You are on page 1of 83

Cloud OS: Build your

infrastructure on Windows Azure
IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com

Microsoft Partner Network – Internal Use Only

About Your Presenter
Wesley Fernandes Vieira
Partner Technical Consultant
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com



Consultor de infraestrutura desde 2005
Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter

About Your Presenter
Alfredo Fortenboher
Partner Technical Consultant
alforten@microsoft.com - latampts@microsoft.com



15 anos de experiência em TI e telecomunicações
Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter

Sessions tools

Feedback
Content download
Shared Notes

Microsoft Partner Network – Internal Use Only

Microsoft Partner Network – Internal Use Only . how can IT drive more efficiency and deliver new forms of value? Microsoft’s answer is the Cloud OS. more data than ever — all driven by the rise of cloud computing and the use of cloud services.Roadmap Microsoft Cloud OS Microsoft Cloud OS There are more apps. With these technologies playing an ever present role in businesses. more devices. and now.

Construção de soluções: Windows Server 2012 R2 Storage Cloud OS . Service Templates Microsoft Partner Network – Internal Use Only .Construa a sua infraestrutura híbrida com Windows Azure IaaS 17 Fev Cloud OS – Migração de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure On-Demand sessions Cloud OS .Virtual Machine Manager.Cloud OS Building Blocks Sessions Date Title Live sessions 27 Jan Cloud OS – Implementação e Configuração de Failover Cluster no Windows 2012 R2 03 Fev CloudOS .Atualização e preparação do Active Directory para o CloudOS 10 Fev Cloud OS .Construção de soluções: System Center 2012 R2 Cloud OS .

Agenda Agenda Windows Azure IaaS In this session we are going to present how to extend the corporate infrastructure in a Hybrid Cloud scenario by using Windows Azure IaaS capabilities. Windows Azure IaaS: Concepts Virtual Machines How to Create a Windows Azure VM Hybrid Deployment DiskCloud and Storage OS Monitoring VMs Resources Demos Microsoft Partner Network – Internal Use Only .

Windows Azure IaaS: Concepts Microsoft Partner Network – Internal Use Only .

Evolving Hosting Options  47 percent of new apps are onpremises  88 percent of sockets in corporate data center  98 percent of large organizations have some degree of virtualization  20 percent of organizations have private clouds  Majority of cloud growth is IaaS  Majority of new cloud apps are Product as a Service (PaaS)  Most efficient model for cloud development  About 16 percent of new apps qualify as Software as a Service (SaaS)  Business model. there are on-premises SaaS apps . not hosting model.

What is Windows Azure IaaS? Infrastructure Services are the lower level of building blocks Virtual Machines Cloud Services Virtual Networks Microsoft Partner Network – Internal Use Only .

Roles and Instances • Cloud Service is a management.Cloud Services. configuration. security. networking and service model boundary Microsoft Partner Network – Internal Use Only .

Virtual Machines • Virtual Machines are roles with exactly one instance Microsoft Partner Network – Internal Use Only .

scalable compute infrastructure when you need to quickly provision resources to meet your growing business needs.Virtual Machines • Virtual Machines: deliver on-demand. you get choice of Windows Server and Linux operating systems in multiple configurations on top of the trustworthy Windows Azure foundation.Provision compute infrastructure at the pace your business requires .Use the tools you know and be ready for tomorrow . . With Virtual Machines. alert and auto scale Microsoft Partner Network – Internal Use Only .Monitor.Enterprise grade support with enterprise ready products .

Virtual Machines and Cloud Services • Multiple Virtual Machines can be hosted within the same cloud service Microsoft Partner Network – Internal Use Only .

Fault Domains and Update Domains • Fault Domains • Represent groups of resources anticipated to fail together • i.e. Same rack. same server • Windows Azure Fabric spreads instances across fault at least 2 fault domains • Update Domains • Represents groups of resources that will be updated together • Host OS updates honour service update domains • Specified in service definition • Default of 5 (up to 20) • Fabric spreads role instances across Update Domains and Fault Domains Microsoft Partner Network – Internal Use Only .

• The storage account represents the highest level of the namespace for accessing the storage services. Table. and table data. Microsoft Partner Network – Internal Use Only . and Queue services located in a geographic region.Storage Accounts • Gives your applications access to Windows Azure Blob. queue. • You can create many storage accounts for your Windows Azure subscription. • A storage account can contain more than 99TB of blob.

