Kristian NeseCTO, MVPLumagate

Under the hood of Windows Azure Pack

Kristiannese.blogspot.com@KristianNese

• Session Objective(s): • What is the Windows Azure Pack Framework• Learn how to deploy and configure Windows Azure Pack and the IaaS/VM services using System Center• The future of Cloud Computing and Service Delivery

• Key Takeaway 1• Your customers have flexibility in deploying and configuring Windows Azure Pack to meet their business needs, including production

and lab environments• Key Takeaway 2

• The IaaS/VM service can be offered via Windows Azure Pack using System Center Virtual Machine Manager and Service Provider Foundation

Agenda

1ConsistentPlatform

Windows Azure Pack

Service ProvidersPrivate Cloud

Public Cloud

Microsoft Cloud OS Vision

DEVELOPMENT MANAGEMENT IDENTITY VIRTUALIZATIONDATA

Azure Virtual Machines

Windows Azure Pack

R2 w/ Service Provider Foundation

Future Servic

esService

BusSQLVMs

WebSites

Service Management API

ServicePlansUsers Provider

PortalConsumer

Self-ServicePortal

Web SitesAppsDatabaseVMs

Service ProviderCustomer

Self Service Portal Moves On-Premises

Common Mgt. Experience

Workload, Portability

Cloud-Enabled Services Move On-

Premises

Consistent Dev.

Experience

Other Service

sCDN.

Media,, etc.

Caching

Service Bus

SQLVMRole

WebSites

WorkerRole

Service Management API

Web SitesAppsDatabaseVMs

Subscriber Self-

ServicePortal

Windows Azure

Cloud OS Consistent Experiences

R2

SMA

ON-PREMISES

SERVICE PROVIDERMICROSOFT

CONSISTENTPLATFORM1

TENANT & ADMIN PORTALS

SERVICE BUSWEBSITES VIRTUAL MACHINES

DATABASES VIRTUAL NETWORKS

WAP

SERVICE MANAGEMENT API

IaaS - Elastic Tiers

Virtual Networks

Window and Linux

Gallery of apps

Fully self-service

Reliable Messaging

Standards Based

Cross Cloud

Fully self-service

Web Application PaaS

Highly Scalable

Dev-ops optimized

Integrated SCC

Fully self-service

Multi-tenant

Site-2-Site VPN

BGP

NAT

Fully self-service

SQL Server

Databases

Fully self-service

MySQL

Partners using Windows Azure Pack

Member of the Cloud OS Network, as one of 25 leading service providers worldwide. Will leverage Windows Azure Pack together with System Center and Windows Server Hyper-V to deliver cloud services from its local datacenters with optional Windows Azure and Office 365 integration.

Partners using Windows Azure Pack

With a huge focus on automation, Hatteland is able to deliver sophisticated services to tenants through self-service capabilities, running the latest platform on 2012 R2 with Windows Azure Pack.

Hatteland provides scale at every level, all from the fabric and up to applications using the Cloud OS.

Deploying Windows Azure Pack

• Express• Simple, fast

• Deploy all components on one box (portal, APIs, backend services, databases)

• Intended for lab or demo environments

• Distributed• Production environments• Offers flexibility to deploy based on customer requirements • Performance and Scale• Security• Availability

Supported Deployments

WAP Express Installation

Express Deployment

SQL Server Express Service

Bus

Web Sites

SPF + VMM + OM

Management Database

High Privileged Services+ Internet Facing

Providers

All WAP Portal and API services deployed on a single VM

Tenant APIWAP Admin API

WAP Admin Site

Tenant Authentication Site

Tenant Public API

Tenant Site

Distributed Deployment

WAP SQL Server Cluster

ADFS

Service Bus

Web Sites

SPF + VMM + OM

Internet Facing

High Privileged Services

Providers

Management Database

Identity Federation

Increase # of servers to address performance

Separate components for SecurityPlug in Federation services to enable different identity

providers

Scale out all nodes for HA

Demo: Web Platform Installer & Configuration Site

Windows Azure Pack Sites and Endpoints

Portal• Admin Site• Admin Authentication Site• Tenant Site• Tenant Authentication Site• Configuration Site

API• Tenant API• Tenant Public API• Admin API

Resource Providers• Virtual Machines• Web Sites• Service Bus• SQL RP• My SQL RP

Infrastructure• Monitoring• Web App Gallery• PowerShell Modules• Usage• Usage Collector

Windows Server 2012 or higherSQL 2012 SP1 or higherInternet Information Services (IIS).NET 3.5 and 4.5Web Platform Installer

http://technet.microsoft.com/en-us/library/dn296442.aspx

Deployment Pre-requisites

Scale out Tenant Portal for better performance For high availability

Hardware load balancer recommended for public tier (Tenant Portal and Tenant Public API)

Failover cluster instance, Always On Availability group and a combination of the two are supported for SQL

SQL instance (for configuration data) Recommend a separate instance

During install process, take snapshots! Pre installation, Post installation, Post configuration

Replace self-signed certificates with certs from a trusted CA

Deployment tips

Event Viewer (Application and Service Logs Microsoft Windows Azure Pack)

Use Fiddler Tracing web traffic Configure https

Validate Accounts Add Admin users to MgmtSvcOperators Local Group Use Add-MgmtSvcAdminUser cmdlet to give users access to the admin portal

Make sure that you make a note of the passphrase used. There is no way to recover it.

