Cloud OS: Build your

infrastructure on Windows Azure
IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com

Microsoft Partner Network – Internal Use Only

About Your Presenter
Wesley Fernandes Vieira
Partner Technical Consultant
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com



Consultor de infraestrutura desde 2005
Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter

About Your Presenter
Alfredo Fortenboher
Partner Technical Consultant
alforten@microsoft.com - latampts@microsoft.com



15 anos de experiência em TI e telecomunicações
Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter

Sessions tools

Feedback
Content download
Shared Notes

Microsoft Partner Network – Internal Use Only

Roadmap Microsoft Cloud OS Microsoft Cloud OS There are more apps. how can IT drive more efficiency and deliver new forms of value? Microsoft’s answer is the Cloud OS. more devices. and now. more data than ever — all driven by the rise of cloud computing and the use of cloud services. With these technologies playing an ever present role in businesses. Microsoft Partner Network – Internal Use Only .

Virtual Machine Manager. Service Templates Microsoft Partner Network – Internal Use Only .Construção de soluções: System Center 2012 R2 Cloud OS .Construa a sua infraestrutura híbrida com Windows Azure IaaS 17 Fev Cloud OS – Migração de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure On-Demand sessions Cloud OS .Construção de soluções: Windows Server 2012 R2 Storage Cloud OS .Atualização e preparação do Active Directory para o CloudOS 10 Fev Cloud OS .Cloud OS Building Blocks Sessions Date Title Live sessions 27 Jan Cloud OS – Implementação e Configuração de Failover Cluster no Windows 2012 R2 03 Fev CloudOS .

Windows Azure IaaS: Concepts Virtual Machines How to Create a Windows Azure VM Hybrid Deployment DiskCloud and Storage OS Monitoring VMs Resources Demos Microsoft Partner Network – Internal Use Only .Agenda Agenda Windows Azure IaaS In this session we are going to present how to extend the corporate infrastructure in a Hybrid Cloud scenario by using Windows Azure IaaS capabilities.

Windows Azure IaaS: Concepts Microsoft Partner Network – Internal Use Only .

Evolving Hosting Options  47 percent of new apps are onpremises  88 percent of sockets in corporate data center  98 percent of large organizations have some degree of virtualization  20 percent of organizations have private clouds  Majority of cloud growth is IaaS  Majority of new cloud apps are Product as a Service (PaaS)  Most efficient model for cloud development  About 16 percent of new apps qualify as Software as a Service (SaaS)  Business model. there are on-premises SaaS apps . not hosting model.

What is Windows Azure IaaS? Infrastructure Services are the lower level of building blocks Virtual Machines Cloud Services Virtual Networks Microsoft Partner Network – Internal Use Only .

Cloud Services. Roles and Instances • Cloud Service is a management. configuration. security. networking and service model boundary Microsoft Partner Network – Internal Use Only .

Virtual Machines • Virtual Machines are roles with exactly one instance Microsoft Partner Network – Internal Use Only .

Virtual Machines • Virtual Machines: deliver on-demand. With Virtual Machines. you get choice of Windows Server and Linux operating systems in multiple configurations on top of the trustworthy Windows Azure foundation. scalable compute infrastructure when you need to quickly provision resources to meet your growing business needs.Provision compute infrastructure at the pace your business requires .Enterprise grade support with enterprise ready products . .Monitor. alert and auto scale Microsoft Partner Network – Internal Use Only .Use the tools you know and be ready for tomorrow .

Virtual Machines and Cloud Services • Multiple Virtual Machines can be hosted within the same cloud service Microsoft Partner Network – Internal Use Only .

e. Same rack. same server • Windows Azure Fabric spreads instances across fault at least 2 fault domains • Update Domains • Represents groups of resources that will be updated together • Host OS updates honour service update domains • Specified in service definition • Default of 5 (up to 20) • Fabric spreads role instances across Update Domains and Fault Domains Microsoft Partner Network – Internal Use Only .Fault Domains and Update Domains • Fault Domains • Represent groups of resources anticipated to fail together • i.

queue. • A storage account can contain more than 99TB of blob.Storage Accounts • Gives your applications access to Windows Azure Blob. and Queue services located in a geographic region. Table. and table data. • You can create many storage accounts for your Windows Azure subscription. • The storage account represents the highest level of the namespace for accessing the storage services. Microsoft Partner Network – Internal Use Only .

network and storage resources in the same datacenter Get better performance Get lower latency Reduce egress costs Microsoft Partner Network – Internal Use Only .Affinity Groups Closely locate your compute.

mainframes and UNIX. Microsoft Partner Network – Internal Use Only . • Virtual Network makes it easy for you to take advantage of Windows Azure’s scalable.Virtual Networks • Enables you to create a logically isolated section in Windows Azure and securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. on-demand infrastructure while providing connectivity to data and applications on-premises. including systems running on Windows Server.

