To continue Windows Azure Pack series here is my next topic: Installing and Configuring Windows Azure Pack
If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep
Part 4 – Deploying Service Provider Framework on Nutanix
Again to reiterate from my previous blog posts and set some context, Windows Azure Pack (WAP) includes the following capabilities: Continue reading
SPF is provided with System Center 2012 – Orchestrator, a component of System Center 2012 R2. SPF exposes an extensible OData web service that interacts with System Center Virtual Machine Manager (SCVMM). This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS (Infrastructure as a Service) capabilities available on System Center 2012 R2. The following picture shows how System Center w/SPF interacts with WAP to provide VM Cloud Services (see TechNet article for more info):
As with every installation, SPF requires additional software, features and server roles. Setup wizard checks prerequisites and reports about their status. Unfortunately, there is no “button” to install all of requirements automatically. I’ve wrote a script to automate this process (see below). Please note: Don’t try to install SPF on the SCVMM Server. It’s not supported.
Requirements:
This script will install all requirements except SCVMM console (please note that SCVMM console has to be installed manually):
#IIS + Process activation model
Install-WindowsFeature Web-Asp-Net45,Web-Scripting-Tools,Web-Basic-Auth,Web-Windows-Auth,NET-WCF-Services45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Scripting-Tools,WAS-Process-Model,WAS-Config-APIs,ManagementOdata
#Download and install WcfDataServices and AspNetMVC4
New-Item C:SPFRequirements -ItemType Directory
Invoke-WebRequest http://download.microsoft.com/download/8/F/9/8F93DBBD-896B-4760-AC81-646F61363A6D/WcfDataServices.exe -OutFile C:SPFRequirementswcfdatasvc.exe
Invoke-WebRequest http://download.microsoft.com/download/2/F/6/2F63CCD8-9288-4CC8-B58C-81D109F8F5A3/AspNetMVC4Setup.exe -OutFile C:SPFRequirementsaspnetmvc.exe
Set-Location C:SPFRequirements
.aspnetmvc.exe /quiet
Wait-Process aspnetmvc
.wcfdatasvc.exe /quiet
Wait-Process wcfdatasvc
Write-Host “All prerequisites are installed. Insert your SCVMM 2012 R2 DVD and install SCVMM Console manually. Then your environment will be ready for SPF installation“
And the following domain group
This admin group should be added to the local Administrators group on the SPF server.
The Service Provider Foundation provides an extensible OData web service. Communications to this web service can and should be encrypted by SSL. SSL requires certificates. The Service Provider Foundation allows for self-singed certificates (for testing purposes) and certificates issued by a standalone Certificate Authority, an enterprise Certificate Authority or a public Certificate Authority. The Service Provider Foundation install defaults to self-signed (wizard creates one automatically) or you can obtain a certificate from a Public CA for production.
The Service Provider Foundation setup is on the System Center Orchestrator R2 media.
When installing, login to the SPF server as a user that has DBO/SA rights to the SQL 2012 instance that will be hosting SPF databases.
Define application pool credentials (spfadminsvc) and SPF_Admin Group that will have an access to SPF services and click Next. It’s best practices to create new domain accounts for every SPF services instead of using Network Service account.
Provider Web Service properties , click Next
Usage Web Service configuration, click Next
Windows updates + CEIP – yes (Microsoft needs your feedback 🙂 ), click Next
Click Install
Setup is complete!
Update SPF with the latest rollup (https://support.microsoft.com/en-us/kb/3021802) or use Windows Update.
Please note, the latest roll-up causing an issue in IIS and breaks SPF Web from working. I ran into this during my lab deployment. Check out this blog post on “System Center 2012 R2 : Update Rollup 4 breaks the SPF website” that fixes the issue.
This completes the SPF install. In a future blog post, we will be integrating SPF with WAP and SCVMM.
Additional links:
http://technet.microsoft.com/en-us/library/jj642895.aspx
http://technet.microsoft.com/en-us/library/dn266007.aspx
Next up in my series, Installing the Windows Azure Pack on Nutanix
Until next time, Rob….
In the first blog posting in this series we examined the capabilities and benefits of deploying WAP (Windows Azure Pack) in enterprise datacenters by first looking at Windows Azure, Microsoft’s public cloud offering.
