If you want to see and learn the future of service delivery and automation, you should definitively join this session to see how you can leverage new technology like network virtualization with GRE (NVGRE) and self-service deployment of complex workloads with Windows Azure Pack. Automation is key to maximize your investment in Windows Server and System Center, which Windows Azure Pack is all about. This session is tailored at service providers, enterprises and for the general public who wants to learn more about the future of cloud computing

1. Kristian Nese
CTO, MVP
Lumagate
Under the hood of Windows Azure Pack
Kristiannese.blogspot.com
@KristianNese

2. Agenda
• Session Objective(s):
• What is the Windows Azure Pack Framework
• Learn how to deploy and configure Windows Azure Pack and the
IaaS/VM services using System Center
• The future of Cloud Computing and Service Delivery
• Key Takeaway 1
• Your customers have flexibility in deploying and configuring
Windows Azure Pack to meet their business needs, including
production and lab environments
• Key Takeaway 2
• The IaaS/VM service can be offered via Windows Azure Pack
using System Center Virtual Machine Manager and Service
Provider Foundation

3. Microsoft Cloud OS Vision
Public Cloud
Azure Virtual Machines
Windows Azure Pack
Windows Azure Pack
1
Consistent
Platform
Private Cloud
DEVELOPMENT
MANAGEMENT
Service Providers
DATA
IDENTITY
VIRTUALIZATION

4. Cloud OS Consistent Experiences
Windows Azure
Web Sites
Apps
Database
VMs
Customer
Subscriber
SelfService
Portal
Self Service Portal
Moves On-Premises
Service
Plans
Users
Provider
Portal
Service Provider
Web Sites
Apps
Database
VMs
Consumer
Self-Service
Portal
Common Mgt.
Experience
Worker
Role
Web
Sites
VM
Role
SQL
Other
Service
Service Cachin
s
g
Bus
CDN.
Media,,
etc.
Cloud-Enabled Services
Move On-Premises
Web
Sites
VMs
SQL
Service
Bus
SMA
Future
Service
s
R2 w/ Service Provider Foundation
Workload, Portabilit
y
R2
Consistent Dev.
Experience

5. WAP
ON-PREMISES
1
CONSISTENT
PLATFORM
MICROSOFT
SERVICE PROVIDER
TENANT & ADMIN
PORTALS
SERVICE MANAGEMENT API
WEBSITES
DATABASES
Web Application
PaaS
SQL Server
Databases
Reliable
Messaging
Highly Scalable
Fully self-service
Standards Based
Virtual Networks
Dev-ops optimized
MySQL
Cross Cloud
Window and Linux
Fully self-service
Gallery of apps
Integrated SCC
Fully self-service
SERVICE BUS
VIRTUAL
MACHINES
IaaS - Elastic Tiers
Fully self-service
VIRTUAL
NETWORKS
Multi-tenant
Site-2-Site VPN
BGP
NAT
Fully self-service

6. Partners using Windows Azure Pack
Member of the Cloud OS Network, as one of 25 leading service
providers worldwide. Will leverage Windows Azure Pack together
with System Center and Windows Server Hyper-V to deliver cloud
services from its local datacenters with optional Windows Azure and
Office 365 integration.

7. Partners using Windows Azure Pack
With a huge focus on automation, Hatteland is able to deliver
sophisticated services to tenants through self-service
capabilities, running the latest platform on 2012 R2 with Windows
Azure Pack.
Hatteland provides scale at every level, all from the fabric and up to
applications using the Cloud OS.

8. Deploying Windows Azure Pack

9. Supported Deployments
•
• Simple, fast
• Deploy all components on one box (portal, APIs, backend
services, databases)
• Intended for lab or demo environments
•
• Production environments
• Offers flexibility to deploy based on customer requirements
• Performance and Scale
• Security
• Availability

10. Express Deployment
High Privileged
Services
+ Internet Facing
Providers
Management
Database

11. Distributed Deployment
Internet
Facing
Identity
Federation
Providers
Management
Database
High Privileged Services

12. Demo:
Web Platform Installer &
Configuration Site

13. Windows Azure Pack Sites and
Endpoints
Portal
API
•
•
•
•
•
• Tenant API
• Tenant Public API
• Admin API
Admin Site
Admin Authentication Site
Tenant Site
Tenant Authentication Site
Configuration Site
Resource Providers
Infrastructure
•
•
•
•
•
•
•
•
•
•
Virtual Machines
Web Sites
Service Bus
SQL RP
My SQL RP
Monitoring
Web App Gallery
PowerShell Modules
Usage
Usage Collector

14. http://technet.microsoft.com/en-us/library/dn296442.aspx

15. Deployment tips


Scale out Tenant Portal for better performance
For high availability



SQL instance (for configuration data)


Recommend a separate instance
During install process, take snapshots!


Hardware load balancer recommended for public tier (Tenant Portal and Tenant
Public API)
Failover cluster instance, Always On Availability group and a combination of the
two are supported for SQL
Pre installation, Post installation, Post configuration
Replace self-signed certificates with certs from a trusted
CA

16. Troubleshooting during configuration

Event Viewer


Use Fiddler




Tracing web traffic
Configure https
Validate Accounts



(Application and Service Logs  Microsoft  Windows Azure Pack)
Add Admin users to MgmtSvcOperators Local Group
Use Add-MgmtSvcAdminUser cmdlet to give users access to the admin portal
Make sure that you make a note of the passphrase used.
There is no way to recover it.
Prepare FQDNs required for configuration

17. Bring the action

18. Deploying the Virtual Machines Service

19. Multi-tenant IaaS Cloud Architecture
Management
Portal
Tenant creates and
operates VMs
Service
Admin
Portal
Service
Management API
Service Provider
Foundation
Tenant
Portal
Service
Admin API
Tenant
API
SPF Web Server
Stamp1
SPF DB
Storage
Stamp scale unit each with
management and host
capacity
VMM Server 2
VMs
Network
Compute
Storage
Service Management API
Governs routing and access
to resources
SPF multi-tenant REST
Odata API for System
Center IaaS
Stamp2
VMM Server 1
Compute
Public
Endpoint
Management Portal
Tenant and Service Admin
UI
Network

20. Service Provider Foundation (SPF)
REST-based Odata API
Enables Hosted IaaS
Virtual
Machines
Virtual Machine
Manager
• VM management
• Service management
• Self-service VM
networks
• Multi-tenancy /
Multi-stamp
• Self-service tenant
administration
• Enterprise identity
for SPF
• Extensibility for
hosted cloud API
• Usage Metering via
SCOM

21. Configuring VMM to Offer IaaS
Configure
the fabric
Combine hosts and
networks, storage,
and library
resources together
to create a service
provider cloud.
Create a
cloud from
the fabric
Create a cloud by
moving the
underlying
resources of
network, storage, &
compute into the
cloud.
Delegate the
cloud to a
self-service
user
Delegate access to
self-service users
and let them
manage cloud
resources and
create services
Deploy VMs
Deploy VMs to
private clouds or
hosts by using VM
templates

22. Demo:
Configuring VMM and SPF for IaaS

23. Configuring IaaS for Windows Azure Pack
Admin
User
Identities
4
5
Plan
6
1. Configure Fabric in VMM and Create
Cloud
2. Create Template, HW Profile
Plans
Subscription
s
Offers
Stamps
User Roles
Tenant
Subscriptio
n
3. Configure Accounts in SPF
4. Connect Service Management API to
SPF & Register VMM server
3
Offer
1
2
5. Offer Plan with Cloud to Tenant User
6. Tenant Subscribes to Plan and Creates
VM

24. Multi-tenancy across Layers
Tenant
Portal
Service Admin
Portal
Service Management API
PaaS Provisioning
and Management
Engine
Service
Bus
SQL
Server
IIS
Service Provider Foundation
(Tenant, Admin, Usage)
Virtual
Machine
Manager
Orchestrator
Hyper-V
Windows Server
Operations
Manager

25. Demo:
Offering IaaS using Windows
Azure Pack

26. Time to get excited!

27. The future of Cloud Computing with WAP
 Gallery Items
 Add value to your subscribers through sophisticated
applications and server workloads
 Remote Console
 Provides Remote Desktop experience through VMBus and
allows console access to VMs without network
connectivity
 Network Virtualization
 Leverage capabilities in Hyper-V to support a multi-tenant
infrastructure for tenants using NVGRE

28. VMRole Gallery Item Overview
2 packages
• RESDEF which houses views
and WAP portal understanding
of Gallery Item
• RESEXT which houses VMM’s
understanding. Includes custom
resources

29. WAP Gallery Items
• Working with Gallery Items
• Adding Gallery Items to WAP
Catalog
• Current VMRole Gallery Items can be found in this custom feed to WebPI
http://www.Microsoft.com/web/webpi/partners/servicemodels.xml
• Learnings moving from service templates to gallery items
• VM Role Authoring Tool : https://vmroleauthor.codeplex.com/
VM Role Authoring Tool Videos:
http://www.youtube.com/playlist?list=PLjbVGPEELuaSuM0eh9GO05zDFUudydJ1

30. Using Virtual Machine Roles
3
Service Admin
Manage Gallery
Offer to Tenants
5
Tenant
Create Virtual Machine Role
Manage Virtual Machine Role
4
Gallery Item
(Virtual
Machine Role
Template)
Application
Extension
(App Profile
and Payload)
2
Portal
Gallery Wizard
SPF
1
VMM
Powershell
Virtual Machine Role
VM
1.
2.
3.
4.
5.
VM
VM
Import Application Extension into VMM
Import Gallery Item into SPF
Offer to Tenants
Create Virtual Machine Role
Manage existing Virtual Machine Roles

31. Service Admin Gallery
• Import and Manage Gallery
Items
• Resource Definition Package
• Publish / Unpublish Gallery
Items to Tenants
• Immediate impact when
unpublishing
• Add Gallery Items to Plans
• Scopes access based on plan and
subscription
• Gallery Item authorization from
SPF
• Resource extension from VMM

32. Tenant Virtual Machine Features
• Cloud OS Virtual Machine Role
•
•
•
•
•
•
Scale-out and Scale-In of a Virtual
Machine Role
Update settings
Upgrade to new version
Change networks
Start/Stop/Shutdown VMs
Add/Remove Devices
• Support for VM Templates
• Active Directory Authentication
• Co-admins can share
subscription

33. Demo:
Working with Gallery Items

34. ### Sample script that imports the Web VM Role into VMM Library
### Get Library share
### Get resource extensions from folder
### Import resource extension to VMM library
$libraryShare = Get-SCLibraryShare | Where-Object {$_.Name -eq 'MSSCVMMLibrary'}
$resextpkg = $Env:SystemDrive + "Gallery ResourcesWS2012_IIS_VMRole_PkgWS2012WebServer.resextpkg"
Import-CloudResourceExtension –ResourceExtensionPath $resextpkg -SharePath $libraryshare -AllowUnencryptedTransfer
### Get virtual hard disk that should be associated with the resource extension
### Ask VMM for operating systems equal to 64-bit edition of Windows Server 2012 Datacenter
### Set virtual hard disk to be tagged as Windows Server 2012 Datacenter
$myVHD = Get-SCVirtualHardDisk | where {$_.Name –eq 'webg1.vhdx'}
$WS2012Datacenter = Get-SCOperatingSystem | where { $_.name –eq '64-bit edition of Windows Server 2012 Datacenter' }
Set-scvirtualharddisk –virtualharddisk $myVHD –OperatingSystem $WS2012Datacenter
### Define tags
### Tag vhd with familiy name (Windows Server 2012) and extension requirements (.NET3.5)
### Set properties on vhd
$Tags = $myvhd.tag
if ( $tags -cnotcontains "WindowsServer2012" ) { $tags += @("WindowsServer2012") }
if ( $tags -cnotcontains ".NET3.5" ) { $tags += @(".NET3.5") }
Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -Tag $tags
Set-SCVirtualHardDisk -VirtualHardDisk $myvhd -FamilyName "Windows Server 2012 Datacenter" -Release "1.0.0.0"
### Verify cloud resource extensions
Get-CloudResourceExtension | Format-List -Property State, Description, Name
### Verify cloud resources deployed
Get-CloudResource | Format-List -Property name
### Verify tags on vhds
Get-SCVirtualHardDisk | Format-List -Property familyname, OperatingSystem, VHDFormatType, release

35. Enable Remote Console Access for
Tenants
• VMs can be:
• On isolated network/no network
• Windows/Linux/No OS
• Requires
• RDP client that support RDPTLSv2
• Windows Azure Pack
• Service Management Portal
• System Center 2012 R2
• Windows Server 2012 R2
• Hyper-V
• Remote Desktop Gateway

36. Remote Console Flow
Browser
Console
Request
RDP File
Windows Azure Pack
Portal
System Center 2012
R2
Tokens (Host,
VM)
RDP
File
Remote Desktop
Client
client supporting
RDPTLSv2
Windows Server 2012
R2
Remote Desktop
Gateway
Windows Server 2012
R2 Hyper-V

37. Demo:
Remote Console

38. Hyper-V Network Virtualization
Concept
192.168.2.22
10.0.0.5 
GRE Key 5001 MACCA
192.168.5.55
10.0.0.7
192.168.2.22
10.0.0.5 
GRE Key 6001 MACCA
192.168.5.55
10.0.0.7
192.168.2.22
10.0.0.5
10.0.0.5
10.0.0.7
10.0.0.5
10.0.0.5
10.0.0.7
192.168.5.55
10.0.0.7
10.0.0.5 
10.0.0.7
10.0.0.7
10.0.0.5
10.0.0.7

39. Hybrid Networking in WSSC 2012 R2
• Multitenant S2S network
virtualization GW
• Clustering for high
availability on guest and
host level
• Uses BGP for dynamic
routes update
• Multitenant aware NAT for
Internet access
• Integration with VMM
2012 R2
• Up to 200 S2S VPN
Connections, 50 Routing
domains and 500 virtual
subnets
BGP
Contoso
VM Network
Northwind
VM Network
Fabrikam
VM Network
Internet
Hoster

40. Tenant Networks
•
Tenants create their own
networks
•
•
Network Address Translation
(NAT)
•
Configuration of topology and
border gateway protocol (BGP)
•
•
Site to Site VPN
Tenant IP addresses with network
virtualization
Consistent user experience with
Azure

41. Demo:
Tenant Network using NVGRE

42. Summary
•
•
•
•
Deployment models should meet
business requirements
WAP requires WSSC 2012 R2 (w/SPF)
Use Gallery Items to extend service
offerings
Configure Remote Access and NVGRE to
create an awesome IaaS Cloud

43. Thank you!

44. Please evaluate the session
before you leave

http://kristiannese.blogspot.com
@KristianNese
Hybrid Cloud with NVGRE – whitepaper:
http://gallery.technet.microsoft.com/HybridCloud-with-NVGRE-aa6e1e9a