my personal blog about systemcenter

All posts in Windows Azure Pack

VMM 2012 R2 UR4 no more SQL scripts after install

Categories: Hyper-V, Virtual Machine Manager, VMM, Windows Azure Pack
Comments Off on VMM 2012 R2 UR4 no more SQL scripts after install

Update Rollup 4 for System Center 2012 R2 Virtual Machine Manager

Important Before Update Rollup 4, you had to run an SQL script after you installed an update package to make sure Update Rollups function correctly. As of Update Rollup 4, this step is no longer required.

http://support2.microsoft.com/kb/2992024

Besides all the great fixes we no longer need to run SQL scripts manually

YEAH , so many missed this requirement

You can help shape the future of Windows Azure Pack

Categories: Hyper-V, Windows Azure Pack, Windows Server 2012 R2
Comments Off on You can help shape the future of Windows Azure Pack

The Product Group opened a feedback for Windows Azure Pack :) Sign Up and Vote

 

Windows Azure Pack delivers Microsoft Azure technologies for you to run inside your datacenter. It offers rich, self-service, multi-tenant services and experiences that are consistent with Microsoft’s public cloud offering.

You can help shape the future of Windows Azure Pack. The Windows Azure Pack team has created a user voice site where you can post feature suggestions and vote on the suggestions of others.

You can find the Azure Pack user voice site here http://feedback.azure.com/forums/255259-azure-pack

 

02 Vote for exisiting idea

Sign up and check for duplicate ideas and post a new idea

03 Post new idea

Describe the new idea

 

01 General

And vote for new ideas

Monitoring Site to Site Connection Windows Azure Pack

Categories: Azure, Hyper-V, Operations Manager, VMM, Windows Azure Pack, Windows Server 2012 R2
Comments Off on Monitoring Site to Site Connection Windows Azure Pack

 

In Windows Azure Pack we can create NAT rules and Site 2 Site VPN connections.

The Gateway servers handles the connection and we have them monitored with Operations Manager

But from a operations point of view more info is always better

But due to the Network Virtualization we just cant push a agent to the server

So for each of our gateway clusters we created a VM in our Windows Azure Pack Portal and another VM behind a Site 2 Site VPN

 

image

So on our network we have created a Site to Site VPN

image

and after creating the Site to Site VPN tunnnel we can verify that we can ping a VM on the other side of the tunnel

and verify internet connection though a ping against a google dns server

 

Next step was to issue a SCOM Certificate from our CA server

image

 

 

image

 

Setup a host file so the Virtual Machine can find its way home to the operations manager server

And ensure that only each VM used for the probe can access the Operations Manager server though firewall rules

 

image

We then need a rule so the Operations Manager server can contact the agent on the VM

 

We then install the Operations Manager agent run the momcert import tool and points to our certificate

And after that we approve the agent in the Operations Manager Console

image

We then can setup a ping rule with the worlds best management pack from our friends at OpsLogix

 

image

And after a few minutes we can see the management pack in action and we can monitor our Site to Site connection

 

image

 

And to test if our endpoint stops responding we power off the VM used for the probe , we could have used internal interface of the firewall

but targeting a VM also lets us know that the basic infrastructure is alive

 

image

and after our threadshold is reached we can see that our endpoint is down and we can react

 

This is a very crude monitoring that works for the basic task of probing the Site to Site functionality

Additional montoring though logs and events on the gateways is also needed but this gives it the basic functionality of the gateway service

Creating NAT Rules though VMM dont show in Portal

Categories: Hyper-V, Virtual Machine Manager, VMM, Windows Azure Pack, Windows Server 2012 R2
Comments Off on Creating NAT Rules though VMM dont show in Portal

Using the Windows Azure Pack Service Management Portal we ran into a issue i tried to reproduct , we was asked to create some NAT rules for a tenant , and we didnt have a admin user in that tenant so we went through Virtual Machine Manager instead , but the rules was not visible but working

This is the steps needed to reproduce

 

edit the all knowing Brian Ehlert suggested ctrl f5 , worked like a charm instead of logout

eidt the also all knowing Marc van Eijk pointed out that clicking Service Management Portal top left refreshed from DB

 

Thanks :)

image

If we go through our Service Management Portal and

 

image

Add a rule the our virtual network

 

image

It shows up in Virtual Machine Manager network config right away

image

If a change is made from Virtual Machine Manager the rule kicks in right away but

 

image

the changes is not reflected in the UI until

image

We log off and on again.

Windows Azure Pack Publishing using SNI

Categories: Hyper-V, VMM, Windows Azure Pack, Windows Server 2012, Windows Server 2012 R2
Comments Off on Windows Azure Pack Publishing using SNI

Windows Azure Pack uses port 30071 and 30081 for its public facing authentication and portal pr default , in our demo enviroment we wanted to pushlish these but on defalt SSL port to avoid issues with customer firewalls that could be blocking high ports.

To using a single ip for Windows Azure Pack we use Service Name Indication a feature in IIS8-> that enables “hostheader” for SSL

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability

This is a demo enviroment so we can pushlish directly from WAN to LAN without a proxy please dont do this in production

The steps here are for single server install again not prodution reference post for chaning ports

http://blogs.technet.com/b/privatecloud/archive/2013/12/10/windows-azure-pack-reconfigure-portal-names-ports-and-use-trusted-certificates.aspx

The steps needed for us (thank you to Marc van Eijk for asking why we just didnt do that) was the following

Create a dns records in the public and for

cloud.systemcenter365.com for tennant portal and cloudauth.systemcenter365.com for authentication

these point in out case to 77.233.248.6 and we have created a WAN-LAN NAT on port 80 and 443 for access

image

On our internal DNS server we created 2 zones to about going through the firewall and back when testing internally , out internal domain name is internal.systemcenter365.com , for now we used a zone for the FQDN as we only want to “regulate” the names used for Windows Azure Pack and nothing else , but we could just have created the systemcenter365.com zone internally and then created the records needed.

But for now we created a zone cloud.systemcenter365.com and cloudauth.systemcenter365.com that points to the local server hosting the endpoints , this is a requirement when using the powershell commands to install this.

We then used https://www.digicert.com/util/ digicert certification utility to order and install a public certificate so we dont remind people just to accept a certificate error.

image

We used a wildcard certificate from digicert (disclaimer :they provide for free for MVP’s)

image

On the webserver hosting the WAP endpoints

image

Change the TenantSite from 30081 to 443 and enable “Require Server Name Indication” and set the hostname to in our example cloud.systemcenter365.com

image

image

Change the Authsite from 30071 to 443 and enable “Require Server Name Indication” and set the hostname to in our example cloudauth.systemcenter365.com

After we have set the ports in IIS and enabled the SNI we need to configure Windows Azure to respond to the ports

Set-MgmtSvcFqdn -Namespace “TenantSite” -FullyQualifiedDomainName “cloud.systemcenter365.com” -Port 443 -Server sqlwap

Set-MgmtSvcFqdn -Namespace “AuthSite” -FullyQualifiedDomainName “cloudauth.systemcenter365.com” -Port 443 -Server sqlwap

Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://cloudauth.systemcenter365.com/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=sqlwap.internal.systemcenter365.com;User ID=sa;Password=”

Set-MgmtSvcIdentityProviderSettings –Target Membership –MetadataEndpoint ‘https://cloud.systemcenter365.com/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString “Data Source=sqlwap.internal.systemcenter365.com;User ID=sa;Password=”

And after chaning the fqdn and the endpoints our site now responds and works with http://cloud.systemcenter365.com

image

and a root redirect is always nice to have