Cloud OS: Build your

infrastructure on Windows Azure
IaaS
Wesley Fernandes
Partner Technical Consultant
wesleyf@microsoft.com

Microsoft Partner Network – Internal Use Only

About Your Presenter
Wesley Fernandes Vieira
Partner Technical Consultant
wesleyf@Microsoft.com - LATAMPTS@Microsoft.com



Consultor de infraestrutura desde 2005
Desde 2008 como consultor na Microsoft (MCS)
Desde 2012 como Partner Technical Consultant
Especialista em Datacenter

About Your Presenter
Alfredo Fortenboher
Partner Technical Consultant
alforten@microsoft.com - latampts@microsoft.com



15 anos de experiência em TI e telecomunicações
Desde 2006 na Microsoft
Desde 2013 como Partner Technical Consultant
Especialista em Datacenter

Sessions tools

Feedback
Content download
Shared Notes

Microsoft Partner Network – Internal Use Only

With these technologies playing an ever present role in businesses.Roadmap Microsoft Cloud OS Microsoft Cloud OS There are more apps. and now. how can IT drive more efficiency and deliver new forms of value? Microsoft’s answer is the Cloud OS. more data than ever — all driven by the rise of cloud computing and the use of cloud services. more devices. Microsoft Partner Network – Internal Use Only .

Construa a sua infraestrutura híbrida com Windows Azure IaaS 17 Fev Cloud OS – Migração de infraestrutura de plataformas de terceiros para Hyper-V e Windows Azure On-Demand sessions Cloud OS .Atualização e preparação do Active Directory para o CloudOS 10 Fev Cloud OS .Cloud OS Building Blocks Sessions Date Title Live sessions 27 Jan Cloud OS – Implementação e Configuração de Failover Cluster no Windows 2012 R2 03 Fev CloudOS .Construção de soluções: Windows Server 2012 R2 Storage Cloud OS . Service Templates Microsoft Partner Network – Internal Use Only .Virtual Machine Manager.Construção de soluções: System Center 2012 R2 Cloud OS .

Windows Azure IaaS: Concepts Virtual Machines How to Create a Windows Azure VM Hybrid Deployment DiskCloud and Storage OS Monitoring VMs Resources Demos Microsoft Partner Network – Internal Use Only .Agenda Agenda Windows Azure IaaS In this session we are going to present how to extend the corporate infrastructure in a Hybrid Cloud scenario by using Windows Azure IaaS capabilities.

Windows Azure IaaS: Concepts Microsoft Partner Network – Internal Use Only .

not hosting model. there are on-premises SaaS apps .Evolving Hosting Options  47 percent of new apps are onpremises  88 percent of sockets in corporate data center  98 percent of large organizations have some degree of virtualization  20 percent of organizations have private clouds  Majority of cloud growth is IaaS  Majority of new cloud apps are Product as a Service (PaaS)  Most efficient model for cloud development  About 16 percent of new apps qualify as Software as a Service (SaaS)  Business model.

What is Windows Azure IaaS? Infrastructure Services are the lower level of building blocks Virtual Machines Cloud Services Virtual Networks Microsoft Partner Network – Internal Use Only .

configuration. networking and service model boundary Microsoft Partner Network – Internal Use Only .Cloud Services. Roles and Instances • Cloud Service is a management. security.

Virtual Machines • Virtual Machines are roles with exactly one instance Microsoft Partner Network – Internal Use Only .

With Virtual Machines.Virtual Machines • Virtual Machines: deliver on-demand.Enterprise grade support with enterprise ready products . you get choice of Windows Server and Linux operating systems in multiple configurations on top of the trustworthy Windows Azure foundation. scalable compute infrastructure when you need to quickly provision resources to meet your growing business needs.Use the tools you know and be ready for tomorrow .Monitor. .Provision compute infrastructure at the pace your business requires . alert and auto scale Microsoft Partner Network – Internal Use Only .

