Kevin Remde's IT Pro Weblog
Windows Server 2012 is available. It offers businesses and service providers a scalable, dynamic, and multitenant-aware cloud-optimized infrastructure. Windows Server 2012 helps organizations connect securely across premises and helps IT Professionals to respond to business needs faster and more efficiently.
Need more information? See the product details page.
Access technical product resources—forums, solution accelerators, white papers and webcasts—at the Windows Server 2012 Resource Page.
Review Windows Server 2012 system requirements
Register, then download and install full-featured software for a 180-day trial
Receive emails with resources to guide you
The Windows Server 2012 evaluation software is available in Standard and Datacenter editions. You will be prompted to choose a version during the set-up and registration process.
ALSO: For additional testing and training, be sure to try out the Windows Server 2012 Virtual Labs.
ISO available in: Chinese (Simplified), English, French, German, Italian, Japanese, Russian, Spanish. VHD available in: English
In today’s episode, I welcome Microsoft MVP, Mitch Garvis to the show. We discuss how Windows 8 Enterprise and Windows 8 Professional now include Microsoft Hyper-V as an optional feature. Tune in as we discuss WHY you would want to use the power of Hyper-V virtualization on your desktop, laptop or tablet running Windows 8.
Download the Windows 8 Enterprise Evaluation today and test your applications, hardware and deployment strategies with Windows 8.
Resources:
Download
The article I’m writing for part 13 our “31 Days of Servers in the Cloud” series involves using App Controller to create a virtual machine. But to do this, you first need to connect and associate App Controller (a component of System Center 2012) with your Windows Azure subscription.
So in today’s Part 12, as a preliminary document for part 13, in this article I’m going to show you how to connect App Controller to your Windows Azure account.
To do this, we need to have a few preliminaries in place:
Connect App Controller to your Windows Azure subscription
To make this happen, you first have to have a management certificate in place. This makes up the bulk of the complexity involved. It must be a management certificate that has a key length of at least 2048 bits and resides in the Personal certificate store. To make this all work, you’ll need both a .cer file, which is the exported certificate that you’ll upload as the management certificate in Windows Azure, and a.pfx (personal information exchange) certificate file that you’ll use to connect App Controller to your Azure subscription. You can create this self-signed certificate easily in one of two ways:
For my example, I’m going to use IIS that I’m going to install on Windows 8.
Install IIS on Windows 8
In the “Turn Windows features on or off” section of the “Add or Remove Programs” (just search from your Start Screen), add the IIS Management Console feature:
Generate the Self-Signed Certificate
Once installed, open up the IIS Manager. Double-click on “Server Certificates”, and then in the Actions pane on the right, select “Create Self-Signed Certificate”.
Give your certificate a friendly name that you’ll recognize later, and click OK.
Export the .pfx File
Next, we need to export the new certificate as a .pfx file. (This is the file we’ll later use to connect App Controller to our Windows Azure subscription.) You can create this from IIS Management as well. With your new certificate selected, click export in the Actions pane. Choose a file name and destination for the file, set a password, and click OK.
Once this is done, and if you have no further use of IIS on your Windows 8 machine, you can remove it just as easily as you added it. You won’t need it for anything more here.
Generate the .cer file.
Now we need a .cer file – the exported certificate that we will upload into our Windows Azure subscription. The certificate we just created is in the Local Computer certificates store, so we could either need to use MMC and the “Certificates” snap-in to get to and export the certificate from there, OR we could import the .pfx into the personal certificate store and then export it from there. I’ll describe the latter..
Run certmgr.msc as a quick way to open up MMC connected to the current user’s certificate store, and navigate to Personal –> Certificates
Right-Click on Certificates, and under All Tasks, select Import…
In the Certificate Import Wizard, click Next, and then browse to and select your recently created .pfx file. (NOTE: You’ll have to change the file type you’re looking for to include .pfx files in order to see it as you navigate)
Click Next.
Enter the password you used to secure your .pfx file, and click Next.
Leave the Certificate Store as the Personal store. Click Next, and then click Finish to complete the import.
Now in the list of your certificates in the personal certificate store, you should see a certificate that contains a friendly name you used earlier (in my case it’s “MyAzureMgmtCert”). Right-click on your certificate, and under All Tasks, select Export.
Just use the defaults through this wizard, browse to a location for and name your certificate:
Click Next and then Finish.
Okay. Now you have both the .pfx and the .cer files you’ll need to connect App Controller to Windows Azure.
Upload the .cer to Windows Azure.
In the Windows Azure portal, at the bottom left, select Settings, and then click Upload.
Browse to and select your .cer file:
Click the Check Box, and in a few seconds you should see a notification telling you that your upload is successful. You should also see your certificate added to the list of management certificates
Connect App Controller to Windows Azure
Before we make the connection, we’ll need to have our Windows Azure Subscription ID. The subscription ID is a long set of numbers, formatted to look something like this: 00000000-0000-0000-0000-000000000000 You can get this a number of different ways.
Copy the subscription ID to the clipboard.
Now we’re ready to open up App Controller and log in as your administrative account.
