Migration and Deployment: Windows Azure as a PaaS (Part 11 of 19) by Harold Wong

When Windows Azure first released, it was only available as a Platform as a Service (PaaS) offering.  The benefit of PaaS is that you (an organization, company, etc.) don’t have to worry about maintaining the server hardware or Operating System on which your application runs.  The service automatically handles that for you and it provides a level of fault tolerance / redundancy.  The challenge for the IT Pro when Azure first released is that it seemed to take the IT Pro out of the picture and left everything in the hands of the Developer (from setup to management to deployment).  I myself know a few developers that took advantage of Azure to get things done quicker without having to deal with the politics and such when working with an IT department that has processes that need to be followed (for a very good reason).  This worked great at the beginning, but then eventually, the environment was too difficult for the Developer to manage and then they had to enlist the help of the IT Department (IT Pros to the rescue) to take over the care and maintenance of the Azure PaaS environment.  That transition was usually very difficult since the IT Department wasn’t involved with the initial configuration to begin with and the Developer didn’t necessarily understand what was required for ongoing maintenance (that’s not their job, they usually write code).  It would have been so much better and easier had the IT Pro been brought in at the beginning.  It also helps if the IT Pro has an understanding of the PaaS environment in terms of things they need to manage.

As Windows Azure continues to mature and more and more organizations start looking at Azure to solve some of their needs, I want to get some basic information out on things to consider when getting ready to deploy an application to Windows Azure as a PaaS. 

  1. Manage Certificates
  2. Upload Service (new and staging)
  3. Manage Service Instance Count
  4. Manage Virtual Networking
  5. Remote Desktop Configuration
  6. VM Role creation / Upload
  7. Configure and Manage connectivity

1.  Manage Certificates

To secure communications with different PaaS services, certificates do come into play.  It is very important that you upload all the necessary certificates that will be used for the various requirements (SSL, Remote Desktop, etc.).  There are two places you manage certificates from within the Azure portal depending on what you are using them for.  If you plan to deploy cloud services using tools in the WIndows Azure Management REST API, Azure SDK or Azure Tools for Visual Studio, then you need to upload a Management Certificate from the Settings location.


If you plan to connect to your Worker Role or Web Role via RDP, then you will need to upload the certificate on the services configuration page.


2. Upload Service

The Developer could deploy their application directly to Azure using Visual Studio or they can create the necessary files for the IT Pro to deploy via the portal or PowerShell.  To deploy via the Azure Portal, I would go to the Service dashboard and upload my application.  The application is made up of two files – the Package (.cspkg) and the Configuration (.cscfg) files.

azureservicedash  azureuploadpkg

Once the service is up and running, the developer may have a new version that needs to be tested prior to rolling into production.  We would use the same interface to upload the new rev of the application to the Staging portion (versus Production).  We would then be able to test the app before moving it to Production.  At that point, the Production application would be moved to Staging in case you had to revert.

3. Manage Service Instance Count

As I mentioned earlier, one of the benefits of PaaS is that I can easily scale my application up or down.  This is essentially going to the management portal and increasing the number of instances of my service or decreasing it as demand fluctuates.  In the portal, I would go to the Scale tab and change the number of instances to the desired number and hit save.



4. Manage Virtual Networking

If you need to have your PaaS instances on a specific Virtual Network, then you will need to configure the Virtual Networking in Azure prior to the deployment of the application.  I wrote a previous post on Connecting Azure IaaS to PaaS where I detailed the configuration of the Virtual Network and the edits needed to the .cscfg file to link the PaaS instance to the Virtual Network.  Below are the lines I need to add to the .cscfg file.  the VirtualNetworkSite name, InstanceAddress roleName and Subnet name entries need to be modified based on your configuration and hence why I have them in Bold.

<VirtualNetworkSite name="ITProsRockVNet" />
<InstanceAddress roleName="WebRole1">
<Subnet name="CoreSubnet" />

5. Remote Desktop Configuration

The easiest way to configure Remote Desktop Connectivity to the service application is to have the Developer do so within Visual Studio.  This information gets stored in the .cscfg file which I am including below for reference.  The Account Password is encrypted so you can’t see it and the thumbprint of the certificate is referenced (see step 1 for uploading certificate).

  <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
  <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
  <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="ForHarold" />
  <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="MIIBnQYJKoZIhvcNAQcDoIIBjjCCAYoCAQAxggFOMIIBSgIBADAyMB4xHDAaBgNVBAMME1dpbmRvd3MgQXp1cmUgVG9vbHMCEETZoJcBZi20SahvRi5P3wgwDQYJKoZIhvcNAQEBBQAEggEAoNl8mBHD9igLhWQ2Uu6wnt4TnK6RMdgqmyZ+wrVlf57zdzOPG/4LrKTmrL9bTwu25n6QwNsxDDNB23KhM4J8Y05QsyCRjiAUxXLGELISAUT+Wa27qy9gLsZFAD9ShruRzY6Xe3hXayQE8a2yZMqmz81eH3AUuEqdJskxHdETQWmxOaeerqjNdDkPEvf6XGkw2h/WX44G5Jl4d9P/R972mfEdJV6qPWyGRIlJAHDpfWoTaKWAhcbBixbv6Mf4NzF3wHeMrXQw6BvW55l7YLLV2/uSfKafbRl/oK0JRFQxisx5//sn0btbyn9/39kJ87mIyvnfUbqTkkcK5LbgVGarVDAzBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECLb6EDKva6NmgBB65utJrsirw3JmcAfZREYQ" />
  <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2014-01-23T23:59:59.0000000-08:00" />
  <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
  <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="8C1AF40192A62866CDE64890E3A829E60AEE401A" thumbprintAlgorithm="sha1" />

6. VM Role creation and upload

If you choose to create a VM Role (which is NOT the same as a Virtual Machine as part of IaaS), you can use Hyper-V locally (Windows Server 2008 R2, Windows Server 2012 or Windows 8) to create the VM that you will use to upload into Azure Storage.  As of the writing of this blog, you MUST create a VHD file and not a VHDX as Azure currently only supports VHD formats.  Also, the size of the VHD cannot be larger than 127 GB in size.  Once you have installed the Operating System and configured the OS as needed, you will need to prepare the image by running Sysprep from the C:\Windows\System32\sysprep directory.  For System Cleanup Action, select Enter System Out-of-Box Experience (OOBE), select Generalize checkbox and for Shutdown Options, select Shutdown.


To upload the VHD, you can use the CSUpload command line Tool.  Another option is to use System Center 2012 SP1 App Controller to upload the VHD file.  Remember that this process will take time as you are uploading a very large file across the Internet.  The last test I performed took about 6 hours to upload an 18 GB VHD file.

7. Configure and Manage Connectivity

Depending on the connectivity needed for the PaaS instances, you have to configure different items.  If you are connecting your PaaS instance to a Virtual Network that then connects to your on-premises datacenter resources, you would not need to do anything else on your PaaS instance(s), but would need to configure your Virtual Network connectivity to on-premises networking.  Virtual Networking also enables connectivity of your PaaS infrastructure to your IaaS infrastructure.  Be sure you understand the scope of your entire Azure deployment so you can configure your Virtual Networking properly to accommodate all the necessary instances and associated IP addresses.

I hope this helps to give you an idea of things you need to take into consideration before you ever deploy your first application into the Azure PaaS environment.  There really is a lot more to it than just having a Developer hit “Deploy” in Visual Studio.  Smile

Harold Wong

Skip to main content