Lab 5: Building Application Workloads – Deploy Data Access App (Jan-June 2015 Azure Hybrid Cloud IT Camps)

This post contains Lab 5 of the 5 labs created for our current set of US DX IT Camps.

The complete set of labs are listed here:

• Lab 1 – Building the Foundation (Virtual Network, Storage, and Cloud Service)
• Lab 2 – Building Workloads (Creating your DC and SQL Servers)
• Lab 3 – Working with Identity (Sync your domain to Azure AD, setup and test Multi-Factor Authentication)
• Lab 4 – Building Application and SQL Workloads (Install the Web server.  Configure your SQL Server database and connectivity from your Web Server)
• Lab 5 – Building Application Workloads (Install, configure, and a sample web application)
• Lab Appendix  (Installing AD by running a script on DC01, and installing Azure PowerShell Cmdlets)
• Lab 6 (Optional) – A SUSE Linux VM in Azure (Build, connect to, and add Ubuntu Desktop to a SUSE Linux VM)

Lab 5: Building Application Workloads – Deploy Data Access App

Configure endpoints for WEBFE01

In this task, you will configure the required public endpoint mappings for WEBFE01.

Perform the following tasks in the Azure management portal.

1. In the Azure management portal, click in VIRTUAL MACHINES.
2. Click WEBFE01, and then click ENDPOINTS.
3. Click ADD.
4. In ADD ENDPOINT, click the Next arrow.
5. In Name, select HTTP, and then click the Completed button.
6. You will have to wait for the endpoint to be created then continue
7. Click ADD.
8. In ADD ENDPOINT, click the Next arrow.
9. In Name, select HTTPS, and then click the Completed button.
10. You will have to wait for the endpoint to be created then continue
11. Click ADD.
12. In ADD ENDPOINT, click the Next arrow.
13. In NAME, type Custom5000.
14. In PUBLIC PORT and PRIVATE PORT, type 5000, and then click the Completed button.
15. You will have to wait for the endpoint to be created then continue
16. Click ADD.
17. In ADD ENDPOINT, click the Next arrow.
18. In NAME, type Custom5001.
19. In PUBLIC PORT and PRIVATE PORT, type 5001, and then click the Completed button.
20. Click Dismiss Completed in Azure Portal after all are done

Configure firewall ports for WEBFE01

Next, you must enable WEBFE01 to communicate internally within the service. While general IP connectivity is provided by DHCP, both servers are workgroup members and have the public firewall profile enabled. In this task you will open firewall ports and enable PING traffic on WEBFE01.

Perform the following tasks in an RDP connection to WEBFE01.

1. In your RDP session to WEBFE01, open Server Manager.
2. Click Local Server.
3. Next to Windows Firewall, click Public: On.
4. In Windows Firewall, click Advanced settings.
5. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
6. In Rule Type, click Port, and then click Next.
7. In Specific local ports, type 80, 443, 5000, 5001, and then click Next.
8. On the Action page, click Next.
9. On the Profile page, click Next.
10. In Name, type Allow WebApp, and then click Finish.
11. In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
12. In Rule Type, click Custom, and then click Next.
13. On the Program page, click Next. (All programs should be selected)
14. On the Protocol and Ports page, in Protocol type, select ICMPv4, and then click Next.
15. On the Scope page, click Next.
16. 16. On the Action page, click Next.
17. On the Profile page, click Next.
18. In Name, type Allow PING, and then click Finish.
19. Disconnect from the RDP session.

Remotely enable Internet Information Services on WEBFE01 using Windows PowerShell

In this task, you will use Windows PowerShell remoting to install Internet Information Services on WEBFE01. To perform this task, you will use standard Windows PowerShell remoting and administration commands; however, you must first install the Windows PowerShell remoting self-signed certificate installed in your WEBFE01VM. This is because Windows PowerShell remoting relies on HTTPS connections by default.

Establish an RDP session to your SQL01Server:

1. In the Azure management portal, click VIRTUAL MACHINES, click SQL01, and then click Dashboard. On the bottom bar, click CONNECT, and then click Open. Click Connect.
2. When prompted, log on as sysadmin using Passw0rd! as the password.
3. Click yes.

From within your RDP session on SQL01:

1. Click on the Folder on the task bar to open Computer. Double-Click Data (C:) Click Home | New Folder type AzureManagement press Enter. You can then close the computer window and the Server Manager window to continue.
2. Open Internet Explorer on SQL01.
3. You need to Add sites to your trusted sites.

1. Start – Click Internet Explorer – Click Tools (Gear in upper right corner) – Internet Options – Security Tab – Trusted Sites – Sites –
2. Type: https://itcmaster.blob.core.windows.net then click Add
3. Type: https://manage.windowsazure.com then click Add
4. –Close - OK

• Using Internet Explorer, download and extract https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip to your SQL01 server in the C:\AzureMangement Folder
  NOTE: The above URL is Case Sensitive!
  NOTE:: You can just click OK to any security warnings you get
• Download https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip by typing the URL into the address bar on your SQL01 server. Click Save as then save to C:\AzureMangement Folder
• Using File Explorer open the c:\AzureManagement folder, right-click on the AzureManagement.zip file; select Extract All. Change the path to C:\ then click Extract. Close “Local Disk (C:) window. You should have a window up still that is showing you C:\AzureManagement\
• On SQL01, in Server Manager, on the Tools menu, click Windows PowerShell ISE.On the View menu, click Show Scripting pane.

