us it camp - azure hybrid cloud hol - fy14h2 - 201405

8/12/2019 US IT Camp - Azure Hybrid Cloud HOL - FY14H2 - 201405

1/47

1 | P a g e B u i l d & M a n a g e a D e v / T e s t S e r v e r F a r m i n t h e C l o u d

Hands-on Lab: Build and Manage a

Dev/Test Server Farm in the Cloud using

Microsoft Azure Infrastructure ServicesMicrosoft Azure Infrastructure Services provides cloud-based storage, virtual networks and virtual

machines that can be provisioned on-demand to support lab, pilot or production application workloads.

In this Hands-on Lab, youll build a functional Dev/Test lab environment that includes Active Directory,

SQL Server and SharePoint Server 2013 virtual machines on a common virtual network running on the

Microsoft Azure cloud platform, as depicted in blue in the figure below.

Youll be leveraging aMicrosoft Azure FREE Trial Subscription program to build this cloud-based lab

environment for development and test lab purposes.

As you provision this lab environment, youll gain hands-on experience with the following management

tools:

Microsoft Azure Management Portal

Windows PowerShell and the Microsoft Azure PowerShell Module

System Center 2012 R2 App Controller

System Center 2012 R2 Orchestrator

After completing this hands-on lab document, you will be able to easily extend this lab environment

with additional virtual machines if load-balancing and high availability are needed.


2/47


Lab RequirementsThe following components are required to successfully complete this Hands-on Lab:

A modern web-browser with HTML5 and Javascript enabled

Remote Desktop Client connection software

Internet connectivity

Lab Conventions

In this lab, well be using a naming convention of XXXlabYYY01 for some cloud resources, where XXXwill

be replaced with your unique initials and YYYwil l be replaced with an abbreviation representing the

function of a virtual machine or Microsoft Azure configuration component, such as ad, dbor web.

Lets Get Started!

In this step-by-step lab guide, you will learn how to:

1) Get Started with Microsoft Azure Infrastructure Services

2) Register a DNS Server in Microsoft Azure

3) Define a Virtual Network in Microsoft Azure

4) Configure Windows Server Active Directory in a Microsoft Azure VM

5) Configure SQL Server 2012 in a Microsoft Azure VM

6) Configure SharePoint Server 2013 in a Microsoft Azure VM

7) Provision Virtual Machines via Windows PowerShell for System Center 2012 R2

8) Manage Microsoft Azure with System Center 2012 R2 App Controller

9) Automate Microsoft Azure with System Center 2012 R2 Orchestrator

10)

Shut down the On-demand Dev/Test Lab Environment

Estimated time to complete: 3 hours

COMPLETING LAB EXERCISES This Hands-on Lab Guide provides flexibility when completing exercises.

If you are interested in provisioning SharePoint as part of your Dev/Test lab environment on Microsoft

Azure, you can complete the exercises in the order written. However, if you are more interested in

managing Microsoft Azure with System Center 2012 R2, you can complete Exercises 1-5 and then skip to

Exercises 7-9. You can complete Exercise 6 later, as time permits.

POWERSHELL BEGINNER?Some of the steps in this Hands-on Lab require typing PowerShell commandlines. If youre new to PowerShell, weve made it easy to copy/paste these command lines into the

appropriate virtual machine by providing a set of PowerShell snippets for these lab exercises. You can

access these snippets athttp://aka.ms/FY14H2AzureHOLSnippets from the browser on your local PC.

BEFORE LEAVING TODAY be sure to complete Exercise 10 to shut down all running Microsoft Azure

virtual machines to avoid continuing virtual machine compute charges.
http://aka.ms/FY14H2AzureHOLSnippetshttp://aka.ms/FY14H2AzureHOLSnippetshttp://aka.ms/FY14H2AzureHOLSnippets


3/47


Exercise 1: Get Started with Microsoft Azure Infrastructure Services

In this exercise, you wil l activate a free Microsoft Azure Trial Subscription and then setup two

components that will be needed for the other exercises in this lab: a Microsoft Azure Affinity Group and

a Microsoft Azure Storage Account.

1) Sign-up for your FREE Microsoft Azure Trial Account.

Sign-up for a FREE trial of Microsoft Azure athttp://aka.ms/MicrosoftAzureFreeTrial so that you can

follow along with the steps in this Hands-on Lab.

When signing up for a Free Trial subscription, you will be prompted to login with Microsoft Account

(formerly Windows Live ID) credentials. If you do not have valid Microsoft Account credentials, you

may create new credentials at https://signup.live.com .

Note:During the Free Trial sign-up process, you will be asked for credit card information to confirm

that you are a legitimate free trial subscriber. Your credit card information is only used to confirmyour identity and youwill NOT be chargedfor any Microsoft Azure services unless you explicitly

convert your trial subscription to a paid subscription at a later date.

2) Login to the Microsoft Azure Management Portal.

Login to the web-based Microsoft Azure Management Portalat http://manage.windowsazure.com

with the same logon credentials you used to sign-up for the FREE Trial above.

Once youve logged in, you should see the main Microsoft Azure Management portal dashboard.

On the blue side navigation bar of the Microsoft Azure Management Portal, youll find the optionsfor managing Virtual Machines, Virtual Networks, Storage and Settings in the cloud. These are the

items well be primarily working with in this hands-on lab.

TIP! You may need to scroll the blue side navigation bar up and down to see all of the options.

3) Define a new Microsoft Azure Affinity Group.

Affinity Groupsin Microsoft Azure are used to group your cloud-based services together, such as

Virtual Machines, Virtual Networks and Storage, in order to achieve optimal performance. When

you use an affinity group, Microsoft Azure will keep all services that belong to your affinity group

running within a common cluster of resources in the same datacenter region to reduce latency and

increase performance.

a) Create a new Affinity Group by selecting Settings from the blue side navigation bar in the

Microsoft Azure Management Portal. You may need to scroll the blue side navigation bar down

to see this selection.

b) On the Settings page, select the Affinity Groupstab on the top navigation bar.
http://aka.ms/MicrosoftAzureFreeTrialhttp://aka.ms/MicrosoftAzureFreeTrialhttps://signup.live.com/https://signup.live.com/http://manage.windowsazure.com/http://manage.windowsazure.com/http://manage.windowsazure.com/https://signup.live.com/http://aka.ms/MicrosoftAzureFreeTrial


4/47


c) Click the +ADDbutton on the bottom navigation bar.

d) On the Create Affinity Group form, enter the following details:

Name:Enter a unique name for your new Affinity Group, such as labag01

Region:Select your closest Microsoft Azure datacenter sub-region.

Click the button to create a new Affinity Group.

4) Create a new Microsoft Azure Storage Account.

