1 / 18

Windows Azure Connect

Тема 6. Windows Azure Connect. Сергей Байдачный Sergiy.Baydachnyy@microsoft.com Специалист по разработке программного обеспечения Майкрософт Украина. Introducing Windows Azure Connect. Windows Azure. Secure network connectivity between on-premises and cloud

santo
Download Presentation

Windows Azure Connect

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Тема 6 Windows Azure Connect Сергей Байдачный Sergiy.Baydachnyy@microsoft.com Специалист по разработке программного обеспечения Майкрософт Украина

  2. Introducing Windows Azure Connect Windows Azure Secure network connectivity between on-premises and cloud • Supports standard IP protocols Example use cases: • Enterprise app migrated to Windows Azure that requires access to on-premise SQL Server • Windows Azure app domain-joined to corporate Active Directory • Remote administration and trouble-shooting of Windows Azure Roles Simple setup and management Enterprise

  3. Windows Azure Connect – Closer Look Enable Windows Azure (WA) Roles for external connectivity via service model Enable local computers for connectivity by installing WA Connect agent Network policy managed through WA portal • Granular control over connectivity Automatic setup of secure IP-level network between connected role instances and local computers • Tunnel firewalls/NAT’s through hosted relay service • Secured via end-to-end IPSec • DNS name resolution Windows Azure Role A Role B Role C (multiple VM’s) Relay Dev machines Databases Enterprise

  4. Windows Azure Service Deployment To use Connect with a WA service, enable one or more of its Roles • For Web & Worker Role, include the Connect plug-in as part of Service Model (.csdef file) • For VM role, install the Connect agent in VHD image using the Connect VM install package • Connect agent will automatically be deployed for each new role instance that starts up Connect agent configuration managed through the ServiceConfiguration (.cscfg) file • One required setting - “ActivationToken” • Unique per-subscription token, accessed from Admin UI • Optional settings for managing AD domain-join and service availability

  5. On-Premises Deployment Local computers are enabled for connectivity by installing & activating the Connect agent • Web-based installation link • Retrieved from admin UI • Contains per-subscription activation token embedded in URL • Standalone install package • Reads activation token from registry key • Enables installation using existing S/W distribution tools Connect agent tray icon & client UI • View activation state & connectivity status • Refresh network policy Connect agent automatically manages network connectivity • Sets up virtual network adapter • “Auto-connects” to Connect relay service as needed • Configures IPSec policy based on network policy • Enables DNS name resolution • Automatically syncs latest network policies

  6. Management of Network Policy Connect network policy managed through Windows Azure admin portal • Managed on a per-subscription basis Local computers are organized into Groups • E.g. “SQL Servers”, “My Laptops”, “Project Foo” • A computer can only belong to a single group at a time • Newly activated computers are ‘unassigned’ by default WA Roles can be connected to Groups • Enables network connectivity between all Role instances (VM’s) and local computers in the Group • WA Connect does not control connectivity between Roles or Role instances (done through existing mechanisms) Groups can be connected to other Groups • Enables network connectivity between computers in each group • In addition, a Group can be ‘interconnected’ - enables connectivity within a group • Useful for ad-hoc & roaming scenarios

  7. Network Policy - Example Windows Azure Role A Role B Instance3 Instance3 Instance2 Instance2 Instance Instance My Servers My Laptops DEV_LAPTOP2 DEV_LAPTOP1 SERVER3 SERVER2 SERVER1

  8. Active Directory Domain Join Connect plug-in supports domain-join of WA Roles to on-premises Active Directory Scenarios enabled: • Log into WA role instances using domain accounts • Connect to on-premise SQL server using Windows Integrated Auth • Migrate LOB apps to cloud that assume domain-joined environment Process to enable: • Install Connect agent on DC / DNS server(s) • For multiple DC environment, recommend creating dedicated Site • Configure Connect plug-in to automatically join WA role instances to AD • Specify credentials used for domain-join operation • Specify target OU for WA role instances • Specify list of domain users / groups to add to local Administrators group • Configure network policy to enable connectivity between WA roles and DC / DNS servers • New WA role instances will automatically be domain-joined

  9. Вопросы?

  10. Тема 7 Virtual Machine Role Сергей Байдачный Sergiy.Baydachnyy@microsoft.com Специалист по разработке программного обеспечения Майкрософт Украина

  11. VM Role – Overview • Developers have full control over the OS image • Ability to upload your own customized WS08R2 Enterprise images • Operators can reboot, re-image and Remote Desktop • Continue to benefit from automated service management, including service model enhancements described on subsequent slides

  12. VM Role Lifecycle

  13. VM Role Lifecycle Identical/similar deployment instances using common uploaded OS image (base.VHD + diff.VHD) Base.VHD & Additional Software & Windows Azure Integration Components - Agent - Runtime Interface (topo, config, shutdown notification, …) - Remote Desktop configurator - Diagnostics - Windows Azure Drives driver & Generalize (Recommended) Blob Storage On-Premises Cloud

  14. Creating a Service – Service Definition • <ServiceDefinition name="MyVMRoleService" xmlns="…"> • <VirtualMachineRolename="MachineRole"vmsize="Medium"> • <Imports> • <Import moduleName="RemoteAccess" /> • <Import moduleName="RemoteForwarder" /> • <Import moduleName="Diagnostics" /> • </Imports> • </VirtualMachineRole> • </ServiceDefinition>

  15. Creating a Service – Service Configuration • <ServiceConfigurationserviceName="MyVMRoleService" xmlns="…"> • <Role name="MachineRole"> • <OsImagehref="20101020BaseVM.vhd"/> • <Instances count="2" /> • <ConfigurationSettings> • <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=mohittest;AccountKey=JEBzeqFeP176KkIeXoHxvs8pzs1SrdCTwQfrc2nk+mml7+tKc3k5TWMciGPmHgd1G2IOsT5FyJvv3dvaAqioRg==" /> • <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> • <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="" /> • <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="" /> • <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2012-07-23T23:59:59.0000000-07:00" /> • <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> • </ConfigurationSettings> • <Certificates> • <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="195FD938F86D8785FF53C660BCBD283819E0271A" thumbprintAlgorithm="sha1" /> • </Certificates> • </Role> • </ServiceConfiguration>

  16. Как получить доступ к облаку • Azure.com • Доступ возможен через MSDN • Доступ на 24 часа через http://dev-club.in.ua • Доступ на 30 дней – письмо мне

  17. Ресурсы • Windows Azure Platform Training Kit (http://msdn.microsoft.com/en-us/wazplatformtrainingcourse.aspx)

  18. Вопросы?

More Related