nic - windows azure pack - level 300
DESCRIPTION
If you want to see and learn the future of service delivery and automation, you should definitively join this session to see how you can leverage new technology like network virtualization with GRE (NVGRE) and self-service deployment of complex workloads with Windows Azure Pack. Automation is key to maximize your investment in Windows Server and System Center, which Windows Azure Pack is all about. This session is tailored at service providers, enterprises and for the general public who wants to learn more about the future of cloud computingTRANSCRIPT
Kristian NeseCTO, MVPLumagate
Under the hood of Windows Azure Pack
Kristiannese.blogspot.com@KristianNese
• Session Objective(s): • What is the Windows Azure Pack Framework• Learn how to deploy and configure Windows Azure Pack and the IaaS/VM services using System Center• The future of Cloud Computing and Service Delivery
• Key Takeaway 1• Your customers have flexibility in deploying and configuring Windows Azure Pack to meet their business needs, including production
and lab environments• Key Takeaway 2
• The IaaS/VM service can be offered via Windows Azure Pack using System Center Virtual Machine Manager and Service Provider Foundation
Agenda
1ConsistentPlatform
Windows Azure Pack
Service ProvidersPrivate Cloud
Public Cloud
Microsoft Cloud OS Vision
DEVELOPMENT MANAGEMENT IDENTITY VIRTUALIZATIONDATA
Azure Virtual Machines
Windows Azure Pack
R2 w/ Service Provider Foundation
Future Servic
esService
BusSQLVMs
WebSites
Service Management API
ServicePlansUsers Provider
PortalConsumer
Self-ServicePortal
Web SitesAppsDatabaseVMs
Service ProviderCustomer
Self Service Portal Moves On-Premises
Common Mgt. Experience
Workload, Portability
Cloud-Enabled Services Move On-
Premises
Consistent Dev.
Experience
Other Service
sCDN.
Media,, etc.
Caching
Service Bus
SQLVMRole
WebSites
WorkerRole
Service Management API
Web SitesAppsDatabaseVMs
Subscriber Self-
ServicePortal
Windows Azure
Cloud OS Consistent Experiences
R2
SMA
ON-PREMISES
SERVICE PROVIDERMICROSOFT
CONSISTENTPLATFORM1
TENANT & ADMIN PORTALS
SERVICE BUSWEBSITES VIRTUAL MACHINES
DATABASES VIRTUAL NETWORKS
WAP
SERVICE MANAGEMENT API
IaaS - Elastic Tiers
Virtual Networks
Window and Linux
Gallery of apps
Fully self-service
Reliable Messaging
Standards Based
Cross Cloud
Fully self-service
Web Application PaaS
Highly Scalable
Dev-ops optimized
Integrated SCC
Fully self-service
Multi-tenant
Site-2-Site VPN
BGP
NAT
Fully self-service
SQL Server
Databases
Fully self-service
MySQL
Partners using Windows Azure Pack
Member of the Cloud OS Network, as one of 25 leading service providers worldwide. Will leverage Windows Azure Pack together with System Center and Windows Server Hyper-V to deliver cloud services from its local datacenters with optional Windows Azure and Office 365 integration.
Partners using Windows Azure Pack
With a huge focus on automation, Hatteland is able to deliver sophisticated services to tenants through self-service capabilities, running the latest platform on 2012 R2 with Windows Azure Pack.
Hatteland provides scale at every level, all from the fabric and up to applications using the Cloud OS.
