Introduction to Windows Azure. Managing Windows Azure. Module Manual. Authors: Joey Snow

Similar documents
Implementing Microsoft Azure Infrastructure Solutions

Hands-On Lab. Windows Azure Virtual Machine Roles. Lab version: Last updated: 12/14/2010. Page 1

Programming Microsoft's Clouds

Sentinet for Microsoft Azure SENTINET

20533B: Implementing Microsoft Azure Infrastructure Solutions

Developing Microsoft Azure Solutions

Sentinet for Windows Azure VERSION 2.2

Vendor: Microsoft. Exam Code: Exam Name: Administering Office 365. Version: DEMO

Azure Development Course

Developing Microsoft Azure Solutions (70-532) Syllabus

Exam : Implementing Microsoft Azure Infrastructure Solutions

Sentinet for BizTalk Server SENTINET

Microsoft Azure Course Content

Developing Microsoft Azure Solutions (70-532) Syllabus

Course Outline. Developing Microsoft Azure Solutions Course 20532C: 4 days Instructor Led

Course AZ-100T01-A: Manage Subscriptions and Resources

[MS10992]: Integrating On-Premises Core Infrastructure with Microsoft Azure

BraindumpsQA. IT Exam Study materials / Braindumps

Developing Microsoft Azure Solutions (70-532) Syllabus

Real4Test. Real IT Certification Exam Study materials/braindumps

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

MCSD: Azure Solutions Architect Certification Guide

Microsoft_PrepKing_70-583_v _85q_By-Cath. if u wana pass the exam with good percentage dn follow this dump

Deccansoft Software Services

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

Developing Microsoft Azure Solutions (MS 20532)

20532D: Developing Microsoft Azure Solutions

Sentinet for BizTalk Server VERSION 2.2

Setup Guide for AD FS 3.0 on the Apprenda Platform

Microsoft Managing Office 365 Identities and Requirements. Download Full version :

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

Introduction. The Safe-T Solution

Developing Microsoft Azure Solutions: Course Agenda

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools

Developing Microsoft Azure and Web Services. Course Code: 20487C; Duration: 5 days; Instructor-led

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

At Course Completion After completing this course, students will be able to:

MCSA Windows Server A Success Guide to Prepare- Microsoft Upgrading Your Skills to MCSA Windows Server edusum.

Vlad Vinogradsky

Developing Microsoft Azure Solutions

Advanced Solutions of Microsoft SharePoint Server 2013 Course Contact Hours

Advanced Solutions of Microsoft SharePoint 2013

Identity with Windows Server 2016

[MS20533]: Implementing Microsoft Azure Infrastructure Solutions

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

Developing Microsoft Azure Solutions

The Modern Web Access Management Platform from on-premises to the Cloud

Windows Azure Services - At Different Levels

microsoft. Number: Passing Score: 800 Time Limit: 120 min.

Upgrading your Skills to MCSA Windows Server 2012

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

Microsoft Implementing Microsoft Azure Infrastructure Solutions.

Windows Server : Upgrading Your Skills to MCSA Windows Server 2012 R2. Upcoming Dates. Course Description.

20398: Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) and On- Premises Tools

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Course Outline. Introduction to Azure for Developers Course 10978A: 5 days Instructor Led

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions (20533)

Identity with Windows Server 2016

Azure 209x Practical Exercises Overview

M20742-Identity with Windows Server 2016

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.

Techno Expert Solutions

MOC 20417C: Upgrading Your Skills to MCSA Windows Server 2012

Microsoft Exam

Microsoft Azure for AWS Experts

COURSE 20487B: DEVELOPING WINDOWS AZURE AND WEB SERVICES

Whiteboard 6 feet by 4 feet (minimum) Whiteboard markers Red, Blue, Green, Black Video Projector (1024 X 768 resolutions)

Course : Planning and Administering SharePoint 2016

App Orchestration 2.0

Office 365 and Azure Active Directory Identities In-depth

Developer s Guide to Azure RemoteApp Hybrid Collection Deployment

Identity with Windows Server 2016 (20742)

Developing Microsoft Azure Solutions

Vendor: Microsoft. Exam Code: Exam Name: Developing Microsoft Azure Solutions. Version: Demo

