42
SharePoint on Azure IaaS Mario Brandan Regional Architect Microsoft
SharePoint on Azure IaaSMario BrandanRegional ArchitectMicrosoft
Agenda
1. Run the script!2. Why Azure IaaS?3. Concepts4. Highlights5. Questions
First things first
http://SpAzureService.CloudApp.Net
Test.Please browse to this url and verify no web site is there
Script is already running!Why?It’s a long script2 hours to run in prior testsStarted running it at least an hour before this talk beganTiming should let the script finalize about 30 – 45mn into this talk
K
What’s Azure IaaS?
Virtual Machines on AzureIaaSInfrastructure as a ServiceVLAN, Subnet, VM’s, IP’s, etcVHD format compatible with On-premise
SoftwareOS: Windows or LinuxMany App/DB Server Templates available
Not same as Hyper-VOne NIC per VMNo console accessD drive is temporary storage. Don’t use.Otherwise same
Cloud Models On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managed b
y M
icroso
ft
You m
anage
Platform(as a Service)
Managed b
y M
icroso
ft
You m
anage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Managed b
y M
icroso
ft
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
How to get Azure
MSDN Azure BenefitsSubscription Levels
Subscription Level
Visual Studio
Professional with MSDN
Visual Studio Test Professional with
MSDN
MSDN Platforms
Visual Studio Premium with
MSDN
Visual Studio Ultimate with
MSDN
Azure Credits included per month
$50 $50 $100 $100 $150
Spending LimitRequires a credit card on fileDoesn’t let you exceed your monthly Azure CreditsCan be turned on and off
No Production Work
Other waysPay as you goPricing Calculator:http://azure.microsoft.com/en-us/pricing/calculator/
Free Trialhttp://azure.microsoft.com/en-us/pricing/free-trial/
Why Dev on IaaS?
Modern Development
Get hip
Reduce costs for individual dev machines
Homogeneity among dev machines
Sharing among devs is easier. Can even bring the vhd down to local machines if desired.
Demo anywhere.Tablet at the airport.Phone in the elevator.
Dev / Test
Cloud ServiceVirtual Network
Windows Azure
SQL DR1(A6)
SP DR1
(Large)
AD1(X-Small)
SQL DR2(A6)
SP DR2
(Large)
SP DR4
(Large)
SP DR5
(Large)
SP DR3
(Large)
Visual Studio Online
Test Agents
Load Test
Extranet and Public-Facing Internet
Cloud Service
Virtual Network
Windows Azure On Premises
Active Directory
Site developers and authors
VPN Tunnel
SharePoint 2013 Farm
Web Application
Windows Azure Active Directory
Internet Zone
Anonymous
Extranet Zone Default Zone
WindowsWindows
SAML
FBA Active DirectoryDomain Services
Partners and Customers
Visitors
Azure IaaS Definitions
Affinity GroupsClosely locate your compute, network and storage resources in the same datacenter
Get better performance
Get lower latency
Reduce egress costs
AffinityGroup
K
Virtual NetworkCreates a logical boundary around a group of VM’s
Can be used for VPN access from corp
Gateway device required for IPSEC/VPN access.
Machines on VNET look like a machine on corp
K
Cloud ServiceVM’s automatically get a cloud service container
Logical grouping of code and configuration.
Not the same as Azure Cloud Services, which has web roles and worker roles.
K
Availability SetsAnother logical boundary
Distributes guest VMs across physical hosts in Azure DataCenter
Prevents failure of a single physical host bringing down the cloud service
K
Storage AccountBLOB, Tables, Queue
VHDs use BLOB
Containers providing grouping for BLOB’s
K
Azure Account
Storage Acct
Container
Virtual Network (VNET)
Cloud Service
80
The Script
SharePoint 2013 Automation ScriptsPowerShell Scripts Automated deployment of Active Directory, SQL Server and SharePoint 2013.AD, SQL, SharePoint, in that orderUses various technologies to configure VM’s, AD DS, Disks, SharePoint.
