Fun and crazy days here at Nutanix. I’ve busy been fielding a lot of calls around our new offering, CPS Standard on Nutanix. Now if you don’t know what CPS is, it stands for Cloud Platform System.
Category Archives: Windows Azure Pack
Understanding Windows Azure Pack – Reconfigure portal names, ports and deploy certificates – Part 6
Happy New Year Everyone!!! I know Azure Stack is just around the corner, but I still get lots of questions around configuring WAP and portals. So to follow-up my Windows Azure Pack (WAP) series, I am going to talk about reconfiguring server names and ports as well as assigning trusted certificates to my WAP Portals.
Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Windows Azure Pack Install – Part 5
To continue Windows Azure Pack series here is my next topic: Installing and Configuring Windows Azure Pack
If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep
Part 4 – Deploying Service Provider Framework on Nutanix
Again to reiterate from my previous blog posts and set some context, Windows Azure Pack (WAP) includes the following capabilities: Continue reading
Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Deploying Service Provider Foundation – Part 4
To continue the Windows Azure Pack series, here is my next topic: Installing and Configuring Service Provider Foundation
If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Requirements
There are 2 main steps to deploying WAP (Windows Azure Pack) on Nutanix:
- Deploying SPF (Service Provider Foundation) – This blog post
- Deploying Windows Azure Pack (coming soon)
Service Provider Foundation
SPF is provided with System Center 2012 – Orchestrator, a component of System Center 2012 R2. SPF exposes an extensible OData web service that interacts with System Center Virtual Machine Manager (SCVMM). This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS (Infrastructure as a Service) capabilities available on System Center 2012 R2. The following picture shows how System Center w/SPF interacts with WAP to provide VM Cloud Services (see TechNet article for more info):
As with every installation, SPF requires additional software, features and server roles. Setup wizard checks prerequisites and reports about their status. Unfortunately, there is no “button” to install all of requirements automatically. I’ve wrote a script to automate this process (see below). Please note: Don’t try to install SPF on the SCVMM Server. It’s not supported.
Requirements:
- SQL Server 2012 SP1 or higher instance (Already Deployed)
- OS – Windows Server 2012 R2 VM (Already Deployed)
- 2 CPU Cores
- 4 Gigs of RAM
- 100 Gig OS Drive
- Feature – Management OData Internet Information Services (IIS) Extension
- Feature – NET Framework 4.5 features, WCF Services, and HTTP Activation.
- Web Server (IIS) server. Include the following services:
Basic Authentication
Windows Authentication
Application Deployment ASP.NET 4.5
Application Development ISAPI Extensions
Application Deployment ISAPI Filters
IIS Management Scripts and Tools Role Service - Downloads:
WCF Data Services 5.0 for OData V3
ASP.NET MVC 4 - Virtual Machine Manager 2012 R2 Console
- Certificates: self-signed (wizard creates one automatically) or obtained SSL-certificate (recommended for production)
This script will install all requirements except SCVMM console (please note that SCVMM console has to be installed manually):
#IIS + Process activation model
Install-WindowsFeature Web-Asp-Net45,Web-Scripting-Tools,Web-Basic-Auth,Web-Windows-Auth,NET-WCF-Services45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Scripting-Tools,WAS-Process-Model,WAS-Config-APIs,ManagementOdata
#Download and install WcfDataServices and AspNetMVC4
New-Item C:SPFRequirements -ItemType Directory
Invoke-WebRequest http://download.microsoft.com/download/8/F/9/8F93DBBD-896B-4760-AC81-646F61363A6D/WcfDataServices.exe -OutFile C:SPFRequirementswcfdatasvc.exe
Invoke-WebRequest http://download.microsoft.com/download/2/F/6/2F63CCD8-9288-4CC8-B58C-81D109F8F5A3/AspNetMVC4Setup.exe -OutFile C:SPFRequirementsaspnetmvc.exe
Set-Location C:SPFRequirements
.aspnetmvc.exe /quiet
Wait-Process aspnetmvc
.wcfdatasvc.exe /quiet
Wait-Process wcfdatasvc
Write-Host “All prerequisites are installed. Insert your SCVMM 2012 R2 DVD and install SCVMM Console manually. Then your environment will be ready for SPF installation“
Required user accounts
We need to create a domain user account for the Service Provider Foundation application pools and a domain group that will be used for the permissions on the individual virtual directories created by the installer.
In my test lab I have created the following domain service accounts. They do not need any special rights other than domain users group.
