SharePoint on Azure IaaSMario BrandanRegional ArchitectMicrosoft

Agenda

1. Run the script!2. Why Azure IaaS?3. Concepts4. Highlights5. Questions

First things first

http://SpAzureService.CloudApp.Net

Test.Please browse to this url and verify no web site is there

Script is already running!Why?It’s a long script2 hours to run in prior testsStarted running it at least an hour before this talk beganTiming should let the script finalize about 30 – 45mn into this talk

K

What’s Azure IaaS?

Virtual Machines on AzureIaaSInfrastructure as a ServiceVLAN, Subnet, VM’s, IP’s, etcVHD format compatible with On-premise

SoftwareOS: Windows or LinuxMany App/DB Server Templates available

Not same as Hyper-VOne NIC per VMNo console accessD drive is temporary storage. Don’t use.Otherwise same

Cloud Models On Premises

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

You m

anage

Infrastructure(as a Service)

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Managed b

y M

icroso

ft

You m

anage

Platform(as a Service)

Managed b

y M

icroso

ft

You m

anage

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Software(as a Service)

Managed b

y M

icroso

ft

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

How to get Azure

MSDN Azure BenefitsSubscription Levels

Subscription Level

Visual Studio

Professional with MSDN

Visual Studio Test Professional with

MSDN

MSDN Platforms

Visual Studio Premium with

MSDN

Visual Studio Ultimate with

MSDN

Azure Credits included per month

$50 $50 $100 $100 $150

Spending LimitRequires a credit card on fileDoesn’t let you exceed your monthly Azure CreditsCan be turned on and off

No Production Work

Other waysPay as you goPricing Calculator:http://azure.microsoft.com/en-us/pricing/calculator/

Free Trialhttp://azure.microsoft.com/en-us/pricing/free-trial/

Why Dev on IaaS?

Modern Development

Get hip

Reduce costs for individual dev machines

Homogeneity among dev machines

Sharing among devs is easier. Can even bring the vhd down to local machines if desired.

Demo anywhere.Tablet at the airport.Phone in the elevator.

Dev / Test

Cloud ServiceVirtual Network

Windows Azure

SQL DR1(A6)

SP DR1

(Large)

AD1(X-Small)

SQL DR2(A6)

SP DR2

(Large)

SP DR4

(Large)

SP DR5

(Large)

SP DR3

(Large)

Visual Studio Online

Test Agents

Load Test

Extranet and Public-Facing Internet

Cloud Service

Virtual Network

Windows Azure On Premises

Active Directory

Site developers and authors

VPN Tunnel

SharePoint 2013 Farm

Web Application

Windows Azure Active Directory

Internet Zone

Anonymous

Extranet Zone Default Zone

WindowsWindows

SAML

FBA Active DirectoryDomain Services

Partners and Customers

Visitors

Azure IaaS Definitions

Affinity GroupsClosely locate your compute, network and storage resources in the same datacenter

Get better performance

Get lower latency

Reduce egress costs

AffinityGroup

K

Virtual NetworkCreates a logical boundary around a group of VM’s

Can be used for VPN access from corp

Gateway device required for IPSEC/VPN access.

Machines on VNET look like a machine on corp

K

Cloud ServiceVM’s automatically get a cloud service container

Logical grouping of code and configuration.

Not the same as Azure Cloud Services, which has web roles and worker roles.

K

Availability SetsAnother logical boundary

Distributes guest VMs across physical hosts in Azure DataCenter

Prevents failure of a single physical host bringing down the cloud service

K

Storage AccountBLOB, Tables, Queue

VHDs use BLOB

Containers providing grouping for BLOB’s

K

Azure Account

Storage Acct

Container

Virtual Network (VNET)

Cloud Service

80

The Script

SharePoint 2013 Automation ScriptsPowerShell Scripts Automated deployment of Active Directory, SQL Server and SharePoint 2013.AD, SQL, SharePoint, in that orderUses various technologies to configure VM’s, AD DS, Disks, SharePoint.

