Configuring Windows Azure Pack with Load Balancers and ADFS using PowerShell

Hi readers! Today we’ve a guest blogger. Peter Heese is a Solution Architect at the Datacenter CoE here in Microsoft and he will walk us through a guide and a script he wrote to automate the configuration of WAP to use load balancers and AD FS.

Hi I am Peter Heese a solution architect in the Worldwide Center of Excellence for Modern Datacenter and Hybrid Cloud, and in this blog post I’d like to explain you how to deploy Windows Azure Pack components behind a load-balancer.

Windows Azure Pack has several deployment patterns. The typical patterns are:

• Minimal Distributed Deployment pattern encompasses a combined role installation based on whether the role is considered public facing or privileged service. This model is well-suited for large enterprises which wish to provide Windows Azure Pack services in a consolidated footprint.
• Scaled Distributed Deployment pattern provides a Windows Azure Pack deployment which deploys each role independently, allowing for scale-out deployments based on specific needs. This pattern is well-suited for service providers who either expect large scale consumption of portal services or wish to deploy Windows Azure Pack roles in a manner which allows them to be selective about which roles they intend to expose to their customers.

All of these Windows Azure Pack deployment patterns depend on the usage of load-balancers to enable scale-out and high availability.

Several steps are required to successfully deploy Windows Azure Pack (WAP) behind a load balancer. This blog post provides an overview of a downloadable guide and necessary scripts to configure WAP with Load Balancers. This includes the configuration of WAP to use Active Directory Federation Services (ADFS) for authentication. If you will not use ADFS skip the ADFS related steps in the guide. For the TenantSite you have the choice to use the out of the box ASP.NET membership database (AuthSite) or Active Directory to authenticate through ADFS your tenants.

Where can I get the guide and the scripts? Just click in the Download button!

The step-by-step guide described above will provide detailed steps on how to perform the configuration, but as a high level overview, you’d need to:

1. Check sample scenario configuration in the file “HLB and WAP.pdf”. Open the configuration guide “Windows Azure Pack Sample Deployment.pdf” and follow the steps.
2. Register load balancer FQDNs in DNS and request certificates.
3. Replace Windows Azure Pack (WAP) self-sign certificates.
4. Configure Windows Azure Pack (WAP) to use load balancer
5. Configure Windows Azure Pack to use ADFS (Optional)

And the picture below provides an overview of a sample environment (click to enlarge):

The picture details the architecture of scaled distributed deployment pattern (https://technet.microsoft.com/en-us/library/dn296433.aspx). It shows the installed Windows Azure Pack components on a server (Scale-unit) and how the components are made available through the load-balancer. It describes the ports used by the Windows Azure Pack and highlights in red were the ports changed in comparison to the default configuration.  For example the port for the Tenant Portal was changed to 443 to simplify the access through a browser.  The documentation described above will guide through the necessary steps to make the configuration changes in Windows Azure Pack.

Until next time,

Peter!