In the second blog posting we looked at some of the terminology associated with WAP and we summarized two kinds of deployment scenarios on Nutanix: Express and Distributed architecture
Moving on…”Cloud” is the buzz word in all aspects of our computing life today, and more and more companies want to be able to offer the benefits of a “Cloud” environment to their on premises users. And by now, we should all know the Public Cloud (i.e. Azure, Amazon, etc.) might not suit everyone and is definitely not suited for all situations….That is where Nutanix and WAP standout;
Giving your the ability to have a predictable, scalable , highly available, high performing IaaS (Infrastructure as a Service) hybrid datacenter
This series is meant to be a guide to building your own WAP test lab on Nutanix and also provide you guidance for building out a production Nutanix WAP environment.
Just to see functionally, you could deploy it the requirements on one host with Nutanix CE (Community Edition), but building this WAP environment on a Nutanix cluster will give you real world results.
In this series, we will be building 2 VM’s for the WAP test environment. The VM’s consist of SPF (Service Provider Foundation) Server and Windows Azure Pack Server.
In my test lab, I am using a 4 Node Nutanix NX3050 Cluster with Server 2012 R2 Hyper-V. This blog post assumes you have an Active Directory Domain and SCVMM (System Center Virtual Machine Manager) 2012 R2 up and running. It also assumes you have an empty SQL 2012 SP1 server built for hosting SPF, WAP and Tenant SQL Databases.
If you need help building a SCVMM 2012 R2 Server, check out my blog post on Installing SCVMM 2012 R2 on Nutanix (coming soon).
If you need help building a SQL 2012 Server, check out my blog post on Install SQL 2012 on Nutanix (coming soon)
If you need help deploying Hyper-V to a Nutanix cluster and joining the cluster to an Active Directory Domain, see my buddy Chris Brown’s Blog Video on Installing Hyper-V on Nutanix. This also covers adding it to SCVMM 2012 R2. He also has a great Hyper-VSCVMM Networking Overview. Another great NutanixMicrosoft resource.
The Active Directory security account groups below are recommended as best practices when deploying WAP with SCVMM. Active Directory Security were created and mapped in SCVMM as Delegated Administrations. See screenshots below.
You will also need to create a library share, or create a folder in a library share that will serve as the storage location for tenants. Also, understanding that self-service users must have the Store and Re-Deploy permission to store their virtual machines in important. In my test lab, I created a Nutanix container (SMB Share) with compression attributes and presented it to SCVMM.
IMPORTANT RULES FOR LIBRARY SHARES
In high level, best practices is to have each tenant how their own separate storage containers as shown in below diagram. This will allow you to advertise available capacity, security boundaries, and apply attributes, like deduplication or compression on a per container basis and then tie it up to storage classifications in SCVMM.
Next is to create storage for you tenants. In Prism, create a new container with the name of your tenant, set an advertised capacity and add any storage attributes, like deduplication or compression depending on the type of workloads being hosted. See the below a video I produced with my buddy @Mike TME at Nutanix of the process:
If you have any questions about the prep, please comment below.
Yea, now we can finally deploy the WAP. Now the fun part starts…..
Next up in my series, Installing the Windows Azure Pack environment on Nutanix – Deploying SPF (Service Provider Foundation)
If you missed part 1 – see link below
Part 1 – Understanding Windows Azure Pack
Ok, Let’s start with some terminology used when talking about WAP(Windows Azure Pack). Here are two key terms you need to know:
When WAP is deployed by a hoster (service provider) the administrator refers to IT staff at the hoster while the tenants are the customers to which the hoster is selling cloud services. And when WAP is deployed in an enterprise datacenter, the administrator will be your own IT department; the tenants in this case will be the other departments, divisions, or business units within your organization that want to take advantage of the cloud services your IT department is offering.
Admin Portal
User Signin Portal
User Main PortalWAP currently includes eight components. Two of these components are portals:
The self-service capabilities of the Management Portal for Tenants enables tenants to deploy and manage the cloud services they need when they need them without having to go through the slow procurement processes of the traditional approach to enterprise IT.
