Cloud OS: Build your

infrastructure on Windows Azure
IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com

Microsoft Partner Network – Internal Use Only

About Your Presenter
Wesley Fernandes Vieira
Partner Technical Consultant
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com



Consultor de infraestrutura desde 2005
Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter

About Your Presenter
Alfredo Fortenboher
Partner Technical Consultant
alforten@microsoft.com - latampts@microsoft.com



15 anos de experiência em TI e telecomunicações
Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter

Sessions tools

Feedback
Content download
Shared Notes

Microsoft Partner Network – Internal Use Only

Roadmap Microsoft Cloud OS Microsoft Cloud OS There are more apps. more data than ever — all driven by the rise of cloud computing and the use of cloud services. With these technologies playing an ever present role in businesses. how can IT drive more efficiency and deliver new forms of value? Microsoft’s answer is the Cloud OS. more devices. Microsoft Partner Network – Internal Use Only . and now.

Construção de soluções: System Center 2012 R2 Cloud OS .Atualização e preparação do Active Directory para o CloudOS 10 Fev Cloud OS . Service Templates Microsoft Partner Network – Internal Use Only .Virtual Machine Manager.Cloud OS Building Blocks Sessions Date Title Live sessions 27 Jan Cloud OS – Implementação e Configuração de Failover Cluster no Windows 2012 R2 03 Fev CloudOS .Construção de soluções: Windows Server 2012 R2 Storage Cloud OS .Construa a sua infraestrutura híbrida com Windows Azure IaaS 17 Fev Cloud OS – Migração de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure On-Demand sessions Cloud OS .

Windows Azure IaaS: Concepts Virtual Machines How to Create a Windows Azure VM Hybrid Deployment DiskCloud and Storage OS Monitoring VMs Resources Demos Microsoft Partner Network – Internal Use Only .Agenda Agenda Windows Azure IaaS In this session we are going to present how to extend the corporate infrastructure in a Hybrid Cloud scenario by using Windows Azure IaaS capabilities.

Windows Azure IaaS: Concepts Microsoft Partner Network – Internal Use Only .

Evolving Hosting Options  47 percent of new apps are onpremises  88 percent of sockets in corporate data center  98 percent of large organizations have some degree of virtualization  20 percent of organizations have private clouds  Majority of cloud growth is IaaS  Majority of new cloud apps are Product as a Service (PaaS)  Most efficient model for cloud development  About 16 percent of new apps qualify as Software as a Service (SaaS)  Business model. there are on-premises SaaS apps . not hosting model.

What is Windows Azure IaaS? Infrastructure Services are the lower level of building blocks Virtual Machines Cloud Services Virtual Networks Microsoft Partner Network – Internal Use Only .

Cloud Services. security. networking and service model boundary Microsoft Partner Network – Internal Use Only . Roles and Instances • Cloud Service is a management. configuration.

Virtual Machines • Virtual Machines are roles with exactly one instance Microsoft Partner Network – Internal Use Only .

Use the tools you know and be ready for tomorrow . alert and auto scale Microsoft Partner Network – Internal Use Only . you get choice of Windows Server and Linux operating systems in multiple configurations on top of the trustworthy Windows Azure foundation. . scalable compute infrastructure when you need to quickly provision resources to meet your growing business needs.Enterprise grade support with enterprise ready products .Monitor.Provision compute infrastructure at the pace your business requires . With Virtual Machines.Virtual Machines • Virtual Machines: deliver on-demand.

Virtual Machines and Cloud Services • Multiple Virtual Machines can be hosted within the same cloud service Microsoft Partner Network – Internal Use Only .

e.Fault Domains and Update Domains • Fault Domains • Represent groups of resources anticipated to fail together • i. Same rack. same server • Windows Azure Fabric spreads instances across fault at least 2 fault domains • Update Domains • Represents groups of resources that will be updated together • Host OS updates honour service update domains • Specified in service definition • Default of 5 (up to 20) • Fabric spreads role instances across Update Domains and Fault Domains Microsoft Partner Network – Internal Use Only .

and Queue services located in a geographic region. • A storage account can contain more than 99TB of blob. Microsoft Partner Network – Internal Use Only . • You can create many storage accounts for your Windows Azure subscription. and table data.Storage Accounts • Gives your applications access to Windows Azure Blob. queue. • The storage account represents the highest level of the namespace for accessing the storage services. Table.