Install the Azure PowerShell Extensions on SQL01:

1. Run the C:\AzureManagement\WindowsAzurePowerShell.3f.3f.3fnew.exe file to install Azure Powershell Extentions

• Click Install
• Click I Accept
• Click Finish
• Click Exit

Open Windows PowerShell ISE as Administrator.

• Start – Type PowerShell ISE, Right-Click Windows PowerShell ISE – Click Run as Administrator

We now need to enable Azure PowerShell commands by clicking the run pane (bottom) type the “Import-Module Azure” command then press <ENTER>

Import-Module Azure

1. From the File menu choose File Open, and open the script file
   C:\AzureManagement\Remote PowerShell Script Configuration.ps1.
2. Select/Highlight the script lines under Part 1, and then press F8 to execute the selected lines.
3. In the presented web page, log on using your Microsoft Azure account, and then download the PublishSettings file that is presented.
4. Save the PublishSettings file in the C:\AzureManagement\ folder on the computer.
5. In the script file, in part 2, replace the text ##Your Script File Path Here## with the full path to your downloaded file, such as
   “C:\AzureManagement\Free Trial-6-4-2014-credentials.publishsettings” .
   NOTE: If there are spaces in your file name, you will have to wrap the path and filename in quotes (“) as shown in the example
6. Highlight the script under Part 2, and then press F8

1. You should see basic information on your subscription in the output.

• Highlight the script under Part 3, and then press F8. When prompted, type your unique ID.
  You will now have installed the certificate used by the WEBFE01 VM, which will enable remote Windows PowerShell access.
• In the Windows PowerShell command area, type the following command, and then press ENTER. Replace <ID> with your unique identifier.

1. Get-AzureVM –Name WEBFE01 –ServiceName ITCService<ID> | Get-AzureEndPoint | Select Name, Port | FT –AutoSize

• You are now presented with the list of ports that are open on WEBFE01. Using the output of the command above, identify the port used for Windows PowerShell.
• In Windows PowerShell (or in the PowerShell window of ISE), type the following command, and then press ENTER. Replace <ID> with your unique identifier. Replace <PORT> with the Windows PowerShell port from the previous command output.

1. Enter-PSSession –ComputerName ITCService<ID>.cloudapp.net –Port <PORT> -Credential sysadmin –UseSSL

• In the Password dialog box, type Passw0rd! , and then click OK.
  Note: if you changed the username and password when you created the machine, you will have to use the username and password you used to create the machine.
• In Windows PowerShell, type Hostname, and then press ENTER.

1. Notice that you are now in a Windows PowerShell session on your WEBFE01 VM from SQL01.

• In Windows PowerShell, type the following command, and then press ENTER. This will install a full IIS server on WEBFE01.

1. Get-WindowsFeature Web-Server | Add-WindowsFeature –IncludeAllSubfeature

• Wait for the command to complete before proceeding. BE PATIENT. It takes several minutes.
• In Windows PowerShell, type the following command, and then press ENTER. This will restart IIS

1. Iisreset

• Wait for the command to complete before proceeding.
• On your Local Laptop, using Internet Explorer, navigate tohttps://itcservice<ID>.cloudapp.net where <ID> is your unique identifier.
  You have now connected to your running web server and are ready to hand off this environment for installation of your company’s software.
  If you cannot connect, wait 2 mins and try the IISReset again. if that still does not work, check to make sure your firewall parts and endpoints were not skipped or configured incorrectly.

Deploy and test the Contoso Data Access sample site

In this task, you will deploy a sample site. The sample web site simulates the types of tasks the Contoso production application performs, and will prove that the Azure infrastructure meets the base technical requirements of the production system.

Perform the following tasks in RDP sessions to WEBFE01.

1. Switch to the RDP session for WEBFE01.
2. Using File Explorer, navigate to c:\inetpub\wwwroot.
3. Delete all files and folders in this folder.
4. Using File Explorer, navigate to Navigate to C:\AzureMangement\Website.
5. Copy all Files and folders from C:\AzureMangement\Website to C:\inetpub\wwwroot.
   The global.asax file should be directly in the C:\inetpub\wwwroot folder, not a subfolder.
6. Open the Web.Config file in Notepad, and then locate the <connectionStrings> … </connnectionStrings> section.
   Edit the section so that it reads as follows:

<connectionStrings>

<add name="AdventureWorksConnection" connectionString="data source=SQL01;initial catalog=test;user id=DataManagementApp;
password=Passw0rd!;multipleactiveresultsets=True;application name=EntityFramework" providerName="System.Data.SqlClient" />

</connectionStrings>

1. On your Local workstation, using Internet Explorer, navigate to https://itcservice<id>.cloudapp.net.
   NOTE: You may have to refresh your browser.
2. Under Data Management Login, type 12345, and then click Login.
3. Click Product Listings.
   Be patient. It takes several seconds to spin up the web services and the SQL database the first time.
   The result set indicates the web application is communicating with the hosted SQL database correctly.

Congratulations! Play around with the various portions of the web site, and verify that you have full SQL Server connectivity.

When you’re done with the labs, don’t forget to shut down your virtual machines from within the Azure Portal, so that you’re not using up compute/hour $$’s.