Virtual Machines that are provisioned in Microsoft Azure are stored in the world-wide cloud-based

Microsoft Azure Storageservice. In terms of high availability, the Storage service provides built-in

storage replication capabilitywhere every VM is repl icated to three separate locations within the

Microsoft Azure data center region you select. In addition, Microsoft Azure Storage provides a geo-

replication feature for also replicating your VMs to a remote data center region.

a) Create a new Storage account by clicking the +NEWbutton on the bottom toolbar in the

Microsoft Azure Management Portal and then select Data Services | Storage | Quick Create.

b) Complete the following fields for creating your Storage account:

URL:Enter a globally unique DNS hostname for your new storage account, such as XXXlabstor01

(where XXXis replaced with your initials)

Region/Affinity Group:Select the Affinity Group you created in Step 3 above.

Replication: Ensure that the Geo-Redundantoption is selected.

Click the CREATE STORAGE ACCOUNTbutton to create your new Microsoft Azure Storage

account.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/7522.image_5F00_4B709D13.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/7522.image_5F00_4B709D13.png


5/47


Exercise 2: Register a DNS Server in Microsoft Azure

Register the internal IP address that our domain controller VM will be using for Active

Directory-integrated Dynamic DNS services by performing the following steps:

1)

Sign in at the Microsoft Azure Management Portal with the logon credentials used when you signedup for your Free Microsoft Azure Trial.

2) Select Networks located on the side navigation panel on the Microsoft Azure Management Portal

page.

3) Click the +NEW button located on the bottom navigation bar and select

Networks | Virtual Network | Register DNS Server .

4) Complete the DNS Server fields as follows:

NAME: Enter a unique name for the new DNS Server information, such as labdns01

DNS Server IP Address: 10.0.0.4

5) Click the REGISTER DNS SERVERbutton.


6/47


Exercise 3: Define a Virtual Network in Microsoft Azure

Define a common virtual network in Microsoft Azure for running Active Directory, Database and

SharePoint virtual machines by performing the following steps:

1)


2) Select Networks located on the side navigation panel on the Microsoft Azure Management Portal

page.


Networks | Virtual Network | Quick Create.

4) Complete the Virtual Network fields as follows:

NAME: Enter a unique name for the new Virtual Network, such as labnet01

Address Space: 10.---.---.---

Maximum VM Count: 4096 [CIDR: /20]

Location: Select your closest Microsoft Azure datacenter sub-region.

DNS Server: Select the DNS Server registered in Exercise 2above.

5) Click the CREATE A VIRTUAL NETWORK button.


7/47


Exercise 4: Configure Windows Server Active Directory in a Microsoft

Azure VM

Provision a new Microsoft Azure VM to run a Windows Server Active Directory domain

controller in a new Active Directory forest by performing the following steps:

1) Sign in at the Microsoft Azure Management Portal with the logon credentials used when you signed

up for your Free Microsoft Azure Trial.

2) Select Virtual Machines located on the side navigation panel on the Microsoft Azure Management

Portal page.


Compute | Virtual Machine | From Gallery.

4) On the Choose an Image page, select Windows Server 2012 R2 Datacenter and click the button.

5) On the Virtual machine Configuration page, complete the fields as follows:

Version Release Date:Select the latest version release date to build a new VM with the latest OS

updates applied.

Virtual Machine Name:labad01

Tier: Standard

Size: A1 (1 core, 1.75GB Memory)

New User Name:AzureAdmin

New Passwordand Confirm Passwordfields: Choose and confirm a new local Administrator

password.

Record the password you entered here: __________________________________________.

Click the button to continue.

TIP!It is suggested to use secure passwords for Administrator users and service accounts, as

Microsoft Azure virtual machines could be accessible from the Internet knowing just their DNS. Youcan also read this document on the Microsoft Security website that will help you select a secure

password:http://www.microsoft.com/security/online-privacy/passwords-create.aspx .
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_4BDA3F57.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/2804.image_5F00_392545A0.pnghttp://www.microsoft.com/security/online-privacy/passwords-create.aspxhttp://www.microsoft.com/security/online-privacy/passwords-create.aspxhttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/2804.image_5F00_392545A0.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_4BDA3F57.pnghttp://www.microsoft.com/security/online-privacy/passwords-create.aspx


8/47


6) On the Virtual machine Configuration page, complete the fields as follows:

Cloud Service: Create a new cloud service

Cloud Service DNS Name: Enter a globally unique DNS name for the new cloud service, such as

XXXlabad.cloudapp.net

Region/Affinity Group/Virtual Network:Select labnet01the Virtual Network defined in Exercise 3

above.

Virtual Network Subnets: Select Subnet-1(10.0.0.0/23)

Storage Account:Select the Storage Account defined in Exercise 1above.

Availability Set: Create an availability set

Availability Set Name: Enter a name for the new availability set, such as labad.


7) On the Virtual Machine Configuration page, click the button to accept the default values and

begin provisioning the new virtual machine.

As the new virtual machine is being provisioned, you will see the Statuscolumn on the Virtual

Machines page of the Microsoft Azure Management Portal cycle through several values including

Stopped, Stopped (Provisioning), and Running (Provisioning). When provisioning for this new Virtual

Machine is completed, the Statuscolumn will display a value of Runningand you may continue with

the next step in this guide.

8) After the new virtual machine has finished provisioning, click on the name (labad01)of the new

Virtual Machine displayed on the Virtual Machinespage of the Microsoft Azure Management Portal.

9) On the virtual machine Dashboardpage for labad01, make note of the Internal IP Addressdisplayed

on this page located on the right-side of the page. This IP address should be listed as 10.0.0.4.

TIP! If a different internal IP address is displ ayed, the virtual network and/or virtual machine

configuration was not completed correctly. In this case, click the DELETEbutton located on the

bottom toolbar of the virtual machine details page for labad01,and go back to Exercise 2 and

Exercise 3 to confirm that all steps were completed correctly.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/7522.image_5F00_4B709D13.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/7522.image_5F00_4B709D13.png


9/47


10)On the virtual machine Dashboardpage for labad01, click the Connect button located on the

bottom navigation toolbar and click the Openbutton to launch a Remote Desktop Connection to the

console of this virtual machine.

Logon at the console of your virtual machine with the local Administrator credentials as follows:

User name: labad01\AzureAdmin

Password:Enter the password recorded in Step 5above.

11)From within the Remote Desktop session for labad01, install the Active Directory Domain Services

role and promote this server to a domain controller in a new Active Directory forest.

This task can be performed in two different ways: (1) by using theAdd Roles and Featureswizard in

the Server Managertool or (2) via the Active Directory PowerShell cmdlets. To reduce the time

required to complete this task in this lab, youll be using PowerShell to complete this task.

a)

From the Server Manager tool, click on the Toolsmenu in the top-right menu bar and selectWindows PowerShell ISE.

b) In theAdministrator: Windows PowerShell ISEwindow, run the following cmdlets:

Set-DnsClient InterfaceAlias "Ethernet*" `ConnectionSpecificSuffix contoso.com

Install-WindowsFeature AD-Domain-Services IncludeManagementTools

Install-ADDSForest DomainName contoso.com

c)

When prompted for the SafeModeAdministratorPassword, enter and confirm the samepassword recorded in Step 5above.

d) When prompted with Do you want to continue with this operation, press Enterto accept the

default answer.

e) A new Active Directory Domain Services forest will be configured. After labad01restarts,

continue with the next step.