Backend VIRTUAL NETWORK AFFINITY GROUP Microsoft Partner Network – Internal Use Only .Frontend VM VM VM VM VM VM Update Domain Update Domain Update Domain Fault Domain Fault Domain Fault Domain Availability Set .Bringing all the concepts together Availability Set .

net  VIP (Virtual IP) Input Endpoint VIP: Input Endpoint Load balanced endpoint. HTTPS. Single port per endpoint Supported protocols: HTTP. TCP Internal Endpoint Instance-to-instance communication Supported Protocols: TCP.cloudapp. Stable VIP per cloud service. UDP Port ranges supported Communication boundary = Deployment boundary Internal Endpoint Microsoft Partner Network – Internal Use Only .Network Endpoints foo.

Port Forwarding Input Endpoints Microsoft Partner Network – Internal Use Only .

Virtual Machines Microsoft Partner Network – Internal Use Only .

Size of the Virtual Machines Microsoft Partner Network – Internal Use Only .

Platform Images Windows Server 2012 Datacenter Windows Server 2012 R2 Windows Server 2008 R2 SP1 OpenSUSE CentOS by Open Logic Canonical Ubuntu SUSE Linux Enterprise Microsoft Partner Network – Internal Use Only .

Microsoft and Partner Images Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Microsoft Partner Network – Internal Use Only .

How to Create a Windows Azure VM Deployment Microsoft Partner Network – Internal Use Only .

Different elements
SCENARIOS

- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Microsoft Partner Network – Internal Use Only

Affinity Group

To create an affinity group, open the Settings area
of the Management Portal, click Affinity Groups,
and then click ADD

Microsoft Partner Network – Internal Use Only

Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.

Affinity Group Name: name the new affinity group.
Microsoft Partner Network – Internal Use Only

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.

Microsoft Partner Network – Internal Use Only

Cloud Service Use Cloud Services to deploy an application as a cloud service in Windows Azure URL: enter a subdomain name to use in the public URL for accessing your cloud service in production deployments. you can upload a Certificate Microsoft Partner Network – Internal Use Only . After creating the Cloud Service. Region or Affinity Group: select the geographic region or affinity group to deploy the cloud service to.

cspkg) to use. shown below. (You can also deploy your cloud service by using Upload on the dashboard. Package: use Browse to select the service package file (. Configuration: use Browse to select the service configure file (. Microsoft Partner Network – Internal Use Only .cscfg) to use.Cloud Service Click Quick Start (the icon to the left of Dashboard) to open the Quick Start page. Deployment name: enter a name for the new deployment.) Click either New Production Deployment or New Staging Deployment.

Storage Account Click Create New. and then click Quick Create URL: enter a subdomain name to use in the storage account URL. Select an affinity group instead of a region if you want your storage services to be in the same data center with other Windows Azure services thatyou are using. the secondary location becomes the primary location for the storage account. Microsoft Partner Network – Internal Use Only . and stored data is replicated to a new secondary location. Region/Affinity Group: select a region or affinity groupfor the storage. A secondary location in the same region is assigned and cannot be changed. you will append the object's location to the endpoint. After a geo-failover. click Storage. storage fails over to a secondary location. in the event of a major disaster in the primary location. To access an object in storage. Geo-replication is enabled by default so that.

After an image is provisioned.Virtual Machine Click Create New. it becomes a disk. click Virtual Machine and then From Gallery. such as the computer name and user account settings. an operating system disk is automatically created for the new virtual machine. click Compute. Microsoft Partner Network – Internal Use Only . Disk: is a VHD that you can boot and mount as a running version of an operating system. An image doesn’t have specific settings like a running virtual machine. If you use an image to create a virtual machine. Any VHD that is attached to virtualized hardware and that is running as part of a service is a disk. Image: is a template that you use to create a new virtual machine. A disk is always created when you use an image to create a virtual machine.

