Monday 1 July 2013

Installing Windows Azure Pack for Windows Server

Introduction

At TechEd 2013, Microsoft announced the preview release of their upcoming Windows Azure Pack for Windows Server. This is a set of management components that run on top of Windows Server 2012 and provide a Private Cloud experience identical to the public Azure offering.The two main scenarios we can see where this will be used are:

  • ISPs spinning up a new Azure-like cloud hosting experience for customers, without having to develop their own management and instrumentation services to run their datacentres.

  • Infrastructure teams in large IT departments offering metered self-service provisioning to in-house application development projects. The two key benefits here over hosted cloud services are that (i) it avoids issues with, for example, PICS and FSA certification for public cloud hosting providers since the service is still provided from in-house equipment, and (ii) it allows IT teams to charge the application owners on a pro-rata basis for the cost of infrastructure services that they consume, moving away from cost-centre based Cap-Ex toward project-based Op-Ex.
We're very excited about all of the new opportunities the Azure Pack presents, so we wanted to set up a test lab to see what the Azure Pack looks like, and how it works.

Finding the Downloads

First off, finding the download is a bit of a wild goose chase. Hitting the Windows Azure Pack home page doesn't give you any immediate clues about where to get the installer from. However, having a poke around for a few minutes reveals the location:
This will bring you to the Windows Azure Pack for Windows Server landing page on the TechNet Library (a shortcut to the same location is http://technet.microsoft.com/en-us/library/dn296435.aspx). From there you’ll find that the Azure Pack comes in two flavours – a single-machine “Express” version and the full version.

To install the Express version, click the "Install Windows Azure Pack: Portal and API Express - Preview" link on that page to trigger a download, or click the Install Windows Azure Pack - Preview components on multiple machines for the full preview.

Installing Windows Azure Pack

Since the full preview requires a minimum of 7 (yes, seven) separate virtual machines to run, we’re going to start this proof of concept using the Express version which can run most of the management services on a single VM for testing. Once we’ve got a handle on what the product actually looks like we’ll go back and plan out a full-scale deployment for production use.

We’re going to start with a fresh Windows Server 2012 Standard VM. We’re not going to connect it to a domain at this point because at this point we want to make sure it doesn’t try to make unexpected changes to our production domain’s Active Directory forest.


So here we go...

Web Platform Installer

The first thing you’ll see when you click the Express link is a download for a 93.6KB file – this is a bootstrap installer which uses the Web Platform Installer 4.5 to download and run the main Windows Azure Pack installers.

Note that the bootstrap will also download and install the Web Platform Installer 4.5 if it isn’t already on your server, but you can download it manually from the link below if you want to put it on a local redistribution point and install it from there:

http://download.microsoft.com/download/7/0/4/704CEB4C-9F42-4962-A2B0-5C84B0682C7A/WebPlatformInstaller_amd64_en-US.msi

Once the Web Platform Installer has started you can click the “Items to be Installed” link at the bottom of the first screen to see a rather large list of dependencies that the Windows Azure Pack needs, as follows:

  • Windows Azure Pack: Portal and API Express – Preview
  • Windows Azure Pack: Admin API – Preview (Dependency)
  • Windows Azure Pack: Tenant API – Preview (Dependency)
  • Windows Azure Pack: Tenant Public API – Preview (Dependency)
  • Windows Azure Pack: Admin Site – Preview (Dependency)
  • Windows Azure Pack: Tenant Authentication Site – Preview (Dependency)
  • Windows Azure Pack: Admin Authentication Site – Preview (Dependency)
  • Windows Azure Pack: Tenant Site – Preview (Dependency)
  • Windows Azure Pack: Platform Component(s) – Preview (Dependency)
  • Windows Azure Pack – ETW Manifests (Dependency)
  • Windows Azure Pack – Admin API (Dependency)
  • Windows Azure Pack – Usage Extension (Dependency)
  • Windows Azure Pack – Web App Gallery Extension (Dependency)
  • Windows Azure Pack – SQL Server Extension (Dependency)
  • Windows Azure Pack – MySQL Extension (Dependency)
  • Windows Azure Pack – Monitoring Extension (Dependency)
  • Windows Azure Pack – Configuration Site (Dependency)
  • Windows Azure Pack – Tenant API (Dependency)
  • Windows Azure Pack – Tenant Public API (Dependency)
  • Windows Azure Pack – Admin Site (Dependency)
  • Windows Azure Pack – Tenant Authentication Site (Dependency)
  • Windows Azure Pack – Admin Authentication Site (Dependency)
  • Windows Azure Pack – Tenant Site (Dependency)
  • Execute ASP.Net IIS Registration tool (Dependency)
  • IIS: ASP.NET 4.5 (Dependency)
  • URL Rewrite 2.0 (Dependency)
  • IIS: Static Content (Dependency)
  • IIS: .NET Extensibility 4.5 (Dependency)
  • IIS: Request Filtering (Dependency)
  • IIS: ISAPI Extensions (Dependency)
  • IIS: ISAPI Filters (Dependency)
  • IIS: Default Document (Dependency)
  • IIS: Windows Authentication (Dependency)
  • IIS: Dynamic Content Compression (Dependency)
  • IIS: Static Content Compression (Dependency)
  • IIS: Basic Authentication (Dependency)
  • IIS: WAS Process Model (Dependency)
  • IIS: WAS .NET Environment (Dependency)
  • .NET 3.5 for Windows 8 (Dependency)
  • IIS: Management Console (Dependency)
  • .NET 4.5 Extended with ASP.NET for Windows 8 (Dependency)
  • ASP.NET MVC 4 Language Packs Installer (Dependency)
  • ASP.NET MVC 4 Installer (VS 2010)-Default Locale (Dependency)
  • ASP.NET Web Pages 2 (Dependency)
  • Microsoft Visual C++ 2010 SP1 Redistributable Package (Dependency)
  • Microsoft Visual C++ 2010 SP1 Redistributable Package (x86) (Dependency)
  • Microsoft Visual C++ 2010 SP1 Redistributable Package (x64) (Dependency)
  • MySQL Connector/Net (Dependency)
  • Windows Azure Pack – PowerShell API (Dependency)
  • IIS: WAS Configuration API (Dependency)

