Tuesday, March 4, 2014

Authoring VM Roles for Windows Azure Pack

You may be aware of VM Roles within Windows Azure Pack.
The ability to extend your service offering with services and applications, using the rich framework in VMM is really a killer and a “must” for those who adopt Windows Azure Pack in these days, and when they want to have a VM Cloud.

For more information about how to get started, please see an older blog post:

Microsoft is creating ready-to-use gallery items that you can download with Web Platform Installer.
One of the good things with these packages, is that you can edit them directly using the VM Authoring tool. (Download VMAuthoring Tool from Codeplex: https://vmroleauthor.codeplex.com/ )

The VM Role in WAP and System Center 2012 R2 introduces an application model to deploy virtual machine workloads. The tool is used to author VM Role artifacts – Resource Definitions and Resource Extension Packages.

In this blog post, we will create a basic VM Role that can be joined to an existing Active Directory Domain.

We need to create both a Resource Definition – and a Resource Extension for the VM Role.

Resource Definition is the package that speaks a language that Windows Azure Pack is able to understand. (RESDEF) is a versioned template that describes how a resource should be provisioned, and includes information such as VM size, OS settings, OS image, Allowable Extensions and Resource Extension References. In addition, the Resource Definition also contains the view definition (VIEWDEF) which presents the tenants for a user interface in the portal, providing them with descriptions to the input fields and prompt them for required information.

Resource Extension is the package that speaks a language that VMM is able to understand. The extensions contains information about the requirements for the resource definitions towards the building blocks in the VMM library, and describes how a resource should be installed and configured described by a Resource Definition File. The resource extension can only be imported with Powershell, and may have requirements to its VHD’s in order be used in Windows Azure Pack.
For instance, a VM Role that should work as a SQL server would have certain criteria’s that must be met in the resource extension, like a VHD tagged with “SQL”, so that the resource definition and its view definition will list the valid disks within the portal during the creation wizard.

For more information and a good guidance on how to create VM Roles with VMAuthoring Tool, please check these great tutorials by Charles:

VM Role Resource Extension: http://www.youtube.com/watch?v=iCilD2P8vhE

VM Role Resource Definition: http://www.youtube.com/watch?v=66zznivfh_s

Consider this as mandatory before you proceed with this blog post J

I will create a new VM Role that will join an existing Active Directory Domain and also enable the File Service within the guest post deployment.

1)      Start VM Authoring tool and create a new Resource Definition Package and a new Windows Resource Extension Package

2)      As you can see, we have both artifacts presented in this tool, and we will mainly be focusing on the resource definition since we are not putting so much applications within the VM Role.

3)      On the resource requirements for the resource exention, I have added a tag for the VHD, which is “WindowsServer2012”. That means that the vhd used with with extension must be tagged with this tag

4)      On the Roles & Features section, I have simply enabled “File Server” so that VMM will configure the guests as part of the process with this server role

5)      On the Resource Definition, we also have ‘Extension References’ that will link to the resource extension we will import into VMM library. The references here are important, so that the definition file know where to look, and VMM know what to present to the portal when the VM Role is selected. As you can see, I have referenced to my resource extension file in the upper left corner.

6)      At the operating System Profile in the resource definition, I want to configure the VM role to join an Active Directory Domain. Default, the profile is configured with “Workgroup”, so select “JoinDomain” and from the drop-down list side-by-side with DomainToJoin and DomainJoinCredentials, click generate a new parameter on both. Navigate to the “parameter” in the Resource Definition afterwards

7)      We have now two new parameters and the tools is auto creating the data type recommended for these fields. In this case, string and credentials are mapped with the new parameters

8)      Moving over to the section for the View Definition, we can see the OSVirtualHardDisk and the requirement for tags. In this case, a tag of “WindowsServer2012” is required on the vhd used for this VM role, and we must tag this vhd with powershell in VMM

Save the packages to a location on your HDD. Note that you can always verify your input and the tool will point out any errors in the configuration for you to fix.

This was some very small modifications, but we now have the basics in place in order to have a new VM Role that will join the domain during deployment, and also install and configure the file server.

Let us move over to the service management portal in Windows Azure Pack and import the resource definition.