10/47


12)On the virtual machine Dashboardpage for labad01, click the Connect button located on the



Logon at the Remote Desktop console of your virtual machine with the domain Administrator

credentials as follows:

User name: [email protected]

Password: Enter the password recorded in Step 5above.

13)From within the Remote Desktop session for labad01, create user accounts in Active Directory that

wil l be used when installing and configuring SharePoint Server 2013 and System Center 2012 R2

later in this hands-on lab:

CONTOSO\sp_farmSharePoint Farm Data Access Account

CONTOSO\sp_serviceappsSharePoint Farm Service Applications Account

CONTOSO\sc_adminSystem Center Service Account

This task can be performed in two different ways: (1) by using theActive Directory Users and

Computerstool located in the Server ManagerTools menu or (2) via the Active Directory PowerShell

cmdlets. To reduce the time required to complete this task in this lab, youll be using PowerShell to

complete this task.

a) From the Server Manager tool, click on the Toolsmenu in the top-right menu bar and select

Windows PowerShell ISE.

b) In theAdministrator: Windows PowerShell ISEwindow, run the cmdlets provided below. When

prompted to Provide New Password, enter the password recorded in Step 5above.

$newPassword = (Read-Host -Prompt "Provide New Password" `-AsSecureString)

New-ADUser -Name sp_farm -AccountPassword $newPassword `-ChangePasswordAtLogon $False -PasswordNeverExpires $True Ènabled $True

New-ADUser -Name sp_serviceapps -AccountPassword $newPassword `

-ChangePasswordAtLogon $False -PasswordNeverExpires $True Ènabled $True

New-ADUser -Name sc_admin -AccountPassword $newPassword `-ChangePasswordAtLogon $False -PasswordNeverExpires $True Ènabled $True

Add-ADGroupMember -Identity "Domain Admins" -Members "sc_admin"


11/47


c) After the new Active Directory users are created, close theAdministrator: Windows PowerShell

ISE window and continue with the next step.

14)From within the Remote Desktop session of labad01, disable Internet Explorer Enhanced Security

Configuration(ESC).

a)

In the Server Managertool, click on Local Serverin the left navigation pane and select IE

Enhanced Security Configuration.

b) Turn offenhanced security for Administratorsand click the OKbutton.

Note:Modifying Internet Explorer Enhanced Securityconfigurations is not good practice for

production environments and is only performed for the purpose of this particular hands-on

lab guide.

15)From within the Remote Desktop session for labad01, download the installation bits for System

Center 2012 R2. Youll beusing these installation bits later in this hands-on lab.

a) Create a new folder named C:\Installs

b) Click the Startbutton and launch Internet Explorerfrom the Start screen.

c) From within Internet Explorer, browse tohttp://aka.ms/dlscsuite2012

d) Click the Get Started Now button to begin the download process.

e) Login with your Microsoft account and complete the download registration form.

f)

When prompted to install theAkamai Netsession Interfacedownload tool, scroll down insidethe dialog box and click If you cannot complete the installation, click here.

g) Click the OKbutton to use an alternate download method.

h) In the Downloading Fileslist located on the top-right of the web page, scroll inside the list box

and download the following files to the C:\Installs folder:

- SC2012_R2_SCAC.exe

- SC2012_R2_SCO.exe

- SC2012_R2_SCVMM.exe

Once the download of the last file has begun, continue with the next exercise while the process

completes in the background.
http://aka.ms/dlscsuite2012http://aka.ms/dlscsuite2012http://aka.ms/dlscsuite2012


12/47


Exercise 5: Configure SQL Server 2012 in a Microsoft Azure VM

Provision a new Microsoft Azure VM to run SQL Server 2012 by performing the following steps:




Portal page.



4) On the Choose an Image page, select SQL Server 2012 SP1 Enterprise on Windows Server 2012 and

click the button.

5)

On the Virtual Machine Configuration page, complete the fields as follows:


updates applied.

Virtual Machine Name:labdb01

Tier: Standard

Size: A3 (4 cores, 7GB Memory)


New Passwordand Confirm Passwordfields: Use the same password recorded in Exercise 4, Step 5.

http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/5140.image_5F00_6F988853.png


13/47


6) On the Virtual Machine Configuration page, complete the fields as follows:



XXXlabfarm.cloudapp.net


above.




Availability Set Name: labdb









8) After the new virtual machine has finished provisioning, click on the name (labdb01)of the new


9) On the virtual machine Dashboardpage for labdb01, make note of the Internal IP Addressdisplayed

on this page. This IP address should be listed as 10.0.0.x, where x is a valid host ID on the virtual

network.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.png


14/47


10)On the virtual machine Dashboardpage for labdb01, click the Connect button located on the


console of this virtual machine. Logon at the console of your virtual machine with the local

Administrator credentials defined in Step 5above as follows:

User name: labdb01\AzureAdmin

Password: Enter the password recorded in Exercise 4, Step5.

11)Join this server to the contoso.comdomain and restart the server to complete the domain join

operation.

This task can be performed in two different ways: (1) by using the Local Serverpage in the Server

Managertool or (2) via theAdd-ComputerPowerShell cmdlet. To reduce the time required to

complete this task in this lab, youll be using PowerShell to complete this task.

a) From the Server Managertool, click on the Toolsmenu in the top-right menu bar and select


b) In theAdministrator: Windows PowerShell ISEwindow, run the cmdlets provided below.


Add-Computer DomainName contoso.com

c) When prompted for Administrator credentials, enter the following user name and password:

User name:[email protected]

Password: Enter the password recorded in Exercise 4, Step 5.

d) Restart the labdb01 virtual machine by issuing the fol lowing PowerShell cmdlet:

Restart-Computer

12)After the server restarts, connect again via Remote Desktop to the servers console and login with

the local Administrator credentialsdefined above in Step 5as follows:

User name:labdb01\AzureAdmin

Password:Enter the password recorded in Exercise 4, Step 5.


15/47


13)Add the CONTOSO\AzureAdminuser to SQL Server with the Sysadmin server role assigned.

This task can be performed in two different ways: (1) by using the SQL Server Management Studio

tool or (2) via the SQLPS PowerShell cmdlets. To reduce the time required to complete this task in

this lab, youll be using PowerShell to complete this task.

a)

From the Server Managertool, click on the Toolsmenu in the top-right menu bar and select



Set-ExecutionPolicy RemoteSigned Force

Import-Module SQLPS

Set-Location SQLSERVER:\sql\labdb01

Invoke-Sqlcmd -Query "CREATE LOGIN [CONTOSO\AzureAdmin] FROMWINDOWS"

Invoke-Sqlcmd -Query "EXEC sp_addsrvrolemember'CONTOSO\AzureAdmin', 'sysadmin'"

14)In order to allow SharePoint to connect to the SQL Server instance in this virtual machine, you will

need to add an Inbound Rule for the SQL Server requests in the Windows Firewall.