Affinity Groups Closely locate your compute. network and storage resources in the same datacenter Get better performance Get lower latency Reduce egress costs Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . including systems running on Windows Server.Virtual Networks • Enables you to create a logically isolated section in Windows Azure and securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. on-demand infrastructure while providing connectivity to data and applications on-premises. mainframes and UNIX. • Virtual Network makes it easy for you to take advantage of Windows Azure’s scalable.

Backend VIRTUAL NETWORK AFFINITY GROUP Microsoft Partner Network – Internal Use Only .Bringing all the concepts together Availability Set .Frontend VM VM VM VM VM VM Update Domain Update Domain Update Domain Fault Domain Fault Domain Fault Domain Availability Set .

Network Endpoints foo. UDP Port ranges supported Communication boundary = Deployment boundary Internal Endpoint Microsoft Partner Network – Internal Use Only .net  VIP (Virtual IP) Input Endpoint VIP: Input Endpoint Load balanced endpoint. Stable VIP per cloud service. HTTPS. TCP Internal Endpoint Instance-to-instance communication Supported Protocols: TCP.cloudapp. Single port per endpoint Supported protocols: HTTP.

Port Forwarding Input Endpoints Microsoft Partner Network – Internal Use Only .

Virtual Machines Microsoft Partner Network – Internal Use Only .

Size of the Virtual Machines Microsoft Partner Network – Internal Use Only .

Platform Images Windows Server 2012 Datacenter Windows Server 2012 R2 Windows Server 2008 R2 SP1 OpenSUSE CentOS by Open Logic Canonical Ubuntu SUSE Linux Enterprise Microsoft Partner Network – Internal Use Only .

Microsoft and Partner Images Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Microsoft Partner Network – Internal Use Only .

How to Create a Windows Azure VM Deployment Microsoft Partner Network – Internal Use Only .

Different elements
SCENARIOS

- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Microsoft Partner Network – Internal Use Only

Affinity Group

To create an affinity group, open the Settings area
of the Management Portal, click Affinity Groups,
and then click ADD

Microsoft Partner Network – Internal Use Only

Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.

Affinity Group Name: name the new affinity group.
Microsoft Partner Network – Internal Use Only

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.

Microsoft Partner Network – Internal Use Only

Cloud Service Use Cloud Services to deploy an application as a cloud service in Windows Azure URL: enter a subdomain name to use in the public URL for accessing your cloud service in production deployments. After creating the Cloud Service. you can upload a Certificate Microsoft Partner Network – Internal Use Only . Region or Affinity Group: select the geographic region or affinity group to deploy the cloud service to.

(You can also deploy your cloud service by using Upload on the dashboard.Cloud Service Click Quick Start (the icon to the left of Dashboard) to open the Quick Start page.cspkg) to use.) Click either New Production Deployment or New Staging Deployment. Configuration: use Browse to select the service configure file (. Deployment name: enter a name for the new deployment. Microsoft Partner Network – Internal Use Only . Package: use Browse to select the service package file (. shown below.cscfg) to use.

Region/Affinity Group: select a region or affinity groupfor the storage. Geo-replication is enabled by default so that. you will append the object's location to the endpoint. After a geo-failover. To access an object in storage.Storage Account Click Create New. in the event of a major disaster in the primary location. and then click Quick Create URL: enter a subdomain name to use in the storage account URL. the secondary location becomes the primary location for the storage account. Microsoft Partner Network – Internal Use Only . storage fails over to a secondary location. click Storage. and stored data is replicated to a new secondary location. Select an affinity group instead of a region if you want your storage services to be in the same data center with other Windows Azure services thatyou are using. A secondary location in the same region is assigned and cannot be changed.

After an image is provisioned.Virtual Machine Click Create New. An image doesn’t have specific settings like a running virtual machine. such as the computer name and user account settings. click Virtual Machine and then From Gallery. Image: is a template that you use to create a new virtual machine. A disk is always created when you use an image to create a virtual machine. click Compute. it becomes a disk. Microsoft Partner Network – Internal Use Only . If you use an image to create a virtual machine. Disk: is a VHD that you can boot and mount as a running version of an operating system. Any VHD that is attached to virtualized hardware and that is running as part of a service is a disk. an operating system disk is automatically created for the new virtual machine.