Installing Operating System Components

I want to try to script as much of this installation as possible, so I’ll start by picking off the operating system components using PowerShell.

Import-Module ServerManager

Add-WindowsFeature Web-Server -IncludeManagementTools

Add-WindowsFeature Web-Asp-Net -Source D:\sources\sxs
Add-WindowsFeature Web-Net-Ext -Source D:\sources\sxs
Add-WindowsFeature Web-Asp-Net45
Add-WindowsFeature Web-Net-Ext45
Add-WindowsFeature Web-ISAPI-Ext
Add-WindowsFeature Web-ISAPI-Filter
Add-WindowsFeature Web-Mgmt-Console
Add-WindowsFeature Web-Basic-Auth
Add-WindowsFeature Web-Windows-Auth
Add-WindowsFeature Web-Dyn-Compression

That should knock out about a dozen of the dependencies. If you restart the Express installer and go back to the “Items to be Installed” page you’ll see all of the “IIS” dependencies have gone as they’re now installed.

Installing Supporting Software

On that same “Items to be installed” page you’ll notice there’s a “Direct Download Link” for a lot of the components. You can either let the Web Platform Installer handle all of these for you, or if like me you prefer to install from a local file share rather than pulling files down from the internet, you can pre-stage a local distribution folder with the packages using the direct download links.

Once downloaded, we can install some more prerequisites:

md c:\logs
set msiexec=%SystemRoot%\System32\msiexec.exe
set downloads=\\nas1\downloads\Microsoft\Server Software\Windows Azure Pack\WAP_Downloads

"%downloads%\vcredist_x64.exe" /log "c:\logs\vcredist_x64.log" /norestart /passive
"%downloads%\vcredist_x86.exe" /log "c:\logs\vcredist_x86.log" /norestart /passive
"%downloads%\AspNetMVC4Setup.exe" /log "c:\logs\mvc4_2010.log" /norestart /passive
"%msiexec%" /i "%downloads%\rewrite_amd64_en-US.msi" /norestart /passive /l*v "c:\logs\urlrewrite20.log"

"%msiexec%" /i "%downloads%\mysql-connector-net-6.5.4.msi" /norestart /passive /l*v "c:\logs\mysql_connector.log"

Installing Azure Pack Components

If you look in the “Items to be installed” again now, you should just see the items prefixed with “Windows Azure Pack”, and the IIS Registration Tool, so let’s begin installing them as well.

md c:\logs
set msiexec=%SystemRoot%\System32\msiexec.exe
set downloads=
\\nas1\downloads\Microsoft\Server Software\Windows Azure Pack\WAP_Downloads
"%msiexec%" /i "%downloads%\MgmtSvc-EventSources.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-EventSources.log"
"%msiexec%" /i "%downloads%\MgmtSvc-AdminAPI.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-AdminAPI.log"
"%msiexec%" /i "%downloads%\MgmtSvc-TenantAPI.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-TenantAPI.log"