In the Overview pane, under Public Clouds, click “Connect a Windows Azure Subscription”
Paste your subscription ID into the appropriate field, browse to and select your .pfx certificate file, enter the password, and give your connection a name and optional description.
Once you click OK, you should soon see that you have a Windows Azure subscription connected. If you had any virtual machines or services running in Windows Azure, you’ll be able to see those represented here also.
And that’s it! You’re connected!
Now you can do really cool things like using App Controller to create Virtual Machines in Windows Azure.
---
I hope you found this useful! If you have any questions or comments, please add them to the comments and we can discuss them.
If you’re interested in the full list of articles in our “31 Days of Servers in the Cloud” Windows Azure Virtual Machines and IaaS series…
“I’m interested in the links to the full series, Kevin.”
I was just getting to that. Anyway… here it is. ENJOY!
And in case you haven’t had a chance to try out Windows Azure, CLICK HERE to start your 90 day free trial.
“Hey Kevin.. How come the list isn’t complete?”
Because the month isn’t over yet. Keep watching my blog every day for the latest article.
Done! I hope you enjoyed this series, and will keep watching my blog for our other planned series' yet-to-come!
My turn!
In todays installment of our “31 Days of Servers in the Cloud”, we wanted to show you how easy it is to load a locally created, Hyper-V based virtual machine into Windows Azure.
“But it’s not really that easy, is it? I’ve had a heckuva time trying to make this work!”
Actually, once the preliminaries are in place, it is easy. But to upload anything from your local machine into a Windows Azure storage account requires you to connect to your Azure account.. which means having a management certificate in place to authenticate the connection.. which is a process that is hard to discover. Searching for a quick solution was confusing, because the tools are always changing.. and what was required several months ago isn’t necessarily the easiest way to do this.
This leads me to a little disclaimer, which really could apply to every single article written for this series:
This documentation provided is based on current tools as they exist during the Windows Azure Virtual Machine PREVIEW period. Capabilities and operations are subject to change without notice prior to the release and general availability of these new features.
That said, I’m going to try to make this process as simple as possible, and leave you not only with the ability to launch a VM from your own uploaded .VHD (virtual hard disk) file, but also leave you in good shape for using some pretty useful tools (such as Windows PowerShell) for managing your Windows Azure-based resources.
The rest of this article assumes that you already have a Windows Azure subscription. If you don’t have one, you can start a FREE 90 TRIAL HERE.
Create a local VM using Hyper-V
I’m going to assume that you know how to use Hyper-V to create a virtual machine. You can do this in Hyper-V running on Windows Server 2008 R2 or Windows Server 2012. You could even use Hyper-V installed on Windows 8. The end result should be that you have a virtual machine installed as you want it, sysprepped (important!), and ready to go. It’s that machine’s .VHD (the virtual hard disk) file that you’re going to be uploading into Windows Azure storage.
If you want further help building and preparing a virtual machine, check out the first part of this article on how to build a VM: Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System
NOTE: If you’re going to use one of the storage exploring tools I will be mentioning later, you will want to create your disk as (or convert your disk to) a fixed-format VHD. This is because those tools won’t convert the disk file on the fly, and the disk in Windows Azure storage is required to be a fixed disk (as opposed to a dynamic disk, which is the default).
Setup Windows Azure Management
Before we can connect to our Windows Azure storage and start uploading, we need to have a management certificate in place, as well as the tools for doing the upload installed.
Although there are manual ways of creating and uploading a self-signed certificate, the easiest method is to use the Windows Azure PowerShell cmdlets. Here is the download location for those:
Windows Azure PowerShell: https://www.windowsazure.com/en-us/manage/downloads/
Note that although the page says that it’s the November 2012 release, it actually gives you the December 2012 release. That’s important, because the extremely beneficial Add-AzureVHD PowerShell cmdlet was only introduced in December.
Once those are installed, you can follow the instructions here:
Get Started with Windows Azure Cmdlets: http://msdn.microsoft.com/en-us/library/windowsazure/jj554332.aspx
Specifically THIS SECTION which describes how to use the Get-AzurePublishSettingsFile, which generates a certificate in Windows Azure and creates a local “.publishsettings” file that is then imported locally using the Import-AzurePublishSettingsFile cmdlet. Once that’s done, you’ll have the management certificate in place locally as well as in your Azure account. And the best part is, this relationship is persistent! From this point on the opening of the Windows Azure PowerShell window will be properly associated with your account.
For a really great write-up on setting up and using PowerShell for Windows Azure, check out Michael Washam’s excellent article HERE.
Create an Azure Storage Account
If you have already created a virtual machine in Windows Azure, then you already have a storage account and container that you can use to hold your disks. But if you haven’t already done this, you will want to go into your portal and create one.
At the bottom of the portal, click “+ New”, and then choose Data Services –> Storage –> Quick Create
You’ll give your storage a unique name and choose geographical location, and then create it.
Once it’s created, select the new storage account and create a new “Blob Container” by selecting the CONTAINERS tab, and then clicking “CREATE A BLOB CONTAINER”.
Note the URL. Copy it to the clipboard or otherwise keep it handy. This URL will be used when we upload our VHD.
Upload the Hard Disk into Windows Azure Storage Container
“Kevin.. you also mentioned that we’ll need some tool to do the actual uploads.”