Authentication is another key feature of WAP to ensure that only properly authenticated administrators have access to the Management Portal for Administrators and only properly authenticated users have access to the Management Portal for Tenants. By default, the Management Portal for Administrators uses Windows authentication (Kerberos or NTLM) but you can optionally use Active Directory Federation Services (ADFS) for authentication purposes. The Management Portal for Tenants on the other hand uses the ASP.NET Membership Provider for authentication purposes. WAP includes two authentication sites, an Admin Authentication Site and a Tenant Authentication Site, for these purposes.
WAP also includes components that provide the following application programming interfaces (APIs):
All of the above components are required in any WAP deployment.
The following components of WAP may be deployed in order to offer additional forms of cloud services and other resources to tenants:
There are two basic deployment scenarios for WAP:
In addition, the distributed architecture can be implemented in various ways depending on the scale and degree of availability needed. Let’s briefly examine each of these scenarios.
In an express deployment of Windows Azure Pack, you install all of the required components on a single server and any optional components needed on one or more additional servers. This is the deployment I will be doing in the next part of the series. Specifically, the following required components must all be installed on your first server:
In addition, your first server must host the SQL Management Database used by the required components. This means you must install a required version of Microsoft SQL Server on the first server.
In a distributed deployment of WAP, you spread out the required components across multiple servers. There are many ways you can do this, but the following recommendations should generally be adhered to in order to ensure optional performance and supportability for your deployment:
In the next blog post in this series, we will begin our walk-through of installing and configuring WAP. I will focus primarily on the express deployment scenario in this series along with two types of cloud services: Virtual Machines and SQL Databases…………..Let’s build a cloud……
Until next time, Rob…
To understand what Windows Azure Pack is, you first need to be familiar with Windows Azure, Microsoft’s public cloud platform. To understand what Windows Azure is all about, check out the Azure website, but here are some key points of Windows Azure:
As a cloud platform from Microsoft that provides a wide range of different services, Windows Azure lets you build, deploy, and manage solutions for almost any purpose you can imagine. In other words, Windows Azure is a world of unlimited possibilities. Whether you’re a large enterprise spanning several continents that needs to run server workloads, or a small business that wants a website that has a global presence, Windows Azure can provide a platform for building applications that can leverage the cloud to meet the needs of your business…
So now, Let’s look at the definition that Microsoft uses for describing Windows Azure:
Windows Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool, or framework. And you can integrate your public cloud applications with your existing IT environment.
This definition tells us that Windows Azure is a cloud platform, which means you can use it for running your business applications, services, and workloads in the cloud. But it also includes some key words that tell us even more:
Windows Azure provides businesses with four basic categories of cloud-based services:
At the core of the Windows Azure platform is its ability to execute applications running in the cloud. Windows Azure currently provides four different models for doing this: Web Sites, Virtual Machines, Cloud Services, and Mobile Services. Together these four approaches comprise the compute services portion of the Windows Azure platform, and they can either be used separately or combined together to build more complex solutions that can meet specific business needs.
Now, let’s go though some the main options on Windows Azure….
Windows Azure Web Sites is a scalable, secure, and flexible platform you can use for building web applications that run your business, extend the reach of your brand, and draw in new customers. It has an easy-to-use self-service portal with a gallery of the world’s most popular web solutions including .DotNetNuke, CakePHP, DasBlog, WordPress, and many others. Or you can simply create a new website from scratch and then install a tool like WebMatrix—a free, lightweight web development tool that supports the latest web technologies such as ASP.NET, PHP, HTML5, CSS3, and Node. You can use WebMatrix to create websites and publish applications for Windows Azure. And if you use Microsoft Visual Studio as a development environment, you can download and install a Windows Azure SDK so you can build applications that can take advantage of the scalable cloud computing resources offered by Windows Azure…
Creating a new website with Windows Azure is so easy we have to show you how to do it. Begin by logging on to the Windows Azure Management Portal at https://manage.windowsazure.com using your Microsoft Account username and password. Then select the Compute, Web App tab on the left and either click Quick Create or click the from Gallery button on the command bar as shown here:
The command bar then expands, as shown in the next figure, and allows you to quickly create a new website with no additional configuration, a custom website with either a new or existing database, or a new web application based on an application framework, blog engine, template, or any other app available in the Windows Azure gallery…
Windows Azure Virtual Machines is a scalable, on-demand IaaS platform you can use to quickly provision and deploy server workloads into the cloud. Once deployed, you can then configure, manage, and monitor those virtual machines, load-balance traffic between them, and connect them to other Windows Azure Cloud Services running web roles and worker roles. You can copy virtual hard disks (VHDs) from your on-premises environment into Windows Azure to use as templates for creating new virtual machines. And you can copy VHDs out of Windows Azure and run them locally in your datacenter.