Virtual Machines and Cloud Services • Multiple Virtual Machines can be hosted within the same cloud service Microsoft Partner Network – Internal Use Only .

Fault Domains and Update Domains • Fault Domains • Represent groups of resources anticipated to fail together • i.e. Same rack. same server • Windows Azure Fabric spreads instances across fault at least 2 fault domains • Update Domains • Represents groups of resources that will be updated together • Host OS updates honour service update domains • Specified in service definition • Default of 5 (up to 20) • Fabric spreads role instances across Update Domains and Fault Domains Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . • The storage account represents the highest level of the namespace for accessing the storage services. and table data. and Queue services located in a geographic region.Storage Accounts • Gives your applications access to Windows Azure Blob. Table. queue. • A storage account can contain more than 99TB of blob. • You can create many storage accounts for your Windows Azure subscription.

network and storage resources in the same datacenter Get better performance Get lower latency Reduce egress costs Microsoft Partner Network – Internal Use Only .Affinity Groups Closely locate your compute.

including systems running on Windows Server. • Virtual Network makes it easy for you to take advantage of Windows Azure’s scalable. mainframes and UNIX. on-demand infrastructure while providing connectivity to data and applications on-premises.Virtual Networks • Enables you to create a logically isolated section in Windows Azure and securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. Microsoft Partner Network – Internal Use Only .

Frontend VM VM VM VM VM VM Update Domain Update Domain Update Domain Fault Domain Fault Domain Fault Domain Availability Set .Backend VIRTUAL NETWORK AFFINITY GROUP Microsoft Partner Network – Internal Use Only .Bringing all the concepts together Availability Set .

Stable VIP per cloud service. UDP Port ranges supported Communication boundary = Deployment boundary Internal Endpoint Microsoft Partner Network – Internal Use Only .Network Endpoints foo. HTTPS.net  VIP (Virtual IP) Input Endpoint VIP: Input Endpoint Load balanced endpoint. TCP Internal Endpoint Instance-to-instance communication Supported Protocols: TCP. Single port per endpoint Supported protocols: HTTP.cloudapp.

Port Forwarding Input Endpoints Microsoft Partner Network – Internal Use Only .

Virtual Machines Microsoft Partner Network – Internal Use Only .

Size of the Virtual Machines Microsoft Partner Network – Internal Use Only .

Platform Images Windows Server 2012 Datacenter Windows Server 2012 R2 Windows Server 2008 R2 SP1 OpenSUSE CentOS by Open Logic Canonical Ubuntu SUSE Linux Enterprise Microsoft Partner Network – Internal Use Only .

Microsoft and Partner Images Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Microsoft Partner Network – Internal Use Only .

How to Create a Windows Azure VM Deployment Microsoft Partner Network – Internal Use Only .

Different elements
SCENARIOS

- Azure deployment
- Create an AFFINITY GROUP
- Create a CLOUD SERVICE
- Create a VIRTUAL NETWORK
- Create a STORAGE ACCOUNT
- Create VIRTUAL MACHINES
Microsoft Partner Network – Internal Use Only

Affinity Group

To create an affinity group, open the Settings area
of the Management Portal, click Affinity Groups,
and then click ADD

Microsoft Partner Network – Internal Use Only

Virtual Network
To create a Virtual Network, click in the lower lefthand corner of the screen, click New. In the
navigation pane, click Networks, and then click
Virtual Network. Click Custom Create to begin the
configuration
Name: name your virtual network.
Affinity Group: from the drop-down list, select Create a new affinity
group or select one created before.
Affinity groups are a way to physically group Windows Azure services
together at the same data center to increase performance. Only one
virtual network can be assigned an affinity group.
Region: from the drop-down list, select the desired region. Your virtual
network will be created at a datacenter located in the specified region.