That’s right. Until recently, the only tool provided by Microsoft for doing this is the “csupload” tool, which is a commandline utility that is installed with the Windows Azure SDK. (Windows Azure Tools: http://www.windowsazure.com/en-us/develop/downloads/ – But don’t install it just yet… it installs much more than you need to complete this exercise.)
Once the SDK is installed, and you have the SubscriptionID and the Certificate Thumbprint for your connection, you open the Windows Azure Command Prompt and use the csupload command in two steps: to setup the connection, and to do the upload. Here is the text from the article, Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System , which describes how to use the csupload tool.
All that said… DON’T DO IT! Unless you’re a developer, the Windows Azure SDK is much more than you need!
“So what’s the alternative, Kevin?”
PowerShell! Yes.. you already have the PowerShell for Windows Azure installed, so now you’re going to use two PowerShell CmdLets: Add-AzureVHD and Add-AzureDisk.
Add-AzureVHD is the upload. This is the one that takes a LONG TIME to run (depending on the size of your .VHD and your upstream connection speed). The result is that you have a new Page Blob object up in your storage.
Add-AzureDisk essentially tells Windows Azure to treat that new blob as a .VHD file that has a bootable operating system in it. Once that’s done, you can go into the Windows Azure Portal, create a new machine, and see your disk as one of the machine disks available.
So in my example, with a fresh, sysprepped, fixed-disk (10GB) .VHD installation of Windows Server 2012, I run these two commands:
Add-AzureVhd -Destination http://kevremdiskstorage.blob.core.windows.net/mydisks/SmallTestServer.vhd -LocalFilePath d:\SmallTestServer.vhd Add-AzureDisk -DiskName SmallTestServer -MediaLocation http://kevremdiskstorage.blob.core.windows.net/mydisks/SmallTestServer.vhd -OS Windows
Add-AzureVhd -Destination http://kevremdiskstorage.blob.core.windows.net/mydisks/SmallTestServer.vhd -LocalFilePath d:\SmallTestServer.vhd
Add-AzureDisk -DiskName SmallTestServer -MediaLocation http://kevremdiskstorage.blob.core.windows.net/mydisks/SmallTestServer.vhd -OS Windows
(Of course, the first one takes quite a while for me. About 13 hours. Ugh.)
“Hey Kevin.. what if I want to use and re-use that image as the basis for multiple machines?”
Excellent question! And the good news is that basically instead of using Add-AzureDisk, you use the Add-AzureVMImage CmdLet to tell Windows Azure that the disk should be made available as a re-usable image. Like this:
Add-AzureVMImage -ImageName Server2012Eval -MediaLocation http://kevremdiskstorage.blob.core.windows.net/mydisks/SmallTestServer.vhd -OS Windows
Once that’s done, instead of just having a disk to use once for a new machine, I have a starting-point for one or more machines.
Create the Machine
In the portal it’s really no more complex than creating a new machine from the gallery:
Your disk should show up towards the bottom of the list. Select it, and build your machine.
Once created, you should be able to start it as if it were any other machine built from a previoulsy installed disk.
If you chose to add your disk as an image in the repository, then you also could create it using QUICK CREATE, because it is an image that is now available for you to use and re-use.
Other Errata
As long as we’re discussing working with Windows Azure Storage, here are a couple of tools that make it easier to manage, navigate, and upload/download items in your storage cloud:
Both have free trials, and aren’t really all that expensive. I’ve had mixed results, and you have to be careful that you’re creating “page blobs” and not “block blobs”. And with a slow upload connection, these tools are rather fragile. Benefit – Both of these allow you to configure a connection to your Windows Azure subscription and multiple storage accounts in order to upload and download your .VHD files. For our purposes, these will do what the Add-AzureVHD cmdlet did for us, plus let you create or manage storage containers. You’ll still need to run the Add-AzureDisk and Add-AzureVMImage commands to configure your disks for use.
(Major kudos to Joerg of ClumsyLeaf Software (makers of CloudXplorer), who answered my support questions in a matter of minutes! And on a Saturday, no less!)
What do you think? Are you going to try this out? At the very least I hope that this article helps you get PowerShell configured for working with your Windows Azure objects. Give us your questions or feedback in the comments.
As you know, if you’ve been following our series, “31 Days of Servers in the Cloud”, Windows Azure can become an extension of your datacenter, and allow you to run your servers in the cloud.
“We get it, Kevin.”
And you’ve seen excellent articles in this series already, describing how to use the Windows Azure portal to create your virtual machines, how to upload your own VM hard disks into the cloud and use them to build machines, and more. In today’s installment, I’m going to show you how easy it is to connect App Controller (a component of System Center 2012) to your Windows Azure account, and then how to use App Controller to create virtual machines in your Windows Azure cloud.
So, with nothing more assumed then just those basics, let’s walk through the following steps:
Assuming you’ve done part 1, and have your connection to your Windows Azure subscription set up in App Controller, let’s move on.
Create a Storage Account in Windows Azure
There are many ways to create a new storage account:
For our purposes, let’s use App Controller.
Open App Controller and login as your administrative account. On the left, select Library.