Affinity Groups Closely locate your compute. network and storage resources in the same datacenter Get better performance Get lower latency Reduce egress costs Microsoft Partner Network – Internal Use Only .

Virtual Networks • Enables you to create a logically isolated section in Windows Azure and securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. on-demand infrastructure while providing connectivity to data and applications on-premises. Microsoft Partner Network – Internal Use Only . • Virtual Network makes it easy for you to take advantage of Windows Azure’s scalable. mainframes and UNIX. including systems running on Windows Server.

Bringing all the concepts together Availability Set .Backend VIRTUAL NETWORK AFFINITY GROUP Microsoft Partner Network – Internal Use Only .Frontend VM VM VM VM VM VM Update Domain Update Domain Update Domain Fault Domain Fault Domain Fault Domain Availability Set .

TCP Internal Endpoint Instance-to-instance communication Supported Protocols: TCP. Stable VIP per cloud service.cloudapp. HTTPS. Single port per endpoint Supported protocols: HTTP.net  VIP (Virtual IP) Input Endpoint VIP: Input Endpoint Load balanced endpoint. UDP Port ranges supported Communication boundary = Deployment boundary Internal Endpoint Microsoft Partner Network – Internal Use Only .Network Endpoints foo.

Port Forwarding Input Endpoints Microsoft Partner Network – Internal Use Only .

Virtual Machines Microsoft Partner Network – Internal Use Only .

Size of the Virtual Machines Microsoft Partner Network – Internal Use Only .

Platform Images Windows Server 2012 Datacenter Windows Server 2012 R2 Windows Server 2008 R2 SP1 OpenSUSE CentOS by Open Logic Canonical Ubuntu SUSE Linux Enterprise Microsoft Partner Network – Internal Use Only .

Microsoft and Partner Images Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Microsoft Partner Network – Internal Use Only .

How to Create a Windows Azure VM Deployment Microsoft Partner Network – Internal Use Only .

Different elements
SCENARIOS

- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Microsoft Partner Network – Internal Use Only

Affinity Group

To create an affinity group, open the Settings area
of the Management Portal, click Affinity Groups,
and then click ADD

Microsoft Partner Network – Internal Use Only

Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.

Affinity Group Name: name the new affinity group.
Microsoft Partner Network – Internal Use Only

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.

Microsoft Partner Network – Internal Use Only

After creating the Cloud Service. you can upload a Certificate Microsoft Partner Network – Internal Use Only . Region or Affinity Group: select the geographic region or affinity group to deploy the cloud service to.Cloud Service Use Cloud Services to deploy an application as a cloud service in Windows Azure URL: enter a subdomain name to use in the public URL for accessing your cloud service in production deployments.

Package: use Browse to select the service package file (.cscfg) to use. Configuration: use Browse to select the service configure file (. (You can also deploy your cloud service by using Upload on the dashboard.cspkg) to use. shown below.Cloud Service Click Quick Start (the icon to the left of Dashboard) to open the Quick Start page. Deployment name: enter a name for the new deployment.) Click either New Production Deployment or New Staging Deployment. Microsoft Partner Network – Internal Use Only .

in the event of a major disaster in the primary location. storage fails over to a secondary location. Select an affinity group instead of a region if you want your storage services to be in the same data center with other Windows Azure services thatyou are using. the secondary location becomes the primary location for the storage account.Storage Account Click Create New. Region/Affinity Group: select a region or affinity groupfor the storage. To access an object in storage. After a geo-failover. Microsoft Partner Network – Internal Use Only . click Storage. you will append the object's location to the endpoint. Geo-replication is enabled by default so that. A secondary location in the same region is assigned and cannot be changed. and then click Quick Create URL: enter a subdomain name to use in the storage account URL. and stored data is replicated to a new secondary location.

After an image is provisioned. an operating system disk is automatically created for the new virtual machine. Disk: is a VHD that you can boot and mount as a running version of an operating system.Virtual Machine Click Create New. it becomes a disk. An image doesn’t have specific settings like a running virtual machine. Microsoft Partner Network – Internal Use Only . such as the computer name and user account settings. click Virtual Machine and then From Gallery. Any VHD that is attached to virtualized hardware and that is running as part of a service is a disk. Image: is a template that you use to create a new virtual machine. A disk is always created when you use an image to create a virtual machine. click Compute. If you use an image to create a virtual machine.