This task can be performed in two different ways: (1) by using the Windows Firewall with Advanced

Securitytool or (2) via the New-NetFirewallRulePowerShell cmdlet. To reduce the time required to




b) In theAdministrator: Windows PowerShell ISEwindow, run the cmdlet provided below.

New-NetFirewallRule -DisplayName "SQLServer-AllowInbound" `-Action Allow -Direction Inbound -LocalPort 1433 -Protocol TCP

The configuration for this virtual machine is now complete, and you may continue with the next

exercise in this hands-on lab guide.

TIP! This lab provides flexibility in completing exercises. If you are interested in continuing to build a

SharePoint dev/test lab environment on Microsoft Azure, you can complete Exercise 6next. However, if

you are more interested in managing Microsoft Azure with System Center 2012 R2, you can skip to

Exercises 7-9and come back to Exercise 6 at a later time.


16/47


Exercise 6: Configure SharePoint Server 2013 in a Microsoft Azure VM

Provision a new Microsoft Azure VM to run SharePoint Server 2013 by performing the following

steps:

1)



Portal page.



4) On the Choose an Image page, select SharePoint Server 2013 Trial and click the button.

5)


Virtual Machine Name:labweb01

Tier:Standard

Size: A4 (8 cores, 14GB Memory)





Cloud Service: XXXlabfarm.cloudapp.net (Select the existing Cloud Service provisioned in Exercise 5)


above.




Availability Set Name: labweb
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/4314.image_5F00_32997823.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/4314.image_5F00_32997823.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/7610.image_5F00_5077FC24.png


17/47


7) On the Virtual Machine Configuration page, add an additional fi rewall endpoint for web (HTTP)

network traffic by completing the following fields:

Name: WebHTTP

Protocol: TCP

Public Port: 80

Private Port: 80









9) After the new virtual machine has finished provisioning, click on the name ( labweb01)of the new


10)On the virtual machine Dashboardpage for labweb01, make note of the Internal IP Address

displayed on this page. This IP address should be listed as 10.0.0.x, where x is a valid host ID on thevirtual network.

11)On the virtual machine Dashboardpage for labweb01, click the Connect button located on the


console of this virtual machine. Logon at the console of your virtual machine with the local

Administrator credentials defined in Step 5above as follows:

User name: labweb01\AzureAdmin

http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6052.image_5F00_04428327.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6052.image_5F00_04428327.png


18/47



operation.









c)

When prompted for Administrator credentials, enter the following user name and password:



d) Restart the labweb01 virtual machine by issuing the following PowerShell cmdlet:

Restart-Computer

13)After the server restarts, connect again via Remote Desktop to the servers console and login with

the domain Administrator credentialsas follows:


Password:Enter the password recorded in Exercise 4, Step 5.

14)On the Desktop, double-click on the SharePoint 2013 Products Configuration Wizardshortcut to

launch the configuration wizard. Click the Nextbutton to continue. If prompted to start or reset

services, click the Yesbutton.

15)In the SharePoint Products Configuration Wizard, when prompted on the Connect to server farm

dialog, select the option to Create a new server farm.


19/47


16)On the Specify Configuration Database Settings, specify the following values for each field:

Database Server:labdb01

Username:CONTOSO\sp_farm

Password:Type the password specified when the sp_farm domain user account was created earlier

in Exercise 4.

17)Click the Next >button and accept all default values in the SharePoint Products Configuration

Wizard.

When prompted for a Passphrase for the new SharePoint farm, enter and confirm the same

password recorded in Exercise 4, Step 5.

Click the Finishbutton when prompted to complete the wizard.

TIP!SharePoint will require several minutes to complete this initial provisioning process.

18)The SharePoint 2013 Central Administrationweb page should launch automatically. When

prompted, click the Start the Wizardbutton to begin the Initial Farm Configuration Wizard.

19)When prompted for Service Account, type the CONTOSO\sp_serviceapps domain username and

password specified when this account was created earlier in Exercise 4.

20)Accept all other default values and click the Next >button to continue.

TIP!SharePoint will require several minutes to complete this initial provisioning process.

21)On the Create a Site Collectionpage, create a new top-level Intranet site collection using the

following field values:

Title and Description: Enter your preferred Title and Description for the new site collection

URL: Select the root URL pathhttp://labweb01/

Select experience version:2013

Select a template: Publishing | Publishing Portal

Click the OKbutton to provision a new top-level Intranet site collection.

After the new top-level Intranet site collection is provisioned, test navigating to the URL for this site

collection from within the Remote Desktop session to the server.

22)On the SharePoint 2013 Central Administration site, configure a Public URL alternate access mapping

for accessing the new top-level Intranet site collection from the Internet.


20/47


a) On the Central Administration site home page, click the Configure alternate access mappings

link.

b) On theAlternate Access Mappings page, click the Edit Public URLs link.

c) On the Edit Public Zone URLspage, select and specify the following values:

Alternate Access Mapping Collection:SharePoint - 80

Internet: http://XXXlabfarm.cloudapp.net

Click the Savebutton to complete the Alternate Access Mapping configuration.

23)Close the Remote Desktop session to the server.

24)Test browsing to the following public URL to confirm that you are able to access the Intr anet site

collection that is configured on SharePoint:

URL:http://XXXlabfarm.cloudapp.net

When prompted to authenticate to the web site, login with the fol lowing credentials:



If you are unable to successfully browse to this SharePoint site collection, carefully review Step 6and

Step 21to ensure that you have completed both steps correctly.

The configuration for this virtual machine is now complete, and you may continue with the next exercise

in this hands-on lab guide.
http://xxxlabfarm.cloudapp.net/http://xxxlabfarm.cloudapp.net/http://xxxlabfarm.cloudapp.net/


21/47


Exercise 7: Provision Virtual Machines via Windows PowerShell for

System Center 2012 R2

In this exercise, you wil l provision two new virtual machines in Microsoft Azure by using Windows

PowerShell and the Microsoft Azure PowerShell module. These virtual machines will be used in later labexercises for System Center 2012 R2 App Controller and System Center 2012 R2 Orchestrator.

You wil l perform this exercise from within a Remote Desktop session on virtual machine labad01.




Portal page.

3)

On the Virtual Machines page, click on the name of virtual machine labad01.

4) On the virtual machine Dashboardpage for labad01, click the Connect button located on the






Password: Enter the password recorded in Exercise 4,Step 5above.