Affinity Group Name: name the new affinity group.
Microsoft Partner Network – Internal Use Only

Virtual Network
DNS Servers: (optional) enter the DNS server name
and IP address that you want to use. This setting does
not create a DNS server, it refers to an already
existing DNS server.
Virtual Network Address Spaces: enter the
following info and then click the checkmark on the
lower right to configure your network. Address space
must be a private address range, 10.0.0.0/8,
172.16.0.0/12, or 192.168.0.0/16:
Address Space: click CIDR in the upper right corner
to modify.
Add subnet: add subnets as needed.

Microsoft Partner Network – Internal Use Only

Cloud Service Use Cloud Services to deploy an application as a cloud service in Windows Azure URL: enter a subdomain name to use in the public URL for accessing your cloud service in production deployments. you can upload a Certificate Microsoft Partner Network – Internal Use Only . Region or Affinity Group: select the geographic region or affinity group to deploy the cloud service to. After creating the Cloud Service.

shown below.Cloud Service Click Quick Start (the icon to the left of Dashboard) to open the Quick Start page. Microsoft Partner Network – Internal Use Only .cscfg) to use. (You can also deploy your cloud service by using Upload on the dashboard.cspkg) to use. Package: use Browse to select the service package file (. Configuration: use Browse to select the service configure file (.) Click either New Production Deployment or New Staging Deployment. Deployment name: enter a name for the new deployment.

and stored data is replicated to a new secondary location. Microsoft Partner Network – Internal Use Only .Storage Account Click Create New. Select an affinity group instead of a region if you want your storage services to be in the same data center with other Windows Azure services thatyou are using. and then click Quick Create URL: enter a subdomain name to use in the storage account URL. Geo-replication is enabled by default so that. in the event of a major disaster in the primary location. After a geo-failover. Region/Affinity Group: select a region or affinity groupfor the storage. A secondary location in the same region is assigned and cannot be changed. storage fails over to a secondary location. you will append the object's location to the endpoint. the secondary location becomes the primary location for the storage account. click Storage. To access an object in storage.

it becomes a disk. click Virtual Machine and then From Gallery. Microsoft Partner Network – Internal Use Only . A disk is always created when you use an image to create a virtual machine. An image doesn’t have specific settings like a running virtual machine. Any VHD that is attached to virtualized hardware and that is running as part of a service is a disk. click Compute. Disk: is a VHD that you can boot and mount as a running version of an operating system.Virtual Machine Click Create New. an operating system disk is automatically created for the new virtual machine. If you use an image to create a virtual machine. such as the computer name and user account settings. After an image is provisioned. Image: is a template that you use to create a new virtual machine.

Version Release Date: If multiple versions of the image are available. New Password: type a strong password for the administrative account on the virtual machine. retype the password. Microsoft Partner Network – Internal Use Only . The size you should select depends on the number of cores required to run your application. Virtual Machine Name: type the name that you want to use for the virtual machine. In Confirm Password. pick the version you want to use. New User Name: type a name for the administrative account that you want to use to manage the server. Size: select the size of the virtual machine.Virtual Machine Select one image from Platform Images.

Region/Affinity Group/Virtual Network: select where you want to locate the virtual machine. Microsoft Partner Network – Internal Use Only . If you selected an existing Cloud Service. skip this. Virtual Network Subnets: this option is available if you configure your Virtual Network before. Availability Set: create an availability set if needed. Cloud Service DNS Name: type a name that uses between 3 and 24 lowercase letters and numbers.Virtual Machine Cloud Service: you can place virtual machines together under a cloud service to provide robust applications. This name becomes part of the URI that is used to contact the virtual machine through the cloud service. Storage Account: you can select a storage account where the VHD file is stored.

Virtual Machine Endpoints: new endpoints are created to allow connections for Remote Desktop and Windows PowerShell remoting. Microsoft Partner Network – Internal Use Only . or create them later.) You can add more endpoints now. (Endpoints allow resources on the Internet or other virtual networks to communicate with a virtual machine.

Microsoft Partner Network – Internal Use Only . On the command bar.Logon in the Virtual Machine In Virtual Machines. click Connect. select the virtual machine.