Virtual Machine Select one image from Platform Images. In Confirm Password. pick the version you want to use. Virtual Machine Name: type the name that you want to use for the virtual machine. New Password: type a strong password for the administrative account on the virtual machine. Version Release Date: If multiple versions of the image are available. Microsoft Partner Network – Internal Use Only . Size: select the size of the virtual machine. retype the password. The size you should select depends on the number of cores required to run your application. New User Name: type a name for the administrative account that you want to use to manage the server.

Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase letters and numbers. This name becomes part of the URI that is used to contact the virtual machine through the cloud service. skip this. Virtual Network Subnets: this option is available if you configure your Virtual Network before.Virtual Machine Cloud Service: you can place virtual machines together under a cloud service to provide robust applications. Region/Affinity Group/Virtual Network: select where you want to locate the virtual machine. If you selected an existing Cloud Service. Microsoft Partner Network – Internal Use Only . Storage Account: you can select a storage account where the VHD file is stored. Availability Set: create an availability set if needed.

(Endpoints allow resources on the Internet or other virtual networks to communicate with a virtual machine. Microsoft Partner Network – Internal Use Only .Virtual Machine Endpoints: new endpoints are created to allow connections for Remote Desktop and Windows PowerShell remoting. or create them later.) You can add more endpoints now.

Microsoft Partner Network – Internal Use Only . click Connect. select the virtual machine.Logon in the Virtual Machine In Virtual Machines. On the command bar.

Configure Network Endpoints Select the virtual machine that you want to configure and click Endpoints. .In Public Port and Private Port. These port numbers can be different. Then. . The public port is the entry point for communication from outside of Windows Azure and is used by the Windows Azure load balancer. You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application. protocol.Click Create a load-balancing set if this endpoint will be the first one in a load-balanced set. specify either TCP or UDP. type a name for the endpoint.In Name. and probe details. Click Add. specify a name. Microsoft Partner Network – Internal Use Only . . . Choose whether to add the endpoint to a load-balanced set and then click the arrow to continue. type port numbers that you want to use. on the Configure the load-balanced set page.In protocol.

Hybrid Deployments Microsoft Partner Network – Internal Use Only .

Extends your Datacenter Point-to-Site connectivity: connect your Azure Virtual Network directly with your computers through VPN. Site-to-Site connectivity: extend your company’s network and connect it to Azure Virtual Machine Microsoft Partner Network – Internal Use Only .

16. Click to configure and adjust the address space accordingly. 172.0/8. specified in CIDR notation 10.0.0. Address space rules: · Address space must be private · Address space must be a private address range.0/16 · Cannot overlap other virtual network or local network sites · Required if you have selected to configure pointto-site connectivity Microsoft Partner Network – Internal Use Only . or 192.0.Point-to-Site VPN ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection. Click add address space to add additional address space.0.168.0/12.

Add subnet: The names and IPs for subnets to be created in your virtual network. Click add address space to add additional address space. Click to configure and adjust the address space accordingly. · The smallest supported subnet is /29. · You can add multiple subnets to a virtual network. Add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. You can add one gateway subnet for your virtual network. · Adding a subnet is optional. · Subnet IP addresses cannot overlap within the virtual network.Point-to-Site VPN Virtual Network Address Spaces: you will create the private address space for your new virtual network: ADDRESS SPACE: The address space for your virtual network. Click add subnet to add additional subnets. Microsoft Partner Network – Internal Use Only . Subnet rules: · Subnet IPs must be within the virtual network address space.

Click Create Gateway.Point-to-Site VPN After clicking the checkmark. Microsoft Partner Network – Internal Use Only . located at the bottom of the Dashboard page. Click Yes to begin creating the gateway. you will see Created listed under Status on the networks page in the Management Portal. A message will appear asking Do you want to create a gateway for virtual network ‘yournetwork’. When your virtual network has been created. your virtual network will begin to create.

on the Certificates page for your virtual network.cer format and that you are uploading the root certificate and not a chained client certificate. Verify that the certificate is in . You can then install the client certificates on every client computer that requires connectivity. Upload the root certificate to Management Portal. You must generate a self-signed root certificate along with client certificates chained to the self-signed root certificate. and then click the checkmark. click Upload a root certificate. In the Management Portal. browse for the . On the Upload Certificate page. You can upload up to 20 certificates in order to support multiple certificate chains. Microsoft Partner Network – Internal Use Only .cer VPN root certificate.Point-to-Site VPN Certificates are used to authenticate VPN clients for point-to-site VPNs.

