Creating
a management infrastructure in Windows Azure
This blog post will only provide some guidance on how to get started with IaaS in Windows Azure, and not explaining the wide aspect of the architecture in Azure, and neither the common pitfalls since I have described this previously over the years.
This is
the project:
“We have
a large infrastructure on-premise, and many locations around the world. We want
a reliable monitoring infrastructure, using System Center to tell us what’s
going on, also if the entire location goes under water etc. We have some spare
resources, but we want this operation to be totally separated from the bits and
bytes we use on a day-to-day basis”.
This brings
Windows Azure to the table.
First
thing first, since this should be completely separated from the wide diversity
of AD topologies in the business, we must start to create a new Active
Directory forest in Azure
1.
Log
on the Windows Azure portal with your account.
2.
Create
a Virtual Network and Storage in the same affinity group (important).
3.
Download
and install the Powershell module for Windows Azure from http://go.microsoft.com/?linkid=9811175&clcid=0x409
4.
Run
Windows Azure Powershell as an Administrator on your computer/server – and execute
the following cmdlets, one by one.
Set-ExecutionPolicy RemoteSigned
Import-Module “C:\Program Files (x86)\Microsoft
SDK\Windows Azure\Powershell\Azure\Azure.psd1”
Get-AzurePublishSettingsFile
The last cmdlet will direct you to Windows
Azure where you should already be signed in, and let you download the settings
for your account. Save this file to a folder on one of your HDDs.
Run the following cmdlet:
Powershell ise
This will start Windows Azure PowerShell ISE where you can deploy your domain controllers and your virtual machines.
It’s really important that you perform these
operations with powershell so that your domain controller can survive servicing
in Azure without losing any data (ok, I’ll explain why in another blog post.
But generally speaking, the HA mechanism in Azure is not similar to the one you
may be familiar with through Hyper-V and Failover Clustering on-premise).
Paste the following script into Powershell ISE:
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'
Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'
Select-AzureSubscription -SubscriptionName '3-Month Free Trial'
#Deploy the Domain Controller in a virtual network
#-------------------------------------------------
#Specify my DC's DNS IP (127.0.0.1)
$myDNS = New-AzureDNS -Name 'myDNS' -IPAddress '127.0.0.1'
$vmname = 'VMName'
# OS Image to Use
$image = 'MSFT__Windows-Server-2012-Datacenter-201210.01-en.us-30GB.vhd'
$service = 'ServiceName'
$AG = 'YourAffinityGroup'
$vnet = 'YourVirtualNetworkName'
#VM Configuration
$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |
Add-AzureProvisioningConfig -Windows -Password 'Password' |
Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet
This should start the deployment of your first VM, ready to be provisioned as a domain controller.
Once it's completed, attach two empty virtual hard disks to this VM (one disk for AD and one disk for backup. You can specify the size you'd like), and log on.
Depending of which OS you are running, you should go ahead and configure those newly attached disks so that they are ready to be used by the VM.
Create a NTDS folder on one of the disks, for AD.
Once this is done, go ahead and install Active Directory on your virtual machine, and place the AD settings in your NTDS folder you created.
When your VM is installed with AD DS, perform a backup of the server OS to the other vhd you created.
So far, so good.
To deploy virtual machines to your newly created domain, use this script:
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'
Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'
Select-AzureSubscription -SubscriptionName '3-Month Free Trial'
#Deploy a new VM and join it to the domain
#-------------------------------------------
#Specify my DC's DNS IP (192.168.0.4) <-- this is just an example. use your newly created DC IP
$myDNS = New-AzureDNS -Name 'VMName' -IPAddress '192.168.0.4'
# OS Image to Use
$image = 'MSFT__Windows-Server-2012-Datacenter-201210.01-en.us-30GB.vhd'
$service = 'NewServiceName'
$AG = 'YourAffinityGroup'
$vnet = 'YourVirtualNetworkName'
$pwd = 'Password'
$size = 'Small'
#VM Configuration
$vmname = 'VMName'
$MyVM1 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image |
Add-AzureProvisioningConfig -WindowsDomain -Password $pwd -Domain '*corp*' -DomainPassword 'Password' -DomainUserName 'Administrator' -JoinDomain 'FQDN'|
Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM1 -DnsSettings $myDNS -VNetName $vnet
This should deploy a VM, ready to use in your newly created domain in Windows Azure.
Once ready, attach some disks here as well for your data partitions.
You are now ready to install System Center Operation Manager 2012 in this VM, member of the domain you have created.
-kn