Click Create Storage Account. Give your storage account a name, and choose a region or an affinity group.
Click OK. You should see something that looks like this at the bottom-right of the browser window:
After a few minutes, a refresh of the Library page should show you that you now have your new storage account available.
Now we need to create a container to hold our machine disk(s). With your new storage account selected, Click Create Container.
Give your container a name and click OK.
In a very short while, you’ll see your new container.
Now we’re ready to create virtual machines.
Use App Controller to create a new Virtual Machine
Open App Controller and login as your administrative account.
On the left, select Virtual Machines. This is where we can see, manage, and create new virtual machine and service deployments. (If you’re doing this for the first time, you won’t see items in your list here just yet.)
Click Deploy. The New Deployment window opens up.
Under Cloud, click Configure…, then select your Windows Azure connection as the cloud into which you’re going to deploy your new virtual machine. (Note: In my App Controller, I’ve also connected to a local VMM Server, which is why I see this other cloud in my list.)
Click OK.
Now you will see this:
Click Select an Item… under Deployment Type. Now you’ll see a screen that looks something like this:
This is where you can choose to build a new machine or service based on existing, provided images, or images or disks you’ve uploaded into your own Windows Azure storage. In this example, I’m going to select Images on the left, and choose to build a new Windows Server 2012 machine using the provided image.
Once I click OK, I now see this:
So the next thing I need to do is click Configure… under Cloud Service. Virtual machines and services all run in the context of cloud services. For our example, we’re going to assume that you haven’t created any machines or other items that requires a service, so your list is going to be empty. You’ll use this screen to create and then select your new service.
Click Create… and then fill in cloud service details (Name, Description) and the cloud service location (a unique public URL, plus a geographic region or affinity group).
Click OK, and then select your new service and click OK again.
Next we need to configure the deployment:
Click Configure… under Deployment. Now you’ll see this:
Enter a deployment name, and optionally associate your machine with a virtual network if you have one. (If you don’t have, or don’t select a network, you will be creating the machine and service to handle networking within the service automatically.) Click OK.
Now it’s time to configure the virtual machine itself.
Click Configure… under Virtual Machine.
Now we set the general properties…
Note: an Availability Set is not required, but a new one can be created or an existing one selected from here.
Set the Disks…
When I click Browse…, I’m given the ability to choose the location for my disks in Windows Azure storage, as well as to add (or create) additional data disks for this machine. For our example let’s use the storage account and container we created earlier. I won’t be adding any data disks.
For the Network…
…I’ll just leave the default. I could use this opportunity to define additional endpoints for connections to services on this machine, or I could do it later.
For Administrator password…
…enter a password for the local administrator account. (It also looks like you can use this to assign the computer to a domain if you happen to have a domain controller in the same network or service. I haven’t yet tried, this, so I can’t comment further.)
And now click Deploy.
You’ll see a notification towards the bottom right that should look something like this:
And after several minutes, looking in the Virtual Machines area of App Controller, you will see your new machine appear. Its status will change to “provisioning”, and eventually “running”.
Notice also that if you select your new machine, you also have the option now to connect to it via Remote Desktop! (Cool!) Log in as the Administrator with the administrator password you assigned, and you’re in!
Naturally, you can very easily use App Controller to delete your machines, disks, storage containers, and storage accounts, too. (Remember to do that when you’re done. Even if a machine isn’t running, you’re still being billed for it and for the storage being used!)
Useful stuff? I hope so. Let me know in the comments if you have any questions or… comments.
And if you missed any of the other parts of our series, you can find the entire list HERE.
Back in Part 10 of our “31 Days of Servers in the Cloud” series, my good friend Bob Hunt wrote up an excellent step-by-step for creating a virtual network in Windows Azure.
His article and guide was so good, in fact, that I am going to attempt to do the very same task – to create and configure a network in Windows Azure; but instead of using the Windows Azure portal, we’re going to do it entirely using PowerShell and some special Windows Azure Management Cmdlets.
“Are you out of your mind?”
Perhaps. The goal, as it was in Bob’s article, is that in the end we have a network configured and ready to securely connect to (and extend our) existing on-premises network. From Bob’s introduction:
Before we get started, it’s important to set the stage of what we’re trying to accomplish. The Windows Azure Virtual Network you are about to create establishes a Site to Site (S2S) VPN between your company’s network and the Windows Azure Cloud Service using the steps outlined below, and requires that you have an already installed VPN device on your premise. The list of currently supported VPN devices is located here. Windows Azure currently supports up to 5 S2S VPN tunnels, allowing you to have multiple Virtual Networks hosted in Windows Azure, such as a Test Network and a Production Network.
To make this happen, of course, we’re going to have to have done a couple of things in advance:
Once you have this done, open up your Windows Azure PowerShell window, and open up notepad.
“Huh? Notepad?”
Yes.
For configuring networking in Windows Azure using PowerShell, there are only two Set-AzureVNet commands:
There are Get-AzureVNet… commands that retrieve information (and objects), but for actually creating and configuring the networking, you’re going to be using an XML formatted document that has (by default) a .netcfg extension, and then using Set-AzureVNetConfig to upload that file. And then we use New-AzureVNetGateway and Set-AzureVNetGateway to configure and connect the gateway.
