Thursday, November 22, 2012

Creating a management infrastructure in Windows Azure

Creating a management infrastructure in Windows Azure

This blog post will only provide some guidance on how to get started with IaaS in Windows Azure, and not explaining the wide aspect of the architecture in Azure, and neither the common pitfalls since I have described this previously over the years.

This is the project:

“We have a large infrastructure on-premise, and many locations around the world. We want a reliable monitoring infrastructure, using System Center to tell us what’s going on, also if the entire location goes under water etc. We have some spare resources, but we want this operation to be totally separated from the bits and bytes we use on a day-to-day basis”.

This brings Windows Azure to the table.

First thing first, since this should be completely separated from the wide diversity of AD topologies in the business, we must start to create a new Active Directory forest in Azure

1.       Log on the Windows Azure portal with your account.

2.       Create a Virtual Network and Storage in the same affinity group (important).

3.       Download and install the Powershell module for Windows Azure from

4.       Run Windows Azure Powershell as an Administrator on your computer/server – and execute the following cmdlets, one by one.

Set-ExecutionPolicy RemoteSigned

Import-Module “C:\Program Files (x86)\Microsoft SDK\Windows Azure\Powershell\Azure\Azure.psd1” 


The last cmdlet will direct you to Windows Azure where you should already be signed in, and let you download the settings for your account. Save this file to a folder on one of your HDDs.

Run the following cmdlet:

Powershell ise

This will start Windows Azure PowerShell ISE where you can deploy your domain controllers and your virtual machines.

It’s really important that you perform these operations with powershell so that your domain controller can survive servicing in Azure without losing any data (ok, I’ll explain why in another blog post. But generally speaking, the HA mechanism in Azure is not similar to the one you may be familiar with through Hyper-V and Failover Clustering on-premise).

Paste the following script into Powershell ISE:

Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"

Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'

Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'

Select-AzureSubscription -SubscriptionName '3-Month Free Trial'


#Deploy the Domain Controller in a virtual network


#Specify my DC's DNS IP (

$myDNS = New-AzureDNS -Name 'myDNS' -IPAddress ''

$vmname = 'VMName'

# OS Image to Use

$image = ''

$service = 'ServiceName'

$AG = 'YourAffinityGroup'

$vnet = 'YourVirtualNetworkName'


#VM Configuration

$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |

Add-AzureProvisioningConfig -Windows -Password 'Password' |

Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'


New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet

This should start the deployment of your first VM, ready to be provisioned as a domain controller.
Once it's completed, attach two empty virtual hard disks to this VM (one disk for AD and one disk for backup. You can specify the size you'd like), and log on.

Depending of which OS you are running, you should go ahead and configure those newly attached disks so that they are ready to be used by the VM.
Create a NTDS folder on one of the disks, for AD.

Once this is done, go ahead and install Active Directory on your virtual machine, and place the AD settings in your NTDS folder you created.
When your VM is installed with AD DS, perform a backup of the server OS to the other vhd you created.

So far, so good.

To deploy virtual machines to your newly created domain, use this script:

Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"

Import-AzurePublishSettingsFile 'C:\azure\TheSubscriptionFileYouDownloaded.publishsettings'

Set-AzureSubscription -SubscriptionName '3-Month Free Trial' -CurrentStorageAccount 'YourStorageAccount'

Select-AzureSubscription -SubscriptionName '3-Month Free Trial'

#Deploy a new VM and join it to the domain


#Specify my DC's DNS IP ( <-- this is just an example. use your newly created DC IP
$myDNS = New-AzureDNS -Name 'VMName' -IPAddress ''

# OS Image to Use
$image = ''

$service = 'NewServiceName'

$AG = 'YourAffinityGroup'

$vnet = 'YourVirtualNetworkName'

$pwd = 'Password'

$size = 'Small'

#VM Configuration
$vmname = 'VMName'

$MyVM1 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image |

Add-AzureProvisioningConfig -WindowsDomain -Password $pwd -Domain '*corp*' -DomainPassword 'Password' -DomainUserName 'Administrator' -JoinDomain 'FQDN'|

Set-AzureSubnet -SubnetNames 'TheSubnetYouCreatedinYourVirtualNetwork'

New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM1 -DnsSettings $myDNS -VNetName $vnet

This should deploy a VM, ready to use in your newly created domain in Windows Azure.
Once ready, attach some disks here as well for your data partitions.

You are now ready to install System Center Operation Manager 2012 in this VM, member of the domain you have created.


