Azure Hands-on Lab (HOL) Build your Infrastructure in the Cloud using Windows Azure Infrastructure Services

Lab Requirements

The following components are required to successfully complete this Hands-on Lab:

• A modern web-browser with HTML5 and Javascript enabled
• Remote Desktop Client connection software
• Internet connectivity
• Microsoft Account (LiveID)
• Azure Account and Credentials

In addition, this hands-on lab guide assumes that lab participants are comfortable with performing the steps involved in implementing Windows Server 2012 R2 and Active Directory in an on-premises datacenter environment. But, if you have questions along the way, feel free to ask today’s presenter for assistance!

Lab Conventions

In this lab, we’ll be using a naming convention of XXX-YYY1, where XXX will be replaced with your unique initials/name and YYY will be replaced with an abbreviation representing the function of a virtual machine or Windows Azure configuration component (ad, fs, db or app).

Let’s Get Started!

In this step-by-step guide, you will learn how to:

• Get Started with Windows Azure Infrastructure Services
• Register a DNS Server in Windows Azure
• Define a Virtual Network in Windows Azure
• Configure Windows Server Active Directory in a Windows Azure VM
• Configure SQL Server 2012 in a Windows Azure VM
• Configure SharePoint Server 2013 in a Windows Azure VM
• Challenge Exercise: Scripted Provisioning with Windows PowerShell

Estimated time to complete: 1 hour, 45 minutes

1. Login to the Windows Azure Management Portal.Login to the web-based Windows Azure Management Portal at http://manage.windowsazure.comOnce you’ve logged in, you should see the main Windows Azure Management portal dashboard.
   On the blue side navigation bar of the Windows Azure Management Portal, you’ll find the options for managing Virtual Machines, Virtual Networks, Storage and Settings in the cloud.  These are the items we’ll be primarily working with in this hands-on lab.
   You may need to scroll the blue side navigation bar up and down to see all of the options.
2. Define a new Windows Azure Affinity Group.Affinity Groups in Windows Azure are used to group your cloud-based services together, such as Virtual Machines, Virtual Networks and Storage, in order to achieve optimal performance. When you use an affinity group, Windows Azure will keep all services that belong to your affinity group running within the same data center as close as possible to each other to reduce latency and increase performance.
   1. Create a new Affinity Group by selecting Settings from the blue side navigation bar in the Windows Azure Management Portal.  You may need to scroll the blue side navigation bar down to see this selection.
   2. On the Settings page, select the Affinity Groups tab on the top navigation bar (you will probably have to scroll down; scroll bar is hidden and can be found by hovering over the right part of the blue NAV pane on the left.
   3. Click the +ADD button on the bottom navigation bar.
   4. On the Create Affinity Group form, enter the following details:Name: Enter a unique name for your new Affinity Group, such as XXX01 (where XXX is replaced with your initials)Description: Affinity Group Name of your choice
      
      Region: Select the “East US” datacenter sub-region.
      Click the  button to create a new Affinity Group.
3. Create a new Windows Azure Storage Account.Virtual Machines that are provisioned in Windows Azure are stored in the world-wide cloud-based Windows Azure Storage service.  In terms of high availability, the Storage service provides built-in storage replication capability – where every VM is replicated to three separate locations within the Windows Azure data center region you select.  In addition, Windows Azure Storage provides a geo-replication feature for also replicating your VMs to a remote data center region.
   1. Create a new Storage account by clicking the +NEW button on the bottom toolbar in the Windows Azure Management Portal and then click Data Services | Storage | Quick Create.
   2. Complete the following fields for creating your Storage account:URL: Enter a unique name for your new storage account, such as XXXstor01 (where XXX is replaced with your initials)Location: Select the Affinity Group you created above.
      Enable Geo-Replication: By default, this option is selected.  Leave the default option in place.
      Click the checkmark to create your new Windows Azure Storage account.

Exercise 2: Register a DNS Server in Windows Azure

Register the internal IP address that our domain controller VM will be using for Active Directory-integrated Dynamic DNS services by performing the following steps:

1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
3. Click the +NEW button located on the bottom navigation bar and click
   Networks | Virtual Network | Register DNS Server.
4. Complete the DNS Server fields as follows:NAME: XXXdns01DNS Server IP Address: 10.0.0.4
5. Click the REGISTER DNS SERVER button.

Exercise 3: Define a Virtual Network in Windows Azure

Define a common virtual network in Windows Azure for running Active Directory, Database and SharePoint virtual machines by performing the following steps:

1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
3. Click the +NEW button located on the bottom navigation bar and select
   Networks | Virtual Network | Quick Create.
4. Complete the Virtual Network fields as follows:NAME: XXXnet01Address Space: 10.—.—.—
   Maximum VM Count: 4096 [CIDR: /20]
   Location: East US
   DNS Server: Select XXXdns01 – the DNS Server registered above (10.0.0.4).
5. Click the CREATE A VIRTUAL NETWORK checkmark button.

Exercise 4: Configure Windows Server Active Directory in a Windows Azure VM

Provision a new Windows Azure VM to run a Windows Server Active Directory domain controller in a new Active Directory forest by performing the following steps:

1. Sign in at the Windows Azure Management Portal
2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
3. Click the +NEW button located on the bottom navigation bar and select
   Compute | Virtual Machines | From Gallery.
4. In the Virtual Machine Operating System Selection list, select Windows Server 2012 R2 Datacenter and click the button.
5. On the Virtual Machine Configuration page, complete the fields as follows:Version Release Date: Select the latest version release date to build a new VM with the latest OS updates applied.Virtual Machine Name: XXXad1
   

   Size: Small (1 core, 1.75GB Memory)
   Affinity Group/Location/Network: Small (1 core, 1.75GB Memory)
   Tier: Standard
   New User Name: Choose a secure local Administrator user account to provision.
   New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
   Note: It is suggested to use secure passwords for Administrator users and service accounts, as Windows Azure virtual machines could be accessible from the Internet knowing just their DNS.  You can also read this document on the Microsoft Security website that will help you select a secure password: http://www.microsoft.com/security/online-privacy/passwords-create.aspx. Remember, only you have this password so make sure you remember it but protect it.

Click the  button to continue.

1. On the Virtual Machine Configuration page, complete the fields as follows:Cloud Service: Create a new cloud serviceCloud Service DNS Name: XXXad.cloudapp.net
   

   Region/Affinity Group/Virtual Network: Select XXXnet01 – the Virtual Network defined above.
   IMPORTANT: Do not keep the default, do not select the Affinity Group… Select the NETWORK
   Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
   Storage Account: Select the Storage Account defined above.
   Availability Set: Create an availability set
   Availability Set Name: XXXlabad
   Click the  button to continue.
2. On the Virtual Machine Configuration – Endpoints page, click the  button to accept the default firewall endpoint values and begin provisioning the new virtual machine.As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
3. After the new virtual machine has finished provisioning, click on the name (XXXad1) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
4. On the virtual machine Dashboard page for XXXlabad01, make note of the Internal IP Address displayed on this page located on the right-side of the page.  This IP address should be listed as 10.0.0.4.  If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabad01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
5. On the virtual machine Dashboard page for XXXad1, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machineform:File Name: XXXad1-data01Size: 100 GB
   Host Cache Preference: None
   Click the  button to create and attach the new virtual hard disk to virtual machine XXXlabad01.
6. On the virtual machine Dashboard page for XXXad1, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above. Accept authorization message(s)

1. From the Remote Desktop console of XXXad1, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS
   volume.  This volume will be used for NTDS DIT database, log and SYSVOL folder locations. Step-By-Step: Once inside Server Manager, go to Tools (upper right corner menu) then select Computer Management. Inside Computer Management select Disk Management. An “Initialize Disk” window will pop up, make sure the new disk is selected and click OK. Right click unallocated space on Disk 2 and select “New Simple Volume…” Click Next: then Next for the Specify Volume Size. The drive letter should be preconfigured to “F”, click Next: Change the Volume Label to DATA and click Next: Click Finish.
   (it may take a bit to see the drive in computer explorer). Once you see the new F: drive in the upper volume window you can close computer management.
2. Using the Server Manager tool, install Active Directory Domain Services Step-by-Step:
   1. Active Directory domain services is installed by simply adding the role:
   2. In Server Manager, click Manage (upper right corner menu) then click Add Roles and Features to start the Add Roles & Features Wizard.
   3. On the Before you begin page, click Next.
   4. On the Select installation type page, click Role-based or feature-based installation and then click Next.
   5. The current server should already be selected, click Next.
   6. On the Select server roles page, click Active Directory Domain Services, then on the Add Roles and Features Wizarddialog box, click Add Features, and then click Next.
   7. On the Select features page, click Next.
   8. On the Active Directory Domain Services page, click Next.
   9. On the Confirm installation selections page, Turn on the “Restart the destination server automatically if required” check box. On the restart popup alert, select Yes. Then click Install. It could take a few minutes to do the install.
   10. Once installation finishes, Click Close. We will configure AD in the next step.
       
       
3. Promote this server to a domain controller in a new forest with the following parameters:Active Directory Forest name: contoso.com
   Volume Location for NTDS database, log and SYSVOL folders: F:
   Step-By-Step:
   1. Server Manger – Flag (upper right corner near Manage) – Post deployment configuration – Click “Promote this server to a domain controller”
      
      
   2. On the Deployment Configuration page click Add a new forest then type your preferred domain name (eg. contoso.com) for the Root domain name. then click Next
      
   3. On the Domain Controller options page type a secure password and confirm password (you will have to remember this)then click Next.
   4. On the DNS page, click Next (you can ignore the warning)
   5. On the Additional Options page, click Next
   6. On the Paths page, change the C:… paths to F:… then click Next
   7. On the Review Options page click Next
   8. On the Prerequisites Check page, review issues then click install. You can ignore the warnings; the last line should say all prerequisites checks passed successfully.
   9. This will take some time to complete and will reboot your server once complete

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this hands-on lab guide.

Exercise 5: Configure New Machine for File Services in a Windows Azure VM

Provision a new Windows Azure VM to run File Services by performing the following steps:

1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Account.
2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
3. Click the +NEW button located on the bottom navigation bar and select
   Compute | Virtual Machines | From Gallery.
4. In the Virtual Machine Operating System Selection list, select Windows Server 2012 Datacenter and click the  button.
5. On the Virtual Machine Configuration page, complete the fields as follows:Version Release Date: Select the latest version release date to build a new VM with the latest OS updates applied.Virtual Machine Name: XXXfs01
   

   Size: Large (4 cores, 7GB Memory)
   Tier: Standard
   New User Name: Choose a secure local Administrator user account to provision.
   New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
   Click the  button to continue.
6. On the Virtual Machine Configuration page, complete the fields as follows:Cloud Service: Create a new cloud serviceCloud Service DNS Name: XXXfs.cloudapp.net
   

   Region/Affinity Group/Virtual Network: Select XXXnet01 – the Virtual Network defined in Exercise 3 above.
   IMPORTANT: Do not keep the default, do not select the Affinity Group… Select the NETWORK
   Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
   Storage Account: Select the Storage Account defined above.
   Availability Set: Create an availability set
   Availability Set Name: XXXfs1
   Click the  button to continue.
7. On the Virtual Machine Configuration – Endpoints page, click the  button to accept the default firewall endpoint values and begin provisioning the new virtual machine.As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), Starting, and Running (Provisioning).  This will take several minutes. When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
8. After the new virtual machine has finished provisioning, click on the name (XXXfs1) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
9. On the virtual machine Dashboard page for XXXfs1, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.5.If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXfs1, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
10. On the virtual machine Dashboard page for XXXfs1, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machineform:File Name: XXXfs1-data01
    Size: 250 GB
    Host Cache Preference: NoneClick the  button to create and attach the new virtual hard disk to virtual machine XXXlabdb01.
11. On the virtual machine Dashboard page for XXXfs1, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined above.
12. From the Remote Desktop console of XXXfs1, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS
    volume. After formatting this new volume, create the following folders:
    1. Create F:MSSQL folder
    2. Create F:MSSQLDATA folder
    3. Create F:MSSQLLOGS folder
    4. Create F:MSSQLBACKUP folder
    Step-By-Step: Once inside Server Manager, go to Tools (upper right corner menu) then select Computer Management. Inside Computer Management select Disk Management. An “Initialize Disk” window will pop up, make sure the new diskis selected and click OK. Right click unallocated space on Disk 2 and select “New Simple Volume…” Click Next: then Next for the Specify Volume Size. The drive letter should be preconfigured to “F”, click Next: Change the Volume Label to DATA and click Next: Click Finish.
    Once you see the new F: drive in the upper volume window you can close the computer management window and continue.
    Step-By-Step: Click on the Folder on the task bar to open Computer. Double-Click Data (F:) Click Home | New Foldertype MSSQL press Enter. Press Enter again to drill down to the MSSQL folder then repeat the process to create the remaining folders (DATA; LOGS; BACKUP)
13. Using the Server Manager tool, join this server to the (Your domain) contoso.com domain and restart the server to complete the domain join operation. Step-By-Step: Server Manager | Local Server | WORKGROUP | Change… | Domain | contoso.com | OK. Enter your domain credentials (CONTOSOYourUserName) click OK then on Welcome to consoto.com click OK; on restart popup click OK; Click Close on System Properties then click Restart Now on the popup.
14. After the server restarts, connect again via Remote Desktop to the server’s console and login with the local Administrator credentials defined above in Step 5.
15. Open Server Manager and Add File Services Role (more details coming soon)
    1. Add Role
    2. Create Share

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this hands-on lab guide.

Exercise 6: Add RDP Server

Provision a new Windows Azure VM to run Remote Desktop Services by performing the following steps:

1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
3. Click the +NEW button located on the bottom navigation bar and select
   Compute | Virtual Machines | From Gallery.
4. In the Virtual Machine Operating System Selection list, select Windows Server 2012 Datacenter and click the button.
5. On the Virtual Machine Configuration page, complete the fields as follows:Virtual Machine Name: XXXrds1Size: Extra Large (8 cores, 14GB Memory)
   
   Tier: Standard
   New User Name: Choose a secure local Administrator user account to provision.
   New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
   Click the  button to continue.
6. On the Virtual Machine Configuration page, complete the fields as follows:Cloud Service: XXXrds.cloudapp.netRegion/Affinity Group/Virtual Network: Select XXXnet01 – the Virtual Network defined above.
   Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
   Storage Account: Select the Storage Account defined above.
   Availability Set: Create an availability set
   Availability Set Name: XXXrds
   Click the  button to continue.
7. On the Virtual Machine Configuration – Endpoints page, add an additional firewall endpoint for web (HTTP) network traffic by completing the following fields:Name: WebHTTPProtocol: TCP
   Public Port: 80
   Private Port: 80
   Click the  button to begin provisioning the new virtual machine.
   As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
8. After the new virtual machine has finished provisioning, click on the name (XXXrds1) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
9. On the virtual machine Dashboard page for XXXrds1, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.6.If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXrds1, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
10. On the virtual machine Dashboard page for XXXrds1, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined above.
11. In the Server Manager tool, click on Local Server in the left navigation pane and click on the Workgroup option.  Join this server to (Your Domain) contoso.com domain and restart the server to complete the domain join operation. Step-By-Step: Server Manager | Local Server | WORKGROUP | Change… | Domain | (Your Domain) contoso.com | OK. Enter your domain credentials (CONTOSOYourUserName) click OK then on Welcome to consoto.com click OK; on restart popup click OK; Click Close on System Properties then click Restart Now on the popup.
12. After the server restarts, re-establish a Remote Desktop connection to the server and logon with the CONTOSOYourUserName domain user credentials defined earlier in Exercise 4.
13. In the Server Manager tool, click on Local Server in the left navigation pane and select IE Enhanced Security Configuration.  Turn off enhanced security for Administrators and click the OK button.Note: Modifying Internet Explorer Enhanced Security configurations is not good practice for production environments and is only for the purpose of this particular hands-on lab guide.
14. Add Role: Remote Desktop Services (using wizard) – Details coming soon. For now, see instructor for details
15. Close the Remote Desktop session to the server.
16. Test browsing to the following public URL to confirm that you are able to access the Intranet site collection that is configured on SharePoint:URL: http://XXXrds.cloudapp.net
    Credentials: ContosoYourUserName (defined in Exercise 4)

If you are unable to successfully browse to this SharePoint site collection, carefully review Step 6, Step 7 and Step 22 to ensure that you have completed the steps correctly.

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this hands-on lab guide.

Challenge Exercise: Scripted Provisioning via Windows PowerShell

In this exercise, you will install Windows PowerShell scripting to work with Windows Azure Infrastructure Services.

Note: This exercise will require a Windows 7 or later PC to complete. If you are not currently using Windows 7 or later, you may complete this challenge exercise by connecting to the remote desktop of the XXXad1 virtual machine provisioned earlier in this hands-on lab. If you will be using this virtual machine instead of your local PC for this exercise, you will need to turn off IE Enhanced Security prior to attempting to download the Windows Azure PowerShell Module.

1. Download and install the Windows Azure PowerShell Module from the following link location:http://www.windowsazure.com/en-us/downloads/#cmd-line-tools
2. Restart your PC after installing the Windows Azure PowerShell Module.

Lab Completed. Shut down your VMs.

Your functional environment is now complete, but if you’re like me, you won’t be using this lab environment 24×7 around-the-clock.  As long as the virtual machines are running, they will continue to accumulate compute hours against your Windows Azure subscription. Since these are free hours I would like you to keep it running for the rest of the year so we can come back in Jan and review the compute cycles and the charges. Then in Jan, go ahead and shut them down when not needed.

To preserve your compute hours for productive lab work, be sure to shut down each VM from the Windows Azure Management Portal when not in use. (Virtual Machines – Click on the status of the machine, then click Shut Down). After each VM is successfully shutdown, the status of each VM will be listed in the portal as “Stopped (Deallocated)” and compute charges will not accumulate for VMs in this state. You should shutdown in the following sequence: XXXrds1, XXXfs1, XXXAD1. You may get a message: “If you continue, the IP addresses that were assigned to this virtual machine will be released. Are you sure you want to shut down virtual machine that the IP addresses assigned to the machine will be released.” This is fine. A new IP address will be assigned when it is brought back online. Also, you should make sure each machine shuts down completely before you start the shutdown of the next.

When you start the machines up again (Virtual Machines – Click on the status of the machine, then click Start), you will want to start them in reverse order. Start XXXAD1, then XXXFS1, then finally XXXrds1. You should make sure that each machine is up and running before you start the next.

NOTE: It is important to shut down the VMs from the Windows Azure Management Portal to properly de-allocate compute resources and prevent compute charges from accumulating. If you shutdown VMs from within the Guest OS, the VMs will be placed in a “Stopped” state where compute resources are not de-allocated and compute charges in this state will still apply.

Additional Resources

Congratulations! You’ve completed this Hands-on Lab for Building a infrastructure using Windows Azure Infrastructure Services.

If you enjoyed this Hands-On Lab, be sure to check-out our full set of Cloud Step-By-Step Guides for building other common hybrid cloud scenarios at:

• Cloud Labs Step-by-Step Guideshttp://aka.ms/CloudLab
• Guided Hands-On Lab: Build a Cross-Premises Site-to-Site VPNhttp://aka.ms/VNetCloudLab
• Guided Hands-On Lab: Migrate VMs from VMware to Windows Azurehttp://aka.ms/VMWCloudLab
• Guided Hands-On Lab: Migrate VMs from Amazon AWS to Windows Azurehttp://aka.ms/AWSCloudLab
• Guided Hands-On Lab: Orchestrate Private Cloud Failover with Windows Azure Hyper-V Recovery Managerhttp://aka.ms/HVMCloudLab
  
• Build Your Private Cloud in a Monthhttp://aka.ms/BuildYourCloud