Deploying Windows Azure Pack
• Express• Simple, fast
• Deploy all components on one box (portal, APIs, backend services, databases)
• Intended for lab or demo environments
• Distributed• Production environments• Offers flexibility to deploy based on customer requirements • Performance and Scale• Security• Availability
Supported Deployments
WAP Express Installation
Express Deployment
SQL Server Express Service
Bus
Web Sites
SPF + VMM + OM
Management Database
High Privileged Services+ Internet Facing
Providers
All WAP Portal and API services deployed on a single VM
Tenant APIWAP Admin API
WAP Admin Site
Tenant Authentication Site
Tenant Public API
Tenant Site
Distributed Deployment
WAP SQL Server Cluster
ADFS
Service Bus
Web Sites
SPF + VMM + OM
Internet Facing
High Privileged Services
Providers
Management Database
Identity Federation
Increase # of servers to address performance
Separate components for SecurityPlug in Federation services to enable different identity
providers
Scale out all nodes for HA
Demo: Web Platform Installer & Configuration Site
Windows Azure Pack Sites and Endpoints
Portal• Admin Site• Admin Authentication Site• Tenant Site• Tenant Authentication Site• Configuration Site
API• Tenant API• Tenant Public API• Admin API
Resource Providers• Virtual Machines• Web Sites• Service Bus• SQL RP• My SQL RP
Infrastructure• Monitoring• Web App Gallery• PowerShell Modules• Usage• Usage Collector
Windows Server 2012 or higherSQL 2012 SP1 or higherInternet Information Services (IIS).NET 3.5 and 4.5Web Platform Installer
http://technet.microsoft.com/en-us/library/dn296442.aspx
Deployment Pre-requisites
Scale out Tenant Portal for better performance For high availability
Hardware load balancer recommended for public tier (Tenant Portal and Tenant Public API)
Failover cluster instance, Always On Availability group and a combination of the two are supported for SQL
SQL instance (for configuration data) Recommend a separate instance
During install process, take snapshots! Pre installation, Post installation, Post configuration
Replace self-signed certificates with certs from a trusted CA
Deployment tips
Event Viewer (Application and Service Logs Microsoft Windows Azure Pack)
Use Fiddler Tracing web traffic Configure https
Validate Accounts Add Admin users to MgmtSvcOperators Local Group Use Add-MgmtSvcAdminUser cmdlet to give users access to the admin portal
Make sure that you make a note of the passphrase used. There is no way to recover it.
Prepare FQDNs required for configuration
Troubleshooting during configuration
Bring the action
Deploying the Virtual Machines Service
Multi-tenant IaaS Cloud Architecture
Service Management API
Management Portal
Service Provider Foundation SPF Web Server
Stamp2
SPF DB
VMM Server 2
VMs
Stamp1
VMM Server 1
Stamp scale unit each with management and host capacity
Compute Storage Network Compute Storage Network
Service Admin Portal
TenantPortal
PublicEndpoint
TenantAPI
Service Admin API
Tenant creates and operates VMs
Management Portal Tenant and Service Admin UI
Service Management API Governs routing and access to resources
SPF multi-tenant REST Odata API for System Center IaaS
Service Provider Foundation (SPF)
Virtual Machines
Virtual MachineManager
VM networksVirtual Machine
Manager
Service Templates
Virtual MachineManager
AutomationOrchestrator
Enables Hosted IaaS • VM management
• Service management
• Self-service VM networks
• Multi-tenancy / Multi-stamp
• Self-service tenant administration
• Enterprise identity for SPF
• Extensibility for hosted cloud API
• Usage Metering via SCOM
REST-based Odata API
2012 R2
Configuring VMM to Offer IaaS
Combine hosts and networks, storage, and library resources together to create a service provider cloud.
Delegate access to self-service users and let them manage cloud resources and create services
Deploy VMs to private clouds or hosts by using VM templates
Create a cloud by moving the underlying resources of network, storage, & compute into the cloud.
Configure the fabric
Create a cloud from the fabric
Delegate the cloud to a
self-service user
Deploy VMs
Demo: Configuring VMM and SPF for IaaS
SPF
Configuring IaaS for Windows Azure Pack
Admin Tenant
PlansSubscription
s
OffersStamps
User RolesOffer
1
2
3
4
56
VMM
Service ManagementAPI
VMM
AdminPortal
TenantPortal
User Identities
Subscription
Plan
1. Configure Fabric in VMM and Create Cloud
2. Create Template, HW Profile
3. Configure Accounts in SPF
4. Connect Service Management API to SPF & Register VMM server
6. Tenant Subscribes to Plan and Creates VM
5. Offer Plan with Cloud to Tenant User
Multi-tenancy across LayersService Admin
PortalTenant Portal
Service Management API
Service Provider Foundation (Tenant, Admin, Usage)
Virtual Machine Manager
Orchestrator Operations Manager
Hyper-V
PaaS Provisioning and Management
Engine
IISSQL Server
Service Bus
Windows Server
Demo: Offering IaaS using Windows Azure Pack
Time to get excited!
The future of Cloud Computing with WAP
Gallery Items Add value to your subscribers through sophisticated
applications and server workloads
Remote Console Provides Remote Desktop experience through VMBus and
allows console access to VMs without network connectivity
Network Virtualization Leverage capabilities in Hyper-V to support a multi-tenant
infrastructure for tenants using NVGRE
VMRole Gallery Item Overview
• 2 packages• RESDEF which houses views
and WAP portal understanding of Gallery Item
• RESEXT which houses VMM’s understanding. Includes customresources
WAP Gallery Items
• Adding Gallery Items to WAPCatalog• Current VMRole Gallery Items can be found in this custom feed to WebPI
http://www.Microsoft.com/web/webpi/partners/servicemodels.xml
• Learnings moving from service templates to gallery items
• VM Role Authoring Tool : https://vmroleauthor.codeplex.com/VM Role Authoring Tool Videos: http://www.youtube.com/playlist?list=PLjbVGPEELuaSuM-0eh9GO05zDFUudydJ1
• Working with Gallery Items
Using Virtual Machine Roles
Gallery Item
(Virtual Machine
Role Template)
ApplicationExtension
(App Profile and
Payload)VMM
Virtual Machine Role
VM VM VMSPF
Gallery Wizard
Service Admin Manage GalleryOffer to Tenants
TenantCreate Virtual Machine Role
Manage Virtual Machine Role
Powershell
Portal
2
1
3
4
5
1. Import Application Extension into VMM2. Import Gallery Item into SPF3. Offer to Tenants4. Create Virtual Machine Role5. Manage existing Virtual Machine Roles
Service Admin Gallery
• Import and Manage Gallery Items• Resource Definition Package
• Publish / Unpublish Gallery Items to Tenants• Immediate impact when
unpublishing
• Add Gallery Items to Plans• Scopes access based on plan and
subscription• Gallery Item authorization from SPF• Resource extension from VMM
Tenant Virtual Machine Features
• Cloud OS Virtual Machine Role• Scale-out and Scale-In of a Virtual
Machine Role• Update settings• Upgrade to new version• Change networks• Start/Stop/Shutdown VMs• Add/Remove Devices
• Support for VM Templates• Active Directory Authentication• Co-admins can share
subscription
Demo: Working with Gallery Items
### Sample script that imports the Web VM Role into VMM Library### Get Library share### Get resource extensions from folder### Import resource extension to VMM library$libraryShare = Get-SCLibraryShare | Where-Object {$_.Name -eq 'MSSCVMMLibrary'} $resextpkg = $Env:SystemDrive + "\Gallery Resources\WS2012_IIS_VMRole_Pkg\WS2012WebServer.resextpkg"Import-CloudResourceExtension –ResourceExtensionPath $resextpkg -SharePath $libraryshare -AllowUnencryptedTransfer### Get virtual hard disk that should be associated with the resource extension### Ask VMM for operating systems equal to 64-bit edition of Windows Server 2012 Datacenter### Set virtual hard disk to be tagged as Windows Server 2012 Datacenter$myVHD = Get-SCVirtualHardDisk | where {$_.Name –eq 'webg1.vhdx'} $WS2012Datacenter = Get-SCOperatingSystem | where { $_.name –eq '64-bit edition of Windows Server 2012 Datacenter' } Set-scvirtualharddisk –virtualharddisk $myVHD –OperatingSystem $WS2012Datacenter### Define tags### Tag vhd with familiy name (Windows Server 2012) and extension requirements (.NET3.5)### Set properties on vhd$Tags = $myvhd.tagif ( $tags -cnotcontains "WindowsServer2012" ) { $tags += @("WindowsServer2012") }if ( $tags -cnotcontains ".NET3.5" ) { $tags += @(".NET3.5") }Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -Tag $tagsSet-SCVirtualHardDisk -VirtualHardDisk $myvhd -FamilyName "Windows Server 2012 Datacenter" -Release "1.0.0.0"### Verify cloud resource extensionsGet-CloudResourceExtension | Format-List -Property State, Description, Name### Verify cloud resources deployedGet-CloudResource | Format-List -Property name### Verify tags on vhdsGet-SCVirtualHardDisk | Format-List -Property familyname, OperatingSystem, VHDFormatType, release
Enable Remote Console Access for Tenants
• VMs can be:• On isolated network/no network• Windows/Linux/No OS
• Requires• RDP client that support RDPTLSv2• Windows Azure Pack
• Service Management Portal• System Center 2012 R2• Windows Server 2012 R2
• Hyper-V• Remote Desktop Gateway
Remote Console Flow
Browser
Remote Desktop Client
client supporting RDPTLSv2
Windows Azure PackPortal
System Center 2012 R2
Windows Server 2012 R2
Remote Desktop Gateway
RDP File
RDP FileTokens (Host, VM)
Console Request
Trust
Trust
Windows Server 2012 R2 Hyper-V
Validate token signature.Validate token timestamp.Authorize host & port only
Validate token VMID.Authorize only specific VM.
Verify user accessGenerate and sign tokens
Generate RDP file and embed tokens
Demo: Remote Console
Hyper-V Network Virtualization Concept
Different subnets
10.0.0.5 10.0.0.5 10.0.0.7 10.0.0.7
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.0.0.5 10.0.0.7
GRE Key 5001
MACCA
10.0.0.5 10.0.0.7
GRE Key 6001
MACCA192.168.2.22
192.168.5.55
10.0.0.510.0.0.7
10.0.0.510.0.0.7
10.0.0.5 10.0.0.7
10.0.0.510.0.0.7
VSIDProvider Address
Customer Address
NVGREPacket
Hybrid Networking in WSSC 2012 R2• Multitenant S2S network
virtualization GW• Clustering for high
availability on guest and host level
• Uses BGP for dynamic routes update
• Multitenant aware NAT for Internet access
• Integration with VMM 2012 R2
• Up to 200 S2S VPN Connections, 50 Routing domains and 500 virtual subnets
ContosoSite 1
ContosoSite 2
Northwind
FabrikamSite 1
FabrikamSite 2
ContosoVM Network
Northwind VM Network
Fabrikam VM Network
Internet Hoster
S2S tunnelS2S tunnel
S2S tunnel
S2S tunnel
S2S tunnel
BGP
Tenant Networks
• Tenants create their own networks• Site to Site VPN
• Network Address Translation (NAT)
• Configuration of topology and border gateway protocol (BGP)
• Tenant IP addresses with network virtualization
• Consistent user experience with Azure
Demo: Tenant Network using NVGRE
Summary• Deployment models should meet
business requirements• WAP requires WSSC 2012 R2 (w/SPF)• Use Gallery Items to extend service
offerings• Configure Remote Access and NVGRE to
create an awesome IaaS Cloud
Thank you!
Please evaluate the session before you leave
http://kristiannese.blogspot.com
@KristianNese
Hybrid Cloud with NVGRE – whitepaper: http://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a