service alert rules on monitoring metrics from mobile endpoint status.Web endpoint status metrics Virtual Machines .Web site alert rules on monitoring metrics from web site endpoint status.

Create a Virtual Machine Environment Microsoft Partner Network – Internal Use Only .

System Center Integration Microsoft Partner Network – Internal Use Only .

.In the Connect dialog box. enter a name for this subscription. . This name is displayed in the Name column of the Clouds page.In the Subscription ID field. Microsoft Partner Network – Internal Use Only . . The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal.To import the required management certificate. click Connect and then click Windows Azure Subscription. enter the subscription ID for this connection.Add an optional description in the Description text box.System Center integration Connect App Controller to a Windows Azure subscription .On the Clouds page. . .Click OK to create the connection. select the Personal Information Exchange (.pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate.

Integration Azure App Controller Portal Service Manager Service Manager Portal CMDB SM Data Warehouse Integration Pack CI Connector Active Directory OM Data Warehouse Orchestrator Virtual Machine Manager VMM/OM Integration Hyper-V Microsoft Partner Network – Internal Use Only Operations Manager Reporting Data .

Windows Azure Pack Microsoft Partner Network – Internal Use Only .

Customers IT Admin Windows Azure .

Customers IT Admin .

In your datacenter Customers IT Admin .

In your datacenter Customers IT Admin Windows Azure Pack .

Tenant experience Homepage Customer ONE Microsoft Consistent Platform Service Provider .

Tenant experience Dashboard Customer ONE Microsoft Consistent Platform Service Provider .

Resources Microsoft Partner Network – Internal Use Only .

msdn.com/windowsazure/sla Introduction To Windows Azure Training http://www.com/en-us/pricing/free-trial Windows Azure SLA http://www.Study Reference Links Windows Azure Portal http://www.microsoft.com/b/windowsazure Microsoft Partner Network – Internal Use Only .microsoftvirtualacademy.com/training-courses/introduction-to-windows-azure Windows Azure .windowsazure.com Start your Azure Trial http://www.windowsazure.MSDN Blogs http://blogs.

aspx?id=8396 Hybrid Networking Offerings in Windows Azure http://channel9.windowsazure.Study Reference Links Windows Azure Training Kit http://www.msdn.com/en-us/documentation/services/virtual-machines/?fb=it-it Microsoft Partner Network – Internal Use Only .com/Events/TechEd/NorthAmerica/2013/WAD-B309 Windows Azure DOCUMENTATION http://www.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz Windows Azure Active Directory http://channel9.com/en-us/download/details.microsoft.msdn.

com http://aka.ms/mpnsupport latampts@microsoft.Partner Services Contact Information http://aka.ms/supportcommunities .

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. All rights reserved. . IMPLIED OR STATUTORY.Thank you! latampts@microsoft.com © 2012 Microsoft Corporation.S. Microsoft. EXPRESS. MICROSOFT MAKES NO WARRANTIES. and/or other countries. it should not be interpreted to be a commitment on the part of Microsoft. Because Microsoft must respond to changing market conditions. Windows. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. AS TO THE INFORMATION IN THIS PRESENTATION. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.