New User Name: type a name for the administrative account that you want to use to manage the server. pick the version you want to use. retype the password. New Password: type a strong password for the administrative account on the virtual machine. In Confirm Password. The size you should select depends on the number of cores required to run your application. Size: select the size of the virtual machine.Virtual Machine Select one image from Platform Images. Virtual Machine Name: type the name that you want to use for the virtual machine. Version Release Date: If multiple versions of the image are available. Microsoft Partner Network – Internal Use Only .

Virtual Network Subnets: this option is available if you configure your Virtual Network before.Virtual Machine Cloud Service: you can place virtual machines together under a cloud service to provide robust applications. Storage Account: you can select a storage account where the VHD file is stored. Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase letters and numbers. If you selected an existing Cloud Service. Region/Affinity Group/Virtual Network: select where you want to locate the virtual machine. skip this. This name becomes part of the URI that is used to contact the virtual machine through the cloud service. Availability Set: create an availability set if needed. Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . or create them later.) You can add more endpoints now. (Endpoints allow resources on the Internet or other virtual networks to communicate with a virtual machine.Virtual Machine Endpoints: new endpoints are created to allow connections for Remote Desktop and Windows PowerShell remoting.

select the virtual machine. On the command bar. Microsoft Partner Network – Internal Use Only . click Connect.Logon in the Virtual Machine In Virtual Machines.

Click Add.In Name. Then.In protocol. type port numbers that you want to use. type a name for the endpoint. The public port is the entry point for communication from outside of Windows Azure and is used by the Windows Azure load balancer. . on the Configure the load-balanced set page. . specify a name. Microsoft Partner Network – Internal Use Only . You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application. Choose whether to add the endpoint to a load-balanced set and then click the arrow to continue. and probe details. specify either TCP or UDP.Click Create a load-balancing set if this endpoint will be the first one in a load-balanced set. . .In Public Port and Private Port.Configure Network Endpoints Select the virtual machine that you want to configure and click Endpoints. protocol. These port numbers can be different.

Hybrid Deployments Microsoft Partner Network – Internal Use Only .

Extends your Datacenter Point-to-Site connectivity: connect your Azure Virtual Network directly with your computers through VPN. Site-to-Site connectivity: extend your company’s network and connect it to Azure Virtual Machine Microsoft Partner Network – Internal Use Only .

0.0/12.0/8.Point-to-Site VPN ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection.0. Click to configure and adjust the address space accordingly. 172.0.168.0. specified in CIDR notation 10.0/16 · Cannot overlap other virtual network or local network sites · Required if you have selected to configure pointto-site connectivity Microsoft Partner Network – Internal Use Only . Address space rules: · Address space must be private · Address space must be a private address range.16. or 192. Click add address space to add additional address space.

· Adding a subnet is optional. Click to configure and adjust the address space accordingly. · The smallest supported subnet is /29. Click add address space to add additional address space. Microsoft Partner Network – Internal Use Only . Subnet rules: · Subnet IPs must be within the virtual network address space. You can add one gateway subnet for your virtual network. Add subnet: The names and IPs for subnets to be created in your virtual network. · You can add multiple subnets to a virtual network. Add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. Click add subnet to add additional subnets. · Subnet IP addresses cannot overlap within the virtual network.Point-to-Site VPN Virtual Network Address Spaces: you will create the private address space for your new virtual network: ADDRESS SPACE: The address space for your virtual network.

located at the bottom of the Dashboard page. Microsoft Partner Network – Internal Use Only . When your virtual network has been created. Click Create Gateway. your virtual network will begin to create. you will see Created listed under Status on the networks page in the Management Portal. A message will appear asking Do you want to create a gateway for virtual network ‘yournetwork’. Click Yes to begin creating the gateway.Point-to-Site VPN After clicking the checkmark.

Microsoft Partner Network – Internal Use Only .cer VPN root certificate.cer format and that you are uploading the root certificate and not a chained client certificate. Upload the root certificate to Management Portal. In the Management Portal. and then click the checkmark. click Upload a root certificate. Verify that the certificate is in . On the Upload Certificate page. You must generate a self-signed root certificate along with client certificates chained to the self-signed root certificate. on the Certificates page for your virtual network.Point-to-Site VPN Certificates are used to authenticate VPN clients for point-to-site VPNs. You can upload up to 20 certificates in order to support multiple certificate chains. You can then install the client certificates on every client computer that requires connectivity. browse for the .