Two Sample Configurations AvailableHighlyAvailable and SingleVMs
Download from GitHubhttps://github.com/Azure/azure-sdk-tools-samplesScript as run today. Customized, debuggedhttps://github.com/mabranda/SPAzurePoSh
K
Single Virtual Machines Template
AD/DC/DNSLB WEB/APP SQL
80
20000Cloud Service
Virtual Network
Windows Azure
Web/App Tier1 x Large
(4 Cores & 7 GB)
Data Tier1 x A6
(4 Cores & 28 GB)
Identity Tier1 Small
(1 Core & 1.75 GB)
K
Environment Setup
My Environment SetupAzure PowerShell ModuleAvailable via Web Platform InstallerSource code managed in GitHub
Visual Studio 2013…or your favorite PowerShell Script Editor (ISE, PowerGUI)
PowerShell Tools for Visual Studio 2013Available on Visual Studio Gallery. Can install directly from Visual StudioUsed only to run PoSh within Visual Studio.All debugging, etc can be done in PowerShell ISE.
Technologies used in VM ConnectivityCredSSPCredential Security Service ProviderEnables a client program to delegate credentials from the client computer to the target server.Used by RDP
WS-ManagementAn open-standard management protocol.Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol Remotely exchange management data with any computer device that implements the protocol.
WinRMMicrosoft’s implementation of WS-Management
Script TemplatesMS Official on GitHubhttps://github.com/Azure/azure-sdk-tools-samples
Script as run today. Customized, debuggedUpdates in Azure PowerShell causes some of the commands to failhttps://github.com/mabranda/SPAzurePoSh
PreparationStart VS in Admin ModeSet-ExecutionPolicy ByPassSuppresses all confirmation, warnings, lets you run unsigned code
Configure the followingEnable-PSRemoting Enables PowerShell Remoting. Win 7 or later.Will fail if a network connection is listed as “Public”
Enable-WSManCredSSP -role client -delegatecomputer "*.cloudapp.net“Enable CredSSP for delegation of credentials
$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain" Set-ItemProperty $regKey -Name WSMan -Value "WSMAN/*.cloudapp.net“
Enable CredSSP
PreparationEdit Local Group PolicyStart > Run > gpedit.mscNavigate to Computer Configuration > Administrative Templates > System > Credentials Delegation
Allow Delegating Fresh CredentialsEnableAdd Servers > wsman/*.cloudapp.net
Allow Delegating Fresh Credentials with NTLM-only server authenticationEnableAdd Servers > wsman/*.cloudapp.net
May need to gpupdate for changes to take effect
Check your subscriptionAvailable resourcesDepending on prior installations, subscription level, you may not have enough cores / storage, etc to successfully run the script.
Check CoresGet-AzureSubscription -Current -ExtendedDetails
Highlights
Running the scriptStart from master-deployment-script.ps1Will call all other scriptsFill out all parameters in the call to AutoconfigureFill out the values in the XML configuration files
Outdated CmdletsCheck for new version of cmdletsRapid Release means we update the Azure module often enough so that old paths and cmdlets may be outdated.Web Platform Installer has latest versionVerify your version using(Get-Module).Version
Current version as of 7/10/2014 is 0.8.4
DisableLoopBackCheck!New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value "1" -PropertyType dword
Storage Accounts GotchaNaming ConstraintStorage Account can only contain numbers and lowercase characters. Will cause an error when calling Create-AzureStorageAccount. Must be between 3 and 24 characters. I was using SpAzureStorage, which won't work. Changed to spazurestorage.
Other issuesVerify Certificate in local Machine Store$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)$store.Certificates | ?{$_.Subject -like "*SpAzure*"} | select DNSNameList$store.Close()
Could not create Publishing Site by defaultHad to use “STS#0”
Bug in DiskpartNoted in the SpAzurePoSh project on GitHub
ConnectingEvery VM has a public port that maps to the cloud service endpoint. Visible on the Virtual Machines management node on AzureAdd the RDP endpoint to an mstsc command to connect.
Questions?
ResourcesWindows Azure Training KitKirk Evans Presentation from SPC14