- spfadmnsvc – SPF Admin Web Service
- spfprovsvc – SPF Provisioning Web Service
- spfusagesvc – SPF Provisioning Web Service
And the following domain group
- SPF_Admins – Group for SPF Administrators – Add all your WAP admins to this gorup
This admin group should be added to the local Administrators group on the SPF server.
Certificates
The Service Provider Foundation provides an extensible OData web service. Communications to this web service can and should be encrypted by SSL. SSL requires certificates. The Service Provider Foundation allows for self-singed certificates (for testing purposes) and certificates issued by a standalone Certificate Authority, an enterprise Certificate Authority or a public Certificate Authority. The Service Provider Foundation install defaults to self-signed (wizard creates one automatically) or you can obtain a certificate from a Public CA for production.
Installation
The Service Provider Foundation setup is on the System Center Orchestrator R2 media.
When installing, login to the SPF server as a user that has DBO/SA rights to the SQL 2012 instance that will be hosting SPF databases.
Mount ISO with Orchestrator and run SetupOrchestrator.exe and click on “Service Provider Foundation”
Click Install
Accept license terms and click Next
We’ve already installed all prerequisites using my script, so just click Next
Define SQL Server 2012 SP1 Instance Name , Port Number and click Next. If you unable to reach SQL Server you have to open firewall ports (https://support.microsoft.com/kb/968872) or check SQL TCP properties
Choose certificate type (For test lab, use self-signed and can be changed out later) and click Next
Define application pool credentials (spfadminsvc) and SPF_Admin Group that will have an access to SPF services and click Next. It’s best practices to create new domain accounts for every SPF services instead of using Network Service account.
Provider Web Service properties , click Next
Usage Web Service configuration, click Next
Windows updates + CEIP – yes (Microsoft needs your feedback 🙂 ), click Next
Click Install
Setup is complete!
Update SPF with the latest rollup (https://support.microsoft.com/en-us/kb/3021802) or use Windows Update.
Please note, the latest roll-up causing an issue in IIS and breaks SPF Web from working. I ran into this during my lab deployment. Check out this blog post on “System Center 2012 R2 : Update Rollup 4 breaks the SPF website” that fixes the issue.
This completes the SPF install. In a future blog post, we will be integrating SPF with WAP and SCVMM.
Additional links:
http://technet.microsoft.com/en-us/library/jj642895.aspx
http://technet.microsoft.com/en-us/library/dn266007.aspx
Next up in my series, Installing the Windows Azure Pack on Nutanix
Until next time, Rob….
Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep – Part 3
To continue the Windows Azure Pack series, here is my next topic: Windows Azure Pack – Environment Prep
If you missed parts 1 or 2 in the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Environment Prep
In the first blog posting in this series we examined the capabilities and benefits of deploying WAP (Windows Azure Pack) in enterprise datacenters by first looking at Windows Azure, Microsoft’s public cloud offering.
In the second blog posting we looked at some of the terminology associated with WAP and we summarized two kinds of deployment scenarios on Nutanix: Express and Distributed architecture
Moving on…”Cloud” is the buzz word in all aspects of our computing life today, and more and more companies want to be able to offer the benefits of a “Cloud” environment to their on premises users. And by now, we should all know the Public Cloud (i.e. Azure, Amazon, etc.) might not suit everyone and is definitely not suited for all situations….That is where Nutanix and WAP standout;
Giving your the ability to have a predictable, scalable , highly available, high performing IaaS (Infrastructure as a Service) hybrid datacenter
This series is meant to be a guide to building your own WAP test lab on Nutanix and also provide you guidance for building out a production Nutanix WAP environment.
WAP Test Environment Requirements
Just to see functionally, you could deploy it the requirements on one host with Nutanix CE (Community Edition), but building this WAP environment on a Nutanix cluster will give you real world results.
In this series, we will be building 2 VM’s for the WAP test environment. The VM’s consist of SPF (Service Provider Foundation) Server and Windows Azure Pack Server.
In my test lab, I am using a 4 Node Nutanix NX3050 Cluster with Server 2012 R2 Hyper-V. This blog post assumes you have an Active Directory Domain and SCVMM (System Center Virtual Machine Manager) 2012 R2 up and running. It also assumes you have an empty SQL 2012 SP1 server built for hosting SPF, WAP and Tenant SQL Databases.
In this Post:
- Installing Hyper-V on Nutanix
- Hyper-V Networking Overview
- SCVMM Server / Fabric Prep
- Self-Service Users (tenants) storage of VMs in the SCVMM Library
WAP Pre-requisites:
-
Virtual Machine Manager is installed and configured and:
- Member of the Active Directory domain.
- One or more SCVMM Clouds created in SCVMM (see below video)
- One or more VM Networks created in SCVMM (see below video)
-
Service Provider Foundation
- Windows Server 2012 R2
- 4 Gigs of RAM
- 2 CPU Cores
- Database Storage
- Member of the Active Directory domain
- Windows Azure Pack Server
- Windows Server 2012 R2
- 4 Gigs of RAM
- 2 CPU cores
- 20 Gigs Data Storage
- Database Storage
- Member of the Active Directory domain
-
SQL Server is installed and running
- Windows Server 2012 R2
- SP1 or Above
- 16 Gigs of RAM
- 2 CPU Cores
- 100 Gigs Data and Log Drive
- With Mixed or SQL Authentication enabled
- Member of the Active Directory domain
If you need help building a SCVMM 2012 R2 Server, check out my blog post on Installing SCVMM 2012 R2 on Nutanix (coming soon).
If you need help building a SQL 2012 Server, check out my blog post on Install SQL 2012 on Nutanix (coming soon)
If you need help deploying Hyper-V to a Nutanix cluster and joining the cluster to an Active Directory Domain, see my buddy Chris Brown’s Blog Video on Installing Hyper-V on Nutanix. This also covers adding it to SCVMM 2012 R2. He also has a great Hyper-VSCVMM Networking Overview. Another great Nutanix\Microsoft resource.
Installing Hyper-V on Nutanix
Hyper-V Networking Overview
SCVMM Server / Fabric Prep
Account requirements
The Active Directory security account groups below are recommended as best practices when deploying WAP with SCVMM. Active Directory Security were created and mapped in SCVMM as Delegated Administrations. See screenshots below.
Self-Service Users (tenants) storage of VMs in the SCVMM Library
You will also need to create a library share, or create a folder in a library share that will serve as the storage location for tenants. Also, understanding that self-service users must have the Store and Re-Deploy permission to store their virtual machines in important. In my test lab, I created a Nutanix container (SMB Share) with compression attributes and presented it to SCVMM.
IMPORTANT RULES FOR LIBRARY SHARES
- The library share location that you designate for stored virtual machines must be different from the shares that you designate as read-only resource locations for the private cloud.
- The path or part of the path must be unique when compared to the user role data path that is specified for a self-service user role
- You could also create entirely separate library shares with containers on Nutanix,like I did above
- Understand that you will configure the stored virtual machine path and read-only library shares when you run the Create Cloud Wizard as shown video below.
- The self-service user role data path is specified when you create a self-service user role or modify the properties of a self-service user role.
- Make sure that one or more library shares exists that you can assign as the read-only library shares for self-service users to use.
- The library shares that you designate as read-only resource locations for the private cloud must be unique when compared to the library share or shares that are used for stored virtual machines and for the user role data path that is specified for a self service user role.
Creating Tenant Storage and Private Cloud in SCVMM 2012 R2 on Nutanix
In high level, best practices is to have each tenant how their own separate storage containers as shown in below diagram. This will allow you to advertise available capacity, security boundaries, and apply attributes, like deduplication or compression on a per container basis and then tie it up to storage classifications in SCVMM.
Next is to create storage for you tenants. In Prism, create a new container with the name of your tenant, set an advertised capacity and add any storage attributes, like deduplication or compression depending on the type of workloads being hosted. See the below a video I produced with my buddy @Mike TME at Nutanix of the process:
If you have any questions about the prep, please comment below.
Yea, now we can finally deploy the WAP. Now the fun part starts…..
Next up in my series, Installing the Windows Azure Pack environment on Nutanix – Deploying SPF (Service Provider Foundation)
Understanding Windows Azure Pack – Deployment Scenario’s on Nutanix – Part 2
To continue the Windows Azure Pack series, here is my next topic: Deployment Scenario’s on Nutanix
If you missed part 1 – see link below
Part 1 – Understanding Windows Azure Pack
Windows Azure Pack – Deployment Scenario’s
Terminology
Ok, Let’s start with some terminology used when talking about WAP(Windows Azure Pack). Here are two key terms you need to know:
- Administrator – Someone who deploys, configures and manages WAP and makes cloud services available to tenants.
- Tenant – Someone who subscribes to and uses cloud services made available through WAP.
When WAP is deployed by a hoster (service provider) the administrator refers to IT staff at the hoster while the tenants are the customers to which the hoster is selling cloud services. And when WAP is deployed in an enterprise datacenter, the administrator will be your own IT department; the tenants in this case will be the other departments, divisions, or business units within your organization that want to take advantage of the cloud services your IT department is offering.
Admin Portal
Admin Portal
User Signin Portal
User Signin Portal
User Main Portal
User Main PortalRequired components
WAP currently includes eight components. Two of these components are portals:
- Management Portal for Administrators – A web-based portal that lets administrators configure and manage user accounts, resource clouds, tenant offers, and so on.
- Management Portal for Tenants – A web-based self-service portal that lets tenants provision, monitor and manage the following cloud services: Web Sites, Virtual Machines, and Service Bus.
The self-service capabilities of the Management Portal for Tenants enables tenants to deploy and manage the cloud services they need when they need them without having to go through the slow procurement processes of the traditional approach to enterprise IT.
Authentication is another key feature of WAP to ensure that only properly authenticated administrators have access to the Management Portal for Administrators and only properly authenticated users have access to the Management Portal for Tenants. By default, the Management Portal for Administrators uses Windows authentication (Kerberos or NTLM) but you can optionally use Active Directory Federation Services (ADFS) for authentication purposes. The Management Portal for Tenants on the other hand uses the ASP.NET Membership Provider for authentication purposes. WAP includes two authentication sites, an Admin Authentication Site and a Tenant Authentication Site, for these purposes.
WAP also includes components that provide the following application programming interfaces (APIs):
- Windows Azure Pack Admin API – Enables administration tasks to be performed using the Management Portal for Administrators and Windows PowerShell.
- Windows Azure Pack Tenant API – Enables tenant-specific tasks to be performed using the Management Portal for Tenants and Windows PowerShell.
- Windows Azure Pack Tenant Public API – Provides additional tenant-specific functionality primarily for hosting provider environments.
All of the above components are required in any WAP deployment.
Optional components
The following components of WAP may be deployed in order to offer additional forms of cloud services and other resources to tenants:
- Web Sites – Provides you with a managed web environment you can use to create new websites or migrate your existing business website into the cloud.
- Virtual Machines – Provides you with a general-purpose computing environment that lets you create, deploy, and manage virtual machines running in the Windows Azure cloud.
- Service Bus – Allows you to keep your apps connected across your private cloud environment and the Windows Azure public cloud.
- Automation and Extensibility – Allows you to automate and integrate custom services into your services framework using runbooks.
- SQL and MySQL – Allows you to provision Microsoft SQL and MySQL databases for tenants to use.
Windows Azure Pack – Deployment Scenario’s
There are two basic deployment scenarios for WAP:
- Express architecture – Recommended for proof of concept testing only.
- Distributed architecture – Recommended for production environments.
In addition, the distributed architecture can be implemented in various ways depending on the scale and degree of availability needed. Let’s briefly examine each of these scenarios.
Express architecture
In an express deployment of Windows Azure Pack, you install all of the required components on a single server and any optional components needed on one or more additional servers. This is the deployment I will be doing in the next part of the series. Specifically, the following required components must all be installed on your first server:
- Windows Azure Pack Admin API
- Windows Azure Pack Tenant API
- Windows Azure Pack Tenant Public API
- Admin Authentication Site
- Tenant Authentication Site
- Management Portal for Administrators
- Management Portal for Tenants
In addition, your first server must host the SQL Management Database used by the required components. This means you must install a required version of Microsoft SQL Server on the first server.
Distributed architecture
In a distributed deployment of WAP, you spread out the required components across multiple servers. There are many ways you can do this, but the following recommendations should generally be adhered to in order to ensure optional performance and supportability for your deployment:
- Install a management portal and its corresponding authentication site on the same server. For example, install the Management Portal for Administrators and the Admin Authentication Site on the same server.
- If you will be providing cloud services to tenants over the public Internet, install the following components on the same public-facing server:
- Management Portal for Tenants
- Tenant Authentication Site
- Windows Azure Pack Tenant Public API
- If Active Directory Domain Services (ADDS) is to be used for authentication purposes, install it on a separate identity server.
- If Active Directory Federation Services (ADFS) is to be used for authentication purposes, install it on a separate identity server along with an ADFS
- For greater scalability and high availability in large deployments, install the SQL Management Database on a separate failover cluster. In addition, use failover clustering for your public-facing servers and for the servers hosting your other required components.
- For even higher scalability, install each required component on a separate failover cluster and the SQL Management Database on another failover cluster. In other words, use eight failover clusters to deploy the seven required components plus the SQL Management Database. Check out Nutanix Best Practices guide for deploying SQL
In the next blog post in this series, we will begin our walk-through of installing and configuring WAP. I will focus primarily on the express deployment scenario in this series along with two types of cloud services: Virtual Machines and SQL Databases…………..Let’s build a cloud……
Until next time, Rob…
You must be logged in to post a comment.