Monday, November 19, 2012

Windows network virtualization is not enabled on a host NIC available for placement

“Windows network virtualization is not enabled on a host NIC available for placement”

1. You have created a logical network in the Fabric workspace in VMM.

2. Then, you have created a VM Network, and tries to deploy a VM or/and a Service to your cloud or host group, associated with this network.

You’ll get the error mentioned above, during the intelligent placement step in the wizard.

Log on to your hosts/clusters where you can’t perform the deployment and enable the “Windows Network Virtualization Filter Driver” option on the NIC used for the virtual switch.

Refresh the hosts/clusters in VMM and retry the operation.

Wednesday, November 14, 2012

Clustered Shared Volumes (2.0) in Windows Server 2012

Clustered Shared Volumes was first introduced in Windows Server 2008 R2, and was almost as popular as sliced bread by the time. A great enhancement, and it was solely meant for Hyper-V virtual machines.

Instead of using a dedicated LUN for each VM (so that you could migrate them between cluster nodes without taking down the other VMs on the same LUN) as in Windows Server 2008, you had now the possibility to store multiple VMs on the same LUN by converting it to CSV.

CSV is a distributed file access solution that let multiple nodes in a cluster to access the same file system simultaneously.

This means that many VMs can share the same volume, while you can failover, live migrate and move VMs without affecting the other virtual machines. This leads to better utilization of your storage since you don’t have to place VMs on separate disks, and the CSV’s are not depending in disk letters so you can scale this configuration out, if you’d like.

What’s the latest and greatest related to CSV 2.0:


·         Windows Server 2012 has brought some changes to the architecture, so there’s now a new NTFS compatible file system, which is called CSVFS. This means that applications running on a CSV are able to discover this, and leverage this. But still, the underlying file system is NTFS.


·         BitLocker Support is added to the list, which means you can secure your CSVs on a remote location. The Cluster Name Object is used as the identity to decryption and you should include this in every cluster deployment you are doing, because the performance penalty are less than 1%.


·         Direct I/O for data access which gives enhancements for virtual machine creation and copy operations.


·         Support for other roles than Virtual Machines. There’s an entirely new story around SMB in Windows Server 2012, and CSV is also affected by this. You can now put a SMB file share on top of your CSVs, which makes it easier to scale out your cluster storage, to share a single CSV among several clusters, where they will access their shares instead of volumes. Just a reminder: You can run Hyper-V virtual machines from a SMB file share in Windows Server 2012. This requires that both the server and the client is using SMB 3.0.


·         The marriage to Active Directory has come to an end. External authentication dependencies, which you would run into if you started your cluster without an available AD is now removed. This gives us an easier setup of clusters, with less trouble and dependencies.


·         File backup by supporting requestors that’s running Windows Server 2008 R2 or 2012. You can use application consistent and crash consistent VSS snapshots.


·         SMB support with multichannel and direct. CSV traffic can now stream across multiple networks in the clusters and utilize the performance in your NICs that supports RDMA.


·         Integration with storage spaces (new in Windows Server 2012) so that you can leverage your cheap disks (just a bunch of disks, JBOD) in a cluster environment


·         Maintenance by scanning and repairing volumes with no downtime

Although there’s several enhancement for VM mobility in 2012, where you can move VMs without shared storage, there are still significant benefits by clustering your Hyper-V hosts.

Remember: No cluster = no high availability.


Sunday, November 11, 2012

Infrastructure Planning and Design

This is a quick heads up for some important guides that should be on every system integrators table.

The Infrastructure Planning and Design guides from Microsoft

The planning phase on a project is the most important one.
The reason for that, is that you must ensure what the customer actually want to do, and how to meet the requirements. Let’s take the System Center components for example.
Although you can ramble on and install Operations Manager on a single server, this is unlikely very clever to do.

Things to consider prior to deployment:

·         What infrastructure is in place prior to the deployment?

·         Do you have to purchase additional hardware components to meet the requirements?

·         Will this lead to some change management?

·         Who’s involved in this project?

·         Will it involve down time for some (or all) of the production?

·         ETA?

This is just a few points to mention in this context, but the list could go on and on and on.
Read the different guides that are related to the projects you’re working with, and make sure you have considered the most important pitfalls.
Statistically, 8 of 10 IT projects are failing beyond recognition. If you read through the Infrastructure Planning and Design guides, you should be one step closer to a successful project.