5) Download and Install the Microsoft Azure PowerShell Module.

a) Launch Internet Explorerby first clicking the Startbutton and then clicking the Internet Explorer

tile on the Start Screen.

b) From within Internet Explorer, browse to the following link location:

http://go.microsoft.com/?linkid=9811175

c) When prompted, click the Runbutton to run the installation program. The Web Platform

Installer will launch.

d) On the Web Platform Installerdialog box, click the Installbutton.

e) When prompted for Prerequisites, click the I Accept button.

f) When the installation process has completed, click the Finishbutton and then click the Exit

button.
http://go.microsoft.com/?linkid=9811175http://go.microsoft.com/?linkid=9811175http://go.microsoft.com/?linkid=9811175


22/47


23/47


$vmAffinityGroup = "labag01"

$vNetName = "labnet01"

$subnetName = "Subnet-1"

$vmImage = @((Get-AzureVMImage | Where-Object Label `-like "Windows Server 2012 R2 Datacenter*").ImageName)[-1]

# When prompted for username below, enter AzureAdmin$vmAdmin = Get-Credential

$vmAdminUser = $vmAdmin.Username

$vmAdminPassword = $vmAdmin.GetNetworkCredential().Password

$vmDomain = "contoso.com"

$vmDomainNetBIOS = "CONTOSO"

$vm1 = New-AzureVMConfig Name $vm1Name ImageName $vmImage `InstanceSize Medium | Add-AzureProvisioningConfig `WindowsDomain AdminUserName $vmAdminUser `Password $vmAdminPassword JoinDomain $vmDomain `Domain $vmDomainNetBIOS DomainUserName $vmAdminUser `DomainPassword $vmAdminPassword |Set-AzureSubnet SubnetNames $subnetName

$vm1 | New-AzureVM ServiceName $vmServiceName `VnetName $vNetName -AffinityGroup $vmAffinityGroup

8)

Provision a new virtual machine named labo01 on the existing Microsoft Azure virtual network by

using the below PowerShell cmdlets. During the VM provisioning process, this new VM will be

automatically joined to the contoso.comActive Directory domain. This virtual machine will be used

for System Center 2012 R2 Orchestrator in a later lab exercise.

$vm2Name = "labo01"

$vm2 = New-AzureVMConfig Name $vm2Name ImageName $vmImage `InstanceSize Medium | Add-AzureProvisioningConfig `WindowsDomain AdminUserName $vmAdminUser `Password $vmAdminPassword JoinDomain $vmDomain `

Domain $vmDomainNetBIOS DomainUserName $vmAdminUser `DomainPassword $vmAdminPassword |Set-AzureSubnet SubnetNames $subnetName

$vm2 | New-AzureVM ServiceName $vmServiceName

When virtual machines labac01and labo01are displayed with aRunningstatus on the Virtual Machines

page of the Microsoft Azure Management Portal, you may continue with the next exercise.


24/47


Exercise 8: Manage Microsoft Azure with System Center 2012 R2 App

Controller

In this exercise, you will configure System Center 2012 R2 App Controll er for managing your Microsoft

Azure subscription.

You will begin this exercise by establishing a Remote Desktop connection to virtual machine labac01.

1) Establish a Remote Desktop connection to virtual machine labac01.

a) Sign in at the Microsoft Azure Management Portal with the logon credentials used when you

signed up for your Free Microsoft Azure Trial.

b) Select Virtual Machines located on the side navigation panel on the Microsoft Azure

Management Portal page.

c) On the Virtual Machines page, click on the name of virtual machine labac01.

d) On the virtual machine Dashboardpage for labac01, click the Connect button located on the

bottom navigation toolbar and click the Openbutton to launch a Remote Desktop Connection to

the console of this virtual machine.




Password: Enter the password recorded in Exercise 4,Step 5above.

2) From within the Remote Desktop session connected to labac01, disable Internet Explorer Enhanced

Security Configuration(ESC).

a) In the Server Managertool, click on Local Serverin the left navigation pane and select IE




production environments and is only performed for the purpose of this particular hands-onlab guide.


25/47


26/47


Generate self-signed certificate:Selected

SQL Server database server:labdb01

SQL Server port:1433

SQL Server instance name:MSSQLSERVER

SQL Server database name:default (AppController)

NOTE: After entering the SQL Server database information, you may need to click the Next

button more than once to proceed to the next wizard page.

Customer Experience Improvement Program:Yes, I am will ing to participate in CEIP

d) When prompted, click the Installbutton to begin the installation of System Center 2012 R2 App

Controller.

When the installation process has completed, click the Finish button.

5) From within the Remote Desktop session connected to labac01, export the self-signed certificate

generated during the installation process and upload to the Microsoft Azure Management Portal.

This certificate will be used to securely authenticate to your Microsoft Azure subscription via the

App Controller management server.

During this step, you will export the certificate file twice: one exported copy will be saved as a .CER

certificate file that can be uploaded to the Microsoft Azure Management Portal, and a second

exported copy will be saved as a .PFX certificate file that can be uploaded to the System Center 2012R2 App Controller portal.


Internet Information Services (IIS) Manager.

b) Click on LABAC01in the connections panel. If prompted to Get started with Microsoft Web

Platform, click the Nobutton.

c) In the center panel of the Internet Information Services (IIS) Managertool, double-click on

Server Certificates.

d)

On the Server Certificatespage, right-click on the System Center 2012 R2 App Controller

certificate and click on Viewon the pop-up menu.

e) On the Certificatedialog box, click the Detailstab and then click the Copy to Filebutton. This

will launch the Certificate Export Wizard.


27/47


f) Navigate through the Certificate Export Wizard using the Nextbutton. When prompted, enter

the following information:

Export Private Key: No

Export File Format:default (DER encoded binary X.509 .CER)

File name:c:\sc2012 r2 scac\labac01.cer

After specifying all of the above information, click the Finish button to complete the export

process. Click the OK button twice to dismiss each open dialog box.

g) On the Server Certificatespage, right-click on the System Center 2012 R2 App Controller

certificate and click on Exporton the pop-up menu.

h) In the Export Certificate dialog box, enter the following information:

Export to:c:\sc2012 r2 scac\labac01.pfx

Password:Enter and confirm the same password recorded in Exercise 4, Step 5.

After specifying all of the above information, click the OKbutton to complete the export

process.

i) Sign in at the Microsoft Azure Management Portal with the logon credentials used when you


j) Select Settings located on the side navigation panel on the Microsoft Azure Management Portal

page. You may need to scroll down the side navigation panel to see this selection.

k) On the Settingspage, click on the Management Certificatestab.

l) On the Management Certificatespage, click on the Uploadbutton located on the bottom black

toolbar. When prompted, browse to c:\sc2012 r2 scac\labac01.cerand click the button.

Your newly uploaded certificate should appear with a name of labac01.contoso.com.

m) For your newly uploaded certificate, select the value listed in the Subscription IDcolumn and

copy this value to your clipboard for later use in this lab exercise.

6)

Launch the System Center 2012 R2 App Controller portal and login as CONTOSO\AzureAdmin.

a) From within the Remote Desktop session connected to labac01, browse to

https://labac01.contoso.com

If prompted with a website securityerror, click on Continue to this website . This error is

generated due to the self-signed certificate used within this hands-on lab. In a production

environment, a certificate signed by a trusted certificate authority would normally be used
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttps://labac01.contoso.com/http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttps://labac01.contoso.com/


28/47


29/47


You will see options for Open Diagram, Properties, Shutdown, Restart, Remote Desktop, and

Delete.

d) From the right-click popup menu, selectProperties.Scroll through the Properties of new virtual

machineform to review each of the currently provisioned settings for this virtual machine.

