azure virtual machines - building up your infrastructure in the cloud

WINDOWS AZURE IAAS TIPS & TRICKS

• Anton Staykov• @astaykov

ABOUT ME

• Windows Azure MVP (3 times now)

• With Azure from the beginninghttp://blogs.staykov.net/@astaykov

AGENDA

Azure IaaS Outside-In connection issues Virtual Networks IP Addresses AD/DC – Highway to … Mail Server on Azure

PaaS SaaSPhysical Virtual IaaS

A CONTINUOUS OFFERING FROM PRIVATE TO

PUBLIC CLOUD

WINDOWS AZURE VIRTUAL MACHINES

Support for key server applications*

Easy storage manageability

High availability features

Advanced networking

Integration with compute PaaS

* http://bit.ly/azurevmsupport

COMMON ISSUES

VM Disappears or was deleted (MSND /Free Trial)

Blob storage occupied (VHD not deleted)

Temporary Disk (how temporary is it?) What disk size should I chose?

DEMO

INTERNET CONNECTIVITY

Outside-In

Virtual Machine (IaaS)

Local IP (DIP)

LBVIP

Windows Azure Cloud Service (foo.cloudapp.net)

INTERNET

NETWORKING PICTURE

OUTSIDE-IN CONNECTIVITY

Endpoint Definition Windows Firewall Rules Corporate Firewalls PING times out

VIRTUAL NETWORK

VNET SCENARIOS

Define IP Address space for VMs IaaS Interconnectivity Site-to-Site Point-to-Site IaaS-to-PaaS and vice-versa

VNET

Address Spaces 10.0.0.0 172.16.0.0 192.168.0.0

Sub Nets Gateway Sub-Net

ADDRESS ALLOCATION SECRETS

Always and only by DHCP The first host gets the 4th IP Address i.e. 192.168.0.4

Automatic cross-sub-net connectivity

Internal IP Address Reservation!

VNET CROSS-PREMISES

Site-to-Site Point-to-Site Express Route

VNET LIMITATIONS

No Cross-Data-Center Connections

No site-to-multiple-sites Connections

NAME RESOLUTION

NAME RESOLUTION SCENARIOS

When not in VNetPaaS only (Web/Worker Roles)

IaaS only (Virtual Machines)

When in VnetCloud onlyCloud + Site-to-Site VPN

DNS SERVER ON IAAS

DNS SERVER SECRETS

Just for the DNS server machine, set DNS to 127.0.0.1 when deploying!

Place the DNS Server on its own subnet Remember the full format of FQDN http://bit.ly/fqdn

Reserve “Static IP Address” for the VM

http://bit.ly/azurestaticip

IP ADDRESS ASSIGNMENT SECRETS

IP Address predictability and reservations

Sub-net isolation Address Space Isolation

AD/DC ON IAAS

Highway to Clouds

AC/DC NETWORK LAYOUT

VNET-WE-IAASTIPS-PROD

DNS/ 192.168.30.4

Address Space 192.168.30.0/29

Sub-ADDC: 192.168.30.0/29

Address Space 172.16.0.0/22Sub-Clients: 172.16.0.0/22

http://bit.ly/azuread

MAIL SERVER ON IAAS

HOSTING OWN MAIL SERVER ISSUES

Public (dynamic) IP Address Reverse DNS records (PTR Records) http://bit.ly/azureptr

KEY TAKEAWAYS

Never forget Firewall Know your IP Addresses Don’t host Email Server (yet) Password Expiration

Q&A

• Anton Staykov

• @astaykov

• http://blogs.staykov.net/