Kevin Holman's System Center Blog

Posts in this blog are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of UseAre you interested in having a dedicated engineer that will be your Mic

SC App Controller – Connecting on premise to Windows Azure

SC App Controller – Connecting on premise to Windows Azure

  • Comments 1
  • Likes

Connecting your on-premise App Controller deployment to Windows Azure will open up the following capabilities to enable a single portal for your cloud users, both private and public:

  • Deploy Cloud service
  • Deploy Virtual Machine
  • Add VM’s to Cloud Services
  • Copy existing VM to Azure
  • Modify existing Services
  • Modify Existing VM’s
  • Start VM
  • Shut Down VM
  • Restart VM
  • Connect to VM
  • View and manage Jobs

This is covered starting at:  http://technet.microsoft.com/en-us/library/hh221344.aspx

The first step in connecting App Controller to Windows Azure is to generate a certificate.  We can use MAKECERT from Visual Studio.  Additionally we can generate the cert by using IIS, which is already installed on our app controller server.  Open IIS manager, select the server name, and then open the Server Certificates icon.

image

On the right panel, choose to create a self signed certificate:

image

Give the friendly name something that makes sense – like AzureManageCert

image

Now select this certificate in IIS manager – and choose Export:

image

Export the file to a local directly, such as C:\azuremanagecert.pfx.  Use a strong password.  Now – we have our certificate file with private keys.  The next step is to import it.

Run MMC.EXE and add the Certificates snap-in.  Choose the Computer account, for the Local Computer, when adding the snap-in.

Browse the Certificates (Local Computer) store, Personal, Certificates.  You should see your certificate that we created with the Friendly Name of “AzureManageCert”. 

imageimage

Right click it, and choose All Tasks, Export.  Do not export the private key, just accept the defaults to export a CER file, such as C:\azuremanagecert.cer

Now, we need to upload the certificate into Azure.  In the Azure portal, browse Setting, Management Certificates.  Upload.

image

Upload the CER file.

Once this uploads, we can connect App Controller to Azure, and it will use Certificate Authentication.

In the App Controller portal, click Clouds.  Then Connect, Windows Azure Subscription.

Supply a friendly name, and input the subscription ID from Azure.  Your subscription ID in the Azure portal is available at “Subscription” then “Manage your Subscriptions”. 

Browse to the exported PFX certificate file we exported above.  Provide the private key password to App Controller.

image

Click OK. 

At this point, you should be able to see any virtual machines running in your Azure subscription:

image

You can now grant access to this subscription, via your active directory users, by creating a user role for them and adding them into the subscription:

In App Controller, select User Roles.  Create a new user role called “Azure VM Admins”

Add in members, via AD accounts or groups.  The format should be DOMAIN\groupname or DOMAIN\username.

Scope the users to the Azure subscription we just created.  Click OK.  Now when those users log into App Controller, they will see the subscriptions that they have been granted access to in the portal.

At this point, we could do many of the activities listed above.  Lets start with something simple – Deploy a Virtual Machine.

Click Virtual Machines, Deploy:

image

On the New Deployment, Cloud, select configure.  Choose your Azure Account.

On Deployment Type – browse Images.  These are images existing in Azure already.  Lets pick the latest Windows Server 2012 R2 build to deploy,

On the Cloud Service – this is our public facing name to access this VM, or the applications it will eventually host.  We can create a new service, or use an existing one and add this virtual machine to it.  Just click “Create” and supply a name.  The Public URL name you choose much be unique.  Choose a local region then click OK.

On the Deployment, click configure.  Supply a simple deployment name.

On the Virtual Machine, click Configure.  Supply a VM name, instance size, browse the storage account and select an available folder location.  Provide a local username and password for the VM.  Click OK.

Now you can select “Deploy” and you can monitor the deployment job progress from the “Jobs” view:

image

Comments
  • It sounds very interesting.  I hope I could get assistance while completely this task.  I am a newbie but am willing to put my all into learning.  Thanks for the detailed instructions.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Search Blogs