Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Step-by-Step: Getting Started with On-demand Private Clouds using Windows Azure Pack

DZone's Guide to

Step-by-Step: Getting Started with On-demand Private Clouds using Windows Azure Pack

· Cloud Zone
Free Resource

MongoDB Atlas is a database as a service that makes it easy to deploy, manage, and scale MongoDB. So you can focus on innovation, not operations. Brought to you in partnership with MongoDB.

As I’ve been traveling and speaking to IT Pros about the great scalability, resiliency and offerings in our Microsoft Azure public cloud platform, there’s also been lots of interest around deploying our free Windows Azure Pack (WAP) to bring the power and consistency of the same self-service Azure portal user interface to on-demand Private Clouds provisioned in an on-premises datacenter.

Click to enlarge ...
Service Management Portal in Windows Azure Pack

In this article, we’ll step through the process of setting up Windows Azure Pack in a lab environment for provisioning and delegating VM private clouds. Along the way, I’ll call out the specific details that I found helpful to successfully build my own lab environment.

What is Windows Azure Pack?

For a technical overview of the Windows Azure Pack, check out this great Microsoft TechEd session:

In addition, Thomas Maurer, MVP for Cloud and Virtualization, has written a great article that describes the overall architecture of Windows Azure Pack:

What are we building?

Windows Azure Pack certainly has the ability to scale to support very large Private Cloud environments consisting of multiple datacenters.  However, in this article, we’ll get started by building a basic lab environment that consists of the following four (4) VMs:

  • System Center 2012 R2 Virtual Machine Manager (VMM) management server VM
  • SQL Server 2012 database server VM
  • Service Provider Foundation (SPF) server VM
  • Windows Azure Pack (WAP) server VM

To configure all four (4) VMs in your lab environment, you’ll need a virtualization host with at least 16GB RAM and 300GB available disk space.

Virtualization Hosts and Fabric Controller

Before installing Windows Azure Pack, it’s important to confirm that your on-premises virtualization infrastructure is in-place.  Windows Azure Pack leverages System Center 2012 R2 Virtual Machine Manager (VMM) as a private cloud fabric controller for handling on-demand provisioning and management of virtual machines “behind-the-scenes”, so you’ll want to confirm that VMM is setup in your environment and is connected to one or more supported virtualization host platforms for running virtual machines, such as Hyper-V, VMware or Citrix XenServer.

To setup VMM in your lab environment, be sure to review the following resources:

As part of this base configuration, you’ll also install a Microsoft SQL Server that will be used by all components in this lab environment.

Private Clouds, VM Networks and VM Templates

After VMM is setup and connected to your virtualization hosts, there’s a few specific configuration tasks to keep in mind when defining Private Clouds and VM Networks as part of your cloud fabric in VMM.  These steps are important if you’ll be using Windows Azure Pack, because WAP won’t recognize your fabric resources as being available for on-demand provisioning via the Service Management Portal unless they are configured properly.

VM Network Guidelines

You must have a VM network available to which tenant VMs can be associated. This VM network can be created using the VMM Console if you wish to provide a standard VM network that is shared across tenants. 

If you wish tenants to be able to create their own on-demand VM Networks in the WAP Service Management Portal for Tenants, you must configure the Logical Network that is associated with your cloud in the steps above for Hyper-V Network Virtualization (HNV). To do this, be sure to select the One Connected Network option, and then select the Allow VM Networks created on this logical network to use network virtualization checkbox in the VMM console when configuring your Logical Network.

If you plan to leverage Hyper-V Network Virtualization (HNV) for your Logical Network and VM Networks, check out these resources for more details and step-by-step guidance:

Private Cloud Guidelines

When configuring Private Clouds in VMM, be sure to follow these TechNet guidelines:

  • You must create a cloud from host groups. For instructions, see How to Create a Private Cloud from Host Groups.
  • You must have already created logical networks that can be associated with the cloud. For instructions, see How to Create a Logical Network in VMM.
  • You must have already created a VM library share. For instructions, see How to Add a VMM Library Server or VMM Library Share.
  • You must assign the right amount of capacity to the cloud. The capacity that you assign to the cloud governs the resources that will be available to the tenants while provisioning virtual machines using VM Clouds.
  • You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud. If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.

VM Template Guidelines

When creating virtual machine templates in VMM that you will use with WAP, follow this TechNet guidance:

  • While selecting a source, make sure the VHD you select has the option to connect to the virtual machine using remote desktop.
  • While configuring the hardware settings, make sure you do not select any of the cloud capability profiles (XenServer, ESX Server, Hyper-V) available.
  • While configuring the operating system, make sure you do not set the Guest OS Profile drop-down to None. You must specify a valid value for this drop-down.

For instructions, see How to Create a Virtual Machine Template.

Service Provider Foundation (SPF)

Windows Azure Pack uses Service Provider Foundation (SPF) to communicate with VMM when provisioning and managing VM Clouds.  SPF provides an extensible OData web service that the WAP Service Management Portals communicate with to interact with VMM.  SPF is a component that is included with System Center 2012 R2 Orchestrator, so you’ll be installing SPF from the Orchestrator media in these steps.

  1. Review system requirements for the SPF server
     
    Be sure to install all prerequisite components on the SPF server that are listed in the above document.
  2. Create an SPF Service Account as an Active Directory Domain User account.
  3. Add SPF Service Account as VMM Administrator
  4. Install SPF for System Center 2012 R2
  5. Confirm Local Security Groups and IIS Application Pools.
     
    After installation, confirm the following local security groups and IIS Application Pools on the SPF server
     
    Local Security Groups IIS Application Pools
    SPF_Admin
    Member: SPF Service Account
    Admin
    Identity: SPF Service Account
    SPF_Provider
    Member: SPF Service Account
    Provider
    Identity: SPF Service Account
    SPF_VMMMember: SPF Service Accout VMM
    Identity: SPF Service Account
    SPF_Usage
    Member: SPF Service Account
    Usage
    Identity: SPF Service Account
    Administrators
    Member: SPF Service Account
  6. Confirm that the SPF Service Account can communicate with the VMM server.
     
    - Login at the console of the SPF server with the SPF Service Account credentials.
     
    - Launch the Virtual Machine Manager Command Shell from the Start screen.
     
      Tip: Hit the Windows key and just start typing “Virtual …
     
    - Use the following PowerShell cmdlet to confirm communication:
     
      Get-VMMServer VMM_Server_Name 
    If successful, you will receive output that includes the properties of your VMM server connection.
     
    image
     
    If unsuccessful, confirm that the SPF Service Account has been properly added as a VMM Administrator in step 3 above.
  7. Confirm that the IIS site for SPF is configured with Basic Authentication enabled.
     
    Using IIS Manager on the SPF server, drill into the properties of the SPF web site and click Authentication to confirm this configuration.
  8. Create a local WAP Portal Service Account and add it as a member to all four SPF_ Local Security Groups.
     
    In some deployments, the WAP portals may be running on servers in a different untrusted Active Directory domain.  As a best practice, the WAP portal connections will be configured to connect to the SPF OData web service using local account credentials.
     
    - Create this local WAP Portal Service Account using the Computer Management tool on the SPF server.
     
    - Add the local WAP Portal Service Account as a member of the SPF_Admin, SPF_Provider, SPF_VMM and SPF_Usage groups.
  9. Confirm that you are able to successfully communicate with the SPF OData web service.
     
    - Browse to the following URL using IE with InPrivate browsing mode:
     
      https://SPF_Server_Name:8090/SC2012R2/VMM/Microsoft.Management.Odata.svc
     
    - If prompted with a Certificate warning dialog, click Continue.
     
    - When prompted to authenticate, sign-in with the WAP Portal Service Account credentials.
     
    If successful, you should receive an XML response page.
     
    Click to enlarge ...
    Success! We can communicate with the SPF OData web service.
     
    If unsuccessful, see this great article for additional troubleshooting tips.

Install Windows Azure Pack

We’re now ready to install the Windows Azure Pack (WAP) components.  In this article, we use the Express installation option, where all WAP server components are installed on a single VM that is separate from the SPF server VM. For larger installations involving lots of tenants, there are also options for distributed deployment and high availability.

  1. Review the system requirements for the WAP server
  2. Install software prerequisites on the WAP server
  3. Install an Express deployment of Windows Azure Pack
  4. Import the SPF server certificate as a Trusted Root certificate on the WAP server.
     
    In this lab, the SPF web site on our SPF server is using a self-signed certificate.  To properly connect from the WAP server, we’ll need to export this self-signed certificate from the SPF server and import into the following certificate store on the WAP server:
     
    - Local Computer \ Trusted Root Certification Authorities \ Certificates

Ready to deploy to VM Clouds

Now that your lab environment is built, you’re ready to register your SPF server from the Windows Azure Pack admin portal and deploy to VM Clouds!

To continue down this path, be sure to reference these next steps …

What’s Next?

So far, we’ve setup the basics of provisioning and managing on-demand Private Clouds using the Windows Azure Pack.  In future articles, we’ll work on extending our lab to include the following additional components …

  • Configuring a Remote Desktop Gateway for VM console access
  • Automated Runbooks via Service Management Automation
  • Usage Reporting for Virtual Machine Clouds

Stay tuned for more in the Clouds!

MongoDB Atlas is the best way to run MongoDB on AWS — highly secure by default, highly available, and fully elastic. Get started free. Brought to you in partnership with MongoDB.

Topics:

Published at DZone with permission of Keith Mayer, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}