You can create new virtual machines from a standard image available in the Windows Azure gallery. Standard images are included for current versions of Windows Server and for different flavors of Linux. Standard images are also available for Microsoft SharePoint, Microsoft SQL Server, Microsoft Dynamics and Microsoft BizTalk Server pre-installed on Windows Server. Standard images are a great way of quickly provisioning new virtual machines, but you can also use images you created on-premises to deploy new virtual machines.
Creating a new virtual machine in Windows Azure is easy. Just open the Windows Azure Management Portal and select Compute, and then Virtual Machine tab on the left. The command bar expands and displays two options for creating virtual machines: Quick Create or From Gallery.
The Quick Create option lets you create a new virtual machine which you can configure later. As shown below, all you need to specify for this option is the DNS name for your virtual machine, the image to use as a template for your virtual machine, the size of the virtual machine (number of cores and memory), a user name and password for administrative access to the virtual machine, and the region or affinity group to which the virtual machine should be assigned:
The other option, called From Gallery, lets you create a virtual machine by specifying advanced options presented in a series of pages. The first page shown below allows you to choose an image to be used as a template when creating your virtual machine…
Let’s again review the definition that Microsoft uses for describing Windows Azure:
Windows Azure is an open and flexible cloud platform that enables you to quickly build, deploy, and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool, or framework. And you can integrate your public cloud applications with your existing IT environment.
Now let’s examine how Microsoft describes Windows Azure Pack. First, here’s how they define Windows Azure Pack on their Server and Cloud Platform site:
The Windows Azure Pack is a collection of Windows Azure technologies available to Microsoft customers at no additional cost. Once installed in your datacenter, the Windows Azure Pack integrates with System Center and Windows Server to help provide a self-service portal for managing services such as websites, Virtual Machines, and Service Bus; a portal for administrators to manage resource clouds; scalable web hosting; and more.
Next, here’s how Microsoft defines Windows Azure Pack in the TechNet Library:
Windows Azure Pack for Windows Server is a collection of Windows Azure technologies, available to Microsoft customers at no additional cost for installation into your data center. It runs on top of Windows Server 2012 R2 and System Center 2012 R2 and, through the use of the Windows Azure technologies, enables you to offer a rich, self-service, multi-tenant cloud, consistent with the public Windows Azure experience.
Comparing these various definitions and reading the linked resources enables us to conclude the following about how Windows Azure Pack compares to Windows Azure:
To summarize, Windows Azure Pack lets you bring some of the capabilities of the Windows Azure public cloud platform right into your own datacenter by leveraging your existing infrastructure based on Windows Server and System Center.
In the next article of this series we’ll examine different deploying scenarios with Nutanix for Windows Azure Pack in your datacenter.
Portions of this Azure Pack had made their way onto partner vendors’ hardware in the past — in the form of Microsoft Private Cloud Fast Track Program and Dell’s Cloud Platform System. My company, Nutanix was one of the first Private Cloud Fast Track Partners with certified reference architecture. So we’ve seen private cloud platforms with third-party vendor brands, built around server software made by Microsoft but not called Windows.
What Azure Stack becomes, over and above Azure Pack, is not just a microcosm of Azure, but an extension of Azure itself. As several Microsoft officials confirmed at Ignite, Azure Stack extends the file and object system of Azure into the private space. (And Azure Stack won’t be the only Microsoft technology that does this….Hint, Hint…Hmm…under NDA at moment)
“You want to be able to take those cloud applications, and host them in your environment,” said Anderson. “You’ve told us you want Azure — all of Azure — in your data centers. Azure Stack … is literally us giving you all of Azure to run in your data centers.