Configure Network Endpoints Select the virtual machine that you want to configure and click Endpoints. These port numbers can be different. The public port is the entry point for communication from outside of Windows Azure and is used by the Windows Azure load balancer. . on the Configure the load-balanced set page. . You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application. type port numbers that you want to use. type a name for the endpoint.In Public Port and Private Port. Choose whether to add the endpoint to a load-balanced set and then click the arrow to continue. .Click Create a load-balancing set if this endpoint will be the first one in a load-balanced set. Then.In protocol. and probe details. protocol. Microsoft Partner Network – Internal Use Only . . Click Add. specify a name. specify either TCP or UDP.In Name.

Hybrid Deployments Microsoft Partner Network – Internal Use Only .

Site-to-Site connectivity: extend your company’s network and connect it to Azure Virtual Machine Microsoft Partner Network – Internal Use Only .Extends your Datacenter Point-to-Site connectivity: connect your Azure Virtual Network directly with your computers through VPN.

0/16 · Cannot overlap other virtual network or local network sites · Required if you have selected to configure pointto-site connectivity Microsoft Partner Network – Internal Use Only .0.0. Click add address space to add additional address space. Click to configure and adjust the address space accordingly.0/8. Address space rules: · Address space must be private · Address space must be a private address range.Point-to-Site VPN ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a point-to-site connection.0.0/12.16.0. or 192. specified in CIDR notation 10.168. 172.

Click add subnet to add additional subnets. Subnet rules: · Subnet IPs must be within the virtual network address space. · Adding a subnet is optional. You can add one gateway subnet for your virtual network. · Subnet IP addresses cannot overlap within the virtual network. Click add address space to add additional address space. Click to configure and adjust the address space accordingly. Add subnet: The names and IPs for subnets to be created in your virtual network.Point-to-Site VPN Virtual Network Address Spaces: you will create the private address space for your new virtual network: ADDRESS SPACE: The address space for your virtual network. Microsoft Partner Network – Internal Use Only . · You can add multiple subnets to a virtual network. Add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. · The smallest supported subnet is /29.

Microsoft Partner Network – Internal Use Only . When your virtual network has been created. Click Yes to begin creating the gateway. located at the bottom of the Dashboard page.Point-to-Site VPN After clicking the checkmark. Click Create Gateway. your virtual network will begin to create. A message will appear asking Do you want to create a gateway for virtual network ‘yournetwork’. you will see Created listed under Status on the networks page in the Management Portal.

Point-to-Site VPN Certificates are used to authenticate VPN clients for point-to-site VPNs. In the Management Portal. You can upload up to 20 certificates in order to support multiple certificate chains. Verify that the certificate is in . on the Certificates page for your virtual network. and then click the checkmark. browse for the . On the Upload Certificate page. You must generate a self-signed root certificate along with client certificates chained to the self-signed root certificate. Upload the root certificate to Management Portal. click Upload a root certificate. You can then install the client certificates on every client computer that requires connectivity. Microsoft Partner Network – Internal Use Only .cer VPN root certificate.cer format and that you are uploading the root certificate and not a chained client certificate.

Point-to-Site VPN Install the client certificate A client certificate must be installed on every computer that you want to connect to the virtual network. Microsoft Partner Network – Internal Use Only . Once the client certificate has been installed. Enter the password when requested. Do not modify the installation location.pfx file in order to install it. On the client computer. you can start the VPN client configuration. double-click the .

Point-to-Site VPN Now you can download the VPN client to connect your computers to the Virtual Network Microsoft Partner Network – Internal Use Only .

Point-to-Site VPN Start VPN connection from computer Microsoft Partner Network – Internal Use Only .

Typically this would be a DNS server that you use for on-premises name resolution. This setting does not create a DNS server. Microsoft Partner Network – Internal Use Only .Site-to-Site VPN On DNS Servers and VPN Connectivity. select “Configure site-to-site VPN”. DNS SERVERS: Enter the DNS server name and IP address that you want to use for name resolution.