Again, in Bob’s article, we created a network. So as a starting point for creating the network using PowerShell, I’m going to use Get-AzureVNetConfig to retrieve his configuration into a .netcfg file.
Get-AzureVNetConfig -ExportToFile C:\Users\kevrem\Desktop\MyAzureNetworks.netcfg
And the resulting file looks something like this:
-----
<?xml version="1.0" encoding="utf-8"?> <NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration"> <VirtualNetworkConfiguration> <Dns> <DnsServers> <DnsServer name="YourDNS" IPAddress="10.1.0.4" /> </DnsServers> </Dns> <LocalNetworkSites> <LocalNetworkSite name="YourCorpHQ"> <AddressSpace> <AddressPrefix>10.0.0.0/24</AddressPrefix> </AddressSpace> <VPNGatewayAddress>XXX.XXX.XXX.XXX</VPNGatewayAddress> </LocalNetworkSite> </LocalNetworkSites> <VirtualNetworkSites> <VirtualNetworkSite name="YourVirtualNetwork" AffinityGroup="KevRemWestUS"> <AddressSpace> <AddressPrefix>10.4.0.0/16</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="FrontEndSubnet"> <AddressPrefix>10.4.2.0/24</AddressPrefix> </Subnet> <Subnet name="BackEndSubnet"> <AddressPrefix>10.4.3.0/24</AddressPrefix> </Subnet> <Subnet name="ADDNSSubnet"> <AddressPrefix>10.4.4.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.4.1.0/24</AddressPrefix> </Subnet> </Subnets> <DnsServersRef> <DnsServerRef name="YourDNS" /> </DnsServersRef> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="YourCorpHQ" /> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration> </NetworkConfiguration>
Go ahead and copy/paste the above text into Notepad, and save it as a file named MyAzureNetworks.netcfg.
Now please note the highlighted portions. Those are unique for your account. You’ll need to put your own public VPN gateway address, and use your own pre-created affinity group.
Also note the bold text. These are the items that you customize. Put your own names and desired addresses in there, such as your DNS Server name and address. Remove or add <Subnet> </Subnet> sections, or <Subnets>.
But once you have that information, you should be able to use this file with the Set-AzureVNetConfig PowerShell cmdlet to create the same network and subnets. If you’ve saved the file (let’s say to the root of your C:\ drive), and you have the Windows Azure PowerShell window open and connected..
“How do I know it’s connected?”
Try this PowerShell command:
Get-AzureSubscription
This should return some details on your connected subscription.
Anyway, once that’s verified, and as a first test of creating a network using PowerShell, run this:
Set-AzureVNetConfig -ConfigurationPath C:\MyAzureNetworks.netcfg
This should return successful.
Now open up the Windows Azure Portal, login, and click on the Networks tab. Do you see something like this?:
“Yes, I do!”
Good job! Click on the Local Networks, DNS Servers, and Affinity Groups tabs. You should see the values assigned and items created that match what you configured.
Back in Virtual Networks… Clicking on the network name and opening up the network details should look something like this:
Do you see the problem? We haven’t yet created and enabled the gateway. We can do that with PowerShell, too.
To do this, we’ll use the New-AzureVNetGateway command, and specify the name we used for our Azure NetworkThe command for our example looks like this:
New-AzureVNetGateway –VNetName “YourVirtualNetwork”
Once you run that, if you refresh the Windows Azure Portal screen, you’ll see this:
The creation of the gateway may take as long as 15 minutes. You can also check the status of this creation by using the Get-AzureVNetGateway cmdlet.
In fact, you can see from my result in PowerShell that my gateway creation has completed, and my gateway address assigned. Now the Windows Azure Portal looks like this:
But we still have one more thing to accomplish. We haven’t yet connected our Azure network to our corporate network.
This is also very simple: Set-AzureVNetGateway is the cmdlet we’ll use.
Set-AzureVNetGateway -Connect –LocalNetworkSiteName “YourCorpHQ” –VNetName “YourVirtualNetwork”
Which shows up on the Windows Azure Portal like this:
Of course, it’s not going to succeed in connecting until we actually have something to connect to on the corporate side. As you’ll recall, there are specific VPN endpoint devices that are supported on the corporate side, and to configure them you can use the Windows Azure Portal to download the Configuration as well as the Shared Key.
“But.. can you do that with PowerShell, too?”
Absolutely. Well, two out of three, anyway…
There are three things you’ll need to configure the VPN device on your corporate side:
You can use the Get-AzureVNetGateway cmdlet to find the Gateway IP Address:
Get-AzureVNetGateway -VNetName YourVirtualNetwork
To get the shared key, use the Get-AzureVNetGatewayKey cmdlet:
Get-AzureVNetGatewayKey -LocalNetworkSiteName YourCorpHQ -VNetName YourVirtualNetwork
For the getting a script that will automatically configure your device, you’re still want to use the Windows Azure Portal. Down at the bottom of the page while looking at your network dashboard, you see the “Download” button:
Click that, and then walk through the wizard to select your device type and version information.