[MS20487]: Developing Windows Azure and Web Services

20742: Identity with Windows Server 2016

Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate

Guardium UI Login using a Smart card

MS-20487: Developing Windows Azure and Web Services

Tableau Server on Microsoft Azure:

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Workshop on Windows Server 2012

Citrix Exam 1Y0-301 Deploying Citrix XenDesktop 7.6 Solutions Version: 8.0 [ Total Questions: 112 ]

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led

HySecure Quick Start Guide. HySecure 5.0

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Upgrading Your Skills to MCSA Windows Server 2012

Exam Ref Implementing Microsoft Azure Infrastructure Solutions Michael Washam Rick Rainey

Developing Windows Azure and Web Services

SharePoint Online and Azure Integration

Upgrading Your Skills to MCSA Windows Server 2012 Microsoft Official Curriculum (MOC 20417)

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

CA SSO Cloud-Enabled with SSO/Rest

Security and Compliance

Extend your Availability strategy to the cloud with Veeam and Microsoft Azure

Alliance Key Manager A Solution Brief for Partners & Integrators

Transcription:

Introduction to Windows Azure Managing Windows Azure Module Manual Authors: Joey Snow Date Published. 15 th March 2011

Abstract This whitepaper will provide the IT Professional with an overview of the key aspects of managing Windows Azure applications and services. It will introduce you to the new opportunities for identity management, VM Role patching, and managing IIS provided through Windows Azure Platform. It will also introduce you to some of the techniques available for managing Windows Azure using PowerShell and a community-developed MMC console. ii

Contents CONTENTS... III INTRODUCTION... 4 Objective... 4 MANAGING WINDOWS AZURE USING THE WINDOWS AZURE PORTAL... 4 Certificate Management... 4 MANAGING IIS INSIDE A WEB ROLE... 6 MANAGING WINDOWS AZURE WITH POWERSHELL... 6 VM ROLE PATCHING... 7 IDENTITY MANAGEMENT... 8 USING WINDOWS AZURE CONNECT... 9 CONCLUSION... 12 iii

Introduction As services running in the Windows Azure Platform become an inherent part of the overall IT services an organization is using, the need arises to integrate these services into the existing management lifecycle in your IT environment. The Windows Azure Platform offers alternatives in terms of identity management and service interconnection to organizational networks. It also presents a different way of servicing applications and provides patching to the platform supporting it. Objective This whitepaper will introduce you to the new opportunities for identity management, VM Role patching, and managing IIS provided through Windows Azure Platform. You ll also be introduced to some of the techniques available for managing Windows Azure using PowerShell and a community developed MMC console. Managing Windows Azure using the Windows Azure Portal The Windows Azure Platform is managed through the use of an online web-based portal. The same portal is used for both developers who develop code as well as infrastructure managers who are responsible for deploying, managing, monitoring and securing applications. The portal is Silverlight-based and includes getting started wizards to help walk you through the process of creating subscriptions, hosted services, storage accounts and Content Delivery Network (CDN) configuration. This portal is also used to manage SQL Azure databases. Figure 1: The Windows Azure Portal Certificate Management In order to be able to consume information from the Windows Azure Platform from an external or desktop tool, you will need to configure a means to authenticate and validate 4

identity. This process is done by providing a management certificate. These certificates can be generated locally or be part of a larger scale certificate generation process. Certificates are a key component of Windows Azure security. There are two types of certificates that will secure your applications and services. Service certificates. Service certificates are traditional SSL certificates used to secure endpoint communications. If you ve ever configured SSL security for a Web site hosted on IIS for example, you re familiar with this type of certificate. You need service certificates for production deployments issued by a trusted root certificate authority (CA). You ll need to purchase them from a third-party like VeriSign or DigiCert. For security purposes, you can t buy a certificate mapping to the yourapp.cloudapp.net. Only Microsoft can issue certificates for cloudapp.net, though you can create your own self-signed certificate for development purposes. Self-signed certificates should only be used for testing purposes; they are not trusted by end-user web browsers, this does not mean that the certificate isn t working, but rather not trusted by a root CA. Management certificates. Management certificates are the other type of certificate used by Windows Azure. There are different tools that will need to use Management Certificates. Visual Studio Tools for Windows Azure will consume a management certificate to interact with the Windows Azure platform to perform deployments. The CSUpload command-line tool also uses management certificates to deploy virtual machine role images, and any additional tool you will use to manage the services and storage, such as the Windows Azure Service Management CmdLets for Windows PowerShell. You can use the Windows Azure PowerShell CmdLets to easily execute and automate Windows Azure-based system deployment, configuration and management. In order for this to be allowed you will provide the Windows Azure management certificates in X.509 (.cer) format. Important to mention is the fact you will also need certificates to enable RDP management capabilities to a role instance. Once the certificates have been created, they will need to be uploaded to the Windows Azure Portal. Figure 2: Manage Certificates 5