On the client computer. Once the client certificate has been installed. Do not modify the installation location. double-click the . you can start the VPN client configuration. Enter the password when requested. Microsoft Partner Network – Internal Use Only .pfx file in order to install it.Point-to-Site VPN Install the client certificate A client certificate must be installed on every computer that you want to connect to the virtual network.

Point-to-Site VPN Now you can download the VPN client to connect your computers to the Virtual Network Microsoft Partner Network – Internal Use Only .

Point-to-Site VPN Start VPN connection from computer Microsoft Partner Network – Internal Use Only .

Site-to-Site VPN On DNS Servers and VPN Connectivity. select “Configure site-to-site VPN”. Typically this would be a DNS server that you use for on-premises name resolution. This setting does not create a DNS server. DNS SERVERS: Enter the DNS server name and IP address that you want to use for name resolution. Microsoft Partner Network – Internal Use Only .

Site-to-Site VPN On Site-To-Site Connectivity page. Note that the VPN device cannot be located behind a NAT. ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a siteto-site connection. Click to configure and adjust the address space accordingly. Address space rules: · Cannot overlap other virtual network or local network sites · Required if you have selected to configure site-to-site connectivity Microsoft Partner Network – Internal Use Only . specify the VPN Device IP address that you use for this virtual network and configure the address space used for your site-to-site connection. NAME: The name that you want to use to refer to your local network site. Click add address space to add additional address space. VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device.

Address space rules: · Address space must be a private address range (10.168. · Subnet IP addresses cannot overlap within the virtual network.Site-to-Site VPN ADDRESS SPACE: The address space for your virtual network. Subnet rules: · Subnet IPs must be within the virtual network address space.16. Required.0. Microsoft Partner Network – Internal Use Only .0/8.0/12 or 192. · Adding a subnet is optional. 172.0. add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. · You can add multiple subnets to a virtual network.0. · The smallest supported subnet is /29. You can add one gateway subnet for your virtual network.0.0/16) · Cannot overlap other virtual network or local network sites add subnet: The names and IPs for subnets to be created in your virtual network.

Click Create Gateway. you will see Created listed under Status on the networks page in the Management Portal. Select “Dynamic Routing” if you want to use this virtual network for point-to-site connections in addition to site-to-site. Note that the Gateway creation it may take up to 15 minutes. When your virtual network has been created. located at the bottom of the Dashboard page. Microsoft Partner Network – Internal Use Only . There are two options: Static Routing or Dynamic Routing. your virtual network will begin to create.Site-to-Site VPN After clicking the checkmark.

platform. and operating system for your company’s VPN device. Click Manage Key at the bottom of the screen. VPN device configuration script template: on DASHBOARD left pane. Select the vendor. you’ll need to gather the following information that will be used to configure the VPN device: Gateway IP address: is located on the virtual network DASHBOARD page Shared key: is located on the virtual network DASHBOARD page. and then copy the key displayed in the dialog box. Microsoft Partner Network – Internal Use Only .Site-to-Site VPN After the gateway has been created.

To configure the VPN device: Modify the VPN configuration script.Site-to-Site VPN Configure the VPN device: the device that you have selected to use is compatible with virtual network. You will configure the following: · Security policies · Incoming tunnel · Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. Test your connection Microsoft Partner Network – Internal Use Only . Check MSDN article for device compatibility.

Disks and Storage Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

Data Disks Microsoft Partner Network – Internal Use Only .. Add/Remove without Reboot. • C:\ = OS Disk • D:\ = Non-Persistent Cache Disk • E:\. G:\ .Persistent Disk Management Capability OS Disk Data Disk Host Cache Default ReadWrite None Max Capacity 127 GB 1 TB Imaging Capable Yes No Hot Update Cache Setting Requires Reboot Change Cache Without Reboot. F:\..

File Name. Microsoft Partner Network – Internal Use Only . and Host Cache Preference are already defined for you. All disks are created from a VHD file in Windows Azure storage. You can provide a name for the VHD file that is added to storage. The Virtual Machine Name. Enter the size that you want for the disk. but Windows Azure generates the name of the disk automatically. Storage Location.Attach an Empty Disk to a VM Select Virtual Machine and click Attach and select Attach Empty Disk.