When your review is complete, click the Cancelbutton and continue to the next step.

e) On the Virtual Machinespage, note that new virtual machines can be provisioned in a

connected cloud by clicking the Deploybutton on the top toolbar.

f) Click on Libraryin the left navigation panel of the App Controller portal.

g) On the Library page, note that a list of Disks, Images and Microsoft Azure storage accounts is

presented.

h) On the Library page, click on Sharesin the center panel. Note that the Addbutton on the top

toolbar can be used to add local on-premises shared folders to the App Controller portal for thepurpose of copying virtual machine hard disks between on-premises Private Clouds and

Microsoft Azure clouds.

When you have completed exploring the System Center 2012 R2 App Controller portal for Hybrid Cloud

management, you may continue with the next exercise.


30/47


Exercise 9: Automate your Lab Environment with System Center 2012 R2

Orchestrator

In this exercise, you will configure System Center 2012 R2 Orchestrator for automating your Microsoft

Azure subscription.

You will begin this exercise by establishing a Remote Desktop connection to virtual machine labo01.

1) Establish a Remote Desktop connection to virtual machine labo1.

a) Sign in at the Microsoft Azure Management Portal with the logon credentials used when you


b) Select Virtual Machines located on the side navigation panel on the Microsoft Azure

Management Portal page.

c) On the Virtual Machines page, click on the name of virtual machine labo01.

d) On the virtual machine Dashboardpage for labo01, click the Connect button located on the

bottom navigation toolbar and click the Openbutton to launch a Remote Desktop Connection to

the console of this virtual machine.




Password: Enter the password recorded in Exercise 4, Step 5above.

2) From within the Remote Desktop session connected to labo01, disable Internet Explorer Enhanced

Security Configuration(ESC).

a) In the Server Managertool, click on Local Serverin the left navigation pane and select IE




production environments and is only performed for the purpose of this particular hands-onlab guide.


31/47


3) From within the Remote Desktop session connected to labo01,extract the necessary installation

files and install the pre-requisite components for installation of System Center 2012 R2

Orchestrator.



b) In theAdministrator: Windows PowerShell ISEwindow, run the commands provided below to

extract the necessary installation files.

net use x: \\labad01\c$

x:\installs\sc2012_r2_sco /silent

net use x: /d

c) In theAdministrator: Windows PowerShell ISEwindow, run the command provided below to

install pre-requisite components for installation of System Center 2012 R2 Orchestrator.

Install-WindowsFeature NET-Framework-Core

4) From within the Remote Desktop session connected to labo01, complete the installation of System

Center 2012 R2 Orchestrator.

a) In theAdministrator: Windows PowerShell ISEwindow, run the commands provided below to

launch the setup program for System Center 2012 R2 Orchestrator.

cd "\sc2012 r2 sco"

.\SetupOrchestrator.exe

b) In the System Center 2012 R2 Orchestrator Setupdialog box, click Installto begin the installation

process.

c) During the System Center 2012 R2 Orchestrator Setupwizard, click the Nextbutton to proceed

through each page. When prompted by the wizard, enter the following field values:

Organization: Contoso

Product Key: Leave blank (evaluation edition)

Select features to install:Default (all features)

Software Prerequisites:Click the radio button option for Activate .NET and IIS features/roles

Username: CONTOSO\sc_admin

Password:Enter the password recorded in Exercise 4, Step 5above.


32/47


Domain:CONTOSO

Database server:labdb01

Database server port:1433

Database server authentication credentials: Windows Authentication

Database:Default (create a new database named Orchestrator)

Orchestrator users group:Default (LABO01\OrchestratorUsersGroup)

Web service port:default (81)

Orchestration console port:default (82)

Installation Location: Default (C:\Program Files (x86)\Microsoft System Center 2012R2\Orchestrator)

Microsoft Update:On (recommended)

Customer Experience Improvement Program:Yes, I am will ing to participate in CEIP

Error Reporting:Yes, I am willing to participate anonymously. Please automatically send my

error reports.

d) When prompted, click the Installbutton to begin the installation process for System Center

2012 R2 Orchestrator.

When the installation process has completed, uncheck all checkboxoptionslocated at the

bottom of the Setup completed successfully page, and click the Close button.

5) From within the Remote Desktop session connected to labo01, download and extract the Microsoft

Azure Integration Pack for System Center 2012 R2 Orchestrator.

a) Browse tohttp://www.microsoft.com/en-us/download/details.aspx?id=39622and download

the System_Center_2012_R2_Integration_Packs.EXE file to the c:\sc2012 r2 scofolder location.

b) In theAdministrator: Windows PowerShell ISEwindow, run the commands provided below to

extract the necessary installation files.

cd "\sc2012 r2 sco"

.\System_Center_2012_R2_Integration_Packs

When prompted to Choose Directory For Extracted Files, accept the default path
http://www.microsoft.com/en-us/download/details.aspx?id=39622http://www.microsoft.com/en-us/download/details.aspx?id=39622http://www.microsoft.com/en-us/download/details.aspx?id=39622http://www.microsoft.com/en-us/download/details.aspx?id=39622


33/47


(c:\sc2012 r2 sco) and click the OKbutton.

6) From within the Remote Desktop session connected to labo01, deploy the Microsoft Azure

Integration Pack for System Center 2012 R2 Orchestrator.

a) Click the Start button tip to navigate to the Start Screen, and then click the button located at

the bottom of the screen to navigate to theAll Appsview.

b) On theAppsscreen, click on the Deployment Managertile located under the Microsoft System

Center 2012 category.

c) In the System Center 2012 R2 Orchestrator Deployment Managertool, right-click on Integration

Packs in the left navigation panel, and click Register IP with the Orchestrator Management

Server

d) Navigate through the Integration Pack Registration Wizard pages using the Next and Finish

buttons.

When prompted to Select Integration Packs or Hotfixes,click the Addbutton and browse to

C:\SC2012 R2 SCO\SC2012R2_Integration_Pack_for_Azure.OIP

e) In the System Center 2012 R2 Orchestrator Deployment Managertool, right-click on Integration

Packs in the left navigation panel, and click Deploy IP to Runbook Server or Runbook Designer

f) Navigate through the Integration Pack or Hotfix Deployment Wizard pages using the Next and

Finish buttons. When prompted, use the following information:

Deploy Integration Packs or Hotfixes:click the checkbox for System Center Integration Pack for

Windows Azure

Computer: enter labo01and click the Addbutton

g) When the deployment of the System Center Integration Pack for Windows Azurehas completed,

you may close the System Center 2012 R2 Orchestrator Deployment Manager tool.

7) From within the Remote Desktop session connected to labo01, generate and export a self -signed

certificate. This certificate will be used to securely authenticate to your Microsoft Azure

subscription via the Orchestrator management server.

During this step, you will export the certificate file twice: one exported copy will be saved as a .CER

certificate file that can be uploaded to the Microsoft Azure Management Portal, and a second

exported copy will be saved as a .PFX certificate fi le that can be registered with System Center 2012

R2 Orchestrator.


Internet Information Services (IIS) Manager.