Address space rules: · Cannot overlap other virtual network or local network sites · Required if you have selected to configure site-to-site connectivity Microsoft Partner Network – Internal Use Only .Site-to-Site VPN On Site-To-Site Connectivity page. ADDRESS SPACE: The address space that you want to assign to cross-premises clients connecting through a siteto-site connection. NAME: The name that you want to use to refer to your local network site. Click to configure and adjust the address space accordingly. specify the VPN Device IP address that you use for this virtual network and configure the address space used for your site-to-site connection. Click add address space to add additional address space. VPN DEVICE IP ADDRESS: This is the public-facing IPv4 address for your VPN device. Note that the VPN device cannot be located behind a NAT.

172. Subnet rules: · Subnet IPs must be within the virtual network address space. Microsoft Partner Network – Internal Use Only . · You can add multiple subnets to a virtual network. · Subnet IP addresses cannot overlap within the virtual network. · The smallest supported subnet is /29.Site-to-Site VPN ADDRESS SPACE: The address space for your virtual network.168.0/8. add gateway subnet: Specify the IP addresses to be used for your virtual network gateway subnet. Required. Address space rules: · Address space must be a private address range (10.0. · Adding a subnet is optional.0.0.0/16) · Cannot overlap other virtual network or local network sites add subnet: The names and IPs for subnets to be created in your virtual network.0/12 or 192.16. You can add one gateway subnet for your virtual network.0.

Microsoft Partner Network – Internal Use Only . When your virtual network has been created. There are two options: Static Routing or Dynamic Routing. you will see Created listed under Status on the networks page in the Management Portal. Click Create Gateway. Select “Dynamic Routing” if you want to use this virtual network for point-to-site connections in addition to site-to-site. Note that the Gateway creation it may take up to 15 minutes. located at the bottom of the Dashboard page. your virtual network will begin to create.Site-to-Site VPN After clicking the checkmark.

Select the vendor. VPN device configuration script template: on DASHBOARD left pane. Click Manage Key at the bottom of the screen.Site-to-Site VPN After the gateway has been created. and operating system for your company’s VPN device. you’ll need to gather the following information that will be used to configure the VPN device: Gateway IP address: is located on the virtual network DASHBOARD page Shared key: is located on the virtual network DASHBOARD page. and then copy the key displayed in the dialog box. Microsoft Partner Network – Internal Use Only . platform.

To configure the VPN device: Modify the VPN configuration script. You will configure the following: · Security policies · Incoming tunnel · Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. Test your connection Microsoft Partner Network – Internal Use Only . Check MSDN article for device compatibility.Site-to-Site VPN Configure the VPN device: the device that you have selected to use is compatible with virtual network.

Disks and Storage Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

VM disk layout Microsoft Partner Network – Internal Use Only .

Data Disks Microsoft Partner Network – Internal Use Only . G:\ ... F:\. Add/Remove without Reboot. • C:\ = OS Disk • D:\ = Non-Persistent Cache Disk • E:\.Persistent Disk Management Capability OS Disk Data Disk Host Cache Default ReadWrite None Max Capacity 127 GB 1 TB Imaging Capable Yes No Hot Update Cache Setting Requires Reboot Change Cache Without Reboot.

and Host Cache Preference are already defined for you. Storage Location. File Name. All disks are created from a VHD file in Windows Azure storage.Attach an Empty Disk to a VM Select Virtual Machine and click Attach and select Attach Empty Disk. Enter the size that you want for the disk. You can provide a name for the VHD file that is added to storage. but Windows Azure generates the name of the disk automatically. The Virtual Machine Name. Microsoft Partner Network – Internal Use Only .

Microsoft Partner Network – Internal Use Only . Select the data disk that you want to attach to the virtual machine You can upload and attach a data disk that already contains data to the virtual machine.Add an existing VHD disk to a VM Select Virtual Machine and click Attach and select Attach Disk. The virtual machine is not stopped to add the disk. You are limited in the number of disks that you can attach to a virtual machine based on the size of the machine.

