Lab 2: Building Workloads (Jan-June 2015 Azure Hybrid Cloud IT Camps)

This post contains Lab 2 of the 5 labs created for our current set of US DX IT Camps.

The complete set of labs are listed here:

• Lab 1 – Building the Foundation (Virtual Network, Storage, and Cloud Service)
• Lab 2 – Building Workloads (Creating your DC and SQL Servers)
• Lab 3 – Working with Identity (Sync your domain to Azure AD, setup and test Multi-Factor Authentication)
• Lab 4 – Building Application and SQL Workloads (Install the Web server.  Configure your SQL Server database and connectivity from your Web Server)
• Lab 5 – Building Application Workloads (Install, configure, and a sample web application)
• Lab Appendix  (Installing AD by running a script on DC01, and installing Azure PowerShell Cmdlets)
• Lab 6 (Optional) – A SUSE Linux VM in Azure (Build, connect to, and add Ubuntu Desktop to a SUSE Linux VM)

Lab 2: Building Workloads

Azure virtual machines give you the flexibility of virtualization without spending the time and money to buy and maintain the hardware that hosts the virtual machine. However, you do need to maintain the virtual machine -- configuring, patching, and maintaining the operating system and any other software that runs on the virtual machine. In this lab you are going to deploy 2 virtual machines into Azure for the two workloads of identity and database. You will create these two virtual machines:

• A Domain Controller (DC01)
• A SQL Server (SQL01)

Deploy a domain controller in Microsoft Azure

In this task, you will deploy a new virtual machine(VM) to function as a domain controller in your newly created virtual network created in Lab01. As you provision the virtual machine you will leverage a custom script extension which contains PowerShell code to install Active Directory as a part of the provisioning process. Custom Script Extensions can automatically download scripts and files from Azure Storage and launch a PowerShell script on the virtual machine. These scripts can be used to install additional software components, and in this lab it will install Active Directory Domain Services and create the ContosoAzure.com forest. Like the any other VM extensions, Custom Script Extensions can be added during VM creation or after the VM has been running. During the last portion of the lab you will also configure the AD service as the DNS server for the virtual network you created in Lab 1, and you’ll assign it a static IP Address (Technically speaking this is a DHCP reservation in the subnet but it will be referred to as a static IP pretty much everywhere in Azure documentation.)

Perform the following tasks in the Azure management portal:

1. In the left column, find and select VIRTUAL MACHINES. 
2. Click NEW (Plus “ + ” Sign) located at the bottom of the Azure management portal
3. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
4. In Choose an Image, click Windows Server 2012 R2 Datacenter, and then click the Next arrow.

1. Create a new virtual machine using the values in the following table.  Please note: You can user your own username and password, just make sure to remember it!

1. Click the Next arrow
2. On the Virtual machine configuration page, in CLOUD SERVICE, select itcservice<ID> . (from Lab 1)

1.  ITC-VNet will be automatically selected. If you do not have ITC-VNet available, you likely have the ITC-VNet in a different datacenter region. Go back and check the region to make sure it’s the same.

• In STORAGE ACCOUNT, select itcstore<ID>   (from Lab 1)

1. If your storage account is not in the list, you may have to cancel out of this wizard, wait a few minutes for it to finish building, and try again.

• In REGION/AFFINITY GROUP/VIRTUAL NETWORK, verify that ITC -VNet is selected.
• In VIRTUAL NETWORK SUBNETS, select AD-Production-Static (192.168.11.0)/24, and then click the Next arrow.

1. In a separate browser tab, browse to and download https://ITProGuru.com/downloads/ADProvisionScriptv2.txt to your local machine. 

1. Make sure you click on File>Save As.. and save it as ADProvisionScriptv2.ps1. Make a note of where you put it. It will be needed for the next step.

• Back on the Virtual machine configuration page, under Configuration Extensions, check Custom Script.
• Click FROM LOCAL, navigate to the ADProvisionScriptv2.ps1 file you download above click Open
• In the Arguments field type the following (including quotation marks, the password can change to match the one you gave in step 5 if you did not use the lab’s recommended password):

"ContosoAzure.com" "Passw0rd!"