New Password: type a strong password for the administrative account on the virtual machine. Version Release Date: If multiple versions of the image are available.Virtual Machine Select one image from Platform Images. In Confirm Password. Size: select the size of the virtual machine. The size you should select depends on the number of cores required to run your application. New User Name: type a name for the administrative account that you want to use to manage the server. Virtual Machine Name: type the name that you want to use for the virtual machine. Microsoft Partner Network – Internal Use Only . retype the password. pick the version you want to use.

Virtual Network Subnets: this option is available if you configure your Virtual Network before. Microsoft Partner Network – Internal Use Only . If you selected an existing Cloud Service. skip this. Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase letters and numbers. This name becomes part of the URI that is used to contact the virtual machine through the cloud service. Availability Set: create an availability set if needed. Region/Affinity Group/Virtual Network: select where you want to locate the virtual machine.Virtual Machine Cloud Service: you can place virtual machines together under a cloud service to provide robust applications. Storage Account: you can select a storage account where the VHD file is stored.

(Endpoints allow resources on the Internet or other virtual networks to communicate with a virtual machine.Virtual Machine Endpoints: new endpoints are created to allow connections for Remote Desktop and Windows PowerShell remoting. or create them later.) You can add more endpoints now. Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . click Connect. select the virtual machine. On the command bar.Logon in the Virtual Machine In Virtual Machines.

protocol.In protocol. You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application. Choose whether to add the endpoint to a load-balanced set and then click the arrow to continue.Click Create a load-balancing set if this endpoint will be the first one in a load-balanced set. specify a name. type port numbers that you want to use. Click Add. These port numbers can be different.Configure Network Endpoints Select the virtual machine that you want to configure and click Endpoints. and probe details. Then. on the Configure the load-balanced set page. . The public port is the entry point for communication from outside of Windows Azure and is used by the Windows Azure load balancer. .In Public Port and Private Port. specify either TCP or UDP. Microsoft Partner Network – Internal Use Only . .In Name. . type a name for the endpoint.

Hybrid Deployments Microsoft Partner Network – Internal Use Only .

Extends your Datacenter Point-to-Site connectivity: connect your Azure Virtual Network directly with your computers through VPN. Site-to-Site connectivity: extend your company’s network and connect it to Azure Virtual Machine Microsoft Partner Network – Internal Use Only .

Click add address space to add additional address space.16.0/8.0/12. or 192.0.Point-to-Site VPN ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection.0.0/16 · Cannot overlap other virtual network or local network sites · Required if you have selected to configure pointto-site connectivity Microsoft Partner Network – Internal Use Only . Address space rules: · Address space must be private · Address space must be a private address range.0. 172. specified in CIDR notation 10.168.0. Click to configure and adjust the address space accordingly.

Add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. · You can add multiple subnets to a virtual network. · The smallest supported subnet is /29. You can add one gateway subnet for your virtual network.Point-to-Site VPN Virtual Network Address Spaces: you will create the private address space for your new virtual network: ADDRESS SPACE: The address space for your virtual network. Click to configure and adjust the address space accordingly. Add subnet: The names and IPs for subnets to be created in your virtual network. · Adding a subnet is optional. · Subnet IP addresses cannot overlap within the virtual network. Click add address space to add additional address space. Subnet rules: · Subnet IPs must be within the virtual network address space. Microsoft Partner Network – Internal Use Only . Click add subnet to add additional subnets.

located at the bottom of the Dashboard page. your virtual network will begin to create. you will see Created listed under Status on the networks page in the Management Portal. Microsoft Partner Network – Internal Use Only . A message will appear asking Do you want to create a gateway for virtual network ‘yournetwork’. When your virtual network has been created. Click Create Gateway. Click Yes to begin creating the gateway.Point-to-Site VPN After clicking the checkmark.

and then click the checkmark. Microsoft Partner Network – Internal Use Only . You can then install the client certificates on every client computer that requires connectivity. click Upload a root certificate. on the Certificates page for your virtual network.Point-to-Site VPN Certificates are used to authenticate VPN clients for point-to-site VPNs.cer format and that you are uploading the root certificate and not a chained client certificate. In the Management Portal. Upload the root certificate to Management Portal. You must generate a self-signed root certificate along with client certificates chained to the self-signed root certificate. On the Upload Certificate page. browse for the .cer VPN root certificate. You can upload up to 20 certificates in order to support multiple certificate chains. Verify that the certificate is in .