"%msiexec%" /i "%downloads%\MgmtSvc-TenantPublicAPI.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-TenantPublicAPI.log"
"%msiexec%" /i "%downloads%\MgmtSvc-Usage.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-Usage.log"
"%msiexec%" /i "%downloads%\MgmtSvc-WebAppGallery.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-WebAppGallery.log"
"%msiexec%" /i "%downloads%\MgmtSvc-SQLServer.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-SQLServer.log"
"%msiexec%" /i "%downloads%\MgmtSvc-MySQL.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-MySQL.log"
"%msiexec%" /i "%downloads%\MgmtSvc-Monitoring.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-Monitoring.log"
"%msiexec%" /i "%downloads%\MgmtSvc-ConfigSite.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-ConfigSite.log"
"%msiexec%" /i "%downloads%\MgmtSvc-AdminSite.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-AdminSite.log"
"%msiexec%" /i "%downloads%\MgmtSvc-AuthSite.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-AuthSite.log"
"%msiexec%" /i "%downloads%\MgmtSvc-WindowsAuthSite.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-WindowsAuthSite.log"
"%msiexec%" /i "%downloads%\MgmtSvc-TenantSite.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-TenantSite.log"
"%msiexec%" /i "%downloads%\MgmtSvc-PowerShellAPI.msi" /norestart /passive /l*v "c:\logs\MgmtSvc-PowerShellAPI.log"


Once these have all been installed, the “Items to be installed” page in the Web Platform Installer will be blank, and will show “0 items to be installed”.

Disable IE Enhanced Security

If you're going to access the administration sites from the local server you'll need to disable IE Enhanced Security Configuration first. Ideally, you'd use a separate administation workstation, but the PowerShell to disable it is on the server is as follows, thanks to a Stack Overflow post:


function Disable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
}
function Enable-InternetExplorerESC {
    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
    $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
    Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 1
    Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 1
    Stop-Process -Name Explorer
    Write-Host "IE Enhanced Security Configuration (ESC) has been enabled." -ForegroundColor Green
}
function Disable-UserAccessControl {
    Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000
    Write-Host "User Access Control (UAC) has been disabled." -ForegroundColor Green    
}
 
Disable-InternetExplorerESC

Configuring Windows Azure Pack

The Web Platform Installer will automatically open the configuration site in a web browser. However if you’ve installed the components from a script you’ll need to navigate here yourself.

To do this, open a browser and enter “https://localhost:30101/” into the address bar (note – this goes to the MgmtSvc-ConfigSite site created in IIS by the installers). You’ll probably get a certificate warning, in which case just click "Continue to this website (not recommended)" to proceed.
 



If you've installed the Azure Pack on a member server you may be asked to provide Windows credentials....


…before being shown a splash screen
 


The splash screen will auto-refresh after a few seconds to show the configuration page.

Configuration Page 1




At this point we need a SQL Server instance to store configuration data. As this is an exploratory install, I’ll just install “SQL Server 2012 Express with Tools” on the same server - see http://www.microsoft.com/en-gb/download/details.aspx?id=29062 for the downloads. I won’t document the full installation here, but just keep clicking “Next” to accept the default options and you will be more or less ok.


The only thing to watch for is to enable “SQL Authentication” otherwise you’ll get the warning below when you try to configure the passphrase in the Configuration Site.




If you see this message, all is not lost - just follow the instructions at http://msdn.microsoft.com/en-us/library/ms188670.aspx to enable SQL Authentication on your instance.

Configuration Page 2

The next step wants the internet-facing domain name for the server. Our test machine isn’t actually going to be exposed externally, so I’ll just accept the default value and hope for the best.


Configuration Page 3

Step 3 is simply a confirmation page showing the features that will be configured. Click the “tick” icon in the bottom right of the screen to start the configuration process.




When it’s done you should hopefully see something like this:



Click the tick again to get taken to the Service Management Portal on
https://localhost:30091/ (which is the MgmtSvc-AdminSite site in IIS). You’ll need to skip the certificate error and log in again, but once you’ve done that you’ll get presented with a 5-step tour.

Service Management Portal Tour

If you’ve worked with the public Azure Management Portal then the interface for the Service Management Portal will have a familiar layout. For those that haven’t, the screenshots below will show the tour for you.












Once you've seen the tour and clicked the tick on the final page, you'll eventually get to the Serviec Management Portal.



If you've installed the Express version of the Azure Pack like we did, then you won't be able to do much more right now because you won't yet have provisioned any Web Site Clouds, VM Clouds or Service Bus Clouds to connect up to it for tenant usage. We'll decribe how to do this in later posts.

Summary

In this post we’ve installed the Express version of the Windows Azure Pack for Windows Server on a standalone member server. We installed it from a distribution point on a file server using command lines rather than letting the Web Platform Installer pull files down from the internet in order to control exactly which versions of files get deployed.

We then installed a SQL Express instance and configured the Service Management Portal to use this instance to store configuration data.

That’s quite a lot done already, but we still need to install and configure define the back-end resources that are available to customers through the self-service customer site.

Next time, we’ll start to build out the single server Express installation into the full product across multiple virtual machines..

1 comment:

  1. I followed the steps and when logging into this
    https://localhost:30091/

    I get an access denied message. Any suggestions where to start troubleshooting?

    ReplyDelete