Figure 3: Add a New Management Certificate Managing IIS Inside a Web Role The Web role also includes Full IIS functionality, which, on a per-web role basis, enables multiple IIS sites, applications, virtual directories, and bindings. It also offers the ability to install IIS modules, and use the regular IIS management tools. Full IIS is also fully scriptable. With Windows Azure's Web Role you are able to deploy web sites and services using full IIS functionality. There are a number of useful capabilities that only exist in IIS, including support for multiple sites or virtual applications and activation of WCF services over non- HTTP transports through Windows Activation Services There are multiple ways to manage this environment: 1. Use the Windows Azure Portal for limited management of IIS. 2. Create a VPN connection using Windows Azure Connect, and then manage the services from a connected desktop. 3. Use the RDP capabilities that are now part of the Windows Azure Platform. Figure 4: Windows Azure Full IIS Managing Windows Azure with PowerShell With the introduction of the Windows Azure Service Management API, it has become a very natural progression to use and incorporate PowerShell as one of the tools to manage 6

Windows Azure services and roles. This has given way to the creation of CmdLets that would assist in the automation of managing Windows Azure services. The Windows Azure Service Management CmdLets for PowerShell give you the ability to manage your Azure Services and also automate processes related to them. The following table provides a sample list of tasks that can be accomplished using PowerShell: Task Deploy new hosted services Upgrade services Remove Hosted Services Manage Storage Accounts Manage Certificates Configure Diagnostics Transfer Diagnostic Information Upload and deploy packages Description Configure automatic or manual upgrades. Swap VIP between staging and production. Automatically stop services and stop the billing cycle. Retrieve or recreate storage keys Deploy certificates Configure event sources to monitor (Event Logs, Tracing, IIS Logs and Performance Counters) Schedule diagnostics transfers or have them execute on demand. The complete list of Windows Azure Service Management CmdLets from the MSDN Code Gallery is available at http://code.msdn.microsoft.com/azurecmdlets. VM Role Patching When working with the Virtual Machine role in the Windows Azure Platform, there will be a need to keep the same policies that normally govern an on-premise deployment of any type of server solution. Unlike the Web and Worker Roles in Windows Azure, VM Role deployments require the OS running inside the VHD to be serviced. The task now is to know what guidelines and process to follow to make the changes, either in software services and patching, or by modifying the configuration of the role itself. You ll use the familiar Hyper-V environment to start the virtual machine. 1. Create a differencing VHD 2. Add the differencing VHD to an existing virtual machine 3. Create a new virtual machine with the differencing VHD 4. Start the virtual machine 5. Make the updates and changes you need Note that these steps repeat the creation process but provide a delta by adding a differencing VHD. This allows the base image to remain unaffected. You ll keep your base images and implement a mechanism that allows for versioning to control, manage, and track the changes you apply. 7