Once the client certificate has been installed. Do not modify the installation location. On the client computer. Enter the password when requested.Point-to-Site VPN Install the client certificate A client certificate must be installed on every computer that you want to connect to the virtual network. Microsoft Partner Network – Internal Use Only . you can start the VPN client configuration. double-click the .pfx file in order to install it.

Point-to-Site VPN Now you can download the VPN client to connect your computers to the Virtual Network Microsoft Partner Network – Internal Use Only .

Point-to-Site VPN Start VPN connection from computer Microsoft Partner Network – Internal Use Only .

This setting does not create a DNS server. select “Configure site-to-site VPN”. DNS SERVERS: Enter the DNS server name and IP address that you want to use for name resolution.Site-to-Site VPN On DNS Servers and VPN Connectivity. Typically this would be a DNS server that you use for on-premises name resolution. Microsoft Partner Network – Internal Use Only .

ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a siteto-site connection. Click add address space to add additional address space. Click to configure and adjust the address space accordingly. VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device.Site-to-Site VPN On Site-To-Site Connectivity page. Address space rules: · Cannot overlap other virtual network or local network sites · Required if you have selected to configure site-to-site connectivity Microsoft Partner Network – Internal Use Only . specify the VPN Device IP address that you use for this virtual network and configure the address space used for your site-to-site connection. Note that the VPN device cannot be located behind a NAT. NAME: The name that you want to use to refer to your local network site.

You can add one gateway subnet for your virtual network. · The smallest supported subnet is /29. · Adding a subnet is optional. Microsoft Partner Network – Internal Use Only . · You can add multiple subnets to a virtual network. 172.0.Site-to-Site VPN ADDRESS SPACE: The address space for your virtual network.0/8.16.0/16) · Cannot overlap other virtual network or local network sites add subnet: The names and IPs for subnets to be created in your virtual network.0.0. Required. Address space rules: · Address space must be a private address range (10. · Subnet IP addresses cannot overlap within the virtual network.0.168. Subnet rules: · Subnet IPs must be within the virtual network address space.0/12 or 192. add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet.

located at the bottom of the Dashboard page. There are two options: Static Routing or Dynamic Routing. Note that the Gateway creation it may take up to 15 minutes. your virtual network will begin to create. Select “Dynamic Routing” if you want to use this virtual network for point-to-site connections in addition to site-to-site. Microsoft Partner Network – Internal Use Only . Click Create Gateway. you will see Created listed under Status on the networks page in the Management Portal. When your virtual network has been created.Site-to-Site VPN After clicking the checkmark.

platform. Click Manage Key at the bottom of the screen. Microsoft Partner Network – Internal Use Only . you’ll need to gather the following information that will be used to configure the VPN device: Gateway IP address: is located on the virtual network DASHBOARD page Shared key: is located on the virtual network DASHBOARD page. VPN device configuration script template: on DASHBOARD left pane. Select the vendor. and then copy the key displayed in the dialog box. and operating system for your company’s VPN device.Site-to-Site VPN After the gateway has been created.

You will configure the following: · Security policies · Incoming tunnel · Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. To configure the VPN device: Modify the VPN configuration script. Check MSDN article for device compatibility.Site-to-Site VPN Configure the VPN device: the device that you have selected to use is compatible with virtual network. Test your connection Microsoft Partner Network – Internal Use Only .

Disks and Storage Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

.Persistent Disk Management Capability OS Disk Data Disk Host Cache Default ReadWrite None Max Capacity 127 GB 1 TB Imaging Capable Yes No Hot Update Cache Setting Requires Reboot Change Cache Without Reboot. Add/Remove without Reboot. Data Disks Microsoft Partner Network – Internal Use Only . • C:\ = OS Disk • D:\ = Non-Persistent Cache Disk • E:\. G:\ . F:\..

All disks are created from a VHD file in Windows Azure storage. and Host Cache Preference are already defined for you.Attach an Empty Disk to a VM Select Virtual Machine and click Attach and select Attach Empty Disk. Enter the size that you want for the disk. You can provide a name for the VHD file that is added to storage. but Windows Azure generates the name of the disk automatically. Microsoft Partner Network – Internal Use Only . File Name. Storage Location. The Virtual Machine Name.