I saw early demonstrations of Azure Stack at Ignite, and what I saw was user access policy management system that essentially duplicated the one currently used on the public Azure cloud as shown below.
“The Microsoft Azure Stack gives application owners the ability to ‘write once, deploy anywhere,’ whether it be to your private cloud, a service provider’s cloud, or the public Azure cloud,” reads a post to Microsoft’s server and cloud blog Monday. “Developers will have the broadest access to application development platforms across Windows and Linux to build, deploy and operate cloud applications using consistent tools, processes and artifacts. One Azure ecosystem across public, private and hosted clouds will allow you to participate in a unified, robust partner network for Azure clouds.”
Microsoft’s idea is to make private cloud space and public space addressable and manageable using the same tool set, and by extension, to effectively make data centers into planks, if you will, for Azure. It’s one big reason why the words “Windows Server” are being spoken less and less often by people whom you would think were in charge of it.
Now let’s start at the top. When we look at the image below we see the browser experience. In the current version of Azure Pack we have 2 portals, 1 for the tenant and 1 for the admin. In Azure Stack we have 1 browser experience. That experience is also the same across Azure Stack and Azure. So admins as well as the tenants go through the same portal site and leveraging the same portal API’s and extensions.
In the deployment of the portal site there is still an option to scale out to multiple website nodes like we do with a distributed deployment of Windows Azure Pack today. When we go down that rabbit hole, we see the Azure Resource Manager and the Core Management Resource Providers. The Core Management Resource Providers integrate in Azure Resource Manager and all components interact with that. Below in this post, I will focus on the Azure Resource Manager and the Core Resource Providers. Further down we see the Service Resource Providers. The Service Resource Providers will control and manage the resources it is assigned to. Like the Compute Service Resource Provider will manage the compute resources (nodes), the Storage Resource Provider will manage the storage resources (nodes) and so on…
And that’s really in a nutshell the top to bottom service layout of the Azure Stack.
Let’s look at the portal. The portal is completely redesigned and which allow you to fully personalize. It is highly scalable and have integration across services. When you install new resource providers today in WAP you need to edit the core code for the Azure Pack portal. Then you need to restart the web service process to see the result of that change. With the new design the portal process runs continuously in a separate process and when you extend the portal by adding extensions a workflow will distribute the extensions to all nodes running the portal site. As mentioned before the admin and tenant site are integrated in the same portal.
The portal UI is very nice, but it would be useless if we cannot login to the portal, right? Let me talk about the identity part of the new Azure Stack. In the old portal we had the options to use the SQL .Net membership or we could integrate ADFS to use AD or other federated identity providers (IDP’s). In the new portal they use claims-based authentication and there is native support for the following:
From the Azure Resource Manager to the Core Management Resource Providers it will use Windows Authentication or Basic Authentication. The Core Management Resource Providers will use Windows Authentication or an authentication method defined by the Resource Provider.
Now on to the Azure Resource Manager. The Azure Resource Manager is the new Service Management API. It’s as Microsoft calls it “a product” that allows the management of the compute, storage, network. When you, as a tenant, create a resource group it allows you to put all the resources (VM’s, Networks, websites etc…) in a resource group that can be managed as a whole (Create /Add / Update /Delete – aka Life Cycle Management).
With role based access control (RBAC) you, as a tenant, can also provide access to other users that have access based on the permission you assign to the resource group. Also usage is collected for a particular resource group so you can see how much the resources in a resource group will cost.
The Azure Resource Manager will also allow you to put deployments in regions. Regions represents the datacenters of your service provider or your own datacenters. Furthermore the Azure Resource Manager is providing audit logging on your subscriptions and resources. To create resources using the Azure Resource Manager you need to create or use an existing template. A template is a json file what can be edited to define the resources in your deployment.
The Azure Resource Manager will talk to the Core Management services. Let’s look at the components involved in that.
So this what I know so far from MS, but will update this post as I know more. MS is not giving defiant answer, but rumors are beta late fall and Tech Preview in spring. I can’t wait to get the early bird bits to play around with it and when I do I will follow-up on this post to give you more technical information of Azure Stack!
Until next time, Rob…