New Podcast – MVPITPro by Andy Syewicze & Rob Corradini

Featured

This is the start of an awesome podcast series called MVPITPro.  I am excited to be working with MVP Andy Syewicze from Altaro Software to produce this series of podcasts for all the IT Pros out there. Episode one is with my fellow MVP and friend Symon Perriman of FanWide, and 5nine Software before that. 🙂 So sit back and enjoy the ride!!!  And maybe you learn a little bit about being an MVP!!

MVPITPro

Enjoy, until next time, Rob Corradini, MVP, Cloud & Datacenter

Joining 5nine Software as Director of Product Management

Today, I am excited to announce I will be joining the awesome team at 5nine Software as Director of Product Management. My primary job responsibilities will be for the product strategy and direction of 5nine’s security and management solutions.
5nineSo, you ask, why Product Management? It’s been a lifelong dream to be part of shaping the direction of a technology solution.  By joining 5nine, I hope to simplify IT, Cloud and beyond, because there’s always a better way 🙂

“What prepared me for this was very surprising looking back.”

Life at Nutanix

Over the past 2 1/2 years at Nutanix, I managed 84 partners over 146 solutions.  The partner solutions that my team managed and validated were from all aspects of technology. i.e. Monitoring, backup, DR, Big Data, DevOps, security, networking, databases and the list goes on.

5nine Software was one of my first partners I validated. I was familiar with them.  5nine Manager was a tool I had used in the field during my consulting days. But I had not seen security solution yet. During Nutanix Ready process, this is when I first got introduced to 5nine Security.  I remember at the time, I was super impressed with how they integrated with Hyper-V.

Shortly, after 5nine’s Nutanix Ready validation, my colleague and Alliance Manager Tommy Gustaveson and I interviewed past 5nine’s VP of Alliances Symon Perriman.  We enjoyed understanding 5nine’s vision and also getting to know a little more about Symon Perriman’s journey.  Yes, I admit, I had a little hero worship for him. But, who can blame me, Symon is a one of kind person and proud to this day to call him a friend 🙂

So, on with the story, part of my job at Nutanix was front-ending the Product Managers (PM’s). The PM’s were always pulled in 10 different directions and they came to trust us with some of these activities with partners.  This would include understanding the partner technology, how we can go to market together and how the partner would integrate with Nutanix.  We worked with Alliance Managers and PM’s to determine if this would be a good partnership.

Once the business side of alliances onboard s a partner, that’s where the handoff to the Nutanix Ready team happens. The team spends a lot of time understanding each partner solution(‘s). The team does a deep investigation of any issues around the partner solution(‘s) and Nutanix. This is vetted by Nutanix’s support and solutions teams. This, in turn, gives the customer a certain degree of comfort that the partner solutions were tested, validated and it will work on Nutanix 🙂

Over the course of my time at Nutanix and my career to that extent, I have to see many, many UI\UX’s and engines (code) behind it.  I’ve seen what works and what doesn’t. The common theme of what doesn’t work is over complicating your user experience.
We are at the age of managing multiple multi-geographic data centers and clouds, backups, DR, networking, SDN’s and we need to secure it all. If your UI even vaguely resembles an airplane cockpit, you’re doing it wrong.  It is an inefficient use of an IT Pro’s time and energy.  They just want to simply manage their production applications and have an easy management experience.

I will never trade the time I had at Nutanix, but times are a changing 🙂  As I’ve mentioned in a previous post “Building Nutnaix Ready”, “it was the best of times and the worst of times”.  I have not finished that series yet, but needless to say, it prepared me for the next step in my journey.

So, keep an eye on my blog, twitter feed, etc, because things are about to get into high gear.

Until next time and happy holidays,
Robert Corradini, MVP – Cloud & Datacenter

CPS Standard on Nutanix Released

nutanixCPS
Fun and crazy days here at Nutanix. I’ve busy been fielding a lot of calls around our new offering, CPS Standard on Nutanix. Now if you don’t know what CPS is, it stands for Cloud Platform System.

So what is Microsoft CPS anyways?

Simply, Microsoft CPS is a software stack of Window Server, System Center, and Windows Azure Pack.  CPS delivers a self-service cloud environment for Windows and Linux applications that provides optimized deployment of Windows Azure Pack.
Currently based on Windows Server 2012 R2, System Center 2012 R2 and Windows Azure Pack, CPS provides an Azure-consistent experience by leveraging Azure services to deliver business continuity (through Azure Site Recovery) of your hybrid cloud for your virtualized Windows and Linux workloads. For more details on Windows Azure Pack, check out my blog series on WAP.
If you have read my WAP blog series, building your own cloud can be a complex undertaking. Integrating the hardware, installing and configuring the software, and optimizing the overall solution for usability, performance, and scale, and reliability means that many cloud deployments fall short.

Introducing Microsoft CPS on Nutanix, an easier way to deploy WAP

The solution is due to the co-engineering and joint validation efforts with Microsoft and Nutanix. Getting the solution up and running is pretty fast, accelerating your time to value.
The joint effort goes beyond initial deployment. Once the Microsoft\Nutanix CPS solution is up and running, you get a single point of contact for support and simplified patching and updating across the entire stack of firmware and software. And as an added benefit, you get the ability to scale the environment with all the Nutanix goodness.
Bits are installed at the factory, so when you get your Nutanix Block, it’s just as easy as a wizard to get you up and running.  Below is a video that my buddy @mcghee did on the install and initial configuration of CPS. The video brings you right up to the admin and tenant portals and gives you a brief tour.

Enjoy…Until next time, Rob….

Microsoft Azure Stack Technical Preview finally sees the light….:)

AzureStackIntro Azure Stack
Change is in the air! I know that phrase is associated with spring, but I love the change of seasons, especially, winter, when days get shorter and I get to spend time in the snow with my kids. Every winter, I think I can rely on the patterns from the seasons before, but I quickly find I have to adapt to a new reality. For example, I live near Boston and just when I thought we would have a mild winter, mother nature strikes. One week its 50’s and the next we are in the middle of a blizzard. Changes and transformations are just another fact of life.

Below is a pic of the latest storm 2/8/16.
storm020716 Azure Stack

IT Disruption

IT is going through a similar transformation. Over the last few years, there has been lots of buzz on the transformation in the industry to Hypverconverged and how that fits with cloud computing. The traditional model of IT is evolving to make way for agile, service delivery. Business units in pursuit of agility are looking for self-service approaches, with the promises of reliability, availability, scale and elasticity. This has been driving flight to the public cloud where developers and business units are going around good IT practices in order to innovate – often introducing risks to their companies that they were never held accountable for in the past and are not equipped to deal with today. In 2015, 40% of IT spending is occurring outside the IT organization, up from 36% in 2014 according to Gartner. There is a large opportunity for Corporate IT to embrace the new patterns as an alternative to “shadow IT.”

Harnessing the Change

Corporate IT is still responsible for the impact applications make on a company’s operations and, often times, apps can’t move to a public cloud. Traditional IT makes large investments in datacenter hardware for scale, reliability and availability. Control of physical access & security, change configuration and bandwidth & latency minimize risk in the infrastructure. Yet these controls are not only expensive, but can also slow down innovation. Corporate IT needs to evolve to create private and hybrid cloud offerings that can support both traditional and cloud-born application models. There is a huge opportunity for IT to embrace and support the business transformation and improve business efficiency.

If you deconstruct Azure, or any public cloud, at the heart is a world-class datacenter with managed servers, storage and networking. Having a datacenter that is build on web scale methodologies is key. Azure Cloud, Amazon, Facebook all understand this. Operations and automation give the private cloud its heartbeat, as clouds require tight integration of servers, networking, storage and the OS. This is similar to the traditional physical datacenter you run today, but with Nutanix it is in a much smaller footprint, more efficient and agile datacenter. And while this infrastructure can reduce hardware costs and provide elasticity, and virtualization can help with mobility, it is the services and new development patterns that make it a hybrid cloud. A hybrid cloud provides self-service capability coupled with elasticity, scalability and automated management. Where traditional datacenters with 3-tier architecture are designed to minimize access and change, the hybrid cloud in general, and Azure in particular, is designed to encourage it between on premise and Azure Cloud.

IT Transformation

This transformation begins with a fundamental change – presenting IT as a service. Traditional IT is based on classic distributed servers with strong regulation of users, limiting choice to manage risk and security. In a web scale infrastructure, most of these traditional business processes have to change to meet the customer’s desire to leverage on-demand services. One of the ways to meet these new customer needs is through next generation application support. This is where web scale infrastructure excel, providing quick application/service deployment, iteration and robust data to show business results. Moving forward, administrators need to not only control their infrastructure, but abstract applications through services providing flexibility to their business users.

Introducing New Azure Stack Technical Preview

I first learned of Azure Stack at a partner meeting just before MS ignite 15 was excited then to dive into a Technical Preview.  Finally, many, many months later, Microsoft released the first technical preview of its new Azure Stack offering on Friday for the world.

Azure Stack promises to broaden organizational access to Microsoft’s cloud services and tooling, and is aimed at organizations and service providers that can establish hybrid networks to tap Microsoft Azure services.
Getting the preview involves three steps, with downloads available at this page. There are hardware requirements to check and is limited to servers that can run Windows 2016 and support Hyper-V Virtualization. Some requirements include:

  • A dual-socket server with a minimum 12 physical cores is needed
  • About 500-750 Gigs of storage
  • A 10GB install file also needs to be downloaded.

Lastly, there are even more downloads required to support the tools and PaaS services used with Azure Stack.

Microsoft claims that with Azure Stack, it’s the only company bringing its “hyper-scale cloud environment” to organizations and service providers. Top Microsoft executives Mark Russinovich and Jeffrey Snover talked more about Azure Stack in a Web presentation on Wednesday, Feb. 3. Check it out.

Consistent Tooling

Azure Stack essentially is Microsoft’s better bridge to using its cloud services, both the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) kinds. That’s done by bringing down its tooling to organizations. Those organizations likely are engaged with maintaining their own proprietary network infrastructures and maybe aren’t too quick to connect with external cloud infrastructures.

Microsoft’s current solution around on-premsis Azure is Windows Azure Pack, which is the supported approach currently for tapping Azure services in customer datacenters. It depends on using System Center and Windows Server 2012 R2. However, Windows Azure Pack is not as complete as the emerging Azure Stack and was Microsoft’s first attempt around private cloud solutions. Check out my series on Windows Azure Pack!
With Azure Stack, Microsoft is promising to deliver consistent APIs for developers.

That’s possible because its Azure Stack portal, a Web-based solution, uses “the same code as Azure,” according to Microsoft. Microsoft is also promising that scripting tools for management, such as PowerShell and command-line interfaces, will work across Microsoft’s Azure cloud computing services as well as local datacenter implementations of Azure Stack.  System Center isn’t required for management. Instead, the Azure Resource Manager solution is used.

Azure Stack is only available testing right now. Rollout is planned for Q4 of this year. However, the complete solution won’t all be there at “general availability” (GA) product launch. A white paper on Azure Stack, accessible via Microsoft’s announcement, showed the parts that won’t be ready at GA launch:

_azurestack_1 Azure Stack
Azure Stack services at general availability, along with services at preview (indicated by asterisks).

Breaking down Azure Stack

As discussed in a previous blog post that was written shortly after MS ignite 15, Azure Stack is a collection of software technologies that Microsoft uses for its Azure cloud computing infrastructure. It consists of “operating systems, frameworks, languages, tools and applications we are building in Azure” that are being extended to individual datacenters, Microsoft explained in the white paper. However, Azure Stack is specifically designed for enterprise and service provider environments.

For instance, Microsoft has to scale its Azure infrastructure as part of operations. That’s done at a minimum by adding 20 racks of servers at a time. Azure Stack, in contrast, uses management technologies “that are purpose-built to supply Azure Service capacity and do it at enterprise scale,” Microsoft’s Azure Stack white paper explained.
Azure Stack has four main layers, starting with a Cloud Infrastructure layer at its base, which represents Microsoft’s physical datacenter capacity (see chart).
azurestack_2 Azure Stack
Next up the stack there’s an Extensible Service Framework layer. It has three sublayers. The Foundational Services sublayer consists of solutions needed to create things like virtual machines, virtual networks and storage disks. The Additional Services sublayer provides APIs for third-party software vendors to add their services. The Core Services sublayer includes services commonly needed to support both PaaS and IaaS services.

The stack also contains a Unified Application Model layer, which Microsoft describes as a fulfillment service for consumers of cloud services. Interactions with this layer are carried out via Azure Resource Manager, which is a creation tool for organizations using cloud resources. Azure Resource Manager also coordinates requests for Azure services.

Lastly, the Developer and IT Pro Experiences layer at the top of the heap provides a consistent user interface via a Web portal. That’s done using a “consistent cloud API.” This layer also supports a common management tools use capability.
Microsoft has said, Azure Stack will “run on the stripped-down Nano Server implementation of Windows Server [2016]” and any patches or updates will happen by doing clean installations of the hypervisor and Nano Server configuration. Microsoft is still working out the update frequency for Azure Stack, and recognizes that hourly or daily updates are too often, but annual updates would be too slow.

That being said, Azure Stack will get lots of updates over the next year or so. Organizations or service providers running it should “expect to implement updates more frequently than with traditional software,” Microsoft’s Azure Stack white paper advises.
Microsoft plans to gradually add all Azure services to Azure Stack. Currently, at this technical preview, Microsoft has made capabilities available that organizations can download and deploy onto the Azure Stack Technical Preview, including an updated Azure SDK, a Web Apps capability in the Azure App Service, SQL and MySQL database resource providers, and Visual Studio support.  Microsoft has said that this first Technical Preview  represents just the first installment of a continuous innovation process planned for Azure Stack, which will eventually lead to enterprise customers being able to fully deliver Azure services from their own datacenters. However, Microsoft said that the three PaaS resource providers it has now delivered, for Web Apps SQL and MySQL, are still only at the early preview stage.

“Each service in Azure is a candidate for being distributed through Azure Stack and we will listen to customer input and consider technical feasibility in determining the roadmap,” Microsoft’s Azure Stack white paper explained.

Azure Stack is obviously going up against the likes of OpenStack, the open source enterprise cloud computing platform that now has the backing of everybody from Rackspace, HP Enterprise and IBM, as well as a thriving startup ecosystem. Microsoft clearly hopes that its hybrid story will allow it to position Azure Stack as a viable alternative against this quickly growing open source competitor.

In many ways, Azure Stack is the logical next step in Microsoft’s overall hybrid cloud strategy. If you’re expecting to regularly move some workloads between your own data center and Azure (or maybe add some capacity in the cloud as needed), having a single platform and only one set of APIs across your own data center and the cloud to work with greatly simplifies the process.

I am still in the process of deploying and reviewing Azure Stack Technical Preview in my lab, but wanted to give everyone an understanding of what Azure Stack is and where it is going.  My review will be coming over the next few weeks…Stay tuned.
IMO… This year will be a significant milestone in helping customers meet their agile development (DevOps) needs while providing the control corporate IT requires by bringing the power of Azure to your on premise environment..

Until next time, Rob.

Understanding Windows Azure Pack – Reconfigure portal names, ports and deploy certificates – Part 6

happynewyear1 Windows Azure Pack
Happy New Year Everyone!!!  I know Azure Stack is just around the corner, but I still get lots of questions around configuring WAP and portals. So to follow-up my Windows Azure Pack (WAP) series, I am going to talk about reconfiguring server names and ports as well as assigning trusted certificates to my WAP Portals.

If you missed other parts of the series, check links below:
Part 1 – Understanding Windows Azure Pack
Part 2 – Understanding Windows Azure Pack – Deployment Scenarios
Part 3 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Environment Prep
Part 4 – Deploying Service Provider Framework on Nutanix
Part 5 – Understanding Windows Azure Pack – How to guide with Express Edition on Nutanix – Windows Azure Pack Install

In this blog post, we will look at how you can change portal names and ports for the Tenant and Admin portals in WAP.

Once we are done with that, we are going to issue certificates from an Enterprise CA to the Admin portal as well as issuing a certificate to the Tenant Portal. As I don’t have a Public CA Certificate,  I’m going to use one from my Enterprise CA, but the concept for a Public CA is exactly the same as if I was using certificates from a trusted CA like VeriSign, DigiCert or similar.
wap-reconfig1 Windows Azure Pack
Windows Azure Pack Tenant Portal


Architecture:

Windows Azure Pack has different components which serve various functions as I mentioned in previous blog posts.
By looking at the roles being installed on a WAP Server for an express install, we can see a long list of Web Services running on the WAP Server. These different Web Services provide various roles within the WAP Infrastructure
In this lab scenario, we will be working with the following Web Services:

  • WAP Tenant Portal Service (MgmtSvc-TenantSite): Hosts the WAP Tenant Portal
  • WAP Tenant Authentication Service (MgmtSvc-AuthSite): Hosts the authentication for tenants
  • WAP Admin Portal Service (MgmtSvc-WindowsAdminSite): Hosts the Admin Portal
  • WAP Admin Authentication Service (MgmtSvc-WindowsAuthSite): Hosts the Admin Authentication

wap-config2 Windows Azure Pack

When a tenant accesses the WAP Tenant portal (exposed to the Internet) they will be redirected to the WAP Tenant Authentication Service to validate if the user is allowed to access the system, once the WAP Tenant Authentication service has validated the user, it will be redirected back to the WAP Tenant portal with access to WAP services. The tenant authentication service uses claim based authentication and can use different authentication methods like Active Directory Federation Services (ADFS) or .Net. In this scenario we are using default authentication (.Net), in the future blog post, I will tie in ADFS.

In the my lab setup these services are running on the same server (WAP01.contoso.com) as shown above..

A similar scenario happens when a WAP Administrator accesses the WAP Admin portal (only accessible on the internal network), the WAP admin portal will redirect the admin to the WAP Admin Authentication service which by default uses Windows Authentication. Once Windows Authentication service has authenticated the user, the user is redirected back to the WAP Admin portal with access to WAP.


Scenario:

After Installing and configuring Windows Azure Pack with the basic settings for the Contoso.com lab setup, the next steps are to configure the following:

  • Change WAP portal name.
  • Configure tenant and admin portals to run on port 443 (Https).
  • Replace the self-signed certificates with certificates provided by the enterprise CA (and consequently remove the warnings displayed in Internet Explorer due to the self-signed certificates).
  • Change the WAP Tenant Portal to use an internet facing url.
  • Change the WAP Tenant Authentication site to use the public web address that is also used by the WAP Tenant Portal.

The servers for this lab are configured as follows:

RoleNameFunction
Active DirectoryDC01.contoso.comActive Directory, ADFS, Certificate Server
Windows Azure PackWAP01.contoso.comWindows Azure Pack Express Install
Service Provider FoundationSPF01.contoso.comService Provider Foundation
SQL ServerDB02.contoso.comSQL Instance hosting the WAP databases
Virtual Machine ManagerVMM01.contoso.comVirtual Machine Manager 2012 R2 managing one Nutanix Hyper-V Cluster

The portals DNS names will be renamed to the following:

  • WAP Admin Portal: wapadmin.contoso.com port 443
  • WAP Tenant Portal Internal: WAPCloud.contoso.com port: 443
  • WAP Tenant Auth: wapcloud.contoso.com port: 444

Disclaimer: This environment is meant for testing only. This should not be considered guidance for production use, as several decisions made in this blog post are not targeting a production environment.

Reconfigure portal names for Windows Azure Pack

As the two WAP Portals by default (in our lab setup) are installed with https://wap01.contoso.com:30081 for the Tenant Portal and https://WAP01.contoso.com: 30091 for the Admin Portal we want to change these to use more portal friendly names.

To accomplish this, we need to do the following:

  • Create a DNS record for the new portals.
  • Install and configure an enterprise CA.
  • Request certificates for WAP Web Services from the CA.
  • Change ports and assign certificates for WAP Services.
  • Update Windows Azure Pack with the new web service modifications.

Create a DNS record for the new portals

  1. Logon to the DNS server.
  2. Start DNS Manager
  3. Expand dc01 > Forward Lookup Zone > <Yourdomain> (e.g. contoso.com)
  4. Right click on <Yourdomain> and select New Host (A-Record)
  5. Provide the DNS name and the IP address of the WAP Admin Server (e.g. Name: wapadmin, IP: 192.168.1.40)
    wap-reconfig4 Windows Azure Pack
  6. Create the other DNS name for the remaining portal (e.g. wapcloud,) and provide the WAP01 IP address as all roles are installed on the same server in the lab setup.
  7. Verify that the DNS records shows in the list.
    5wap-reconfig4 Windows Azure Pack
  8. Close the DNS Manager.

Use trusted certificates for the Windows Azure Pack

In order to use CA signed certificates in our Lab environment we need to do the following:

  • Install a CA Server
  • Configure the CA Server
  • Request Web Server certificates from the CA Server
  • Change Web Sites to use certificate.

Install a CA Server

  1. Logon to the server that will be running the CA Server (e.g. DC01)
  2. Start Server Manager.
  3. Select Dashboard on the left.
  4. Click Add roles and features.
  5. Click next to: before you begin, Installation type and server selection.
  6. In Server Roles select Active Directory Certificate Services under Roles.
  7. Click next to features.
  8. Under Role Services Select the following: Certification Services, Certificate Enrolment Policy.., Certificate Enrolment Web, Certification Authority..
  9. Accept the add-ons and click next to Web Role Services.
  10. Click Install.
  11. Verify that the install finishes with success.

Configure CA Server

  1. On the CA Server start Server Manager as a user that is member of Enterprise Admins.
  2. Select AD CS on the left.
  3. A message will show in the main window:
    wap-reconfig6 Windows Azure Pack
  4. Click on More.
  5. In the server task details click on Configure Active Directory Cert.
  6. Select All Roles to configure except for Web Service and click Next.
  7. Select Enterprise CA.
  8. Select Root CA.
  9. Select Create a new private key and click next.
  10. Click next to cryptography.
  11. Click next to CA Name and keep default. wap-reconfig8 Windows Azure Pack
  12. Keep 5 years and click next
  13. Click next to Certificate Database
  14. Select Windows Integrated auth.. and click next
  15. Under Server Certificate Select Choose and assign a certificate for SSL later and click next
  16. Click Configure
  17. Click Close

Change WEB Sites to use Certificate

Issue Certificate for the WAP Admin Portal

  1. Logon to the WAP Server as an administrator (e.g. wap01.contoso.com)
  2. Open IIS Manager on the WAP Portal Server
  3. Select the IIS server under connections
  4. In the main window select server certificates under IIS
  5. In the right windows select create a domain certificate
  6. Specify the following:
  7. WAPAdmin FQDN under common name (e.g. wapadmin.contoso.com)
  8. Organization: Contoso
  9. Organ unit: NA
  10. City NA
  11. State NA
  12. Click Next
  13. Select a CA and provide the friendly name for the certificate (e.g. wapadmin.contoso.com) wap-reconfig9 Windows Azure Pack
  14. Click Finish
  15. Verify that the certificate shows in the list of certificate wap-reconfig10 Windows Azure PackWe now have a web certificate, which we can use for the WAP Admin Portal.
  16. Request two more certificate following the same procedure:
    1. WAP Authentication: wap01.contoso.com
    2. WAP Tenant Portal Internal: WAPCloud.contoso.com
  17. There should now be three certificates in the Web Server Certificate list from Contoso CA. wap-reconfig11 Windows Azure Pack

Change ports and certificates for the WAP Admin Portal

  1. Logon to the WAP server as Administrator (This assumes it’s an express install).
  2. Start ISS Manager.
  3. Expand IIS Server > Sites.
  4. Right click on MgmtSvc-AdminSite and select edit bindings.
  5. Select https 30091 and select edit.
  6. Change port to 443.
  7. Set hostname to wapadmin.contoso.com.
  8. Select the certificate from the drop down list which was created earlier from the CA. wap-reconfig12 Windows Azure Pack
  9. Click Ok.
  10. Restart the Web Site.
  11. Right click on MgmtSvc-WindowsAuthSite and select edit bindings.
  12. Select the certificate from the list wap01.contoso.com.
  13. Click Ok.

Change ports and certificates for the WAP Tenant Portals

The following steps needs to be done in order to change ports and certificates for the tenant portal.

  1. Logon to the WAP server as Administrator (This assumes it’s an express install).
  2. Start ISS Manager.
  3. Expand IIS Server > Sites.
  4. Right click on MgmtSvc-TenantSite and select edit bindings.
  5. Select https 30081 and select edit.
  6. Change port to 443.
  7. Set hostname to wapcloud.contoso.com.
  8. Select wapcloud.contoso.com in the drop down list for certificates
  9. Click Close
  10. Right click on MgmtSvc-AuthSite and select edit bindings
  11. Select https 30071 and select edit.
  12. Change port to 444.
  13. Select wapcloud.contoso.com in the drop down list for certificates.
  14. Restart the MgmtSvc-TenantSite Web Site from the action menu.
  15. Restart the MgmtSvc-AuthSite Web Site from the action menu.

Update Windows Azure Pack with the new settings

Updating the Windows Azure Admin Portal

The TechNet documentation can be found here: Reconfigure FQDNs and Ports in Windows Azure Pack
To update WAP with our modifications the following commands needs to be executed, where we will use the values used in the scenario.

  • Set-MgmtSvcFqdn: This command will update the FQDN names for the modified services in the WAP Database.
  • Set-MgmtSvcRelyingPartySettings: This command will set the relay location for the WAP authentication service (Tenant or Admin)
  • Set-MgmtSvcIdentityProviderSettings: This command will update the authentication service where redirects will be redirected once verified.
We will be using the following arguments while executing the commands:
WAP Database Server:  db02.contoso.com
WAP Database user:    sa
Admin Portal FQDN:    wapadmin.contoso.com
Admin Portal Port:    443
Admin Auth Service:   wap01.contoso.com:30072
To update the modification made to WAP Services in the WAP database do the following.

  1. Logon to the WAP Server as a WAP Administrator.
  2. Start a PowerShell window.
  3. Import the WAP PowerShell module:

    Import-Module -Name MgmtSvcConfig

  4. Update WAP Admin Portal with the updated FQDN settings by running the following command:

    Set-MgmtSvcFqdn -Namespace “AdminSite” -FullyQualifiedDomainName “wapadmin.contoso.com” -Port 443 -Server “db02”
    3wap-reconfig12 Windows Azure Pack

  5. To set the WAP authentication service FQDN for the admin portal run the following command.Set-MgmtSvcRelyingPartySettings –Target Admin –MetadataEndpoint ‘https://wap01.contoso.com:30072/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=db02.contoso.com;User ID=sa;Password=*******”
    wap-reconfig2 Windows Azure Pack
  6. To set the authentication service redirection location to the admin portal run the following command:Set-MgmtSvcIdentityProviderSettings –Target Windows –MetadataEndpoint ‘https://wapadmin.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=db02.contoso.com;User ID=sa;Password=********”
    wap-reconfig17 Windows Azure Pack

Updating the Windows Azure Tenant Portal

The following attributes are used for configuring the WAP Tenant Portal.
WAP Database Server: db02.contoso.com
WAP Database user: sa
Tenant Portal FQDN: wapcloud.contoso.com
Admin Portal Port: 443
Admin Auth Service: wapcloud.contoso.com:444
To update the tenant portal do the following:

  1. Logon to the WAP Server as an Administrator.
  2. Start PowerShell.
  3. Import the WAP PowerShell module:
    Import-Module -Name MgmtSvcConfig
  4. Update WAP Tenant Portal with the updated settings by running the following command:

Set-MgmtSvcFqdn -Namespace “TenantSite” -FullyQualifiedDomainName “wapcloud.contoso.com” -Port 443 -Server “db02”
wap-config1 Windows Azure Pack

5. Update WAP Tenant Auth Site with the updated settings by running the following command:

Set-MgmtSvcFqdn -Namespace “AuthSite” -FullyQualifiedDomainName “wapcloud.contoso.com” -Port 444 -Server “db02”
wap-config2 Windows Azure Pack

6. To set the WAP authentication service FQDN for the tenant portal run the following command.

Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://wapcloud.contoso.com:444/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=db02.contoso.com;User ID=sa;Password=********”
wap-config3 Windows Azure Pack

7. To set the authentication service redirection location to the admin portal run the following command.

Set-MgmtSvcIdentityProviderSettings –Target Membership –MetadataEndpoint ‘https://wapcloud.contoso.com/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=db02.contoso.com;User ID=sa;Password=********”wap-config4 Windows Azure Pack

Verify the WAP modification works.

Pre-requisite: As we don’t have a public certificate for my lab setup we are going to install the CA certificate on the computers in the Trusted Certificates store from where we will access the WAP Portals.

  1. Login to a computer as a user that has WAP Admin Portal access.
  2. Start a browser.
  3. Type the URL that the WAP Admin Portal was changed to (E.g. https://wapadmin.contoso.com)

    Verify that the WAP Admin Portal loads using the new URL

wap-config5 Windows Azure Pack
Verify that the tenant portal works by opening a browser and go to https://wapcloud.contoso.com.
During the authentication sign-in process note the redirection to the wapcloud.contoso.com:444 authentication site.
wap-config6 Windows Azure Packwap-config7 Windows Azure Pack

Verify that after login the login redirects you back to the WAP Portal.

wap-config8 Windows Azure Pack

Summary

The goal with this blog post was to show how it’s possible to reconfigure portal names, ports and use certificates after deploying the Windows Azure Pack and I think I’ve done that.  But, as always, if you have any questions or comments, let me know…..

Until next time, Rob.

Deploying a Test Lab SQL 2012 AlwaysOn Availability Group with Hyper-V on Nutanix – Failover Cluster Configuration – Part 1

In my various blog series, you need a SQL 2012 server setup for hosting databases with different Microsoft Solutions. Testing out on a SQL AlwaysOn AG will give you a feel of a real world scenario.

If you want to understand SQL 2012 Always-On Availability Group, check my blog post on SQL 2012 AlwaysON Feature – What is it? How does it work?.

To learn more about SQL Server on Nutanix Check out the Microsoft SQL Server on Nutanix Best Practices!

To give credit, most of the content was taken from Steve Poitras’s blog.  He did a series on Configuring SQL Server on VMware ESXi that is awesome and I altered it for Hyper-V and added more details for installing.

In the following blog post,  I’ll go over how to install and configure a test lab Microsoft SQL Server AlwaysOn AG with Hyper-V on Nutanix.

There are 4 parts:

  • Windows Server 2012 R2 Failover Cluster Configuration – Part 1 – This blog post
  • SQL 2012 Install with SP3 – Part 2 – coming soon
  • SQL Server AlwaysOn AG Configuration – Part 3 – coming soon
  • Adding Databases to a AlwaysOn AG – Part 4 – coming soon

Requirements:

  1. Two identical virtual machines with Windows Server 2012 R2 installed
  2. Administrative Accounts have been created
    1. Domain Admin account for install
    2. SQL Server Account
    3. SQL Agent Account
  3. Storage has been allocated and assigned as follows:
    1. 2 disks for SQL Database storage – 1 drive per server, for Always On AG
    2. Both disks should be assigned the same drive letter on both machines
  4. IP Address reserved for AG Listener
  5. SMB file share on a Nutanix cluster used for Quorum
  6. Failover Cluster Feature is installed on both machines

Windows Server 2012 R2 Failover Cluster Installation

In Server Manager, Select Tools, Failover Cluster Manager. In Failover Cluster Manager select Create Cluster
fc1
Click Next
fc2
Browse or enter the Server Name for both Servers to be added to the Cluster and Click Add
fc3
The servers for the cluster will be shown below, click Next
fc4

Select Yes to run the cluster validation, and click Next
fc5Click Next
fc6

Select Run all tests… and click Next
fc7
Click Next
fc8
If some tests fail check the failed tests by clicking on View Report. In my example these servers are both mounting NDFS locally using the private IP (192.168.5.2) which gave a duplicate IP error message. This can be ignored.

Click Finish
fc9

Type in a Cluster Name and click Next.  NOTE: the Cluster Name should be less than 15 characters for NETBIOS
fc10

Un-check Add eligible storage to the cluster and click Next.  Since we’re using a file share based quorum we don’t need to add any storage to the cluster.  If we were using iSCSI we could add the iSCSI LUN to the cluster for the quorum
fc11
Click Finish
fc25Right click on the Cluster and navigate to ‘Configure Cluster Quorum Settings…’
fc13