1)      Log on to the Windows Azure Pack Administrator portal. This is considered as a high privileged server and should be located behind your corporate firewall.
2)      On the VM Clouds, go to Gallery and click import. Browse to the location of your newly created gallery item and import the resource definition.

3)      Make the Gallery Item Public and save the changes.

Before we can add the gallery item to a Plan created in Windows Azure Pack, we must first import the resource extension to VMM so that the resource definition know what to look for.

1)      Navigate to VMM and launch Powershell

The following script can be used to import a resource extension, and also to verify the content afterwards.

### Sample script that imports the Web VM Role into VMM Library

### Get Library share
### Get resource extensions from folder
### Import resource extension to VMM library

$libraryShare = Get-SCLibraryShare | Where-Object {$_.Name -eq 'MSSCVMMLibrary'} 

$resextpkg = $Env:SystemDrive + "\Users\administrator.INTERNAL\Desktop\GalleryTemp\KNDemo-03-03-2014-18-36-06\KN.resextpkg"

Import-CloudResourceExtension –ResourceExtensionPath $resextpkg -SharePath $libraryshare -AllowUnencryptedTransfer

### Get virtual hard disk that should be associated with the resource extension
### Ask VMM for operating systems equal to 64-bit edition of Windows Server 2012 Datacenter
### Set virtual hard disk to be tagged as Windows Server 2012 Datacenter

$myVHD = Get-SCVirtualHardDisk | where {$_.Name –eq 'webg1.vhdx'} 
$WS2012Datacenter = Get-SCOperatingSystem | where { $_.name –eq '64-bit edition of Windows Server 2012 Datacenter' } 
Set-scvirtualharddisk –virtualharddisk $myVHD –OperatingSystem $WS2012Datacenter

### Define tags
### Tag vhd with familiy name (Windows Server 2012) and extension requirements (.NET3.5)
### Set properties on vhd

$Tags = $myvhd.tag
if ( $tags -cnotcontains "WindowsServer2012" ) { $tags += @("WindowsServer2012") }
if ( $tags -cnotcontains ".NET3.5" ) { $tags += @(".NET3.5") }
Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -Tag $tags
Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -FamilyName "Windows Server 2012 Datacenter" -Release ""

### Verify cloud resource extensions

Get-CloudResourceExtension | Format-List -Property State, Description, Name

### Verify cloud resources deployed

Get-CloudResource | Format-List -Property name

### Verify tags on vhds

Get-SCVirtualHardDisk | Format-List -Property familyname, OperatingSystem, VHDFormatType, release

This script is for your reference.

Once this has completed, we should be able to add the gallery item to an existing Plan in WAP.

1)      Navigate back to the service management portal and locate your newly imported gallery item
2)      On plans, click add and select the Plan you want this to be added.
Note: based on the number of subscriptions accessing this plan, it can take a minute or two before everything is populated and exposed to them.

Now, let us logon as a tenant and deploy or new VM Role.

Note: If you are using NVGRE and want the VM Role to join an Active Directory Domain, you must specify the right DNS server for the network in the portal prior to deployment of this role. If you are only using a public DNS for internet connectivity for your tenants, you won’t be able to join.

1)      Logon to the tenant portal
2)      Launch the wizard, select new Virtual Machine Role and select ‘from gallery’

3)      Since we have imported both the resource definition file and the resource extension file, that also have the corresponding requirements to see each other, we can see the newly created VM Role “KNDemo” which has a version of “”. Click to proceed

4)      Assign a unique name for the VM role and continue

5)      The view definition will present us with the required input fields and map this back to the configuration of the VM role. As you can see, I am able to specify my Active Directory Domain to join, and which credentials I should use. Once this is done, we can deploy the VM Role.
Note that you could also separate different configuration tasks in different sections/windows in this wizard, so that everything is not placed in a long list as in this example.

6)      The VM Role will now be provisioned, joined to my network (NVGRE in this context) and my domain

Once the VM is deployed, we can log on (using the great Remote Console feature) remotely and verify the configuration.

First, we see that the VM has joined the domain, and I am able to log on with domain credentials:

Next, we can verify that we have installed the File Server role:

I hope this blog post was useful in how to get started with authoring your own VM Roles using VMAuthoring tool.
If times allow, I will be back with other examples in the near future.

No comments: