Category: Azure

Getting Comfortable with Azure Virtual Networks and DHCP

One of the great features of Azure IaaS is being able to extend your existing internal network to the cloud over a site-to-site VPN. You can bring your own IP addresses, but remember, the devil is always in the details. Or rather, knowledge is power!

Azure IaaS supports the standard private IP network ranges – 10.x, 172.x and 192.x – so you can easily give your Azure network a range that is comparable to the network range you are using in your data center.

However, Azure expects all guests to receive their IP address via DHCP. This took me a bit to grow comfortable with, as I spent years in smaller datacenters were each server was lovingly assigned an IP address that had been selected from a master spreadsheet. (Old school, I know!)  My favorite servers were given “choice” addresses with easy to remember numbers.

But networking is changing and we must change with it, so I’m becoming more comfortable with having less control over the particular address assigned to a given machine. This is key thinking when it comes to network virtualization.  By abstracting away some of the nuts and bolts of the network, the ability to be more flexible is introduced – which is good.  Someone I was talking to at a conference recently compared it to the adoption of IPv6.  IPv6 addresses are so long you would never statically assign them to a machine, that is all automated.

But, can I give my Azure VM a static address? Well, lets just say nothing is stopping you. You can go into your VM IP settings and do whatever you want.  But the risk of introducing a future IP address conflict is high and you will eventually lose the ability to connect to your VM.  Azure expects to get periodic DHCP renewal requests and when those stop the Azure fabric will remove that IP as active and stop forwarding traffic to it. There is no way to connect to the “console” of your Azure VM, so lost remote access to a machine due to an addressing issue will make for a very unhappy day.

Let’s say my internal network for my servers is 192.168.10.x/24.  I have two basic options for my Azure network:

  1. Configure 192.168.10.x/24 in Azure, with a subnet for 192.168.10.128/25. I would need to make sure that everything in my physical datacenter was assigned IPs in the beginning half of the range, leaving 192.168.10.128 – 192.168.10.255 under Azure control. Azure also grabs a few other address out of the range for internal use, so I’d likely want to make sure I wasn’t using those in my physical network either. I think this option is messy and prone to errors. Also, I’m sure someone who does networking configuration all day will tell me it makes them cringe for more than one reason.
  2. Create an different address range for Azure and make sure my internal switching gear is set up to route to it, like 192.168.20.x/24.  This would allow me to use a numbering scheme that makes sense within my organization, but also makes it easy to quickly identify resources that are internal vs. Azure based.

Keep in mind that any server in Azure will be assigned a persistent private IP address from your range with an infinite lease time, so if you are worried about domain controllers or other servers where the current “best practice” is to have a static assigned address, you can relax.  The only time a machine would loose it’s IP lease is when it’s in the “Stopped – Deallocated” state.

Finally, keeping with my “plan twice, create once” mantra, once your add a machine to an Azure network, you can only make limited changes – like adding new subnets or adjusting subnets that are not yet used.

For more information visit the Windows Azure Virtual Networks Overview.

The Not So Black Box: Azure Cloud Service

You’ve probably been virtualizing things on-premise for a while now and it’s pretty straightforward.  You spin up a VM, connect it to a network much like a physical machine, configure it as you need it and go on your way.  Depending on it’s role you might configure  your perimeter firewall so that it has some ports open on an Internet routable IP address.

And that pretty much sums it up. In Azure, a lot of that is same.  Except for the whole “Cloud Service” thing. A Cloud Service is a key part of the Azure fabric and if you’ve been working with PaaS for a while, it’s likely very familiar.  But if you are coming from the data center, it’s a new idea. Or at least, it was for me.

If you’ve taken one of the free Azure IT Camps or gotten a similar presentation on Azure IaaS you’ve likely seen this graphic:

image
What this shows is that a cloud service is a container that holds your VM.  This container is the “steward” of several key components that make your server room in the cloud work. A cloud service holds an external IP address and unique DNS name, is tied to a physical location in the Azure global fabric and acts as a firewall boundary.

You can create a cloud service first and add a VM to it, or you can create a VM and a matching cloud service will be made for it.  I prefer making the cloud service first (and I’ll explain why) but first, let’s break those things down:

  • Physical Location – When you create a cloud service, it’s tied to one of Microsoft’s eight worldwide data centers.  They are grouped in pairs (US – West Coast, US – East Coast, Europe and Asia).  At minimum, you must select the region your cloud service lives in.
  • DNS Name – Each cloud service has an external DNS name in the cloudapp.net name space. By default, creating a VM will automatically create a cloud service with a matching external DNS name, if the DNS name is available.  (If not, you’ll be prompted to name it differently.) The DNS name does not have to be the same as the server name.

Up to 50 VMs can live inside a single cloud service, so if you are using a cloud service to host some servers for a website, you might want your external DNS name to be something meaningful for the service those servers provide.

image
For example, only one cloud service is needed for “mywebsite.cloudapp.net”, but inside it contains four servers that are all available to service requests to the same site.

  • External IP Address – Once your cloud service is populated with at least one running VM, it will be assigned an external IP address.  This address has a lifetime lease, however I recommend using the DNS name as the best way to reference the service from other systems.
  • Firewall Boundary – The cloud service is used as the boundary where all the input endpoints are opened so you can access the VMs within it using the protocols of your choosing.  By default, RDP and Powershell is open for Windows operating systems, but this is all configurable by either using the Azure portal or via Powershell. Depending on what service you’ll be providing, you’ll need to open other ports.

Now, why do I like making an empty cloud service first?

Because it allows me to create the *.cloudapp.net DNS name separate from the machine creation process and think about how I want my VMs and applications to be grouped and accessible BEFORE I get started spinning up machines. Whenever I’m creating a cloud service in conjunction with VM creation, I nearly always end up with a DNS name I don’t like. 

Creating VMs in Azure is an almost trivial task, but the placement of them isn’t, so taking the time to understand cloud services, endpoints and other factors before getting down the business of creating VMs is something I consider a personal best practice. 

Azure doesn’t allow for name and location changes once a cloud service or VM is created, so correcting that requires deleted your work and starting over.  I’m crossing my fingers that some basic edits are built into Azure in the future, but for the moment, I like to “plan twice, create once!”

Pieces of Azure

Once upon a time, a very short time ago, I had a data center of my very own. If you’ve read this blog often enough, you know that before I joined Microsoft I was part of a NetOps team that had it’s own little server room.  We had some applications and servers that were still stand-alone on physical hardware, lots more servers virtualized on VMware.  Cables and VLANs and a phone system… all the usual stuff.

Also once up a time, several years before, Microsoft started talking about Azure.  And I looked at it with curiosity and saw that it was all platform-as-a-service geared toward mostly Developers.
And then my brain tuned out.

Click! Back to the things that mattered to my data center.

And then, not so long ago, Microsoft started talking about IaaS in Azure. It started to seem more relevant to me, so I started to look closer. And now I’m working for Microsoft and I’ve been learning a lot more about Azure IaaS. And I realize that if I was still sitting outside my server room door, Azure would probably be one of the things topping my list of projects.  It’s THAT relevant.

But coming from a “classic” data center mindset, there are bits of Azure that take a moment to get your head around.  A little shift of thinking.  Because there are some things I was really comfortable with in my data center that Azure just doesn’t do the same way.

Check back tomorrow when I touch on Cloud Services, the first thing in my list of high level Azure concepts that I’m learning to love.

Virtualization Strikes the Bay Area

I’m serious, you can’t turn around without finding yourself in range of an upcoming event around virtualizing your datacenter.

If you missed the free Azure IT Camp in San Francisco on September 5th, you can join me in Mountain View on October 8th from 9-4pm. Register at www.technetevents.com. 

Also in October, PacITPros will be bringing Steve Evans and Nick Hawkins back for a full TechDay of “Hyper-V in the Real World”. This low cost event ($99) doesn’t pull any punches and gives you the lowdown on how to use Hyper-V effectively in your datacenter. Register at www.techdays.org.  Stay tuned for a two-day Hyper-V TechDays event in mid-November, as well.

Sadly, the October PacITPros meeting is cancelled for October.  There is a perfect storm of calendaring events that have Doug, Ed, Jochen and I all out of town.  Hope to see you on October 11th instead.

Azure IT Camp – Mountain View – October 8th – Be There!

Would you rather learn about Azure in October? The Azure IT Camp is also being held in Mountain View, CA on October 8th. This one is extra special, because I’ll be presenting!

Agenda Topics will include:

  • Azure Storage
  • Azure Virtual Networks
  • Azure Virtual Machines
  • Managing and Monitoring Azure
  • Hands On Lab: Building a Test/Dev Farm in the Cloud (SharePoint Farm)

For dates, locations and to register, visit www.technetevents.com

Thoughts on VMworld

As promised, I’ve been formulating some closing thoughts about my first VMworld conference.

Overall, it was a fun experience. Going to conferences “at home” always prove to be more difficult logistically than going out of town. I was still on the hook for some of my morning and evening home responsibilities, so I didn’t attend many of the evening events or the concert at AT&T Park. A bit bummed to have missed Imagine Dragons and Train, so maybe next time!

I can’t say I was a big fan of the system where you registered for a seat in sessions. While I could see this being a boon for the event planners, it was frustrating as an attendee. I had difficulty deciding if I wanted to try to get into other sessions as “stand by” and risk giving up a registered seat elsewhere.  While not a big deal on the first day, as the conference progressed I found that my interests changed and I wanted more freedom in attending other sessions.

Also, I found that many of the sessions weren’t very technical. I admit I did attend a few “business solutions” level sessions to get an overview of some of the topics I wasn’t very familiar with, but even the “technical” and the “advanced technical” left me wishing for a bit more meat.

I attended sessions mostly around NSX, vCloud Hybrid Service and VSAN. With all of these technologies, VMware is clearly looking to make it as easy as possible for existing companies already virtualizing on VMware to embrace making their datacenters more automated. None of the ideas are “net-new” and many of the vendors that were in the Solutions Exchange area already have products that are functioning in that space or providing similar features, but I can understand why VMware would want to be able to provide similar technology options to their customers directly. I spent some time chatting with some vendors and the attitude was cordial, but at the same time it was clear that many will just be waiting to see if VMware can prove themselves in the market.

Looking at NSX, Windows Network Virtualization capabilities that are included in Windows Server 2012 and System Center 2012 SP1 compare directly with the VMware offering. In the R2 release (coming October 18th) it’s been extended to include a free network virtualization gateway in Windows Server 2012 R2 and integrate top-of-rack network switch configuration and remediation. Also in the R2 release, there is full support with the Cisco Nexus 1000V while using network virtualization.

With regards to vCloud Hybrid Services, VMware seems to be directly targeting customers who are looking at using AWS for public cloud. By making it easy to move virtual machines into vCloud instead of AWS, they are open to capture companies that have lots of VMware infrastructure in place and are just starting to look at utilizing public cloud services. A marketing message that I got from the Solutions Exchange show floor was that AWS was a great “playground” for developers, but production level applications belonged in your datacenter and then scaled to the vCloud.

However, with less than a half-dozen US-only datacenter locations mentioned for vCloud, I can’t see the solution being a suitable for companies looking for a more global footprint. Right now, Windows Azure has eight datacenters in the US, Europe and Asia, with and additional 6 centers in the works for Japan, Australia and mainland China. Azure is available for use by customers in 89 countries and territories.

VSAN is offering some compelling features for pooling storage from multiple disk locations and using different tiers of storage like SSD and traditional spindles to provide a virtualized storage solution. Without reinventing the wheel, I found a few interesting links on the web that you might want to reference for more information about how it works (also here) and some products it could compete with.

From Microsoft, there is the StorSimple product which allows you to use an appliance to introduce tiered storage levels as well as connect to the cloud for an additional level of storage. For an option that doesn’t require an appliance, Storage Spaces was introduced with Windows Server 2012 and will be updated with additional features in Windows Server 2012 R2.

Overall, I really enjoyed the opportunity to attend VMworld and take the time to see what other product and offerings are going to be “on the menu” for IT Professionals working to make their datacenters more streamlined and cost effective.  For more detailed information about how Microsoft and VMware compare and contrast, make sure you check out the IT Evangelist Blog Series – “VMware or Microsoft?”

Windows Azure Camps for IT Pros – In September, Near You

Ready for more Azure? Single day “IT Camps” on Windows Azure are being held in various locations across the US during the month of September.  Depending on locations, seating could be limited.

Agenda Topics will include:

  • Azure Storage
  • Azure Virtual Networks
  • Azure Virtual Machines
  • Managing and Monitoring Azure
  • Hands On Lab: Building a Test/Dev Farm in the Cloud

For dates, locations and to register, visit www.technetevents.com.  I’ll be presenting in the SoCal locations at the end of the month.

On the Heels of VMworld!

Today, I’m playing catch up, which always happens after a multi-day conference. I always think I’ll have enough downtime during the conference to keep my inbox and to-do list under control, but it never happens.

I do have an official “post-VMworld” post brewing in my head (vCloud, VSAN, NSX, oh my!) but first here is a couple Azure and Hyper-V related events that are coming up soon, really soon!  Both events will be held in the San Francisco Microsoft office.

PacITPros September Meeting (9/3, 6pm) – Hyper-V in the Real World!  Join Steve Evans and Nick Hawkins as they give a preview of a day long class they will be doing in October. Please be sure to RSVP if you’ll be attending.

Cut past the hype and let’s talk about the real world design decisions you need to make when building your Hyper-V infrastructure. We won’t just prescribe the solution, but talk through the decisions and the pros and cons of the different options. The event will cover networking, storage, management and lessons learned.

** If you want more than an hour of Hyper-V, consider the full day event on October 11. It’s $99. **

Azure IT Camp (9/5, 8:30am – 4pm) – Discover Key Hybrid Cloud Solutions for IT Pros. Late notice I know, but the Azure IT Camp has some extra seats available and you are welcome to them!  One of my IT Pro Evangelist colleagues, Brian Lewis, will be presenting. 

You CAN have the best of both worlds! With Windows Azure, IT Pros can easily extend an on-premises network to embrace the power and scale of the cloud – securely and seamlessly. You’ll hear the latest on the Microsoft cloud platform, dive deep into Windows Azure Infrastructure Services, and participate in hands-on labs that demonstrate the power of this on-demand, scalable compute infrastructure. Includes Windows Azure Storage, Virtual Machines and Virtual Networking. If participants complete all of the hands-on labs, they have a fully functional Windows Server 2012 cloud-based test lab running Windows Azure.

Get a Head Start this August… Evaluations, Training and Events

Time flies when you’ve started a new job, let me tell you! I’ve been spending a lot of my days learning new LOB applications, trying to read up on new technologies and brush up on some current technology that I haven’t needed to pay much attention to in the past.  I’ve even booked a slot to take my next certification exam, Upgrading your MCSA to Windows Server 2012.

So what am I using for all of that?

Well, I always fall back to books and articles on TechNet, but this time around I’m also doing a course on at the Microsoft Virtual Academy.  I’m also going to take the TechNet Virtual Labs  for a spin as well.

I’m also playing around with the previews of Windows 8.1 and Server 2012 R2. You can get download evaluation version of that software and trying it out for yourself. There are a slew of great new features in each of those products that I’m looking forward to seeing in action. If you need a place to spin that stuff up, sign up for your Azure trial.

If you are looking for some in person events, check out my calendar of events in the sidebar. I’ve been trying to fill in dates for some of the events coming up this summer. Here are some highlights for August:

Now, back to work for me!