(FYI - This is just assigning the Safe Mode Admin password)

1. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
2. Click the Complete icon.

1. The virtual machine will take several minutes to create. Depending on the load this may take between 5 and 25 minutes. 
2. You will return to complete the rest of the DC networking configuration at the end of the lab

• NOTE: If you already started the install and missed the Execute Script part, or if later you notice that it did not get AD installed, see the appendix for instructions for using PowerShell from within DC01 to add and configure Active Directory.

Explore the virtual machines and connect via RDP

Now that the virtual machine is created, you want to log on and verify that it looks, feels, and behaves just like any server on your network.

Perform the following tasks in the Azure management portal:

1. On the left menu of the Azure management portal, scroll to and click VIRTUAL MACHINES.
2. To the right of DC01, click the DNS Name to open the Service dashboard.
3. Click the DASHBOARD tab.

1. You can review information about the running virtual machines, as well as view the current health.

• Click the MONITOR tab.

1. You can view performance and data statistics.

• Click the INSTANCES tab.

1. Note that DC01 is currently the only instance in this cloud service.

• Click DC01 to open the virtual machine information.
• Click the DASHBOARD tab.

1. You can review information about the virtual machines, as well as view the current health.

• Click the MONITOR tab.

1. You can view performance and data statistics.

• Click the ENDPOINTS tab.

1. You can configure published endpoints, which are similar to firewall rules, to allow applications to access services running on the VM.

• Click the CONFIGURE tab.

1. You can modify the properties of the virtual machine. You can also configure monitoring from multiple locations to ensure your endpoint is operational.

• Click the DASHBOARD tab.
• On the bar at the bottom, click CONNECT, and then click Open.
• Click Connect.
• When prompted, log on as sysadmin using Passw0rd! as the password. (Substitute the username and password you used during VM Creation if different than the lab recommendations.)

1. Note: If you have trouble connecting as sysadmin, try sysadmin@ContosoAzure.com.

• Click Yes.

1. You are now logged on to your newly created virtual machine.

• Click No when prompted to enable discovery of devices.

Migrate DC01 to the designated static IP subnet

Your DC01 is currently assigned to the AD-Production-Static subnet. But this doesn’t actually assign it a static address that might not someday change. In this task, you will configure a static IP address using the new Azure Preview Portal.

You could accomplish what we’re about to do in two separate ways – the new Azure Preview Portal, or through PowerShell. For our Lab, we’re going to use the new portal, and then show you how it could be done using PowerShell.

While the new portal offers some great enhancements to managing Azure. It is still in preview, and this task will give you a glimpse into the new portal.

1. In the Azure management portal, click on your Account ID e-mail address in the upper right hand corner and click on Switch to new portal. Notice a new tab automatically opens
2. 
3. If prompted for your credentials, enter your ID and password to enter the new portal
4. On the left hand toolbar in the portal click Browse and scroll to and select Virtual machines
5. 
6. In the Virtual machine list select DC01
7. In the DC01 journey pane select SETTINGS
8. 
9. In the SETTINGS options select IP addresses
10. In the IP addresses journey, note that the Private IP address is set to Dynamic. Select Static.
11. Your IP address is probably something like 192.168.11.4, which is the first available address in our AD-Production-Static subnet. Change this to 192.168.11.100
12. Save up above.

You may now close the new preview portal tab.

DC01 designated static IP – Using PowerShell

NOTE: This is just informational! If you’ve used the new portal to assign the static IP address, you don’t need to do these PowerShell steps!

If you were to do this using PowerShell, you will need to make sure you have installed the Microsoft Azure PowerShell cmdlets and connect it (or authenticate) to your subscription. You can read the Install PowerShell Toolsappendix section for more information.

1. Open Azure PowerShell.
2. To test the pending static IP for availability, type the following command (on one line), and then press ENTER. 

1. Test-AzureStaticVNetIP –VnetName ITC-VNet –IPAddress 192.168.11.100

• The output of True indicates this address is available. An output of false indicates the address is assigned, and will also provide a list of available IP addresses.
• To migrate the VM, type the following command (all on one line) and then press ENTER. Replace <ID> with your unique ID.

1. Get-AzureVM -Name DC01 -ServiceName itcservice<ID> | Set-AzureSubnet -SubnetNames AD-Production-Static | Update-AzureVM 

• To verify the VM has been migrated, type the following command, and then press ENTER. Replace <ID> with your unique ID.

1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID>

• Note the value of IPAddress and PowerState. The VM should have a new IP address on your new subnet, and be starting.
• To assign the desired static IP, type the following command (on one line), and then press ENTER. Replace <ID> with your unique ID.

1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID> | Set-AzureStaticVNetIP –IPAddress 192.168.11.100 | Update-AzureVM

• To verify the VM has been configured, type the following command, and then press ENTER. Replace <ID> with your unique ID.

1. Get-AzureVM -Name DC01 –ServiceName itcservice<ID>

• Note the value of IPAddress and PowerState. The VM should have the assigned static IP on your new subnet, and be starting.

Before proceeding to the next step you may need to wait for the last operation to complete. Assigning a new IP address forces the VM to restart.

Create a new database server VM from the Microsoft Azure management portal

In this task, you will create the database server to run the database portion of our application. This will be a SQL Server Enterprise 2014 virtual machine.  You will leverage one of the many virtual machine images that are located in the virtual machine gallery. Images are used in Azure to provide a new virtual machine with an operating system. An image might also have one or more data disks. Images are available from several sources:

• Azure offers a gallery of images -- recent versions of Windows Server and several distributions of the Linux operating system. Some images also contain applications, such as SQL Server. MSDN Benefit and MSDN Pay-as-You-Go subscribers have access to additional images.
• The open source community offers images through VM Depot.
• You can store your own images in Azure, by either capturing an existing Azure virtual machine for use as an image or uploading an image.

Perform the following tasks in the non-preview Azure management portal.

1. Click NEW (“+”) , located at the bottom of the Azure management portal.
2. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
3. In Choose an Image, click SQL Server, and find and select SQL Server 2014 RTM Enterprise. Click the Next arrow.
4. Create a new virtual machine using the values in the following table, and then click the Next arrow.

1. On the Virtual machine configuration page, in CLOUD SERVICE DNS NAME, select itcservice<ID> (where <ID> is your unique ID).
2. In STORAGE ACCOUNT, select itcstore<ID>
3. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select ITC -VNet.
4. In VIRTUAL NETWORK SUBNETS verify that AD-Production (192.168.10.0)/24 is selected.
5. In STORAGE ACCOUNT Select itcstore<ID>

1. Then click the Next arrow. 
2. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
3. Click the Complete icon.

1. The virtual machine will take a several minutes to create. Depending on the load this may take between 15 and 35 minutes. 
2. You will return to complete the rest of the SQL configuration in an up-coming lab.

Assign a new DNS server and subnet for the virtual network

In this task you will create a new DNS server entry. This entry will be assigned to all computers using DHCP on their next restart, since all VMs use DHCP in Azure, even the ones with “static IPs” as these are technically just DHCP reservations on the virtual network. Azure provides automatic routing between subnets on the same virtual network, but automatic name resolution only when machines are in the same Cloud Service.  Though we won’t be doing so in these labs, if we were to add new VMs to the domain, they would have entries in DNS, so that it wouldn’t matter what cloud service they were in. They’d have name resolution through DNS on the Domain Controller.

URGENT NOTE : Please confirm that the creation of the domain is complete on DC01 BEFORE changing DNS. You can do this by looking in Server Manger on DC01. AD DS and DNS should both be listed in the left NAV. If you do not, name resolution will fail

Perform the following tasks in the non-preview Azure management portal.

1. In the Azure management portal, click NETWORKS.
2. Click ITC-VNet
3. Click CONFIGURE.
4. In dns servers, type DC01, and then in IP ADDRESS, type 192.168.11.100.
5. Click Save.