34/47


b) Click on LABO01in the connections panel. If prompted to Get started with Microsoft Web

Platform, click the Nobutton.

c) In the center panel of the Internet Information Services (IIS) Managertool, double-click on

Server Certificates.

d)

In theActionspanel located at the right, click Create Self-Signed Certificate. When prompted,

enter the following information:

Friendly name for certificate: System Center 2012 R2 Orchestrator

Certificate store: Personal

Click the OK button to generate the new self -signed certificate.

e) On the Server Certificatespage, right-click on the System Center 2012 R2 Orchestrator

certificate and click on Viewon the pop-up menu.

f) On the Certificatedialog box, click the Detailstab and then click the Copy to Filebutton. This

will launch the Certificate Export Wizard.

g) Navigate through the Certificate Export Wizard using the Nextbutton. When prompted, enter

the following information:

Export Private Key: No

Export File Format:default (DER encoded binary X.509 .CER)

File name:c:\sc2012 r2 sco\labo01.cer

After specifying all of the above information, click the Finish button to complete the export

process. Click the OK button twice to dismiss each open dialog box.

h) On the Server Certificatespage, right-click on the System Center 2012 R2 Orchestrator

certificate and click on Exporton the pop-up menu.

i) In the Export Certificate dialog box, enter the following information:

Export to:c:\sc2012 r2 sco\labo01.pfx

Password:Enter and confirm the same password recorded in Exercise 4, Step 5.

After specifying all of the above information, click the OKbutton to complete the export

process.

j) Sign in at the Microsoft Azure Management Portal with the logon credentials used when you



35/47


k) Select Settings located on the side navigation panel on the Microsoft Azure Management Portal

page. You may need to scroll down the side navigation panel to see this selection.

l) On the Settingspage, click on the Management Certificatestab.

m) On the Management Certificatespage, click on the Uploadbutton located on the bottom black

toolbar. When prompted, browse to c:\sc2012 r2 sco\labo01.cerand click the button.

Your newly uploaded certificate should appear with a name of labo01.contoso.com.

n) For your newly uploaded certificate, select the value listed in the Subscription IDcolumn and

copy this value to your clipboard for later use in this lab exercise.

8) From within the Remote Desktop session connected to labo01, connect System Center 2012 R2

Orchestrator to your Microsoft Azure subscription.

a) Click the Startbutton tip to navigate to the Start Screen, and then click the button located at

the bottom of the screen to navigate to theAll Appsview.

b) On theAppsscreen, click on the Runbook Designertile located under the Microsoft System

Center 2012 category.

c) In the System Center 2012 R2 Orchestrator Runbook Designertool, click on the Optionsmenu

located on the top menu bar and select Windows Azure.

d) In the Windows Azuredialog box, click the Addbutton to add a new Microsoft Azure

subscription.

e)

In theAdd Configurationdialog, enter the following information for the Microsoft Azuresubscription to be connected:

Name:My Azure Cloud

Type:Azure Management Configuration Settings

Azure Endpoint:default (https://management.core.windows.net)

PFX File Password:Enter the password recorded in Exercise 4, Step 5

PFX File Path:c:\sc2012 r2 sco\labo01.pfx

Subscription ID:Paste the value copied to your clipboard in Step 7nabove

Click the OKbutton to save this connection to your Microsoft Azure subscription.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.png


36/47


f) Click the Finishbutton to close the Windows Azuredialog box.

9) From within the Remote Desktop session connected to labo01, create a basic Runbook to automate

Microsoft Azure virtual machine provisioning by creating a new storage container, cloud service and

virtual machine instance.

As part of the process in creating this Runbook, you will be leveraging four (4) activities that are

provided by the previously installed Microsoft Azure Integration Pack:Azure Virtual Machine

Images,Azure Storage,Azure Cloud ServicesandAzure Virtual Machines. After this Runbook is

created, it should look like the sample diagram below.

a) In the System Center 2012 R2 Orchestrator Runbook Designertool, right-click onRunbooksin

the left navigation panel and selectNew | Runbook.

b) Click on the Check Outbutton on the top toolbar to check out the new Runbook for editing.

c) In theActivitieslist in the right navigation panel, click on Windows Azureto expand the set of

activities associated with the Microsoft Azure Integration Pack.

d) Click on the Azure Virtual Machine Imagesactivity in theActivities list and drag it into the upper

left of the New Runbookdesign surface located in the middle panel of the Runbook Designer

tool.

Right-click on this activity and click on Propertiesto set the following property values:

Configuration Name:My Azure Cloud

Choose an Activity:List OS Images

Filters:Labelequals Windows Server 2012 R2 Datacenter, April 2014

Click the Finish button to save the property values for this activity.


37/47


e) Click on the Azure Storageactivity in the Activities list and drag it to the New Runbook design

surface so that it is located to the right of the previous activity.

Click on the previous activity and drag the right arrow handle over this new activity to connect

the two activities together.

Right-click on theAzure Storageactivity in the New Runbook design surface and click on

Propertiesto set the following property values:


Choose an Activity:Create Container

Storage Account Name:XXXlabstor01 (where XXXis replaced with your unique initials)

Container Name: labvhds

Click the Finishbutton to save the property values for this activity.

f) Click on the Azure Cloud Servicesactivity in theActivities list and drag it to the New Runbook

design surface so that it is located to the right of the previous activity.

Click on the previous activity and drag the right arrow handle over this new activity to connect

the two activities together.

Right-click on theAzure Cloud Servicesactivity in the New Runbook design surface and click on

Propertiesto set the following property values:


Choose an Activity:Create Cloud Service

Service DNS Prefix:XXXlabvms (where XXXis replaced with your unique initials)

Label:XXXlabvms (where XXXis replaced with your unique initials)

Description:Lab VMs

Location/Affinity Group:Affinity Group

Location/Affinity Group Value:labag01

Click the Finishbutton to save the property values for this activity.


38/47


39/47


10)From within the Remote Desktop session connected to labo01, run the newly created Runbook

using the System Center 2012 R2 Orchestrator Runbook Tester.

a) Click on the Runbook Testerbutton that is located on the top toolbar of the System Center 2012

R2 Orchestrator Runbook Designertool.

b)

In the System Center 2012 R2 Orchestrator Runbook Tester tool, click on the Runbutton on the

top toolbar.

c) As the Runbook executes, monitor progress in the bottom Logpanel in the Runbook Testertool.

d) After the Runbook successfully completes, sign-in to the Microsoft Azure Management Portal

and confirm that labvm01has been automatically provisioned as a new virtual machine by

navigating to the Virtual Machinesportal page.

EXTRA CREDIT!Use the System Center 2012 R2 App Controllerportal on labac01to delete the virtual

machine, cloud service and storage container that were provisioned as part of this automated Runbook.

Note that after deleting the virtual machine, you may be required to wait a few minutes before you areable to sucessfully delete storage resources.

When you have completed exploring the cloud resources that were automatically provisioned by the

System Center 2012 R2 Orchestrator Runbook, you may continue with the next exercise.