Enter the password when requested. double-click the . you can start the VPN client configuration. On the client computer. Microsoft Partner Network – Internal Use Only . Do not modify the installation location. Once the client certificate has been installed.pfx file in order to install it.Point-to-Site VPN Install the client certificate A client certificate must be installed on every computer that you want to connect to the virtual network.

Point-to-Site VPN Now you can download the VPN client to connect your computers to the Virtual Network Microsoft Partner Network – Internal Use Only .

Point-to-Site VPN Start VPN connection from computer Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . DNS SERVERS: Enter the DNS server name and IP address that you want to use for name resolution. This setting does not create a DNS server. select “Configure site-to-site VPN”. Typically this would be a DNS server that you use for on-premises name resolution.Site-to-Site VPN On DNS Servers and VPN Connectivity.

NAME: The name that you want to use to refer to your local network site. ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a siteto-site connection. specify the VPN Device IP address that you use for this virtual network and configure the address space used for your site-to-site connection. Note that the VPN device cannot be located behind a NAT. Click add address space to add additional address space. VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device.Site-to-Site VPN On Site-To-Site Connectivity page. Address space rules: · Cannot overlap other virtual network or local network sites · Required if you have selected to configure site-to-site connectivity Microsoft Partner Network – Internal Use Only . Click to configure and adjust the address space accordingly.

0. · Subnet IP addresses cannot overlap within the virtual network.168. add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet.0. · The smallest supported subnet is /29. Address space rules: · Address space must be a private address range (10. 172. · Adding a subnet is optional.0/8. Required.Site-to-Site VPN ADDRESS SPACE: The address space for your virtual network.0/12 or 192.0. Subnet rules: · Subnet IPs must be within the virtual network address space.0. · You can add multiple subnets to a virtual network.16. Microsoft Partner Network – Internal Use Only .0/16) · Cannot overlap other virtual network or local network sites add subnet: The names and IPs for subnets to be created in your virtual network. You can add one gateway subnet for your virtual network.

Select “Dynamic Routing” if you want to use this virtual network for point-to-site connections in addition to site-to-site. Note that the Gateway creation it may take up to 15 minutes. you will see Created listed under Status on the networks page in the Management Portal. your virtual network will begin to create. Microsoft Partner Network – Internal Use Only .Site-to-Site VPN After clicking the checkmark. When your virtual network has been created. There are two options: Static Routing or Dynamic Routing. Click Create Gateway. located at the bottom of the Dashboard page.

platform. Select the vendor.Site-to-Site VPN After the gateway has been created. and operating system for your company’s VPN device. VPN device configuration script template: on DASHBOARD left pane. and then copy the key displayed in the dialog box. Microsoft Partner Network – Internal Use Only . you’ll need to gather the following information that will be used to configure the VPN device: Gateway IP address: is located on the virtual network DASHBOARD page Shared key: is located on the virtual network DASHBOARD page. Click Manage Key at the bottom of the screen.

Check MSDN article for device compatibility.Site-to-Site VPN Configure the VPN device: the device that you have selected to use is compatible with virtual network. To configure the VPN device: Modify the VPN configuration script. You will configure the following: · Security policies · Incoming tunnel · Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. Test your connection Microsoft Partner Network – Internal Use Only .

Disks and Storage Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

Data Disks Microsoft Partner Network – Internal Use Only ... • C:\ = OS Disk • D:\ = Non-Persistent Cache Disk • E:\. G:\ . Add/Remove without Reboot.Persistent Disk Management Capability OS Disk Data Disk Host Cache Default ReadWrite None Max Capacity 127 GB 1 TB Imaging Capable Yes No Hot Update Cache Setting Requires Reboot Change Cache Without Reboot. F:\.

and Host Cache Preference are already defined for you. Enter the size that you want for the disk. but Windows Azure generates the name of the disk automatically. The Virtual Machine Name. You can provide a name for the VHD file that is added to storage.Attach an Empty Disk to a VM Select Virtual Machine and click Attach and select Attach Empty Disk. Storage Location. Microsoft Partner Network – Internal Use Only . File Name. All disks are created from a VHD file in Windows Azure storage.