Monitoring VMs Microsoft Partner Network – Internal Use Only .

Configure monitoring for cloud services Select the “Cloud Service” and MONITOR tab.Add Metrics and select your metric for the source VM Microsoft Partner Network – Internal Use Only . .

MONITOR tab and click in a Metric. Add Rule and define the alert options and conditions Microsoft Partner Network – Internal Use Only .Configure Rules (alerts) Select the “Cloud Service”.

Monitoring metrics available Cloud Services .Monitoring metrics from the cloud service host operating system .Mobile service alert rules on monitoring metrics from mobile endpoint status.Web endpoint status metrics Virtual Machines .Web site alert rules on monitoring metrics from web site endpoint status.Web endpoint status metrics Web Sites . Mobile Services .Monitoring metrics from the virtual machine host operating system .Performance counters collected from the cloud service guest virtual machine . Microsoft Partner Network – Internal Use Only .

Create a Virtual Machine Environment Microsoft Partner Network – Internal Use Only .

System Center Integration Microsoft Partner Network – Internal Use Only .

System Center integration Connect App Controller to a Windows Azure subscription . The Windows Azure subscription ID is a GUID and can be found in the Windows Azure Management Portal.In the Subscription ID field. This name is displayed in the Name column of the Clouds page.On the Clouds page. .pfx) file for the public key you uploaded to Windows Azure and enter the password for the certificate.Add an optional description in the Description text box. . . . . enter the subscription ID for this connection.To import the required management certificate. select the Personal Information Exchange (. Microsoft Partner Network – Internal Use Only . click Connect and then click Windows Azure Subscription.In the Connect dialog box. enter a name for this subscription.Click OK to create the connection.

Integration Azure App Controller Portal Service Manager Service Manager Portal CMDB SM Data Warehouse Integration Pack CI Connector Active Directory OM Data Warehouse Orchestrator Virtual Machine Manager VMM/OM Integration Hyper-V Microsoft Partner Network – Internal Use Only Operations Manager Reporting Data .

Windows Azure Pack Microsoft Partner Network – Internal Use Only .

Customers IT Admin Windows Azure .

Customers IT Admin .

In your datacenter Customers IT Admin .

In your datacenter Customers IT Admin Windows Azure Pack .

Tenant experience Homepage Customer ONE Microsoft Consistent Platform Service Provider .

Tenant experience Dashboard Customer ONE Microsoft Consistent Platform Service Provider .

Resources Microsoft Partner Network – Internal Use Only .

msdn.windowsazure.Study Reference Links Windows Azure Portal http://www.microsoftvirtualacademy.microsoft.com/en-us/pricing/free-trial Windows Azure SLA http://www.com Start your Azure Trial http://www.com/b/windowsazure Microsoft Partner Network – Internal Use Only .MSDN Blogs http://blogs.windowsazure.com/windowsazure/sla Introduction To Windows Azure Training http://www.com/training-courses/introduction-to-windows-azure Windows Azure .

msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B360#fbid=kPnKhtBFYsz Windows Azure Active Directory http://channel9.msdn.com/en-us/download/details.microsoft.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=it-it Microsoft Partner Network – Internal Use Only .com/Events/TechEd/NorthAmerica/2013/WAD-B309 Windows Azure DOCUMENTATION http://www.Study Reference Links Windows Azure Training Kit http://www.aspx?id=8396 Hybrid Networking Offerings in Windows Azure http://channel9.

ms/mpnsupport latampts@microsoft.Partner Services Contact Information http://aka.ms/supportcommunities .com http://aka.

S. All rights reserved. Microsoft.com © 2012 Microsoft Corporation. EXPRESS.Thank you! latampts@microsoft. . and/or other countries. MICROSOFT MAKES NO WARRANTIES. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. Windows. Because Microsoft must respond to changing market conditions. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. IMPLIED OR STATUTORY. it should not be interpreted to be a commitment on the part of Microsoft. AS TO THE INFORMATION IN THIS PRESENTATION.