Select the data disk that you want to attach to the virtual machine You can upload and attach a data disk that already contains data to the virtual machine. You are limited in the number of disks that you can attach to a virtual machine based on the size of the machine. Microsoft Partner Network – Internal Use Only .Add an existing VHD disk to a VM Select Virtual Machine and click Attach and select Attach Disk. The virtual machine is not stopped to add the disk.

Monitoring VMs Microsoft Partner Network – Internal Use Only .

Configure monitoring for cloud services Select the “Cloud Service” and MONITOR tab.Add Metrics and select your metric for the source VM Microsoft Partner Network – Internal Use Only . .

Configure Rules (alerts) Select the “Cloud Service”. MONITOR tab and click in a Metric. Add Rule and define the alert options and conditions Microsoft Partner Network – Internal Use Only .

Mobile service alert rules on monitoring metrics from mobile endpoint status.Monitoring metrics from the cloud service host operating system .Monitoring metrics available Cloud Services .Monitoring metrics from the virtual machine host operating system .Web site alert rules on monitoring metrics from web site endpoint status. Microsoft Partner Network – Internal Use Only .Performance counters collected from the cloud service guest virtual machine .Web endpoint status metrics Virtual Machines .Web endpoint status metrics Web Sites . Mobile Services .

Create a Virtual Machine Environment Microsoft Partner Network – Internal Use Only .

System Center Integration Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only .System Center integration Connect App Controller to a Windows Azure subscription . .In the Connect dialog box. select the Personal Information Exchange (. . This name is displayed in the Name column of the Clouds page.In the Subscription ID field. .On the Clouds page. The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal.Click OK to create the connection. enter the subscription ID for this connection. click Connect and then click Windows Azure Subscription.pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate.Add an optional description in the Description text box. . enter a name for this subscription. .To import the required management certificate.

Integration Azure App Controller Portal Service Manager Service Manager Portal CMDB SM Data Warehouse Integration Pack CI Connector Active Directory OM Data Warehouse Orchestrator Virtual Machine Manager VMM/OM Integration Hyper-V Microsoft Partner Network – Internal Use Only Operations Manager Reporting Data .

Windows Azure Pack Microsoft Partner Network – Internal Use Only .

Customers IT Admin Windows Azure .

Customers IT Admin .

In your datacenter Customers IT Admin .

In your datacenter Customers IT Admin Windows Azure Pack .

Tenant experience Homepage Customer ONE Microsoft Consistent Platform Service Provider .

Tenant experience Dashboard Customer ONE Microsoft Consistent Platform Service Provider .

Resources Microsoft Partner Network – Internal Use Only .

microsoftvirtualacademy.windowsazure.microsoft.msdn.windowsazure.com/windowsazure/sla Introduction To Windows Azure Training http://www.com/training-courses/introduction-to-windows-azure Windows Azure .com/en-us/pricing/free-trial Windows Azure SLA http://www.com/b/windowsazure Microsoft Partner Network – Internal Use Only .com Start your Azure Trial http://www.Study Reference Links Windows Azure Portal http://www.MSDN Blogs http://blogs.

com/en-us/documentation/services/virtual-machines/?fb=it-it Microsoft Partner Network – Internal Use Only .msdn.com/Events/TechEd/NorthAmerica/2013/WAD-B309 Windows Azure DOCUMENTATION http://www.aspx?id=8396 Hybrid Networking Offerings in Windows Azure http://channel9.microsoft.com/en-us/download/details.Study Reference Links Windows Azure Training Kit http://www.windowsazure.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz Windows Azure Active Directory http://channel9.

ms/supportcommunities .ms/mpnsupport latampts@microsoft.Partner Services Contact Information http://aka.com http://aka.

Because Microsoft must respond to changing market conditions. Microsoft.com © 2012 Microsoft Corporation. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. MICROSOFT MAKES NO WARRANTIES. AS TO THE INFORMATION IN THIS PRESENTATION. it should not be interpreted to be a commitment on the part of Microsoft. Windows.Thank you! latampts@microsoft. EXPRESS. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. . and/or other countries.S. IMPLIED OR STATUTORY. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations.