MICROSOFT LICENSE TERMS MICROSOFT INSTRUCTOR-LED COURSEWARE These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1.
DEFINITIONS. a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time. b. “Authorized Training Session” means the instructor-led instructor-led training class using Microsoft Instructor-Led Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center. c. “Classroom Device” means one (1) dedicated, dedicated, secure computer that an Authorized Learning Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. d. “End User” means an individual individual who is (i) duly enrolled in and attending an Authorized Training Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft Instructor-Led Courseware or Trainer Content. f. “Microsoft Certified Trainer” or “MCT” means an individual individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program. g. “Microsoft Instructor-Led Instructor-Led Courseware” means the Microsoft-branded Microsoft-branded instructor-led training training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” Member” means an active member of the Microsoft IT Academy Program. i. “Microsoft Learning Competency Competency Member” means an active member of the Microsoft Partner Network Network program in good standing that currently holds the Learning Competency status. j. “MOC” means the “Official Microsoft Microsoft Learning Product” instructor-led instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies. k. “MPN Member” means an active Microsoft Partner Network program program member in good standing.
l. “Personal Device” means one (1) personal computer, computer, device, workstation or other digital digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware. m. “Private Training Session” means Session” means the instructor-led training classes provided by MPN Members for corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer. n. “Trainer” means (i) an academically accredited accredited educator engaged by a Microsoft Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT. o. “Trainer Content” means the trainer trainer version of the Microsoft Instructor-Led Instructor-Led Courseware and additional additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any any software, virtual hard disks or virtual machines.
2.
sold. The Licensed Content is licensed on a one copy USE RIGHTS. The Licensed Content is licensed not sold. per user basis , such that you must acquire a license for each individual that accesses or uses the Licensed
Content. 2.1
Below are five separate sets sets of use rights. Only one set of rights apply to you. a. If you are a Microsoft IT Academy Program Member: i. Each license acquired on behalf of yourself may yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form form provided to you. If the Microsoft Instructor-Led Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions, viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware. b. If you are a Microsoft Learning Competency Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or 2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or 3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions, viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.
c.
If you are a MPN Member : i.
Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions, viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers. d. If you are an End User: For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer. i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session.
ii.
You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i) customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of “customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices. 2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included for your information only. 2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement.
3.
LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject matter is based on a pre-release version of Microsoft technology (“ Pre-release”), then in addition to the other provisions in this agreement, these terms also apply: a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your feedback in them. These rights survive this agreement. c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control.
4.
SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not: access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content, alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content, modify or create a derivative work of any Licensed Content, publicly display, or make the Licensed Content available for others to access or use, copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party, work around any technical limitations in the Licensed Content, or reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation. •
•
• • •
• •
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content.
6.
EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.
7.
SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8.
TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control.
9.
LINKS TO THIRD PARTY SITES . You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and supplements are the entire agreement for the Licensed Content, updates and supplements.
11. APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. 14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES. This limitation applies to anything related to the Licensed Content, services, content (including code) on third party Internet o sites or third-party programs; and o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law. It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français. EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices. Cette limitation concerne: tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et. les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur. •
•
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas. Revised July 2013
Microsoft Azure Fundamentals
xi
xii
Microsoft Azure Fundamentals
Acknowledgements Microsoft Learning would like to acknowledge and thank the following for their contribution towards developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.
Andrew J. Warren – Content Developer Andrew J. Warren - Content Developer/Subject Matter Expert. Andrew Warren has more than 25 years of experience in the IT industry, many of which he has spent teaching and writing. He has been involved as a subject matter expert for many of the Windows Server 2012 courses, and the technical lead on many Windows 8 courses. He also has been involved in developing TechNet sessions on Microsoft Exchange Server. Based in the United Kingdom, he runs his own IT training and education consultancy.
Damir Dizdarevic – Subject Matter Expert/Content Developer Damir Dizdarevic is an MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified Technology Specialist (MCTS), and a Microsoft Certified Information Technology Professional (MCITP). He is a manager and trainer of the Learning Center at Logosoft d.o.o., in Sarajevo, Bosnia and Herzegovina. He also works as a consultant on IT infrastructure and messaging projects. Damir has more than 18 years of experience on Microsoft platforms, and he specializes in Windows Server®, Exchange Server, security, and virtualization. He has worked as a subject matter expert and technical reviewer on many Microsoft Official Courses (MOC) courses on Windows Server and Exchange topics, and has published more than 400 articles in various IT magazines, such as Windows ITPro and INFO Magazine. He's also a frequent and highly rated speaker on most of Microsoft conferences in Eastern Europe. Additionally, Damir is a Microsoft Most Valuable Professional (MVP) for Windows Server, 7 years in a row. His technical blog is available at http://dizdarevic.ba/ddamirblog.
Marcin Policht – Subject Matter Expert Marcin Policht obtained his Master of Computer Science degree 18 years ago and has since then worked in the Information Technology field, focusing primarily on directory services, virtualization, system management, and database management. Marcin authored the first book dedicated to Windows Management Instrumentation and co-wrote several others on topics ranging from core operating system features to high-availability solutions. His articles have been published on ServerWatch.com and DatabaseJournal.com. Marcin has been a Microsoft MVP for the last seven years.
Magnus Mårtensson – Technical Reviewer Magnus completed his Masters in Computer Science in 1999 and has more than 15 years of development consulting experience. From Sweden, he runs his own company, Martensson Consulting, which offers expert Windows Azure strategic, architectural, and development advice all over northern Europe. Magnus was the first Microsoft Azure MVP in Scandinavia and was awarded MVP of the Year in 2012. He is an international speaker and has given multiple TechEd presentations. An avid community enthusiast, he is one of the creators of the Global Windows Azure Bootcamp, an annual event that runs at over 130 locations worldwide on a single day. He has a great passion for learning and sharing his own knowledge.
Ronald Beekelaar – Technical Reviewer Ronald Beekelaar is a long-time Hyper-V MVP and MCT. Ronald is a well-known trainer and presenter on the topics of security, virtualization, Hyper-V, and Microsoft Azure. He is the founder of Virsoft Solutions, which provides access to hosted online hands-on labs and demo environments for training centers, Microsoft events, Microsoft product groups, and other customers. The hosted lab solution runs in Hyper-V data centers and on Microsoft Azure.
Microsoft Azure Fundamentals
Contents Module 1: Getting Started with Microsoft Azure Module Overview
Lesson 1: What Is Cloud Computing? Lesson 2: What Is Azure? Lesson 3: Managing Azure Lesson 4: Subscription Management and Billing Lab: Use the Microsoft Azure Portal Module Review and Takeaways
1-1 1-2 1-7 1-10 1-16 1-21 1-23
Module 2: Websites and Cloud Services Module Overview
Lesson 1: Create and Configure Websites Lesson 2: Deploy and Monitor Websites Lesson 3: Create and Deploy Cloud Services Lab: Websites and Cloud Services Module Review and Takeaways
2-1 2-2 2-8 2-13 2-21 2-25
Module 3: Virtual Machines in Microsoft Azure Module Overview
Lesson 1: Create and Configure Virtual Machines Lesson 2: Configure Disks Lab: Create a Virtual Machine in Microsoft Azure Module Review and Takeaways
3-1 3-2 3-12 3-18 3-21
Module 4: Virtual Networks Module Overview
Lesson 1: Getting Started with Virtual Networks Lesson 2: Creating a Virtual Network Lesson 3: Implementing Point-to-Site Networks Lab: Create a Virtual Network Module Review and Takeaways
Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line Interface Lab: Using Microsoft Azure Management Tools Module Review and Takeaways
8-1 8-2 8-8 8-13 8-16
Lab Answer Keys Module 1 Lab: Use the Microsoft Azure Portal Module 2 Lab: Websites and Cloud Services Module 3 Lab: Create a Virtual Machine in Microsoft Azure Module 4 Lab: Create a Virtual Network Module 5 Lab: Configure Azure Storage Module 6 Lab: Create a SQL Database in Azure Module 7 Lab: Create Users in Azure Active Directory Module 8 Lab: Using Microsoft Azure Management Tools
L1-1 L2-3 L3-7 L4-11 L5-17 L6-21 L7-25 L8-29
About This Course
xv
About This Course This section provides a brief description of the course, including audience, suggested prerequisites, and course objectives.
Course Description Note: This first release (‘A’) MOC version of course 10979A has been developed by using the features available in Microsoft Azure in October, 2014. This includes some preview features. Microsoft Learning will release a ‘B’ version of this course with enhanced Microsoft PowerPoint slides, copy-edited content, and Course Companion content on the Microsoft Learning site. The B version may also include new Microsoft Azure features. This course trains students on the basics of Microsoft Azure. It provides the underlying knowledge that students will require when they evaluate Microsoft Azure as an administrator, developer, or database administrator. This course lays the groundwork for further role-specific training in Azure, and also provides the prerequisite knowledge for students wishing to attend course 20532A: Microsoft Azure for Developers, or course 20533A: Microsoft Azure for IT Professionals.
Audience This course is intended for IT professionals who have a limited knowledge of cloud technologies and want to learn more about Microsoft Azure. The audience will include: •
•
•
•
•
Individuals who want to evaluate the deployment, configuration, and administration of services and virtual machines using Microsoft Azure. Developers who want to evaluate the creation of Microsoft Azure solutions. Windows Server administrators who want to evaluate the migration of on-premises Active Directory roles and services to the cloud. IT professionals who want to evaluate the use of Microsoft Azure to host web sites and mobile app back-end services. Database administrators who want to evaluate the use of Microsoft Azure to host Microsoft SQL Server databases.
Student Prerequisites This course requires that students meet the following prerequisites: •
Professional experience in information technology.
•
An understanding of websites.
•
A basic understanding of Active Directory concepts such as domains, users, and domain controllers.
•
A basic understanding of database concepts, including tables and simple queries.
Course Objectives After completing this course, students will be able to: •
Describe the various Azure services, and access these services from the Azure portal.
•
Describe the Azure Websites service and Azure Cloud Services.
•
Create and configure virtual machines in Azure.
•
Create and implement Azure networks.
xvi
About This Course
•
Create and configure cloud storage in Azure.
•
Use databases to store data in Azure.
•
•
Use Azure Active Directory (Azure AD), integrate applications with Azure AD, and manage authentication. Manage an Azure subscription by using Azure PowerShell, Microsoft Visual Studio, and the Azure command-line interface.
Course Outline The course outline is as follows: Module 1, “Getting Started with Microsoft Azure" introduces students to cloud services and the various Azure services. It describes how to use the Azure portal to access and manage Azure services, and to manage Azure subscription and billing. Module 2, “Websites and Cloud Services" explains how to create, configure, and monitor websites by using Azure. It also describes the creation and deployment of Cloud Services on Azure. Module 3, “Virtual Machines in Microsoft Azure" describes how to use Azure to deploy virtual machines on locally installed servers. It also explains the creation and configuration of virtual machines, and the management of virtual machine disks by using Azure. Module 4, “Virtual Networks" describes Azure virtual networks and explains how to create them. It also explains how to implement how to implement communications between your on-premises infrastructure and Azure by using point-to-site networks. Module 5, “Cloud Storage" describes the use of cloud storage and its benefits. It also explains how to create, manage, and configure cloud storage in Azure. Module 6, “Microsoft Azure Databases" describes the options available for storing relational data in Azure. It also explains how to use Microsoft Azure SQL Database to create, configure, and manage SQL databases in Azure. Module 7, “Azure Active Directory" explains how to use Azure AD and Azure Multi-Factor Authentication to enhance security. It explains how to create users, domains, and directories in Azure AD, and how to use Multi-Factor Authentication and single sign-on (SSO). Module 8, “Microsoft Azure Management Tools" introduces Azure PowerShell, and explains its use in managing Azure subscriptions. It also describes the Azure Software Development Kit (SDK) and the Azure cross-platform command-line interface, and explains their benefits and uses.
About This Course
xvii
Course Materials The following materials are included with your kit: •
Course Handbook : A succinct
classroom learning guide that provides the critical technical information in a crisp, tightly-focused format, which is essential for an effective in-class learning experience. o
o
o
o
Lessons: Guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience. Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module. Module Reviews and Takeaways: Provide on-the-job reference material to boost knowledge and skills retention. Lab Answer Keys: Provide step-by-step lab solution guidance, when it is needed.
Additional Reading: Course Companion Content : Searchable, easy-to-browse digital content with integrated premium online resources that supplement the Course Handbook.
•
•
Modules: Include companion content, such as questions and answers, detailed demo steps and additional reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module Reviews and Takeaways sections, which contain the review questions and answers, best practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios with answers. Resources: Include well-categorized additional resources that give you immediate access to the most current premium content on TechNet, MSDN, or Microsoft Press.
Note: For the A version of the courseware, Companion Content is not available. However, the Companion Content will be published when the next (B) version of this course is released, and students who have taken this course will be able to download the Companion Content at that time from the http://www.microsoft.com/learning/en/us/companion-moc.aspx site. Please check with your instructor when the ‘B’ version of this course is scheduled to release to learn when you can access Companion Content for this course.
Additional Reading: Student Course files: includes the Allfiles.exe, a self-extracting executable file that contains all required files for the labs and demonstrations.
•
Course evaluation: At
the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor. o
To provide additional comments or feedback on the course, send an email to [email protected]. To inquire about the Microsoft Certification Program, send an email to [email protected].
xviii
About This Course
Virtual Machine Environment This section provides the information for setting up the classroom environment to support the business scenario of the course.
Virtual Machine Configuration To complete the labs, you will work on your computer to access Microsoft Azure. You do not require any o virtual machines on the local computer.
Software Configuration This course requires a computer (physical, virtual, or cloud-based) that has the following capabilities and software: •
Internet connectivity
•
Internet Explorer 10
•
Microsoft Visual Studio Express 2013 for Windows Desktop
•
Microsoft SQL Server Management Studio Express
•
Windows Web Platform Installer 5.0
•
Visual Studio Express 2013 for Web with Microsoft Azure software development kit (SDK)
•
Microsoft Azure SDK for .NET
Course Files The files associated with the labs in this course are located in the C:\Labfiles\LabXX folder on the student computers.
Classroom Setup Each classroom computer will have the required software installed as part of classroom setup.
Microsoft Azure Pass This course contains labs which require you to access Microsoft Azure. Your MCT will provide details of how to acquire, set up, and configure your Microsoft Azure pass.
1-1
Module 1 Getting Started with Microsoft Azure Contents: Module Overview
1-1
Lesson 1: What Is Cloud Computing?
1-2
Lesson 2: What Is Azure?
1-7
Lesson 3: Managing Azure
1-10
Lesson 4: Subscription Management and Billing
1-16
Lab: Use the Microsoft Azure Portal
1-21
Module Review and Takeaways
1-23
Module Overview As organizations move their IT workloads to the cloud, IT professionals must understand the principles on which cloud-solutions are based, and learn how to deploy and manage cloud applications, services, and infrastructure. Specifically, IT professionals who plan to use Microsoft Azure must learn about the services that Azure provides, and how to manage those services. This module provides an overview of Azure, and it explains the various Azure services. It also describes how to access these services from the Azure portal, and how to manage your Azure subscription and billing.
Objectives After completing this module, you will be able to: •
Describe cloud computing.
•
Describe Azure and the various Azure services.
•
Manage Azure services from the Azure portal.
•
Manage your Azure subscription and billing.
1-2 Getting Started with Microsoft Azure
Lesson 1
What Is Cloud Computing? Cloud computing plays an increasingly important role in IT infrastructure. Therefore, IT professionals must be aware of fundamental cloud principles and techniques. There are three main types of cloud computing models: public, private, and hybrid. Each of these models provides different services based on your needs. Before you move to a cloud-based model, you must decide which type best suits your needs. This lesson introduces the cloud, and describes considerations for implementing cloud-based infrastructure services.
Lesson Objectives After completing this lesson, you will be able to: •
Describe key principles of cloud computing.
•
Identify the common types of cloud services.
•
Describe public, private, and hybrid cloud solutions.
•
Identify suitable uses for cloud services.
Overview of Cloud Computing Cloud computing is a term that describes the delivery and consumption of computing and application resources from a remote location, often but not necessarily over the Internet. Users subscribe to cloud computing resources. Based on their consumption of those resources, the cloud computing provider charges the users. The charge might be based on a number of usage characteristics, such as the volume of storage used, the power of virtual machines provisioned, or other factors. Cloud computing applications are typically independent of an operating system, and they are available to users across a wide variety of devices. From an administrative perspective, cloud computing infrastructure should: •
Be pooled.
•
Be able to deliver multitenant services.
•
Allow rapid scalability.
Most cloud solutions are built on virtualization technology, which abstracts physical hardware as a layer of virtualized resources for processing, memory, storage, and networking. Many cloud solutions add further layers of abstraction to define specific services that can be provisioned and used.
Microsoft Azure Fundamentals
1-3
Regardless of the specific technologies that organizations use to implement cloud computing solutions, the National Institute of Standards and Technology has identified that the technologist exhibit the following five characteristics: •
•
•
On-demand self-service. Cloud services are generally provisioned according to requirement, and need minimal infrastructure configuration by the consumer. This enables users of cloud services to quickly set up the resources they want, typically without having to involve IT specialists. Broad network access. Consumers generally access cloud services over a network connection, usually either a corporate network or the Internet. Resource pooling. Cloud services can use a pool of hardware resources that consumers might share. A hardware pool might consist of hardware from multiple servers that are arranged as a single logical entity.
Note: As your use of resources increases, you might take on a greater proportion of the hardware hosting your services until you have exclusive use of the physical server computer hosting your resources.
•
•
Rapid elasticity. Cloud services scale dynamically to obtain additional resources from the pool as workloads intensify, and release resources automatically when they are no longer needed. Measured service. Cloud services generally include some sort of metering capability. Metering makes it possible to track relative resource usage by the users, or subscribers of the services.
The advantages of cloud computing are: •
•
•
•
Managed datacenter. With cloud computing, your service provider can manage your datacenter. This obviates the need for you to manage your own IT infrastructure. Cloud computing also enables you to access computing services irrespective of your location and the hardware that you use to access those services. Although the datacenter remains a key element in cloud computing, the emphasis is on virtualization technologies that focus on delivering applications rather than on infrastructure. Lower operational costs. Cloud computing provides pooled resources, elasticity, and virtualization technology. These factors help you to alleviate issues such as low system use, inconsistent availability, and high operational costs. It is important to remember that with cloud computing, you only pay for the services that you use; this can mean substantial savings on operational costs for most organizations. Server consolidation. You can consolidate servers across the datacenter by using the cloud computing model, because it can host multiple virtual machines on a virtualization host. Better flexibility and speed. When you use the cloud computing model with products such as System Center 2012, you can increase resources’ flexibility and the speed of access to resources.
1-4 Getting Started with Microsoft Azure
Cloud Services Cloud services generally fall into one of the following three categories: •
Software as a service (SaaS)
•
Platform as a service (PaaS)
•
Infrastructure as a service (IaaS)
SaaS SaaS offerings consist of complete software applications that are delivered as a cloud-based service. Users can subscribe to the service and use the application, normally through a web browser or by installing a client-side app. Examples of Microsoft SaaS services include Microsoft Office 365, Skype, and Microsoft Dynamics CRM Online. The primary advantage of SaaS services is that they enable users to easily access applications without the need to install and maintain them. Typically, users do not have to worry about issues such as updating applications and maintaining compliance, because the service provider handles these tasks.
PaaS PaaS offerings consist of cloud-based services that provide resources on which developers can build their own solutions. Typically, PaaS encapsulates fundamental operating system (OS) capabilities, including storage and compute, as well as functional services for custom applications. Usually, PaaS offerings provide application programming interfaces (APIs), and configuration and management user interfaces. Azure provides PaaS services that simplify the creation of solutions such as web and mobile applications. PaaS enables developers and organizations to create highly-scalable custom applications without having to provision and maintain hardware and OS resources. The main benefit PaaS provides to your organization is that you can shift much, if not most of your infrastructure to the cloud, thus possibly reducing management tasks and costs.
IaaS IaaS offerings provide virtualized server and network infrastructure components that users can easily provision and decommission as required. Typically, the management of IaaS facilities is similar to that of on-premises infrastructure. IaaS facilities provide an easy migration path for moving existing applications to the cloud. A key point to note is that an infrastructure service might be a single IT resource—such as a virtual server with a default installation of Windows Server 2012 R2 and SQL Server 2014—or it might be a completely pre-configured infrastructure environment for a specific application or business process. For example, a retail organization might empower departments to provision their own database servers to use as data stores for custom applications. Alternatively, the organization might define a set of virtual machine and network templates that it can provision as a single unit to implement a complete, pre-configured infrastructure solution, including all the required applications and settings, for a branch or store.
Microsoft Azure Fundamentals Fundamentals
1-5
Public, Private, and Hybrid Clouds Cloud computing uses three main deployment models: •
•
•
Public cloud. Public clouds are clouds are infrastructure, platform, or application services that a cloud service provider delivers for access and consumption by multiple organizations. With public cloud services, the organization that signs up for the service does not have the management overhead that the private cloud model would require. This also means that the organization has less control of the infrastructure and services, because the service provider manages this for the organization. In addition, the public cloud hosts the infrastructure and services for multiple organizations (multitenant), so you might need to consider the potential data sovereignty implications of this model. Private cloud. Individual organizations privately own and manage private manage private clouds. clouds. Private clouds offer benefits similar to those of public clouds, but are designed and secured for a single organization’s use. The organization manages and maintains the infrastructure for the private cloud in its datacenter. One of the key benefits of this approach is that the organization has complete control over the cloud infrastructure and services that it provides. However, the organization also has the management overhead and costs that are associated with this model. Hybrid cloud. In a hybrid cloud , a technology binds two separate clouds (public and private) together for the specific purpose of obtaining resources from both. You decide which elements of your services and infrastructure to host privately, and which to host in the public cloud. Many organizations use a hybrid model when extending to the cloud; that is, they begin to shift some elements of their applications and infrastructure to the cloud. Sometimes, an application and its supporting infrastructure are shifted to the cloud, while the underlying database is maintained within the organization’s own infrastructure. This approach might be used to address security concerns with that particular database.
Microsoft cloud services provide technology and applications across all of these cloud computing models. Some examples of Microsoft cloud services are: •
Microsoft public cloud services: o
o
o
•
Azure. Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can subscribe to Azure services and create software, which is delivered as SaaS. Microsoft cloud services use Azure to deliver some of its own SaaS applications. Office 365. Office 365 delivers online versions of the Microsoft Office applications and online business collaboration tools. Microsoft Dynamics CRM Online. Dynamics CRM Online is the version of the on-premises Microsoft Dynamics CRM application that Microsoft hosts.
Microsoft private cloud: o
Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the foundation for building private clouds. By implementing these products as a combined solution, you can deliver much of the same functionality that public clouds offer.
1-6 Getting Started with Microsoft Azure
•
The Microsoft hybrid cloud approach: o
Microsoft provides a number of solutions that support the hybrid cloud model, by enabling you to:
Back up an on-premises cloud application to a service provider.
Manage, monitor, and move virtual machines between different clouds.
Connect and federate directory services that allow your users to access applications that are constructed across a combination of on-premises, service provider, and public cloud types.
Discussion: How Will Your Organization Use Cloud Computing? Consider how the various cloud computing scenarios might benefit your organization. Be prepared to discuss this with the class. Question: How will your organization use cloud computing?
Microsoft Azure Fundamentals Fundamentals
1-7
Lesson 2
What Is Azure? Azure is the public cloud services offering from Microsoft. Microsoft datacenters deliver Azure services over the Internet. Customers can subscribe to a variety of the Azure services that run in these datacenters, typically at a cost lower than they might incur if they purchased or hosted their own hardware, or built their own services and software. Individuals, customers, and Microsoft partners can use several methods to access Azure–based services. Partners have access to programs such as Microsoft Azure platform Cloud Essentials for Partners and Cloud Accelerate. Both customers and partners can access resources through MSDN and through the Microsoft BizSpark program, each of which provides a predefined amount of resources and services to build solutions. This lesson provides an overview of Azure and its services.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Azure.
•
Describe the available Azure services.
Overview of Azure Azure is a collection of cloud services that you can use to build and operate cloud-based applications and IT infrastructure. A global network of datacenters host Azure services. Microsoft technicians manage these data centers on a 24-hours-a-day basis. Azure offers a 99.95 percent availability service level agreement (SLA) for computing services. Azure services enable you to: •
•
•
Create and operate cloud-based applications by using a wide range of commonly used tools and frameworks. Host workloads in the cloud on Azure PaaS services and IaaS infrastructure that comprise virtual machines and virtual networks. Integrate cloud services with on-premises infrastructure.
To use Azure services, you require a subscription. You can sign up for a subscription as an individual or as an organization, and then pay for the services you use on a usage-based cost basis.
Note: Microsoft Azure was formerly known as Windows Azure.
Additional Reading: To download the Microsoft Azure free trial, go to http://go.microsoft.com/fwlink/?LinkID=517412.
1-8 Getting Started with Microsoft Azure
Available Azure Services There are four categories of Azure services: compute, data services, app services, and network services.
Compute •
•
•
•
Websites. You can use website services to develop and deploy more secure and scalable websites, including integration with many source control technologies. Microsoft Azure supports many languages including ASP.NET (sometimes known as classic ASP), ASP), PHP, Node.js, and Python. You can also deploy a choice of SQL Server databases, or deploy MySQL. There are several open source applications, templates, and frameworks available in the Web App Gallery. These include CakePHP, DotNetNuke, Drupal, Django, Express, WordPress, and Umbraco. Cloud services. Provides a platform that can host web applications and web services. Cloud services use a modular architecture that allows you to scale your application to larger sizes while minimizing costs. Virtual machines. You can build virtual machine instances from scratch, or by using templates. You also can build them on your own site, and then transfer them to Azure (or the other way around). Virtual machines can run a variety of workloads, including many Microsoft-certified workloads such as SQL Server, SharePoint Server, and BizTalk Server. Mobile services. You can use these services to build mobile phone apps, including storage, authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.
Data Services •
•
•
•
SQL Database. Azure includes a SQL Database offering. SQL Database provides interoperability, which enables customers to build applications by using most development frameworks. Storage. You can use the storage service to create and manage storage accounts for blobs, tables, and queues. Microsoft Azure HDInsight. Microsoft Azure HDInsight is the Hadoop-based solution from Microsoft. Hadoop is used to process and analyze big data. Recovery services. You can back up directly to Azure. You can configure the cloud backups from the backup tools in Windows Server 2012 R2, or from System Center 2012 R2.
App Services •
•
•
Media Services. You can use media services to create, manage, and distribute media across a large variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and Android. Messaging. The Microsoft Azure Service Bus provides the messaging channel for connecting cloud applications to on-premises applications, services, and systems. Microsoft Azure AD. This is a modern, Representational State Transfer-based (REST-based) service that provides identity management and access control capabilities for cloud applications. It is the identity service that is used across Microsoft Azure, Office 365, Microsoft Dynamics CRM Online, Windows Intune, and other non-Microsoft cloud services. Microsoft Azure Active Directory (AD) also can integrate with on-premises Active Directory deployments.
Microsoft Azure Fundamentals Fundamentals
•
•
•
•
1-9
Visual Studio Online. You can use Visual Studio online to create and manage team projects and code repositories. Visual Studio online enables you to write and deploy a variety of different types of apps, including those for Windows Phone and Windows Store, desktop apps, web apps, and web services. CDN. The Azure Content Delivery Network (CDN) allows developers to deliver high-bandwidth content by caching blobs and static content of compute instances at physical nodes throughout the world. Scheduler. This provides a mechanism to schedule jobs within Azure. BizTalk service. This service provides supporting tools that allow developers to build solutions that connect services and systems with disparate data formats and protocols.
Network Services •
Microsoft Azure Virtual Network. You can use the Microsoft Azure Virtual Network (Virtual Network) to create a logically isolated section in Microsoft Azure, and then connect it securely either to your on-premises datacenter or to a single client machine, by using an IPsec connection.
Note: The next topic discusses Virtual Network in more depth.
•
Microsoft Azure Traffic Manager. You can use Microsoft Azure Traffic Manager (Traffic Manager) to load-balance inbound traffic across multiple Azure services. This helps ensure the performance, availability, and resiliency of applications.
Note: Azure is continually being improved and enhanced, and new services are added on a regular basis.
Additional Reading: For a full list of services currently available in Azure, go to the Microsoft Azure website at http://go.microsoft.com/fwlink/?LinkID=517413.
1-10 Getting Started with Microsoft Azure
Lesson 3
Managing Azure Azure provides web-based portals in which you can provision and manage your organization’s Azure subscriptions and services. These portals provide the initial environment in which you will work with Azure, and it is important to know how to navigate and use the portals to manage Azure services.
Lesson Objectives After completing this lesson, you will be able to: •
Explain how to use the Azure management portal.
•
Explain how to use the preview Azure portal.
•
Use the new Azure management portal preview.
•
Describe the available client-based Azure management tools.
The Azure Portal The existing Azure management portal is the primary user interface for provisioning and managing Azure services. It is implemented as a web application, and it requires that you sign in using a Microsoft account or an organizational account that is associated with one or more Azure subscriptions.
Additional Reading: To sign in to the Azure management portal, go to http://go.microsoft.com/fwlink/?LinkID=517414. The Azure management portal consists of a page for each Azure service. It also includes an All Items page in which you can view all provisioned services in your subscriptions, and a Settings page in which you can configure subscription-wide settings.
Provisioning Services You can provision a new instance of a service by clicking the New button on any page. Most services provide a dialog box in which you can enter the user-definable settings for the service before creating it. Service provisioning is performed asynchronously, and an indicator at the bottom of the page shows current activity. You can expand this indicator to show a list of completed and in-process tasks.
Managing Services Your provisioned services are listed on the All Items page and on each service-specific page. The list shows the name, status, and service-specific settings for each service. You can click a service name in the list to view the dashboard for that service instance, where multiple tabbed sub-pages enable you to view and configure service-specific settings. In most cases, you make changes to a service by using the dynamic toolbar of context-specific icons at the bottom of the sub-page.
Microsoft Azure Fundamentals
1-11
Adding Co-Administrators When you provision an Azure subscription, you are automatically designated as the administrator for that subscription, and you can manage all services and settings for the subscription. You can add coAdministrators in the Settings tab of the management portal by specifying the email address of each user to whom you want to grant administrative privileges.
Note: The email account is the Microsoft account assigned to the user.
The Preview Azure Portal Although the existing Azure management portal still provides the primary user interface for managing Azure services, a new version of the portal is available in preview form. The Preview Azure portal represents a significant change in the way that developer and operations (dev/ops) tasks are performed in Azure.
Additional Reading: To view the preview Azure portal, go to http://go.microsoft.com/fwlink/?LinkID=517415.
Note: You can accomplish most tasks in both the current portal and the Preview (new) portal. However, the Preview portal does not include certain tasks, and you must perform these in the existing portal. In addition, some new preview features are only available in the Preview portal.
Portal Elements and Concepts The Preview portal contains the following user interface (UI) elements: •
•
•
Startboard. The home page for your Azure environment, conceptually similar to the Start screen in Windows. You can pin commonly used items to the Startboard to make it easier to navigate to them. By default, the Startboard includes tiles that show global Azure service health, a shortcut to the Azure gallery of available services, and a summary of billing information for your subscriptions. Blades. Panes in which you can view and configure details of a selected item. Each blade is displayed as a pane in the user interface, and it often contains a list of services or other items that you can click to open another blade. In this way, you can navigate through several blades to view details of a specific item in your Azure environment. These navigations through blades are referred to as journeys. journeys. You can maximize and minimize some blades to optimize screen real estate and simplify navigation. Hub Menu. A bar on the left side of the page, which contains the following icons: o
Home. Returns the page to the left so that the Hub Menu and Startboard are visible.
o
Notifications. Opens a blade on which you can view notifications about the status of tasks.
o
Browse. Starts a journey to view details of a service in your Azure environment.
o
Journeys. Lists recent blades that you have viewed, enabling you to quickly navigate back to them.
1-12 Getting Started with Microsoft Azure
o
o
Billing. Provides details of charges and remaining credit for your subscriptions. Billing is also available on a resource group basis. New. Enables you to create a new service in your Azure environment.
You can switch to the Preview portal from the existing portal by clicking your account name and then clicking Switch to new portal. Conversely, to switch to the existing portal from the Preview portal, click the Azure Portal tile in the Startboard.
Demonstration: Navigating the Portals In this demonstration, you will see how to: •
Use the Azure management portal.
•
Use the Preview Azure portal.
Demonstration Steps Use the Azure Management Portal 1.
Ensure that you are signed in to your local host.
2.
Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
3.
On the left side of the page, note the pane that contains icons for each service. Then, at the bottom of this pane, click SETTINGS (you may need to use the scroll bar for the pane).
4.
On the settings page, on the SUBSCRIPTIONS tab, note the details of your subscription; click the ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator; and then click the AFFINITY GROUPS tab and note that this is where you can add affinity groups to your subscription.
5.
In the services pane on the left, click STORAGE, and at the bottom of the page, click NEW. Then, in the panel that appears, click QUICK CREATE, enter the following details, and click CREATE STORAGE ACCOUNT: o
URL: Enter a unique valid value
o
LOCATION / AFFINITY GROUP: Select the location that is closest to your geographic location
o
REPLICATION: Locally Redundant
6.
At the bottom of the page, note the Active Progress indicator, which is animated to show that an action is in progress.
7.
On the storage page, wait for your storage account status to become Online. Then click the name of your storage account.
8.
On the page for your storage account, note the getting started information. Then view each of the tabs for the storage account, noting that the context-aware tool bar at the bottom of the page changes to reflect the current tab.
9.
Click the Back icon on the left to return to the storage page. Then click ALL ITEMS and note that the storage account is listed on this page.
Microsoft Azure Fundamentals
1-13
Use the Preview Azure Portal 1.
At the top right of the Microsoft Azure management portal, click your Microsoft account name, and then click Switch to new portal. This opens a new tab in Internet Explorer.
Note: If the Welcome to Microsoft Azure dialog box appears, click Get started. 2.
When the new portal is loaded, view the tiles in the Startboard, noting the service health of the Azure datacenters and the billing status for your subscription.
3.
Click the Service health tile, and in the resulting Service health blade, note the status for the individual Azure services, and then click Storage.
4.
On the Storage blade, note the status for each region, and then click the region in which you previously created a storage account.
5.
Review the status of the storage service in your selected region, and then on the Hub Menu, click HOME. Note that the page scrolls to view the Startboard, but the blades that you opened remain open.
6.
In the Hub Menu, click BROWSE, and then click Storage. Note that the currently open blades are replaced with a new blade that shows your storage accounts.
7.
On the Storage blade, click your storage account, and on the blade that is opened, view the details of your storage account, noting that it has been automatically assigned to a resource group named Default-Storage-SelectedRegion.
8.
At the top of the blade for your storage account, click the Pin blade to Startboard icon and note that a tile for this blade is added to the Startboard.
9.
On the Hub Menu, click JOURNEYS, and in the list of journeys, click Service health. Then close the Journeys pane and note that the blades you opened to check the status of the storage service in your selected region are reopened.
10. On the Hub Menu, click NEW, and in the New pane, click Website. Then in the Website blade, enter the following settings, and click Create: o
URL: Enter a unique, valid URL
o
WEB HOSTING PLAN: Use the default plan
o
RESOURCE GROUP: Click the default resource group name, and then click Create a new resource group. Then on the Create resource group blade, enter the name Demo-Web-App and click OK .
o
SUBSCRIPTION: Your subscription
o
LOCATION: Click the default location, and then select the location nearest to you.
o
Add to Startboard: Selected
11. Wait for the website to be created, and then in the blade for the website (which opens automatically after the website is created), note the information about the new website. 12. In Internet Explorer, switch to the tab containing the full Azure portal, and refresh the page. Note that the website you created in the new portal is listed in the all items page.
1-14 Getting Started with Microsoft Azure
Client Tools The Azure portals provide a graphical user interface for managing your Azure subscriptions and services, and in many cases, these are the primary management tools for service provisioning and operations. However, it is common to want to automate Dev/Ops tasks by creating re-usable scripts, or to combine management of Azure resources with management of other network and infrastructure services. You can use Visual Studio, SQL Server Management Studio, and Windows PowerShell to manage some aspects of your Azure subscription and services.
Azure Tools for Visual Studio Developers can use Azure Tools for Visual Studio to develop Azure projects. Examples include the development of Azure cloud and mobile services, and ASP.NET web applications. Developers can use the tools to run and debug projects locally before they publish them to Azure.
Additional Reading: The Azure Tools are part of the Azure SDK for .NET, which you can download from Microsoft Azure Downloads: http://go.microsoft.com/fwlink/?LinkID=517416.
SQL Server Management Studio You can use SQL Server Management Studio to connect to an Azure SQL Database Server and manage it in a way similar to how you manage SQL Server instances. The ability to manage SQL Server instances and SQL Database servers by using the same tool is useful in hybrid IT environments. However, many of the graphical designers in SQL Server Management Studio are not compatible with SQL Database, so you must perform most tasks by executing Transact-SQL statements.
Note: You also can use the SQLCMD command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands.
Windows PowerShell Windows PowerShell provides a scripting platform for managing Windows. You can extend this platform to a wide range of other infrastructure elements, including Azure, by importing modules of encapsulated code called cmdlets. Azure PowerShell is the primary PowerShell library for managing Azure services, and you can install it by using the Microsoft Web Platform Installer.
Additional Reading: You can find a link to the latest version of Azure PowerShell at http://go.microsoft.com/fwlink/?LinkID=517416.
Microsoft Azure Fundamentals
1-15
Azure PowerShell includes the following modules: •
Azure. A core set of cmdlets for managing Azure services.
•
AzureResourceManager. A set of cmdlets for managing resource groups.
•
AzureProfile. A set of cmdlets for managing authentication and execution context.
In many cases, you will need only the Azure PowerShell library. The Azure PowerShell module has a dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer checks for this during installation.
Note: If you plan to implement Active Directory (AD) in Azure, you can install the Azure AD PowerShell library to manage users, groups, and other aspects of the directory from Windows PowerShell. Before you can install the Azure AD module, you must install the Microsoft Online Services Single Sign-In Assistant.
1-16 Getting Started with Microsoft Azure
Lesson 4
Subscription Management and Billing It is important that you understand how to manage your subscription, including the billing for it. This lesson describes the various Azure subscription options, explains how to manage subscription features, and provides an overview of subscription billing.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the available Azure subscriptions.
•
Manage an Azure subscription.
•
Understand current Azure subscription pricing.
•
Explain the Azure pricing calculator.
•
Navigate the Azure billing workspace.
•
Use the Azure billing workspace.
Accounts, Subscriptions, and Administrative Roles Your Azure subscription is related to your Azure account and administrative roles. It is important to understand the difference between accounts, subscriptions, and administrative roles in Azure.
Accounts and Subscriptions An Azure account determines how your Azure usage is reported, and to whom it is reported. A subscription enables you to organize your access to your cloud services and resources. A subscription helps you control how your resource usage is reported, billed, and paid for. Each of your subscriptions can have a different billing and payment setup. This enables you to have different subscriptions and different plans by department, project, regional office, or other factor. Every cloud service belongs to a subscription, and the subscription ID is often required for some operations.
Administrative Roles There are three Azure administrative roles. These are: •
Account administrator. There is one account administrator for each Azure account. The account administrator is allowed to access the Account Center. This enables the account administrator to create subscriptions, cancel subscriptions, change billing for a subscription, or change Service Administrator, among other tasks.
Note: The Account Administrator for a subscription is the only person who has access to the Account Center. They do not have any other access to services in that subscription.
Microsoft Azure Fundamentals
1-17
Additional Reading: You can access the Azure Account Center from the Microsoft website: http://go.microsoft.com/fwlink/?LinkID=517417.
•
•
Service administrator. There is one service administrator for each Azure subscription. The service administrator is able to access the Azure Management Portal for all subscriptions in the account. By default, the user account associated with this role is the same as the Account Administrator when your subscription is created. Co-administrator. You can have up to 200 co-administrators for each Azure subscription. This role has the same functions as the Service Administrator, but it cannot change the association of subscriptions to Azure directories.
Demonstration: Managing a Subscription In this demonstration, you will see how to manage Azure subscriptions.
Demonstration Steps 1.
In Internet Explorer, in the Microsoft Azure management portal, in the navigation pane, click SETTINGS.
2.
In the settings pane, click the ADMINISTRATORS tab.
3.
At the bottom of the screen, click ADD.
4.
In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type [email protected].
5.
Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK (the check box).
Azure Pricing At the time of writing, there are three pricing options. These are: •
Pay-as-you-go. Choose this option if you want a flexible pricing plan. You only pay for the services you use. You may cancel this subscription at any time. You can only make payments by using credit or debit cards. It is important to note that usage quotas apply to this plan, including limits on cloud services and virtual machines, storage, and Active Directory.
Additional Reading: For further information about this plan, including usage quotas, visit the Azure website: http://go.microsoft.com/fwlink/?LinkID=517418.
1-18 Getting Started with Microsoft Azure
•
Buy from a Microsoft Reseller. To work with the same resellers from whom you currently purchase Microsoft software under the Open Volume License Program, you can select this option. You must purchase Azure in Open credits from your vendor. You can then activate your subscription using those credits. You can apply Azure in Open Licensing credits towards any Azure Service that is eligible for monetary commitments, when purchased online. Services that are not eligible for use with monetary commitments, such as Azure Rights Management Services and Azure Active Directory Premium, cannot be procured using Azure in Open.
Additional Reading: For further information about this plan, visit the Azure website: http://go.microsoft.com/fwlink/?LinkID=517419.
•
Enterprise agreements. This option is best suited to large organizations that sign an Enterprise Agreement (EA) and make an upfront commitment to purchase Azure services. Customers who select this option can use the Enterprise Portal to administer their subscription. Customers are also billed annually, based on their services usage. This can make it easier to accommodate unplanned growth.
Additional Reading: For more information about licensing Azure in the Enterprise, visit the Azure website: http://go.microsoft.com/fwlink/?LinkID=517420. Microsoft also provides a number of benefits to members of specific programs, such as MSDN, the Microsoft Partner network, and BizSpark: •
•
•
MSDN. Members receive monthly credits toward their Azure subscription. Partner. Partners receive monthly credits toward their Azure subscription and receive access to resources to help expand their cloud practice. BizSpark. Members receive monthly credits toward their Azure subscription.
Additional Reading: For more information about members’ benefits, visit the Microsoft Azure website: http://go.microsoft.com/fwlink/?LinkID=517421.
Additional Reading: The Azure pricing website can be accessed at: http://go.microsoft.com/fwlink/?LinkID=517422.
Pricing Calculator When you plan the cost of your Azure subscription, you can use the Microsoft Azure pricing calculator. Within the calculator are nodes for determining the cost of the various Azure services. These are: •
Websites
•
Virtual machines
•
Mobile services
Microsoft Azure Fundamentals
•
Cloud services
•
Data management
1-19
Additional Reading: To view the pricing calculator, go to http://go.microsoft.com/fwlink/?LinkID=517423. To calculate your Azure subscription cost, select the appropriate node, and then adjust the parameters of the service that you require. You can configure the following parameters for each of the nodes: •
•
•
•
•
Websites. Select between Free, Shared, and Standard models, and then configure the required sites, virtual machines, bandwidth, and support options to determine the cost. Virtual machines. Select between Windows, Linux, SQL Server, BizTalk Server, and Oracle Software virtual machine types, and then configure the size, bandwidth, and support options. Mobile services. Choose between Free, Basic, and Standard mobile services, and then select the appropriate SQL Server database size, the appropriate bandwidth, the notification hubs, and the support options. Cloud services. Choose the size of your Web and Worker role instances, SQL database size, bandwidth, and support options to determine the expected cost. Data management. Select between Locally redundant, Zone redundant, Geo redundant, and Readaccess Geo redundant options. You can then choose the appropriate level for import and export, backup size, site recovery options, SQL database number and sizing, machine learning, cache options, bandwidth, and support. The calculator will then determine the likely cost.
You can also use the full calculator node for more complex Azure subscriptions. This node enables you to select individual services and their configuration options from across all available Azure services. Once you have selected and configured your Azure subscription services, you can proceed to purchase and provision the subscription.
Billing Workspace You can view and manage the charges for your Azure subscription from either the portal or the Preview portal. From within the portal, on the OVERVIEW tab, you can view the following information: •
•
•
•
Subscription status. Shows the current credit remaining, and a summary of billing information. It also provides links to additional information. Change payment method. Enables you to change your preferred payment method for the selected subscription. Download usage details. You can download your usage history into a CSV file. Selecting this option moves the focus to the BILLING HISTORY tab. Edit subscription details. Enables you to change the subscription name and associated service administrator email account name. We recommend that you do this.
1-20 Getting Started with Microsoft Azure
•
Change subscription address. You can change the subscription billing address.
•
Cancel subscription. Enables you to cancel your subscription.
You can use the BILLING HISTORY tab to review previous usage and view your current status.
Note: You access the billing workspace from the main Azure portal. Click your account name in the Azure portal window, click View my bill, and then select your subscription. To access the billing workspace from the Preview portal, click BILLING in the navigation pane.
Additional Reading: For further information on interpreting your Azure bill, visit the Azure website: http://go.microsoft.com/fwlink/?LinkID=517424.
Demonstration: Using the Billing Workspace In this demonstration, you will see how to manage Azure billing.
Demonstration Steps 1.
In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft account name, and then click View my bill. This opens a new tab in Internet Explorer. If prompted, sign in using the Microsoft account credentials associated with your Azure subscription.
2.
On the subscriptions page, click your subscription. Then review the summary of usage and billing that is displayed.
3.
At the top right of the Microsoft Azure management portal, click your Microsoft account name, and then click Switch to new portal. This opens a new tab in Internet Explorer.
4.
In the navigation pane, click BILLING.
5.
In the Billing list, click your subscription name. A summary screen appears. If you receive an error, try this step again.
6.
Close Internet Explorer.
Microsoft Azure Fundamentals
1-21
Lab: Use the Microsoft Azure Portal Scenario To start investigating the use of Microsoft Azure to provide cloud-based services, you have decided to familiarize yourself with the Azure Portal.
Objectives After completing this lab, you will be able to: •
Add a co-administrator to your Azure subscription.
•
Display billing data for your Azure subscription.
Estimated Time: 20 minutes Sign in to your classroom computer by using the credentials your instructor provides.
Exercise 1: Add a Co-Administrator Scenario You will begin by adding a new co-administrator to your subscription. The main tasks for this exercise are as follows: 1.
Connect to the Azure Portal.
2.
Add a co-administrator.
Task 1: Connect to the Azure Portal
1.
Sign in to your computer.
2.
If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
Task 2: Add a co-administrator
1.
Switch to Internet Explorer.
2.
In the Azure portal, select SETTINGS, and then select SUBSCRIPTIONS.
3.
Add a co-administrator with the following email address: [email protected].
Results: After you complete this exercise, you should have successfully added a co-administrator to your Azure subscription.
1-22 Getting Started with Microsoft Azure
Exercise 2: View Billing Data Scenario You will now view associated billing information for your subscription. The main tasks for this exercise are as follows: 1.
View subscription usage.
2.
View billing period.
Task 1: View subscription usage
1.
In Internet Explorer, at the top right of the Microsoft Azure management portal, click your Microsoft account name, and then click View my bill.
2.
If necessary, sign in with the Microsoft account associated with your subscription.
3.
On the subscriptions page, click your subscription. Then review the summary of usage and billing that is displayed.
Task 2: View billing period
1.
Download the usage details for your subscription.
2.
Once you have reviewed the CSV file, close it.
3.
Close the current Internet Explorer tab.
Results: After you complete this exercise, you should have successfully viewed your Azure subscription billing data.
Microsoft Azure Fundamentals
Module Review and Takeaways Review Questions Question: What are the three categories of cloud services? Question: What are the four Microsoft Azure service categories?
1-23
2-1
Module 2 Websites and Cloud Services Contents: Module Overview
2-1
Lesson 1: Create and Configure Websites
2-2
Lesson 2: Deploy and Monitor Websites
2-8
Lesson 3: Create and Deploy Cloud Services
2-13
Lab: Websites and Cloud Services
2-21
Module Review and Takeaways
2-25
Module Overview Microsoft Azure provides a specialized website service that you can use to host any website without having to configure a virtual machine or associated platform software. If you create an Azure website, you can choose from a wide range of common web apps, including WordPress, Drupal, and Umbraco. Alternatively, you can upload a custom web app from Visual Studio 2013 or another web developer tool. To host applications in Azure, you can use Platform as a service (PaaS) as an execution model. Cloud services provide a platform that can host web apps and web services. Cloud services use a modular architecture that enables you to scale your application to the largest desired sizes while possibly minimizing costs. This module describes the Azure Websites service and Azure Cloud Services.
Objectives After completing this module, you will be able to: •
Create and configure websites using the Azure portal.
•
Deploy and monitor websites on Azure.
•
Create and deploy cloud services on Azure.
2-2
Websites and Cloud Services
Lesson 1
Create and Configure Websites In this lesson, you will learn about Azure Websites and how this differs from PaaS cloud services and web apps hosted on Azure Virtual Machines. You also will learn how to create and configure Azure Websites.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Azure Websites, and compare it with Azure Virtual Machines and Azure Cloud Services.
•
Explain how to create a website using the Azure portal.
•
Explain how to configure and scale a website using the Azure portal.
•
Create and configure a website.
Comparing Azure Websites, Azure Virtual Machines, and Azure Cloud Services If you want to host a web app in Azure, you can choose to use Azure Virtual Machines, Azure Websites, or Azure Cloud Services. To select the option that best suits your needs, consider the level of control and scaling flexibility you seek, and the languages and frameworks that you want to use.
Virtual Machines Because a virtual machine in Azure can include a web server, such as Internet Information Services (IIS) or the Apache HTTP Server, you can use them to host web apps. This scenario is very much like running a traditional web farm to host your web app, except that the servers are at Azure datacenters and not on-premises. This approach is therefore commonly used to migrate an on-premises web app into Azure with as little modification as possible. You can host supporting servers, such as SQL Servers or host databases on other virtual machines, in the same Infrastructure as a service (IaaS) cloud service. When necessary, you can scale out the web app by using load balancing. If you choose to host a web app in virtual machines, you have maximum control over the operating system and supporting software. For example, you could install a specific version of PHP on Apache. However, you must invest the time to update and maintain the infrastructure you create. If you want to scale out the application, you must provision new virtual machines to host the new instances of the application.
Azure Websites Instead of using Virtual Machines, alternatively, you can choose to host your web app in the Azure Websites service. Azure Websites is a fully managed PaaS cloud service that enables you to quickly build, deploy, and scale enterprise-grade web apps.
Note: Azure Websites also supports Azure Webjobs. Webjobs enables you to schedule regular jobs and batch jobs easily.
Microsoft Azure Fundamentals
2-3
Additional Reading: To read more about Webjobs, go to http://go.microsoft.com/fwlink/?LinkID=517425. After you create a new Azure website, you can either upload a custom web app or choose from a wide range of popular general purpose web apps, including Drupal, Word Press, Umbraco, and others. You can build custom web apps to host in Azure Websites by using ASP.NET, Node.js, PHP, and Python. You can scale up an Azure website by changing tiers.
Note: Azure Websites is offered in four tiers: Free, Shared (Preview), Basic, and Standard. Each tier provides for differing numbers of websites, supports different storage capacities, and meets many other performance-affecting criteria. Additional Reading: To learn more about the four tiers, go to the Microsoft Azure Websites Pricing Details webpage: http://go.microsoft.com/fwlink/?LinkID=517426. Scaling up increases the traffic a single instance of the site can service. Alternatively, you can scale out by installing a website in multiple instances, and by using Azure load balancing or Azure Traffic Manager to distribute traffic. However, you can only scale the website as a single component. You also cannot gain Remote Desktop Protocol (RDP) access to the web server. You can use Azure SQL Database or SQL Server on a virtual machine to host an underlying database.
Cloud Services You also can choose to build a web app as an Azure PaaS cloud service. A PaaS cloud service consists of at least one web role, which includes the application’s user interface, and one or more worker roles, which run background tasks. Because you can scale each role independently by specifying the number of role instances, you have a large degree of control over scalability with PaaS cloud services. You can connect to the web servers that host your PaaS cloud service by using RDP.
Note: The last lesson of this module discusses Azure Cloud Services.
Create a Website in the Portal You can create your new Azure Website in several ways. You can use either of the Azure portals to complete the task by using a graphical wizard. If you use the Preview portal, you must configure the options to create your website manually. If you are using the portal, you can select among three options to create your website: •
Quick Create. This option enables you to configure the website options manually during creation.
Note: This option is the one most similar to using the Preview portal to create your website.
2-4
Websites and Cloud Services
•
•
Custom Create. If you plan to migrate an existing site, this option enables you to create or associate a SQL database or MySQL database. Custom Create also provides you with the ability to specify multiple source control options for your website deployment, such as GitHub or Microsoft Team Foundation Server. From Gallery. This option enables you to create a new website with one of several frameworks, such as WordPress. This is helpful, because you can quickly create your new website, which you then can customize within the selected framework.
Creation Options Irrespective of the option you choose to create the website, you must configure a number of options during creation. These options are: •
•
URL. This is the URL by which your website is known and accessed. You must specify a unique name. Web hosting plan. If you have an existing web hosting plan, you can select it. Alternatively, you can choose to create a new web hosting plan.
Note: In the Preview portal, you can select from predefined hosting plans within the UI.
•
Region. Azure has multiple global regions. When you deploy your website to any one region, it is accessible globally on the Internet, but multiple regions provide for greater flexibility. For example, you can deploy sites in regions that are closest to the users of that site.
Note: The Region field is referred to as Location in the Preview portal.
Configure and Scale a Website in the Portal Once you have created your Azure Website, you can configure and scale it by using either portal. The exact procedure varies, depending upon the portal you use.
Using the Portal From within the portal, on the navigation bar on the left, click WEB SITES. In the results pane, select the appropriate website. From the initial view, you can see a summary of usage. You then can select the appropriate tab to configure and manage the website: •
Dashboard. Displays a summary of activity and options.
•
Monitor. Provides more detailed statistics about website usage, requests, and errors.
•
WebJobs. Enables you to view and configure WebJobs.
Note: You can use WebJobs to script programs to run on your website.
Microsoft Azure Fundamentals
•
2-5
Configure. Enables you to configure options for your website, including: o
o
o
General. This includes the .NET Framework version, PHP version, Java version, Python version, managed pipeline mode, platform, web sockets, and always on. Certificates. Enables you to configure and manage certificates used for SSL encryption. Domain names. You can assign your own custom website domain name. Azure initially assigns one with the suffix azurewebsites.net. For example, if you used the name Contoso, the URL would be Contoso.azurewebsites.net. If you want to use Contoso.com, you can configure that with the domain names option.
o
SSL bindings. Enables you to configure how you use SSL with your domain names.
o
Application diagnostics. You can enable and configure options for application logging.
o
Site diagnostics. You can enable and configure options for web server logging.
o
o
Default documents. Specifies which default documents are used on your website. For example, Default.html and Index.htm. Virtual applications and directories. Enables you to define virtual directories and their relative paths within your website.
Note: Some of these options only become available with certain scaling options.
•
Scale. Scaling your Azure websites involves two actions: o
Changing your Web Hosting Plan mode to a higher level of service, or tier.
o
Configuring certain settings after you have switched to the higher level of service.
You can configure a number of website options to scale your website, including: o
Web hosting plan mode. This option allows you to choose between the Free, Shared, Basic, and Standard hosting plan modes. Each of the plan modes supports a different set of features and capabilities. Plans in the Free and Shared modes run on a shared infrastructure with sites other customers create. These sites will have strict quotas for resource utilization. Plans in the Basic and Standard modes run on resources that are dedicated to your sites, and have fewer restrictions.
o
Capacity. This option enables you to define the instance count and size. Options available depend upon the selected web hosting plan mode. Plans in the Free and Shared modes support limited capacity tuning. The Basic mode enables you to choose between three instance sizes:
Small. Supports a single core with 1.75 gigabytes (GB) of memory.
Medium. Supports two cores and 3.5 GB memory.
Large. Supports four cores and 7 GB memory.
2-6
Websites and Cloud Services
The Standard mode enables you to choose between the same instance sized as basic, but additionally, you can configure:
•
•
A schedule for scaling. The scaling metric (none or CPU). If you choose CPU, you must configure the thresholds for automatic scaling to occur and the number of resultant instances. The instance count.
Linked Resources. You can use this option to link resources such as databases and storage to your website. Backups. You can only back up the website in the standard web hosting plan. You can configure an automated backup and an associated schedule.
Using the Preview Portal The procedure and options available for configuring your website from the Preview portal are different. From within the Preview portal, from the navigation bar on the left, click BROWSE , and then click Websites. Select the appropriate website from the returned list in the Websites blade on the right. In the blade for the selected website, you can view summary, monitoring, and usage data. On the toolbar, click More. You can change and then reset the publish profile, get the publish profile, and change the web hosting plan.
Note: You can also create a new web hosting plan. You can choose between several pricing tiers to select the plan that best suits your requirements.
Demonstration: Creating and Configuring a Website In this demonstration, you will see how to: •
Create a new website in Azure by using the preview portal.
•
Browse the new website from the Preview portal.
•
View scaling and configuration options in the portal.
Demonstration Steps Create a new website in Azure by using the Preview portal 1.
Start Internet Explorer, and browse to http://azure.microsoft.com.
2.
Connect to the portal, and sign in using the Microsoft account that is associated with your Azure subscription.
3.
Switch to new portal.
4.
Add a new website.
5.
Type a valid unique website name. For example, type Contoso####, where #### is a unique number.
Note: If the name is valid and unique, a green smiley face is displayed. 6.
Specify a location near you.
Note: The website creation process can take several minutes.
Microsoft Azure Fundamentals
2-7
Browse the new website from the Preview portal 1.
When the website creation is complete, in the website blade, click Browse. Internet Explorer shows the default webpage.
2.
Close the Internet Explorer tab, and then close the tab containing the new portal, keeping the portal tab open.
View scaling and configuration options in the portal 1.
In the Portal, refresh the webpage.
2.
Select WEB SITES, and in the web sites pane, click your new website.
3.
Scroll through the available options on the CONFIGURE tab.
4.
Scroll through the available options on the SCALE tab.
5.
Under web hosting plan mode, click STANDARD.
6.
Under capacity, adjacent to SCALE BY METRIC, click CPU.
7.
In the INSTANCE SIZE list, click Large (4 cores, 7 GB memory).
8.
Click DISCARD.
9.
Click the DASHBOARD tab.
10. Leave the portal open.
2-8
Websites and Cloud Services
Lesson 2
Deploy and Monitor Websites Once you have created your Azure Website, you then can create and publish the content that you want to make available in the new website. You have several options for creating and publishing content to an Azure Website. After you have created and published the website content, you must deploy the website to make it available to your users. This lesson describes the processes for creating, publishing, and deploying website content to Azure websites. It also describes the options that you can use to monitor those websites.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the available options for creating Azure website content.
•
Explain how to publish an Azure website by using Visual Studio.
•
Explain the process of deploying an Azure website.
•
Describe how to monitor websites in Microsoft Azure.
Options for Creating and Publishing Website Content Using the Azure portal to create a website is the start of the process for making the website available and useful for its users. You also must create and publish website content to your Azure website. There are several ways that you can create and publish website content. These include the following: •
Microsoft Visual Studio 2013. You can use Visual Studio 2013 to write and deploy a variety of different types of apps, including those for Windows Phone and Windows Store, desktop apps, web apps, and web services. You can write the code using a number of programming languages, including: o
Visual Basic
o
Visual C#
o
Visual C++
o
Visual F#
o
JavaScript
Additional Reading: Visual Studio 2013 is available in several different editions. For more information about these editions, go to the Compare Visual Studio Offerings website: http://go.microsoft.com/fwlink/?LinkID=517427.
Microsoft Azure Fundamentals
•
2-9
Microsoft WebMatrix. This tool is available for download from within the Azure portal. It enables you to create, publish, and maintain your Azure websites. It supports a range of programming languages and provides a simple interface for website deployment. To create a website using WebMatrix, start WebMatrix, and then sign into Azure with your subscription account. You can then click the option New, and use a range of templates to create and deploy your website. A variety of templates is provided, including: o
Empty site
o
Starter site
o
Bakery
o
Photo gallery
o
Personal site
Once you have created the website using WebMatrix, you can easily publish it to your production Azure website.
Additional Reading: You can find more information about WebMatrix from the WebMatrix website: http://go.microsoft.com/fwlink/?LinkID=517428.
•
The Azure website gallery. You can use the Gallery to create and publish your website content when you create your Azure website. To do this, when you initially create your website in the Azure portal, click the FROM GALLERY option. You then can select from a range of templates that best suit the purpose of your website. You can select from templates are provided in a number of categories, including: o
App frameworks, such as Bottle, CakePHP, and Django
o
Blogs, including Ghost, WordPress, and Orchard CMS
o
Forums, such as phpBB and MonoX
o
Galleries, including Gallery Server Pro
o
Tools, like BugNET, OpenX, and Open Web Analytics.
You can also select from many other website templates, including templates that are focused on particular businesses. There is, for example, a coffee shop website template, a bakery template, and templates for personal websites and photo galleries. Once you select the appropriate template, Azure presents you with a wizard interface to complete the creation process.
2-10
Websites and Cloud Services
Publish a Website from Visual Studio Using Visual Studio to publish your website involves the following high level steps: •
Set up the development environment. To use Visual Studio to publish your website content, you must firstly install the Azure SDK. When you install the Azure SDK, it will automatically install Microsoft Visual Studio 2013 Express for Web edition.
Note: You can also choose to install an appropriate edition of Visual Studio 2013 manually.
•
Create your app. To create the app, launch Visual Studio and choose to create a New Project. You can then select the type of app that you wish to use on your website, for example, an ASP.NET web app. The subsequent options that you must configure vary depending upon the type of app you initially select, but might include: o
.NET Framework version
o
Authentication options, such as:
o
No authentication
Individual user accounts
Organizational accounts
Windows Authentication
Host in the cloud/Create remote resources. This option varies, depending upon the edition of Visual Studio. You can use this option to create the website during the publish process. It is enabled by default. If you choose to create the website during publishing, you must define the site name, region, and database options.
Note: It is not necessary for you to create your website within the Azure portal before you create the app. Visual Studio can create your website when you publish it. Alternatively, you can publish to an existing website.
•
Deploy the app to Azure. After you have created your app, you can publish it to Azure by using the Publish Web Wizard, which appears automatically. You must specify the server name and port, site name, user credentials to authenticate with the website, and the destination URL.
Note: You can use the Preview option to view your website app before you actually publish the app. After you have published your website app, you will need to maintain the content. You can use Visual Studio to make any required changes to the website app, and then publish those changes to the production environment.
Microsoft Azure Fundamentals
2-11
Additional Reading: You can read more about how to use Visual Studio to publish ASP.NET websites on the Get started with Azure Websites and ASP.NET webpage: http://go.microsoft.com/fwlink/?LinkID=517429.
Deploy a Website with Web Deploy Web Deploy is a technology with client-side and server-side components that synchronizes both content and configuration values with web servers. We recommend that you use this tool to deploy web apps to Azure websites. When developing your Azure web app, you can use Web Deploy to publish changes for your web roles. Web Deploy enables you to make these changes incrementally. After you publish your app to a deployment environment, Web Deploy lets you deploy changes directly to the virtual machine that is running the web role.
Note: It is not necessary to package and publish the entire Azure app every time you want to update your web role. Consequently, you can have your web role changes available in the cloud for testing without waiting to have your application published to a deployment environment. You can use Web Deploy to: •
Deploy websites from development environments to staging and production web servers.
•
Migrate content from one web server to another.
Web Deploy is sometimes compared with other deployment tools, such as FTP, RoboCopy, and XCOPY.
Note: FTP is an older but widely used protocol for uploading web apps to web servers. Web Deploy offers a number of benefits over these other technologies, including: •
•
Speed. Web Deploy is faster than FTP. Security. Web Deploy supports publishing over HTTPS. It also supports configuring permissions on files.
•
Convenience. Web Deploy can publish databases to SQL Server, MySQL Server, and other databases.
•
Integration. Web Deploy integrates with Visual Studio and WebMatrix.
Additional Reading: Read more about Web Deploy at http://go.microsoft.com/fwlink/?LinkID=517430.
2-12
Websites and Cloud Services
Monitoring Websites Running websites consume resources and incurs costs. The websites also might generate errors, for example, if users request webpages that do not exist. You can use the Monitoring node within the Azure portal to check resource consumption. By doing this, you can better plan for increasing, or decreasing, website usage. From within the portal, select the appropriate website, and then click on the MONITOR tab. You can use the ADD METRICS option to enable additional monitoring options. The following list describes the metrics that you can view in the chart on the Monitor page: •
CPUTime. A measure of the website's CPU usage.
•
Requests. A count of client requests to the website.
•
Data Out. A measure of data sent by the website to clients.
•
Data In. A measure of data received by the website from clients.
•
Http Client Errors. Number of Http "4xx Client Error" messages sent.
•
Http Server Errors. Number of Http "5xx Server Error" messages sent.
•
Http Successes. Number of Http "2xx Success" messages sent.
•
Http Redirects. Number of Http "3xx Redirection" messages sent.
•
Http 401 errors. Number of Http "401 Unauthorized" messages sent.
•
Http 403 errors. Number of Http "403 Forbidden" messages sent.
•
Http 404 errors. Number of Http "404 Not Found" messages sent.
•
Http 406 errors. Number of Http "406 Not Acceptable" messages sent.
Receiving Alerts In Standard website mode, you can enable and receive alerts based on the selected website monitoring metrics. To enable alerts, you must first configure a web endpoint for monitoring. You can do this in the Monitoring section of the CONFIGURE page. On the SETTINGS page of the portal, you then can create a rule to trigger an alert when the metric you choose reaches a value that you specify. You can also choose to have an email sent when the alert is triggered.
Microsoft Azure Fundamentals
2-13
Lesson 3
Create and Deploy Cloud Services Azure provides three execution models for applications: Virtual Machines, Websites, and cloud services. In this lesson, you will see how Azure Cloud Services differ from Azure Websites and Azure Virtual Machines. You will also see how to configure Cloud Services and deploy the cloud service code your developers create.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Microsoft Azure Cloud Services.
•
Describe how to create a cloud service in Microsoft Azure.
•
Describe how to scale your Microsoft Azure Cloud Services.
•
Deploy cloud services within Microsoft Azure.
What Are Cloud Services? When you create an app and run it in Microsoft Azure, the code and its configuration together constitute an Azure cloud service. By creating a cloud service in Azure, you are able to deploy a multi-tier web app. You can define multiple roles to distribute processing and enable flexible scaling of your application.
Components of a Cloud Service A cloud service consists of one or more web roles and/or worker roles, each of which has its own application files and configuration. The following list defines the key characteristics and components of an Azure cloud service. •
Cloud service role. Comprises application files and configuration data. A cloud service can have two types of roles: o
o
•
Web role. Provides a dedicated IIS webserver that hosts front-end web apps. Worker role. Apps hosted within worker roles can run asynchronous, long-running, or perpetual tasks that require no user input or interaction.
Role instance. A virtual machine on which your application code and role configuration run.
Note: A role can have multiple instances, defined in the service configuration file.
•
Guest operating system. This is the operating system installed on the role instances (virtual machines) on which your app code runs.
2-14
Websites and Cloud Services
•
Cloud service components. To deploy an app as a cloud service in Microsoft Azure, the following three components are necessary: o
o
o
•
Service definition file. This file, known as a .csdef file, defines the service model. Service configuration file. The .cscfg file provides configuration settings for your cloud service and individual roles. Service package. The .cspkg file contains your app code and the service definition file.
Cloud service deployment. This is an instance of a cloud service deployed to the Azure staging or production environment.
Note: You can maintain deployments in both staging and production. •
Deployment environments. Microsoft Azure offers two deployment environments for cloud services: o
o
A staging environment. Environment in which you can test your deployment before you promote it to the production environment. In this environment, your cloud service's GUID identifies it in URLs (GUID.cloudapp.net). A production environment. The production environment URL is based on the domain name system (DNS) prefix assigned to your cloud service (for example, myservice.cloudapp.net).
Note: The two environments are distinguished only by the virtual IP (VIP) addresses by which the cloud service is accessed. To promote a deployment in the staging environment to the production environment, you can swap the deployments. You do this by switching the VIP addresses by which the two deployments are accessed. •
Minimal versus verbose monitoring: o
o
•
Minimal monitoring uses performance counters gathered from the host operating systems for role instances (virtual machines). This is enabled by default for a cloud service. Verbose monitoring collects extra metrics from performance data in the role instances. This enables you to perform closer analysis of activities and problems that occur during app processing.
Azure Diagnostics. Enables you to collect diagnostic data from apps running in Azure.
Note: You must enable Azure Diagnostics for cloud service roles for verbose monitoring to be available.
•
•
•
Link a resource. To show your cloud service's dependencies on other resources, such as an Azure SQL Database instance, you can link the resource to the cloud service. Scale a cloud service. You can scale out a cloud service out by increasing the number of role instances (virtual machines) deployed for a role. Conversely, you can scale in a cloud service by decreasing role instances. Azure Service Level Agreement (SLA). This guarantees that, when you deploy two or more role instances for every role, access to your cloud service is maintained at least 99.95 percent of the time.
Microsoft Azure Fundamentals
2-15
Cloud Services vs. Azure Virtual Machines Even though your applications run in virtual machines, Azure Cloud Services provide PaaS, not IaaS. Cloud Services are therefore different from hosting your applications in Azure Virtual Machines. With Azure Virtual Machines, first you create and configure your application’s environment, and then you deploy your application into that environment. With Cloud Services, the environment already exists. All you must do is deploy your application. With Cloud Services, you provide a configuration file that tells Azure how many virtual machines you require for your application; for example, two web role instances and three worker role instances. The Azure platform creates those for you.
Note: You still define the size of those virtual machines; the options are the same ones offered in Azure Virtual Machines. However, you do not explicitly create the virtual machines yourself.
Load Balancing If your application begins to support a higher load, you can request more virtual machines. Azure creates those additional instances. If the load on your application reduces, you can shut down those instances. Although both Azure Websites and Azure Virtual Machines enable you to create web apps on Azure, the main advantage of Azure Cloud Services is its ability to support more complex multi-tier architectures.
Additional Reading: For a more detailed comparison of these components, visit the Azure Web Sites, Cloud Services, and Virtual Machines comparison webpage: http://go.microsoft.com/fwlink/?LinkID=517431.
Maintenance and Recovery When you choose a cloud service, Azure maintains the underlying infrastructure. Microsoft Azure performs the following tasks: •
Performs routine maintenance.
•
Updates the operating systems.
•
Attempts recovery from service and hardware failures.
Note: If you define at least two instances of every role, the maintenance tasks, including your own service upgrades, are performed without any interruption in service.
2-16
Websites and Cloud Services
Create and Deploy a Cloud Service Before you can deploy your cloud service, you must create the cloud service package and the cloud service configuration file. You can use tools in the Azure SDK to help you to prepare these deployment files.
Additional Reading: You can download the Azure SDK, and other relevant Azure tools, from the Microsoft Azure Downloads webpage: http://go.microsoft.com/fwlink/?LinkID=517416.
Creating a Cloud Service If you do not have significant experience working with Azure Cloud Services, you can download templates that you can use to help with the creation of the deployment files.
Additional Reading: The code samples are available at the Microsoft Azure code samples webpage: http://go.microsoft.com/fwlink/?LinkID=517432. After you have installed the Azure SDK, use the following procedure to create a cloud service: 1.
Connect to the Azure portal.
2.
Click NEW, COMPUTE, CLOUD SERVICE, and then QUICK CREATE.
Note: You can also create a cloud service by using the CUSTOM CREATE option, so that you can choose the option to deploy a cloud service package during creation. 3.
Enter the URL that your cloud service will use. The URL format for production deployments is http://myURL.cloudapp.net.
4.
Enter the Region or Affinity Group. This configures the geographic region or affinity group to which you will deploy the cloud service.
Note: You must have already created the affinity group. To create an affinity group, in the portal, open the Networks area, click Affinity Groups, and then click Create. 5.
Finally, click Create Cloud Service .
Note: If any roles in your cloud service require a digital certificate for data encryption using Secure Sockets Layer (SSL), and you have not uploaded the certificate, you must upload the certificate before you can deploy your cloud service.
Microsoft Azure Fundamentals
2-17
Deploying a Cloud Service After you have successfully created your cloud service, you must deploy it. Use the following procedure to deploy your cloud service: 1.
Connect to the Azure portal.
2.
Click Cloud Services, and then select the cloud service that you want to deploy. Click Dashboard.
3.
Click either Production or Staging. If you choose to use the Staging environment, you can test your cloud service before you deploy it to the production environment.
Note: When you are ready to promote your staged cloud service to the production environment, use Swap to redirect client requests to that deployment. 4.
Click Upload, and then enter the following information: a.
Enter a Deployment Label.
b.
Browse and select the service package file (.cspkg) for the cloud service.
c.
Browse and select the service configure file (.cscfg) for the cloud service.
d.
Select the Deploy even if one or more roles contain a single instance check box if your cloud service includes any roles with only one instance.
Note: Azure only guarantees 99.95 percent access to the cloud service during maintenance and service updates if every role has at least two instances. 5.
Click OK .
After you perform the above steps, your cloud service should be available in the either the production or staging environment.
Scaling a Cloud Service With the Azure portal, you can scale your cloud service to adjust its performance. From the Scale page of your cloud service, you can choose to manually scale your application, or else you can set the appropriate parameters to have Azure automatically scale the application for you. You can scale applications that are running: •
•
•
Web Roles. Add or remove Web Role instances to accommodate the anticipated work load. Worker Roles. Add or remove role Worker Role instances to accommodate the work load. Virtual Machines. When you scale an application running Virtual Machines, virtual machines are turned on or off from an availability set of previously created machines.
2-18
Websites and Cloud Services
Note: Scaling is not automatic, and you must keep the instances of the virtual machines in sync with one another or else they will become non identical over time. Additionally, when you must upgrade websites in this scenario, it will be challenging to apply the upgrade to all of the machines at the same time.
Considerations for Scaling Before you scale your application, consider the following factors: •
Add virtual machines to an availability set before they are available for scaling. The virtual machines can be on or off when you create them. When you scale up, additional virtual machines from your availability set are turned on. Conversely, when you scale down, virtual machines are turned off.
Note: These virtual machines are not only turned off, but de-allocated. This ensures that you do not pay for the resources that these virtual machines consume.
•
Core usage affects scaling. Larger role instances use more cores, but you can only scale your application within the limit of cores for your subscription. For example, if your subscription has a limit of 30 cores and you run an application with three medium-sized virtual machines (a total of six cores), you can only scale up other cloud service deployments in your subscription by 24 cores.
Note: All virtual machines in an availability set that are used in scaling your application must be the same size.
•
•
Create a queue and associate the queue with a role or availability set. You must do this before you can scale your application based on a message threshold. Deploy two or more role instances to enable high availability. You must ensure that your application is deployed with two or more role instances or virtual machines to enable high availability for your application.
Scaling Your Cloud Service You can perform the following scaling actions for a cloud service: •
Manually scale an application running Web Roles or Worker Roles. If necessary, disable automatic scaling, and then configure the instance count for each of the roles in your cloud service.
Note: You can only increase the number of instances used if the appropriate number of cores are available to support those instances.
•
Automatically scale an application running Web Roles, Worker Roles, or Virtual Machines. You can configure automatic scaling based on two properties: o
o
CPU. If the average percentage of CPU usage goes above or below specified thresholds, Azure creates or deletes role instances, or turns virtual machines on or off from an availability set. Queue. If the number of messages in a queue goes above or below a specified threshold, Azure creates or deletes role instances, or Azure turns on or off virtual machines from an availability set.
Note: Automatic scaling is disabled by default for all roles.
Microsoft Azure Fundamentals
•
•
2-19
Scale linked resources. Typically, when you scale a role, it can be beneficial to scale any database that your application is using. If you link the database to your cloud service, you can change the SQL Database edition and resize the database as required. If you do not scale linked resources, you run the risk of causing problems with the linked resource, such as capacity in a database. Schedule the scaling of your application. You can configure the following schedule options: No schedule. This enables your application to be scaled automatically at all times.
o
Note: No Schedule is the default option. Day and night. This option enables you to specify scaling for specific times of the day and night.
o
Demonstration: Creating, Deploying, and Scaling a Cloud Service In this demonstration, you will see how to: •
Create a new cloud service.
•
Configure the cloud service.
•
Scale the cloud service.
Demonstration Steps Create a new cloud service 1.
If necessary, open Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
2.
Create a new cloud service using QUICK CREATE: a.
In the URL text box, type a valid unique cloud service name. For example, type AdatumWeb####, where #### is a unique number. If the name is valid and unique, a green check mark is displayed.
b.
In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD SERVICE.
Configure the cloud service 1.
Select the new cloud service, and select the CONFIGURE tab.
2.
Upload a new production deployment: a.
In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####, (where #### is the same number you typed earlier).
b.
Select a local package file. Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.
c.
Select a local configuration file. Navigate to C:\Labfiles, and double-click ServiceConfiguration.Cloud.cscfg.
Note: Deployment begins. This could take 10 to 15 minutes.
2-20
Websites and Cloud Services
Scale the cloud service 1.
2.
Scale the cloud service: a.
Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.
b.
Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
c.
Drag the TARGET CPU slider bar so that maximum is 90.
d.
Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.
e.
Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
f.
Drag the TARGET CPU slider bar so that the maximum is 90.
g.
Click SAVE.
h.
Click the MONITOR tab, and review the monitor data.
Close Internet Explorer.
Microsoft Azure Fundamentals
2-21
Lab: Websites and Cloud Services Scenario You require a blog for the A. Datum website and have decided that this would be an ideal time to test the functionality of Microsoft Azure Websites. You also would like to test the use of Azure Cloud Services to contain virtual machines.
Objectives After completing this lab, the students will have: •
Created a WordPress website from the Gallery.
•
Created a cloud service.
Lab Setup Estimated Time: 60 minutes Sign in to your classroom computer by using the credentials your instructor provides. Before you start this lab, ensure that you have a trial Azure subscription.
Note: To complete the lab in this module, you must have completed the labs in all preceding modules in this course.
Exercise 1: Create a WordPress Website Scenario Your users have suggested that they would like to be able to post blog articles to a corporate website. You have decided to host this website on Azure. In this exercise, you will create a website to host WordPress blogs, and then test the website by posting articles to the site. The main tasks for this exercise are as follows: 1.
Create a website.
2.
Install WordPress.
3.
Create a blog post.
Task 1: Create a website
1.
Start Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
2.
Create a new website to host your blog: a.
In the Azure portal, on the navigation pane, click WEBSITES.
b.
Click NEW, and then click FROM GALLERY.
c.
In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.
d.
In the A-Z list, click WordPress, and then click Next.
e.
On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a unique number. If your URL is unique, a green check mark displays.
f.
Leave DATABASE and WEBSCALEGROUP configured with default values.
2-22
Websites and Cloud Services
g.
Select the appropriate REGION, and then click Next.
h.
On the New MySQL Database page, accept the default name.
i.
In the REGION list, click the appropriate region.
j.
Select the I agree to ClearDB’s legal terms … check box, and then click Complete.
Note: Your website is created. This may take a few minutes. Task 2: Install WordPress
1.
In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a new tab and navigates to your new website.
2.
On the WordPress website, in the languages list, click English (United States), and then click Continue.
3.
On the Welcome page, complete the Information needed section with the following information: a.
Site Title: AdatumMyBlog#### Where #### is a unique number.
4.
b.
Username: The email address associated with your Azure subscription.
c.
Password, twice: Pa$$w0rd.
d.
Your E-mail: The email address associated with your Azure subscription.
Click Install WordPress.
Task 3: Create a blog post
1.
In Internet Explorer, on the Success webpage, click Log In: a.
In the Username box, type the email address associated with your Azure subscription.
b.
In the Password box, type Pa$$w0rd.
c.
Select the Remember Me check box, and then click Log In.
Note: If prompted by Internet Explorer to store the password for the website, click Not for this site. 2.
Create a new post: a.
In the Dashboard, click Write your first blog post.
b.
On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.
c.
In the main text box, type Welcome to the Adatum blog.
d.
Click Publish.
3.
View your new post.
4.
Close the current tab in Internet Explorer, and return to the Azure portal tab.
Results: After you complete this exercise, you will have successfully created and configured an Azure website to support WordPress blogs.
Microsoft Azure Fundamentals
2-23
Exercise 2: Create a Cloud Service Scenario You must now create an Azure Cloud Service. You will use the Azure portal to complete this task. The main tasks for this exercise are as follows: 1.
Create a Cloud Service.
2.
Deploy a Cloud Service.
3.
Verify a Cloud Service.
Task 1: Create a Cloud Service •
Create a new cloud service using QUICK CREATE: a.
In the URL text box, type a valid unique cloud service name. For example, type AdatumWeb####, where #### is a unique number. If the name is valid and unique, a green check mark is displayed.
b.
In the REGION OR AFFINITY GROUP list, click your local region and then click CREATE CLOUD SERVICE.
Task 2: Deploy a Cloud Service
1.
Select the new cloud service and select the CONFIGURE tab.
2.
Upload a new production deployment: a.
In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####, (where #### is the same number you typed earlier).
b.
Select a local package file. Navigate to C:\Labfiles and double-click AdatumAds.cspkg.
c.
Select a local configuration file. Navigate to C:\Labfiles, and double-click ServiceConfiguration.Cloud.cscfg.
Note: Deployment begins. This could take 10 to 15 minutes. 3.
Scale the cloud service: a.
Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU.
b.
Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
c.
Drag the TARGET CPU slider bar so that the maximum is 90.
d.
Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU.
e.
Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4.
f.
Drag the TARGET CPU slider bar so that maximum is 90.
g.
Click SAVE.
2-24
Websites and Cloud Services
Task 3: Verify a Cloud Service
Note: It might take a few minutes for your website to display. 1.
Review the list of cloud services in the Azure portal, and then click the URL for your cloud service. The Adatum Ads webpage displays.
Note: The app is for demonstration purposes and is not completely functional. 2.
Close Internet Explorer.
Results: After you complete this exercise, you will have successfully created, deployed, and configured an Azure Cloud Service.
Microsoft Azure Fundamentals
Module Review and Takeaways Review Questions Question: What is the key difference between using Azure Websites and an Azure virtual machine with the IIS server role installed to host your website app? Question: You want to create and publish your Azure Website using the Azure portal. Which option should you select when creating the new Website?
2-25
3-1
Module 3 Virtual Machines in Microsoft Azure Contents: Module Overview
3-1
Lesson 1: Create and Configure Virtual Machines
3-2
Lesson 2: Configure Disks
3-12
Lab: Create a Virtual Machine in Microsoft Azure
3-18
Module Review and Takeaways
3-21
Module Overview Microsoft offers several virtualization management technologies that your organization can use to resolve problems that you may encounter when managing server computing environments. For example, server virtualization can help reduce the number of physical servers, and provide a flexible and resilient server solution. You can deploy virtual machines on your locally installed servers or in Microsoft Azure. In this module, you will learn how to create and configure virtual machines, and how to manage their disks.
Objectives After completing this module, you will be able to: •
Create and configure virtual machines in Microsoft Azure.
•
Configure disks for virtual machines.
3-2
Virtual Machines in Microsoft Azure
Lesson 1
Create and Configure Virtual Machines Virtual machines (VMs) provide many benefits over traditional physical machines. You can deploy virtual machines on physical servers in your IT environment, or you can choose to deploy virtual machines in Microsoft Azure. In this lesson, you will learn how to create, deploy, and configure virtual machines in Microsoft Azure.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the purpose and functionality of virtual machines.
•
Describe Azure virtual machines.
•
Describe how to create virtual machines from Azure VM Gallery.
•
Create a virtual machine from the Azure VM Gallery.
•
Configure and scale virtual machines.
•
Configure a virtual machine from the Azure Portal.
•
Describe how to connect to a virtual machine.
•
Connect to a virtual machine.
Overview of Virtual Machines In today’s information technology (IT) environments, a virtual machine is an emulation of a physical computer system. A virtual machine acts like a software-based computer that runs an operating system and applications. Virtual machines are based on the computer architecture and functions of a real or hypothetical computer. The implementation of virtual machines may involve specialized hardware, software, or a combination of both. Virtual machines function as normal computers. Virtual machines that are hosted on the same virtualization server are independent of one another. You can run multiple virtual machines that are using different operating systems on a virtualization server simultaneously, provided the virtualization server has enough resources.
Implementing Virtual Machines to Maximize Hardware Usage You use hardware more efficiently when you implement virtual machines. In most cases, a service or a program does not consume more than a fraction of the virtualization server’s resources. This means that you can install multiple services and programs on the same virtualization server and then deploy them to multiple virtual machines. This ensures a more effective use of that virtualization server’s resources. For example, you may have four separate services and programs, each of which consumes from 10 to 15 percent of a virtualization server’s hardware resources. You can install these services and programs in virtual machines, and then place them on the same hardware, where they consume 40 to 60 percent of the virtualization server’s hardware.
Microsoft Azure Fundamentals
3-3
This is a simplified example. In real-world environments, you must make adequate preparations before collocating virtual machines. You have to ensure that the hardware-resource needs of all the virtual machines that the virtualization server is hosting do not exceed the server’s hardware resources. Yu should also make sure that you provide high availability.
Isolating Services and Programs It can be challenging to keep one particular service or program functioning reliably; it becomes even more complicated when you deploy multiple services and programs on the same server. For example, you might need to deploy two separate operating systems at a branch office, but these operating systems conflict when running on the same computer. If you can afford only one server, you can solve this problem by running these programs within virtual machines on the same server.
Consolidating Servers With server virtualization, you can consolidate servers that would otherwise need to run on separate hardware onto a single virtualization server. Because you can isolate each virtual machine on a virtualization server from the other virtual machines on the same server, you can deploy services and programs that are incompatible with one another on the same physical computer, provided that you host them within virtual machines. Examples of such services and programs include Microsoft Exchange Server 2013, SQL Server 2012, and Active Directory Domain Services (AD DS). You should not install these services on the same machine, but you can install them in separate virtual machines that are running on the same host.
Simplifying Server Deployment Virtualization also enables you to simplify server deployment, because: •
•
Virtual machine templates for common server configurations are included with products such as Microsoft System Center 2012 Virtual Machine Manager (VMM). These templates include parameters that are preconfigured with common settings, so you do not have to configure the setting of every parameter manually. You can create virtual machine self-service portals that enable end users to provision approved servers and programs automatically. This lessens the workload of the systems administration team. You create these virtual machine self-service portals with VMM and Microsoft System Center 2012 Service Manager.
Virtual Machine Hardware With server virtualization, you can create separate virtual machines and run them concurrently on a single server that is running Microsoft Hyper-V. These virtual machines are guests, while the computer that is running Hyper-V is the virtualization server or the management operating system. Virtual machines use virtual, or emulated, hardware. The management operating system, Windows Server 2012 with Hyper-V, uses the virtual hardware to mediate access to actual hardware. For example, you can map a virtual network adapter to a virtual network that you map to an actual network interface. By default, virtual machines include the following simulated hardware: •
BIOS. This simulates the computer’s BIOS. On a stand-alone computer, you can configure various BIOS-related parameters. On a virtual machine, you can configure some of the same parameters, including: o
o
o
The boot order for the virtual machine’s virtual hardware. From which device the virtual machine boots, such as from a DVD drive, Integrated Drive Electronics (IDE), a legacy network adapter, or a floppy disk. Whether the NUM LOCK key is enabled at boot.
3-4
Virtual Machines in Microsoft Azure
•
Memory. You can allocate up 1 terabyte (TB) of memory resources to an individual virtual machine.
•
Processor. You can allocate up to 64 virtual processors to a single virtual machine.
•
IDE controller 0. A virtual machine can support only two IDE controllers and, by default, two are allocated to each virtual machine. Each IDE controller can support two devices.
You can connect virtual hard drives or virtual DVD drives to an IDE controller. You can use IDE controllers to connect virtual hard disks and DVD drives to virtual machines that use any operating system that does not support integration services. •
•
•
IDE controller 1. Enables deployment of additional virtual hard drives and DVD drives to the virtual machine. SCSI controller. You can use a small computer system interface (SCSI) controller only on virtual machines that have operating systems that support integration services. Synthetic network adapter. Synthetic network adapters represent computer network adapters. You can only use synthetic network adapters with supported virtual machine guest operating systems.
•
COM 1. Enables you to configure a connection through a named pipe.
•
COM 2. Enables you to configure an additional connection through a named pipe.
•
Disk drive. Enables you to map a virtual floppy disk image to a virtual disk drive.
You can add the following hardware to a virtual machine by editing the virtual machine’s properties, and then clicking Add Hardware: •
SCSI controller. You can add up to four virtual SCSI devices. Each controller supports up to 64 disks.
•
Network adapter. A single virtual machine can have a maximum of eight synthetic network adapters.
•
•
•
Legacy network adapter. You can use legacy network adapters with any operating systems that do not support integration services. You can also use legacy network adapters to deploy operating system images throughout the network. A single virtual machine can have up to four legacy network adapters. Fibre Channel adapter. If you add a Fibre Channel adapter to a virtual machine, the virtual machine can then connect directly to a Fibre Channel SAN. You can only add a Fibre Channel adapter to a virtual machine if the virtualization server has a Fibre Channel host bus adapter (HBA) that also has a Windows Server 2012 driver that supports virtual Fibre Channel. RemoteFX 3D video adapter. If you add a RemoteFX 3D video adapter to a virtual machine, the virtual machine can then display high performance graphics by leveraging Microsoft DirectX and graphics processing power on the host Windows Server 2012 server.
Virtual Machine Generations Most operating systems and programs that run in virtual machines are not aware that they are virtualized. Using emulated hardware enables operating systems that are not virtualization-aware to run in virtual machines. In machines that can run enlightened operating systems, Integration Services allow the virtual machines to access synthetic devices, which perform better. With the broad adoption of virtualization, many modern operating systems now include Integration Services. Windows Server 2012 R2 changes all of this. It fully supports the existing type of virtual machines, and names them collectively generation 1 virtual machines. It provides support for the new type of virtual machines, named generation 2 virtual machines. Generation 2 virtual machines function as if their operating systems are virtualization-aware. Because of this, generation 2 virtual machines do not have the legacy and emulated virtual hardware devices found on generation 1 virtual machines. Generation 2 virtual machines use only synthetic devices. Advanced Unified Extensible Firmware Interface (UEFI) firm, which supports Secure Boot, replaces BIOS-based firmware. Generation 2 virtual machines start from a
Microsoft Azure Fundamentals
3-5
SCSI controller or by using the Pre-Boot EXecution Environment (PXE) on a network adapter. All remaining virtual devices use virtual machine bus (VMBus) to communicate with parent partitions. Generation 1 and generation 2 virtual machines have similar performance, except during startup and operating system installation. The primary advantage of generation 2 virtual machines is that startup and deployment are considerably faster. You can run generation 1 and generation 2 virtual machines side-byside on the same Hyper-V host. You select the virtual machine generation when you create the virtual machine. You cannot change the generation later. Generation 2 virtual machines currently support only Windows Server 2012, Windows 8 (64-bit), and newer 64-bit Windows operating systems. Therefore, generation 1 virtual machines, which support almost any operating system, will continue to be in use for the foreseeable future. Generation 2 virtual machines do not currently support Microsoft RemoteFX.
What Are Azure Virtual Machines? In addition to creating virtual machines on your on-premises physical servers, you can also create cloud-based virtual machines in the Microsoft Azure environment. In today’s enterprise environments, cloud-based services and especially virtual machines can be a very attractive solution for extending a data center and allocating some additional resources when needed. The Azure platform provides numerous services that can either replace or complement existing on-premises services. Cloudbased virtual machines, programs, and services can also be useful when you have to provide proof-of-concept solutions for proposed projects. Rather than purchase test hardware and deploy a proof-of-concept solution to it, you can deploy a cloud-based virtual machine quickly, and then deploy the proof-of-concept solution to the virtual machine. Then, after you validate the proof-of-concept solution, you can discard the virtual machine, or keep it, depending on operational concerns. This solution is not only faster but also less expensive than buying the hardware for the proof-of-concept solution, which you may opt to discard if the project is not approved. Apart from using the Azure environment for testing or proof-of-concept, there are several more scenarios where you can benefit from running virtual machines in Microsoft Azure: •
•
•
You can use virtual machines in Azure for development or testing. Microsoft Azure provides an inexpensive and reliable test platform that you can deploy within minutes. You can also use additional services from Microsoft Azure, such as SQL Databases, Storage, or ServiceBus to support your testing. You can move your virtual machines from an on-premises Hyper-V deployment to Microsoft Azure. For example, you can move a virtual hard drive from your local environment and run it with virtual machines in Microsoft Azure. You can extend your data center by using Microsoft Azure. By using this approach, you can deploy several virtual machines in Microsoft Azure and connect them to your on-premises environment by using Azure Virtual Networks.
3-6
Virtual Machines in Microsoft Azure
Deploying Azure Virtual Machines Deploying virtual machines in Microsoft Azure is somewhat different from deploying them on a local Hyper-V environment. In the Hyper-V environment, you configure all properties of the virtual machine; in the Microsoft Azure environment, you must choose between several preconfigured options for virtual machine configuration. In addition, you have to decide if you are going to use your own .vhd file as an image for the virtual machine or if you will use one of the platform images already present in Microsoft Azure. When making this decision, you should also consider the licensing aspect. When you create a new virtual machine instance by using the Azure management portal, you have three options: create a virtual machine from the + NEW menu, create a virtual machine from the gallery, and create a virtual machine based on your own image. When you create a virtual machine, the portal allows you to specify the following options: •
Host name. This is the name of the computer.
•
User name. This is the name of the local user account that you will use when managing the server.
•
•
•
•
•
Pricing tier. You can use this option to configure the pricing tier that correlates to the virtual hardware assigned to your virtual machine. Optional configuration. You use this option to configure some basic operating system settings such as automatic updates, the availability set for the virtual machine, the network configuration including static IP address and virtual network, the storage account, and whether diagnostics should be on or off. Resource group. The resource group is a container that groups objects together into a collection for easier management. Subscription. If you have multiple Azure subscriptions, you can choose which subscription the virtual machine should be part of. Location. You can configure the location for the virtual machine to the most appropriate locale.
After you configure these options, the portal creates the virtual machine with the settings that you have specified. At this time, Microsoft Azure supports only generation 1 virtual machines. In the Azure portal, you cannot manage virtual machine generation, but it is important to consider this when using the virtual machine image create on your local Hyper-V environment. Also, the Azure platform does not provide console access to a virtual machine, and most Azure VMs, irrespective of size, have only one virtual network adapter, which means that they also can have only one IP address. When running Azure VMs, you pay for the service on an hourly or per-minute basis. The price for the specific virtual machine is based on the size, the operating system, and the additional software installed on the virtual machine. Because your virtual machine allocates resources on the Azure platform, you are charged when the virtual machine status is Running or Stopped, but you are not charged when the machine is in Stopped (Deallocated) state. When you shut down the virtual machine from its operating system, it will go into the Stopped state, and you will be charged for it, even if it is not running. Only when you shut down the virtual machine from the Azure portal will it go into the Stopped (Deallocated) state. Some additional charges may appear for the storage that the virtual machine uses in addition to the operating system disk.
Additional Reading: For more information on Azure virtual machines, go to http://go.microsoft.com/fwlink/?LinkID=517440
Microsoft Azure Fundamentals
3-7
Create a Virtual Machine from the Gallery If you do not want to use your own image file to build an Azure virtual machine, you can create a virtual machine from the gallery of available images and VMs. The gallery provides preinstalled images of various Microsoft and Linux operating systems and products. For example, you can select a basic Windows Server installation or a specific product, which will be preinstalled with the server. Some of the available Microsoft products include: •
Windows Server
•
Microsoft SharePoint
•
Microsoft SQL Server
•
Microsoft BizTalk Server
•
Microsoft Visual Studio
If you are performing a Linux installation, you can select from multiple versions of the following distributions: •
Ubuntu
•
CentOS
•
SUSE
•
Oracle
•
Puppet Labs
Finally, an installation can also be based on images or disks that you have previously uploaded to Azure. After you have selected the operating system or image that you wish to deploy, the next step in the gallery wizard asks for virtual machine configuration details. These details include: •
Operating system version release date
•
Virtual machine name
•
Deployment tier
•
Virtual machine size
•
Username
•
Password
A key aspect of these configuration steps is the deployment tier and size of the instance. The Azure offer consists of several virtual machine pricing tiers. For example, a basic deployment tier and a standard deployment tier offer the following sizes for general purpose use: •
A0 (shared core, 768 MB memory, 1 data disk)
•
A1 (1 core, 1.75 GB memory, 2 data disks)
•
A2 (2 cores, 3.5 GB memory, 4 data disks)
•
A3 (4 cores, 7 GB memory, 8 data disks)
•
A4 (8 cores, 14 GB memory, 16 data disks)
3-8
Virtual Machines in Microsoft Azure
Besides basic tier, which has a very affordable monthly price, there are additional tiers for more demanding services. The standard deployment tier includes the features of the basic deployment tier in addition to autoscaling and load balancing. Both of these features are not available in the basic deployment tier. These options are typically necessary for memory-intensive services such as database services. Lastly, there is a compute-intensive deployment tier that offers all that the standard tier includes with some additional features. Note that the compute-intensive deployment tier comes standard with a 40 gigabyte (GB) InfiniBand network, and Remote Direct Memory Access (RDMA) support. For example, you can choose some of these tiers: •
A8 (8 cores, 56 GB memory, 16 data disks)
•
A9 (16 cores, 112 GB memory, 16 data disks)
Microsoft is updating tiers regularly, so we recommend that you review the current offer on the Azure management portal. After you have created a virtual machine instance, you can use two primary methods to connect and manage the virtual machine: •
Windows PowerShell with the Azure module
•
Remote Desktop Protocol, initiated from within the Azure management portal
Additional Reading: For more information on Virtual Machine and Cloud Service Sizes for Azure, go to http://go.microsoft.com/fwlink/?LinkID=517441
Demonstration: Create a Virtual Machine from the Gallery In this demonstration, you will see how to create a virtual machine from the Azure Gallery.
Demonstration Steps Create a virtual machine 1.
Sign in to your Azure account on the Azure preview portal at https://portal.azure.com.
2.
Create a new virtual machine by using the following settings:
3.
o
Operating system: Windows Server 2012 R2 Datacenter
o
VM name: server-10979
o
User name: server-admin
o
Password: Moc1500!
o
Location: Select the location that is closest to you
o
Storage account: Create new by using default values
Select to create a virtual machine with these settings and wait for a couple minutes until the virtual machine is created.
Microsoft Azure Fundamentals
3-9
Configure and Scale a Virtual Machine After you create an Azure virtual machine, you use the Azure management portal to perform further configuration and administration of each virtual machine. When you click the virtual machine in the Azure management portal, the tab-based interface for management opens. Notice that this interface is significantly different than the interface of virtual machine properties in Hyper-V Manager, in the following ways: •
•
•
•
On the Dashboard tab, you can see general information about the virtual machine state and configured options. In addition, here you can find quick links to some commonly used configuration options. On the Monitor tab, you can find real-time information about the performance of critical components of your virtual machine. You can monitor central processing unit (CPU), Disk, and Network resources. The Endpoints tab lets you configure connection endpoints for the virtual machine, as discussed earlier in this lesson. The Configure tab provides options for virtual machine configuration. On this tab, you can change the virtual machine tier and size, and you can also configure the virtual machine availability options by configuring an availability set.
Availability Sets and Scaling By configuring an availability set, you provide redundancy for an application that is running on one or more virtual machines. When you put two or more virtual machines into the availability set, you ensure that, during a planned or unplanned maintenance event, at least one virtual machine will be available and meet the 99.95% Azure service level agreement (SLA). In practice, when you place two or more virtual machines in the availability set, you inform the Microsoft Azure fabric controller that these virtual machines are hosting the same service, and that they should not be taken down at the same time. Besides, virtual machines that are part of an availability set are spread across different racks in the Azure data center, which means they have separate power supplies and switches. The Azure platform controls these operations by using the Update Domain and Fault Domain objects. Update Domain objects help the Azure platform to determine which virtual machines (or physical hardware that hosts them) can or cannot be rebooted at the same time. Fault Domain objects define the group of virtual machines that share a common power source and network switch. When you configure up to five virtual machines in the same availability set, they will never all share the same Fault Domain object.
Note: Do not confuse availability sets with high availability technologies such as failover clustering or Network Load Balancing (NLB). For an application running within virtual machines, you can also configure scaling. Before you configure any scaling options, you must assign the virtual machines to the same availability set. You can scale your application manually or you can set parameters to scale it automatically. Virtual machines that you assign to the availability set are turned on in a scale-up action and turned off in a scale-down action. CPU core usage affects application scaling. Larger virtual machines have more cores available. You can scale
3-10
Virtual Machines in Microsoft Azure
applications within the core limits for your Azure subscription. For example, if you have an Azure subscription that has a limit of 20 cores and you run an application with two medium-sized virtual machines (which use four cores in total), you can only scale up the other cloud service deployments in your subscription by 16 cores. All virtual machines in an availability set that you use in scaling an application must be the same size.
Demonstration: Configure a Virtual Machine from the Portal In this demonstration, you will see how to configure an Azure virtual machine.
Demonstration Steps 1.
Open the Azure preview portal and browse to Virtual machines.
2.
Click the virtual machine that you created in the previous demonstration. Show available options
3.
Open Azure portal from Azure preview portal. In the Azure portal, click on the virtual machine created in previous demonstration.
4.
Browse through the DASHBOARD, MONITOR, and ENDPOINTS tabs and review the available options.
5.
On the CONFIGURE tab, change the size of the virtual machine to A1.
6.
Save the changes.
Connect to a Virtual Machine After you create a virtual machine on the Microsoft Azure platform, you will probably want to connect to it, and then perform further administration tasks. To log on to a virtual machine, you use credentials that you specified when you created the virtual machine. To make a connection to a virtual machine, you can use the Remote Desktop client software for Windows operating systems, or other operating systems that support it. Alternatively, you can use the Secure Shell (SSH) client for Linux operating systems. For security reasons, you can disable this type of communication to reduce the attack surface and instead use virtual private networks (VPNs), which you will learn about later. You can also change the default port for connecting to Remote Desktop. You can connect to your Azure virtual machine directly from the Azure management portal by choosing the Connect option after selecting a virtual machine. In case of a Windows virtual machine, you will be prompted to download the .rdp file with settings needed to make a connection to the virtual machine. If you want to make an SSH connection, you can find SSH information such as the host name and port number in the Management Portal by selecting the virtual machine and looking for SSH Details in the Quick Glance section of the dashboard.
Microsoft Azure Fundamentals
3-11
Besides using Remote Desktop Protocol (RDP) or SSH to connect to the virtual machine, you can also specify a custom port and protocol to make a connection. To allow access to the virtual machine, you need to create an endpoint. Two endpoints are created by default when you create a new virtual machine, but you can create more by using the management portal. Each virtual machine created by using an image from the Azure gallery comes with the local Windows Firewall enabled. Windows Firewall is configured with inbound rules according to the default endpoints created for the specific virtual machine. However, if you create additional endpoints later, you will also have to create appropriate inbound rules on the local firewall on the virtual machine. In addition, if you are using your custom image on an Azure virtual machine, you will have to set all firewall rules manually.
Note: If you forget the user name and password for the Azure virtual machine, you can perform a password reset by using the VMAccess extension. You can enable this extension during the wizard for creating an Azure virtual machine. Alternatively, you can also use the Set-AzureVMaccessExtension cmdlet from Microsoft Azure PowerShell module to add this extension after deploying the virtual machine. With this extension, you can also reset Remote Desktop Access or Secure Shell (SSH) settings on a virtual machine.
Troubleshooting Virtual Machine Connection Issues If you are having trouble connecting to a virtual machine in Microsoft Azure, you can try the following troubleshooting steps: •
Ensure that you are using the correct user account. If you added a machine to the Active Directory Domain Services (AD DS) domain, ensure that you are using the correct domain to sign in.
•
Delete and recreate endpoint objects for RDP or SSH.
•
Restart the virtual machine.
•
If you are using a specific endpoint with custom values for port and protocol to connect, ensure that your local firewall allows this connection.
Demonstration: Connect to a Virtual Machine In this demonstration, you will see how to connect to an Azure virtual machine.
Demonstration Steps Connect to a virtual machine by using Remote Desktop Connection •
Switch back to the Azure preview portal, click the newly created virtual machine, and then connect to the virtual machine.
Validate functionality of a newly created virtual machine 1.
Sign in to the virtual machine and navigate around the server configuration by viewing Server Manager and File Explorer.
2.
Disconnect the Remote Desktop Connection session when finished.
3-12
Virtual Machines in Microsoft Azure
Lesson 2
Configure Disks Each virtual machine uses disks to store data. You must configure at least one disk on each virtual machine to store operating system files. You can add more disks to each virtual machine deployed onpremises or in Microsoft Azure. Virtual machines deployed in the Hyper-V environment use the .vhd or .vhdx virtual disk formats. In this lesson, you will learn about virtual machine disks and how to manage them.
Lesson Objectives After completing this lesson, you will be able to: •
Describe virtual hard disks.
•
Upload and attach disks to virtual machines.
•
Describe how to configure new disks in Windows operating systems.
•
Configure disks.
Overview of Virtual Hard Disks A virtual hard disk is a file that represents a traditional hard disk drive. You can configure this file as a virtual hard disk with partitions and an operating system. You can use virtual hard disks on virtual machines, and you can mount virtual hard disks as local volumes by using the Windows Server 2012, Windows Server 2008 R2, Windows 8, and Windows 7 operating systems. Windows Server 2012 supports the boot from virtual hard disk option. This enables you to configure a computer to boot into a Windows Server 2012 operating system that is deployed on a virtual hard disk, or into certain editions of the Windows 8 operating system that are deployed on a virtual hard disk. You can create a virtual hard disk by using: •
The Hyper-V Manager console.
•
The Disk Management console.
•
The DiskPart (diskpart.exe) command-line tool.
•
The Windows PowerShell cmdlet New-VHD.
Note: Some editions of Windows 7 and Windows Server 2008 R2 also support booting from virtual hard disk.
Microsoft Azure Fundamentals
3-13
Virtual Hard Disks in .vhd Format vs. Virtual Hard Disks in .vhdx Format Virtual hard disks typically use the .vhd extension. Windows Server 2012 introduces a new type of virtual hard disk that uses the .vhdx extension. Virtual hard disks with the .vhdx format have the following benefits over virtual hard disks that were used in Hyper-V on Windows Server 2008 and Windows Server 2008 R2: •
•
•
•
Virtual hard disks with the .vhdx format can be as large as 64 TB, whereas virtual hard disks with the .vhd format are limited to 2 TB. Virtual hard disks with the .vhdx format are less likely to become corrupt if the virtualization server suffers an unexpected power outage. The .vhdx format supports better alignment when deployed to a large sector disk. Virtual hard disks with the .vhdx format can hold larger dynamic and differencing virtual hard disks. This provides for better performance from the dynamic and differencing virtual hard disks.
You can convert a virtual hard disk with the .vhd format to the .vhdx format by using the Edit Virtual Hard Disk Wizard. You might want to do this if you have upgraded a Windows Server 2008 or Windows Server 2008 R2 virtualization server to Windows Server 2012 or Windows Server 2012 R2. You can also convert a virtual hard disk with the .vhdx format to the .vhd format.
Disks in Microsoft Azure There are three types of virtual disks in Azure: •
•
•
Operating system disk. Each machine has an operating system disk attached. This disk is attached as a serial ATA (SATA) drive and labeled with the letter C. It has a capacity of 127 GB. This disk contains the operating system of the virtual machine. In the Azure infrastructure, each operating system disk is created in three copies for redundancy, but this process is transparent to the user. Temporary disk. As with the operating system disk, this disk is created automatically during the creation of the virtual machine. It has the same size as the operating system disk, and it is labeled with the letter D. It is important to note that you should not use this disk for storing data. It is there to provide temporary storage for applications and processes and to store data that you do not need to keep, such as page or swap files. The temporary storage is present on the physical machine that is hosting your virtual machine. In some scenarios, a virtual machine can move to a different physical host machine, such as in a power failure. When this happens, your virtual machine is recreated on the new host machine by using the operating system disk. Any data saved on the previous temporary drive will not be migrated, and your virtual machine will be assigned a new temporary drive. In addition, when you resize your virtual machine or when you shut it down temporarily, storage will be deleted. Data disk. You should use this type of disk as data storage. Its maximum size is 1 TB, and you can label it with the letter of your choice. Unlike the operating system disk, this disk is attached to the SCSI interface of the virtual machine. This disk, along with an operating system disk, is stored in an Azure Storage account as a page blob. You will discuss types of Azure storage in later modules. Each disk type is based on the .vhd format. The number of data disks assigned to the virtual machine that you choose from the gallery depends on the deployment and pricing tier that you choose.
You can use the Azure management portal or Windows PowerShell to attach disks to a virtual machine. The Add-AzureDataDisk cmdlet can attach an existing data disk to a virtual machine or create a new data disk for a virtual machine.
3-14
Virtual Machines in Microsoft Azure
You must consider the following factors when using virtual disks in Azure: •
Azure does not support the .vhdx format. All virtual disks must use the .vhd format.
•
Azure does not support dynamically expanding disks. All virtual disks must be fixed disks.
•
.vhd files remain in your storage account even if you remove them from a virtual machine or delete the virtual machine. You must manually manage the .vhd files to minimize storage space waste. Alternatively, you can use Windows PowerShell to manage the .vhd files automatically.
Uploading and Attaching Disks If you want to attach a new data disk to your virtual machine in Microsoft Azure, you can do so by using the Azure management portal. When creating a new disk, you must choose a storage account and a container where your disk will be stored, and you must specify a disk size in GB. Azure disks that you can attach to the virtual machines are stored as page blobs in Azure Storage. Each storage account that you create in your Azure subscription has specific scale targets. If services in your virtual machine require heavy disk I/O load through a virtual machine, it is possible that you will reach the limits of these storage targets. A specific blob (which holds a single disk) has a target of 60 megabytes (MB) per second. For achieving better performance, we recommend that you use multiple disks across multiple storage accounts. This will enable you to exceed account-specific storage scale targets. You can also use a virtual disk from your on-premises computer, such as a server running Hyper-V in Windows Server 2012. You can upload the .vhd file to Azure, and then attach it to a virtual machine. Currently, Azure supports a maximum .vhd size of 999 GB. After you attach a disk to a virtual machine, you must initialize it before use. Many organizations use a custom operating system image for their computers. Also, in some more complex environments, you would use a set of virtual machine images for a single service. You would typically manage these images by using VMM in on-premises environments. For many organizations, multiple images handle client computers and servers running different operating systems and applications. You can upload your customized images to Azure so that you can deploy your images in Azure. To use your images in Azure, you must meet the following prerequisites: •
•
•
You must download and install the Azure Windows PowerShell module on an on-premises computer. The module contains the Add-AzureVHD cmdlet, which you will use to upload your custom images to Azure. You must create a .vhd file containing your custom Windows operating system image. Note that Azure does not support .vhdx files, but you can convert your existing .vhdx files to .vhd before you upload them. Azure must support the operating system in the image. Azure supports images containing Windows Server 2008 R2 and newer versions.
Microsoft Azure Fundamentals
3-15
When you are ready to begin, follow these high-level steps: 1.
Launch Azure Windows PowerShell and connect to Azure.
2.
Run the upload command. For example, your system has the following parameters: o
The URL to the storage container is https://10979astorage01bs.blob.core.windows.net /10979a-c1
o
The container name is 10979a-c1
o
The local path to the .vhd file is D:\Images\2012-R2-General.vhd
o
The new .vhd file will be called "2012-R2-General.vhd"
You would run the following command to upload the image: Add-AzureVhd -Destination "https://10979astorage01bs.blob.core.windows.net/10979ac1/Images/2012-R2-General.vhd" -LocalFilePath "D:\Images\2012-R2-General.VHD"
3.
Add the image to your custom images list. You can add the image by using the Azure management portal or by using Windows PowerShell. When the image is in the custom images list, it is available for deployment when you create a new virtual machine.
You also have the option of using the VM Depot instead of uploading an image. The VM Depot contains a large number of community-developed images that you can customize and use when you are creating new VMs. However, the depot contains only non-Windows images, most of which are based on the Linux operating system. Many of the images are based on their intended use. For example, you can find images configured for blogging services and web servers. Community members provide and license the virtual machine images on this site to you. Microsoft Open Technologies does not screen these images for security, compatibility, or performance, and does not provide any license rights or support for them.
Configuring New Disks in a Windows Virtual Machines When you attach a disk to the Azure virtual machine, you can manage that disk in the same way as you would manage a disk on the physical machine or a virtual machine deployed locally on your Hyper-V server. Typically, you use Disk Management for managing disks and volumes. When you first attach an empty disk to the Azure virtual machine, you should initialize it, and then create volumes. Before creating volumes, you should choose which type of disk you want to use. When selecting a type of disk for your use in Windows Server 2012, you can choose between basic and dynamic disks.
Basic Disks All versions of the Windows operating system support basic storage, which uses partition tables. A basic disk is one that you initialize for basic storage and that contains basic partitions such as primary partitions and extended partitions. You can subdivide extended partitions into logical volumes. By default, when you initialize a disk in the Windows operating system, the disk is configured as a basic disk. It is easy to convert basic disks to dynamic disks without any data loss. However, when you convert a dynamic disk to a basic disk, all data on the disk is lost.
3-16
Virtual Machines in Microsoft Azure
Dynamic Disks The Microsoft Windows 2000 Server operating system introduced dynamic storage. By using dynamic storage, you can build fault-tolerant, redundant storage systems. You can also perform disk and volume management without having to restart computers that are running Windows operating systems. A dynamic disk is one that you initialize for dynamic storage and that contains dynamic volumes. You can create a dynamic volume from free space on one or more disks. You can format the volume with a file system and assign it a drive letter or configure it with a mount point. Dynamic disks do not perform better than basic disks, and some programs cannot address data that is stored on dynamic disks. For these reasons, you would not normally convert basic disks to dynamic disks unless you need to use some of the additional volume configuration options that dynamic disks provide.
ReFS In Windows Server 2012, besides being able to format volumes with file allocation table (FAT) or New Technology File System (NTFS), you can also use Resilient File System (ReFS). ReFS is a new feature in Windows Server 2012 that is based on the NTFS file system. It provides the following features and advantages: •
Metadata integrity with checksums.
•
Expanded protection against data corruption.
•
Increased reliability, especially during a loss of power, over NTFS, which can experience corruption in similar circumstances.
•
Larger volume, file, and directory sizes.
•
Redundancy for fault tolerance.
•
Disk scrubbing for protection against latent disk errors.
•
Resiliency to corruptions with recovery for maximum volume availability.
ReFS uses a subset of NTFS features, so it maintains backward compatibility with NTFS. Therefore, programs that run on Windows Server 2012 can access files on ReFS, just as they would on NTFS. However, an ReFS-formatted drive is not recognized when placed in computers that are running Windows Server operating systems older than Windows Server 2012. You can use ReFS drives with Windows 8.1, but not with Windows 8. Windows Server 2012 also provides a new way to manage storage that is attached to the physical host or a virtual machine, by implementing Storage Spaces technology. Storage Spaces is a storage virtualization feature that Windows Server 2012 and the Windows 8 operating system include. The Storage Spaces feature has two components: •
•
Storage pools. Storage pools are a collection of physical disks that have been aggregated into a single logical disk so that you can manage the multiple physical disks as a single disk. You can use Storage Spaces to add physical disks that have different sizes and interfaces to a storage pool. Storage spaces. Storage spaces are virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control.
Microsoft Azure Fundamentals
3-17
Demonstration: Configure Disks In this demonstration, you will see how to attach a new data disk to an Azure virtual machine.
Demonstration Steps 1.
In the Azure preview portal, browse to Virtual Machines.
2.
Navigate to the virtual machine that you created in the first demonstration.
3.
Open the Disks tile.
4.
Ensure that you see only the operating system disk attached to the virtual machine.
5.
In the Disks pane of Virtual machine properties, choose to attach new disk.
6.
Select the default storage account that was created during the creation of the virtual machine.
7.
Choose the vhds container.
8.
Create a new data disk with a size of 5 GB.
9.
After the disk is attached to the virtual machine, connect to it and verify that the disk appears in the Disk Management console.
3-18
Virtual Machines in Microsoft Azure
Lab: Create a Virtual Machine in Microsoft Azure Scenario Orders at A. Datum Corporation have increased significantly. Currently, the order systems run on a server that provides other in-house services. You have decided to use a dedicated server for your order systems. Furthermore, this server needs to be able to cope with increasing workloads in the event of future changes in order volume. With this in mind, you have decided to create an Azure-based server and evaluate this as a host for the order systems.
Objectives After completing this lab, you will be able to: •
Create a virtual machine.
•
Attach a data disk to the virtual machine.
•
Connect to a virtual machine.
Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides.
Exercise 1: Create a Virtual Machine from the Gallery Scenario As a part of your task to evaluate server hosting in Microsoft Azure, you have to create a virtual machine from the Azure gallery. The main tasks for this exercise are as follows: 1.
Select and create a virtual machine.
2.
Verify virtual machine creation.
Task 1: Select and create a virtual machine
1.
Sign in to your Azure account on the Azure portal available at http://azure.microsoft.com. After signing in, switch to a new Azure preview portal.
2.
Create a new virtual machine by using the following settings:
3.
o
Operating system: Windows Server 2012 R2 Datacenter
o
VM name: server-10979
o
User name: server-admin
o
Password: Moc1500!
o
Location: Select the location that is closest to you
o
Storage account: create new by using default values
Select to create a virtual machine with these settings, and then wait for a couple of minutes until the virtual machine is created.
Microsoft Azure Fundamentals
3-19
Task 2: Verify virtual machine creation •
Switch back to the Azure management portal, and then verify that the virtual machine is displayed and has the Running status.
Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual machine.
Exercise 2: Verify the Functionality of the Virtual Machine Scenario After creating a virtual machine, you want to make an RDP connection to it and verify its properties. The main tasks for this exercise are as follows: 1.
View the properties of the virtual machine.
2.
Connect to a virtual machine.
Task 1: View the properties of the virtual machine
1.
Open the Azure preview portal, click the HOME tab and then click to open the Azure portal.
2.
In the Azure portal, click the virtual machine that you created in the previous demonstration.
3.
Browse through the DASHBOARD, MONITOR, ENDPOINTS, and CONFIGURE tabs and review the available options.
Task 2: Connect to a virtual machine
1.
Switch to the Azure preview portal.
2.
Click Browse and then select virtual machine created earlier.
3.
Connect to the virtual machine from the Azure portal, sign in, and then navigate around the server configuration by viewing Server Manager and File Explorer. Use the credentials that you defined for the virtual machine in the previous exercise.
4.
Disconnect the Remote Desktop Connection session when finished.
Results: After completing this exercise, you will have established a connection to the virtual machine.
Exercise 3: Attach a Data Disk Scenario After creating a new virtual machine in Microsoft Azure, you want to add a new disk to store data. The main tasks for this exercise are as follows: 1.
View virtual machine disks.
2.
Attach a data disk.
3-20
Virtual Machines in Microsoft Azure
Task 1: View virtual machine disks
1.
In the Azure portal, browse to Virtual Machines.
2.
Navigate to the virtual machine that you created in Exercise 1.
3.
Open the Disks tile.
4.
Ensure that you see only the operating system disk attached to the virtual machine.
Task 2: Attach a data disk
1.
In the Disks pane of Virtual machine properties, choose to attach a new disk
2.
Select the default storage account created during virtual machine creation.
3.
Choose the vhds container.
4.
Create a new data disk with a size of 5 GB.
5.
After the disk is attached to the virtual machine, use Azure preview portal to connect to it
6.
Sign in to virtual machine with credentials defined in Exercise 1. Open Computer Management in the virtual machine window, and verify that disk appears in the Disk Management console.
Results: After completing this exercise, you will have attached a new disk to a virtual machine.
Microsoft Azure Fundamentals
3-21
Module Review and Takeaways Best Practice •
Before creating Azure virtual machines, ensure that you are familiar with the pricing for the capacity you need.
•
Ensure that the size of your virtual machine will meet the needs of services that it hosts.
•
Use availability sets when you host the same service in more than one virtual machine.
•
Use data disks in different storage accounts to achieve better performance.
Review Question Question: Can you create generation two virtual machines in Microsoft Azure?
Module Overview Microsoft Azure virtual networks are a critical component of most Azure deployments. With Azure virtual networks, you can establish secure and reliable communication between Azure virtual machines and between your data center and Azure. By using Azure virtual networks, you can effectively extend your data center to Microsoft Azure. In this module, you will learn how to create and implement Azure networks, and how to implement communications between your on-premises infrastructure and Azure.
Objectives After completing this module, you will be able to: •
Describe the purpose and functionality of Azure virtual networks.
•
Create Azure virtual networks.
•
Implement point-to-site networks.
4-2
Virtual Networks
Lesson 1
Getting Started with Virtual Networks You must be familiar with virtual networks before implementing them in Azure. Also, it is important that you determine whether your cloud deployment requires virtual networks. In this lesson, you will learn about virtual networks and their proper implementation.
Lesson Objectives After completing this lesson, you will be able to: •
Describe virtual networks.
•
Determine the need for a virtual network.
•
Describe virtual network awareness.
What Are Virtual Networks? When you deploy virtual machines in your onpremises environment, you must create virtual networks to enable the virtual machines to communicate with each other. Depending on your communication needs for virtual machines, you can create private, internal, or external virtual networks switches. By using these switches and networks, virtual machines communicate with the rest of your network, with other virtual machines, and with the Microsoft Hyper-V host machine. Deploying virtual machines in Microsoft Azure is similar to deploying them on-premises. However, because you do not deploy Azure virtual machines in your own data center, and because they are not physically connected to your network infrastructure, you must connect these virtual machines to your internal infrastructure first. By running software that your company’s employees use in Azure virtual machines, you can make these applications as accessible as if they were running in your own data center. By default, Azure virtual machines can communicate with each other, but network communication with your on-premises infrastructure is not enabled, except for Remote Desktop Protocol (RDP) traffic. You can address this issue is by creating a virtual private network (VPN) between your local network infrastructure and Azure virtual machines. However, before you create a VPN connection, you must first create an Azure virtual network, and assign virtual machines to it. The Microsoft Azure virtual network represents a logical boundary around a group of virtual machines, called a virtual network , in an Azure data center. After you create a virtual network in Azure, you can establish a connection, protected with Internet Protocol security (IPsec), between this network and your local network. When creating Azure virtual networks, you can allocate IP addresses for the Azure virtual machines from the same IP address space that you use in your own network. This greatly simplifies the deployment of the Azure virtual machines (VMs) and the movement of the locally deployed virtual machines to the Microsoft Azure platform. Because the connection between your local infrastructure and Azure virtual machines happens on the IP level, the connection does not depend on an operating system running in the virtual machines. After you establish this connection, the Azure virtual machines running in virtual networks look like just another part of your organization’s network. As a result, virtual machines in Azure can also access
Microsoft Azure Fundamentals
4-3
resources in your local network infrastructure. For example, you can run a service in an Azure VM that uses data stored on your locally deployed storage.
Additional Reading: For more information on virtual networks, go to http://go.microsoft.com/fwlink/?LinkID=517442
Determine the Need for Virtual Networks Not every deployment of Azure virtual machines requires the deployment of Azure virtual networks. Whether you need an Azure virtual network depends on what you are trying to do. Because there is no universal design for Azure virtual networks, it is important that you carefully plan virtual network deployments for resources in Azure. In general, your solution for networking in Azure will fall into one of the following categories: no virtual networks, cloud-only virtual network, and cross-premise virtual network. We recommend that you evaluate your need for virtual networks before you deploy Azure virtual machines, because virtual machines and cloud services configure their network settings during deployment. This means you cannot move your existing Azure virtual machines into a virtual network that is already deployed. However, you can redeploy your virtual machines to connect them to proper virtual networks, which can cause some downtime. Depending on your usage scenario, you can create two types of virtual networks in Microsoft Azure. •
•
If you do not plan to connect your Azure virtual machines to your local network infrastructure, you will use cloud-only virtual network deployments. In this case, on-premises resources can access Azure virtual machines only through connection endpoints. The Azure virtual machines can communicate with each other and access the Internet, but they cannot use any VPN-based connections. To connect your internal data center to Azure virtual machines by using a secure connection, and to provide two-way resource access between Azure VMs and an on-premises infrastructure, you create a Cross-Premise virtual network. When creating a Cross-Premise virtual network, you must create a gateway to your internal network. You must also consider IP addressing.
4-4
Virtual Networks
Virtual Network Awareness Virtual machines deployed in a cloud utilize virtual networks in Azure the most, but other Azure services can also use them. Currently, virtual networks created in Azure support cloud services only. Cloud services in Azure that can use virtual networks include cloud services and virtual machines. A cloud service consists of one or more web roles or worker roles, each with its own application files and configuration. At the time of writing this course, Azure websites support integration with the Azure virtual networks, but Microsoft Azure SQL Database does not. Integration between Azure Websites and the Azure virtual network enables your website to access resources running your virtual network. This includes the ability to access web services or databases running on your Azure virtual machines. If your virtual network is connected to your onpremises network, your Azure Website will be able to access the on-premises systems through this integration. Also, within virtual networks, you can deploy cloud services with web and worker roles such as those in Platforms as a Service (PaaS). You do not have to change your application code for this. When you configure your service, you should specify your virtual network name and the role/subnet mappings in the network configuration section. However, once you deploy a service to a virtual network, you cannot move it in and out of the virtual network. If you want to move the service, you will have to delete and then redeploy the service.
Microsoft Azure Fundamentals
4-5
Lesson 2
Creating a Virtual Network To create and use virtual networks, you should configure several configuration options. In this lesson, you will learn about virtual network components, and how to create virtual networks. Also, you will learn about Microsoft Azure Traffic Manager.
Lesson Objectives After completing this lesson, you will be able to: •
Describe virtual network components.
•
Create a virtual network.
•
Describe the Microsoft Azure Traffic Manager.
Virtual Network Components When you create a virtual network in the Azure portal, you must configure several components and properties. For cloud-only virtual networks, configuration steps are simpler, because you do not have to create a gateway to your on-premises infrastructure. If you decide to have a crosspremise virtual network, you must configure additional elements. When you start a wizard to create a new virtual network, you first have to provide a network name. You may choose any name, but it cannot start with a number. After you select your virtual network name, you should configure the Location parameter. You can configure the location by selecting a region from the drop-down list. This location specifies where you want your virtual machines to reside when you deploy them to the virtual network you are creating. For example, if you indicate that your network is located in the South Central US region, each virtual machine that you assign to this network will be located in this same region. It is not possible to change the region associated with your virtual network after you create it. After you configure your network location, you will have the option to configure Domain Name System (DNS) servers for your network. By default, Azure provides name resolution for your virtual network. However, if you have more advanced DNS requirements, or want to use dedicated DNS servers for your Azure virtual machines, you have the option to configure DNS servers for each virtual network you create. If you do not want to connect your virtual network with an on-premises infrastructure, the only thing you should configure for the Azure virtual network is the Virtual Network Address Space. When configuring the Virtual Network Address Space, you specify the address space that you want to use within the virtual network you create. You can choose between 10.0.0.0, 172.16.0.0, and 192.168.0.0 with var iable length subnet masks. You can also configure additional subnets within these address spaces. IP addresses from ranges configured here will be dynamically assigned to your virtual machines. However, you cannot use these IPs for connection endpoints on the Internet.
4-6
Virtual Networks
If you choose to connect your virtual network with your on-premises infrastructure, you must select pointto-site or site-to-site connectivity options on the DNS Servers and VPN Connectivity page of the wizard. If you choose to create site-to-site connectivity, you will have to configure on-premises VPN device IP address, and specify your local IP scope. For point–to-site connectivity, you must select the IP address range that will be used for VPN clients.
Demonstration: Creating a Virtual Network In this demonstration, you will see how to create an Azure virtual network.
Demonstration Steps 1.
Sign in to your Azure subscription at https://manage.windowsazure.com.
2.
Click Networks in the navigation pane.
3.
Choose to create a new virtual network.
4.
Name the network VNET1, and choose West US as the location.
5.
Do not make changes to DNS Servers and Connectivity options.
6.
Select 192.168.0.0/24 for Virtual Network Address Spaces.
7.
Add 172.16.0.0/16 subnet and name it Subnet-2.
8.
Finish the wizard and create a network.
Azure Traffic Manager When you implement an application in Microsoft Azure, you will want to provide efficient and fast access to it for the end users. In situations where you deploy an application in multiple Azure data centers (such as when you deploy several virtual machines in different Azure regions), you will want to direct user request traffic across these data centers so that users experience minimal latency. To achieve this type of optimization, the Azure platform provides a service called Azure Traffic Manager. This service intelligently directs requests from users across instances of an application running in different Azure data centers. When a user wants to access your application or a web site, the user’s machine will look up the DNS name of your application. Queries for the IP address will go to Azure DNS servers. DNS in Azure will then search for the Traffic Manager policy for the name that was received in a query. If it finds one, Azure Traffic Manager calculates the most efficient connection for the specific user, based on policy, and directs the user to the appropriate Azure data center.
Microsoft Azure Fundamentals
When you create an Azure Traffic Manager policy for your application, there are three options that you can configure to determine how Azure Traffic Manager behaves: •
•
•
Performance. If you choose this option, Traffic Manager sends all client requests to the data center with the lowest latency from the user system. Usually, this will be the data center that is geographically closest to the user. Failover. If you choose this option, Traffic Manager directs all client requests to the data center that you specify in the policy. If the data center is unavailable, Traffic Manager directs requests to other data centers in the priority order defined by the policy. Round Robin. If you choose this option, Azure Traffic Manager equally distributes client requests across all data centers in which the application is running.
Azure Traffic Manager periodically checks all instances of the application that it manages. It periodically pings each copy of the application via an HTTP GET and records the response. If there is no response, it stops directing users to that instance of the application until it reestablishes the connection.
4-7
4-8
Virtual Networks
Lesson 3
Implementing Point-to-Site Networks In many scenarios, you might need to initiate a remote connection to the Azure virtual network. Azure virtual networks give you the ability to initiate a secure point-to-site VPN connection from anywhere, by using a software VPN client. In this lesson, you will learn about point-to-site VPN connections and how to implement them.
Lesson Objectives After completing this lesson, you will be able to: •
Describe a point-to-site VPN connection.
•
Describe the requirements for a point-to-site VPN connection.
•
Set up a point-to-site VPN connection.
Overview of Point-to-Site VPN By default, each virtual machine that you create in Azure is accessible by an RDP or an SSH connection. However, if you want to establish a secure connection from your computer (or from your local network resources) to the Azure virtual network, you have to create a VPN connection. By setting up a point-to-site VPN connection, you can create individual connections from client computers that you want to connect to the Azure virtual network. In site-to-site VPNs, you establish a VPN connection throughout your whole local network infrastructure, and you use a VPN device on your side. With point-to-site VPNs, you establish a connection by using a software VPN client that you install on each machine from which you want to initiate a connection to the Azure virtual network. This type of VPN connection does not require that you have a VPN device. Also, you do not need to have a static IP address assigned to the VPN client. You can establish a point-to-site VPN connection manually by initiating a connection from the client. Although site-to-site VPNs will probably be the ideal solution when you want to extend your data center to Azure, there are some scenarios where point-to-site VPNs are more appropriate. For example, if you want to configure just a few clients from your network to connect to the Azure virtual network, a pointto-site VPN is the appropriate solution. In addition, point-to-site is best if you want to enable your clients to connect to the Azure virtual network from remote locations, such as hotels or airports. If you do not have an externally facing IPv4 IP address for your VPN device, you will also have to establish a point-tosite connection. Even when you have implanted a site-to-site VPN, you might need point-to-site VPN connections for remote clients that require a connection to Azure. Because of this, point-to-site and site-to-site configurations can exist concurrently.
Microsoft Azure Fundamentals
4-9
Overview of Requirements for Point-to-Site VPN Although creating a point-to-site VPN connection is fairly simple, it does require that you configure certain settings before beginning the process. When you create a virtual network in the Azure portal and select the option to enable point-tosite connectivity, you will be required to configure address space for IP addresses that you want to assign to cross-premises clients connecting through a point-to-site connection. This address space must be from the private range 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. You must ensure that the range you select here does not overlap with other virtual networks or networks on your local site. Also, you will have to configure virtual network address space that will be used within the virtual network you are creating. This network address space also should not overlap with address space that you use in your on-premises environment. Each point-to-site VPN requires that you configure a dynamic routing gateway. A point-to-site VPN requires a gateway subnet. Only the virtual network gateway uses the gateway subnet. You use certificates to perform authentication for the clients that are initiating a point-to-site VPN connection. You must first create a root certificate and upload it to the Azure management portal. Then you create client certificates used for authentication. You create these certificates manually by using the makecert command line utility (part of Microsoft Visual Studio tools). Currently, you cannot use an internal certification authority (CA) to generate these certificates, so you must use self-signed certificates. You must install a client certificate on each computer that you want to connect to the virtual network, so you must generate a client certificate for each machine that you want to connect to the Azure virtual network. You can generate certificates for all clients on a single machine, export them, and then import on each client. It is important that you export certificates in .pfx format that includes the private key. The next topic will cover the certificate generation process Based on generated certificates and the dynamic gateway, the Azure platform will generate VPN client software that you should install on each machine that will be connecting to the Azure virtual network. Currently, the Azure platform supports the following operating systems as clients: •
Windows 8.1 (32-bit and 64-bit)
•
Windows 8 (32-bit and 64-bit)
•
Windows 7 (32-bit and 64-bit)
•
Windows Server 2012 R2 (64-bit only)
•
Windows Server 2012 (64-bit only)
•
Windows Server 2008 R2 (64-bit only)
You will choose to download the 32-bit or 64-bit VPN client. You can then manually install VPN client software on each machine, or use a software distribution mechanism, such as Microsoft System Center Configuration Manager.
4-10
Virtual Networks
Setting Up a Point-to-Site VPN You can use the Azure management portal to create a point-to-site VPN. If you have already created virtual networks, you can enable them for point-to-site connectivity. However, you might have to change other configuration parameters. Because of this, we recommend that you configure point-to-site connectivity when you create an Azure virtual network. You would typically use the following process to create and configure a virtual network with pointto-site connectivity: 1.
Create a virtual network. As the previous lesson described, you should start the wizard for creating a new virtual network. During the wizard, you should select the check box for enabling point-to-site VPN capability. You will see the configuration page where you can configure address space for VPN clients, the virtual network address space, and gateway subnet. If you enable point-to-site connectivity on an existing virtual network, you will also have to configure these parameters.
2.
Create a dynamic routing gateway. A gateway is a mandatory component for a point-to-site VPN connection. You must enable a dynamic routing gateway after you create your virtual network with point-to-site connectivity. It usually takes up to 15 minutes to create the gateway.
3.
Create certificates. As described earlier, certificates are used for VPN authentication purposes. To create a root self-signed certificate, you should issue the following command: makecert -sky exchange -r -n "CN=RootCertificateName" -pe -a sha1 -len 2048 -ss My "RootCertificateName.cer"
After you create the root certificate, you should upload it to Azure by using the Certificates tab in the Network configuration pane. Then you should create client certificates. You use the same commandline utility as for the root certificate, but with different parameters. For example: makecert.exe -n "CN=ClientCertificateName" -pe -sky exchange -m 96 -ss My -in "RootCertificateName" -is my -a sha1
This command creates a client certificate in a user’s Personal store on the computer where you issue this command. You can generate as many client certificates as needed by using this same command and typing different values for ClientCertificateName. We recommend that you create unique client certificates for each computer that you want to connect to the virtual network. After you create the client certificates, you should export them in the .pfx format and import them on the client machines that will be connecting to the network. 4.
Download and install the VPN client software. After you configure a dynamic gateway and certificates, you will be see a link to download a VPN client for a supported operating system. You should download the appropriate VPN client (32-bit or 64-bit) and install it on client machines that will be initiating a VPN connection. Ensure that you also install the client certificate from step 3 before you initiate the VPN connection.
Microsoft Azure Fundamentals
4-11
Demonstration: Set Up a Point-to-Site VPN In this demonstration, you will see how to create a point-to-site VPN connection.
Demonstration Steps 1.
Open the Azure management portal and navigate to NETWORKS.
2.
Open the configuration pane for VNET1.
3.
Enable the Configure point-to-site connectivity option and save changes.
4.
Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. Ensure that 10.0.0.0/24 is selected.
5.
Open Developer Command Prompt for VS2013 as administrator.
6.
In the command prompt window, type makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the command prompt window.
7.
Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal. Upload the certificate that you just created and stored to C:\temp.
8.
Restore the command prompt window. Type makecert.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1, and then press Enter.
9.
Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click to create gateway.
4-12
Virtual Networks
Lab: Create a Virtual Network Scenario A. Datum Corporation is planning to create several cloud-based virtual machines. You want to create a configurable network to control communication between these virtual machines. Also, A. Datum wants to evaluate ways to connect remote workers to cloud resources by using VPN. To address this requirement, you decided to implement point-to-site VPNs.
Objectives After completing this lab, you will be able to: •
Create a virtual network.
•
Create a virtual machine from the Gallery.
•
Add point-to-site connectivity.
Lab Setup Estimated Time: 60 minutes Sign in to your classroom computer by using the credentials your instructor provides. You must have successfully completed Lab 1 before you start working on this lab.
Exercise 1: Creating a Virtual Network Scenario As a first step in deploying virtual network infrastructure, you want to create a new virtual network. The main task for this exercise is as follows: 1.
Create a virtual network.
Task 1: Create a virtual network
1.
Sign in to your Azure subscription on https://manage.windowsazure.com.
2.
Select NETWORKS in the navigation pane.
3.
Choose to create new virtual network.
4.
Name the network VNET1, and choose West US as location.
5.
Do not make changes to the DNS Servers and Connectivity options.
6.
Select the IP range 192.168.0.0/24 as the range for Virtual Network Address Spaces.
7.
Add the 172.16.0.0/16 subnet and name it Subnet-2.
8.
Finish the wizard and create a network.
Results: After completing this exercise, you will have created a new virtual network.
Microsoft Azure Fundamentals
4-13
Exercise 2: Creating Virtual Machines from the Gallery Scenario After creating a virtual network, you want to assign virtual machines to it. You will create two virtual machines and assign them to the VNET1 virtual network. The main tasks for this exercise are as follows: 1.
Create a virtual machine.
2.
Create a second virtual machine.
3.
Test virtual network connectivity.
Task 1: Create a virtual machine
1.
Open the Azure preview portal at https://portal.azure.com and sign in with the Microsoft account associated with your Azure subscription.
2.
Create a new virtual machine in the Azure preview portal with following parameters: o
Host name: Server1
o
User name: server1-admin
o
Password: Moc1500!
o
Pricing tier: Basic A1
o
Virtual Network: VNET1
Task 2: Create a second virtual machine •
Create a new virtual machine in the Azure preview portal with following parameters: o
Host name: Server2
o
User name: server2-admin
o
Password: Moc1500!
o
Pricing tier: Basic A1
o
Virtual Network: VNET1
Task 3: Test virtual network connectivity
1.
In the Azure preview portal, connect to the Server1 virtual machine by using an RDP connection.
2.
Note the Internal IP address assigned to Server1.
3.
In the Azure preview portal, connect to the Server2 virtual machine by using an RDP connection.
4.
Note the Internal IP address assigned to Server2. Open Network and Sharing Center on Server2 and enable Network discovery and file sharing.
5.
On the Server1 machine, open File Explorer and in the address bar, type \\IPaddressofServer2, and then press Enter. Ensure that the server opens, which confirms that your servers can communicate via virtual network VNET1.
Results: After completing this exercise, you will have created two new virtual machines and assigned them to VNET1.
4-14
Virtual Networks
Exercise 3: Add Point-to-Site Connectivity Scenario After creating a virtual network and virtual machines, you want to enable point-to-site functionality on existing virtual networks, and establish a VPN connection from your computer. The main task for this exercise is as follows: 1.
Add point-to-site connectivity.
Task 1: Add point-to-site connectivity
1.
Open the Azure management portal and navigate to NETWORKS.
2.
Open the configuration pane for VNET1.
3.
Enable the Configure point-to-site connectivity option and save changes.
4.
Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. Ensure that 10.0.0.0/24 is selected.
5.
Open Developer Command Prompt for VS2012 as administrator.
6.
In the command prompt window, type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer" and press Enter. Do not close the command prompt window.
7.
Switch back to the Azure management portal, and click the CERTIFICATES tab on the VNET1 portal. Upload the certificate that you just created and stored to C:\temp.
8.
Restore the command prompt window. Type the following command: makecert.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1 , and press Enter.
9.
Switch back to the Azure portal and in the VNET1 configuration pane, on the DASHBOARD tab, click to create the gateway.
10. After gateway is created, download 64-bit VPN client from DASHBOARD and install it on the classroom machine. Unblock the file that you downloaded before starting installation 11. Initiate VPN connection by using VPN client and ensure that you can establish it. 12. Execute ipconfig command in Command prompt and ensure that you have IP address from 10.0.0.0/24 scope assigned to PPP adapter VNET1. 13. Disconnect from VNET1.
Results: After completing this exercise, you will have established a point-to-site connectivity.
Microsoft Azure Fundamentals
4-15
Module Review and Takeaways Review Questions Question: Is it mandatory to setup the Domain Name System (DNS) on your Azure virtual network? Question: If you have machines running Windows XP and Windows Vista, can you initiate a point-to-site connection?
Best Practice •
•
•
•
Before you create any virtual networks, analyze your requirements and determine what type of virtual network you need. Carefully plan address space for virtual networks, especially if you are going to implement cross-site connectivity. Use point-to-site VPNs when you want to provide access from single computers at remote locations to your Azure virtual network. Issue a separate client certificate for each client that will be using a point-to-site VPN.
Common Issues and Troubleshooting Tips Common Issue You do not see an option to download the VPN client for a point-to-site connection.
The VPN client cannot establish a pointto-site VPN connection.
Troubleshooting Tip
5-1
Module 5 Cloud Storage Contents: Module Overview
5-1
Lesson 1: Understand Cloud storage
5-2
Lesson 2: Create and Manage Storage
5-12
Lab: Configure Azure Storage
5-18
Module Review and Takeaways
5-20
Module Overview As a part of the Microsoft Azure platform, Microsoft also offers storage that you can use for various purposes. Cloud-based storage, available in Microsoft Azure, can reduce the size of your storage banks and provide you more flexibility for managing your storage requirements. You can use storage in Azure for virtual machines, but also for databases, tables, and message queueing. In this module, you will learn about cloud storage in Microsoft Azure.
Objectives After completing this module, you will be able to: •
Describe the features and benefits of cloud storage.
•
Create and manage storage in Azure.
5-2 Cloud Storage
Lesson 1
Understand Cloud storage Before you implement and use cloud-based storage, it is important that you have a good understanding of the available storage options and the storage types that you can use in Azure. Typically, you do not manage and configure storage within the Azure platform the same way that you manage your onpremises storage. Cloud-based storage is provisioned from your storage account, and you configure it based on your needs. In this lesson, you will learn about cloud storage in Microsoft Azure.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Azure storage.
•
Describe blobs.
•
Describe tables.
•
Describe queues.
•
Describe Azure File services.
•
Describe storage replication options.
•
Compare storage options.
•
Describe Azure storage best practices.
Azure Storage Overview Azure Storage is cloud-based storage that can be quickly provisioned and used across a variety of platforms, services, and applications. You can use Azure Storage across all of the other Azure services that require storage services, and other services outside of Azure, such as your applications deployed locally. To use Azure storage, you must have a valid Azure subscription, and you must create your storage account. A storage account is a mandatory component for all tasks that involve storage in Azure. You create your storage account from the Azure portal, or you can create it by using the representational state transfer (REST) application program interface (API). The following lesson covers storage accounts and their management in more detail. The Azure storage services include Blob storage, Table storage, Queue storage, and File storage. •
•
•
Blob storage can store any type of data, text or binary, such as media files, documents, installation images, and other types. Table storage is a NoSQL key-attribute data store, which allows for rapid development and fast access to large quantities of data. Queue storage provides reliable messaging between applications and workflow processing, and communication between components of cloud services.
Microsoft Azure Fundamentals
•
5-3
File storage offers shared storage for applications that use standard SMB 2.1 protocol. With file storage, virtual machines can share data across application components through mounted shares, and on-premises applications can access file data in a share through the File service REST API.
Types of Azure storage will be discussed with more detail in other topics in this lesson.
Typical Usage of Azure Storage The flexibility of Azure storage enables you to use it in a wide range of scenarios. The following core uses will help you understand Azure storage better. •
•
•
Building data-sharing applications. Social networks and applications are very popular and are growing rapidly. These networks and applications both rely on data sharing, and they often need to present data to people worldwide. This type of use is an excellent fit for Azure Storage because Azure Storage is spread across worldwide datacenters. Big data storage and analysis. With the growth of social networks and smart homes, companies and users have been generating increasing amounts of data. In some cases, this data becomes more valuable after it has been analyzed. In recent years, big data services such as Hadoop have tried to provide such services. Because Azure Storage is cloud-based, it can accommodate big data and can help facilitate analysis of that data. Backups. Companies have to back up their data. A good practice is to back up your data to an off-site location so that your data is safe in case of a local disaster. With Azure Storage, you can use Azure as your off-site location. Not only can you back up your infrastructure and Azure services to Azure, but you also can back up devices and other items to Azure—including smartphones and personal computers.
Note that there are many other scenarios in which Azure can be a solution, especially infrastructure-based scenarios that involve virtualization. Some of these scenarios will be covered in later lessons, demos, or labs.
Existing Public Use of Azure Storage Public use of Azure Storage is increasing. Everyday services that individuals access or consume might be built on and delivered from Azure Storage, but the users might not always realize it. The following list describes a few examples of public use of Azure Storage: •
•
•
•
Microsoft Xbox One. Xbox One has a feature that enables users to record in-game action as video so that users can share game action with friends on social networks or on the Internet. This feature, known as the Game DVR feature, uses Azure Storage. Other Xbox features also use the Azure Storage blob storage, table storage, and queue storage features. Microsoft OneDrive. Formerly known as Microsoft SkyDrive, OneDrive is a cloud-based storage service for end users and organizations that want to store files in the cloud and share files with others via the cloud easily. OneDrive is integrated into Windows 8 and newer versions, which enables users to transfer files to the cloud storage by simply right-clicking on a file and choosing to send it to OneDrive. OneDrive uses blob storage in Azure. Bing. The search engine Bing uses blob storage, table storage, and queue storage in Azure. Azure Storage is used in Bing to store Twitter and Facebook public status feeds that are sent to Bing, and to provide Bing search results. Skype. The Skype service uses blob storage, table storage, and queue storage for Skype video messaging.
5-4 Cloud Storage
Azure Storage Pricing Azure Storage pricing varies depending on how you use and configure the storage. Azure Storage pricing is based on three elements: •
•
•
Storage capacity. Pricing varies widely based on the type of storage you use. At the time of writing this course, prices in USD range from 2.2 cents per gigabyte per month to up to 12 cents per gigabyte (GB) per month. Number of read and write operations to Azure Storage. The current price for storage transactions is .0005 cents per 100,000 transactions. Amount of data transferred out of Azure, which is also called data egress. Note that data goes into Azure at no charge. Data going out is charged per gigabyte, based on zones. The first 5 gigabytes of data transferred out is free. Thereafter, data is charged at up to USD 25 cents per gigabyte for lower use in the most expensive zone, and as low as five cents per GB for higher use in the least expensive zone.
The region where the data is stored also affects Azure Storage pricing. Some regions are more expensive than others. In addition, pricing is based on the type of storage. Pricing changes frequently.
Note: The prices shown above were current at the time we wrote this course.
Additional Reading: For the latest Azure Storage pricing, go to http://go.microsoft.com/fwlink/?LinkID=517443
What Are Blobs? A binary large object (blob) is commonly a type of data that can be stored in a database but not in the form defined by database. The blob data type usually exists as plain binary data, such as an image or media files. Blob storage in Azure stores unstructured data, similar to data that you would find on a file server. It can store data such as documents, image files, backups, and configuration data. Blobs are organized into containers, with a capacity of up to 500 terabytes (TBs) for each storage container. Blobs are appropriate for general storage use. Both blobs and containers can also have associated metadata. Metadata for a container or blob resource is stored as name-value pairs associated with the resource. Metadata names must adhere to the naming rules for C# identifiers. Blob storage supports snapshots and can be used with the content delivery network (CDN). There are two types of blob storage: •
Block blobs. Block blobs are optimized for streaming audio and video. Also, most of the other file types that you upload to your Azure Storage will be stored in block blobs. The maximum size of a block is 4 megabytes (MBs) and the maximum size of a block blob is 200 GB. Each block from a single blob is identified by a Block ID, and can also include an MD5 hash of the blob content. When you upload a large file to a block blob, the file is divided into blocks, which can be uploaded concurrently and then then combined together into a single file. This results in a faster upload time. Also, when it comes to data modification, blob data can be modified on the block level. This means that individual
Microsoft Azure Fundamentals
5-5
blocks can be added to an existing blob. Alternatively, existing blocks can be replaced by other blocks, and some specific blocks within a blob can be deleted. •
Page blobs. Page blobs are 512-byte pages. They are optimized for random read and write operations. The maximum size of a page blob is 1 TB. Most commonly, this type of blob is used to storage virtual hard drives for virtual machines. Operating system drives in Azure virtual machines use page blobs.
Currently, it is not possible to change the type of blob storage once you create it. There are several scenarios in which you use blob storage in Azure. For example, you can use blob storage to share files with clients or to offload some content from your web server. Also, blob storage in Azure provides persistent data storage for Azure Cloud services because hard drives used in Cloud service instances are not persistent. To use blob storage, you must create one or more containers within your storage account. Storage containers are created by using the Azure portal. All blobs are located in storage containers. An Azure Storage account can contain an unlimited number of containers, but total size of storage containers cannot exceed 100TB. Each blob can be accessed uniquely by using a URL in the following format: http://.blob.core.windows.net//blob-name Microsoft provides several Software Development Kits (SDKs) and APIs that developers can use for programmatically working with blob storage. At the time of writing this course, the following languages and platforms are supported: •
.NET SDK / .NET API Reference
•
Java SDK / Java API Reference
•
PHP SDK
•
node.js SDK
•
Ruby SDK
•
Python SDK
All the Azure services, including Storage, are based on a REST API over HTTP/HTTPS which means it is possible to make your own calls from your code to that API.
What Are Tables? The term table, in the context of Azure, is used to describe group of entities. Entity is a collection of properties and values stored together in the table. Entities that are present in the table do not necessarily have the same structure or the same schema. Table storage, called Azure Tables in Azure, is based on the NoSQL concept. NoSQL uses a relational database without a typical relational management database system or traditional SQLstyle tables. Instead, key/value pairs are used in NoSQL. Table storage uses key-attribute storage, meaning that all values in a table are stored with a property name. Table storage can accommodate any number of tables, up to 200 TB per storage account. This type of storage is similar to a database or an
5-6 Cloud Storage
Excel spreadsheet because all of tables have collections of rows (in this context, entities) and support manipulating and querying the data contained in the rows. The key differences between table storage and a database is that there is no efficient way to represent relationships between different data in table storage. In addition, there is no database schema to handle data-rules enforcement. Table storage has the following features: •
The largest table can be 100 TB.
•
The largest entity can contain up to 1 MB of data.
•
Each entity can have up to 255 properties.
Entities in the table storage support the following data types: ByteArray, Boolean, DateTime, Double, Guid, Int32, Int64 and String (up to 64 KB in size). Each entity created within table storage must have the following properties defined: PartitionKey, RowKey, and TimeStamp. By using PartitionKey, you can group entities in the table, while the RowKey is an identifier for each entity. PartitionKey and RowKey, combined, uniquely identify an entity within a table. This type of identification is very similar to the primary key in relational database. The TimeStamp property includes data about the last time of modification. Storing and accessing data in Table storage is mostly be done from applications. Most applications use the client library to store data to the tables, or call the REST API. With C# applications, you will need the Azure Storage Library for .NET to create and manage tables. Code addresses tables in an account by using this address format: http://.table.core.windows.net/
What Are Queues? Similar to Microsoft Message Queuing (MSMQ), for instance, MSMQ Azure Queue storage provides a mechanism for applications and services to pass messages to each other asynchronously. You can use Azure Queue storage to store a large number of messages that can be accessed from any location by authenticated calls made by using HTTP or HTTPs. A storage account can contain an unlimited number of queues with up to 200 TB of storage for each storage account. Individual messages are limited to 64 KB, and a queue can contain millions of messages, with the total number limited only by the total capacity of the storage account. Queue storage often temporarily houses jobs or tasks for processing. For example, an online service to translate documents from German to English could use queue storage so that all of the translation jobs could be run asynchronously. The two most common uses for queue storage are: •
To pass messages from an Azure Web role to an Azure Worker role. A Web role is usually a website or web application, often one that is running on the Windows Server operating system and Internet Information Services (IIS), or on a non-Microsoft web server. A Worker role is typically a Windows service or process that manages background processing tasks.
Microsoft Azure Fundamentals
•
5-7
To create a bucket of tasks to process asynchronously. The tasks are usually processed by the Worker role.
Queues can be addressed by using the following URL format: http://.queue.core.windows.net/
What Is Azure File Services? Azure File Services is a new service that provides shared folder services to other Azure resources. You can access files stored with Azure File Services over the SMB 2.1 protocol by connecting to .file.core.windows.net. The endpoint is accessible over HTTPS or by using standard Server Message Block (SMB) connectivity methods, as follows: •
You can connect to shares by using the net use command. For example, to connect to a storage account named 10979 configured with Azure File Services, and a file share named Share1, you could run the following command: net use s: \\10979.file.core.windows.net\Share1
•
•
You can connect to shares by using Windows PowerShell. The new Azure Files module for Windows PowerShell has new cmdlets to support Azure File Services. It includes functionalities such as downloading content from Azure Files shares and creating new shares. One of the new cmdlets is Get-AzureStorageFileContent , which you can use to download content from a share. You can connect to shares by using REST APIs. The REST API includes many operations that are beyond the scope of this course.
Note: The Azure File Services is currently in preview, and you must manually add it to an account from the preview portal.
Azure File Services is one of several storage services in Azure. It is important to know when you should use Azure Files in your application, and when you should use blob storage or disk storage. Often, an organization will use all three storage methods. The following examples show common uses for Azure Files, disk storage, and blob storage: •
•
Azure Files. Applications, services, and use cases that already rely on SMB are good candidates to use Azure Files. When you migrate on-premises resources to the cloud, the transition may be smoother if you maintain existing access methods such as SMB. Another potential use is shared administrative tools and shared development tools. By placing shared tools into Azure Files, all administrators and developers can quickly and easily access the tools from Azure virtual machines. Note that access to Azure Files is restricted by region when using SMB 2.1, and that access is not restricted by region when you use REST APIs. Disk storage. Disk storage is most often associated with virtual machines. When storage is required for a single virtual machine, disk storage is often used. For shared storage, disk storage is not the right solution.
5-8 Cloud Storage
•
Blob storage. You should use REST APIs with blob storage or any other supported SDK. Blob storage provides flexibility because developers can use the APIs to develop custom solutions, and the storage is available in any region. In addition, blob storage is the best choice when a large amount of storage is required, because a single storage container can support up to 500 TB of data.
When you name files and directories in Azure Files, keep in mind the following restrictions: •
•
•
•
Container names must be a valid Domain Name System (DNS) name between three and 63 characters. Acceptable characters are letters, numbers, and dashes (-). Container names must start and end with a number or letter, and they cannot start or end with a dash. SMB share names must not be more than 80 characters long, and you cannot use any of the following characters: \ / [ ] : | < > + = ; , * ? ".
•
All other Unicode characters may be used in an SMB share name.
•
Directory and file names also have the following restrictions: o
Names must be no more than 255 characters long.
o
The following characters are not allowed in directory or file names: " \ / : | < > * ?.
Azure Files also supports SMB file locking when a file is open. The following options can be used by SMB clients: •
•
•
•
•
None. Declines sharing of a file that is open. Any request to read, write, or delete the file will fail until the file has been closed. Shared Read. Allows additional reads, often referred to as shared reads, to an already-open file. However, writes and deletes will fail until the open file has been closed. Shared Write. Allows additional writes, often referred to as shared writes, to an already-open file. However, deletes will fail until the open file has been closed. Shared Read/Write. Allows additional reads and writes to an already-open file. However, deletes will fail until the open file has been closed. Shared Delete. Allows deleting of an already-open file.
Reference Links: To download the new Azure Files module for Windows PowerShell, go to http://go.microsoft.com/fwlink/?LinkID=398183
Additional Reading: For more information about File Service REST APIs, go to http://go.microsoft.com/fwlink/?LinkID=517444
Microsoft Azure Fundamentals
5-9
Storage Replication Options All storage accounts in Microsoft Azure are stored on three locations that have transactionally-consistent copies in the primary datacenter. This approach, which can be considered as local redundancy, already provides an additional level of availability for Azure storage, but you can also enable geo-replication for your storage. Locally redundant storage stores three copies of the data within a single region. Geo-redundant storage stores six copies of the data across two regions in the same geography. This means that the Microsoft Azure storage data that you stored within your storage account is not only stored in the primary location that you choose, but also is replicated in triplicate to another datacenter within the same region. For example, if you select West US as your primary location for Azure storage, enabling geo-redundancy also replicates your storage to the East US datacenter. You cannot choose locations for geo-redundancy, but the replication will never cross the region you select for the primary datacenter. The following table compares the replication types currently available. Locally redundant
Geo-redundant
Read-access geo-redundant
Redundancy
3 copies within a single region
3 copies within a single region, 3 additional copies in secondary region
3 copies within a single region, 3 additional copies in secondary region
Read access to replicas in secondary region
N/A
No
Yes
Availability service level agreement (SLA)
99.9% for all read/write
99.9% for all read/write
99.9% for writes, 99.95% for reads. Data is read from secondary source if primary one is unavailable
5-10 Cloud Storage
Compare Storage Options As we have explained in previous topics, Azure storage provides different types of storage for you to use, in various scenarios. This topic reviews the available options for storage, and their typical usage scenarios. Blob storage contains unstructured data of various types, such as documents, image or media files, and virtual hard drives in virtual machines. You can also use blob storage to publish your data to external users via URL locations, or as internal application storage. Some common usage scenarios for blob storage are: •
Providing access to images, media files, and documents by using a web browser.
•
Storing files for distributed access.
•
Streaming audio and video.
•
Providing backup and restore.
•
Storing data for analysis.
Unlike blobs, Azure table storage works with structured, but non-relational data. It presents a NoSQL data store that can accept calls from services inside Azure and from services outside the Azure environment. The Azure table storage is scalable, and it can store large data sets. Common scenarios of usage for Azure table store are: •
•
•
•
To store large amounts of structured data capable of serving web applications. To store data sets that do not require complex joins, foreign keys, or stored procedures, and that can be denormalized for fast access. To query data quickly by using a clustered index. To access data by using the Open Data (OData) protocol and LINQ queries with WCF Data Service .NET Libraries.
The Azure Queue storage stores messages that applications exchange. This type of storage also can be accessed from any location by using HTTP or HTTPS protocols. Similar to Table storage, Queue storage is very scalable and can store millions of messages. Common usage scenarios for Queue storage include: •
To create a backlog of work to process asynchronously.
•
To pass messages from an Azure Web role to an Azure Worker role.
Microsoft Azure Fundamentals
5-11
Azure Storage Best Practices and Considerations By following the best practices for using Azure Storage, you can manage cost. The four factors that will influence your costs are: •
•
•
•
Amount of storage used. Storage capacity, which is the amount of data that is being used by the blob, table, or queue, often is determined by the requirements of the users and the business systems. Replication options. The replication type is also an important factor in cost because using fewer copies of data can cost less. One way to reduce cost is to create multiple storage accounts that are individually tuned to the SLA requirements for each data type. For example, it might not be important for non-critical data to be replicated to multiple regions. Therefore, the more affordable option of using only locally redundant storage might be the best option for non-critical data. However, you can use a separate storage account for critical data that allows geographically redundant replicas of the data to be created. Number of storage transactions. The number of requests that are made against the storage, also known as the number of storage transactions, is another important cost factor. Storage transactions are typically charged for each 100,000 transactions made across all storage types, including blobs, tables, queues, and files. Transactions are defined as both read and write operations to the Azure Storage. Egress data from the storage region. The egress data from the storage region is another aspect of Azure Storage pricing. If the Azure Storage is accessed by another service that is not running in the same region, then egress data is sent out of that particular Azure Storage region. Therefore, you should group services together in the same region to attempt to reduce or eliminate egress data charges. In addition to using multiple storage accounts for replication types, you should also use multiple storage accounts for each region. This gives you maximum flexibility while ensuring that the data being used by a service or application stays as local as possible.
You can upload multiple blobs simultaneously to maximize the upload performance of blob storage. The Azure Storage service has specific limits for ingress traffic, per storage account, per region, and per replication configuration. By uploading multiple blobs simultaneously, you can maximize the performance. To maximize the performance of table storage, use JavaScript Object Notation (JSON) to transmit data to the table service. JSON reduces the payload size, which in turn reduces the latency of the table storage. The Azure Storage Client Library 3.0 supports JSON for table storage, and has been optimized specifically for Azure Storage. Another best practice when you use table storage is to avoid repeatedly scanning the tables. Azure Storage provides a clustered index, which is a combination of the PartitionKey and RowKey that you can use to avoid table scans, which in turn increases latency. Therefore, we recommend that you always use PartitionKey in each query you create. You should also monitor your logs and metrics to ensure that performance, availability, and security meet or exceed expectations. Azure offers an Azure Storage Analytics tool that you can use to easily review your logs and metrics. Another best practice is to avoid using CreateIfNotExists repeatedly if you know that your queues, containers, and tables are all created and will never be removed during the lifetime of the application/deployment.
5-12 Cloud Storage
Lesson 2
Create and Manage Storage Before you start to use Azure storage, you must first create your storage account and configure its properties. Also, you must create appropriate storage containers for your data, and then choose appropriate tools for managing data in your storage account or accounts. In this lesson, you will learn how to create and manage storage in Azure.
Lesson Objectives After you complete this lesson, you will be able to: •
Create and manage storage accounts.
•
Create a blob.
•
Create a blob by using Azure Web Storage Explorer.
•
Create a table.
•
Create and manage blobs and tables by using Microsoft Visual Studio.
Creating and Managing Storage Accounts A storage account is an account that is created in Azure to gain access to Azure Storage services. Each storage account is secured by two 512-bit access keys, which are created when the storage account is created. A storage account is connected to an Azure region and configured for specific storage replication, such as locally redundant storage (LRS). In a single Azure subscription, you can have multiple storage accounts, and you can use each one for a different purpose, and you can configure each one with different settings. Storage accounts provide endpoints to access the storage services. The endpoints are unique URLs for accessing the storage services. You can create storage accounts by using a wizard from the Azure management portal. To quickly create a storage account, you need to supply the following information: •
•
The URL. This is the unique name supplied for the storage account. The URL for your storage account must be unique worldwide, and it always ends with *.core.windows.net. Location/Affinity Group. This is the regional datacenter or affinity group where the storage account will be created. The following regions are location options: o
East Asia
o
Southeast Asia
o
North Europe
o
West Europe
o
East US
Microsoft Azure Fundamentals
•
•
o
West US
o
Japan East
o
Japan West
o
Brazil South
o
North Central US
o
South Central US
5-13
Subscription. This is the Azure subscription with which the storage account will be associated. Replication. This is the setting that determines whether your storage is locally redundant or redundant across more than one datacenter. The options are Locally Redundant, Geo-Redundant, or Read-Access Geo-Redundant. Note that Microsoft will soon introduce zone-redundant storage (ZRS). ZRS stores the equivalent of three copies of your data across multiple data centers.
Microsoft continues to expand and revamp its datacenters and regions. For example, two new regions have been announced for Australia. It is important to keep informed about the available regions so that you can align them with your organizational regions. In addition, regions play a big role in security and compliance. They help you meet organizational data security policies that might be based on region and that must adhere to local laws. After a storage account has been created, it can be used by four types of storage: blob storage, table storage, queue storage, and files storage.
Tools for managing Azure Storage There are numerous tools and services in addition to the Azure management portal that you can use to manage your Azure Storage. The most popular ones include: •
•
•
•
•
•
Azure Web Storage Explorer. This tool is a web-based storage management tool that is used mainly for uploading and downloading content via a browser. AzCopy. This free downloadable command-line tool is designed for moving small-sized and medium-sized amounts of data into and out of Azure. However, you should use the import/export service for very large amounts of data that would take several days to transfer with AzCopy.
Azure Software Development Kit (SDK) for .NET. Storage also can be managed by using the Azure SDK for .NET or by using Azure Management Libraries for .NET. Developers can create containers, upload blobs to a container, list blobs in a container, and delete blobs from a container by using the Azure SDK for .NET. REST APIs for Azure. All Azure Storage can be managed by using REST APIs. Management can occur over the Internet by using HTTP or HTTPS, and in Azure through Azure–-hosted resources. Windows PowerShell. The Azure module for Windows PowerShell has dedicated management cmdlets for Azure. You can perform the vast majority of Azure storage management tasks with the Azure module. The cmdlets are organized into different groups such as Azure managed cache cmdlets, Microsoft Azure SQL database cmdlets, and Azure profile cmdlets, most of which are outside of the scope of this course. Import/Export service. The import service imports data from hard drives you ship to an Azure data center into Azure Storage. The export service ships you your organization’s Azure Storage data on a hard drive that you sent, empty, to an Azure data center. This service is useful when you transfer the data over a network would be too expensive or otherwise impractical. When you send data by using the import service, you must encrypt the data with BitLocker before you ship it. The external hard drives must be 3.5-inch Serial Advanced Technology Attachment (SATA) II/III, and can be no larger than 4 TB.
5-14 Cloud Storage
When you export data, you must provide a supported hard drive. All data will be encrypted before it ships, and a BitLocker key will be provided through the management portal.
Reference Links: To access the Azure Web Storage Explorer tool, go to http://go.microsoft.com/fwlink/?LinkId=517528
Additional Reading: For more information on Azure Storage Explorers, go to http://go.microsoft.com/fwlink/?LinkID=517445
Creating a Blob To create a blob, you must first create a storage account, and also a container within the storage account. You can use the Azure portal to create containers in your storage account. In the Azure preview portal, you should select your storage account and then in the storage account administration pane, you should use Containers pane to create a new container. Besides configuring container name, you can also configure access type for each storage container. By default, each storage container access is set to Private, which means that no anonymous access will be allowed. You can also choose to enable blob list or access through anonymous requests. After you create a container in your storage account, you can start to upload or create blobs, tables, and queues. You cannot use the Azure portal to upload blobs, but you can use alternative tools or code in your application to do this. For example, you can use the Azure Web Storage Explorer to upload files from your computer to the storage container in your storage account. The files that you upload are saved as blobs. You can also use this same tool to create a new container for blobs, and new tables and queues. To access your storage account using Azure Web Storage Explorer, you need to use your storage account name and access key for your storage account. Access keys and the storage account name are created when you first create the storage account, and you can view them at any time by browsing to your storage account in Azure preview portal, and then clicking on the Keys tile. To access and manage your storage account and create blobs from Visual Studio, you should first configure the connection string for Azure service configuration. For example, when you create a web or a worker role that requires access to a private storage account, you should open Solution Explorer in Visual Studio, and then in the roles folders, open the properties of your web role or worker role. You should then choose the Settings tab and select to add new settings. For the new setting, you should choose the Connection String type, and then type your storage account name and access key in the Create Storage Connection String window. If the application that you are working on is not Azure cloud service, then you can use .NET configuration files, such as web.config and app.config, to configure a connection string for your storage account.
Microsoft Azure Fundamentals
5-15
You store the connection string using the element as follows. Replace the account name with the name of your storage account, and account key with your account access key:
To access Blob storage programmatically, you should first obtain an assembly that contains the Azure storage management classes. You can use NuGet to get the Microsoft.WindowsAzure.Storage.dll assembly. To do this, you should right-click your project in Visual Studio Solution Explorer, and choose Manage NuGet Packages. Then you should search for WindowsAzure.Storage and install it. By using this procedure, you will get all necessary Azure Storage package and dependencies. Alternatively, you can install Azure SDK for .NET. This package also contains Microsoft.WindowsAzure.Storage.dll. In the code that you want to use to programmatically access Azure Storage, you should first add Azure declarations at the top of the code. These declarations are: using Microsoft.WindowsAzure.Storage; using Microsoft.WindowsAzure.Storage.Auth; using Microsoft.WindowsAzure.Storage.Blob;
To represent your storage account, you can use CloudStorageAccount type. For Azure project templates, or if you have reference to Microsoft.WindowsAzure.CloudConfigurationManager, you can use the CloudConfigurationManager type to retrieve your storage connection string and storage account information from the Azure service configuration. If you do not have reference to Microsoft.WindowsAzure.CloudConfigurationManager, and you store your connection string data in web.config or app.config files, you can use ConfigurationManager to retrieve the connection string. To upload a file as a blob, by using code, you should get a container reference and use it to get block blob reference. Once you have it, you can upload the data stream by using the UploadFromStream method.
Additional Reading: For more information on how to use blob storage from the .NET Framework, go to http://go.microsoft.com/fwlink/?LinkID=517446
Demonstration: Creating a Blob by Using Azure Web Storage Explorer In this demonstration, you will see how to create a blob by using Azure Web Storage Explorer.
Demonstration Steps 1.
Create another new container for the 10979s storage account by using the following settings: o
Name: 10979c
o
Access: Blob
2.
Manage your access keys to view your primary access key, and then copy the keyto Clipboard.
3.
Create a new text file named storage-key.txt in your Documents folder.
4.
Open the storage-key.txt file, and paste your primary access key into it.
5.
Go to the Azure Web Storage Explorer page at http://azurestorage.azurewebsites.net/login.aspx .
5-16 Cloud Storage
6.
Sign in by using 10979s as the account and the access key as the key.
7.
Upload Alarm01.wav from the c:\Windows\media folder.
8.
Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files \Internet Explorer\images folder.
9.
In the file list, click http:// 10979s.blob.core.windows.net/10979c /splashscreen.contrast-white scale-180.png and verify that you see a large Internet Explorer logo graphic display in the browser window.
10. Close Internet Explorer.
Creating a Table To create a table in your storage account container, you can use methods similar to the ones you use to create blobs. You must have a storage account created, and one or more containers the storage account. Then, you can use Azure Web Storage Explorer to create a new table, and to insert data into the table you created. You can use this same utility to execute a query against your existing table. You cannot use the Azure portal to create or manage tables, create data, or execute queries. If you want to create, access, and manage tables programmatically, by using a Visual Studio project, you should perform the same procedure to configure connections strings and add declarations at the top of your code, as with blobs. Also, you must have Microsoft.WindowsAzure.Storage.dll assembly installed. To create a table, by using a code, you should use CloudTableClient object. It lets you get reference objects for tables and entities within the table. The following example code shows how to create a CloudTableClient object and use it to create a new table. For this example, we assume that the application that we work on is Azure Cloud Service, and that it uses a storage connection that is configured in Azure application service configuration, as described in the preceding topic about blobs. // Retrieve the storage account from the connection string. CloudStorageAccount storageAccount = CloudStorageAccount.Parse( CloudConfigurationManager.GetSetting("StorageConnectionString")); // Create the table client. CloudTableClient tableClient = storageAccount.CreateCloudTableClient(); // Create the table if it doesn't exist. CloudTable table = tableClient.GetTableReference("people"); table.CreateIfNotExists();
Additional Reading: For more information on how to use Table storage from the .NET Framework, go to http://go.microsoft.com/fwlink/?LinkID=517447
Microsoft Azure Fundamentals
5-17
Demonstration: Creating and Managing Blobs and Tables from Visual Studio Demonstration Steps 1.
In VS Express 2013 for Web, in Solution Explorer, expand Bin folder under Website1 project. Ensure that you can see Microsoft.WindowsAzure.Storage.dll under Bin folder in Solution Explorer.
2.
Scroll through the code of Default.aspx.cs and review parts of the code that are used for Azure storage management.
3.
Start project debugging in Visual Studio.
4.
As a result, the Internet Explorer window will open with the application started.
5.
In the Internet Explorer window, click Create a new Azure table . Then click Add an entry to the Azure table. Then click Add a batch to the Azure table .
6.
Click Retrieve data from the Azure table . As a result, you should get a few lines of data in the text box.
7.
Click Create a new Azure blob container . Then click Upload data to the Azure blob container .
8.
Click List content of the Azure blob container . As a result, you should get data in the text box.
9.
Close Internet Explorer.
10. Open Azure Web Storage Explorer at http://azurestorage.azurewebsites.net/login.aspx, and connect to your storage account. 11. Ensure that you can see the data that you uploaded by using code from Visual Studio.
5-18 Cloud Storage
Lab: Configure Azure Storage Scenario You have a large quantity of archive files. The disks on which these files reside are reaching the end of their life, and you would like this data to be globally available within Adatum. To achieve that, you decided to use Azure storage.
Objectives After you complete this lab, you will be able to: •
Create an Azure Storage account.
•
Create and manage a blob.
Lab Setup Estimated Time: 30 minutes Sign in to your classroom machine by using the credentials your instructor provides. Students must have successfully completed the lab from Module 1 before starting this lab.
Exercise 1: Create an Azure Storage Account Scenario Before you start managing your data in Azure, you should first create a storage account and examine its properties. The main tasks for this exercise are as follows: 1.
Create a storage account in Azure.
2.
View the properties of your storage account.
Task 1: Create a storage account in Azure
1.
On the host computer, launch Internet Explorer, go to the Azure management portal at https://portal.azure.com , and then sign in to your Azure account.
2.
Create a new storage account by using the following information: o
URL: 10979s
o
Location: Select the location that is closest to you
o
Pricing Tier: L1
Task 2: View the properties of your storage account
1.
On the Azure management portal, in the left pane, click BROWSE and then click Storage.
2.
In the Storage pane, click the 10979s storage account.
3.
In the 10979s pane, view the information available on the dashboard.
4.
Near the top of the 10979s pane, click PROPERTIES to view the properties of the storage account.
Results: After you complete this exercise, you will have created your Azure storage.
Microsoft Azure Fundamentals
5-19
Exercise 2: Create and Manage Blobs Scenario Now that you have created your storage account, you need to create a container and upload some blob data to the container. The main tasks for this exercise are as follows: 1.
Add a container.
2.
Add data to the container using Azure Web Storage Explorer.
Task 1: Add a container •
Create another new container for the 10979s storage account by using the following settings: o
Name: 10979c
o
Access: Blob
Task 2: Add data to the container using Azure Web Storage Explorer
1.
Open Manage your key pane to access and view your primary access key, and then copy it to the Clipboard.
2.
Open File Explorer, and then create a new text file named storage-key.txt. Save the file in your Documents folder.
3.
Open the storage-key.txt file, and paste your primary access key into it.
4.
Go to the Azure Web Storage Explorer page at http://azurestorage.azurewebsites.net/login.aspx .
5.
Sign in by using 10979s as the account and the access key as the key.
6.
Upload Alarm01.wav from the c:\Windows\media folder.
7.
Upload splashscreen.contrast-white_scale-180.png from the c:\Program Files \Internet Explorer\images folder.
8.
In the file list, click http://10979s.blob.core.windows.net/10979c /splashscreen.contrast-white scale-180.png , and verify that you see a large Internet Explorer logo graphic displayed in the browser window.
9.
Close Internet Explorer.
Results: After completing this exercise, you will have created a blob container and uploaded the data.
5-20 Cloud Storage
Module Review and Takeaways Review Questions Question: If you want to store installation image files to Azure storage, which type of storage you should choose? Question: Which service you should use to enable storage access by using SMB? Question: If you choose geo-redundant storage to store your data, how many copies will you have?
Best Practice •
Use multiple storage accounts for data that require different redundancy options.
•
Use Azure File Services to facilitate data sharing.
•
Use Azure Storage Explorer tools to simplify storage management.
Tools •
Azure portal
•
Azure Preview portal
•
Visual Studio
•
Azure Web Storage Explorer
6-1
Module 6 Microsoft Azure Databases Contents: Module Overview
Module Overview Microsoft Azure offers a range of services that you can use to manage data. In particular, Azure provides relational database management services. You can use these services to implement a relational data store for applications without having to manage a database management system (DBMS) or the operating system that supports it. In this module, you will learn about the options available for storing relational data in Azure. You will also learn how to use Microsoft Azure SQL Database, which you can use to create, configure, and manage SQL databases.
Objectives After completing this module, you will be able to: •
Describe options for relational database deployment in Azure.
•
Create and connect to SQL databases in Azure.
6-2
Microsoft Azure Databases
Lesson 1
Understand Relational Database Deployment Options Microsoft Azure provides two basic methods of deploying relational database services: platform as a service (PaaS) and infrastructure as a service (IaaS). The method you select will depend primarily on the requirements of the applications that consume database content. However, you should also consider factors such as manageability, ease of provisioning, cost, and compatibility. Compatibility is especially relevant in migration scenarios. This lesson introduces the relational database services that are available in Azure. It also describes considerations for choosing the best solution for specific application and business needs.
Lesson Objectives After completing this lesson, you will be able to: •
•
Describe relational database services in Azure. Describe the key differences between an SQL database in Azure and a Microsoft SQL Server instance running on an Azure IaaS virtual machine.
Review Relational Database Deployment Options Most business applications rely on a relational database to store their data. Data takes the form of a collection of two-dimensional tables, which represent real-life entities and relationships between them. Table rows correspond to individual instances of these entities, whereas table columns describe their identifying properties. By combining multiple interrelated tables, you can express complex business scenarios in a simple manner, and analyze their characteristics to extract meaningful information about them. When you deploy relational databases to Azure, you can choose from a range of options for deployment. All of these options pertain to distinct service and product types. Azure provides two basic types of relational database services, each of which can support different product types: •
•
PaaS. This service allows you to focus on database-specific tasks by eliminating the required management of the underlying database server platform. The two primary offerings in this category are SQL Database and MySQL Database. SQL Database is based on Microsoft SQL Server technologies, and MySQL Database is based on the ClearDB MySQL Database cloud service, which is available from the Azure Store. IaaS. You can create Azure IaaS virtual machines that host an instance of a relational database management system (RDBMS). This can include instances of SQL Server, MySQL, or, any database server such as Oracle that is supported on operating system platforms that you can deploy within Azure IaaS virtual machines.
Microsoft Azure Fundamentals
6-3
Compare SQL Database with SQL Server in a Virtual Machine When you use Azure to implement a Microsoft SQL Server–based database, you can either deploy it onto a Microsoft SQL Server instance running in an Azure virtual machine or as an SQL database in Azure. You can determine which of these two solutions can best address your needs by studying their differentiating characteristics: •
•
•
•
•
Manageability, maintenance, and cost. Azure SQL Database constitutes a PaaS solution that removes much of the overhead associated with deploying and maintaining relational databases systems. It is appealing due to its minimized operational cost and simplified management. You can provision and manage SQL Server instances running on Azure IaaS virtual machines in the same manner as their on-premises counterparts, and their pricing includes the cost of the dedicated virtual machine. Feature parity with on-premises deployments of SQL Server. SQL Server instances running on Azure IaaS virtual machines provide optimal compatibility with existing database applications. However, Azure SQL Database does not provide support for: o
Common language runtime (CLR) and CRL-related objects
o
Full-text search and related objects
o
SQL Server Service Broker and related objects
o
Extended stored procedures
o
Defaults and rules
o
Transparent data encryption and data compression
o
Object Linking and Imbedding Database (OLE DB) or ADO connectivity
o
Windows Authentication (only SQL Server Authentication is available)
Clustered indexes. Every table in an SQL database in Azure should have a clustered index. While you can create a table without it, you cannot insert any data until this condition is satisfied. SQL Server components. SQL Server instance–level components, such as SQL Server Agent, SQL Server Analysis Services, SQL Server Integration Services, SQL Server Reporting Services, or Master Data Services, require a SQL Server instance running within an Azure IaaS virtual machine. Other Azure services, such as HD Insight, provide some of this functionality. The ability to make the relational database interact directly with other Azure services within the same Azure virtual network. SQL Server instances running within an Azure IaaS virtual machine can be located on the same Azure virtual network as IaaS or PaaS cloud services. However, with SQL Database, network traffic always flows via its external endpoints. Depending on the intended architectural design, this may be beneficial in providing an additional level of integration or isolation in relation to other Azure services and public networks.
6-4
Microsoft Azure Databases
•
High availability and scalability. Azure supports high availability and scalability features, such as AlwaysOn Availability Groups, database mirroring, replication, or table partitioning, only if you use a SQL Server instance running within an Azure IaaS virtual machine. However, you can achieve an equivalent level of resiliency and elasticity with much less management overhead, even if you cannot use these features. To do so, you can use the built-in characteristics of Azure SQL Database service, such as geo-replication, point-in-time restore, service tiers (scaling up), or federations (scaling out by partitioning data horizontally).
Additional Reading: For a comprehensive list of features that SQL databases support, go to http://go.microsoft.com/fwlink/?LinkID=517433. Additional Reading: For information about identifying and resolving database compatibility issues by using SQL Server Data Tools, go to http://go.microsoft.com/fwlink/?LinkID=517434.
Microsoft Azure Fundamentals
6-5
Lesson 2
Create and Connect to SQL Databases Azure SQL Database is a cloud-based SQL service that provides subscribers with a highly scalable platform for hosting their databases. By using Azure SQL Database, organizations can avoid the cost and complexity of managing SQL Server installations, and quickly set up and start using database applications. In this lesson, you will learn how to provision and connect to an Azure SQL Database.
Lesson Objectives After completing this lesson, you will be able to: •
Describe how to create and import SQL databases in Azure.
•
Create a new SQL database by using the preview Azure portal.
•
Create a new SQL database by using Copy in the Azure portal.
•
Describe how to connect to an SQL database in Azure.
•
Connect to an SQL database in Azure.
Creating and Importing SQL Databases To understand the process of provisioning a new SQL database in Azure, you must be familiar with the foundations of its architectural model. Azure SQL Database and the three Azure logical components—the subscription, the resource group, and the server—are intrinsically connected. The following table describes these components.
Azure component
Description
Azure subscription
Azure services that you create, view, and manage from the management portal exist within the boundaries of a subscription. These boundaries provide the scope of access control, manageability, reporting, and billing associated with the current subscription.
Resource group
Resource groups are logical containers that arbitrarily group Azure resources that are associated with each other. This allows you to represent their functional and business dependencies. One common example of such a grouping is an Azure website and an SQL database in Azure as two tiers of a cloud-based web application.
SQL database server
SQL database servers are logical servers that host SQL databases. Each SQL database server has a unique Domain Name System (DNS) name, local administrator accounts, and firewall rules restricting access to its databases. Such servers host individual instances of Azure SQL Database, in addition to the master database that stores server configuration data. Databases located in this logical server are likely to be in different servers in the backend implementation, but are all accessible through the same endpoint address.
6-6
Microsoft Azure Databases
The most straightforward way to provision an SQL database in Azure relies on the graphical interface of the Azure portal and the preview Azure portal. These are management portals in which you can create a database and specify an existing or new logical server in which to host the database. Alternatively, you can first create a new logical server and add a new database afterwards. The Azure portal also allows for managing content of any existing instances of SQL Database, including standard create, read, update, and delete operations.
Note: You will learn more about these operations in upcoming demonstrations in this module. You can also use other methods to create and manage the content of SQL databases in Azure. These methods involve the use of traditional administrative and development tools, such as SQL Server Management Studio, SQL Server Data Tools, Microsoft Visual Studio, or the sqlcmd command-line tool. IT professionals can also leverage their scripting skills, because they can perform a majority of the database management tasks by using cmdlets in the Azure PowerShell module.
Creating an SQL Database When you create a database from the preview Azure portal, you must include the following information: •
•
A name for the database. The name must be unique on a per-server basis. The SQL Database pricing tier, which directly affects the cost of the database, and also determines the following elements: o
o
o
o
•
•
•
Performance level, which is expressed in database throughput units (DTUs). A DTU is a number representing the overall power of the database engine resources, including processor, memory, and input/output. Maximum size to which the database can grow. Supported resiliency and scalability features, such as Point In Time Restore, Geo-Restore or GeoReplication. Support for auditing.
The collation that you want the database to apply. Collation defines the rules which determine how to sort and compare data. You cannot change the collation after creating the database. The server on which to create the database. You can select an existing server that you have previously created in the same subscription, or create a new server. The server name must be unique globally. The resource group in which to create the database and its server. If you select an existing server, the database is automatically added to the existing resource group to which the server belongs. The name of the resource group must be unique within the current subscription.
Creating a SQL Server Instance You can create a server instance on its own, or as part of the process of creating a database. In scenarios where you are provisioning new databases for applications, you typically create the server as part of the process of creating the first database. However, in some cases, you might want to create the server without any user databases, and then add databases to it later; for example, by migrating them from an on-premises SQL Server instance. Each server must have a globally unique name. The fully qualified domain name (FQDN) of the server is in the form .database.windows.net; for example, abcde12345.database.windows.net.
Microsoft Azure Fundamentals
6-7
When you create a server, you must specify the following information: •
A globally unique server name (when using the Azure portal, this is generated automatically).
•
A login name and password for the administrative account that you will use to manage the server.
•
The geographical region of the Azure data center where the server should be located.
•
Whether or not to allow any other Azure services to connect to the server. Enabling access from any other Azure service creates a firewall rule that permits access from the IP address 0.0.0.0.
Importing an SQL Database A common method of creating a new SQL database in Azure or populating a newly created SQL database is importing its content from another database, such as one that an on-premises SQL Server instance is hosting. This might be required when migrating an on-premises application to the cloud, or because developers created a database by using a full-fledged development instance of SQL Server in preparation for deploying it to a production environment in SQL Database. The import process must take into account two types of content. The first content type is the database schema, which contains definitions of all database objects. The second content type is the actual data stored in each of the database objects. There are two primary techniques you can use to migrate both types of content from a SQL Server–hosted database to Azure SQL Database: •
•
Generate Transact-SQL scripts that capture all objects and their data in your SQL Server database, and then run them in Azure SQL Database to create exact replicas of all objects and their data. Export a data-tier application (DAC) from SQL Server in the form of a .bacpac file and import it into Azure SQL Database. The .bacpac file contains both the schema and the existing data.
Of these two techniques, using a DAC is the simpler way to migrate the database. In addition, the Import option, which is available when you create new databases by using the Azure portal, facilitates this approach. You can export and import the DAC by using SQL Server Management Studio and the Azure SQL Database management portal, or you can use a wizard in SQL Server Management Studio to automate the entire process. The Export Data-Tier Application Wizard in SQL Server Management Studio allows you to specify an Azure storage account as the destination for an exported package. The Import Data-Tier Application Wizard enables you to specify an Azure storage account as the source for a package that you want to import. This makes it easy to migrate a database from SQL Server to Azure SQL Database in two stages, while using Azure Storage as an intermediary storage location for the DAC package. Alternatively, you can use the Deploy Database Wizard to export a SQL Server database as a DAC package and import it into an Azure SQL database server in a single operation.
Creating a SQL Database by Using Copy You can easily copy your existing database within a SQL Server instance in Azure or between two SQL Servers in Azure that belong to the same subscription. You can do so from the Azure portal, or by running the corresponding T-SQL Statement. Such an approach is useful for performing an impromptu backup of the source database prior to making changes to it, or for creating its replica for testing purposes. You can create a copy of an existing SQL Database by running the following T-SQL statement. Note that you must execute this command while connected to the master database of the Azure SQL server that will host the copy.
CREATE DATABASE T-SQL statement CREATE D ATABASE destination_database_name AS COPY OF [source_server_name.]source_database_name
6-8
Microsoft Azure Databases
Demonstration: Creating a New SQL Database by Using the Preview Azure Portal In this demonstration, you will see how to: •
Create a SQL database in the preview Azure portal.
•
Identify a SQL database and the SQL database server properties in the preview Azure portal.
Demonstration Steps Create a SQL database in the preview Azure portal 1.
Sign in to the preview Azure portal from a classroom computer.
2.
Create a new SQL database by specifying its name, the name of a new Azure SQL Server instance in a datacenter of your choice, a new resource group, selecting the pricing tier, and providing admin credentials.
3.
Add the newly created SQL Database to Startboard.
Identify a SQL database and the SQL database server properties in the preview Azure portal 1.
Examine database properties such as edition, status, maximum size, collation, creation date, and server name.
2.
Display database connection strings that you can use to connect to the SQL database from ADO.NET, Open Database Connectivity (ODBC), PHP, or Java Database Connectivity–based (JDBC-based) applications.
3.
Examine the properties of SQL Server in Azure, such as server name, location, server admin login, and resource group.
4.
Examine default firewall rules in SQL Server in Azure.
Demonstration: Creating a New SQL Database by Using Copy in the Azure Portal In this demonstration, you will see how to: •
Identify a SQL database and the SQL database server properties in the Azure portal.
•
Create a new SQL database by using Copy in the Azure portal.
Demonstration Steps Identify a SQL database and the SQL database server properties in the Azure portal 1.
Connect to SQL Database by using the Azure portal.
2.
Identify FQDN and the port number of the SQL server hosting the SQL database. View the SQL database connection strings for ADO.NET, ODBC, PHP, and JDBC.
3.
Examine dashboard data, including information identifying the database and its status, as well as Manage URL that you can use to connect to the database in the next demonstration.
4.
Review SQL Database statistics, such as deadlocks, storage usage, and failed and successful connections.
5.
Examine scaling options, allowing switching between service tiers.
Microsoft Azure Fundamentals
6-9
6.
Review configuration options, including automated, interval-based export of the database to a storage account, providing you with a custom backup functionality.
7.
Take note of geo-replication disaster recovery capabilities.
8.
Locate Azure SQL Server properties.
9.
Take note of the ability to create an additional firewall rule allowing access to the server and all of its databases from your current IP address. Keep in mind that you can also accomplish this automatically when connecting to the database from the Azure portal, which will be part of the next demonstration.
Create a new SQL database by using Copy in the Azure portal 1.
From the Azure portal, use the Copy option of SQL Database.
2.
Keep Internet Explorer open for the next demonstration.
Connecting to a SQL Database The primary purpose of the SQL Database service is to provide data storage for applications that deliver specific business functionality. However, SQL Database must also facilitate easy access to developers who create these applications, and to database administrators and development operations staff who assist developers. This topic reviews different means of providing such access. While you typically handle the creation and management of SQL Databases on the database level by using the Azure portal and the preview Azure portal or Windows PowerShell, the ability to perform create, read, update, and delete operations on database content requires a different approach. The approach to connecting to SQL databases in Azure is similar to the approach for working with onpremises SQL Server-hosted databases, allowing the use of the following tools: •
•
•
SQL Server Management Studio. You can use SQL Server Management Studio to connect to an Azure SQL Database server and administer it in a manner similar to the management of SQL Server instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises or Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important to keep in mind that the graphical designers in SQL Server Management Studio are mostly incompatible with Azure SQL Database. Therefore, you will have to perform their respective tasks by executing TransactSQL statements that provide equivalent functionality. sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands. Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query their content.
In addition, as mentioned earlier in this module, the Azure portal includes a link to the web-based SQL Database management interface in which you can perform database development and management tasks, including executing Transact-SQL commands. The new preview portal does not implement this feature.
6-10
Microsoft Azure Databases
It is important to remember that you must configure SQL Server firewall settings in Azure to explicitly allow incoming connections originating from a non-Azure location. Effectively, if you intend to use the tools listed above from an on-premises environment, you will first need to modify Azure SQL Server firewall settings by allowing connectivity from the public IP address of the perimeter network device through which you connect to the Internet. The Azure portal allows you to easily identify this IP address and even automates creation of the corresponding rule if you use the web-based SQL Database management interface. On the other hand, connections originating from any Azure subscription are allowed by default. While you can change this setting, you should consider the impact of such an action on connections from your Azure-hosted applications that rely on SQL Database for data store. In order to connect to SQL Database programmatically, applications use connection strings, which you can readily extract from either of the Azure management portals for individual instances of SQL Database, as illustrated in the previous demonstrations in this module. Keep in mind that SQL databases are not capable of leveraging Windows Authentication, so you will need to rely on security principals at the SQL Server level and database level to control authentication and authorization.
Demonstration: Connecting to a SQL Database In this demonstration, you will see how to: •
•
Connect to a SQL database by using Azure portal that includes a web-based SQL Database management interface. Connect to a SQL database by using SQL Server Management Studio.
Demonstration Steps Connect to a SQL database by using Azure portal that includes a web-based SQL Database management interface 1.
Automatically generate a firewall rule that allows you to connect to the target SQL Database from the public IP address of your edge device.
2.
Navigate and log on to the web-based SQL Database management interface.
3.
Examine the interface from which you can execute T-SQL scripts, define tables, views, or stored procedures, create new databases, or even deploy data-tier applications.
4.
Log off from the Web-based SQL Database management interface.
Connect to a SQL database by using SQL Server Management Studio 1.
From your classroom computer, start SQL Server Management Studio.
2.
From SQL Server Management Studio, connect to SQL Server in Azure.
3.
Create a new table in the SQL database in Azure by running the T-SQL command from SQL Server Management Studio.
4.
Populate the content of the newly created table by running the T-SQL command from SQL Server Management Studio.
5.
Query the content of the newly populated table by running the T-SQL command from SQL Server Management Studio.
6.
Close SQL Server Management Studio and Internet Explorer.
Microsoft Azure Fundamentals
6-11
Lab: Create a SQL Database in Azure Scenario A. Datum Corporation is expanding rapidly, and its Public Relations department wants to expand its Internet-facing website and support its database, through which it publishes press releases and interfaces with external marketing partners. You have decided that this is an ideal time to test the database capabilities of Azure.
Objectives After completing this lab, you will be able to: •
Create an Azure SQL Database.
•
Create a table in an Azure SQL Database.
•
Query the content of a table in an Azure SQL Database
Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides.
Exercise 1: Create a New SQL Database in Azure and Configure SQL Server Firewall Rules Scenario You start your tests by creating a test database to which you will subsequently add some test tables. You will then populate the tables with sample data. The main tasks for this exercise are as follows: 1.
Create a new SQL database by using the preview Azure portal.
2.
Configure a SQL Server firewall rule by using Azure portal.
Task 1: Create a new SQL database by using the preview Azure portal
1.
Sign in to the preview Azure portal from a classroom computer.
2.
Create a new SQL database by specifying its name, specifying the name of a new Azure SQL Server in a datacenter of your choice, specifying a new resource group, selecting the pricing tier, and providing admin credentials:
3.
o
DATABASE NAME:testDB
o
PRICING TIER: B Basic
o
SERVER NAME: Any valid unique name
o
SERVER ADMIN LOGIN: Student
o
PASSWORD: Pa$$w0rd
o
CONFIRM PASSWORD: Pa$$w0rd
o
LOCATION: Any available region
o
RESOURCE GROUP: testRG
Add the newly created SQL Database to Startboard.
6-12
Microsoft Azure Databases
Task 2: Configure a SQL Server firewall rule by using Azure portal
1.
Switch back to the Azure portal, and verify that the testDB database is listed on the SQL DATABASES page.
2.
On the SERVERS tab, verify that the uniquely named server you created is listed, and then configure it to allow the current public IP address of your edge device.
Results: After completing this exercise, you should have created a Microsoft Azure SQL Database named testDB on a new server with a name of your choice. You will have also configured Microsoft SQL Server firewall rules in Azure, which allow connectivity from your on-premises management tools and applications to the newly created SQL database in Azure.
Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server Management Studio Scenario You created a test database. Now it is time to create a test table, populate it with sample data, and verify that data has been added by using SQL Server Management Studio. The main tasks for this exercise are as follows: 1.
Add a table to a SQL database in Azure by using SQL Server Management Studio.
2.
Add data to a table of a SQL database in Azure by using SQL Server Management Studio.
3.
Query a table of a SQL database in Azure by using SQL Server Management Studio.
Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio 1.
On your classroom computer, start SQL Server Management Studio.
2.
From SQL Server Management Studio, connect to SQL Server in Azure by specifying the following information: o
3.
Server type: Database Engine
o
Server name: server_name.database.windows.net
o
Authentication: SQL Server Authentication
o
Login: Student
o
Password: Pa$$w0rd
Create a new table in the SQL database in Azure by running the following T-SQL command from SQL Server Management Studio: CREATE TABLE dbo.testTable ( id integer identity primary key, dataval nvarchar(50) ); GO
4.
Leave the SQL Server Management Studio open for the next task.
Microsoft Azure Fundamentals
6-13
Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio 1.
Populate the content of the newly created table by running the following T-SQL command from SQL Server Management Studio: INSERT INTO dbo.testTable VALUES (newid()); GO 100
2.
Leave the SQL Server Management Studio open for the next task.
Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio 1.
Query the content of the newly populated table by running T-SQL command from SQL Server Management Studio. To generate the command, right-click dbo.testTable, point to Script Table as, point to SELECT To, and then click New Query Editor Window.
2.
Close SQL Server Management Studio and Internet Explorer
Results: After completing this exercise, you should have created a test table in the SQL database in Azure named testDB on an existing SQL Server in Azure with a name of your choice, populated it with sample data, and queried its content.
6-14
Microsoft Azure Databases
Module Review and Takeaways Review Question Question: What should you consider when choosing between on-premises SQL Server, SQL Server in an Azure virtual machine, and Azure SQL Database?
Tools •
•
•
SQL Server Management Studio. You can use SQL Server Management Studio to connect to an Azure SQL Database Server and administer it in a manner similar to the management of SQL Server instances. In hybrid IT environments, it is convenient to use the same tool to manage on-premises or Azure IaaS-based SQL Server instances and SQL Database servers. However, it is important to keep in mind that the graphical designers in SQL Server Management Studio are mostly incompatible with SQL Database in Azure. Therefore, you will have to perform their respective tasks by executing Transact-SQL statements that provide equivalent functionality. sqlcmd. You can use the sqlcmd command-line tool to connect to Azure SQL Database servers and execute Transact-SQL commands. Visual Studio. Developers can use Visual Studio to create SQL databases and to manage and query their content.
7-1
Module 7 Azure Active Directory Contents: Module Overview
7-1
Lesson 1: Manage Azure AD Objects
7-2
Lesson 2: Manage Authentication
7-9
Lab: Create Users in Azure Active Directory
7-13
Module Review and Takeaways
7-16
Module Overview Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management solution. Its primary purpose is to provide authentication and authorization when accessing cloud-based resources. However, you can also leverage its functionality to protect on-premises applications. In both cases, you can further streamline and enhance secure access to sensitive services and data by taking advantage of Azure AD’s single sign-on (SSO), federation, and Microsoft Azure Multi-Factor Authentication capabilities. In this module, you will learn how to create users, domains, and directories in Azure AD, integrate applications with Azure AD, and use Multi-Factor Authentication.
Objectives After completing this module, you will be able to: •
Manage Azure AD objects.
•
Manage authentication.
7-2 Azure Active Directory
Lesson 1
Manage Azure AD Objects Azure AD is a cloud-based identity and access management solution. It is also a directory services solution. It allows you to provide secure access to both cloud-based and on-premises applications and services. In this module, you will learn about the basic characteristics of the identity management and directory services of Azure AD. The module starts by introducing these characteristics in the context of Active Directory Domain Services (AD DS) in order to compare these two technologies.
Lesson Objectives After completing this lesson, you will be able to: •
Explain how AD DS works.
•
Explain how to extend the scope of AD DS.
•
Describe Azure AD.
•
Create domains and users in Azure AD.
•
Assign users to applications.
What Is AD DS? AD DS forms the foundation of enterprise networks that run Windows operating systems. The core component of AD DS is its database, which provides the store for all AD DS objects, such as user accounts, computer accounts, or group accounts. The database schema defines object types, typically referred to as classes, and their individual properties, or attributes. The database organizes objects in a customizable, logical hierarchy consisting of containers and organizational units. The database offers resiliency by supporting multiple replicas hosted on servers, which are referred to as domain controllers. The database constitutes the authoritative source of identity data for domain objects, which means that AD DS functions as an identity provider first and foremost.
Identity Data Identity, in the context of our course, is a set of data that uniquely identifies an entity, such as a user or a computer. Identity describes the characteristics of the entity. It also provides information about the entity’s relationships to other entities, for example by using groups that similar or associated entities are members of. AD DS domain controllers verify the authenticity of the identifying data in a domain through authentication. Authentication typically requires that a user or computer attempting to authenticate provides a set of credentials to the authenticating domain controller. As the result of this process, the authenticating domain controller grants that user or computer a token representing its status and privileges to other domain members. The user or computer subsequently uses the token to obtain access to resources such as file shares, applications, or databases hosted on domain computers, through the process of authorization. Authorization is based on the implicit trust that each domain member computer
Microsoft Azure Fundamentals
7-3
maintains with domain controllers. The process of joining the domain establishes this trust, permanently adding an account representing that computer to the AD DS database.
Directory Service In addition, AD DS, as the name indicates, functions as a directory service, facilitating lookups of the content of the AD DS database. AD DS–aware applications, such as Microsoft Exchange, which rely on AD DS to store their configuration and operational parameters, use this functionality extensively. A range of Windows Server roles whose names include the Active Directory designation, such as Active Directory Certificate Services (AD CS), Active Directory Rights Management Services (AD RMS), and Active Directory Federation Services (AD FS) leverage the same functionality. The AD DS database also stores management data, which is critical for administering user and computer settings through Group Policy processing.
AD DS Configuration AD DS uses Domain Name Service for advertising its services. Effectively, each AD DS domain has a unique DNS domain name. While it is possible to use multiple, distinct DNS namespaces within the same domain, this is rather uncommon. Each AD DS domain exists within an AD DS forest. A forest can contain multiple domains. All domains in the same forest share the same schema. They implicitly trust each other, extending the scope of authentication, authorization, and directory services lookups to all objects in the entire forest. If you want to provide the same functionality across multiple forests, you need to create trust relationships between them. AD DS offers a high degree of versatility and customizability, due to its multipurpose nature and the intended operational model as a fully managed infrastructure component. You can delegate its permissions down to an individual attribute of a single object. Its replicated, distributed database is capable of scaling up to host millions of objects, and scaling out to support multinational enterprises with data centers located across multiple continents. You can extend its schema to accommodate custom object types, although it is important to note that schema extensions are not fully reversible.
Extending the Scope of AD DS AD DS offers significant business and technological benefits. However, AD DS has been designed for on-premises, independently managed deployments, and most of its characteristics reflect this underlying premise. Its authentication and authorization mechanisms rely largely on having domain member computers permanently joined to the domain. The communication with domain controllers involves protocols such as Lightweight Directory Access Protocol (LDAP) for directory services lookups, Kerberos for authentication, and Server Message Block (SMB) for downloading Group Policy data. None of these protocols is suitable for Internet environments. Multi-tenancy is very difficult to implement within a single domain. While it is possible to provide a higher level of autonomy by deploying additional domains within the same forests, or by deploying multiple forests with trust relationships between them, such arrangements are complex to set up and manage. AD DS provides the ability to implement the desired mix of efficiency, control, security, and flexibility within corporate networks, but is not well-suited for today’s open, Internet-facing world, dominated by cloud services and mobile devices.
7-4 Azure Active Directory
Extending AD DS Authentication One way to address this shortcoming is to extend the capabilities of AD DS by using an intermediary system that handles translation of AD DS on-premises constructs and protocols (such as tokens and Kerberos) into their Internet-ready equivalents. The Active Directory Federation Services (AD FS) server role and Web Application Proxy server feature of Windows Server provide this functionality. As a result, users, devices, and applications can take advantage of the authentication and authorization features of AD DS without having to be part of the same domain or a trusted domain. In regard to device authentication, one example of such capabilities is the Workplace Join feature, introduced in Windows Server 2012 R2, which leverages AD DS, AD FS, and Web Application Proxy. Workplace Join facilitates the registration of devices that are not domain-joined in an AD DS database. This provides additional authentication and authorization benefits, including SSO to on-premises web applications, and support for conditional access control policies that consider whether an access request originated from a registered device.
Federation Support The primary feature that AD FS and Web Application Proxy facilitate is federation support. A federation resembles a traditional trust relationship, but relies on claims (contained within tokens) to represent authenticated users or devices. It relies on certificates to establish trusts and to facilitate secure communication with an identity provider. Also, it relies on web-friendly protocols such as HTTPS, Web Services Trust (WS-Trust), Web Services Federation (WS-Federation), or OAuth to handle transport and processing of authentication and authorization data. Effectively, AD DS, in combination with AD FS and Web Application Proxy, can function as a claims provider, capable of authenticating requests from web-based services and applications that are not able to, or not permitted to, access AD DS domain controllers directly.
Azure IaaS You can also extend AD DS into the cloud in a different manner—by deploying AD DS domain controllers into virtual machines based on Azure infrastructure as a service (IaaS). However, it is critical to ensure that you protect such domain controllers from unauthorized external access. You may use such deployments to build a disaster recovery solution for an existing on-premises AD DS environment, to implement a test environment, or to provide local authentication and authorization to Azure-hosted cloud services that are part of the same virtual network.
Overview of Azure AD The previous topics in this module described the role of AD DS as an identity provider, a directory service, and an access management solution. They also presented several ways of accommodating authentication and authorization requirements of Internet-based applications and services by extending the features included in AD DS. Cloudbased identity providers natively support the same functionality. Azure AD is an example of such a provider. It might be easy to simply view Azure AD as a cloud-based counterpart of AD DS. However, while they share some common characteristics, there are also several significant differences between them.
Microsoft Azure Fundamentals
7-5
First and foremost, Azure AD is implemented as a Microsoft-managed service that is part of the platform as a service offering. It is not a part of core infrastructure that customers own and manage, or an IaaS offering. While this implies that you have less control over its implementation, it also means that you do not have to dedicate resources to its deployment or maintenance. You also do not have to develop additional functionality natively unavailable in AD DS, such as support for Multi-Factor Authentication, because this is a part of Azure AD functionality.
Types of Tiers Azure AD constitutes a separate Azure service. Its most elementary form, which any new Azure subscription automatically includes, does not incur any extra cost and is referred to as Free tier. Some advanced identity management features require paid versions of Azure AD, offered in the form of Basic and Premium tiers. Some of these features are also automatically included in Azure AD instances generated as part of Office 365 subscriptions. In addition to differences in functionality, the Free tier is a subject to the 500,000 object limit and does not carry out any service level agreement (SLA) obligations. Both Basic and Premium tiers do not impose restrictions on the total number of directory objects and are bundled with 99.9 percent uptime SLA.
Tenants Unlike AD DS, Azure AD is multi-tenant by design, and is implemented specifically to ensure isolation between its individual directories. It is the world’s largest multi-tenant directory, hosting well over a million directory services instances, with billions of authentication requests per week. The term tenant in this context typically represents a company or organization that signed up for a subscription to a Microsoft cloud-based service such as Office 365, Windows Intune, or Microsoft Azure, which leverages Azure AD but also includes individual users.
Directories When you create your first Microsoft cloud service subscription, you will also automatically generate a new Azure AD directory instance, also referred to simply as directory. The directory is assigned the default DNS domain name, consisting of a unique name of your choice followed by the onmicrosoft.com suffix. It is possible and quite common to add at least one custom domain name that utilizes the DNS domain namespace that the tenant owns. The directory serves as the security boundary and a container of Azure AD objects, such as users, groups and applications. It is possible for a single directory to support multiple cloud service subscriptions. The Azure AD schema contains fewer object types than the schema of AD DS. Most notably, it does not include definition of the computer class, since there is no process of joining computers to Azure AD. It does, however, facilitate device registration, similar to the Workplace Join feature of AD DS. It is also easily extensible, and its extensions are fully reversible. The lack of support for domain membership means that you cannot use Azure AD to manage computers or user settings by using Group Policy objects (GPOs). Instead, its primary strength lies in providing directory services; storing and publishing user, device, and application data; and handling the authentication and authorization of the users, devices, and applications. These features are effective and efficient in existing deployments of cloud services such as Office 365, which rely on Azure AD as their identity provider and support millions of users.
Azure AD Identity Models Applications are represented in Azure AD by objects of the Application class and servicePrincipal class, with the former containing an application definition and the latter constituting its instance in the current Azure AD directory. Separating these two sets of characteristics allows you to define an application in one directory and use it across multiple directories by creating a service principal object for this application in each directory. This facilitates deploying applications to multiple tenants.
7-6 Azure Active Directory
Delegation model Due to its operational model as SaaS, and its lack of both management capabilities via Group Policy settings and support for computer objects, the delegation model in Azure AD is considerably simpler than the same model in AD DS. In all three tiers, there are several built-in roles, including Global Administrator, Billing Administrator, Service Administrator, User Administrator, and Password Administrator. Each of these roles provides different levels of directory-wide permissions to its objects. By default, the administrators of the subscription hosting the Azure AD instance are its Global Administrators, with full permissions to all objects in their directory instance. Some of the management actions are invoked from the Azure Portal leverage groups, but their availability depends on the Azure AD tier. For example, in Azure AD Free, users can gain access to a set of designated applications via Access Panel.
Additional Reading: The Access Panel is available at http://go.microsoft.com/fwlink/?LinkID=517436. With Azure AD Basic, such access can also be granted based on the group membership. The Premium tier further extends this functionality by offering delegated and self-service group management, allowing users to create and manage their own groups, and request membership in groups created by others.
Role-based access control The delegation model described above applies to the graphical interface available in the full Azure Portal. The Preview Portal offers a much more flexible and granular way of restricting management of Azure resources by implementing role-based access control. This mechanism relies on three built-in roles: owner, contributor, and reader. Each of these roles performs a specific set of actions on Azure resources that are exposed via the Preview Portal, resources such as websites or SQL databases. The intended access is granted by associating an Azure AD object (such as a user, group, or service principal) with a role and a resource appearing in the Azure Preview Portal. Note that this approach applies only to resources that are available via the Preview Portal. Azure AD does not include the organizational unit class, which means that you cannot arrange its objects into a hierarchy of custom containers, frequently used in on-premises AD DS deployments. This is not a significant shortcoming, because organizational units in AD DS are used primarily for Group Policy scoping and delegation. Instead, you can accomplish equivalent arrangements by organizing objects based on their attribute values or group membership.
Azure AD Federations In Azure AD, AD DS federations have replaced trust relationships between domains and forests. This allows for the integration of its directories with cloud services and for interaction with directory instances of other Azure AD tenants and other identity providers. For example, such federation trust exists between Azure AD and the Microsoft identity provider that hosts Microsoft accounts (formerly known as Live ID accounts). This means that an Azure AD directory user account can directly reference an existing Microsoft account, making it possible to use the latter to sign in to Azure AD. You can also use AD FS and Web Application Proxy to establish such federations with on-premises AD DS deployments. The use of federations eliminates dependency on AD DS protocols, such as Kerberos, which are best suited for on-premises, LAN-based communication that for which trust relationships were designed. Instead, the federation traffic travels over cloud-friendly HTTPS, carrying WS-Trust, WS-Federation, SAML, or OAuth messages. Instead of using LDAP-based lookups, Azure AD queries rely on AD Graph application programming interface (API).
Microsoft Azure Fundamentals
7-7
Azure AD Identity Support Due to its built-in capabilities as an identity provider and support for federations, Azure AD provides flexibility in designing an identity solution for your organizational or business needs. This gives you three high-level design choices: •
•
•
Fully delegating authentication and authorization to Azure AD. Effectively, this means that identity data, including user credentials, resides only in the cloud. The identities can be defined directly in Azure AD, or they can be sourced from existing Microsoft accounts, based on the federation with the Microsoft identity provider. You may prefer this choice if you do not have an existing or significant on-premises AD DS deployment. Maintaining an on-premises authoritative source of the identity data in AD DS, which is synchronized in regular intervals to Azure AD. This way, Azure AD can authenticate and authorize users, but you retain control over their state on-premises. This approach simplifies application support of AD DS users who are not operating on-premises. It is also suitable in scenarios where a large number of AD DS users rely on Azure cloud services, such as Office 365, to access their applications. Taking advantage of the AD FS capabilities which this topic covered earlier. This involves forming a federation between your on-premises AD DS and Azure AD. Authentication requests submitted to Azure cloud services are redirected from the cloud to your on-premises AD DS via the AD FS server. In effect, this allows you to provide authentication and authorization to cloud-based services by using your on-premises AD DS. This approach is similar to the second one, but its distinct advantage is support for SSO.
Demonstration: Creating Domains and Users In this demonstration, you will see how to: •
Create a directory and a custom domain and view the verification DNS records.
•
Create a user account.
Additional Reading: For information on creating or editing users, go to http://go.microsoft.com/fwlink/?LinkID=517437.
Demonstration Steps Create a custom domain and view the verification DNS records 1.
Start Internet Explorer and sign in to the full Azure Portal by using the Microsoft account that is associated with your Azure subscription.
2.
Add a new directory with the following settings: o
NAME: Adatum
o
DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456)
o
COUNTRY OR REGION: United States
3.
Add a custom domain called contoso.com.
4.
Identify DNS records that you need to create, in order to verify the newly created domain.
7-8 Azure Active Directory
Create a user account 1.
Create a user in the default directory with the following settings: o
USER NAME: adam
o
FIRST NAME: Adam
o
LAST NAME: Brooks
o
DISPLAY NAME: Adam Brooks
o
ROLE: Global Administrator
o
o
ALTERNATE EMAIL ADDRESS: an alternate email address. In this case, for example, we are using the Microsoft account associated with the current Azure subscription Enable Multi-Factor Authentication: Not selected
2.
Note the value for NEW PASSWORD.
3.
As a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.
Demonstration: Assigning Users to Applications In this demonstration, you will see how to: •
Add a directory application.
•
Assign a directory application to a user.
Demonstration Steps Add a directory application •
Add Microsoft OneDrive application to the directory.
Assign a directory application to a user 1.
Assign the Microsoft OneDrive application to Adam Brooks with single sign-on enabled.
2.
Type your email address and password to provide SSO to the application for the user.
Microsoft Azure Fundamentals
7-9
Lesson 2
Manage Authentication Azure AD enhances authentication security and simplifies user experience by supporting Multi-Factor Authentication and SSO. In this module, you will learn how to implement and take advantage of both of these features.
Lesson Objectives After completing this lesson, you should be able to: •
Describe benefits of Multi-Factor Authentication provided by Azure AD.
•
Describe benefits of SSO provided by Azure AD.
•
Configure Multi-Factor Authentication and SSO in Azure AD.
•
Access applications via Access Panel.
Multi-Factor Authentication The purpose of Multi-Factor Authentication is to increase security. Traditional, standard authentication requires knowledge of logon credentials, typically consisting of a user name and the associated password. Multi-Factor Authentication adds an extra verification that relies on either having access to a device that is assumed to be in the possession of the rightful owner or, in the case of biometrics, having physical characteristics of that person. This additional requirement makes it considerably more difficult for an unauthorized individual to compromise the authentication process.
Microsoft Azure Multi-Factor Authentication Microsoft Azure Multi-Factor Authentication is integrated into Azure AD. It allows the use of a phone as the physical device providing a means of confirming the user’s identity. The process of implementing Multi-Factor Authentication for an Azure AD user account starts when a user with the global administrator role enables the account for Multi-Factor Authentication from the Azure Portal. At the next logon attempt, the user is prompted to set up the authentication by selecting one of the following options: •
•
•
Mobile phone. Requires the user to provide a mobile phone number. The verification can be in the form of a phone call (at the end of which, the user must press the pound key) or a text message. Office phone. Requires the specification of the OFFICE PHONE entry of the user’s contact info in Azure AD. The administrator must preconfigure this entry and the user cannot modify or provide this entry at the verification time. Mobile app. Requires the user to have a smart phone on which he or she must install and configure the mobile phone app.
7-10 Azure Active Directory
App passwords As part of the verification process, the user is also given an option to generate app passwords. This is because the use of Multi-Factor Authentication is limited to authenticating access to applications and services via a browser. Effectively, it does not apply to traditional desktop applications or modern apps, such as Microsoft Outlook, Microsoft Lync, or mobile apps for email. Randomly generated app passwords can then be assigned to individual apps by using their configuration settings. App passwords can be a potential security vulnerability. Therefore, as an administrator, you can prevent all directory users from creating app passwords. You also can invalidate all app passwords for an individual user if the computer or device where the apps are installed is compromised. Once the verification process is successfully completed, Multi-Factor Authentication status for the user changes from enabled to enforced. The same verification process repeats during every subsequent authentication attempt. The Additional security verification option appears in the Access Panel, reflecting the status change. From the Access Panel, you can choose and configure a different verification mechanism and generate app passwords. Generating app passwords is especially important, because without app passwords assigned, desktop apps and modern apps that rely on authenticated access to Azure AD will fail to connect to cloud services.
Additional Reading: To read more about Azure Multi-Factor Authentication, go to http://go.microsoft.com/fwlink/?LinkID=517438.
SSO via Access Panel SSO allows users to access software as a service (SaaS) applications available from the Azure AD application gallery, as well as custom, in-house developed applications which reside on-premises or have been published to Azure AD, without having to provide their username and password when they are launched. This is accomplished by leveraging one of two distinct abilities of Azure AD. The first facilitates secure storage of user credentials and the second relies on support for federated trusts with other cloud services and identity providers. A number of commercial applications with SSO capabilities (such as Office 365, Box, or Salesforce) are preconfigured for integration with Azure AD and published in its application gallery.
Additional Reading: To view the Azure AD application gallery, go to http://go.microsoft.com/fwlink/?LinkID=517439. Once Azure AD administrators have assigned these applications to users and configured them for SSO, they automatically appear in the Access Panel. Individual users can sign in to the Access Panel by providing their Azure AD credentials. However, users will not be prompted for their credentials when opening the Access Panel or launching its applications if Azure AD has already authenticated their cloud or federated account.
Microsoft Azure Fundamentals
7-11
You can use the following three mechanisms to implement SSO support: •
•
•
Password-based SSO with Azure AD storing credentials for each user of a password-based SSO application. When Azure AD administrators assign a password-based SSO app to an individual user, they have the option to enter app credentials on the user's behalf. If users change their credentials after being assigned an app, they can update their stored credentials directly from the Access Panel. In this scenario, when accessing a password-based SSO app, users first rely on their Azure AD credentials to authenticate to the Access Panel. When a user launches an app, Azure AD transparently extracts the user's app-specific stored credentials and securely relays them to its provider as part of the browser's session. Azure AD SSO, with Azure AD establishing a federated trust with federation-capable SSO applications. In this case, adding an application to the Azure AD directory involves creating a federated trust with the application. Effectively, the application provider relies on the Azure AD directory to handle the user's authentication, and considers the user to be already authenticated when the user launches the application. Existing SSO with Azure AD leveraging an existing federated trust between the application and an SSO provider, such as AD FS. This is similar to the second mechanism because there are no separate application credentials involved. However, in this case, the application provider trusts an identity provider other than Azure AD. The Access Panel application entry redirects the authentication request to that provider.
Effectively, Azure AD serves as a central point of managing application authentication and authorization. You can also use Azure AD SSO functionality to control access to on-premises applications or applications developed in-house. The Azure Portal facilitates both of these scenarios by creating required applicationrelated objects in Azure AD. On-premises applications require additional configuration, which includes installation of the application proxy connector on-premises and enabling application proxy in Azure AD.
Demonstration: Configuring Multi-Factor Authentication In this demonstration, you will see how to: •
Configure the Office Phone property for an Azure AD user account.
•
Enable Multi-Factor Authentication for an Azure AD user account.
Demonstration Steps Configure the Office Phone property for an Azure AD user account 1.
Sign in to the Azure Portal by using your Azure subscription.
2.
Enter OFFICE PHONE number for Adam Brooks.
Configure Multi-Factor Authentication for an Azure AD user account 1.
Launch the multi-factor authentication service portal.
2.
Enable Multi-Factor Authentication for Adam Brooks.
7-12 Azure Active Directory
Demonstration: Accessing Applications Through the Access Panel In this demonstration, you will see how to: •
Authenticate as a user with Multi-Factor Authentication enabled.
•
Access SSO applications via the Access Panel.
Demonstration Steps Authenticate as a user with Multi-Factor Authentication enabled 1.
Sign in to the Access Panel at https://myapps.microsoft.com by using the adam user account.
2.
Change the temporary password assigned to the adam user account.
3.
Configure Multi-Factor Authentication verification options for the adam user account.
Access SSO applications via the Access Panel 1.
From the Access Panel, install Access Panel Extensions. This will close all Internet Explorer windows.
2.
Sign in again to the Access Panel by providing adam user account credentials.
3.
Authenticate by using Multi-Factor Authentication.
4.
Launch the Microsoft OneDrive application from the Access Panel.
5.
Sign out from Microsoft OneDrive and from the Access Panel.
6.
Close Internet Explorer.
Microsoft Azure Fundamentals
7-13
Lab: Create Users in Azure Active Directory Scenario Now that you have configured several services in Microsoft Azure, you need to create user accounts for employees to securely access the services. In the long term, you plan to migrate existing organizational accounts to Azure, but, initially, you want to test Azure AD with a separate Azure AD directory instance.
Objectives After completing this lab, you will be able to: •
Create an Azure AD directory.
•
Create users in an Azure AD directory.
Estimated Time: 30 minutes Sign in to your classroom computer by using the credentials your instructor provides.
Exercise 1: Create an Azure AD Directory Scenario To prepare for testing user management in Azure AD, you first need to create a new Azure AD directory. You will use Azure Portal to accomplish this task. The main task for this exercise is as follows: 1.
Create an Azure AD directory.
Task 1: Create an Azure AD directory
1.
In Internet Explorer, browse to http://azure.microsoft.com and sign in to Azure Portal by using the Microsoft account that is associated with your Azure subscription.
2.
Create a new directory within the existing subscription with the following settings: o
DIRECTORY: Create new directory
o
NAME: Adatum
o
DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456)
o
COUNTRY OR REGION: United States
Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory (Azure AD) directory by using Azure Portal.
7-14 Azure Active Directory
Exercise 2: Create Users in Azure Active Directory Scenario To test Azure AD functionality, you already created a test directory. Now it is time to create test user accounts, add an existing Microsoft Account, and configure that account as a Global Administrator of the directory. You will use Azure Portal to accomplish this task. The main tasks for this exercise are as follows: 1.
Create users in an Azure AD directory.
2.
Add a Microsoft account to an Azure AD directory.
3.
Configure a user account as a Global Administrator of an Azure AD directory.
4.
View Azure AD directory users and administrators.
Task 1: Create users in an Azure AD directory
1.
Create the following user in the Adatum directory: o
USER NAME: deanna
o
FIRST NAME: Deanna
o
LAST NAME: Ball
o
DISPLAY NAME: Deanna Ball
o
ROLE: User
o
Enable Multi-Factor Authentication: Not selected
2.
Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.
3.
Create the following user in the Adatum directory:
4.
o
USER NAME: kari
o
FIRST NAME: Kari
o
LAST NAME: Tran
o
DISPLAY NAME: Kari Tran
o
ROLE: Global Administrator
o
Enable Multi-Factor Authentication: Not selected
Note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.
Task 2: Add a Microsoft account to an Azure AD directory •
Add an Azure AD user with the following settings: o
TYPE OF USER: User with an existing Microsoft account
o
USER NAME: type the name of an existing Microsoft account that the instructor provided
o
FIRST NAME: Leave blank
o
LAST NAME: Instructor
o
DISPLAY NAME: Instructor
o
ROLE: User
Microsoft Azure Fundamentals
7-15
Task 3: Configure a user account as a Global Administrator of an Azure AD directory •
Configure the Instructor account as the Global Administrator of the Adatum Azure AD directory.
Task 4: View Azure AD directory users and administrators
1.
Use the USERS tab of the Adatum Azure AD directory to view all user accounts, including Microsoft accounts that have been added to the directory.
2.
Use the multi-factor authentication page to view members of built-in Azure AD organizational roles.
Results: After completing this exercise, you will have used Azure Portal to create an Azure AD directory user account, add a Microsoft Account to Azure AD directory and configure it as a Global Administrator, and view the results of these actions.
7-16 Azure Active Directory
Module Review and Takeaways Review Question Question: What are some benefits of using Azure AD as an identity provider?
8-1
Module 8 Microsoft Azure Management Tools Contents: Module Overview
8-1
Lesson 1: Azure PowerShell
8-2
Lesson 2: The Azure SDK and the Azure Cross-Platform Command-Line Interface
8-8
Lab: Using Microsoft Azure Management Tools
8-13
Module Review and Takeaways
8-16
Module Overview The Microsoft Azure portals provide a graphical interface for managing your Azure subscriptions and services. However, for certain management tasks and operations, the Azure portals might not be the best management tools to use. Typically, as a developer, you might want to automate some management tasks by creating reusable scripts, or combine management of Azure resources with management of other network and infrastructure services. To enable you to manage Azure by using a command-line interface, Microsoft provides Windows PowerShell and the Azure cross-platform command-line interface. In addition to these command-line tools, you can use Microsoft Visual Studio 2013 to manage aspects of your Azure subscription.
Objectives After completing this module, you will be able to: •
•
Describe and use Windows Azure PowerShell to manage your Azure subscription. Describe and use Microsoft Visual Studio and the Azure cross-platform command-line interface to manage your Azure subscription.
8-2 Microsoft Azure Management Tools
Lesson 1
Azure PowerShell Windows PowerShell provides a scripting platform that you can use to manage Windows operating systems. You can extend the Windows PowerShell platform to a wide range of other infrastructure elements, including Azure, by importing modules of encapsulated code called cmdlets. This lesson explores how you can use Windows PowerShell to connect to an Azure subscription, and provision and manage Azure services.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Windows PowerShell.
•
Describe how to use Azure PowerShell.
•
Explain how to manage Azure accounts and subscriptions by using the Azure PowerShell module.
•
Install the Azure PowerShell module and connect to Azure by using the account credentials.
Introduction to Windows PowerShell Windows PowerShell is a scripting language and command-line interface that is designed to help you perform day-to-day administrative tasks. Windows PowerShell constitutes cmdlets that you execute at a Windows PowerShell command prompt, or combine into Windows PowerShell scripts. An increasing number of Microsoft products have graphical interfaces that build Windows PowerShell commands. These products allow you to view the generated Windows PowerShell script so you can execute the task at a later time without having to complete all of the steps in the GUI. The ability to automate complex tasks simplifies a server administrator’s job and saves time. You can extend Windows PowerShell functionality by adding modules. For example, the Azure module includes Windows PowerShell cmdlets that are specifically useful for performing Azure–related management tasks. Windows PowerShell includes features such as tab completion, which allows administrators to complete commands by pressing the tab key rather than having to type the complete command. You can learn about the functionality of any Windows PowerShell cmdlet by using the Get-Help cmdlet. Windows PowerShell cmdlets use a verb-noun syntax. Each noun has a collection of associated verbs. The available verbs vary with each cmdlet’s noun. Common Windows PowerShell cmdlet verbs include: •
Get
•
New
•
Set
Microsoft Azure Fundamentals
•
Restart
•
Resume
•
Stop
•
Suspend
•
Clear
•
Limit
•
Remove
•
Add
•
Show
•
Write
8-3
You can view the available verbs for a particular Windows PowerShell noun by executing the following command: Get-Command -Noun NounName
You can view the available Windows PowerShell nouns for a specific verb by executing the following command: Get-Command -Verb VerbName
Windows PowerShell parameters start with a dash. Each Windows PowerShell cmdlet has its own associated set of parameters. You can learn what the parameters are for a particular Windows PowerShell cmdlet by executing the following command: Get-Help CmdletName
You can determine which Windows PowerShell cmdlets are available by executing the Get-Command cmdlet. The Windows PowerShell cmdlets that are available depend on which modules are loaded. You can load a module by using the Import-Module cmdlet.
Introduction to Azure PowerShell Before you can use Windows PowerShell to manage Azure services, you must ensure that Windows PowerShell is installed, and then you must add the required Windows PowerShell modules. There are two Windows PowerShell libraries that you can install to manage Azure. •
Azure PowerShell. This is the primary Windows PowerShell library for managing Azure services, and you can install it using the Microsoft Web Platform Installer.
Additional Reading: To view the link to the latest version of Azure PowerShell, go to http://go.microsoft.com/fwlink/?LinkID=517448.
8-4 Microsoft Azure Management Tools
Azure PowerShell includes the following modules: o
Azure. A core set of cmdlets for managing Azure services.
o
AzureResourceManager. A set of cmdlets for managing resource groups.
o
AzureProfile. A set of cmdlets for managing authentication and execution context.
In many cases,this is the only Azure PowerShell library that you require. The Azure PowerShell module has a dependency on the Microsoft .NET Framework 4.5, and the Web Platform Installer checks for this during installation. •
Azure AD PowerShell. If you plan to implement Active Directory (AD) in Azure, you can install the Azure AD PowerShell library to manage users, groups, and other aspects of the directory from Windows PowerShell. Before you can install the Azure AD module, you must install the Microsoft Online Services Single Sign-In Assistant. You can obtain both of these components from http://go.microsoft.com/fwlink/?LinkID=517449.
Managing Azure Accounts and Subscriptions with Windows PowerShell After you install the Azure PowerShell module, you must connect it to the Azure subscriptions that you want to manage with it. Connecting to the Azure subscriptions requires that you authenticate, and you can take two approaches to accomplish this: Azure AD authentication and certificate-based authentication. •
Azure AD Authentication. You can use Azure AD authentication to sign in to an Azure account using one of the following types of credential: o
o
A Microsoft account associated with an Azure subscription. An organizational account defined in Azure Active Directory.
To connect an Azure account to the local Windows PowerShell environment, you can use the Add-AzureAccount cmdlet. This opens a browser window through which you can interactively sign in to Azure by entering a valid user name and password. Azure AD authentication is token-based, and after signing in, the user remains authenticated until the authentication token expires. The expiration time for an Azure AD token is 12 hours, although you refresh it in the Windows PowerShell session. After you have authenticated, you can use the Get-AzureAccount cmdlet to view a list of Azure accounts you have associated with the local Windows PowerShell environment, and you can use the Get-AzureSubscription cmdlet to view a list of subscriptions associated with those accounts. If you have multiple subscriptions, you can set the current subscription by using the Set-AzureSubscription cmdlet with the name of the subscription that you want to use.
Microsoft Azure Fundamentals
•
8-5
Certificate-Based Authentication. Most tools for managing Azure support Azure AD authentication, and we recommend that you use the authentication model. However, in some cases it might be more appropriate to authenticate by using a management certificate. Examples of where certificate-based authentication is appropriate include earlier versions of tools that do not support Azure AD authentication, or Windows PowerShell scripts that will run for long periods of time during which an authentication token might expire.
Note: An Azure management certificate is an X.509 (v3) certificate that associates a client application or service with an Azure subscription. You can use an Azure-generated management certificate, or you can generate your own by using your organization’s public key infrastructure (PKI) solution or a utility such as Makecert. You can view the information and certificate for your Azure subscription by using the Get-AzurePublishSettingFile cmdlet. This cmdlet downloads a .publishsettings file that contains information and a certificate for your Windows Azure subscription.
Note: The downloaded file is used by the Import-AzureSubscription cmdlet and is an XML file with a ".publishsettings" extension.
Using Azure PowerShell Cmdlets After you have connected your Windows PowerShell environment to your Azure subscription, you can use Azure cmdlets to view, provision, and manage Azure services. The Azure PowerShell library provides two operational modes. In one mode, cmdlets from the Azure module are available, and in the other mode, cmdlets from the AzureResourceManager module are available. Cmdlets from the AzureProfile module are available in both modes. To switch between modes, you can use the Switch-AzureMode cmdlet, which is defined in the AzureProfile module. Using the Switch-AzureMode cmdlet # Switch to Resource Manager mode (activate the AzureResourceManager module) Switch-AzureMode -Name AzureResourceManager # Switch back to service manager mode (activate the Azure module) Switch-AzureMode -Name AzureServiceManagement
Service Management Mode By default, the Azure module is active and Azure PowerShell is in the Service Management mode. The Azure module contains a comprehensive set of cmdlets, which you can use to view, create, and manage individual Azure services in your subscription. For example, you can use the New-AzureWebsite cmdlet to create an Azure website, or use the Get-AzureStorageAccount cmdlet to get a reference to an existing storage account. For a full list and summary description of the cmdlets in the Azure module, you can use the Windows PowerShell Get-Command cmdlet. To display syntax for a specific Azure cmdlet, you can use the Get-Help cmdlet.
8-6 Microsoft Azure Management Tools
Viewing information about Azure module cmdlets # Get a list of cmdlets in the Azure module Get-Command -Module Azure | Get-Help | Format-Table Name, Synopsis # Get the syntax for a specific cmdlet Get-Help New-AzureVM # Get an example Get-Help New-AzureVM –Example
Resource Manager Mode In Resource Manager mode, you can use Windows PowerShell to create and manage Azure resources in resource groups. This approach makes it easier to manage related sets of resources as a unit. For example, you could use the Get-AzureResourceGroup cmdlet to get a reference to an existing resource group, or use the Remove-AzureResourceGroup cmdlet to remove a resource group and all the resources that it contains. You can use the Get-Command and Get-Help cmdlets to view information about the cmdlets in the AzureResourceManager module. Viewing information about AzureResourceManager cmdlets # Switch to Resource Manager mode Switch-AzureMode -Name AzureResourceManager # Get a list of cmdlets in the AzureResourceManager module Get-Command -Module AzureResourceManager | Get-Help | Format-Table Name, Synopsis # Get the syntax for a specific cmdlet Get-Help Remove-AzureResourceGroup # Get an example Get-Help Remove-AzureResourceGroup -Example
Note: The AzureResourceManager module is currently in preview, and it does not support all the functionality in the Azure module. Additionally, you cannot use the AzureResourceManager module in a certificate-based authentication session.
Demonstration: Installing the Azure PowerShell Module and Connecting to Azure by Using Account Credentials In this demonstration, you will see how to: •
Install the Windows PowerShell Azure module.
•
Connect to your Azure subscription.
•
Use Azure PowerShell cmdlets.
Microsoft Azure Fundamentals
Demonstration Steps Install Windows PowerShell Azure Module 1.
Download and install the Windows PowerShell modules for Azure from http://azure.microsoft.com/en-us/downloads/.
Connect to your Azure subscription 1.
Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.
2.
Add your Azure account to the local PowerShell environment by using Azure AD authentication. When prompted, sign in using the Microsoft account associated with your Azure subscription: Add-AzureAccount
Use Azure PowerShell Cmdlets 1.
Verify that your account and subscription are connected to the local PowerShell environment: Get-AzureAccount Get-AzureSubscription
Note: If you have more than one subscription, you must select the Azure Pass subscription. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 2.
Create a new website and view its properties. Substitute the #### with a random number. New-AzureWebsite MySite#### get-AzureWebsite MySite####
3.
When you have finished, close Windows PowerShell ISE.
8-7
8-8 Microsoft Azure Management Tools
Lesson 2
The Azure SDK and the Azure Cross-Platform CommandLine Interface The Azure Software Developers Kit (SDK) enables developers that are familiar with Visual Studio to use these skills to develop apps, websites, web apps, and web services for Microsoft Azure. The Azure crossplatform command-line interface provides administrators with a scriptable command-line tool with which they can administer their Microsoft Azure subscription and Azure services. This lesson discusses these tools.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the components of the Azure SDK.
•
Describe the Azure Cross-Platform Command-Line Interface.
•
Explain how to install and use the Azure Cross-Platform Command-Line Interface.
What Is the Azure SDK? The Azure Software Developers Kit (SDK) for .NET is a group of Visual Studio tools, command-line tools, runtime binaries, and client libraries that your development team can use to develop, test, and deploy apps that run in Azure.
Note: Developers can use Visual Studio 2013 to create a variety of apps: Windows Store apps, Windows Phone apps, desktop apps, web apps, and web services. Developers can code in Visual Basic, Visual C#, Visual C++, Visual F#, and JavaScript, and also can develop their apps in different languages.
Note: You can download the SDK from the Azure Downloads page. The Azure SDK for .NET installs the following products: •
Microsoft Visual Studio Express for Web. Provides you with tools to create standards-based websites using ASP.NET. You can publish your web application directly to Azure from the IDE.
Note: If your local computer does not have Visual Studio installed, then the Azure SDK installs Visual Studio Express for Web.
Microsoft Azure Fundamentals
•
•
•
Microsoft ASP.NET and Web Tools for Visual Studio. Enables you to work with your Azure-based websites to: o
Publish web projects to Azure websites.
o
Publish console application projects.
o
Create Azure websites and Windows Azure SQL Database resources.
o
Create Windows PowerShell deployment scripts.
o
Manage and troubleshoot Azure Websites.
Microsoft Azure Tools for Microsoft Visual Studio. Enables you to work with Azure Cloud Services and Virtual Machines to: o
Create, open, and publish cloud service projects.
o
Create deployment packages for cloud service projects.
o
Create Azure virtual machines.
o
Create Windows PowerShell scripts.
o
View and manage cloud service project settings.
o
View and manage cloud services, virtual machines, and Service Bus.
Microsoft Azure Authoring Tools. Includes the following: o
o
o
•
•
•
8-9
The CSPack command-line tool for creating deployment packages. The CSEncrypt command-line tool for encrypting passwords that you can use to access cloud service role instances using a remote desktop connection. Runtime binaries that cloud service projects require for communicating with their runtime environment and for diagnostics.
Microsoft Azure Emulator. Simulates the cloud service environment so that you can test cloud service projects locally on your computer before you deploy them to Azure. Microsoft Azure Storage Emulator. Uses a SQL Server instance and the local file system to simulate Azure Storage (queues, tables, blobs), so that you can test locally. Microsoft Azure Storage Tools. Installs AzCopy, a command-line tool that you can use to transfer data into and out of an Azure Storage account.
Note: AzCopy is a command-line utility designed for high-performance uploading, downloading, and copying data to and from Microsoft Azure Blob and File storage.
•
Microsoft Azure Libraries for .NET. include: o
NuGet packages for Azure Storage, Service Bus, and Caching that are stored on your computer so that Visual Studio can create new cloud service projects while it is offline.
Note: NuGet is the package manager for the Microsoft development platform.
o
A Visual Studio plug-in that enables Azure In-Role Cache projects to run locally in Visual Studio.
8-10 Microsoft Azure Management Tools
Note: In-Role Cache allows you to host caching within your roles. This cache can be used by any roles within the same cloud service deployment.
•
LightSwitch for Visual Studio publishing add-on. Yo u can use this add-on to publish LightSwitch projects to Azure Websites.
Note: Both the Visual Studio Updates and the Azure SDK for .NE T include the LightSwitch add-on. By installing the SDK, you can ensure that you have the latest version of the add-on.
Introduction to the Azure Cross-Platform Command-Line Interface The Azure Cross-Platform Command-Line Interface provides a set of cross-platform commands you use to work with the Azure your Azure subscription. Azure cross-platform command-line interface provides much of the same functionality found in the Azure portal, such as the ability to manage websites, virtual machines, mobile services, SQL Database, and other services.
Additional Reading: To download the Azure cross-platform command-line interface, go to http://go.microsoft.com/fwlink/?LinkID=517448. After you have installed the Azure Cross-Platform Command-Line Interface, you must sign in to your Azure subscription. You can either sign in by using an organizational account, or by downloading and using a publish settings file. Use the following procedure to sign in by using an organization account: 1.
Open Windows PowerShell.
2.
Run the azure login [username] [password] command.
To sign in using a publish settings file, perform the following procedure: 1.
Open Windows PowerShell.
2.
Run the azure account download command.
Note: If you are not already connected to your Azure subscription, you will be prompted to sign in. 3.
A web browser window opens. You are prompted to download the publish settings file. This file has a .publishsettings extension.
4.
Run the azure account import [path to .publishsettings file] command.
You now can use the azure command from the Windows PowerShell command-line to manage your Azure subscription.
Note: All commands must be preceded with the word azure.
Microsoft Azure Fundamentals
8-11
You can manage Azure services easily from the command prompt. For example, you can manage your websites by using the Azure Cross-Platform Command-Line Interface. Use the following command to create a new website: azure site create mywebsite
Use this command to list your websites: azure site list
The following command will delete a named website: azure site delete mywebsite
You can also create complex scripts by using this command: azure site list | grep 'Running' | awk '{system("azure site stop "$2)}'
The preceding code pipes a list of websites to the grep command; this inspects each line for the string 'Running'. Any lines that match are then piped to the awk command; this calls Azure site stop and uses the second column passed to it (the running site name) as the site name to stop.
Demonstration: Installing and Using the Azure Cross-Platform CommandLine Interface In this demonstration, you will see how to: •
Install the Microsoft Azure Cross-platform command-line tools.
•
Use the Microsoft Azure Cross-platform command-line tools.
Demonstration Steps Install the Microsoft Azure Cross-platform command-line tools 1.
Switch to the Web Platform Installer 5.0 window.
2.
Install the Microsoft Azure Cross-platform Command Line Tools .
Use the Microsoft Azure Cross-platform command-line tools 1.
Open Windows PowerShell ISE.
2.
Export the account information required to sign in to your Azure subscription. Azure account download
3.
Import the account information, and then sign in to your Azure subscription. Azure account import filename
8-12 Microsoft Azure Management Tools
4.
List all available websites within your subscription. Azure site list
5.
Stop the website: Azure site stop MySite####
6.
Sign out from your Azure subscription, and close all open applications.
Microsoft Azure Fundamentals
8-13
Lab: Using Microsoft Azure Management Tools Scenario Much of your on-premises administration is automated with Windows PowerShell scripts, and you have decided to test the use of Windows PowerShell and the Microsoft Azure Cross-platform command-line tools with Microsoft Azure to help to automate administrative tasks.
Objectives After they complete this lab, the students will have: •
Installed and used Azure PowerShell.
•
Installed and used the Azure cross-platform command-line tools.
Lab Setup Estimated Time: 40 minutes Sign in to your classroom computer by using the credentials your instructor provides.
Note: To complete the lab in this module, you must have completed the labs in Module 1 of this course.
Exercise 1: Use the Azure PowerShell Modules Scenario In this exercise, you will install and use the Windows PowerShell module for Microsoft Azure. The main tasks for this exercise are as follows: 1.
Install the Windows PowerShell Azure module.
2.
Connect to your Azure subscription.
3.
Use Azure PowerShell cmdlets.
Task 1: Install the Windows PowerShell Azure module •
Download and install the Windows PowerShell modules for Azure from http://azure.microsoft.com/en-us/downloads/.
Task 2: Connect to your Azure subscription
1.
Start the Windows PowerShell interactive scripting environment (ISE) as Administrator.
2.
Add your Azure account to the local PowerShell environment by using Azure AD authentication. When prompted, sign in by using the Microsoft account associated with your Azure subscription. Add-AzureAccount
8-14 Microsoft Azure Management Tools
Task 3: Use Azure PowerShell cmdlets
1.
Verify that your account and subscription are connected to the local Windows PowerShell environment: Get-AzureAccount Get-AzureSubscription
Note: If you have more than one subscription, you must select the Azure Pass subscription. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 2.
Create a new website, and view its properties. Substitute the #### with a random number. Use the same number in both commands. New-AzureWebsite New-AzureWebsite MySite#### get-AzureWebsite get-AzureWebsite MySite####
3.
When you have finished, leave Windows PowerShell ISE running.
4.
In Internet Explorer, open a new tab and browse to http://azure.microsoft.com http://azure.microsoft.com,, click Portal, Portal, and then sign in using the Microsoft account that is associated with your Azure subscription. Verify that your website exists.
Results: Results: After you complete this exercise, you will have successfully installed and used the Windows PowerShell module for Microsoft Azure.
Exercise 2: Use the Azure A zure Cross-Platform Command-Line Command-Line Interface Scenario In this exercise, you will install and use the Microsoft Azure cross-platform command-line tools. The main tasks for this exercise are as follows: 1.
Install the Microsoft Azure Cross-platform command-line tools.
2.
Use the Microsoft Azure cross-platform command-line tools.
Task 1: Install the Microsoft Azure Cross-platform command-line command-line tools
1.
Switch to the Web Platform Installer 5.0 window.
2.
Install the Microsoft Azure Cross-platform Command Line Tools .
Task 2: Use the Microsoft Azure cross-platform command-line tools
1.
Switch to Administrator: Windows PowerShell ISE. ISE .
2.
At the command prompt, type the following command, and then press Enter. This command downloads the credentials needed to connect to your Azure subscription. Azure account download
Note: If you are prompted, sign in to your Azure subscription.
Microsoft Azure Fundamentals
8-15
3.
Internet Explorer is opened and you are prompted to download a file. This is your published settings file. Click the down arrow next to Save, Save, and then click Save As. As.
4.
In the Save As dialog As dialog box, in the navigation pane, double-click Local Disk (C:), (C:), double-click Labfiles, Labfiles, and then click Save. Save.
5.
Switch to Administrator: Windows PowerShell ISE. ISE .
6.
At the command prompt, type the following command. This command imports the credentials needed to connect to your Azure subscription.
Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you created earlier and press Tab.
Azure account import C:\labfiles\ C:\labfiles\
7.
Press Enter to complete the import command.
8.
At the command prompt, type the following command, and then press Enter. Azure site list
9.
At the command prompt, type the following command, and then press Enter. Substitute the #### with the number you used in the last lesson to create your website. Azure site stop MySite####
10. At the command prompt, type the following command and then press Enter. Substitute account for for the credentials you use to connect to your Azure subscription. Azure logout account
Note: If you receive an error, continue. 11. Close all open windows and applications.
Results: Results: After completing this exercise, you will have successfully installed and used the Microsoft Azure cross-platform command-line tools.
8-16 Microsoft Azure Management Tools
Module Review and Takeaways Review Question Question: With Azure PowerShell, what is one advantage of using certificate authentication over Azure AD authentication when running long Windows PowerShell scripts?
Microsoft Azure Fundamentals
Course Evaluation Your evaluation of this course will help Microsoft understand the quality of your learning experience. Please work with your training provider to access the course evaluation form. Microsoft will keep your answers to this survey private and confidential and will use your responses to improve your future learning experience. Your open and honest feedback is valuable and appreciated.
8-17
L1-1
Module 1: Getting Started with Microsoft Azure
Lab: Use the Microsoft Azure Portal Exercise 1: Add a Co-Administrator Task 1: Connect to the Azure Portal
1.
Ensure that you are signed in to your local host.
2.
If necessary, start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
Task 2: Add a co-administrator
1.
In Internet Explorer, in the Azure portal, on the left side of the page, note the pane containing icons for each service. Then, at the bottom of this pane, click SETTINGS (you might need to use the scroll bar for the pane).
2.
On the settings page, on the SUBSCRIPTIONS tab, note the details of your subscription.
3.
Click the ADMINISTRATORS tab and verify that your Microsoft account is listed as the service administrator.
4.
At the bottom of the screen, click ADD.
5.
In the Specify a co-administrator for subscriptions dialog box, in the EMAIL ADDRESS box, type [email protected].
6.
Select the check box next to your subscription in the SUBSCRIPTION list below, and then click OK (the check box).
Results: After you complete this exercise, you should have successfully added a co-administrator to your Azure subscription.
In Internet Explorer, at the top-right of the Microsoft Azure management portal, click your Microsoft account name and then click View my bill. This opens a new tab in Internet Explorer.
2.
If prompted, sign in using the Microsoft account credentials associated with your Azure subscription.
3.
On the subscriptions page, click your subscription. Then review the summary of usage and billing that is displayed.
Task 2: View billing period
1.
Click Download usage details.
2.
In the Summary screen, click Download Usage.
3.
When prompted, click Open.
4.
Depending on installed software on your local computer, the file opens in Microsoft Excel. Review the information and then close Excel. Do not save the worksheet.
5.
Close the current Internet Explorer tab.
Results: After you complete this exercise, you should have successfully viewed your Azure subscription billing data.
L2-3
Module 2: Websites and Cloud Services
Lab: Websites and Cloud Services Exercise 1: Create a WordPress Website Task 1: Create a website
1.
Start Internet Explorer, and browse to http://azure.microsoft.com, click Portal, and sign in using the Microsoft account that is associated with your Azure subscription.
2.
In the Azure portal, on the navigation pane, click WEBSITES.
3.
Click NEW, and then click FROM GALLERY.
4.
In the ADD WEB APP Wizard, on the Find Apps for Microsoft Azure page, click BLOGS.
5.
In the A-Z list, click WordPress, and then click Next.
6.
On the Configure Your App page, in the URL box, type AdatumBlog####, where #### is a unique number. If your URL is unique, a green check mark displays.
7.
Leave DATABASE and WEBSCALEGROUP configured with default values.
8.
Select the appropriate REGION, and then click Next.
9.
On the New MySQL Database page, accept the default name.
10. In the REGION list, click the appropriate region. 11. Select the I agree to ClearDB’s legal terms … check box, and then click Complete.
Note: Your website is created. This may take a few minutes. Task 2: Install WordPress
1.
In the websites list, in the URL column, click the URL for your new website. Internet Explorer opens a new tab and navigates to your new website.
2.
On the WordPress website, in the languages list, click English (United States), and then click Continue.
3.
On the Welcome page, complete the Information needed section with the following information: a.
Site Title: AdatumMyBlog#### Where #### is a unique number.
4.
b.
Username: The email address associated with your Azure subscription.
c.
Password, twice: Pa$$w0rd.
d.
Your E-mail: The email address associated with your Azure subscription.
Click Install WordPress.
Task 3: Create a blog post
1.
In Internet Explorer, on the Success webpage, click Log In.
2.
In the Username box, type the email address associated with your Azure subscription.
3.
In the Password box, type Pa$$w0rd.
L2-4
Websites and Cloud Services
4.
Select the Remember Me check box, and then click Log In.
Note: If prompted by Internet Explorer to store the password for the website, click Not for this site. 5.
In the Dashboard, click Write your first blog post.
6.
On the Add New Post page, in the Enter title here box, type Welcome to the Adatum Blog.
7.
In the main text box, type Welcome to the Adatum blog.
8.
Click Publish.
9.
Click View Post. Your new post in displayed.
10. Close the current tab in Internet Explorer, and return to the Azure portal tab.
Results: After you complete this exercise, you will have successfully created and configured an Azure website to support WordPress blogs.
Exercise 2: Create a Cloud Service Task 1: Create a Cloud Service
1.
In the Azure portal, click NEW.
2.
Click COMPUTE, click CLOUD SERVICE, and then click QUICK CREATE.
3.
In the URL text box, type a valid unique cloud service name. For example, type AdatumWeb####, where #### is a unique number. If the name is valid and unique, a green check mark is displayed.
4.
In the REGION OR AFFINITY GROUP list, click your local region, and then click CREATE CLOUD SERVICE.
Task 2: Deploy a Cloud Service
1.
In the Azure portal, in the NAME list, click your new cloud service.
2.
In the results pane, click the CONFIGURE tab.
3.
Click UPLOAD A NEW PRODUCTION DEPLOYMENT.
4.
In the Upload a package dialog box, in the DEPLOYMENT LABEL box, type Adatum App ####, (where #### is the same number you typed earlier).
5.
Next to the PACKAGE box, click FROM LOCAL.
6.
Navigate to C:\Labfiles, and double-click AdatumAds.cspkg.
7.
Next to the CONFIGURATION box, click FROM LOCAL.
8.
Navigate to C:\Labfiles, and double-click ServiceConfiguration.Cloud.cscfg.
9.
Select both check boxes, and then click OK .
Note: Deployment begins. This could take 10 to 15 minutes. 10. When deployment is finished, click the SCALE tab.
Microsoft Azure Fundamentals
L2-5
11. Under adatumadswebrole, adjacent to SCALE BY METRIC, click CPU. 12. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. 13. Drag the TARGET CPU slider bar so that the maximum is 90. 14. Under adatumadsworkerrole, adjacent to SCALE BY METRIC, click CPU. 15. Drag the INSTANCE RANGE slider bar right so that the maximum instance(s) value is 4. 16. Drag the TARGET CPU slider bar so that the maximum is 90. 17. Click SAVE. Task 3: Verify a Cloud Service
Note: It might take a few minutes for your website to display. 1.
On the SCALE page, in the navigation pane, click CLOUD SERVICES.
2.
In the list of cloud services, in the URL column, click the URL for your cloud service.
3.
The Adatum Ads webpage displays.
Note: The app is for demonstration purposes and is not completely functional. 4.
Close the Adatum Ads Home Page tab.
5.
Close Internet Explorer.
Results: After you complete this exercise, you will have successfully created, deployed, and configured an Azure Cloud Service.
L3-7
Module 3: Virtual Machines in Microsoft Azure
Lab: Create a Virtual Machine in Microsoft Azure Exercise 1: Create a Virtual Machine from the Gallery Task 1: Select and create a virtual machine
1.
Sign in to the classroom computer.
2.
In Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by using the Microsoft account that is associated with your Azure subscription. Close any initial welcome messages.
3.
At the top right, click your Microsoft account name, and then click Switch to new portal. Then, in the new tab that is opened, close any initial welcome messages for the new portal.
4.
In the bottom left pane, click + NEW.
5.
In the NEW pane, click Windows Server 2012 R2 Datacenter.
6.
In the CREATE VM pane, type server-10979 in the HOST NAME field.
7.
In the USER NAME field, type server-admin.
8.
In the PASSWORD field, type Moc1500!.
9.
Click PRICING TIER, click A2 STANDARD, and then click Select.
10. Click OPTIONAL CONFIGURATION. 11. In the Optional Config pane, click STORAGE ACCOUNT, click Create a storage account, and then in the Storage account pane, review settings and click OK . 12. In the Optional Config pane, click NETWORK , and then in the Network pane, review settings without making changes. In the Network pane, click OK , and then in the Optional Config pane, click OK . 13. In the CREATE VM pane, click Create. 14. Wait for a couple of minutes to allow the virtual machine creation to proceed and the storage to be written to your storage account. Task 2: Verify virtual machine creation
1.
In the left pane, click BROWSE, and then click Virtual Machines.
2.
Ensure that the virtual machine that you created shows a status of Running. If the status is not Running, wait a few minutes until the sta tus changes to Running.
Results: After completing this exercise, you will have created and verified a Microsoft Azure virtual machine.
L3-8
Virtual Machines in Microsoft Azure
Exercise 2: Verify the Functionality of the Virtual Machine Task 1: View the properties of the virtual machine
1.
In the Azure preview portal, click BROWSE in the left navigation pane.
2.
In the Browse pane, click Virtual machines.
3.
In the Virtual machines pane, click server your_initials-10979.
4.
In the server- yourinitials-10979 pane, review available options.
5.
Click HOME.
6.
On the HOME pane, click AZURE PORTAL.
7.
On the Microsoft Azure portal, click VIRTUAL MACHINES.
8.
Click the server your_initials-10979 virtual machine.
9.
Click the DASHBOARD tab and review the available information and settings.
10. Click the MONITOR tab and review the available information about virtual machine performance. 11. Click the ENDPOINTS tab. Review available options for configuring connections to the virtual machine. 12. Click the CONFIGURE tab. Review the available options but do not make any changes to the virtual machine. Task 2: Connect to a virtual machine
1.
In the Azure portal, click your user account in top right corner, and then click Switch to new portal. If the new portal is already open, just switch to Microsoft Azure tab in Internet Explorer.
2.
In the Azure preview portal, click BROWSE, and then click Virtual Machines.
3.
Click the server-10971 virtual machine, and then click CONNECT in the top of the right pane.
4.
In the Internet Explorer notification popup, click Save, and then click Open.
5.
In the Remote Desktop Connection window, click Connect.
6.
In the Windows Security dialog box: a.
In User Name, type server-admin.
b.
In Password, type Moc1500!.
c.
Click OK .
7.
In the Remote Desktop Co nnection window, click Yes.
8.
Navigate around the server configuration and evaluate basic functionality, such as Server Manager and File Explorer.
9.
When finished, click the X in the upper right corner of the Remote Desktop Connection session to disconnect.
10. In the Remote Desktop Co nnection window, click OK .
Results: After completing this exercise, you will have established a connection to the virtual machine.
Microsoft Azure Fundamentals
L3-9
Exercise 3: Attach a Data Disk Task 1: View virtual machine disks
1.
In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.
2.
Ensure that the virtual machine that you created shows a status of Running.
3.
Click the virtual machine that you created earlier.
4.
In the server< yourinitials>-10979 pane, scroll down, and then click the Disks tile.
5.
In the Disks pane, review the available information and ensure that you see only OS DISK .
Task 2: Attach a data disk
1.
In the Disks pane, review the available information and ensure that you see only OS DISK .
2.
Click Attach New.
3.
In the Attach a new disk pane, click STORAGE CONTAINER.
4.
In the Choose a container pane, click CHOOSE STORAGE ACCOUNT.
5.
In the Storage account pane, click server< yourinitials>-10979.
6.
In the Choose a container pane, click CHOOSE CONTAINER.
7.
In the Storage container pane, click vhds.
8.
In the Choose a container pane, click OK .
9.
In the Attach a new disk pane, type 5 in the SIZE (GB) text box, and then click OK .
10. Wait for up to one minute and ensure that in the Disks pane, a new disk with capacity of 5 GB is displayed. 11. Scroll left and in the server< yourinitials>-10979 pane, click CONNECT. 12. In the Internet Explorer notification popup, click Save, and then click Open. 13. In the Remote Desktop Co nnection window, click Connect. 14. In the Windows Security dialog box: a.
In User Name, type server-admin.
b.
In Password, type Moc1500!.
c.
Click OK .
15. In the Remote Desktop Co nnection window, click Yes. 16. After you have signed in to the virtual machine, in the Server Manager console, click Tools, and then select Computer Management. 17. In the Computer Management console, click Disk Management. 18. In the Initialize Disk window, click OK . 19. Review the available disks in the Disk Management right pane, and ensure that you have one OS disk, one temporary disk, and one new disk with capacity of 5 GB. 20. Close the Computer Management console.
Results: After completing this exercise, you will have attached a new disk to a virtual machine.
L4-11
Module 4: Virtual Networks
Lab: Create a Virtual Network Exercise 1: Creating a Virtual Network Task 1: Create a virtual network
1.
Sign in to the Azure management portal on https://manage.windowsazure.com.
2.
In the left navigation page, scroll down and click NETWORKS.
3.
Ensure that there are no virtual networks created.
4.
In the lower left corner of the screen, click NEW. In the navigation pane, click NETWORK SERVICES, and then click VIRTUAL NETWORK .
5.
Click CUSTOM CREATE to begin the configuration wizard.
6.
In the CREATE A VIRTUAL NETWORK Wizard, on the Virtual Network Details page, type VNET1 in the NAME text box.
7.
In the LOCATION drop-down list, click West US. Click the arrow in the lower right corner.
Note: If you do not have West US as available region, choose the region that is closest to you. 8.
On the DNS Servers and VPN Connectivity page, review the available options, but do not make any changes. Click the forward arrow in the lower-right corner.
9.
On the Virtual Network Address Spaces page, in the ADDRESS SPACE section, open the dropdown list under STARTING IP, and then click 192.168.0.0.
10. In the CIDR (ADDRESS COUNT) drop-down list, click /24 (256). 11. In the SUBNETS section, click add subnet and ensure that Subnet-2 is added. 12. Click add address space. In the second address space that is added, open the drop-down list under STARTING IP, and then select 172.16.0.0. 13. In the CIDR (ADDRESS COUNT) drop-down list, choose /16 (65536). 14. Click the checkmark in the lower right corner to finish the wizard and create a virtual network. It will take a few minutes for the network to be created.
Results: After completing this exercise, you will have created a new virtual network.
L4-12
Virtual Networks
Exercise 2: Creating Virtual Machines from the Gallery Task 1: Create a virtual machine
1.
Browse to https://portal.azure.com, click Get Started on the Welcome to Microsoft Azure page, and sign in by using the Microsoft account that is associated with your Microsoft Azure subscription. Close any initial welcome messages, if they appear.
2.
In the bottom left pane, click + NEW.
3.
In the NEW pane, click Windows Server 2012 R2 Datacenter.
4.
In the CREATE VM pane, type Server1 in HOST NAME.
5.
Type server1-admin in USER NAME.
6.
Type Moc1500! in the PASSWORD field.
7.
For the PRICING TIER, ensure that Basic A1 is selected.
8.
Click OPTIONAL CONFIGURATION.
9.
In the Optional Config pane, click NETWORK , and then click VIRTUAL NETWORK .
10. In the Virtual Network pane, under Use an existing virtual network , select VNET1. Click OK on the Network pane, and then click OK on the Optional Config pane. 11. On the CREATE VM pane, click Create. 12. Wait a couple of minutes to allow the virtual machine (VM) creation to finish. Task 2: Create a second virtual machine
1.
In the bottom left pane in the Azure preview portal, click + NEW.
2.
In the NEW pane, click Windows Server 2012 R2 Datacenter.
3.
In the CREATE VM pane, type Server2 in HOST NAME.
4.
Type server2-admin in USER NAME.
5.
Type Moc1500! in the PASSWORD field.
6.
For the PRICING TIER ensure that Basic A1 is selected.
7.
Click OPTIONAL CONFIGURATION.
8.
In the Optional Config pane, click NETWORK , and then click VIRTUAL NETWORK .
9.
In the Virtual Network pane, under Use an existing virtual network , select VNET1. Click OK on the Network pane, and then click OK on the Optional Config pane.
10. On the CREATE VM pane, click Create. 11. Wait a couple of minutes to allow the VM creation to finish. Task 3: Test virtual network connectivity
1.
In the left pane of the Azure preview portal, click BROWSE, and then click Virtual Machines.
2.
Ensure that the virtual machine that you created shows a status of Running. If the status is not Running, wait a few minutes until the s tatus changes to Running.
3.
Click the Server1 VM, and then click CONNECT in the top of the left pane.
4.
In the Internet Explorer notification popup, click Save, and then click Open.
5.
In the Remote Desktop Co nnection window, click Connect.
Microsoft Azure Fundamentals
6.
L4-13
In the Windows Security dialog box, click Use another account and then use following data to connect: o
Type server1-admin in User name.
o
Type Moc1500! in Password.
o
Click OK .
7.
In the Remote Desktop Connection window, click Yes. Minimize Server1 window.
8.
Repeat steps 1 through 7 for the Server2 machine (use server2-admin as the user name).
9.
On the Server1 machine, note the Internal IP value shown on the desktop.
10. Switch to the Server2 machine and note the Internal IP value shown on the desktop. 11. On the Server2, open File Explorer, in the left pane, right click Network and then click Properties. 12. In the Network and Sharing Ce nter window, click Change advanced sharing settings. 13. In the Advanced sharing settings window, under Guest or Public section, below File and printer sharing section, click Turn on file and printer sharing, then click Save changes button. 14. Close Network and Sharing Center window. 15. On the Server1 machine, open File Explorer, in the address bar, type \\IPaddressofServer2, and then press Enter.
Note: You should type IP address of Server2 after \\. 16. On the Windows Security window, enter user name: server2-admin and password: Moc1500!, then click OK . Ensure that the server opens (it will be an empty window), which confirms that your servers can communicate via virtual network VNET1.
Results: After completing this exercise, you will have created two new virtual machines and assigned them to VNET1.
Open the Azure management portal at https://manage.windowsazure.com.
2.
In the left navigation page, click NETWORKS.
3.
In the central pane, click VNET1.
4.
Click the CONFIGURE tab.
5.
In the point-to-site connectivity section, click the option Configure point-to-site connectivity.
6.
Click SAVE in the lower part of the screen, and then click YES.
7.
Wait for a few minutes for the network to be updated.
8.
Click the VNET1 network, and then click the CONFIGURE tab.
9.
Notice that you have options for ADDRESS SPACE available in the point-to-site connectivity section. Ensure that 10.0.0.0/24 is selected.
L4-14
Virtual Networks
10. On your classroom computer machine, open the Developer Command Prompt for VS2012 as administrator. 11. In the command prompt window, type: makecert -sky exchange -r -n "CN=VNET1Cert" -pe -a sha1 -len 2048 -ss My "C:\temp\VNET1Cert.cer", and then press Enter. Do not close the command prompt window. 12. Open File Explorer, navigate to C:\temp, and then ensure that the VNET1Cert certificate file is created. 13. Switch back to the Azure management portal, and then click the CERTIFICATES tab on VNET1 portal. 14. Click UPLOAD A ROOT CERTIFICATE. 15. In the Upload a Certificate window, click BROWSE FOR FILE. 16. In the Choose File to Upload window, browse to C:\temp, select the VNET1Cert file, and then click Open. 17. Click the checkmark icon to upload a certificate. 18. Ensure that the certificate appears in the Azure portal. 19. Restore the command prompt window. Type the following command: makecert.exe -n "CN=VNET1Client" -pe -sky exchange -m 96 -ss My -in "VNET1Cert" -is my -a sha1 . Press Enter. 20. Switch back to the Azure portal, and then, in the VNET1 configuration pane, click the DASHBOARD tab. 21. Click CREATE GATEWAY and when prompted, click YES. Wait until the gateway is created.
Note: This might take up to 15 minutes. 22. In the quick glance section, click Download the 64-bit Client VPN Package. 23. When prompted, save the file to the C:\temp location. The name of the file will be similar to 1c586c97-442b-4c85-9ea6-45a5d0c5d3a1. exe”. Close the warning prompt if it appears. 24. After the file downloads, navigate to C:\temp, right-click the file that you just downloaded, and then click Properties. 25. In the Properties window, click Unblock , and then click OK . 26. Double click the file. In the User Account Control window (if it appears), click Yes. 27. In the VNET1 window, click Yes and wait until the virtual private network (VPN) client installs. 28. On your classroom machine, click the network icon in the taskbar. In the connection pane, click VNET1, and then click Connect. 29. In the VPN client window, click Connect, and then click Continue on the prompt window. 30. Ensure that the connection is established. 31. Open Command Prompt.
Microsoft Azure Fundamentals
L4-15
32. In the Command prompt window, type ipconfig, and then press Enter. 33. Look for the Point-to-Point Protocol (PPP) adapter in the VNET1 section. Ensure that you have the IP address from the 10.0.0.0/24 scope. 34. On your classroom machine, click the network icon in the taskbar. In the connection pane, click VNET1, and then click Disconnect.
Results: After completing this exercise, you will have established a point-to-site connectivity.
L5-17
Module 5: Cloud Storage
Lab: Configure Azure Storage Exercise 1: Create an Azure Storage Account Task 1: Create a storage account in Azure
1.
On the host computer, click Start, and then click the Internet Explorer icon.
2.
In Internet Explorer, browse to the Azure management portal at https://portal.azure.com.
3.
Sign in to your Azure account.
4.
If a welcome window appears, click Get Started to close it.
5.
In the bottom pane, on the left side, click + NEW.
6.
In the New popup menu, scroll down, a nd then click Storage.
7.
In the far right pane, in STORAGE, type 10979s.
Note: Replace with your own initials. For example, if your name is Margo Ayers, then the URL would be 10979sma. If the name is already in use, add a number after your initials until the name is accepted. For the remainder of the demonstrations, use your initials in place of . 8.
Click PRICING TIER. In the Recommend pricing pane, click L1, and then click Select.
9.
Click LOCATION. If the selected location is not the closest location to you, or a location is not selected, click the location closest to you.
10. At the bottom of the Storage account pane, click Create to complete the creation. It might take few minutes for storage account to be created. Task 2: View the properties of your storage account
1.
In the Azure portal, in the left pane, click BROWSE, and then click Storage.
2.
In the Storage pane, click the 10979s storage account.
3.
In the 10979s pane, view the information available on the dashboard.
4.
Near the top of the 10979s pane, click PROPERTIES to view the properties of the storage account.
5.
Review the available properties of your storage account.
6.
Close the Properties pane, and leave the storage pane open.
Results: After you complete this exercise, you will have created your Azure storage.
L5-18
Cloud Storage
Exercise 2: Create and Manage Blobs Task 1: Add a container
1.
In the Storage pane, click Containers.
2.
In the Containers pane, click ADD +.
3.
In the Add a container pane, type 10979c in the NAME text box. If the name is already in use, add a number after your initials until the name is accepted.
4.
In the Access type settings, click Blob, and then click OK to complete the creation of the new container.
5.
Click the X icon in the upper right corner of the Containers pane to close it.
Task 2: Add data to the container using Azure Web Storage Explorer
1.
In the 10979s pane, click KEYS.
2.
In the Manage keys pane, copy the access key shown in PRIMARY ACCESS KEY to the clipboard.
3.
Click the File Explorer icon on the taskbar.
4.
In File Explorer, in the navigation pane, click Documents.
5.
In the right pane, right-click an empty area, click New, and then click Text Document.
6.
In the file name, replace New Text Document with storage-key, and then press Enter.
7.
Double-click storage-key.txt. The file will open in Notepad. In Notepad, paste the access key that you copied to the Clipboard in step 2 into the file.
8.
Click File, and then click Save.
9.
Close Notepad.
10. In the Manage keys pane, click the X to close the pane. 11. In Internet Explorer, press Ctrl+N to open a new browser window. 12. In the Internet Explorer Address bar, type http://azurestorage.azurewebsites.net/login.aspx, and then press Enter. 13. On the Azure Web Storage Explorer page, in Account, type 10979s, paste your access key into the Key box, and then click Enter. 14. Click 10979c. 15. Click Browse. 16. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), doubleclick Windows, scroll down, and then double-click the media folder. 17. Click Alarm01.wav, and then click Open. 18. Click the Upload button to upload Alarm01.wav. 19. Click Browse. 20. In the Choose File to Upload window, double-click Computer, double-click Local Disk (C:), doubleclick Program Files, double-click Internet Explorer, and then double-click the images folder. 21. Scroll down, click splashscreen.contrast-white_scale-180.png, and then click Open.
Microsoft Azure Fundamentals
L5-19
22. Click the Upload button to upload splashscreen.contrast-white_scale-180.png. 23. In the file list, click http://10979s.blob.core.windows.net/10979c /splashscreen.contrast-white scale-180.png, and verify that you see a large Internet Explorer logo graphic display in the browser window. 24. Close Internet Explorer.
Results: After completing this exercise, you will have created a blob container and uploaded the data.
L6-21
Module 6: Microsoft Azure Databases
Lab: Create a SQL Database in Azure Exercise 1: Create a New SQL Database in Azure and Configure SQL Server Firewall Rules Task 1: Create a new SQL database by using the preview Azure portal
1.
Ensure that you are signed in to the classroom computer.
2.
Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and then sign in by using the Microsoft account that is associated with your Azure subscription.
3.
At the top right, click your Microsoft account name, and then click Switch to new portal.
4.
In the Hub vertical menu on the left, click New.
5.
On the New blade, scroll down to and click the SQL Database entry.
6.
In the SQL database blade, in the NAME box, type testDB.
7.
Click the PRICING TIER section, click the B Basic pricing tier, and then click Select.
8.
Click SERVER, and then in the Server blade, click Create a new server.
9.
In the New server blade, enter the following settings, and then click OK : o
SERVER NAME: Any valid unique name
o
SERVER ADMIN LOGIN: Student
o
PASSWORD: Pa$$w0rd
o
CONFIRM PASSWORD: Pa$$w0rd
o
LOCATION: Any available region
10. In the SQL database blade, click RESOURCE GROUP, and then in the Resource group blade, click Create a new resource group . 11. In the Resource group blade, in the NAME box, type testRG, and then click OK . 12. In the SQL database blade, ensure that Add to Startboard is selected, and then click Create. Then wait for the SQL Database to be created. Task 2: Configure a SQL Server firewall rule by using Azure portal
1.
In Internet Explorer, switch to the tab containing the Azure portal.
2.
In the service pane on the left, click SQL DATABASES, and then verify that the testDB database you created in the new portal is listed.
3.
On the sql databases page, click SERVERS, and then verify that the uniquely named server you created in the previous task is listed.
4.
Click the server name, and then click CONFIGURE.
5.
Note the CURRENT CLIENT IP ADDRESS, and click the ADD TO THE ALLOWED IP ADDRESSES icon. At the bottom of the page, click Save.
L6-22
Microsoft Azure Databases
6.
Click the new allowed ip addresses entry and change it to a more descriptive name that will allow you to identify it in the future.
7.
At the bottom of the page, click SAVE.
Results: After completing this exercise, you should have created a Microsoft Azure SQL Database named testDB on a new server with a name of your choice. You will have also configured Microsoft SQL Server firewall rules in Azure, which allow connectivity from your on-premises management tools and applications to the newly created SQL database in Azure.
Exercise 2: Add Data to a SQL Database in Azure by Using SQL Server Management Studio Task 1: Add a table to a SQL database in Azure by using SQL Server Management
Studio 1.
On your classroom computer, start SQL Server Management Studio, and in the Connect to Server dialog box, specify the following settings (replacing server_name with the unique name you specified when creating your SQL Database server), and then click Connect: o
Server type: Database Engine
o
Server name: server_name.database.windows.net
o
Authentication: SQL Server Authentication
o
Login: Student
o
Password: Pa$$w0rd
2.
In SQL Server Management Studio, in Object Explorer, under the server name, expand Databases, and then verify that the testDB database is listed.
3.
Expand the testDB database, right-click its Tables folder and then click New Table.
Note: This opens a Transact-SQL template that you can use to create a table. SQL Server Management Studio has no graphical tools for creating SQL database objects in Azure. 4.
Replace all Transact-SQL code in the template with the following code. CREATE TABLE dbo.testTable ( id integer identity primary key, dataval nvarchar(50) ); GO
5.
On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click Execute.
6.
In Object Explorer, expand the Tables folder and verify that dbo.testTable is listed (if not, right-click Tables and click Refresh).
7.
Leave the SQL Server Management Studio open for the next task.
Microsoft Azure Fundamentals
L6-23
Task 2: Add data to a table of a SQL database in Azure by using SQL Server
Management Studio 1.
Click New Query and enter the following Transact-SQL code in the new query pane. This code inserts 100 rows containing automatically generated globally unique identifier (GUID) values into the table. INSERT INTO dbo.testTable VALUES (newid()); GO 100
2.
On the toolbar, in the Available Databases list, ensure that testDB is selected. Click Execute.
3.
Leave the SQL Server Management Studio open for the next task.
Task 3: Query a table of a SQL database in Azure by using SQL Server Management
Studio 1.
In Object Explorer, right-click dbo.testTable, point to Script Table as, point to SELECT To, and then click New Query Editor Window. This generates a Transact-SQL query that retrieves data from the table.
2.
On the toolbar, in the Available Databases list, ensure that testDB is selected, and then click Execute.
3.
View the query results and verify that a table of id and dataval values is returned.
4.
Close SQL Server Management Studio and Internet Explorer.
Results: After completing this exercise, you should have created a test table in the SQL database in Azure named testDB on an existing SQL Server in Azure with a name of your choice, populated it with sample data, and queried its content.
L7-25
Module 7: Azure Active Directory
Lab: Create Users in Azure Active Directory Exercise 1: Create an Azure AD Directory Task 1: Create an Azure AD directory
1.
Start Internet Explorer, browse to http://azure.microsoft.com, click Portal, and sign in by using the Microsoft account that is associated with your Azure subscription.
2.
In the navigation panel on the left, click ACTIVE DIRECTORY.
3.
Click +NEW.
4.
Click DIRECTORY.
5.
Click CUSTOM CREATE.
6.
In the Add directory dialog box, enter the following settings, and then select the Complete check box: o
DIRECTORY: Create new directory
o
NAME: Adatum
o
o
DOMAIN NAME: Use the same name as the NAME field + random numbers (e.g. adatum123456); if you see a The domain is not unique message, change the numbers until you see a green checkmark. COUNTRY OR REGION: United States
Results: After completing this exercise, you will have created a new Microsoft Azure Active Directory (Azure AD) directory by using Azure Portal.
Exercise 2: Create Users in Azure Active Directory Task 1: Create users in an Azure AD directory
1.
Click Adatum.
2.
Click USERS.
3.
Click ADD USER.
4.
In the Tell us about this user dialog box, enter the following settings, and then click Next:
5.
o
TYPE OF USER: New user in your organization
o
USER NAME: deanna
In the user profile dialog box, enter the following settings, and then click Next: o
FIRST NAME: Deanna
o
LAST NAME: Ball
o
DISPLAY NAME: Deanna Ball
L7-26
Azure Active Directory
o
ROLE: User
o
Enable Multi-Factor Authentication: Not selected
6.
Click create.
7.
On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription.
8.
Select the Complete check box.
9.
Click ADD USER.
10. In the Tell us about this user dialog box, enter the following settings, and then click Next: o
TYPE OF USER: New user in your organization
o
USER NAME: kari
11. In the user profile dialog box, enter the following settings, and then click Next: o
FIRST NAME: Kari
o
LAST NAME: Tran
o
DISPLAY NAME: Kari Tran
o
ROLE: Global Administrator
o
ALTERNATE EMAIL ADDRESS: type the email address of your Azure subscription
o
Enable Multi-Factor Authentication: Not selected
12. Click create. 13. On the Get temporary password page, note the value for NEW PASSWORD; as a backup, in the SEND PASSWORD IN EMAIL box, type the email address of your Azure subscription. 14. Click Complete (check mark). Task 2: Add a Microsoft account to an Azure AD directory
1.
Click ADD USER.
2.
In the Tell us about this user dialog box, enter the following settings, and then click Next:
3.
4.
o
TYPE OF USER: User with an existing Microsoft account
o
USER NAME: type the name of an existing Microsoft account that the instructor provided
In the user profile dialog box, enter the following settings, and then click Next: o
FIRST NAME: Leave blank
o
LAST NAME: Instructor
o
DISPLAY NAME: Instructor
o
ROLE: User
Click the checkmark in the lower right corner of the user profile dialog box.
Microsoft Azure Fundamentals
L7-27
Task 3: Configure a user account as a Global Administrator of an Azure AD directory
1.
In the Adatum directory, on the USERS tab, in the DISPLAY NAME column, click the Instructor entry.
2.
Make sure that the content of the PROFILE tab is displayed. Scroll down to the role section.
3.
In the ORGANIZATIONAL ROLE list box, select Global Administrator.
4.
Click SAVE.
5.
Click the left arrow in the navigation pane to return to the main page of the Adatum Azure AD directory.
Task 4: View Azure AD directory users and administrators
1.
Ensure that the USERS tab of the Adatum Azure AD page is selected.
2.
Note that this allows you to view the list of user display names, user names, and the account type, which in our case, should include Windows Azure Active Directory or Microsoft Account.
3.
To view all members of built-in Azure AD organizational roles, click MANAGE MULTI-FACTOR AUTH.
4.
If prompted to sign-in, on the Sign-in page, sign in by using the Microsoft account that is associated with your Azure subscription.
5.
On the multi-factor authentication page, note that, by default, you can see all Sign-in allowed users.
6.
In the View drop-down list, select Global Administrators.
7.
Verify that you can see all users that have been assigned the Global Administrator role.
8.
Close Internet Explorer.
Results: After completing this exercise, you will have used Azure Portal to create an Azure AD directory user account, add a Microsoft Account to Azure AD directory and configure it as a Global Administrator, and view the results of these actions.
L8-29
Module 8: Microsoft Azure Management Tools
Lab: Using Microsoft Azure Management Tools Exercise 1: Use the Azure PowerShell Modules Task 1: Install the Windows PowerShell Azure module
1.
If necessary, sign in to your local computer.
2.
Open Internet Explorer and navigate to http://azure.microsoft.com/en-us/downloads/.
3.
On the Downloads webpage, under Command-line tools, locate Windows PowerShell.
4.
Beneath Windows PowerShell, click Install.
5.
When prompted Do you want to run or save WindowsAzurePowerShell.3f.3f.3fnew.exe , click Run.
Note: The actual filename might vary. 6.
If prompted by User Account Control, click Yes.
7.
In the Web Platform Installer 5.0 Wizard, click Install.
8.
In the Web Platform Installer 5.0 dialog box, click I Accept.
9.
When the installation is complete, click Finish. Leave the Web Platform Installer 5.0 window open.
Task 2: Connect to your Azure subscription
1.
On the task bar, right-click Windows PowerShell and click Run ISE as Administrator. Click Yes when prompted.
2.
In the PowerShell ISE, in the command prompt pane, enter the following command to add an Azure account to the local PowerShell environment. Add-AzureAccount
3.
When prompted, sign in by using the Microsoft account associated with your Azure subscription.
Task 3: Use Azure PowerShell Cmdlets
1.
In the Windows PowerShell ISE, in the command prompt pane, enter the following command to view the Azure accounts in your local Windows PowerShell environment, and verify that your account is listed: Get-AzureAccount
2.
Enter the following command to view the subscriptions that are connected to the local PowerShell session, and verify that your subscription is listed. Get-AzureSubscription
L8-30
Microsoft Azure Management Tools
Note: If you have more than one subscription, you must select the Azure Pass subscription. Run the following command: select-azuresubscription -subscriptionName "Azure Pass" 3.
Enter the following command to create a new website. Substitute the #### with a random number. New-AzureWebsite MySite####
4.
Enter the following command to view your new website. Substitute the #### with the number you used in step 3. get-AzureWebsite MySite####
5.
Do not close the Windows PowerShell ISE.
6.
In Internet Explorer, open a new tab and browse to http://azure.microsoft.com, click Portal, and then sign in using the Microsoft account that is associated with your Azure subscription.
7.
In the navigation pane on the left, click WEBSITES, and verify that your new website has been created.
8.
Close the portal tab, but leave Internet Explorer open.
Results: After you complete this exercise, you will have successfully installed and used the Windows PowerShell module for Microsoft Azure.
Exercise 2: Use the Azure Cross-Platform Command-Line Interface Task 1: Install the Microsoft Azure Cross-platform command-line tools
1.
Switch to the Web Platform Installer 5.0 window.
Note: If you accidentally closed the Web Platform Installer 5.0 window, switch to Start, and then click Web Platform Installer 5.0. 2.
In the list, next to Microsoft Azure Cross-platform Command Line Tools , click Add, and then click Install.
3.
In the Web Platform Installer 5.0 dialog box, click I Accept.
4.
When the installation has completed, click Finish.
5.
In the Web Platform Installer 5.0 window, click Exit.
Task 2: Use the Microsoft Azure cross-platform command-line tools
1.
Switch to Administrator: Windows PowerShell ISE.
2.
At the command prompt, type the following command, and then press Enter. This command downloads the credentials needed to connect to your Azure subscription. Azure account download
Note: If you are prompted, sign in to your Azure subscription.
Microsoft Azure Fundamentals
L8-31
3.
Internet Explorer is opened and you are prompted to download a file. This is your published settings file. Click the down arrow next to Save, and then click Save As.
4.
In the Save As dialog box, in the navigation pane, double-click Local Disk (C:), double-click Labfiles, and then click Save.
5.
Switch to Administrator: Windows PowerShell ISE.
6.
At the command prompt, type the following command. This command imports the credentials needed to connect to your Azure subscription.
Note: When you type C:\labfiles\, Intellisense prompts you to select a file. Click the file you created earlier and press Tab.
Azure account import C:\labfiles\
7.
Press Enter to complete the import command.
8.
At the command prompt, type the following command, and then press Enter. Azure site list
9.
At the command prompt, type the following command, and then press Enter. Substitute the #### with the number you used in the last lesson to create your website. Azure site stop MySite####
10. At the command prompt, type the following command and then press Enter. Substitute the credentials you use to connect to your Azure subscription. Azure logout
account for
account
Note: If you receive an error, continue. 11. Close all open windows and applications.
Results: After completing this exercise, you will have successfully installed and used the Microsoft Azure cross-platform command-line tools.