Two Sample Configurations AvailableHighlyAvailable and SingleVMs

Download from GitHubhttps://github.com/Azure/azure-sdk-tools-samplesScript as run today. Customized, debuggedhttps://github.com/mabranda/SPAzurePoSh

K

Single Virtual Machines Template

AD/DC/DNSLB WEB/APP SQL

80

20000Cloud Service

Virtual Network

Windows Azure

Web/App Tier1 x Large

(4 Cores & 7 GB)

Data Tier1 x A6

(4 Cores & 28 GB)

Identity Tier1 Small

(1 Core & 1.75 GB)

K

Environment Setup

My Environment SetupAzure PowerShell ModuleAvailable via Web Platform InstallerSource code managed in GitHub

Visual Studio 2013…or your favorite PowerShell Script Editor (ISE, PowerGUI)

PowerShell Tools for Visual Studio 2013Available on Visual Studio Gallery. Can install directly from Visual StudioUsed only to run PoSh within Visual Studio.All debugging, etc can be done in PowerShell ISE.

Technologies used in VM ConnectivityCredSSPCredential Security Service ProviderEnables a client program to delegate credentials from the client computer to the target server.Used by RDP

WS-ManagementAn open-standard management protocol.Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol Remotely exchange management data with any computer device that implements the protocol.

WinRMMicrosoft’s implementation of WS-Management

Script TemplatesMS Official on GitHubhttps://github.com/Azure/azure-sdk-tools-samples

Script as run today. Customized, debuggedUpdates in Azure PowerShell causes some of the commands to failhttps://github.com/mabranda/SPAzurePoSh

PreparationStart VS in Admin ModeSet-ExecutionPolicy ByPassSuppresses all confirmation, warnings, lets you run unsigned code

Configure the followingEnable-PSRemoting Enables PowerShell Remoting. Win 7 or later.Will fail if a network connection is listed as “Public”

Enable-WSManCredSSP -role client -delegatecomputer "*.cloudapp.net“Enable CredSSP for delegation of credentials

$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain" Set-ItemProperty $regKey -Name WSMan -Value "WSMAN/*.cloudapp.net“

Enable CredSSP

PreparationEdit Local Group PolicyStart > Run > gpedit.mscNavigate to Computer Configuration > Administrative Templates > System > Credentials Delegation

Allow Delegating Fresh CredentialsEnableAdd Servers > wsman/*.cloudapp.net

Allow Delegating Fresh Credentials with NTLM-only server authenticationEnableAdd Servers > wsman/*.cloudapp.net

May need to gpupdate for changes to take effect

Check your subscriptionAvailable resourcesDepending on prior installations, subscription level, you may not have enough cores / storage, etc to successfully run the script.

Check CoresGet-AzureSubscription -Current -ExtendedDetails

Highlights

Running the scriptStart from master-deployment-script.ps1Will call all other scriptsFill out all parameters in the call to AutoconfigureFill out the values in the XML configuration files

Outdated CmdletsCheck for new version of cmdletsRapid Release means we update the Azure module often enough so that old paths and cmdlets may be outdated.Web Platform Installer has latest versionVerify your version using(Get-Module).Version

Current version as of 7/10/2014 is 0.8.4

DisableLoopBackCheck!New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value "1" -PropertyType dword

Storage Accounts GotchaNaming ConstraintStorage Account can only contain numbers and lowercase characters. Will cause an error when calling Create-AzureStorageAccount. Must be between 3 and 24 characters. I was using SpAzureStorage, which won't work. Changed to spazurestorage.

Other issuesVerify Certificate in local Machine Store$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)$store.Certificates | ?{$_.Subject -like "*SpAzure*"} | select DNSNameList$store.Close()

Could not create Publishing Site by defaultHad to use “STS#0”

Bug in DiskpartNoted in the SpAzurePoSh project on GitHub

ConnectingEvery VM has a public port that maps to the cloud service endpoint. Visible on the Virtual Machines management node on AzureAdd the RDP endpoint to an mstsc command to connect.

Questions?

ResourcesWindows Azure Training KitKirk Evans Presentation from SPC14

Thank you

Mario Brandanmario.brandan@outlook.com@mbrandanblogs.technet.com/b/marios_mo_betta_blog