Prepare FQDNs required for configuration

Troubleshooting during configuration

Bring the action

Deploying the Virtual Machines Service

Multi-tenant IaaS Cloud Architecture

Service Management API

Management Portal

Service Provider Foundation SPF Web Server

Stamp2

SPF DB

VMM Server 2

VMs

Stamp1

VMM Server 1

Stamp scale unit each with management and host capacity

Compute Storage Network Compute Storage Network

Service Admin Portal

TenantPortal

PublicEndpoint

TenantAPI

Service Admin API

Tenant creates and operates VMs

Management Portal Tenant and Service Admin UI

Service Management API Governs routing and access to resources

SPF multi-tenant REST Odata API for System Center IaaS

Service Provider Foundation (SPF)

Virtual Machines

Virtual MachineManager

VM networksVirtual Machine

Manager

Service Templates

Virtual MachineManager

AutomationOrchestrator

Enables Hosted IaaS • VM management

• Service management

• Self-service VM networks

• Multi-tenancy / Multi-stamp

• Self-service tenant administration

• Enterprise identity for SPF

• Extensibility for hosted cloud API

• Usage Metering via SCOM

REST-based Odata API

2012 R2

Configuring VMM to Offer IaaS

Combine hosts and networks, storage, and library resources together to create a service provider cloud.

Delegate access to self-service users and let them manage cloud resources and create services

Deploy VMs to private clouds or hosts by using VM templates

Create a cloud by moving the underlying resources of network, storage, & compute into the cloud.

Configure the fabric

Create a cloud from the fabric

Delegate the cloud to a

self-service user

Deploy VMs

Demo: Configuring VMM and SPF for IaaS

SPF

Configuring IaaS for Windows Azure Pack

Admin Tenant

PlansSubscription

s

OffersStamps

User RolesOffer

1

2

3

4

56

VMM

Service ManagementAPI

VMM

AdminPortal

TenantPortal

User Identities

Subscription

Plan

1. Configure Fabric in VMM and Create Cloud

2. Create Template, HW Profile

3. Configure Accounts in SPF

4. Connect Service Management API to SPF & Register VMM server

6. Tenant Subscribes to Plan and Creates VM

5. Offer Plan with Cloud to Tenant User

Multi-tenancy across LayersService Admin

PortalTenant Portal

Service Management API

Service Provider Foundation (Tenant, Admin, Usage)

Virtual Machine Manager

Orchestrator Operations Manager

Hyper-V

PaaS Provisioning and Management

Engine

IISSQL Server

Service Bus

Windows Server

Demo: Offering IaaS using Windows Azure Pack

Time to get excited!

The future of Cloud Computing with WAP

Gallery Items Add value to your subscribers through sophisticated

applications and server workloads

Remote Console Provides Remote Desktop experience through VMBus and

allows console access to VMs without network connectivity

Network Virtualization Leverage capabilities in Hyper-V to support a multi-tenant

infrastructure for tenants using NVGRE

VMRole Gallery Item Overview

• 2 packages• RESDEF which houses views

and WAP portal understanding of Gallery Item

• RESEXT which houses VMM’s understanding. Includes customresources

WAP Gallery Items

• Adding Gallery Items to WAPCatalog• Current VMRole Gallery Items can be found in this custom feed to WebPI

http://www.Microsoft.com/web/webpi/partners/servicemodels.xml

• Learnings moving from service templates to gallery items

• VM Role Authoring Tool : https://vmroleauthor.codeplex.com/VM Role Authoring Tool Videos: http://www.youtube.com/playlist?list=PLjbVGPEELuaSuM-0eh9GO05zDFUudydJ1

• Working with Gallery Items

Using Virtual Machine Roles

Gallery Item

(Virtual Machine

Role Template)

ApplicationExtension

(App Profile and

Payload)VMM

Virtual Machine Role

VM VM VMSPF

Gallery Wizard

Service Admin Manage GalleryOffer to Tenants

TenantCreate Virtual Machine Role

Manage Virtual Machine Role

Powershell

Portal

2

1

3

4

5

1. Import Application Extension into VMM2. Import Gallery Item into SPF3. Offer to Tenants4. Create Virtual Machine Role5. Manage existing Virtual Machine Roles

Service Admin Gallery

• Import and Manage Gallery Items• Resource Definition Package

• Publish / Unpublish Gallery Items to Tenants• Immediate impact when

unpublishing

• Add Gallery Items to Plans• Scopes access based on plan and

subscription• Gallery Item authorization from SPF• Resource extension from VMM

Tenant Virtual Machine Features

• Cloud OS Virtual Machine Role• Scale-out and Scale-In of a Virtual

Machine Role• Update settings• Upgrade to new version• Change networks• Start/Stop/Shutdown VMs• Add/Remove Devices

• Support for VM Templates• Active Directory Authentication• Co-admins can share

subscription

Demo: Working with Gallery Items

### Sample script that imports the Web VM Role into VMM Library### Get Library share### Get resource extensions from folder### Import resource extension to VMM library$libraryShare = Get-SCLibraryShare | Where-Object {$_.Name -eq 'MSSCVMMLibrary'} $resextpkg = $Env:SystemDrive + "\Gallery Resources\WS2012_IIS_VMRole_Pkg\WS2012WebServer.resextpkg"Import-CloudResourceExtension –ResourceExtensionPath $resextpkg -SharePath $libraryshare -AllowUnencryptedTransfer### Get virtual hard disk that should be associated with the resource extension### Ask VMM for operating systems equal to 64-bit edition of Windows Server 2012 Datacenter### Set virtual hard disk to be tagged as Windows Server 2012 Datacenter$myVHD = Get-SCVirtualHardDisk | where {$_.Name –eq 'webg1.vhdx'} $WS2012Datacenter = Get-SCOperatingSystem | where { $_.name –eq '64-bit edition of Windows Server 2012 Datacenter' } Set-scvirtualharddisk –virtualharddisk $myVHD –OperatingSystem $WS2012Datacenter### Define tags### Tag vhd with familiy name (Windows Server 2012) and extension requirements (.NET3.5)### Set properties on vhd$Tags = $myvhd.tagif ( $tags -cnotcontains "WindowsServer2012" ) { $tags += @("WindowsServer2012") }if ( $tags -cnotcontains ".NET3.5" ) { $tags += @(".NET3.5") }Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -Tag $tagsSet-SCVirtualHardDisk -VirtualHardDisk $myvhd -FamilyName "Windows Server 2012 Datacenter" -Release "1.0.0.0"### Verify cloud resource extensionsGet-CloudResourceExtension | Format-List -Property State, Description, Name### Verify cloud resources deployedGet-CloudResource | Format-List -Property name### Verify tags on vhdsGet-SCVirtualHardDisk | Format-List -Property familyname, OperatingSystem, VHDFormatType, release

Enable Remote Console Access for Tenants

• VMs can be:• On isolated network/no network• Windows/Linux/No OS

• Requires• RDP client that support RDPTLSv2• Windows Azure Pack

• Service Management Portal• System Center 2012 R2• Windows Server 2012 R2

• Hyper-V• Remote Desktop Gateway

Remote Console Flow

Browser

Remote Desktop Client

client supporting RDPTLSv2

Windows Azure PackPortal

System Center 2012 R2

Windows Server 2012 R2

Remote Desktop Gateway

RDP File

RDP FileTokens (Host, VM)

Console Request

Trust

Trust

Windows Server 2012 R2 Hyper-V

Validate token signature.Validate token timestamp.Authorize host & port only

Validate token VMID.Authorize only specific VM.

Verify user accessGenerate and sign tokens

Generate RDP file and embed tokens

Demo: Remote Console

Hyper-V Network Virtualization Concept

Different subnets

10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7

192.168.2.22 192.168.5.55

192.168.2.22192.168.5.55

10.0.0.5 10.0.0.7

GRE Key 5001

MACCA

10.0.0.5 10.0.0.7

GRE Key 6001

MACCA192.168.2.22

192.168.5.55

10.0.0.510.0.0.7

10.0.0.510.0.0.7

10.0.0.5 10.0.0.7

10.0.0.510.0.0.7

VSIDProvider Address

Customer Address

NVGREPacket

Hybrid Networking in WSSC 2012 R2• Multitenant S2S network

virtualization GW• Clustering for high

availability on guest and host level

• Uses BGP for dynamic routes update

• Multitenant aware NAT for Internet access

• Integration with VMM 2012 R2

• Up to 200 S2S VPN Connections, 50 Routing domains and 500 virtual subnets

ContosoSite 1

ContosoSite 2

Northwind

FabrikamSite 1

FabrikamSite 2

ContosoVM Network

Northwind VM Network

Fabrikam VM Network

Internet Hoster

S2S tunnelS2S tunnel

S2S tunnel

S2S tunnel

S2S tunnel

BGP

Tenant Networks

• Tenants create their own networks• Site to Site VPN

• Network Address Translation (NAT)

• Configuration of topology and border gateway protocol (BGP)

• Tenant IP addresses with network virtualization

• Consistent user experience with Azure

Demo: Tenant Network using NVGRE

Summary• Deployment models should meet

business requirements• WAP requires WSSC 2012 R2 (w/SPF)• Use Gallery Items to extend service

offerings• Configure Remote Access and NVGRE to

create an awesome IaaS Cloud

Thank you!

Please evaluate the session before you leave

http://kristiannese.blogspot.com

@KristianNese

Hybrid Cloud with NVGRE – whitepaper: http://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a