The virtual machine is not stopped to add the disk. Select the data disk that you want to attach to the virtual machine You can upload and attach a data disk that already contains data to the virtual machine. You are limited in the number of disks that you can attach to a virtual machine based on the size of the machine.Add an existing VHD disk to a VM Select Virtual Machine and click Attach and select Attach Disk. Microsoft Partner Network – Internal Use Only .

Monitoring VMs Microsoft Partner Network – Internal Use Only .

Add Metrics and select your metric for the source VM Microsoft Partner Network – Internal Use Only . .Configure monitoring for cloud services Select the “Cloud Service” and MONITOR tab.

MONITOR tab and click in a Metric.Configure Rules (alerts) Select the “Cloud Service”. Add Rule and define the alert options and conditions Microsoft Partner Network – Internal Use Only .

Web site alert rules on monitoring metrics from web site endpoint status.Monitoring metrics available Cloud Services .Monitoring metrics from the virtual machine host operating system .Monitoring metrics from the cloud service host operating system .Performance counters collected from the cloud service guest virtual machine . Mobile Services .Web endpoint status metrics Virtual Machines .Web endpoint status metrics Web Sites . Microsoft Partner Network – Internal Use Only .Mobile service alert rules on monitoring metrics from mobile endpoint status.

Create a Virtual Machine Environment Microsoft Partner Network – Internal Use Only .

System Center Integration Microsoft Partner Network – Internal Use Only .

enter the subscription ID for this connection.On the Clouds page. . . . Microsoft Partner Network – Internal Use Only .System Center integration Connect App Controller to a Windows Azure subscription . This name is displayed in the Name column of the Clouds page.In the Subscription ID field.Click OK to create the connection.To import the required management certificate. The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal.Add an optional description in the Description text box.In the Connect dialog box. click Connect and then click Windows Azure Subscription. enter a name for this subscription.pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate. . . select the Personal Information Exchange (.

Integration Azure App Controller Portal Service Manager Service Manager Portal CMDB SM Data Warehouse Integration Pack CI Connector Active Directory OM Data Warehouse Orchestrator Virtual Machine Manager VMM/OM Integration Hyper-V Microsoft Partner Network – Internal Use Only Operations Manager Reporting Data .

Windows Azure Pack Microsoft Partner Network – Internal Use Only .

Customers IT Admin Windows Azure .

Customers IT Admin .

In your datacenter Customers IT Admin .

In your datacenter Customers IT Admin Windows Azure Pack .

Tenant experience Homepage Customer ONE Microsoft Consistent Platform Service Provider .

Tenant experience Dashboard Customer ONE Microsoft Consistent Platform Service Provider .

Resources Microsoft Partner Network – Internal Use Only .

MSDN Blogs http://blogs.com/training-courses/introduction-to-windows-azure Windows Azure .com/en-us/pricing/free-trial Windows Azure SLA http://www.com Start your Azure Trial http://www.windowsazure.com/windowsazure/sla Introduction To Windows Azure Training http://www.windowsazure.microsoftvirtualacademy.msdn.Study Reference Links Windows Azure Portal http://www.com/b/windowsazure Microsoft Partner Network – Internal Use Only .microsoft.

windowsazure.microsoft.com/en-us/documentation/services/virtual-machines/?fb=it-it Microsoft Partner Network – Internal Use Only .aspx?id=8396 Hybrid Networking Offerings in Windows Azure http://channel9.msdn.msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309 Windows Azure DOCUMENTATION http://www.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz Windows Azure Active Directory http://channel9.Study Reference Links Windows Azure Training Kit http://www.com/en-us/download/details.

ms/mpnsupport latampts@microsoft.ms/supportcommunities .com http://aka.Partner Services Contact Information http://aka.

S. Because Microsoft must respond to changing market conditions. MICROSOFT MAKES NO WARRANTIES. and/or other countries. . Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. IMPLIED OR STATUTORY. Microsoft. AS TO THE INFORMATION IN THIS PRESENTATION.Thank you! latampts@microsoft. it should not be interpreted to be a commitment on the part of Microsoft. Windows. EXPRESS. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations.com © 2012 Microsoft Corporation. All rights reserved. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.