Connecting your on-premise App Controller deployment to Windows Azure will open up the following capabilities to enable a single portal for your cloud users, both private and public:
- Deploy Cloud service
- Deploy Virtual Machine
- Add VM’s to Cloud Services
- Copy existing VM to Azure
- Modify existing Services
- Modify Existing VM’s
- Start VM
- Shut Down VM
- Restart VM
- Connect to VM
- View and manage Jobs
This is covered starting at: http://technet.microsoft.com/en-us/library/hh221344.aspx
The first step in connecting App Controller to Windows Azure is to generate a certificate. We can use MAKECERT from Visual Studio. Additionally we can generate the cert by using IIS, which is already installed on our app controller server. Open IIS manager, select the server name, and then open the Server Certificates icon.
On the right panel, choose to create a self signed certificate:
Give the friendly name something that makes sense – like AzureManageCert
Now select this certificate in IIS manager – and choose Export:
Export the file to a local directly, such as C:\azuremanagecert.pfx. Use a strong password. Now – we have our certificate file with private keys. The next step is to import it.
Run MMC.EXE and add the Certificates snap-in. Choose the Computer account, for the Local Computer, when adding the snap-in.
Browse the Certificates (Local Computer) store, Personal, Certificates. You should see your certificate that we created with the Friendly Name of “AzureManageCert”.
Right click it, and choose All Tasks, Export. Do not export the private key, just accept the defaults to export a CER file, such as C:\azuremanagecert.cer
Now, we need to upload the certificate into Azure. In the Azure portal, browse Setting, Management Certificates. Upload.
Upload the CER file.
Once this uploads, we can connect App Controller to Azure, and it will use Certificate Authentication.
In the App Controller portal, click Clouds. Then Connect, Windows Azure Subscription.
Supply a friendly name, and input the subscription ID from Azure. Your subscription ID in the Azure portal is available at “Subscription” then “Manage your Subscriptions”.
Browse to the exported PFX certificate file we exported above. Provide the private key password to App Controller.
At this point, you should be able to see any virtual machines running in your Azure subscription:
You can now grant access to this subscription, via your active directory users, by creating a user role for them and adding them into the subscription:
In App Controller, select User Roles. Create a new user role called “Azure VM Admins”
Add in members, via AD accounts or groups. The format should be DOMAIN\groupname or DOMAIN\username.
Scope the users to the Azure subscription we just created. Click OK. Now when those users log into App Controller, they will see the subscriptions that they have been granted access to in the portal.
At this point, we could do many of the activities listed above. Lets start with something simple – Deploy a Virtual Machine.
Click Virtual Machines, Deploy:
On the New Deployment, Cloud, select configure. Choose your Azure Account.
On Deployment Type – browse Images. These are images existing in Azure already. Lets pick the latest Windows Server 2012 R2 build to deploy,
On the Cloud Service – this is our public facing name to access this VM, or the applications it will eventually host. We can create a new service, or use an existing one and add this virtual machine to it. Just click “Create” and supply a name. The Public URL name you choose much be unique. Choose a local region then click OK.
On the Deployment, click configure. Supply a simple deployment name.
On the Virtual Machine, click Configure. Supply a VM name, instance size, browse the storage account and select an available folder location. Provide a local username and password for the VM. Click OK.
Now you can select “Deploy” and you can monitor the deployment job progress from the “Jobs” view: