Thursday, November 22, 2012

Creating a management infrastructure in Windows Azure


Creating a management infrastructure in Windows Azure

This blog post will only provide some guidance on how to get started with IaaS in Windows Azure, and not explaining the wide aspect of the architecture in Azure, and neither the common pitfalls since I have described this previously over the years.

This is the project:

“We have a large infrastructure on-premise, and many locations around the world. We want a reliable monitoring infrastructure, using System Center to tell us what’s going on, also if the entire location goes under water etc. We have some spare resources, but we want this operation to be totally separated from the bits and bytes we use on a day-to-day basis”.

This brings Windows Azure to the table.

First thing first, since this should be completely separated from the wide diversity of AD topologies in the business, we must start to create a new Active Directory forest in Azure

1.       Log on the Windows Azure portal with your account.

2.       Create a Virtual Network and Storage in the same affinity group (important).

3.       Download and install the Powershell module for Windows Azure from http://go.microsoft.com/?linkid=9811175&clcid=0x409

4.       Run Windows Azure Powershell as an Administrator on your computer/server – and execute the following cmdlets, one by one.

Set-ExecutionPolicy RemoteSigned

Import-Module “C:\Program Files (x86)\Microsoft SDK\Windows Azure\Powershell\Azure\Azure.psd1” 

Get-AzurePublishSettingsFile 

The last cmdlet will direct you to Windows Azure where you should already be signed in, and let you download the settings for your account. Save this file to a folder on one of your HDDs.

Run the following cmdlet:

Powershell ise

This will start Windows Azure PowerShell ISE where you can deploy your domain controllers and your virtual machines.

It’s really important that you perform these operations with powershell so that your domain controller can survive servicing in Azure without losing any data (ok, I’ll explain why in another blog post. But generally speaking, the HA mechanism in Azure is not similar to the one you may be familiar with through Hyper-V and Failover Clustering on-premise).

Paste the following script into Powershell ISE:

Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"

Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'

Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'

Select-AzureSubscription -SubscriptionName '3-Month Free Trial'



 

#Deploy the Domain Controller in a virtual network

#-------------------------------------------------






#Specify my DC's DNS IP (127.0.0.1)


$myDNS = New-AzureDNS -Name 'myDNS' -IPAddress '127.0.0.1'

$vmname = 'VMName'




# OS Image to Use


$image = 'MSFT__Windows-Server-2012-Datacenter-201210.01-en.us-30GB.vhd'

$service = 'ServiceName'

$AG = 'YourAffinityGroup'

$vnet = 'YourVirtualNetworkName'



 

#VM Configuration


$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |

Add-AzureProvisioningConfig -Windows -Password 'Password' |

Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'



 

New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet


This should start the deployment of your first VM, ready to be provisioned as a domain controller.
Once it's completed, attach two empty virtual hard disks to this VM (one disk for AD and one disk for backup. You can specify the size you'd like), and log on.

Depending of which OS you are running, you should go ahead and configure those newly attached disks so that they are ready to be used by the VM.
Create a NTDS folder on one of the disks, for AD.

Once this is done, go ahead and install Active Directory on your virtual machine, and place the AD settings in your NTDS folder you created.
When your VM is installed with AD DS, perform a backup of the server OS to the other vhd you created.

So far, so good.

To deploy virtual machines to your newly created domain, use this script:




 
 
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"

Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'

Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'

Select-AzureSubscription -SubscriptionName '3-Month Free Trial'



 
 
#Deploy a new VM and join it to the domain

#-------------------------------------------

#Specify my DC's DNS IP (192.168.0.4) <-- this is just an example. use your newly created DC IP
 
 
$myDNS = New-AzureDNS -Name 'VMName' -IPAddress '192.168.0.4'



 
 
# OS Image to Use
 
 
$image = 'MSFT__Windows-Server-2012-Datacenter-201210.01-en.us-30GB.vhd'

$service = 'NewServiceName'

$AG = 'YourAffinityGroup'

$vnet = 'YourVirtualNetworkName'

$pwd = 'Password'

$size = 'Small'



 
 
#VM Configuration
 
 
$vmname = 'VMName'

$MyVM1 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image |

Add-AzureProvisioningConfig -WindowsDomain -Password $pwd -Domain '*corp*' -DomainPassword 'Password' -DomainUserName 'Administrator' -JoinDomain 'FQDN'|

Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'



 
 
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM1 -DnsSettings $myDNS -VNetName $vnet


This should deploy a VM, ready to use in your newly created domain in Windows Azure.
Once ready, attach some disks here as well for your data partitions.

You are now ready to install System Center Operation Manager 2012 in this VM, member of the domain you have created.

-kn

1 comment:

Gary Mitchell said...

Great article. Just wanted to add to the conversation and say that if you're interested in data center infrastructure management (DCIM), I would strongly recommend you take a look at AssetCentral in addition to Windows Azure.

- Gary