You are limited in the number of disks that you can attach to a virtual machine based on the size of the machine.Add an existing VHD disk to a VM Select Virtual Machine and click Attach and select Attach Disk. The virtual machine is not stopped to add the disk. Microsoft Partner Network – Internal Use Only . Select the data disk that you want to attach to the virtual machine You can upload and attach a data disk that already contains data to the virtual machine.

Monitoring VMs Microsoft Partner Network – Internal Use Only .

Configure monitoring for cloud services Select the “Cloud Service” and MONITOR tab.Add Metrics and select your metric for the source VM Microsoft Partner Network – Internal Use Only . .

MONITOR tab and click in a Metric. Add Rule and define the alert options and conditions Microsoft Partner Network – Internal Use Only .Configure Rules (alerts) Select the “Cloud Service”.

Web endpoint status metrics Virtual Machines .Web site alert rules on monitoring metrics from web site endpoint status.Monitoring metrics from the cloud service host operating system .Monitoring metrics from the virtual machine host operating system .Web endpoint status metrics Web Sites . Mobile Services .Mobile service alert rules on monitoring metrics from mobile endpoint status. Microsoft Partner Network – Internal Use Only .Monitoring metrics available Cloud Services .Performance counters collected from the cloud service guest virtual machine .

Create a Virtual Machine Environment Microsoft Partner Network – Internal Use Only .

System Center Integration Microsoft Partner Network – Internal Use Only .

enter the subscription ID for this connection.pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate. The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal. .Add an optional description in the Description text box. .System Center integration Connect App Controller to a Windows Azure subscription .On the Clouds page. This name is displayed in the Name column of the Clouds page. click Connect and then click Windows Azure Subscription. select the Personal Information Exchange (. . Microsoft Partner Network – Internal Use Only .In the Subscription ID field. . enter a name for this subscription.Click OK to create the connection. .In the Connect dialog box.To import the required management certificate.

Integration Azure App Controller Portal Service Manager Service Manager Portal CMDB SM Data Warehouse Integration Pack CI Connector Active Directory OM Data Warehouse Orchestrator Virtual Machine Manager VMM/OM Integration Hyper-V Microsoft Partner Network – Internal Use Only Operations Manager Reporting Data .

Windows Azure Pack Microsoft Partner Network – Internal Use Only .

Customers IT Admin Windows Azure .

Customers IT Admin .

In your datacenter Customers IT Admin .

In your datacenter Customers IT Admin Windows Azure Pack .

Tenant experience Homepage Customer ONE Microsoft Consistent Platform Service Provider .

Tenant experience Dashboard Customer ONE Microsoft Consistent Platform Service Provider .

Resources Microsoft Partner Network – Internal Use Only .

com/b/windowsazure Microsoft Partner Network – Internal Use Only .Study Reference Links Windows Azure Portal http://www.com/windowsazure/sla Introduction To Windows Azure Training http://www.microsoft.windowsazure.com/training-courses/introduction-to-windows-azure Windows Azure .com Start your Azure Trial http://www.MSDN Blogs http://blogs.microsoftvirtualacademy.msdn.com/en-us/pricing/free-trial Windows Azure SLA http://www.windowsazure.

com/Events/TechEd/NorthAmerica/2013/WAD-B309 Windows Azure DOCUMENTATION http://www.microsoft.com/en-us/download/details.Study Reference Links Windows Azure Training Kit http://www.msdn.msdn.com/en-us/documentation/services/virtual-machines/?fb=it-it Microsoft Partner Network – Internal Use Only .com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz Windows Azure Active Directory http://channel9.aspx?id=8396 Hybrid Networking Offerings in Windows Azure http://channel9.windowsazure.

ms/mpnsupport latampts@microsoft.ms/supportcommunities .Partner Services Contact Information http://aka.com http://aka.

it should not be interpreted to be a commitment on the part of Microsoft. IMPLIED OR STATUTORY.Thank you! latampts@microsoft. Because Microsoft must respond to changing market conditions. Microsoft. and/or other countries.S. MICROSOFT MAKES NO WARRANTIES. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.com © 2012 Microsoft Corporation. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. AS TO THE INFORMATION IN THIS PRESENTATION. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Windows. . EXPRESS.