40/47


Exercise 10: Shut down the On-demand Dev/Test Lab Environment

Your functional Dev/Test Lab environment is now complete, but you likely wont be using this lab

environment 24x7 around-the-clock. As long as the virtual machines are running, they wil l continue to

accumulate compute hours against your Microsoft Azure subscription.

To preserve your compute hours for productive lab work, be sure to shut down each VMfrom the

Microsoft Azure Management Portalwhen not in use. After each VM is successfully shut down, the

status of each VM wil l be listed in the portal as Stopped (Deallocated) and compute charges wil l not

accumulate for VMs in this state.

Follow these steps to shut down your virtual machines:

1) Sign in at the Microsoft Azure Management Portalwith the logon credentials used when you signed


2)

Select Virtual Machineslocated on the side navigation panel on the Microsoft Azure ManagementPortal page.

3) For each provisioned virtual machine, click on the virtual machine nameto select that virtual

machine, and then click on the Shut downbutton located on the bottom toolbar.

When all virtual machines are listed in the portal with a Stopped (Deallocated) status, you have

completed this exercise.

TIP! It is important to shut down the VMs from the Microsoft Azure Management Portalto properly de-

allocate compute resources and prevent compute charges from accumulating. If you shut down VMs

from within the Guest OS or from the System Center 2012 R2 App Controller portal, the VMs wil l be

placed in a different Stopped status where compute resources are notde-allocated and compute

charges in this state will still apply.


41/47


Additional Resources

Congratulations!Youve completed this Hands-on Lab for Building and Managing a Dev/Test Farm in the

Cloud using Microsoft Azure Infrastructure Services.

If you enjoyed this Hands-On Lab, be sure to check-out our full set of Cloud Step-By-Step Guides for

building other common hybrid cloud scenarios at:

Cloud Labs Step-by-Step Guides

http://aka.ms/CloudLab

Guided Hands-On Lab: Build a Cross-Premises Site-to-Site VPN

http://aka.ms/VNetCloudLab

Guided Hands-On Lab: Migrate VMs from VMware to Microsoft Azure

http://aka.ms/VMWCloudLab

Guided Hands-On Lab: Migrate VMs from Amazon AWS to Microsoft Azure

http://aka.ms/AWSCloudLab

Guided Hands-On Lab: Orchestrate Private Cloud Failover with Microsoft Azure Hyper-V Recovery

Manager

http://aka.ms/HVMCloudLab

Step-by-Step: Cloud Backups of Microsoft Azure Virtual Machines using PowerShell ( Part 1)

http://aka.ms/BackupWindowsAzureVM

Step-by-Step: Cloud Restores of Microsoft Azure Virtual Machines using PowerShell ( Part 2 )

http://aka.ms/AzureVMRestoreCloudLab

Build Your Hybrid Cloud in a Month

http://aka.ms/BuildYourCloud

Introduction to PowerShell

http://aka.ms/PoshIntro
http://aka.ms/CloudLabhttp://aka.ms/VNetCloudLabhttp://aka.ms/VMWCloudLabhttp://aka.ms/AWSCloudLabhttp://aka.ms/HVMCloudLabhttp://aka.ms/BackupWindowsAzureVMhttp://aka.ms/BackupWindowsAzureVMhttp://aka.ms/AzureVMRestoreCloudLabhttp://aka.ms/BuildYourCloudhttp://aka.ms/PoshIntrohttp://aka.ms/PoshIntrohttp://aka.ms/BuildYourCloudhttp://aka.ms/AzureVMRestoreCloudLabhttp://aka.ms/BackupWindowsAzureVMhttp://aka.ms/HVMCloudLabhttp://aka.ms/AWSCloudLabhttp://aka.ms/VMWCloudLabhttp://aka.ms/VNetCloudLabhttp://aka.ms/CloudLab


42/47


Alternate to Exercise 7: Provision Virtual Machines for System Center

2012 R2

Exercises 7A and 7B below are provided as alternate exercises to the original Exercise 7 in this Hands-on

Lab Guide. These alternate exercises leverage the Microsoft Azure Management Portal to provision

virtual machines for System Center 2012 R2, rather than leveraging the Microsoft Azure PowerShell

Module for this purpose.

Exercise 7A: Provision Virtual Machine for System Center 2012 R2 App

Controller

Provision a new Microsoft Azure VM for System Center 2012 R2 App Controller by performing

the following steps:

1)

Sign in at the Microsoft Azure Management Portal with the logon credentials used when you signed



Portal page.




5)



updates applied.

Virtual Machine Name:labac01

Tier:Standard

Size: A2 (2 cores, 3.5GB Memory)



http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/5140.image_5F00_6F988853.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/5140.image_5F00_6F988853.png


43/47





XXXlabmgmt.cloudapp.net


above.



Availability Set: (None)


7) On the Virtual Machine Configuration page, click the button to accept the default fi rewall

endpoint values and begin provisioning the new virtual machine.






8) After the new virtual machine has finished provisioning, click on the name (labac01) of the new


9) On the virtual machine Dashboardpage for labac01, make note of the Internal IP Addressdisplayed

on this page. This IP address should be listed as 10.0.0.x, where x is a valid host ID on the virtual

network.
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/6433.image_5F00_024AF15A.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_41419357.png


44/47


10)On the virtual machine Dashboardpage for labac01, click the Connect button located on the bottom

navigation toolbar and click the Openbutton to launch a Remote Desktop Connection to the console

of this virtual machine. Logon at the console of your virtual machine with the local Administrator

credentials defined in Step 5above as follows:

User name: labac01\AzureAdmin



operation.









c) When prompted for Administrator credentials, enter the following user name and password:



d) Restart the labac01 virtual machine by issuing the following PowerShell cmdlet:

Restart-Computer

You have completed the initial provisioning of this Microsoft Azure virtual machine for System

Center 2012 R2 App Controller. In a later exercise in this Hands-on Lab Guide, you will complete

the installation and configuration of System Center 2012 R2 App Controller.


45/47


Exercise 7B: Provision Virtual Machine for System Center 2012 R2

Orchestrator

Provision a new Microsoft Azure VM for System Center 2012 R2 Orchestrator by performing the

following steps:




Portal page.






updates applied.

Virtual Machine Name:labo01

Tier:Standard

Size: A2 (2 cores, 3.5GB Memory)



http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/5140.image_5F00_6F988853.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/3302.image_5F00_5CE38E9C.pnghttp://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-94-09-metablogapi/5140.image_5F00_6F988853.png


46/47



Cloud Service: XXXlabmgmt


XXXlabmgmt.cloudapp.net


above.



Availability Set: (None)


7) On the Virtual Machine Configuration page, click the button to accept the default fi rewall

endpoint values and begin provisioning the new virtual machine.






8) After the new virtual machine has finished provisioning, click on the name (labo01) of the new


9) On the virtual machine Dashboardpage for labo01, make note of the Internal IP Addressdisplayed

on this page. This IP address should be listed as 10.0.0.x, where x is a valid host ID on the virtua

us it camp - azure hybrid cloud hol - fy14h2 - 201405

Documents