The result will be a script that can be used by your VPN / Network administrator to configure the device. You can get the VPN configuration script from the Management Portal or from the About VPN Devices for Virtual Network section of the MSDN library. For more information, see Establish a Site-to-Site VPN Connection and your VPN device documentation.
The remainder of this article is “borrowed” directly from the end of Bob Hunt’s excellent article:
The procedure assumes the following: The VPN device has been configured at your company. To configure the VPN device: Modify the VPN configuration script. You will configure the following: a. Security policies b. Incoming tunnel c. Outgoing tunnel Run the modified VPN configuration script to configure your VPN device. Test your connection by running one of the following commands: Cisco ASA Cisco ISR/ASR Juniper SSG/ISG Juniper SRX/J Check main mode SAs show crypto isakmp sa show crypto isakmp sa get ike cookie show security ike security-association Check quick mode SAs show crypto ipsec sa show crypto ipsec sa get sa show security ipsec security-association
The procedure assumes the following:
The VPN device has been configured at your company.
To configure the VPN device:
Modify the VPN configuration script. You will configure the following:
a. Security policies
b. Incoming tunnel
c. Outgoing tunnel
Run the modified VPN configuration script to configure your VPN device.
Test your connection by running one of the following commands:
Cisco ASA
Cisco ISR/ASR
Juniper SSG/ISG
Juniper SRX/J
Check main mode SAs
show crypto isakmp sa
get ike cookie
Check quick mode SAs
show crypto ipsec sa
get sa
Once the Virtual Network tests out, you’re ready to go. Enjoy!
Thanks, Bob. I think we will!
What an amazing platform and opportunity for learning. Creating virtual machines in Windows Azure is a great platform for trying out functionality that would otherwise be hard or expensive to do in your own test lab or on your own hardware.
So in this Part 27 of our “31 Days of Servers in the Cloud” series, and with the help of some instructions from some of our earlier articles, I’m going to help you set up a server that you can use to then go through a hands-on-lab on the subject of Windows Server 2012 Storage Spaces.
“Sounds great, Kevin. How do I begin?”
It’s pretty simple. Here are the steps required to make this happen:
And once these three easy steps are done, it’s simply a matter of using the attached lab manual and walking through the training.
Step 1 is easy. Hopefully by now you have your Windows Azure subscription.
Step 2 is also easy. Creating a virtual machine using the Windows Azure Portal is well documented in my friend Tommy Patterson’s Part 2 of our series. Or you can use PowerShell, as my friend Brian Lewis showed you in Part 14. And last but certainly least, I showed you how you can use App Controller to create VMs in Part 12 and Part 13.
Whichever method you decide to use to create your virtual machine, make sure that you create a machine running Windows Server 2012, and make sure that it is of size MEDIUM or larger.
“Why can’t it be a SMALL virtual machine?”
Because the lab requires four (4) data disks be connected to the virtual machine. SMALL size only allows up to two (2) disks. MEDIUM allows up to four (4).
Networking is not important for this lab. Other than running Server 2012, the only thing this machine will need is the extra disks. Which leads me to…
Step 3: Attach new, blank disks to your server.
Assuming you have your machine created and running, and you’ve selected it in the Windows Azure Portal, you should see something like this:
(click to open and view)
Notice that my machine “kevremserver2012” is currently running, has two core2, and if I scroll down a little…
…we see that I only have the one disk (the operating system disk) configured in this machine.
Now, see at the bottom where it says “Attach”? That’s what you’ll click on to attach new disks. To play with Storage Spaces, let’s attach 4 additional disks to this server.
Mouse-over Attach, and choose “Attach empty disk”. You’ll see this:
The only thing you have to fill in on this is the size of the disk you’re creating. Enter 10 (as in 10 GB), and click the checkmark.
Now you should see this towards the bottom of your browser:
This will take a minute or two to complete. When it’s done, do it 3 more times so that you have four additional disks connected to your virtual machine:
And now you’re ready to do the labs. Print out the attached lab manual, and connect and login to your virtual machine by clicking the Connect button at the bottom of the browser window. This will download and prompt you to open a .rdp file that will then open a remote desktop connection to your machine.
Again, the lab manual is attached to this blog post, down at the bottom. Enjoy!
Did you find this useful? I certainly hope so! Ask questions or give opinions in the comments.
I just got word that there is new content up on Microsoft Virtual Academy. Here is the text from the e-mail I received:
New Microsoft Virtual Academy Courses: System Center 2012 SP1 With System Center 2012 SP1, you get the most cost effective and flexible platform for managing your traditional datacenters, private and public clouds, and client computers and devices. System Center 2012 is the only unified management platform where you can manage multiple hypervisors, physical resources, and applications in a single offering. Microsoft Virtual Academy is launching three new courses in January, each focused on helping IT professionals understand the benefits of System Center 2012 SP1: Microsoft Virtualization for VMware Professionals - Learn how Windows Server 2012, Hyper-V, and System Center 2012 SP1 can help you build, deploy, and manage private cloud architecture. System Center 2012 Service Pack 1 Updates - Learn about the enhancements to each of the System Center 2012 SP1 components, which includes added support for Windows Server 2012, SQL Server 2012 and tighter integration with Windows Azure. System Center 2012 SP1 Capabilities - Learn about the configuration and management of the infrastructure, services and application available from System Center 2012 SP1. NOTE: Course will be available on Jan 31. Sign-in to MVA to take these free technical courses and check back regularly, as new courses are added each month.