You ll need to associate your differencing VHD to the base image VHD in Windows Azure. In order to complete this, you will use the CSUpload command-line tool to create the association by: 1. Having a connection set to your subscription csupload Set-Connection "SubscriptionId=SubscriptionId;CertificateThumbprint=CertThumbprint" 2. Set the differencing VHD (child) with a relationship to the base image VHD (parent) that is already living in the environment csupload Set-Parent Child differencing.vhd Parent base.vhd 3. Change the Configuration of the VM role by editing the current configuration and replacing the Value of the OSImage setting to the name of the differencing VHD. Identity Management The Windows Azure Platform provides new ways to implement services and applications and increases the number of ways in which we can exchange information, but at the same time it increases both the challenges of integration and the need to connect to the services as a normal pattern. This impacts our normal patterns of authentication to the applications we create and then maintain. In a corporate network environment, we have been able to simplify this process by working with domains or realms, and then allowing for integrated authentication. The driver for this process has been the need to simplify the way in which users interact with the application as a whole. The Windows Azure platform builds on this pattern and allows us to extend the reach and the capabilities of our applications even further. The Windows Azure platform has two main mechanisms to support our need for integration: 1. Windows Azure Connect 2. Windows Azure AppFabric Access Control Service (ACS) Both provide a means to allow users of a corporate or disparate network to be able to access services offered through the Windows Azure platform. Windows Azure Connect represents a VPN-like environment that allows the corporate network to become aware of the Windows Azure roles. Windows Azure AppFabric ACS is more a model for Identity Federation. Think of it as having an ID to be able to enter your corporation premises, but with the added functionality of access to a partner s network. It provides an opportunity to extend authentication services to integrate with each other, so that users who consume services offered through the Windows Azure Platform are not required to remember different sets of credentials. Another way in which we can manage identities in the Windows Azure platform is by defining who can manage the services and configuration of the environment. That opens up the possibility of having multiple points of contact and distributes the task of management to other individuals within the IT Services team. In cases where multiple Windows Azure subscriptions exist, it allows us to define who will be responsible for a specific section if we 8

needed to segment and isolate management. This task can be achieved by connecting to the Windows Azure Portal, and expanding into User Management. Figure 5: User Management in the Windows Azure Portal Figure 6: Manage subscriptions Figure 7: Assign roles Using Windows Azure Connect When we need to implement a connection between disparate and remote systems, we have always found a mechanism to allow for data exchange, and Windows Azure is no exception to this. Windows Azure Connect enables us to configure connections between computers that are on-premise, local computers, and the roles running on the Windows Azure platform. Once the connection is configured, role instances in Windows Azure will use an IP addressing scheme similar to what you use with other networked components. Think of this as configuring a point-to-point VPN between the Windows Azure environment and your corporate network. 9

Figure 8: Connecting through the Windows Azure Portal In building onto this model, the implementation of Windows Azure Connect will allow you to: 1. Remotely administer role instances. 2. Use tools like PowerShell to manage the Windows Azure role instances. 3. Join Windows Azure role instances to your domain, providing a means to implement authentication and name resolution. 4. Have a model that supports a distributed application that splits responsibilities into elements that are running as a Windows Azure role, but communicate with internal on-premise resources. Windows Azure Worker Role Web Role On-Premise Network Windows Azure Connect Endpoint Figure 9: Windows Azure Connect Endpoints Figure 10: Configure using the Windows Azure Portal 10

The following list describes what needs to be configured for a connection that uses Windows Azure Connect: 1. Review a diagram of the different components to use with Windows Azure Connect. 2. Activate your Windows Azure roles for Windows Azure Connect. Figure 11: Activate Groups and Roles 3. Install the endpoint software on the On-Premise systems. Figure 12: Install endpoint software 4. Open Port 443 (TCP) outbound on the local computers. 5. Create a group of local endpoints. 11

Figure 13: Create a group of endpoints 6. Configure the group of endpoints. Figure 14: Configure the group of endpoints If the intention is to have your Windows Azure role belong to a domain, you will need to consider the following: 1. Review a diagram of the different components needed to work with Windows Azure Connect. 2. Install the endpoint software on the on-premise systems. 3. Open Port 443 (TCP) outbound on the local computers. 4. Collect information on settings to implement and configure to join the Windows Azure to the domain. This is information that would include the Activation Token and the setting for the Windows Azure to be able to join the domain. 5. Activate your Windows Azure roles for Windows Azure Connect 6. Create and configure a group of local endpoints. Conclusion With a constantly evolving world of IT, we are starting to see a change in the paradigm of services and how they affect the IT infrastructure that an IT Professional manages. Finding patterns and methodologies that allow for the same efficiency applied with on-premises 12

solutions to carry over to the hosted services is essential for the lifecycle of the new infrastructure capabilities provided by Windows Azure. The ability to automate some, if not most, tasks is a key part of this process, and leveraging tools like PowerShell brings the IT Professional an effective and familiar set of options. Understanding the different ways in which hosted services can be accessed, managed, integrated, and exposed to clients, users or customers will be a key skill set for the IT Professional. 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback