Add cloud to your datacenter with an easy-to-deploy integrated system

The Cloud Platform System portfolio of integrated systems provides an Azure-consistent cloud-in-a-box for your virtualized Windows and Linux workloads, accelerating your journey to cloud with a factory-integrated solution. Cloud Platform System combines Microsoft’s proven software stack of Windows Server 2012 R2, System Center 2012 R2, and Windows Azure Pack, with server, storage, and networking hardware from industry leading vendors. Cloud Platform System improves your time-to-value and enables a consistent cloud experience, allowing you to scale from as small as three nodes with Cloud Platform System Standard to up to 128 with Cloud Platform System Premium, depending on your needs.

Benefits

With its software-defined architecture, factory integration and simplified order process, Cloud Platform System accelerates your journey to your hybrid cloud. Cloud Platform System delivers a self-service, multi-tenant cloud environment for Windows and Linux applications that provides optimized deployment packs—both for applications like Microsoft SQL Server, SharePoint and Exchange, as well as remote desktops/desktop virtualization.

Spend smarter

Cloud Platform System lowers costs at all stages of the infrastructure life-cycle. The software-defined architecture is validated and integrated at the factory, decreasing risk and complexity, while accelerating deployment time from months to days. Single-point-of-contact support simplifies issue resolution and reduces the risk of outages.

Azure-consistent cloud experience

Cloud Platform System has been architected for agility and resiliency based on the experience gained from Azure. Cloud Platform System offers consistent public, private, and hybrid cloud experiences for maximum flexibility.

Simplify everything

Cloud Platform System enables faster time-to-value by reducing overhead, accelerating problem resolution, and standardizing the infrastructure to free up IT resources to focus on innovation. Cloud Platform System empowers infrastructure users through self-service, while enabling data governance, geo sovereignty, and regulatory compliance.

Cloud Solutions blog

See all

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Building Clouds</title> <atom:link href="https://blogs.technet.microsoft.com/privatecloud/feed/" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/privatecloud</link> <description>...building hybrid clouds that can support any device from anywhere</description> <lastBuildDate>Wed, 29 Jun 2016 21:25:56 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <generator>http://wordpress.org/?v=4.3.4</generator> <item> <title>ARM concepts in Azure Stack for the WAP Administrator – In-guest configuration with ARM, and technologies such as Virtual Machines Extensions, including PowerShell Desired State Configuration (DSC)</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/06/29/arm-concepts-in-azure-stack-for-the-wap-administrator-in-guest-configuration-with-arm-and-technologies-such-as-virtual-machines-extensions-including-powershell-desired-state-configuration-d/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/06/29/arm-concepts-in-azure-stack-for-the-wap-administrator-in-guest-configuration-with-arm-and-technologies-such-as-virtual-machines-extensions-including-powershell-desired-state-configuration-d/#comments</comments> <pubDate>Wed, 29 Jun 2016 21:25:00 +0000</pubDate> <dc:creator><![CDATA[Tiander Turpijn [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[ARM]]></category> <category><![CDATA[Azure Automation]]></category> <category><![CDATA[Azure Resource Manager]]></category> <category><![CDATA[Azure Stack]]></category> <category><![CDATA[AzureStack]]></category> <category><![CDATA[Building Clouds]]></category> <category><![CDATA[building clouds blog]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Microsoft Azure]]></category> <category><![CDATA[PowerShell DSC]]></category> <category><![CDATA[WAP]]></category> <category><![CDATA[Windows Azure Pack]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=8765</guid> <description><![CDATA[Hello Readers! This is part 7 of the blog post series “ARM concepts in Azure Stack for the WAP Administrator.” In this post we’ll focus on the VM configuration itself, leveraging Azure Resource Manager (ARM), VM Extensions and PowerShell DSC. NoteSome information relates to pre-released product which may be substantially modified before it’s commercially released.... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/06/29/arm-concepts-in-azure-stack-for-the-wap-administrator-in-guest-configuration-with-arm-and-technologies-such-as-virtual-machines-extensions-including-powershell-desired-state-configuration-d/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello Readers! This is part 7 of the blog post series “ARM concepts in Azure Stack for the WAP Administrator.” In this post we’ll focus on the VM configuration itself, leveraging Azure Resource Manager (ARM), VM Extensions and PowerShell DSC. Note Some information relates to pre-released product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Here is the table of contents for the series of post so that you’ll find it easier to navigate across the series: Table of contents <ol> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/08/arm-concepts-in-azure-stack-for-the-wap-administratorintroduction-post/">Introductory post</a>, and some first information on the <a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-poc/">Azure Stack POC</a> architecture and ARM’s role <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/15/arm-concepts-in-azure-stack-for-the-wap-administrator-cloud-service-delivery/">Cloud Service Delivery</a> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/24/arm-concepts-in-azure-stack-for-the-wap-administrator-offers-plans-and-subscriptions-2/">Plans, offers, and subscriptions</a> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/">Resource Deployment</a> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/01/arm-concepts-in-azure-stack-for-the-wap-administrator-packaging-and-publishing-templates-on-azure-stack/">Packaging and publishing templates on Azure Stack</a> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/">Multi-tier applications with ARM</a> <li>In-guest configuration with ARM, and technologies such as Virtual Machines Extensions, including PowerShell Desired State Configuration (DSC) – this post <li>Troubleshooting IaaS deployments in Azure Stack—this maps to an understanding of how the different Resource Providers (RPs) work together in an Azure Stack installation </li> </ol> <hr> <h2>Introduction</h2> Victor Arzate has done a great job in laying down the foundation for this blog post by describing how to <a href="https://blogs.technet.microsoft.com/privatecloud/2016/03/18/arm-concepts-in-azure-stack-for-the-wap-administrator-resource-deployment/" target="_blank">deploy resources</a> and <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/" target="_blank">multi-tier applications</a>. In this blog post we will dive deeper in how to configure a VM, also known as in-guest configuration. We will briefly revisit the options you have in Windows Azure Pack (WAP), look at Azure Stack and discover the similarities between the two. <hr> <h2>VM deployment and configuration in Windows Azure Pack</h2> Let’s revisit  the options in WAP to deploy a VM: <ul> <li>VM Standalone – mapped to a VM template in System Center Virtual Machine Manager (SCVMM) <li>VM Role – allows integration of application installation during deployment </li> </ul> <blockquote><a href="https://msdnshared.blob.core.windows.net/media/2016/06/image128.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;margin: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb118.png" width="216" height="175"></a> </blockquote> And as mentioned in the previous posts, Service Management Automation (SMA) can be used to automate and orchestrate a VM deployment and configuration (and much more) in WAP. Desired State Configuration (DSC) can be used to declare the end state of your deployment which can be applied during or after a deployment. With stand-alone virtual machines, you usually deploy a VM with only the operating system installed, but what about if you need more than this? Let’s say, for example, you want to deploy a VM with SQL server? Then you need a technology that allows you to configure the VM itself, once it has been deployed with an OS. VM Roles allow you to perform this as it will deploy the VM with the OS desired and second, it will allow you to perform in-guest configuration via PowerShell DSC. For our example with SQL Server, PowerShell DSC allows you to install the required OS features (for example, .Net Framework) and also it allows you to install the application and configure it as required (in this case, SQL Server). How to create VM roles and use PowerShell DSC is out of scope of this blog, but this has been extensively documented. Two great blog posts which talk about VM role deployment and DSC are: <ul> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2014/02/28/automationthe-new-world-of-tenant-provisioning-with-windows-azure-pack-part-1-introduction-and-table-of-contents/">WAP Tenant provisioning by Charles Joy</a> <li><a href="http://www.hyper-v.nu/archives/bgelens/2015/02/integrating-vm-role-with-desired-state-configuration-part-1-introduction-and-scenario/">VM Role and DSC integration by Ben Gelens</a> </li> </ul> If you are looking for a DSC jump start, then please check out <a href="https://channel9.msdn.com/Series/Getting-Started-with-PowerShell-Desired-State-Configuration-DSC/01" target="_blank">this great video</a> and if you are wondering where you can find DSC resources, please check the <a href="http://www.powershellgallery.com/items?q=dsc&x=0&y=0" target="_blank">PowerShell Gallery</a>. Let’s now look at Azure Stack. <hr> <h2>VM deployment and configuration in Azure Stack</h2> One of the biggest differences between WAP and Azure Stack is Azure Resource Manager (ARM). If you are looking for a primer on ARM I would encourage you to check out <a href="https://channel9.msdn.com/Events/Build/2015/2-659" target="_blank">Ryan Jones’ presentation on ARM</a>. Since ARM is the consistent management layer between Azure and Azure Stack and consumes JSON based templates for VM deployment and configuration, it’s the first obvious step to explore. As pointed out a couple of times already during the blog post series, please do check out and try the available Azure Stack templates <a href="https://github.com/Azure/AzureStack-QuickStart-Templates" target="_blank">here</a>. Notice the green button in the picture below; in a couple of clicks you can download a zip file and explore all sample templates on your local machine or test them in your Azure Stack environment: <blockquote><a href="https://msdnshared.blob.core.windows.net/media/2016/06/image221.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb139.png" width="885" height="225"></a> </blockquote> So with an ARM template you can deploy and configure your VM’s, right? Correct! Let’s look at the options: For new VM’s deploy an ARM template leveraging the: a) Custom Script extension, see <a href="https://github.com/Azure/AzureStack-QuickStart-Templates/tree/master/101-vm-ext-win-cs-scriptfile" target="_blank">this</a> template as an example b) DSC extension, see <a href="https://github.com/Azure/AzureStack-QuickStart-Templates/tree/6a82de37650656be5fd48549df65bb9d96698a28/ad-non-ha" target="_blank">this</a> template as an example c) DSC extension and Azure Automation DSC for pull server functionality, see <a href="https://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-automation-dsc" target="_blank">this</a> template as an example   For existing VM’s: d) Push a DSC configuration using PowerShell Remoting e) Enable the DSC VM extension and assign a configuration f) Enable the DSC VM extension and assign a DSC configuration, leveraging Azure Automation for pull server functionality <ol></ol>   In this blog post will focus on options d and f. Note: Before we move on, it is good to emphasize that DSC investments you have made – or are going to make –  in WAP, Azure or Azure Stack – can be reused in all these areas. Write once, run everywhere!   Let’s look at the relevant VM extensions in an ARM template. VM extension skeleton. Please note the highlighted section in red, these are different in each VM extension as depicted below. <pre> { "type": "Microsoft.Compute/virtualMachines/extensions", "name": "MyExtension", "apiVersion": "2015-05-01-preview", "location": "[parameters('location')]", "dependsOn": ["[concat('Microsoft.Compute/virtualMachines/',parameters('vmName'))]"], "properties": { "publisher": "Publisher Namespace", "type": "extension Name", "typeHandlerVersion": "extension version", "autoUpgradeMinorVersion":true, "settings": { // Extension specific configuration goes in here. } } }</pre>   Custom Script Extension: <pre> { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", "typeHandlerVersion": "1.7", "settings": { "fileUris": [ "http: //Yourstorageaccount.blob.core.windows.net/customscriptfiles/YourScriptGoesHere.ps1" ], "commandToExecute": "powershell.exe-ExecutionPolicyUnrestricted -YourScriptGoesHere.ps1" }, "protectedSettings": { "commandToExecute": "powershell.exe-ExecutionPolicyUnrestricted -YourScriptGoesHere.ps1", "storageAccountName": "yourStorageAccountName", "storageAccountKey": "yourStorageAccountKey" } }</pre> You can refer to <a href="https://github.com/Azure/AzureStack-QuickStart-Templates/tree/master/101-vm-ext-win-cs-scriptfile" target="_blank">this</a> sample from the <a href="https://github.com/Azure/AzureStack-QuickStart-Templates" target="_blank">Azure Stack Quick Start GitHub repository</a> for a complete template using the custom script extension. The Custom Script Extension can be used to invoke a script after deployment to do some post configuration work. For example, we could invoke an Azure Automation runbook leveraging this extension, like a <a href="https://azure.microsoft.com/en-us/documentation/articles/automation-webhooks/" target="_blank">webhook</a> enabled runbook.   DSC Extension: <pre> { "publisher": "Microsoft.Powershell", "type": "DSC", "typeHandlerVersion": "2.1", "settings": { "ModulesUrl": "https://UrlToZipContainingConfigurationScript.ps1.zip", "SasToken": "Optional : SAS Token if ModulesUrl points to Azure Blob Storage", "ConfigurationFunction": "ConfigurationScript.ps1\\ConfigurationFunction", "Properties": { "ParameterToConfigurationFunction1": "Value1", "ParameterToConfigurationFunction2": "Value2", "ParameterOfTypePSCredential1": { "UserName": "UsernameValue1", "Password": "PrivateSettingsRef:Key1(Value is a reference to a member of the Items object in the protected settings)" }, "ParameterOfTypePSCredential2": { "UserName": "UsernameValue2", "Password": "PrivateSettingsRef:Key2" } } }, "protectedSettings": { "Items": { "Key1": "PasswordValue1", "Key2": "PasswordValue2" }, "DataBlobUri": "optional : https: //UrlToConfigurationData.psd1" } }</pre> <h1></h1>   If you want to make sure that you are using the latest version of the Windows Management Framework (WMF) you can add “wmfVersion”: “latest” , see the <a href="https://blogs.msdn.microsoft.com/powershell/2016/02/26/arm-dsc-extension-settings/" target="_blank">ARM DSC Extension Settings</a> for more information. If you want to use the latest DSC extension version, you can add “autoUpgradeMinorVersion”: true right under the line “typeHandlerVersion”: “2.1”,  see <a href="https://blogs.msdn.microsoft.com/powershell/2015/10/02/how-to-use-wmf-4-with-azure-dsc-extension-in-azure-resource-manager-arm/" target="_blank">this link</a> for an example. Note: autoUpgradeMinorVersion works for any VM extension.   Note: it is in the Azure Automation backlog to support invoking an Azure Automation runbook based on a webhook in an ARM template. If you want to provide feedback on this specific topic then please navigate to <a href="https://feedback.azure.com/forums/246290-automation/suggestions/13227531-webhooks-arm-template" target="_blank">this link</a>. Examples of Azure Stack templates which use the DSC extension can be found <a href="https://github.com/Azure/AzureStack-QuickStart-Templates/tree/master/ad-non-ha" target="_blank">here</a>. <hr> <h2>Creating and deploying your own DSC Configuration</h2> In the previous posts we showed you how to deploy a new VM leveraging an ARM template which included the DSC extension to complete the in-guest configuration, so we already have covered that. You can leverage DSC in two different ways: in Push or Pull mode. As you can guess based on the names, in push mode we push the DSC configuration to a node whereas in a pull mode, the node pulls the configuration from a so called DSC Pull Server. Luckily for us, there’s a DSC Pull Server up in the cloud called Azure Automation DSC which takes a way a lot of complexity in setting up a local pull server. A local pull server is a very valid option in a fully disconnected environment, but out of scope for this blog post. Go <a href="https://msdn.microsoft.com/en-us/powershell/dsc/pullserver" target="_blank">here</a> if you want to read up how to install a pull server. Using the Azure Automation DSC Pull Server assumes that your nodes have Internet access, but this is by far the easiest way to manage DSC configurations because your configurations are located and managed in a central place. Let’s look at the following for this blog post: <ul> <li>Create your own DSC configuration <li>Push the configuration to a node and apply <li>Upload your DSC configuration to Azure Automation and compile <ul> <li>This will generate a MOF file which will get consumed by the DSC Local Configuration Manager (LCM) – the DSC engine if you will </li> </ul> <li>Assign the DSC configuration to an existing VM <li>Look at the compliancy state in Azure Automation </li> </ul> <hr> <h2>Create your own DSC configuration</h2> A DSC configuration is like a function in PowerShell and we will use it to declare our end state. Perform the following steps on a machine which has Internet access since we will upload the DSC configuration to Azure Automation. 1. Open PowerShell ISE and let’s create this simple website configuration: <div style="overflow: auto;border-top: black 1px solid;font-family:;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:;background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 </div> </td> <td valign="top" nowrap> <div style="font-family:;background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">Configuration MyCorpWebsite {     param (         $NodeName     )     Node $NodeName {     WindowsFeature IIS     {         Name = ‘Web-Server’         Ensure = ‘Present’     }         WindowsFeature ASP     {         Ensure = “Present”         Name = “Web-Asp-Net45”     }         Service ‘W3svc’     {         Name=‘w3svc’         StartupType = ‘Automatic’         State = ‘Running’         DependsOn = ‘[windowsfeature]iis’     }   } } </div> </td> </tr> </tbody> </table> </div> <h1></h1> 2. Save your DSC configuration locally in a folder, I’ve saved mine to C:\DSC as MyCorpWebsite.ps1 3. Load your DSC configuration into memory so that we can call it (just run the PowerScript in step 1) 4. Let’s generate the MOF file which will be consumed by the Local Configuration Manager, notice that I’m passing a parameter called –NodeName which will generate a MOF file for specifically that node: MyCorpWebsite -NodeName HRB1 -OutputPath c:\DSC\configurations <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image577.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb445.png" width="460" height="167"></a> <hr> <h2>Push the DSC configuration to a node and apply</h2> Now that you have created a DSC configuration and compiled it into a MOF file,  we can push it to a node. Before you can push a DSC configuration to a node, you need to make sure that either WinRM listeners or PowerShell Remoting has been setup on your target machine. Enable-PSRemoting is an easy way to create the required WinRM listeners. A lot already has been written about how to setup PowerShell Remoting and creating WinRM listeners, if you are looking for information on just setting up the required WinRM listeners you can explore <a href="http://www.powershellmagazine.com/2014/04/01/desired-state-configuration-and-the-remoting-myth/" target="_blank">this article</a>. Assuming that you have the prerequisites in place, we can now push the configuration to our node (in my example my host is called HRB1): Start-DscConfiguration –path C:\dsc\configurations –Verbose -Wait -Force –Credential (Get-Credential) –Computername HRB1 Notice that we didn’t have to use PowerShell Remoting because of the WinRM listener being configured through Enable-PSRemoting. It will first prompt us for our credentials: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image579.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb447.png" width="606" height="215"></a> </blockquote> After we’ve authenticated, we will see this is our output: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image580.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb448.png" width="609" height="304"></a> <h1></h1> </blockquote> Let’s check with PowerShell Remoting if our configuration got applied: <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image581.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb449.png" width="661" height="105"></a> Cool stuff! <hr> <h2>Upload your DSC configuration to Azure Automation and compile</h2> The remainder of this blog post will focus on option f (Enable the DSC VM extension and assign a DSC configuration, leveraging Azure Automation for pull server functionality ) – as previously discussed in this blog post. It is assumed that you are familiar with Azure Automation and that you’ve created an Azure Automation account in your subscription. If you are new to Azure Automation, please go <a href="https://azure.microsoft.com/en-us/documentation/learning-paths/automation/" target="_blank">here</a> to start. We will now upload a DSC configuration to Azure Automation and compile it. Let’s use the same configuration as we’ve used previously with the exception that we are going to take out the node section since Azure Automation is going to assign the configuration to the node: <div style="overflow: auto;border-top: black 1px solid;font-family:;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:;background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 </div> </td> <td valign="top" nowrap> <div style="font-family:;background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">Configuration MyCorpWebsite {     WindowsFeature IIS     {         Name = ‘Web-Server’         Ensure = ‘Present’     }         WindowsFeature ASP {     Ensure = “Present” Name = “Web-Asp-Net45”     }         Service ‘W3svc’     {         Name=‘w3svc’         StartupType = ‘Automatic’         State = ‘Running’         DependsOn = ‘[windowsfeature]iis’     } } </div> </td> </tr> </tbody> </table> </div> 1.  Use the following PowerShell script to upload your DSC configuration to Azure Automation and compile it: <div style="overflow: auto;border-top: black 1px solid;font-family:;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:;background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009 010 011 012 013 </div> </td> <td valign="top" nowrap> <div style="font-family:;background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">Add-AzureRmAccount #Get your Azure Automation account where you want to upload your DSC config to $AAaccount = Get-AzureRmAutomationAccount -Name DscAzStack -ResourceGroupName DscAzStack #Import DSC configuration $AAaccount | Import-AzureRmAutomationDscConfiguration -SourcePath ‘C:\DSC\MyCorpWebsite.ps1’ -Published -Force $AAaccount | Get-AzureRmAutomationDscConfiguration -Name MyCorpWebsite #Compile the DSC configuration $job = $AAaccount | Get-AzureRmAutomationDscConfiguration -Name MyCorpWebsite | Start-AzureRmAutomationDscCompilationJob #Get the status of the compilation job $job | Get-AzureRmAutomationDscCompilationJob </div> </td> </tr> </tbody> </table> </div>   That will give you this output: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image283.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb193.png" width="430" height="354"></a> </blockquote> Starting the compilation job: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image284.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb194.png" width="716" height="197"></a> </blockquote> After a short while we see the completion in the Azure Automation portal: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image285.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb195.png" width="441" height="387"></a> </blockquote> Now that we have uploaded and compiled a DSC configuration into Azure Automation we can assign this configuration to a VM. There are two options for assigning a configuration to a VM: 1. Through the Azure Automation portal. This is currently limited to Azure VM’s only within the same subscription 2. Through PowerShell, for VM’s residing outside Azure, like on-premises VM’s or in different clouds like AWS Since this blog post is focused on Azure Stack, PowerShell is going to be our option of choice. <hr> <h2></h2> <h2></h2> <h2>Assign the DSC configuration to an existing VM</h2> <h3></h3> In the <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/" target="_blank">previous post</a> Victor talked already about leveraging <a href="https://github.com/Azure/azure-quickstart-templates/tree/master/dsc-extension-azure-automation-pullserver" target="_blank">this</a> Github template which you can use to onboard a non Azure VM. Let’s drill down a bit on that template. The Github template leverages what is called a DSC metaconfiguration file to onboard the nodes and to configure the Local Configuration Manager (LCM). The DSC metaconfiguration file is stored <a href="https://github.com/Azure/azure-quickstart-templates/blob/master/dsc-extension-azure-automation-pullserver/UpdateLCMforAAPull.zip" target="_blank">here</a>.  Let’s download, extract and examine the file the PowerShell way: <blockquote> <div style="overflow: auto;border-top: black 1px solid;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009</div> </td> <td valign="top" nowrap> <div style="background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">$MetaConfigFileURL = ‘https://github.com/Azure/azure-quickstart-templates/raw/master/dsc-extension-azure-automation-pullserver/UpdateLCMforAAPull.zip’ $MetaConfigFile = ‘UpdateLCMforAAPull’ $OutFolder = ‘C:\DSC’ Invoke-WebRequest  -Uri $MetaConfigFileURL ` -OutFile ($OutFolder + ‘\’ + $MetaConfigFile + ‘.zip’) Expand-Archive ($OutFolder + ‘\’ + $MetaConfigFile + ‘.zip’) -DestinationPath $OutFolder psedit ($OutFolder + ‘\’ + $MetaConfigFile + ‘.ps1’)</div> </td> </tr> </tbody> </table> </div> </blockquote>   The last line in the above PowerShell script will open up the metaconfiguration file: <div style="overflow: auto;border-top: black 1px solid;font-family:;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:;background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 </div> </td> <td valign="top" nowrap> <div style="font-family:;background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">[DscLocalConfigurationManager()] Configuration ConfigureLCMforAAPull {     param     (         [Parameter(Mandatory=$True)]         $RegistrationUrl,         [Parameter(Mandatory=$True)]         [PSCredential]$RegistrationKey,         [Int]$RefreshFrequencyMins = 30,                     [Int]$ConfigurationModeFrequencyMins = 15,                     [String]$ConfigurationMode = “ApplyAndMonitor”,                     [String]$NodeConfigurationName,         [Boolean]$RebootNodeIfNeeded= $False,         [String]$ActionAfterReboot = “ContinueConfiguration”,         [Boolean]$AllowModuleOverwrite = $False,         [String]$Timestamp = “”     )     if(!$RefreshFrequencyMins -or $RefreshFrequencyMins -eq “”)     {         $RefreshFrequencyMins = 30     }     if(!$ConfigurationModeFrequencyMins -or $ConfigurationModeFrequencyMins -eq “”)     {         $ConfigurationModeFrequencyMins = 15     }     if(!$ConfigurationMode -or $ConfigurationMode -eq “”)     {         $ConfigurationMode = “ApplyAndMonitor”     }         if(!$ActionAfterReboot -or $ActionAfterReboot -eq “”)     {         $ActionAfterReboot = “ContinueConfiguration”     }     if(!$NodeConfigurationName -or $NodeConfigurationName -eq “”)     {          $ConfigurationNames = $null     }     else     {         $ConfigurationNames = @($NodeConfigurationName)     }      Settings     {         RefreshFrequencyMins = $RefreshFrequencyMins         RefreshMode = “PULL”         ConfigurationMode = $ConfigurationMode         AllowModuleOverwrite  = $AllowModuleOverwrite         RebootNodeIfNeeded = $RebootNodeIfNeeded         ActionAfterReboot = $ActionAfterReboot         ConfigurationModeFrequencyMins = $ConfigurationModeFrequencyMins     }     ConfigurationRepositoryWeb AzureAutomationDSC     {         ServerUrl = $RegistrationUrl         RegistrationKey = $RegistrationKey.GetNetworkCredential().Password         ConfigurationNames = $ConfigurationNames     }     ResourceRepositoryWeb AzureAutomationDSC     {         ServerUrl = $RegistrationUrl         RegistrationKey = $RegistrationKey.GetNetworkCredential().Password     }     ReportServerWeb AzureAutomationDSC     {         ServerUrl = $RegistrationUrl         RegistrationKey = $RegistrationKey.GetNetworkCredential().Password     } } </div> </td> </tr> </tbody> </table> </div> These settings can all be modified and you can call these from within your own Github repository or a storage container from within Azure or Azure Stack. For example if you want to change the refresh cycle or the reboot behavior. You can find more information how to do so right <a href="https://azure.microsoft.com/en-us/documentation/articles/automation-dsc-onboarding/#generating-dsc-metaconfigurations" target="_blank">here</a>. Since the azuredeploy.json file contains parameters, we can also pass them through PowerShell instead of editing the azuredeploy.parameters.json file. <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image309.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb213.png" width="629" height="286"></a> </blockquote> We can start the onboarding process to Azure Automation DSC in the following way and passing parameters to the New-AzureRmResourceGroupDeployment cmdlet. Notice that I’m passing also our DSC configuration MyCorpWebsite which we’ve created earlier, uploaded and compiled to Azure Automation DSC. You can find the variable below specified as nodeConfigurationName. If you have worked before with DSC, you probably have noticed that I have not specified an AllNodes section in the DSC configuration. This is because – in my example – Azure Automation acts as a pull server and assigns the configuration to the node, hence the MyCorpWebsite.localhost value. Please explore <a href="https://msdn.microsoft.com/en-us/powershell/dsc/configdata" target="_blank">this</a> link if you want to know more about AllNodes configuration and how to separate configuration and environment data. <div style="overflow: auto;border-top: black 1px solid;font-family:;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="font-family:;background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 </div> </td> <td valign="top" nowrap> <div style="font-family:;background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">$AAaccount = Get-AzureRmAutomationAccount -Name DscAzStack -ResourceGroupName DscAzStack $keys = $AAaccount | Get-AzureRmAutomationRegistrationInfo $RgDeployParams =@{     TemplateUri = “https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/dsc-extension-azure-automation-pullserver/azuredeploy.json”     Mode = ‘Incremental’     ResourceGroupName = ‘DSCRG’     TemplateParameterObject = @{         vmName = ‘DSCVM2’         registrationKey = $keys.PrimaryKey         registrationUrl = $Keys.Endpoint         nodeConfigurationName = ‘MyCorpWebsite.localhost’         timestamp = [datetime]::Now.ToString()     } } New-AzureRmResourceGroupDeployment @$RgDeployParams -Force -Verbose </div> </td> </tr> </tbody> </table> </div> <h1></h1>   In the screenshot below you can see that the onboarding went successful: <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image317.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb219.png" width="684" height="344"></a> We can see in Azure Automation that the node has successfully on-boarded and it’s status: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image341.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb238.png" width="521" height="189"></a> </blockquote> Let’s RDP into the VM and check the configuration on the VM itself: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image342.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb239.png" width="437" height="132"></a> </blockquote> Cool! If we check the LCM on the machine, we can see that the VM is configured in Pull mode and being managed by Azure Automation DSC: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image343.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb240.png" width="437" height="255"></a> </blockquote> And if we run Get-DscConfiguration we can see our configuration: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image344.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb241.png" width="366" height="203"></a> </blockquote> <hr> <h2>Installing applications/software with DSC</h2> Recently I got questions if you can also leverage DSC in a DevOps scenario where you need to configure the VM with packages. Yes absolutely! Let me first emphasize that DSC is not a replacement for System Center Configuration Manager (SCCM), which is a change & configuration management solution where software distribution is an important component. SCCM is build for software distribution in a potentially connected/disconnected environment where technologies like BITS, checkpoint restarting, bandwidth throttling, etc. combined with hard and software inventory has its own place. Now back to DSC, how can I get dependency software (packages) on the VM? Well you can leverage the <a href="https://msdn.microsoft.com/en-us/powershell/dsc/packageresource" target="_blank">DSC package resource</a> to start with: <blockquote> <div style="overflow: auto;border-top: black 1px solid;border-right: black 1px solid;width: 650px;border-bottom: black 1px solid;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;border-left: black 1px solid;padding-right: 5px"> <table cellspacing="0" cellpadding="5" border="0"> <tbody> <tr> <td valign="top"> <div style="background: #cecece;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">001 002 003 004 005 006 007 008</div> </td> <td valign="top" nowrap> <div style="background: #fcfcfc;padding-bottom: 5px;padding-top: 5px;padding-left: 5px;padding-right: 5px">Package PackageExample { Ensure = “Present”  # You can also set Ensure to “Absent” Path  = “$Env:SystemDrive\TestFolder\TestProject.msi” Name = “TestPackage” ProductId = “ACDDCDAF-80C6-41E6-A1B9-8ABD8A05027E” }</div> </td> </tr> </tbody> </table> </div> </blockquote> You can define a GUID (in the above example ProductId) which will make sure that only a specific package will get installed and not a rogue MSI. <a href="http://social.technet.microsoft.com/wiki/contents/articles/29105.installing-msi-packages-using-powershell-desired-state-configuration.aspx" target="_blank">This example</a> shows how to install 7Zip. Another option is to use an open source package manager like <a href="https://chocolatey.org/" target="_blank">Chocolatey</a>. Out of scope for this blog post, but if you want to get started with Azure Automation and Chocolately, please check out <a href="https://azure.microsoft.com/en-us/documentation/articles/automation-dsc-cd-chocolatey/" target="_blank">this</a> blog post. It will talk about continuous deployment to Virtual Machines using Automation DSC and Chocolatey in great detail. <hr> <h2>Azure Automation Hybrid Runbook Worker</h2> Azure Automation runbooks are by default executed by Azure runbook workers. As the name says, those runbook worker reside in Azure. This would become a challenge if you want to execute runbooks in your Azure Stack environment. Well not completely, since the Hybrid Runbook Worker (HRB) is designed to execute runbooks on a machine/VM where the HRB role is enabled. This could be a VM within your Azure Stack environment. Why does this makes a difference? Well by running it in your Azure Stack environment you can access local resources (like local accounts), leverage local PowerShell modules and DLL’s and you can access your Azure Stack VM’s. This scenario also allows you to push DSC configurations to your VM’s if you don’t want to onboard them to Azure Automation DSC, but obviously you can run any PowerShell script against your Azure Stack VM’s. Read <a href="https://azure.microsoft.com/en-us/documentation/articles/automation-hybrid-runbook-worker/" target="_blank">this</a> if you want to install the HRB role in your Azure Stack environment. The image below shows an Azure Stack VM where the HRB role is enabled: <blockquote> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/image348.png"><img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/06/image_thumb245.png" width="379" height="343"></a> </blockquote> Using a HRB, you can potentially investigate which Service Management Automation (SMA) runbooks you can leverage using a HBR. Remember that SMA uses PowerShell which is being used in Azure Automation as well. So if you have SMA runbooks like <a href="https://blogs.technet.microsoft.com/privatecloud/2013/08/15/automationservice-management-automation-runbook-spotlightexchange-distribution-list-creation/" target="_blank">these</a> or from the <a href="https://gallery.technet.microsoft.com/site/search?query=sma%20runbook&f%5B0%5D.Value=sma%20runbook&f%5B0%5D.Type=SearchText&ac=4" target="_blank">SMA gallery</a> these can most likely just be copied and re-used in Azure Automation. <hr> <h2>Summary</h2> The most important takeaway from this post is that you should be able to reuse your Windows Azure Pack investments in Desired State Configuration (DSC) in Azure Stack. Your runbooks in Service Management Automation (SMA) can be potentially re-used in Azure Automation, the Hybrid Runbook Worker role might resolve challenges around executing remote runbooks versus executing them locally. In this post we have talked about: <ul> <li>Perform in-guest configurations in WAP and Azure Stack VM’s through DSC <li>Create your own DSC configuration <li>Upload your configuration to Azure Automation DSC and compile it <li>Onboard an existing on-premises VM to Azure Automation DSC and apply a DSC configuration <li>Install packages with DSC and links to integrate package managers like Chocolately <li>Leverage the Azure Automation Hybrid Runbook Worker to execute runbooks locally against your Azure Stack environment </li> </ul> Happy automating! Tiander. ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/06/29/arm-concepts-in-azure-stack-for-the-wap-administrator-in-guest-configuration-with-arm-and-technologies-such-as-virtual-machines-extensions-including-powershell-desired-state-configuration-d/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Backup & Site Recovery (OMS)</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/06/06/backup-site-recovery-oms/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/06/06/backup-site-recovery-oms/#comments</comments> <pubDate>Mon, 06 Jun 2016 12:15:11 +0000</pubDate> <dc:creator><![CDATA[Kristian Nese [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[ARM]]></category> <category><![CDATA[Azure]]></category> <category><![CDATA[Azure Site Recovery]]></category> <category><![CDATA[JSON]]></category> <category><![CDATA[Kristian Nese]]></category> <category><![CDATA[MSOMS]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=8795</guid> <description><![CDATA[We have recently announced the GA for our Backup & Site Recovery (OMS) in Azure Resource Manager, and I would like to use this opportunity to level set on what we are bringing, as well as give you some context and a real kick-start into deploying these resources. Context Microsoft Operations Management Suite (OMS) made its... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/06/06/backup-site-recovery-oms/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[<h1></h1> We have recently announced the GA for our Backup & Site Recovery (OMS) in Azure Resource Manager, and I would like to use this opportunity to level set on what we are bringing, as well as give you some context and a real kick-start into deploying these resources. Context Microsoft Operations Management Suite (OMS) made its entry as a Management-as-a-Service offering, delivered entirely from the cloud as a SaaS solution, helping organizations to gain insight into their operations across clouds. With insight, we got a holistic view of the entire operations from a Windows/Linux point of view, security, identity, malware, updates, configuration changes and much more – regardless of clouds. This was an important and strategic move for us – knowing that organizations aren’t running entirely from a single datacenter anymore and that the cloud cadence had definitively been forming the landscape and the new demand for management in an entirely new way. It was about time to reduce the complexity of doing cloud management. Let us start this blog post by doing a breakdown of Microsoft OMS in the context of Microsoft Azure. <h3>Microsoft Azure</h3> First thing first, we need to emphasize that OMS is a constellation of some first-class citizens in Microsoft Azure. <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms1.jpg"><img class="alignnone size-full wp-image-8805" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms1.jpg" alt="oms1" width="214" height="168" /></a> This is important to know and be aware of, as you will bring this into consideration when you are later planning to deploy OMS into your organization, or behalf of customers if you are a Service Provider. Microsoft Azure has been undergoing huge changes over the last 14-16 months with the release of Azure Resource Manager (ARM) API – and the new portal (portal.azure.com) that is built upon the new ARM model. For those of you who have been using Azure for a while, you know that the ‘previous’ Azure, also referred to as Service Management API and classic is still there, it is still available, and you can deploy and manage your resources into that model as well. However, moving forward you will likely focus entirely on Azure in the context of Azure Resource Manager, which also brings consistency ‘down to earth’ with Microsoft Azure Stack. The reason why I am bringing all this up is to give you a better understanding of where we are coming from and where we are going with OMS in all of this. OMS is a set of Azure services and during its birth, it was based on the following services in Classic Azure: <ul> <li>Operational Insight</li> <li>Azure Automation</li> <li>Azure Site Recovery</li> <li>Azure Backup</li> </ul> These were the services you got when you started with OMS. They would surface into the OMS Workspace and gave you a consolidated view of what was going on. However, most of the configuration had to take place on the actual resource level in the Azure portal. In Azure now, they are referred to as: <ul> <li>Log Analytics (formerly known as Operational Insight)</li> <li>Azure Automation (same name, but new capabilities, features and Resource Provider)</li> <li>Backup and Site Recovery (formerly known as Azure Backup and Azure Site Recovery, are now sharing the same Resource Provider within ARM)</li> </ul> What does this really mean? Since these services has reached ARM, this gives us plenty of more opportunities! In regards to deployment, operations, management, RBAC and much more, we can leverage ARM templates to literally instantiate whatever we need in Azure. In other words, we can treat our OMS resources just as any first class citizen in Azure. Each of these Resource Providers have their unique namespace with different resource types. Log Analytics: “Microsoft.OperationalInsights/workspaces” Azure Automation: “Microsoft.Automation/automationAccounts” Azure Recovery Vault: “Microsoft.RecoveryServices/vaults” Since they are now within ARM, we can take advantage of built-in RBAC capabilities, Tags, policies, resource locks and much more. It’s also worth mentioning that OMS will likely pull on other Azure services as well, such as Storage Accounts when you want to enable diagnostics on services and ingest this into Log Analytics for further analysis and research, and also globally or locally redundant storage for backup and replication scenarios. <h2>Backup and Site Recovery (OMS)</h2> Historically, there hasn’t been a clear distinguish between backup and disaster recovery for most customers and this has in some situations lead to confusion – while that’s the last thing you need when you are running into a situation where you need to perform either restore or a DR failover. We want to make this as simple as possible so that you have a one stop solution when you need to manage your backup and recovery scenarios regardless of clouds, locations and workloads with Backup and Site Recovery (OMS). Let us have a look at the new Resource Provider for Backup and Site Recovery (OMS) within Azure Resource Manager to point out some of the changes we are bringing. <h2>Deployment</h2> For deploying Backup and Site Recovery (OMS), you can use your preferred method whether this is through PowerShell cmdlets, ARM templates or the portal directly. <h3>Portal Experience</h3> <ol> <li>Login to <a href="https://portal.azure.com">https://portal.azure.com</a></li> <li>Click ‘New’ and search for OMS</li> <li>Select ‘Backup and Site Recovery (OMS)’ and click create</li> </ol> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms2.jpg"><img class="alignnone size-medium wp-image-8806" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms2-201x300.jpg" alt="oms2" width="201" height="300" /></a> <ol start="4"> <li>Assign a name to the resource, select Azure region where you want to create the vault and a Resource Group</li> </ol> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms3.jpg"><img class="alignnone size-medium wp-image-8816" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms3-236x300.jpg" alt="oms3" width="236" height="300" /></a> That’s it! You have now created your Backup and Site Recovery (OMS) vault! <h3>Azure Resource Manager (ARM) template</h3> Simply click on this URL and you will be sent to the Azure Portal where you can specify the input parameters: <a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fkrnese%2FAzureDeploy%2Fmaster%2FOMS%2FMSOMS%2FBackupandRecoveryOMS%2Fazuredeploy.json" target="_blank">Deploy to Azure!</a> <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms4.jpg"><img class="alignnone size-medium wp-image-8826" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms4-300x269.jpg" alt="oms4" width="300" height="269" /></a> <h3>PowerShell</h3> <ol> <li>Login to your Azure subscription using Login-AzureRmAccount –credential (get-credential)</li> </ol> <ol start="2"> <li>Run the following cmdlet to create a new vault in an existing resource group:</li> </ol> New-AzureRmRecoveryServicesVault -Name MyRecoveryVault -ResourceGroupName OMSRecovery -Location westeurope -Verbose Or, you can deploy the template from GitHub using PowerShell:   <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms10.jpg"><img class="alignnone wp-image-8885" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms10-300x126.jpg" alt="oms10" width="417" height="175" /></a> Once deployed, you will be able to use your vault to configure the following scenarios – all from a single pane of glass! <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms5.jpg"><img class="alignnone size-medium wp-image-8827" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms5-300x102.jpg" alt="oms5" width="300" height="102" /></a> With Site Recovery as part of the Resource Provider, you can now easily configure and setup your DR scenario(s), whether this is protection of HyperV/VMM environments to Azure or between your own datacenters, or VMware/physical. We have invested in the user experience to make it as simple as possible, where we guide you through the correct workflow depending on the scenario you are configuring for. When you’re in the portal, you can look under ‘All Settings’ for the ‘Getting Started’ section. <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms6.jpg"><img class="alignnone size-medium wp-image-8835" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms6-219x300.jpg" alt="oms6" width="219" height="300" /></a> If you click on ‘Site Recovery’, we will ask you the right questions to help you configure your Site Recovery scenario. Here’s a screenshot that shows the applicable steps for configuring protection of Hyper-V virtual machines on-prem to Azure <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms7.jpg"><img class="alignnone size-medium wp-image-8845" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms7-300x173.jpg" alt="oms7" width="300" height="173" /></a> If you select anything different than showed above, the blades will update and reflect those changes so that you are confident to configure it correctly. For backup scenarios, we are doing exactly the same, asking you where your workload is running and what you want to protect. <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms8.jpg"><img class="alignnone size-medium wp-image-8855" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms8-300x126.jpg" alt="oms8" width="300" height="126" /></a> Once you have configured your scenarios, you can manage them later from the same location. <a href="https://msdnshared.blob.core.windows.net/media/2016/06/oms91.jpg"><img class="alignnone size-full wp-image-8875" src="https://msdnshared.blob.core.windows.net/media/2016/06/oms91.jpg" alt="oms9" width="293" height="182" /></a> Summary With all the core components of OMS available within Azure Resource Manager, we can now deploy and manage these resources in a declarative way just as we would do with any other resource in Azure. Since combining both backup and site recovery in the same resource provider, we believe we have made it much simpler to configure and orchestrate the operations to ensure business continuity for our customers, regardless of clouds, locations and workloads. You now have a one stop solution for all of this – and we encourage you to get started using the examples provided above to see how Backup and Site Recovery (OMS) can help you to an effective solution for your business continuity plans. Kristian Nese, Senior Program Manager ECG CAT (Feel free to join the conversation on twitter, by pinging me at @KristianNese ) ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/06/06/backup-site-recovery-oms/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> <item> <title>Part 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/#comments</comments> <pubDate>Fri, 13 May 2016 13:50:07 +0000</pubDate> <dc:creator><![CDATA[Anders Ravnholt [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=8076</guid> <description><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog posts are: Part – 1: Nano Server Domain Join (Deployment-at-a-scale an introduction) Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server at-a-scale Part... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog posts are: <ul> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/">Part – 1: Nano Server Domain Join (Deployment-at-a-scale an introduction)</a> </li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server at-a-scale</a> </li> <li>Part – 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale (This blog post) </li> <li>Part – 4: Bare Metal Deployment (BMD) Considerations </li> </ul> In the previous blog post (<a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">here</a>) we discussed how to build a Windows PE and Nano Server image to deploy Nano Server. In this blog post we will discuss how to configure WDS, Unattend.xml file, WINPE Image, and Nano Server image to deploy Nano Server at-a-scale. The high level tasks in this blog post will be: <ul> <li>Pre-requisites for the solution </li> <li>Configuring WDS server </li> <li>Import Windows PE Image </li> <li>Import Nano Server Image </li> <li>Configure Unattend.xml file within WDS </li> <li>Deploy Nano Server using a Gen2 VM with input (Example 1). </li> <li>Deploy Nano Server using a Gen2 VM without input (Example 2). </li> <li>Next Step </li> </ul> Pre-requisites for the solution: The following Pre-requisites are needed in order to deploy Nano Server and join it to a domain: <ol> <li>AD domain </li> <li>DHCP Server with IP scope which the VM or physical server can lease an IP address from </li> <li>WDS Server (Domain joined) </li> <li>Modified WinPE Image (<a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">as created in the previous blog post</a>) </li> <li>Nano WIM / VHD / VHDX Image (<a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">as created in the previous blog post)</a> </li> <li>Domain account(s) to create the AD computer object and authenticate with WDS server. </li> <li>Hyper-V server with two Gen2 VMs connected to same network as WDS server (used as examples in this blog post to simulate a physical UEFI Server)). </li> </ol> Please verify that these pre-requisites are available before starting the configuration of the WDS server. In this blog post we’ll be using two examples for the deployment of Nano Server and joining it to the domain. Example 1: Use a simple unattend file to deploy Nano Server and provide all needed information manually during the process (<a href="https://1drv.ms/v/s!Am8Gg73bSTCtquoDNPEHRG3-hODPNA">Video</a>). Example 2: Store all information in the Unattend file and provide no information during the installation (<a href="https://1drv.ms/v/s!Am8Gg73bSTCtquoDNPEHRG3-hODPNA">Video</a>) Configuring Windows Deployment Server <ol> <li>Login as an administrator on the WDS Server </li> <li>Start Server Manager > Click Tools > Windows Deployment Services </li> <li>Select the WDS Server that should be used for Nano Server Deployment. </li> <li>Right click on WDS server and select Add Image Group </li> <li>Name the Image Group e.g. WIM and click Ok </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto1.png" alt="" /> Import WinPEImage <ol> <li>Copy the Windows PE Image (that was created earlier) to the WDS server (if it was made on another server) to a folder on the WDS server e.g. C:\WinPEImage\media\sources\boot.wim </li> <li>Browse to the location where you copied the Windows PE Image e.g. C:\WinPEImage\media\sources\boot.wim </li> <li>Click Open and click Next </li> <li>Give an Image Name and image description and click Next e.g. WinPEBoot </li> <li>Click Next </li> <li>Verify that the WinPE WIM Image imports successfully with a message saying: “The selected images were successfully added to the server” and click Finish. </li> </ol> Import Nano Server WIM image <ol> <li>Copy the Nano WIM Image (that was created earlier) to the WDS server (if it was made on another server) to a folder on the WDS server e.g. C:\WinPEImage\NanoServer </li> <li>Right click on Install Group created earlier and select Add Install Image. </li> <li>Browse to the location where you placed the Nano WIM Image e.g. C:\WinPEImage\NanoServer </li> <li>Click Open and click next </li> <li>Give an Image Name and image description and click next e.g. Windows Server 2016 Nano TP5 </li> <li>Click Next </li> <li>Verify that the Nano Server WIM Image imports successfully with a message saying “The selected images were successfully added to the server” and click Finish. </li> </ol> Creating Unattend.xml files The solution uses unattend files to install Nano Server using WDS. The unattend file holds information that is needed to deploy the Nano Server such as disk partitioning, user name to authenticate with WDS as well as domain join user and Server Name. The solution allows you to decide how much information you would like to capture in the unattend file. For the information that is not specified in the unattend file, WDS / PowerShell script will prompt for the needed information. In the unattend file examples provided we are using US as default language and partitioning the disk as default as well. To change this please reference to the unattend link below. For more information on unattend files (click <a href="https://technet.microsoft.com/da-DK/library/c026170e-40ef-4191-98dd-0b9835bfa580">here</a>) Creating an unattend file that asks for information. The first unattend file is the simplest one. To obtain the unattend file do the following. <ol> <li>Go to GitHub project: <a href="https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin">WinPENanoDomainJoin</a> </li> <li>Download the following two files and save them to c:\WinPEImage </li> </ol> <ul style="margin-left: 54pt"> <li><a href="https://github.com/uday31in/Nano/blob/master/WinPENanoDomainJoin/Gen2NoCredential.xml" title="Gen2NoCredential.xml">Gen2NoCredential.xml</a> </li> <li><a href="https://github.com/uday31in/Nano/blob/master/WinPENanoDomainJoin/Gen2WithCredential.xml" title="Gen2WithCredential.xml">Gen2WithCredential.xml</a> </li> </ul> <ol> <li>Open Gen2NoCredential.xml with a xml editor </li> <li>Go to the following section: </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto2.png" alt="" /> <ol> <li>Replace Domain, User Name and Password with a user that can authenticate with WDS Domain Server. </li> <li>Save the file in the WDS Remote Install directory e.g. D:\RemoteInstall </li> </ol> Creating an unattend file that as all information in the unattend file. <ol> <li>Open Gen2WithCredential.xml with a xml editor </li> <li>Go to the following section: </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto3.png" alt="" /> This session is authentication WDS with a Domain user that is known by WDS. <ol> <li>Replace Domain, User Name and Password with a user that can authenticate with WDS Domain Server. </li> <li> <div>Go to the following section </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto4.png" alt="" /> This section specifies which WIM file and Image group and Image Name that should be used for deployment </li> <li>Replace: Filename, ImageGroup and ImageName with the one configured in WDS in step “Configuring Windows Deployment Server”. </li> <li>Go to the following section </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto5.png" alt="" /> This section specifies the computer name of the Nano Server <ol> <li>Replace the computer name with one you would like to use for deployment. </li> <li>Save the file in the WDS Remote Install directory e.g. D:\RemoteInstall </li> </ol> Configure Unattend file with WDS (Example 1 NoCredentials) <ol> <li>Open WDS console </li> <li>Right click on the WDS server used for Nano Deployment and select Properties. </li> <li>Select Client in the Tab </li> <li>Enable unattend installation </li> <li>Click on x64 (UEFI) architecture </li> <li>Click browse and go to the location where the first unattend file was saved (<a href="https://github.com/uday31in/Nano/blob/master/WinPENanoDomainJoin/Gen2NoCredential.xml" title="Gen2NoCredential.xml">Gen2NoCredential.xml</a>). </li> <li> <div>Check “Do not join the client to a domain after an Installation” </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto6.png" alt="" /> </li> <li>Click Ok </li> </ol> Deploy Nano Server using a Gen2 VM with input (Example 1). <ol> <li>Open Hyper-V console on a Hyper-V server connected to the same network as WDS Server </li> <li>Create a Gen2 VM and connect the VM to the same network as WDS Server </li> <li>Verify that the VM is set to boot from the network adapter connected to the network where the WDS Server </li> <li>Start the VM </li> <li>Select the Nano Server image created earlier e.g. Windows Server 2016 Nano TP5 and click next </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto7.png" alt="" /> <ol> <li>Select the partition and click next. </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto8.png" alt="" /> <ol> <li>Wait for the server to install </li> </ol> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto9.png" alt="" /> <ol> <li> <div>Provide User and Password for Domain user that is going to join the Server to the domain </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto10.png" alt="" /> </li> <li> <div>Provide Computer Name e.g. Nano5 and press Enter </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto11.png" alt="" /> </li> <li> <div>Login with the user specified for Domain join e.g. fabric\administrator </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto12.png" alt="" /> </li> <li> <div>Check that Nano Server is joined to the domain and computer Name is right. </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto13.png" alt="" /> </li> </ol> Configure Unattend file with WDS (Example 2 With Credentials) <ol> <li>Open WDS console </li> <li>Right click on the WDS server used for Nano Deployment and select Properties. </li> <li>Select Client in the Tab </li> <li>Enable unattend installation </li> <li>Click on x64 (UEFI) architecture </li> <li>Click browse and go to the location where the first unattend file was saved (<a href="https://github.com/uday31in/Nano/blob/master/WinPENanoDomainJoin/Gen2NoCredential.xml" title="Gen2NoCredential.xml">Gen2NoCredential.xml</a>). </li> <li> <div>Check “Do not join the client to a domain after an Installation” </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto14.png" alt="" /> </li> <li>Click Ok </li> </ol> Deploy Nano Server using a Gen2 VM without input (Example 2). <ol> <li>Open Hyper-V console on a Hyper-V server connected to the same network as WDS Server </li> <li>Create a Gen2 VM and connect the VM to the same network as WDS Server or use the VM from example 1 </li> <li>Verify that the VM is set to boot from the network adapter connected to the network where the WDS Server </li> <li> <div>Start the VM </div> Note: If the VM does not download the WinPE image disabling secure boot might help. This is mostly if a WindowsPE image is used from a beta release of Windows Server. </li> <li>Verify that no questions are asked and deployment and install of Nano Server happens automatically. </li> <li> <div>Login with the user specified for Domain join in the unattend file e.g. fabric\administrator </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto15.png" alt="" /> </li> <li> <div>Check that Nano Server is joined to the domain and Computer Name is right. </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part3Howto16.png" alt="" /> </li> </ol> Next Steps The Nano Server team hopes you have found the series of blog posts helpful in your process of deploying Nano Server at-a-scale. Please don’t forget to share your feedback with us via the comments section below or using the <a href="http://windowsserver.uservoice.com/forums/295068-nano-server">User Voice forum</a>! Regards Nano Server Team ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Part 2: How to build a Windows PE and Nano Server image to deploy Nano Server at scale</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/#comments</comments> <pubDate>Wed, 04 May 2016 12:49:56 +0000</pubDate> <dc:creator><![CDATA[Anders Ravnholt [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7895</guid> <description><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog post series are: Part – 1: Nano Server Domain Join – Introduction Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server at scale... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog post series are: <ul> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/">Part – 1: Nano Server Domain Join – Introduction</a> </li> <li>Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server at scale (This blog post) </li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/">Part – 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale</a> </li> <li>Part – 4: Bare Metal Deployment (BMD) Consideration </li> </ul> In this blog post we will explain how to build Windows Pre-installation Environment (Windows PE) and Nano Server WIM images to provision Nano Server for deployment at scale. Windows PE allows you to add optional components to the image, which will enable more advanced scenarios than what is available by default. Following the creation of the Windows PE Image, we will create a Nano Server WIM image with the needed components and configuration to run on a virtual or physical server in a datacenter. For general Nano Server deployment steps, see the Nano Server Deployment Guide: <a href="https://aka.ms/NanoServer">https://aka.ms/NanoServer</a> The high level tasks in this blog post are: <ul> <li>Steps to build a Windows PE Image </li> <li>Steps to build a Nano Server WIM Image </li> <li>Next steps </li> </ul> Steps to build a Windows PE Image: To build a Windows PE image please follow these steps: <ul> <li>Download and install the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 with Windows PE tools </li> <li>Add the required optional components to the Windows PE image for this scenario </li> <li>Create a batch file for the Windows PE Image </li> <li>Add PowerShell file to the Windows PE image </li> <li>Add configuration files to the Windows PE image </li> <li> <div>Unmount the Windows PE image and create media </div> </li> </ul> Download and install Windows Assessment and Deployment Kit with Windows PE tools The Windows ADK is a collection of tools and documentation that can be used to customize, assess, and deploy Windows operating systems to new computers. The Windows ADK enables two key scenarios: Windows deployment and Windows assessment. For this solution we are using the Windows PE sub component which is a minimal operating system designed to prepare a computer for installation and servicing of Windows. To install Windows PE please do the following: <ol style="margin-left: 54pt"> <li>Download the Windows ADK for Windows 10 from here <a href="https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx">https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx</a> </li> <li>Run adksetup.exe </li> <li>Click install ADK </li> <li>Read license agreement and accept if in agreement. </li> <li> <div>Select the following features </div> <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0646_Part2Howto1.png" alt="" /> </li> <li>Click Install </li> <li>Once the wizard has installed with the selected components, click Start, and type deployment. Right-click Deployment and Imaging Tools Environment and then select Run as administrator </li> <li> <div>To create a fresh WinPE image repository in C:\ do the following </div> Type copype amd64 C:\WinPEImage </li> </ol> Add the required optional components into Windows PE image for this scenario By default, the Windows PE images does not have support for PowerShell, DISM and Disk configuration, all of which are required by the solution to configure Nano Server during provisioning described in this blog post series. To enable these features you need to add these optional packages to the Windows PE image using DISM: WinPE-WMI, WinPE-NetFx, WinPE-Scripting, WinPE-PowerShell, WinPE-DismCmdlets, WinPE-SecureBootCmdlets, WinPE-StorageWMI, WinPE-WDS-Tools, WinPE-Setup, WinPE-Setup-Client.ing. To add the optional components into the Windows PE image please do the following: <ol style="margin-left: 54pt"> <li> <div>Mount the Windows PE image running this command line: </div> Dism /Mount-Image /ImageFile:”C:\WinPEImage\media\sources\boot.wim” /index:1 /MountDir:”C:\WinPEImage\mount” </li> <li>Open a browser and go to <a href="https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin">https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin</a> </li> <li>Download DISMWinPEInst.ps1 and save it as a file in C:\WinPEImage </li> <li>Run DISMWinPEInst.ps1 from an elevated PowerShell prompt </li> <li> <div>Verify that all packages are installed correctly going through the output list of installed components and check that the components mentioned above have been installed. </div> </li> </ol> Add configuration files into the Windows PE image In addition to the components added to the Windows PE image we need to modify the wpeinit file, create a boot.cmd and WinPENanoDomainJoin.ps1 file which will be launched as part of the Nano Server image deployment. The role of the files being added are the following: <ul style="margin-left: 54pt"> <li> <div>Wpeinit.ini </div> By adding this file to the image you can specify which script Windows PE will execute as part of the boot process </li> <li> <div>Boot.cmd </div> This file will execute the PowerShell script as Windows PE cannot execute PowerShell natively from Wpeinit.ini. </li> <li> <div>WinPENanoDomainJoin.ps1 </div> This file contains the PowerShell script that will add Nano Server to the domain and automate the deployment. </li> </ul> Create the WinPENanoDomainJoin.ps1 PowerShell script This script is stored on <a href="https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin">GitHub</a> for easy access and reference as a sample script. The script should be downloaded and added to the Windows PE image and will be run after the Nano Server WIM file is installed to the physical or virtual server. The script will generate a domain blob and inject this into the Nano Server image using the parameters given by the unattend.xml or manually provided by the administrator during install. <ul style="margin-left: 54pt"> <li>Open a browser and go to <a href="https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin">https://github.com/uday31in/Nano/tree/master/WinPENanoDomainJoin</a> </li> <li>Download <a href="https://github.com/uday31in/Nano/blob/master/WinPENanoDomainJoin/WinPENanoDomainJoin.ps1" title="WinPENanoDomainJoin.ps1">WinPENanoDomainJoin.ps1</a> and save in C:\WinPEImage </li> <li>Copy C:\WinPEImage\WinPENanoDomainJoin.ps1 C:\WinPEImage\mount\ </li> </ul> Create boot.cmd to launch WinPENanoDomainJoin.ps1 The boot.cmd file is used to execute the WDS setup and following this launch the WinPENanoDomainJoin.ps1 script. To create the WinPENanoDomainJoin.ps do the following: <ul style="margin-left: 54pt"> <li>Open Notepad </li> <li> <div>Add the following lines and save as boot.cmd in C:\WinPEImage\ </div> x:\sources\setup /wds /noreboot cd %~dp0% x:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -ExecutionPolicy Bypass -File WinPENanoDomainJoin.ps1 </li> <li>Copy C:\WinPEImage\Boot.cmd C:\WinPEImage\mount\ </li> </ul> Create Winpeshl.ini to launch boot.cmd Winpeshl.ini controls whether a customized shell is loaded in Windows PE instead of the default Command Prompt window. To load a customized shell, create a file named Winpeshl.ini and place it in %SYSTEMROOT%\System32 of your customized Windows PE image. To do this do the following: <ul style="margin-left: 54pt"> <li>Start a command prompt </li> <li>Run Notepad C:\WinPEImage\mount\Windows\System32\Winpeshl.ini </li> <li> <div>Insert the following lines and save the file </div> [LaunchApp] AppPath = x:\boot.cmd </li> <li> <div>Save the file </div> </li> </ul> Create lang.ini to set install language The lang.ini will set the language used during the installation in the GUI. In this blog post we will use English US as the UI language. <ol style="margin-left: 54pt"> <li>Start a command prompt </li> <li>Run Notepad C:\WinPEImage\mount\sources\lang.ini </li> <li> <div>Insert the following lines and save the file </div> [Available UI Languages] en-US = 3 [Fallback Languages] en-US = en-us </li> </ol> Save changes made to the wim file and unmount the image. To save all the changes made to the Windows PE image do the following. <ul style="margin-left: 54pt"> <li>Start a command prompt as administrator </li> <li>Run: Dism /Unmount-Image /MountDir:”C:\WinPEImage\mount” /commit </li> </ul> Steps to build a Nano Server Image: This section will explain how to build a Nano server WMI image to be deployed via WDS. This will be split into two options, physical hardware and virtual machines. To create this image, we are using standard OEM drivers for physical servers and using virtual drivers for virtual WIM image. If special drivers are needed these can be added as part of creating the WIM image which is explained here: <a href="https://aka.ms/nanoserver">https://aka.ms/nanoserver</a> . It is also possible to create VHD and VHDX files following the same concept and import these into WDS. This will not be part of this blog post but is explained <a href="https://aka.ms/nanoserver">here</a>. Download the latest Windows Server 2016 image and load NanoServerImageGenerator PowerShell module <ol style="margin-left: 54pt"> <li>Download the latest Windows Server 2016 build from here: <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview">https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview</a> </li> <li>Mount the image as a drive by right clicking on the ISO file and select mount </li> <li>Copy NanoServerImageGenerator folder from the \NanoServer folder in the Windows Server Technical Preview ISO to a folder on your hard drive </li> <li>Start Windows PowerShell as an administrator, change directory to the folder where you have placed the NanoServerImageGenerator folder and then import the module with Import-Module .\NanoServerImageGenerator -Verbose </li> </ol> Nano Server in a virtual machine In this section we’ll describe how to create the Nano Server WIM file to be used with virtual machines. Create a WIM for the Datacenter edition that includes the following features: Failover Clustering, Scale-out File Server and the Hyper-V guest drivers. Also enable Remote Management by running the following command which will prompt you for an administrator password for the new WIM file. New-NanoServerImage -Edition Datacenter -DeploymentType Guest -Clustering -Storage -EnableRemoteManagementPort -MediaPath <path to root of media> -BasePath .\Base -TargetPath .\NanoServerVM\<WMI File Name>.WIM Example: New-NanoServerImage -Edition Datacenter -DeploymentType Guest -Clustering -Storage -EnableRemoteManagementPort -MediaPath E:\ -BasePath .\Base -TargetPath .\NanoServerVM\NanoServerVM.WIM Nano Server on a physical computer This section describes how to create the Nano Server WIM file to be used with physical hardware using the pre-installed device drivers. If your hardware requires a driver that is not already provided in order to boot or connect to a network, follow the steps <a href="https://aka.ms/nanoserver">here</a>. Create a WIM that includes the OEM drivers, Hyper-V, Scale-out File Server, Failover Clustering features and enable Remote Management by running the following command which will prompt you for an administrator password for the new WIM. New-NanoServerImage -Edition Datacenter -DeploymentType Host -MediaPath <path to root of media> -BasePath .\Base -TargetPath .\NanoServerPhysical\NanoServer.WIM -OEMDrivers -Compute –Clustering –Storage -EnableRemoteManagementPort Example: New-NanoServerImage -Edition Datacenter -DeploymentType Host -MediaPath E:\ -BasePath .\Base -TargetPath .\NanoServerPhysical\NanoServer.WIM -OEMDrivers -Compute –Clustering –Storage -EnableRemoteManagementPort Next steps In the next blog post we will configure Windows Deployment Server (WDS) with the newly created Windows PE and Nano Server WIM images. Then, we will configure two different unattend.xml files with input parameters required during the installation of Nano Server. Lastly we will provision a Nano Server using WDS and a VM running on Hyper-V. Following this blog post we will release two more blogs posts: <ul> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/">Part – 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale</a> </li> <li>Part – 4: Bare Metal Deployment (BMD) Considerations </li> </ul> That’s it for now. Please don’t forget to share your feedback with us via the comments section below or using the <a href="http://windowsserver.uservoice.com/forums/295068-nano-server">User Voice forum</a>! Regards The Nano Server Team ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Part 1: Nano Server Domain Join (Deployment-at-a-scale an introduction)</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/#comments</comments> <pubDate>Mon, 02 May 2016 14:31:55 +0000</pubDate> <dc:creator><![CDATA[Anders Ravnholt [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Cloud Computing]]></category> <category><![CDATA[Deployment]]></category> <category><![CDATA[Modern Datacenter]]></category> <category><![CDATA[Windows Server]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7855</guid> <description><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog posts are: Part – 1: Nano Server Domain Join (Deployment-at-a-scale an introduction) (This blog post) Part – 2: How to build a Windows PE and Nano Server image to deploy Nano... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Over a series of blog posts we will describe a solution for how to deploy Nano Server at scale using Microsoft tools. The blog posts are: <ul> <li>Part – 1: Nano Server Domain Join (Deployment-at-a-scale an introduction) (This blog post) </li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server-at-a-scale</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/">Part – 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale</a></li> <li>Part – 4: Bare Metal Deployment (BMD) Considerations</li> </ul> Introduction As we are in the final leg of Windows Server 2016 development, many of you are already planning to deploy Nano Server in your organization at a large scale. For those of you who are evaluating Windows Server 2016 and Nano Server and have provided feedback, a huge THANK YOU. We are listening closely to your comments and have been actively making changes based on your input. Today’s topic is a great example. Nano Server When deploying at scale, we see that most deployments are in clusters with homogeneous hardware such as a rack or two of servers configured with identical hardware configurations. In this case, we want to focus on providing a highly optimized and standardized, minimal footprint image that can be deployed and managed at scale. That’s where Nano Server comes in. Nano Server is “Just-enough-OS” and provides the optimal choice to run in your datacenters and private cloud for Compute, Storage, DNS, Web and Containers workload to name a few. Nano Server is provided on the Windows Server 2016 media, but is not part of the Setup experience like you may be used to seeing with the other two options: “Server with Desktop Experience” or “Server Core”. Instead, Nano Server uses image based deployment and requires you to create an image for your configuration in order to deploy it (see <a href="https://aka.ms/nanoserver">https://aka.ms/nanoserver</a> for instructions). In many scenarios, you might want to join Nano Server to your Active Directory domain for authentication or because your workload requires it such as Clustering. Nano Server is refactored from the ground-up to provide a minimal base OS footprint and thus Nano Server does not have the capability to do online domain join at the time of deployment which is typically used by most deployment/provisioning system like: Windows Deployment Services (WDS), Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager (SCCM). For Nano Server, domain join is an offline process. Since offline domain join may be new to some of you, there are some important considerations for this process. For Nano Server to join a domain offline, this involves creating a domain blob and applying the blob to an instance of Nano Server. The offline domain blob is a high privileged asset representing machine identity on the network and is important to safeguard. While these domain blobs are used one time only, you should secure these domain blobs (typically stored on a file share) and applying auditing and access control policies. When deploying generic images across datacenters, security and access control has an additional challenge because either: <ul> <li>the generic image lacks security context to use for domain join, or</li> <li>you have to explicitly specify a domain credential that can be used for domain join and ensure it is not stored in plain text</li> </ul> Thus, when using offline domain join, you must use a security credential to read the offline domain blob from your network. As with any online domain join operation, using offline domain join post deployment on Nano Server, a full reboot of the machine is required. This may require significant time on higher-end scale up servers if doing Bare Metal Deployment (BMD) – increasing overall time it will take for installation. Your Feedback (Thanks!) Based on your feedback we have received about the need to be able to easily domain join Nano Server deployments at scale, we have come up with a solution using Microsoft tools that are available today. This will enable you to deploy Nano Server in large numbers and still automate the deployment in a similar fashion to your Server with Desktop Experience and Server Core deployments today. The Challenges & Design Goals: The primary challenge that is addressed with this solution is “Deployment at scale of Nano Server” with customized images with the following design criteria’s in mind: <ul> <li>Simplicity: Only use one tool</li> <li>Speed: Minimize Reboots: Deploy end-to-end with a minimum of reboots, as a reboot can take long time (10+ minutes on large scale up physical servers)</li> <li>Security: Stay secure without taking high risks</li> <li>Automation: Minimum of / no manual steps in the process outside the deployment</li> <li>Goal: Full deployment and Domain Join in under 3 mins from boot to login screen</li> </ul> The Solution In order to address the above challenges & design goals, the following components enable most, if not all of the these: <ul> <li>Windows Deployment Services (WDS) only</li> <li>WinPE image with .NET and PowerShell added</li> <li>Embedded PowerShell script</li> <li>Variables controlled via Unattend xml file in WDS</li> <li>No storage or blob files stored on shares</li> <li>No storage of usernames / passwords to allow for maximum security.</li> </ul> Scoop of the solution: The main objective for the proposed solution is to provision a Nano Server image to a physical or virtual machine and domain join the server to a domain based on the following user input, which can be stored in an unattend.xml file or be provided by the administrator as part of the provisioning process. – User Name – Password – Machine Name * the domain name is taken from the user name Requirements for the solution: The following requirements are needed in order to deploy Nano Server and join it to a domain: <ol> <li>AD domain</li> <li>DHCP Server with IP scope which the VM or Physical server can connect with</li> <li>WDS Server</li> <li>Modified WinPE Image</li> <li>Unattend XML file</li> <li>Nano WIM / VHD / VHDX Image</li> <li>Domain account(s) to create the AD computer object and authenticate with WDS server.</li> </ol> The process <ol> <li>Server PXE boots and gets an IP address from the DHCP Server</li> <li>Downloads and boots the modified WinPE Image from the WDS server</li> <li>Selection of Image from WDS (Automated)</li> <li>Partitioning of Server (Automated)</li> <li>Deployment of WIM / VHD / VHDX & Unattend.xml</li> <li>PowerShell executes and joins Nano Server to the domain with domain credentials</li> <li>Server reboots and is fully provisioned, including joined to the domain.</li> </ol>   <img src="https://msdnshared.blob.core.windows.net/media/2016/05/051516_0635_Part1Nano1.png" alt="" />   This process takes about 2½ minutes using a virtual machine in our test environment. This might take longer depending on your network speed, disk performance, and if using a physical server, the post time for the server. You can read more about WinPE <a href="https://technet.microsoft.com/en-gb/library/cc721977(v=ws.10).aspx">Order of Operations in WinPE</a> and <a href="https://technet.microsoft.com/en-gb/library/cc766093%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396">WinPE Limitations</a>. The videos We have recorded two videos which show the deployment of Nano Server using WDS Video 1: <a href="https://1drv.ms/v/s!Am8Gg73bSTCtquoDNPEHRG3-hODPNA">This video deploys Nano Server to a VM without asking any questions, all information is stored in the unattend.xml file on the WDS server</a>. Video 2: <a href="https://1drv.ms/v/s!Am8Gg73bSTCtquoENPEHRG3-hODPNA">This video shows deployment of Nano Server with parameters given for Image, Partitions, User & Password and Server Name</a>. Various scenarios between the two videos can be achieved, based on how much data is given in the unattend.xml file and automation done around it. Next Step Blog Posts In the next few blog posts, we will drill into this topic further. Here’s what we’re planning: <ul> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/04/part-2-how-to-build-a-windows-pe-and-nano-server-image-to-deploy-nano-server-at-scale/">Part – 2: How to build a Windows PE and Nano Server image to deploy Nano Server at-a-scale</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/05/13/how-to-configure-wds-unattend-xml-file-windows-pe-image-and-nano-server-image-to-deploy-a-nano-server/">Part – 3: How to configure WDS, Unattend.xml file, Windows PE Image, and Nano Server image to deploy a Nano Server at-a-scale</a></li> <li>Part – 4: Bare Metal Deployment (BMD) Considerations</li> </ul> Regards The Nano Server Team ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/05/02/nano-server-domain-join-deployment-at-a-scale-part-1-introduction/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>ARM concepts in Azure Stack for the WAP Administrator – Multi-tier applications</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/#comments</comments> <pubDate>Fri, 29 Apr 2016 08:49:38 +0000</pubDate> <dc:creator><![CDATA[Victor Arzate [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[ARM]]></category> <category><![CDATA[Azure Resource Manager]]></category> <category><![CDATA[Azure Stack]]></category> <category><![CDATA[AzureStack]]></category> <category><![CDATA[Building Clouds]]></category> <category><![CDATA[building clouds blog]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Microsoft Azure]]></category> <category><![CDATA[Microsoft Azure Stack]]></category> <category><![CDATA[PowerShell DSC]]></category> <category><![CDATA[Private Cloud]]></category> <category><![CDATA[WAP]]></category> <category><![CDATA[WAPack]]></category> <category><![CDATA[Windows Azure Pack]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7746</guid> <description><![CDATA[Hello Readers! This blog is part 6 of the series “ARM concepts in Azure Stack for the WAP Administrator.” In this post we’ll discuss how the deployment of multi-tier applications concepts you are familiar with in Windows Azure Pack (WAP) map to Microsoft Azure Stack Technical Preview 1. Note Some information relates to pre-released product which may be substantially modified... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[Hello Readers! This blog is part 6 of the series “ARM concepts in Azure Stack for the WAP Administrator.” In this post we’ll discuss how the deployment of multi-tier applications concepts you are familiar with in Windows Azure Pack (WAP) map to Microsoft Azure Stack Technical Preview 1. Note Some information relates to pre-released product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. I’m including the table of contents for this series of post so that you’ll find it easier to navigate across the series: Table of contents <ol> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/08/arm-concepts-in-azure-stack-for-the-wap-administratorintroduction-post/">Introductory post</a>, and some first information on the <a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-poc/">Azure Stack POC</a> architecture and ARM’s role</li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/15/arm-concepts-in-azure-stack-for-the-wap-administrator-cloud-service-delivery/" target="_blank">Cloud Service Delivery</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/24/arm-concepts-in-azure-stack-for-the-wap-administrator-offers-plans-and-subscriptions-2/" target="_blank">Plans, offers, and subscriptions</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/03/18/arm-concepts-in-azure-stack-for-the-wap-administrator-resource-deployment/">Resource Deployment</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/01/arm-concepts-in-azure-stack-for-the-wap-administrator-packaging-and-publishing-templates-on-azure-stack/">Packaging and publishing templates on Azure Stack</a></li> <li>Multi-tier applications – this post</li> <li>In-guest configuration with ARM, and technologies such as Virtual Machines Extensions, including PowerShell Desired State Configuration (DSC)</li> <li>Troubleshooting IaaS deployments in Azure Stack—this maps to an understanding of how the different Resource Providers (RPs) work together in an Azure Stack installation</li> </ol> We will update the post with links to the new posts, as we publish them. With no more delay, let’s get started!   <hr />   <h1>Multi-tier applications in WAP</h1> As we discussed in previous post from this series, WAP tenants can deploy two types of virtual machines: <ul> <li>A Standalone Virtual Machine, which basically is a virtual machine with an operating system installed, such as a sysprepped Windows Server 2012 R2 or a specific Linux distribution.</li> <li>A Virtual Machine Role, which is typically a virtual machine with an operating system installed and with an application installed and configured, such as a domain controller, a SQL Server, or a VM with SharePoint installed.</li> </ul> But out-of-the-box, WAP does not offer tenants the possibility to deploy multi-tier applications, such as SharePoint, Exchange or Lync, where the different components are installed across multiple servers. As the WAP tenant portal only allows tenants to deploy one virtual machine at the time, then it’s up to the tenant to rely on an automation platform to coordinate and execute the deployment of the multi-tier application in the right sequence, and make sure dependencies are properly handled. But wait a second, System Center Service Management Automation (SMA) allows you to execute runbooks that could coordinate these activities, and also integrates with WAP? So couldn’t tenants use SMA to automate the deployment of their multi-tier applications? Well, while SMA indeed allows the execution of runbooks and also integrates with WAP, its functionality is only exposed to the WAP admin. In other words, WAP tenants cannot directly call SMA from the WAP tenant portal. The picture below depicts the WAP tenant portal and you can see that no SMA functionality is available to tenants: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts1.png" alt="" /> And the picture below shows the WAP admin portal with SMA registered and integrated: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts2.png" alt="" /> So, is there still a way to benefit from SMA when executing actions as a tenant? The answer is yes! As part of the SMA integration with WAP, you can register SMA with the VM Clouds resource provider, and this will allow you to link an activity or event in the VM Clouds resource provider to a SMA Runbook. For example, when a subscription is deleted you might want to remove all tenant objects related to that subscription, such as virtual machines and virtual networks: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts3.png" alt="" /> Given that SMA is only exposed to WAP admins, they can leverage the SMA integration with WAP to offer plans to their tenants which includes the deployment of multi-tier applications such as Exchange, SharePoint or Skype for Business. Charles Joy wrote a great <a href="https://blogs.technet.microsoft.com/privatecloud/2014/02/28/automationthe-new-world-of-tenant-provisioning-with-windows-azure-pack-part-1-introduction-and-table-of-contents/" target="_blank">series</a> of blog post describing how a WAP admin can offer plans which fully automate the tenant environment deployment, such as creating a virtual network, creating a domain controller, and then deploying workloads such as Exchange, SharePoint and Lync via VM Roles. The key technologies to enable this solution are: <ul> <li>SMA – For end-to-end automation</li> <li>VM Roles – For provisioning the VMs</li> <li>DSC – For the deployment and configuration of the application</li> </ul> Also, the Private Cloud Solutions team at Microsoft wrote a series of multi-tier workloads for the Cloud Platform System (CPS), leveraging the three technologies described above. Even if you don’t have a CPS stamp in your garage, you can download these samples and modify them to suit your WAP deployment! You can learn more about these CPS workloads using these links: <ul> <li><a href="https://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B353">Automated Workload Provisioning with the Azure Pack and Windows PowerShell</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2015/02/05/self-service-deployment-of-microsoft-workloads-on-cloud-platform-system-and-other-systems-with-windows-azure-pack-part-1/">Self-service deployment of Microsoft workloads on Cloud Platform System (and other systems with Windows Azure Pack) – Part 1</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2015/03/23/self-service-deployment-of-microsoft-workloads-on-cloud-platform-system-and-other-systems-with-windows-azure-pack-part-2/">Self-service deployment of Microsoft workloads on Cloud Platform System (and other systems with Windows Azure Pack) – Part 2</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2015/04/17/self-service-deployment-of-microsoft-workloads-on-cloud-platform-system-and-other-systems-with-windows-azure-pack-part-3/">Self-service deployment of Microsoft workloads on Cloud Platform System (and other systems with Windows Azure Pack) – Part 3</a></li> <li><a href="https://blogs.technet.microsoft.com/privatecloud/2015/05/27/self-service-deployment-of-microsoft-workloads-on-cloud-platform-system-and-other-systems-with-windows-azure-pack-part-4/">Self-service deployment of Microsoft workloads on Cloud Platform System (and other systems with Windows Azure Pack) – Part 4</a></li> </ul> And as described on the links above, you can get these multi-tier CPS workloads via the <a href="https://www.microsoft.com/web/downloads/platform.aspx">Web PI</a>: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts4.png" alt="" />   <hr />   <h1>Multi-tier applications in Azure Stack</h1> By now we know that Azure Stack is consistent with Microsoft Azure. If I sign in to the Azure Portal (as a tenant obviously) I see that I’ve multi-tier applications available to deploy right from the Azure Marketplace! <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts5.png" alt="" /> If I choose to deploy the SharePoint 2013 non-HA Farm application, the wizard asks me to provide the details of the different VMs that are required for this deployment. In the picture below you can see that this SharePoint farm requires three VMs (for the domain controller, SQL Server and SharePoint). <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts6.png" alt="" /> But also, you may have noticed the button on the Summary blade that says: Download template <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts7.png" alt="" /> Wait a minute! Is this an ARM JSON template that I can use to deploy my application in a declarative way as we discussed on <a href="https://blogs.technet.microsoft.com/privatecloud/2016/03/18/arm-concepts-in-azure-stack-for-the-wap-administrator-resource-deployment/">this</a> previous blog post? Absolutely! When you click OK, Azure Resource Manager (ARM) will start the deployment of the application (in this case a SharePoint farm) as described in the JSON template and taking as parameters the inputs provided on the wizard. If you download and review the template you can understand how SharePoint will be deployed, and of course, you can modify the template to suit your specific needs. I’ve downloaded the JSON template and opened with Visual Studio so that I can review its contents. If I check the Resources section in the JSON outline, I can see the resources that are created: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts8.png" alt="" /> As you can see the template will deploy a set of required resources for this application, such as a storage account, a virtual network, load balancers, network interfaces and three virtual machines (AD, SQL and SharePoint). To ensure resources are deployed in the right order, resources can use the dependsOn property to indicate which resources should be deployed beforehand. Resources that don’t have the dependsOn property then are deployed first concurrently (for example, storage account, public IP addresses and the virtual network). Other resources like the VMs have to be deployed in correct sequence because the ARM model requires that specific objects must be in place before creating a VM as described in the following picture: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts9.png" alt="" /> Source: <a href="https://azure.microsoft.com/en-us/documentation/articles/resource-manager-deployment-model/">Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources</a> But also, it’s important to coordinate how the VMs are deployed and configured, because for this particular scenario, while you can deploy the three VMs at the same time, you need to configure Active Directory Directory Services (AD DS) on the DC VM first, then you need to install and configure SQL Server on the SQL VM, and finally, you can install and configure SharePoint on the SharePoint VM. These dependencies are properly defined in our SharePoint JSON template. If you check the code for the ProvisioningADDomainController, ProvisioningSQLServerVM and ProvisioningSharepointVM resources in the JSON template, they are of type Microsoft.Resources/deployments, meaning that they’ll deploy another template to provision the AD, SQL and SharePoint VMs. You can find the template they’ll use checking the template URI property. For example, for the AD VM, it references a variable: “templateLink”: { “uri”: “[variables(‘ProvisioningADDomainControllerUrl’)]”, “contentVersion”: “1.0.0.0” }, If we check the ProvisioningADDomainControllerUrl variable in the template, it references a parameter: “ProvisioningADDomainControllerUrl”: “[concat(parameters(‘baseUrl’),’/provisioningDomainController.json’)]”, If we check the baseUrl parameter: “baseUrl”: { “type”: “string”, “metadata”: { “artifactsBaseUrl”: “”, “description”: “URL to acquire other templates” }, “defaultValue”: “https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts” } So, the template that will be used for deploying the DC VM is: <a href="https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningDomainController.json">https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningDomainController.json</a> And using a similar procedure, the templates used to deploy the SQL VM is: <a href="https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningSQL.json">https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningSQL.json</a> And for the SharePoint VM: <a href="https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningSharepoint.json">https://gallery.azure.com/artifact/20151001/sharepoint2013.sharepoint2013farmsharepoint2013-nonha.1.0.9/Artifacts/provisioningSharepoint.json</a> Also, checking the JSON template, you’ll notice that the three VMs will be provisioned at the same time, given that they don’t depend on each other. The only dependencies they have are on resources that are required such as NICs or the storage account: “dependsOn”: [ “Microsoft.Resources/deployments/SettingUpStorageAccount”, “Microsoft.Resources/deployments/CreatingNetworkInterfaces”, “Microsoft.Resources/deployments/CreatingAvailabilitySets”, “Microsoft.Resources/deployments/SettingUpLoadBalancers” ], If you check the template deployment for the DC VM, you’ll see that besides deploying the VM, it will also be configured as a domain controller leveraging the DSC Extension (to be covered in details in our next blog post): “type”: “Microsoft.Compute/virtualMachines/extensions”, “name”: “[concat(parameters(‘adVMName’),’/InstallDomainController’)]”, “apiVersion”: “2015-06-15”, “location”: “[parameters(‘location’)]”, “dependsOn”: [ “[resourceId(‘Microsoft.Compute/virtualMachines’, parameters(‘adVMName’))]” ], “properties”: { “publisher”: “Microsoft.Powershell”, “type”: “DSC”, “typeHandlerVersion”: “2.13”, So basically, once the ProvisioningADDomainController resource deployment is completed, we’ll have a domain controller up & running. The next step is to configure DNS in the environment, so that the VMs use the DNS provided by the DC VM and not the one provided by Azure. This is done by the UpdatingDNStoPrimaryADVM resource deployment. You’ll notice that ARM will wait until the DC is up & running and the SQL and SharePoint VMs are deployed before doing this configuration: “name”: “UpdatingDNStoPrimaryADVM”, “type”: “Microsoft.Resources/deployments”, “apiVersion”: “2015-01-01”, “dependsOn”: [ “Microsoft.Resources/deployments/ProvisioningADDomainController”, “Microsoft.Resources/deployments/ProvisioningSQLServerVM”, “Microsoft.Resources/deployments/ProvisioningSharepointVM” The next activity to do is to configure SQL Server in the SQL VM. You can see that ARM will do this in the proper order (after DNS is configured) using this dependency on the ConfiguringSQLServerVM resource deployment: “name”: “ConfiguringSQLServerVM”, “type”: “Microsoft.Resources/deployments”, “apiVersion”: “2015-01-01”, “dependsOn”: [ “Microsoft.Resources/deployments/UpdatingDNStoPrimaryADVM” ], And the final step is to configure SharePoint on the SharePoint VM. This is done on the ConfiguringSharepointVM resource deployment and as before, ARM will make sure this is done right at the end given that this resource has a dependency on having SQL Server configured beforehand: “name”: “ConfiguringSharepointVM”, “type”: “Microsoft.Resources/deployments”, “apiVersion”: “2015-01-01”, “dependsOn”: [ “Microsoft.Resources/deployments/ConfiguringSQLServerVM” ], I’ve described the process above in the following diagram, where you can see in detail the resources that are created first (the ones that don’t have dependencies) and how the resources that depend on them cannot be created but until all the required dependencies are deployed, having the last resource deployed the SharePoint configuration on the SharePoint VM: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts10.png" alt="" /> Great! After you deploy the template above you’ll have a SharePoint farm in your Azure subscription. But what about Azure Stack? As a tenant, can I deploy a multi-tier application as the SharePoint farm we discussed above? Of course J !!! Remember, Azure Stack is also powered by ARM. You can use the template and adjust it to use on your Azure Stack TP1 installation (TIP – You can use <a href="https://blogs.technet.microsoft.com/privatecloud/2016/02/26/tool-arm-template-checker-for-microsoft-azure-stack/">this script</a> to facilitate checking if your template have compatibility issues with Azure Stack) or you can leverage some of the sample multi-tier applications that have been already tested to work with Azure Stack getting them from the <a href="https://github.com/Azure/AzureStack-QuickStart-Templates">Azure Stack Quick Start</a> GitHub repository. For example, you can find <a href="https://github.com/Azure/AzureStack-QuickStart-Templates/tree/master/sharepoint-2013-non-ha">here</a> a SharePoint farm JSON template similar to the one we reviewed for Azure, but this one has been tested to work with Azure Stack. And as usual with ARM (Azure and Azure Stack), you can deploy the JSON template via the portal, or via Visual Studio, PowerShell or the Azure CLI. You can refer <a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-arm-templates/">here</a> for more guidance, or also, you can check <a href="https://channel9.msdn.com/Blogs/azurestack/Microsoft-Azure-Stack-TP1--Foundational-Skills-1-Deploying-JSON-Templates">this</a> short video as well. This is great for tenants! Now they can deploy multi-tier applications leveraging the out-of-the-box functionality provided by ARM! But hey, what about Azure Stack admins? Can they still provide curated multi-tier applications to their tenants? Absolutely! Azure Stack administrators can create Azure Stack Marketplace items to offer them the applications required. You can find <a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-marketplace/">here</a> detailed guidance about the Azure Stack Marketplace and for creating and publishing marketplace items in Azure Stack. For example, as an Azure Stack administrator, I’ve created and published the multi-tier SharePoint application described above and made it available to tenants to easily deploy a SharePoint farm in their subscriptions: <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts11.png" alt="" /> And in case you may be wondering, yes, Azure Stack tenants can use automation solutions such as Azure Automation for deploying and configuring their applications. For example, an Azure Stack tenant could configure the DSC extension on their VMs to be registered as a DSC Pull Server in Azure Automation using <a href="https://github.com/Azure/azure-quickstart-templates/tree/master/dsc-extension-azure-automation-pullserver">this</a> JSON template. Once in Azure Automation, the Azure Stack tenant could apply DSC Configurations to configure their VMs are required. For example, the picture below shows my Azure Automation account with 4 DSC nodes, two from my Azure subscription (VM01 and VM02) and two from my Azure Stack subscription (AZVM01 and AZVM02). All four Azure and Azure Stack VMs were registered as DSC Pull Nodes using the same <a href="https://github.com/Azure/azure-quickstart-templates/tree/master/dsc-extension-azure-automation-pullserver">JSON template</a> with a very simple cmdlet: New-AzureRmResourceGroupDeployment -Name AADSCPullSvrDeployment01 -ResourceGroupName WinVMRG01 -TemplateUri “https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/dsc-extension-azure-automation-pullserver/azuredeploy.json” -TemplateParameterFile C:\Scripts\dsc-extension-azure-automation-pullserver\azuredeploy.parameters.json -Verbose   <img src="https://msdnshared.blob.core.windows.net/media/2016/04/042916_0858_ARMconcepts12.png" alt="" />   <hr />   <h1>Summary</h1> While WAP does not offer an out-of-the-box mechanism for tenants to deploy multi-tier applications, some alternatives that can be implemented are: <ul> <li>As a tenant, use WAP PowerShell cmdlets or an automation solution such as System Center Orchestrator to automate deployment of VMs, and leverage DSC for in-guest configuration.</li> <li>As a WAP admin, leverage SMA for end-to-end automation, VM Roles for provisioning the VMs and PowerShell DSC for the in-guest configuration.</li> </ul> Azure Stack offers out-of-the-box capabilities to deploy multi-tier applications via ARM. ARM is the deployment and orchestration engine that makes sure complex deployments are executed in the right sequence by: <ul> <li>Using dependencies (dependsOn) in JSON templates for making sure resources are deployed in the right order and</li> <li>Leveraging the DSC VM Extension for in-guest configuration.</li> </ul> Azure Stack admins can publish multi-tier applications using templates and DSC extension in the Azure Stack Marketplace, or Azure Stack tenants can build their own multi-tier applications using JSON templates such as the ones published in the Azure Stack Quick Start repository. Additionally, Azure Stack tenants could use the DSC Extension available on Azure and Azure Stack VMs to register them as DSC Pull Nodes in Azure Automation and then assign them DSC Configurations and/or use Azure Automation Runbooks to create/configure complex hybrid deployments! We’ll go into more details on future pots, but this is it for now! Until next blog!   Tiander and Victor ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/04/29/arm-concepts-in-azure-stack-for-the-wap-administrator-multi-tier-applications/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Microsoft Azure Stack Advanced Scenarios for TP1: Beyond the Basics</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/04/27/microsoft-azure-stack-advanced-scenarios-for-tp1-beyond-the-basics/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/04/27/microsoft-azure-stack-advanced-scenarios-for-tp1-beyond-the-basics/#comments</comments> <pubDate>Wed, 27 Apr 2016 16:23:30 +0000</pubDate> <dc:creator><![CDATA[Victor Arzate [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Azure Stack]]></category> <category><![CDATA[JSON]]></category> <category><![CDATA[Microsoft Azure Stack]]></category> <category><![CDATA[MySQL]]></category> <category><![CDATA[PaaS]]></category> <category><![CDATA[Powershell]]></category> <category><![CDATA[Resource Provider]]></category> <category><![CDATA[SQL]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7645</guid> <description><![CDATA[In the last post we deployed JSON templates and also VM Extensions to Windows and Linux VMs running on Microsoft Azure Stack Technical Preview 1. Next let’s look at the installation and configuration of additional PaaS Resource Providers in Microsoft Azure Stack TP1. Resource providers are suppliers of an Azure /Azure Stack service via ARM... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/27/microsoft-azure-stack-advanced-scenarios-for-tp1-beyond-the-basics/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[In the <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/25/microsoft-azure-stack-advanced-scenarios-fundamentals/">last post</a> we deployed JSON templates and also VM Extensions to Windows and Linux VMs running on Microsoft Azure Stack Technical Preview 1. Next let’s look at the installation and configuration of additional <a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-tools-paas-services/">PaaS Resource Providers</a> in Microsoft Azure Stack TP1. Resource providers are suppliers of an Azure /Azure Stack service via ARM and are consumed in ARM templates. The Resource Providers are operator deployable solutions that offer value to tenants such as Virtual machines, Networking, SQL, App Service, etc. You can add resource providers to expose additional set of functionality beyond those included in the base installation, however it must be registered in Microsoft Azure Stack TP1. Within the Azure Stack environment there are several resource providers that are included out of the box such as Compute Resource Provider (CRP), Storage Resource Provider (SRP) and Network Resource Provider (NRP). There are also three additional resource providers that are available for Microsoft Azure Stack TP1, that you can install in your lab environment; <ul> <li><a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-sqlrp-deploy/">SQL Resource Provider</a></li> <li><a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-mysqlrp-deploy/">MySQL Resource Provider</a></li> <li><a href="https://azure.microsoft.com/en-us/documentation/articles/azure-stack-webapps-deploy/">WebApps Resource Provider</a></li> </ul> We have created videos to walk you through the process to deploy the <a href="https://channel9.msdn.com/Blogs/Microsoft-Azure-Stack-TP1-Advanced-Scenarios-and-How-Tos/Microsoft-Azure-Stack-TP1-Beyond-the-Basics-1-Deploying-the-SQL-Resource-Provider">SQL</a>, <a href="https://channel9.msdn.com/Blogs/Microsoft-Azure-Stack-TP1-Advanced-Scenarios-and-How-Tos/Microsoft-Azure-Stack-TP1-Beyond-the-Basics-2-Deploying-the-MySQL-Resource-Provider">MySQL</a> and <a href="https://channel9.msdn.com/Blogs/Microsoft-Azure-Stack-TP1-Advanced-Scenarios-and-How-Tos/Microsoft-Azure-Stack-TP1-Beyond-the-Basics-3-Deploying-the-WebApps-Resource-Provider" target="_blank">Web Apps</a> PaaS Resource Providers. Stay tuned for more content coming in the next few weeks! Kath and Victor ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/04/27/microsoft-azure-stack-advanced-scenarios-for-tp1-beyond-the-basics/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Microsoft Azure Stack Advanced Scenarios: Fundamentals</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/04/25/microsoft-azure-stack-advanced-scenarios-fundamentals/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/04/25/microsoft-azure-stack-advanced-scenarios-fundamentals/#comments</comments> <pubDate>Mon, 25 Apr 2016 15:47:42 +0000</pubDate> <dc:creator><![CDATA[Victor Arzate [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Azure CLI]]></category> <category><![CDATA[Azure Stack]]></category> <category><![CDATA[AzureStack]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[JSON]]></category> <category><![CDATA[LINUX]]></category> <category><![CDATA[Microsoft Azure PowerShell]]></category> <category><![CDATA[Microsoft Azure Stack]]></category> <category><![CDATA[Resource Provider]]></category> <category><![CDATA[Visual Studio]]></category> <category><![CDATA[Windows]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7625</guid> <description><![CDATA[If you are testing the capabilities of Azure Stack Technical Preview, you will probably have been deploying virtual machines from the portal. The IaaS capabilities in Azure Stack are great, but what about being able to deploy multi-components applications as a single entity? Applications can be made up of many parts resources that can include virtual... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/25/microsoft-azure-stack-advanced-scenarios-fundamentals/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[If you are testing the capabilities of Azure Stack Technical Preview, you will probably have been deploying virtual machines from the portal. The IaaS capabilities in Azure Stack are great, but what about being able to deploy multi-components applications as a single entity? Applications can be made up of many parts resources that can include virtual machines, web sites, databases, storage accounts, network security groups, virtual networks and so on. So how do we deploy and manage all of these resources as an application in a single group? : For that we use using declarative templates (as we’ve described in <a href="https://blogs.technet.microsoft.com/privatecloud/2016/03/18/arm-concepts-in-azure-stack-for-the-wap-administrator-resource-deployment/" target="_blank">this</a> previous blog post). A number of <a href="https://github.com/Azure/azurestack-quickstart-templates" target="_blank">Quick Start templates</a> for Azure Stack are already available on GitHub for you to test. These will allow you to deploy a Windows VM, virtual network, Linux VM, Active Directory Domain controller, a SharePoint farm, etc. using Azure Resource Manager (ARM) templates. We urge you to go check out what is available as the list above just touches on a few of the templates you can download. The goal of this blog post if to introduce you to a couple of videos we have created that walk you through how to add these templates to your Azure Stack TP1 labs. The first video, <a href="https://channel9.msdn.com/Blogs/Microsoft-Azure-Stack-TP1-Advanced-Scenarios-and-How-Tos/Microsoft-Azure-Stack-TP1-Foundational-Skills-1-Deploying-JSON-Templates" target="_blank">Deploy JSON templates video</a>, walks you through how to deploy the templates using one of four methods: <ul> <li>Portal</li> <li>PowerShell</li> <li>Visual Studio</li> <li>CLI</li> </ul> The <a href="https://channel9.msdn.com/Blogs/Microsoft-Azure-Stack-TP1-Advanced-Scenarios-and-How-Tos/Microsoft-Azure-Stack-TP1-Foundational-Skills-2-Deploying-Extensions" target="_blank">second video</a> shows how to deploy <a href="https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-extensions-features/" target="_blank">VM extensions</a> in Azure Stack using the Quick Start templates. It will also walk you through a quick containers demo running on a Linux VM in Azure Stack that you can wow your techie friends with! We are in the process of also creating videos to show you how to deploy resource providers for SQL Server and Web Apps in Azure Stack, as well as a video on Hybrid capabilities. Please stay tuned for those! For more information on ARM templates, refer to the Azure Resource Manager Template Walkthrough documentation <a href="https://azure.microsoft.com/en-us/documentation/articles/resource-manager-template-walkthrough/" target="_blank">here</a>. Kath and Victor ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/04/25/microsoft-azure-stack-advanced-scenarios-fundamentals/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>Azure Automation & Hybrid Cloud Management: Automating deployment of a VM in Amazon Web Services</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/04/20/azure-automation-hybrid-cloud-management-automating-deployment-of-a-vm-in-amazon-web-services/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/04/20/azure-automation-hybrid-cloud-management-automating-deployment-of-a-vm-in-amazon-web-services/#comments</comments> <pubDate>Wed, 20 Apr 2016 09:43:38 +0000</pubDate> <dc:creator><![CDATA[Tiander Turpijn [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[AWS]]></category> <category><![CDATA[Azure Automation]]></category> <category><![CDATA[Powershell]]></category> <category><![CDATA[Runbook Authoring]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7617</guid> <description><![CDATA[During our Cloud Roadshow events where I presented on Azure Automation there were a number of questions around whether Azure Automation was intended only for Azure. Fortunately, I had a demo lined up…... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/20/azure-automation-hybrid-cloud-management-automating-deployment-of-a-vm-in-amazon-web-services/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[During our <a href="https://microsoftcloudroadshow.com/cities" target="_blank">Cloud Roadshow</a> events where I presented on Azure Automation there were a number of questions around whether Azure Automation was intended only for Azure. Fortunately, I had a demo lined up which I’m going to talk about in this blog post, but the key answer is that Azure Automation is not only for Azure, it’s for on-premises resources AND for managing hybrid cloud environments as well! So, for example, if you are an Amazon Web Services (AWS) customer then Azure Automation is for you too! <h2>Objectives</h2> In this post I’ll talk about how you can leverage Azure Automation to provision a VM in AWS and give that VM a specific name – which in the AWS world is referred to as “tagging” the VM. <h2>Assumptions</h2> For the purposes of this post I’m assuming you have an Azure Automation account already set up and that you have an AWS subscription as well. For more information on setting up an Azure Automation account, check out our <a href="https://azure.microsoft.com/en-us/documentation/articles/automation-configuring/" target="_blank">documentation page</a>. <h2>Preparation: Storing your AWS credentials</h2> Note: This blogpost leverages root access keys which is not an AWS security best practice, please refer to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html" target="_blank">this</a> article how to setup an IAM user For Azure Automation to “talk” to AWS, you will need to retrieve your AWS credentials and store them as assets in Azure Automation. When you are logged into the AWS portal, click on the little triangle under your name and click on Security Credentials.   <img title="AWS security credential" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS security credential" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-security-credential_thumb.png" width="360" height="218"> Click Access Keys. <img title="AWS Access Keys" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS Access Keys" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-Access-Keys_thumb.jpg" width="480" height="274"> Copy your access key and secret access key (optionally download your key file to store it somewhere safe). <img title="Create AWS access keys" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Create AWS access keys" src="https://msdnshared.blob.core.windows.net/media/2016/04/Create-AWS-access-keys_thumb.png" width="480" height="144"> <h2>AWS Assets in Azure Automation</h2> In the previous step you have copied and saved your AWS Access Key ID and Secret Access Key. We are going to store them now in Azure Automation. Navigate to your Automation Account and select Assets – Credentials and add a new credential and name it AWScred. <img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/04/image_thumb638.png" width="480" height="335"> Provide an optional description and make sure that you enter your Access ID in the User name field and your Secret Access Key in the field which is labeled Password. Save your AWS credentials. <h2>Amazon Web Services PowerShell Module</h2> Our VM provisioning runbook will leverage the AWS PowerShell module to do its work. The AWS PowerShell module ships on <a href="http://www.powershellgallery.com/packages/AWSPowerShell/" target="_blank">PowerShell Gallery</a> and can easily be added to an Automation account via the Deploy to Azure Automation button. <img title="AWS PS Module import to AA" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS PS Module import to AA" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-PS-Module-import-to-AA_thumb.png" width="480" height="395"> When you click on Deploy to Azure Automation it will take to the Azure login page and after you have provided your credentials you will see the following screen. <img title="Import AWS Module wizard" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Import AWS Module wizard" src="https://msdnshared.blob.core.windows.net/media/2016/04/Import-AWS-Module-wizard_thumb.png" width="360" height="304"> Select a new or existing Automation Account. Please note that there is no dropdown box for an existing account, so make sure that you do not make typos and that the region and resource group for your Automation account are correct. Go through the other steps to complete the configuration and then click on Create. If you navigate to your selected Automation Account and navigate to Assets – Modules, you now can see the AWS module with 1427 activities, awesome! Note: Importing a PowerShell module into Azure Automation consists of two steps: <ol> <li>Importing the module <li>Extracting the cmdlets</li> </ol> The activities will not show up until the module has completely finished importing and extracting the cmdlets which can take a few minutes. <h2>Provision AWS VM runbook</h2> Now that we have all prerequisites in place it’s time to author our runbook which will provision a VM in AWS. We will also showcase that you can leverage a native PowerShell script in Azure Automation instead of PowerShell Workflow. More information about the differences between native PowerShell and PowerShell workflow can be found <a href="https://azure.microsoft.com/en-us/blog/announcing-powershell-script-support-azure-automation-2/" target="_blank">here</a>. Information about graphical runbook authoring can be found <a href="https://azure.microsoft.com/en-us/blog/azure-automation-graphical-and-textual-runbook-authoring/" target="_blank">here</a>. The PowerShell script for our runbook can be downloaded from the <a href="https://www.powershellgallery.com/packages/New-AwsVM/DisplayScript" target="_blank">PowerShell Gallery</a>. You can download the script by opening a PowerShell session and typing in: Save-Script -Name New-AwsVM -Path <path> When you have saved the PowerShell script you can add it to Azure Automation as a runbook by doing the following: Under your Automation Account, click Runbooks and select Add a runbook. Select Quick Create (Create a new runbook), provide a name for your runbook and under Runbook type select PowerShell. Then click on Create. <img title="Create AWS runbook" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Create AWS runbook" src="https://msdnshared.blob.core.windows.net/media/2016/04/Create-AWS-runbook_thumb.png" width="360" height="216"> When the runbook editor opens copy and paste the PowerShell script into the runbook authoring area. <img title="image" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="image" src="https://msdnshared.blob.core.windows.net/media/2016/04/image_thumb639.png" width="480" height="226"> Please note the following when using the downloaded PowerShell script: <ul> <li>The runbook contains a number of default parameter values as mentioned in the #ToDo section. Please evaluate all default values and update where necessary. <li>Make sure that have you stored your AWS credentials under Assets, called AWScred. <li>The region which you will be using will be dependent of your AWS subscription. In the AWS portal where you have also looked up your security credentials, click on the arrow next to your Account to verify your region.</li> </ul> <img title="AWS region" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS region" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-region_thumb.png" width="218" height="319"> <ul> <li>Figure out <a href="http://docs.aws.amazon.com/powershell/latest/userguide/pstools-installing-specifying-region.html" target="_blank">which region</a> you need to provide in your runbook. For example, my region is US West (Oregon) which translates to us-west-2.</li> </ul> <img title="AWS regions" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS regions" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-regions_thumb.png" width="360" height="171"> <ul> <li>You can get a list of image names when you use PowerShell ISE, import the module, authenticate against AWS by replacing Get-AutomationPSCredential in your ISE environment with $AwsCred = Get-Credential. This will prompt you for credentials and you can provide your Access Key ID and Secret Access Key as username and password. See the sample below: </li> </ul> <pre class="prettyprint">#Sample to get the AWS VM available images #Please provide the path where you have downloaded the AWS PowerShell module Import-Module AWSPowerShell $AWSRegion = "us-west-2" $AwsCred = Get-Credential $AwsAccessKeyId = $AwsCred.UserName $AwsSecretKey = $AwsCred.GetNetworkCredential().Password # Set up the environment to access AWS Set-AWSCredentials -AccessKey $AwsAccessKeyId -SecretKey $AwsSecretKey -StoreAs AWSProfile Set-DefaultAWSRegion -Region $AWSRegion Get-EC2ImageByName -ProfileName AWSProfile </pre> That will you get you this output: <img title="Get AWS images" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Get AWS images" src="https://msdnshared.blob.core.windows.net/media/2016/04/Get-AWS-images_thumb.png" width="360" height="357"> Copy and paste the image name of your liking in an automation variable as referenced in the runbook as $InstanceType. Since I’m using a free AWS tier I have selected t2.micro in my runbook. Learn more about Amazon EC2 instance types <a href="https://aws.amazon.com/ec2/instance-types/" target="_blank">here</a>. <h2>Testing the provision AWS VM runbook</h2> Preflight checklist: <ul> <li>Assets for authenticating against AWS have been created and has been named AWScred <li>The AWS PowerShell module has been imported in Azure Automation <li>A new runbook has been created and parameter values have been verified and updated where necessary <li>Log verbose records and optionally Log progress records under the runbook settings have been set to On </li> </ul> Let’s start our new runbook by providing a VMname. <img title="Start New-AwsVM runbook" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Start New-AwsVM runbook" src="https://msdnshared.blob.core.windows.net/media/2016/04/Start-New-AwsVM-runbook_thumb.png" width="480" height="350"> Since we have enabled Log verbose records and Log progress records we can see our output Streams under All Logs. <img title="Stream output" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="Stream output" src="https://msdnshared.blob.core.windows.net/media/2016/04/Stream-output_thumb.png" width="480" height="243"> Let’s check in AWS: <img title="AWS console deployed VM" style="border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px" border="0" alt="AWS console deployed VM" src="https://msdnshared.blob.core.windows.net/media/2016/04/AWS-console-deployed-VM_thumb.png" width="480" height="142"> Nice! With this blog post I have provided an example of how Azure Automation can be used to manage hybrid clouds, such as by creating a VM in Amazon Web Services and applying a custom tag to give it a name. Happy automating and until next time! Tiander. ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/04/20/azure-automation-hybrid-cloud-management-automating-deployment-of-a-vm-in-amazon-web-services/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Channel 9 Series on Operations Management Suite</title> <link>https://blogs.technet.microsoft.com/privatecloud/2016/04/13/channel-9-series-on-operations-management-suite/</link> <comments>https://blogs.technet.microsoft.com/privatecloud/2016/04/13/channel-9-series-on-operations-management-suite/#comments</comments> <pubDate>Thu, 14 Apr 2016 00:26:38 +0000</pubDate> <dc:creator><![CDATA[Jim Britt [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/privatecloud/?p=7321</guid> <description><![CDATA[Hello Readers, Jim Britt here after a very long time away from blogging .  I wanted to take this opportunity to post some news about a multi part series on Microsoft Operations Management Suite (OMS) created by the Enterprise Cloud Group CAT Team.  Tiander Turpijn and I have given some examples in this series on... <a href="https://blogs.technet.microsoft.com/privatecloud/2016/04/13/channel-9-series-on-operations-management-suite/" class="read-more">Read more</a>]]></description> <content:encoded><![CDATA[<table border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td width="695" valign="top"> Hello Readers, Jim Britt here after a very long time away from blogging <img class="wlEmoticon wlEmoticon-smile" alt="Smile" src="https://msdnshared.blob.core.windows.net/media/2016/04/wlEmoticon-smile9.png">.  I wanted to take this opportunity to post some news about a multi part series on Microsoft Operations Management Suite (OMS) created by the Enterprise Cloud Group CAT Team.  Tiander Turpijn and I have given some examples in this series on how to leverage this technology to no only get insights into your hybrid cloud environment but also how you can take those insights and put them into action with some automation.  Part 1 focuses primarily on an overview of OMS and what the capabilities are as well as a deep dive into Log Analytics and some of the Solution Packs that make up the OMS ecosystem.  Part 2 of this series concentrates primarily on the Automation piece of OMS deep diving into the automation asset store (credentials, variables, connections, certificates, and modules), an overview of the power of Hybrid Runbook Workers and their role in Automation, a review of Azure Automation Desired State Configuration (DSC), and finally showing this runbook example in action (<a href="https://aka.ms/OMSAWS">https://aka.ms/OMSAWS</a>) for deploying an AWS virtual machine leveraging an Azure Automation runbook (the power of hybrid cloud management!).  We certainly hope you enjoy these sessions and look out for more in this area in the near future! <a href="https://channel9.msdn.com/Shows/TechNet+Radio/TNR1649" target="_blank">https://channel9.msdn.com/Shows/TechNet+Radio/TNR1649</a><a href="https://channel9.msdn.com/Shows/TechNet+Radio/TNR1649" target="_blank"><img width="701" height="255" title="clip_image002" alt="clip_image002" src="https://msdnshared.blob.core.windows.net/media/2016/04/clip_image00227.jpg" border="0"></a> </td> </tr> <tr> <td width="695" valign="top"> <a href="https://channel9.msdn.com/Shows/TechNet+Radio/TNR1650" target="_blank">https://channel9.msdn.com/Shows/TechNet+Radio/TNR1650</a><a href="https://channel9.msdn.com/Shows/TechNet+Radio/TNR1650" target="_blank"><img width="703" height="225" title="clip_image004" alt="clip_image004" src="https://msdnshared.blob.core.windows.net/media/2016/04/clip_image00420.jpg" border="0"></a> Until next time – as always Happy Automating! <img class="wlEmoticon wlEmoticon-hotsmile" alt="Hot smile" src="https://msdnshared.blob.core.windows.net/media/2016/04/wlEmoticon-hotsmile.png"> </td> </tr> </tbody> </table> ]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/privatecloud/2016/04/13/channel-9-series-on-operations-management-suite/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> </channel> </rss>