New Microsoft Virtual Academy Courses: System Center 2012 SP1
With System Center 2012 SP1, you get the most cost effective and flexible platform for managing your traditional datacenters, private and public clouds, and client computers and devices. System Center 2012 is the only unified management platform where you can manage multiple hypervisors, physical resources, and applications in a single offering.
Microsoft Virtual Academy is launching three new courses in January, each focused on helping IT professionals understand the benefits of System Center 2012 SP1:
Sign-in to MVA to take these free technical courses and check back regularly, as new courses are added each month.
Concluding our Private Cloud basics series, Tom Shinder, Yuri Diogenes and I focus on the important topic of identity. Tune in as we discuss the implications of Identity Management as it relates to a Private Cloud environment.
After watching this video, follow these next steps:
Step #1 – Download Windows Server 2012 Step #2 – Download Your FREE Copy of Hyper-V Server 2012 Step #3 – Start Your Free 90 Day Trial of Windows Azure
If you're interested in learning more about the products or solutions discussed in this episode, click on any of the below links for free, in-depth information:
Websites & Blogs:
Parts 1-4:
Virtual Labs:
Follow @technetradio Become a Fan @ facebook.com/MicrosoftTechNetRadio
Follow @KevinRemde Become a Fan of Full of I.T. @ facebook.com/KevinRemdeIsFullOfIT
Subscribe to our podcast via iTunes, Stitcher, or RSS
In today’s episode of our “Reimagining Windows” series, I talk to Sr. Product Manager on the Windows Commercial Team, Stephen Rose. We discuss a number of new security enhancements and features such as Bitlocker and BiitLocker-to-Go, MBAM, Secure Boot and File History found in Windows 8.
As we’ve shown in previous articles of our series, Windows Azure is a very useful tool for setting up a testing and training environment.
Today in part 30 of “31 Days of Servers in the Cloud”, Dan Noonan (via Tommy Patterson’s blog) shows us how to set that up, and build “a classroom in the sky”, as an example of what you can do.
FIND HIS ARTICLE HERE
If you’ve been following our blog series for any length of time, you already know that “the cloud”, in the form of Windows Azure, is becoming an option for IT organizations in which to extend their datacenters. And believe it or not, this includes the ability to create an Active Directory domain controller in the cloud and have it be in just another site in your directory services.
“I don’t believe it.”
On second thought: Believe it. Today in part 20 of our “31 Days of Servers in the Cloud” series, Keith Mayer (teammate and friend with an awesome blog) gives us the rundown on how to configure this very thing.
READ HIS BLOG POST HERE
In this episode I talk with Craig Blessing, Vice President at Datacastle. We discuss how his company uses Windows Azure to protect business data. Tune in as he outlines for us Datacastle’s innovative cloud solutions which help organizations have secure, anytime, anywhere access to their data.
Step #1 – Start Your Free 90 Day Trial of Windows Azure Step #2 – Download Windows Server 2012 Step #3 – Begin building your own Virtual Machines in Windows Azure!
Videos:
Why not?
We’ve shown you how easy it is to create your own servers in Windows Azure, and there’s no reason one of those machines couldn’t be running Microsoft SQL Server 2012. In fact, we’ll even provide an evaluation image that you can start with.
In today’s Part 22 of “31 Days of Servers in the Cloud”, my floridated friend Blain Barton provides you a detailed step-by-step on how it’s done.
READ HIS ARTICLE HERE
“Floridated?”
He lives in Florida. I know.. the word is “Floridian”, but he’s not originally from there… so at some point he got “floridated”.
Something important to be aware of when you’re using Windows Azure is: How much is this costing me? And in particular, which items cost me what amount?
One of those items that might be easy to overlook is the amount of storage you’re currently using. If you’ve got a lot of old .VHD files that were formerly being used as OS or data disks, but they’re now just sitting there doing nothing – that’s still costing you something.
Today in part 18 of our “31 Days of Servers in the Cloud” series, my friend from just-over-the-boarder Brian Lewis gives us a couple of useful methods for deleting those old-and-no-longer-needed .VHD files from your Windows Azure storage.
Today we have a guest author!
“Oh yeah? Good. I’m getting tired of you same bunch writing everything.”
Um.. okay… well, then you’ll be happy to see that today’s author is Bill Wilder…
“Bill Wilder is a hands-on developer, architect, consultant, trainer, speaker, writer, and community leader focused on helping companies and individuals succeed with the cloud using the Windows Azure Platform.”
And his article – part 21 of our “31 Days of Servers in the Cloud”, is a very good answer to the ultimate question.
“I thought the answer to the ultimate question is ‘42’.”
No.. that’s the answer to the ultimate question “of life, the universe, and everything”. Bill answers the ultimate question: Why is the cloud something I should consider as my platform (or infrastructure) of choice? And in his answer, he does an excellent job of defining the question and the implications such a decision will entail.
READ HIS EXCELLENT ARTICLE HERE
And thanks, Bill, for contributing to the series!
And the answer to the question I pose in the title is: YES! Yes you can!
In today’s part 7 of our “31 Days of Servers in the Cloud” series, Keith Mayer walks you through a detailed step-by-step of how to build virtual machines in Windows Azure that serve as a solid test and learning platform running SharePoint 2013.
“Seriously?”
Yes.. you can do that! If you don’t already have your 90-day free trial started, you can get it here: http://aka.ms/90DaysofAzure
READ KEITH’S EXCELLENT ARTICLE HERE
Today in part 29 of “31 Days of Servers in the Cloud”, Don Noonan (guest writer) shows us how to set that up and take advantage of it.
As you know, we’ve been talking about Infrastructure-as-a-Service (IaaS) for the entire month.
“Really? I thought you were talking about Windows Azure and virtual machines.”
Yes, that’s true. And these virtual machines can be the foundation of or an extension of a Private Cloud outside of the walls of your own datacenter. Microsoft is providing an infrastructure on which to do this extension. And this is new. Windows Azure originally started as a “Platform-as-a-Service” solution, whereby companies could build and test applications locally, package them up, and then place them on a platform without concern or consideration for the details of the platform itself. Sure, foundationally it is virtualization and instances that can scale up and scale out (and back) as needed, but you didn’t have to build or manage the virtual machines themselves. Yet, as I’m sure you know, there are still reasons why sometimes building and maintaining the OS as a foundation for other non-PaaS-friendly applications is still beneficial.
“Okay. But what if I have an application or solution that I’d like to use PaaS application components, but maybe I want to have it connect to my own SQL Server?”
If you want to run the SQL Server locally, but connected to-and-from Windows Azure applications, you can use Windows Azure Connect. Or you can securely connect your entire local network to an Windows Azure network using a Windows Azure Virtual Network.
“That’s cool, but what if I now want to move that SQL Server into the cloud as a virtual machine running in Windows Azure?”
Bingo. That’s the topic for today’s part 24 in our “31 Days of Servers in the Cloud” series. Harold Wong, my Arizonian (is that correct?**) friend and coworker, writes about how to connect PaaS applications to IaaS (virtual machine) applications.
**Arizonite? Arizonaminian? Arizonaphobea? … He’s from Phoenix, so.. does that make him a Phonecian Arizonian?
This is going to be fun! My two other local (Minneapolis/Saint Paul area) Technology Evangelists and I are holding office hours at the Microsoft Store at the Mall of America in Bloomington, MN. Jeff Brand, Adam Grocholski, and I will be making ourselves available to chat with you about Windows 8 from 1-3PM on Mondays, from this coming week and likely through the end of June, 2013.
“But, Kevin.. you’re an IT Pro Evangelist, and those guys are Developer Evangelists. Are you going to all be talking about the same stuff?”
We’ll be happy to answer any general Windows (or even Microsoft) questions you may have. But if you are a developer and have development questions, then Jeff and Adam are who you should try to meet up with. If you’re an IT Pro, and perhaps have deployment, security, or management questions, then I’m your guy. Make sure you come on a day to work with the person that makes the most sense for what you want to learn more about.
“Are there going to be presentations? Or prizes?”
No. And no. This is a completely informal time to just chat about whatever you want to chat about (within reason).
Here is the schedule as it stands today. Again, the time is 1:00pm to 3:00pm Central Time:
So again, come and see me (Kevin Remde) if you’re an IT Pro and have IT Pro questions. Otherwise, Jeff and Adam are the guys you developers will want to sit down with.
See you there!
At last we have reached the end! it’s been 31 straight days of what I hope you have found to be useful information; all about using Windows Azure as an Infrastructure-as-a-Service option for testing, training, and extending your datacenter. If you’ve missed any, I highly recommend you look at and bookmark the “31 Days of Servers in the Cloud” page: http://aka.ms/AzureCloudSeries.
But what about authentication? If I’m building a hybrid-cloud – which, in case you’re not familiar with it, is a company’s private cloud that spans beyond and into the public cloud domain – then how do I architect a solid solution for identity management, authentication, and authorization for my applications, services, and data?
Today, Ira Bell (via my friend Bob Hunt) describes in great detail several scenarios (six of them!) for authentication and access using Windows Azure.
“Seriously? Linux?”
Absolutely. Windows Azure will run pretty much anything you can run as x86/x64 virtual machines. And Microsoft even supports several “flavors” of Linux running in our cloud.
In today’s part eleven of our “31 Days of Servers in the Cloud”, my friend Keith Mayer gives you the run-down, and even delivers a step-by-step on how to build an Apache web server running in Windows Azure.
One of the great things about “the cloud” is that not only can you build solutions that are globally available, but you can also purchase and use components and services from other providers and easily include their functionality as a part of your own solutions
Today in part 29 of “31 Days of Servers in the Cloud”, my Pacific northwest friend Chris Avis shows us how this works, and does a great job of stepping us through how these Windows Azure Add-Ons work.
In Part 23 of our “31 Days of Servers in the Cloud” series, my buddy Tommy Patterson has enlisted Don Noonan to write up the steps to including Active Directory in your Windows Azure virtual machine environment.