Your SlideShare is downloading. ×
0
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Azure IaaS Tips & Tricks
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Azure IaaS Tips & Tricks

1,365

Published on

Valuable tips and tricks you will learn either the hard way, when building Windows Azure VMs, or the easy way - by attending my session

Valuable tips and tricks you will learn either the hard way, when building Windows Azure VMs, or the easy way - by attending my session

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,365
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • So, someone told us Windows Azure is great place to start dealing around with Virtual Machines and we created our first Windows/Linux VM. Fantastic we can RDP/SSH to it and install and configure web server. But now I open web browser type in the name of my VM and it sais Connection Timeout! But it works locally! What the hack is wrong?
  • Endpoint defines a Public/Internet facing whole in the (fire)wall which will route specific Internet traffic to your Virtual Machine.An endpoint is defined with a: * Protocol, that might be TCP or UDP (Web traffic goes over TCP connections) * Public port – this is the port number that will be open to the Public * Private port – this is the port number that Internet traffic will hit your VM at!Next is firewall Rules. I haven’t checked Oracle Linux images for firewall rules, but other Linux based images do not have any firewall rules defined at all! On the opposite side are Windows images – every Windows Server Installation have very restrictive default Firewall Configuration. If you cannot RDP/SSH, do not blame Azure first! Make sure you have defined proper endpoints required for remote connection! If the endpoints are defined, the chance there is issue with the endpoints is extremely low. Something that a lot of people, even experienced ones, often forget is Corporate Firewalls! Very many corporations block fancy outgoing ports like 1433 (SQL Server !!!), 3389 (RDP), 22 (SSH), 25 (SMTP), 21 (FTP) !! Very important!Don’t fool yourself if you cannot PING! ICMP protocol is blocked at Windows Azure Load Balancer level! Unless over a VPN, PING to an Azure VM will always timeout! This does not mean your server is not reachable or that Endpoints are not workingOutside-in connectivity check. If you want to test whether an outside-in connection can be established, first make sure you can do outside connections on desired port to a service you know for sure is running fine! Testing TCP protocols is easy – use TELNET client (can be installed on any Windows based OS from “Add/Remove Windows Features”). Possible hit for IIS – use the cloud service name, not IP address? Not working with IP Address?
  • OK,You played around with VMs. Created some, tear down some, now want to be more sexy by constructing a whole network infrastructure in the cloud. If are not familiar with Windows Azure, creating a Virtual Network will be the first time you will hear about “Affinity Groups”! Do not confuse Affinity Group with Availability Set. And now is a good time to explain the importance of Affinity Groups, what are they and why we do care.[Some talk on Affinity Groups, usually on white board or Flip Chart]Now that we know more about affinity groups, let’s see what is a Windows Azure Virtual Network
  • We need Virtual Network when we need/want: * fixed and/or predictable IP Addressing scheme * fixed IP Address for our servers* * Securely and reliably connect more resources like * connect multiple VM deployments (Cloud Services) * connect Azure VM with on-premises corporate network * connect Azure VM with your laptop * connect Azure VM azure Platform Services deployment (worker roles / web roles)
  • Notes:The very first question you will have and issue you will meet is Name resolution for Azure VMs
  • Simple rule of thumb: When your VM is not part of a VNet, Windows Azure provides name resolution for you;When your VM is part of a VNet, you take care of name resoution
  • Notes:Given that we need to provide Name Resolution when using Virtual Network, next big question is: How to provide DNS Server in IAAS where all IP Addresses are DHCP Allocated
  • Notes:Given that we need to provide Name Resolution when using Virtual Network, next big question is: How to provide DNS Server in IAAS where all IP Addresses are DHCP Allocated
  • Transcript

    1. WINDOWS AZURE IAAS TIPS & TRICKS • Anton Staykov • @astaykov
    2. THANK YOU, SPONSORS!
    3. The Cloud for Modern Business Grab your benefit aka.ms/azuretry Deploy fast in the cloud, scale elastically and minimize test cost Activate your Windows Azure MSDN benefit at no additional charge aka.ms/msdnsubs cr
    4. ABOUT ME • Windows Azure MVP (3 times now) • With Azure from the beginning  http://blogs.staykov.net/  @astaykov
    5. AGENDA       Azure IaaS Outside-In connection issues Virtual Networks IP Address predictability AD/DC – Highway to … Mail Server on Azure
    6. A CONTINUOUS OFFERING FROM PRIVATE TO PUBLIC CLOUD
    7. WINDOWS AZURE VIRTUAL MACHINES * http://bit.ly/azurevmsupport
    8. COMMON ISSUES  VM Disappears or was deleted (MSND /Free Trial)  Blob storage occupied (VHD not deleted)  Temporary Disk (how temporary is it?)  What disk size should I chose?
    9. DEMO
    10. INTERNET CONNECTIVITY Outside-In
    11. NETWORKING PICTURE Windows Azure Cloud Service (foo.cloudapp.net) Virtual Machine (IaaS) LB VIP DIP INTERNET
    12. OUTSIDE-IN CONNECTIVITY     Endpoint Definition Windows Firewall Rules Corporate Firewalls PING times out
    13. VIRTUAL NETWORK
    14. VNET SCENARIOS  Define IP Address space for DIP  IaaS Interconnectivity  Site-to-Site  Point-to-Site  IaaS-to-PaaS and vice-versa
    15. VNET  Address Spaces  10.0.0.0  172.16.0.0  192.168.0.0  Sub Nets  Gateway Sub-Net
    16. ADDRESS ALLOCATION SECRETS  Always and only by DHCP  The first host gets the 4th IP Address  i.e. 192.168.0.4  Automatic cross-sub-net connectivity
    17. VNET CROSS-PREMISES  Site-to-Site  Point-to-Site  Local Address Management
    18. NAME RESOLUTION
    19. NAME RESOLUTION SCENARIOS  When not in VNet  PaaS only (Web/Worker Roles)  IaaS only (Virtual Machines)  When in Vnet  IaaS / PaaS only  IaaS + PaaS  IaaS + Local  PaaS + Local  IaaS + PaaS + Local
    20. DNS SERVER ON IAAS
    21. DNS SERVER SECRETS  Just for the DNS server machine, set DNS to 127.0.0.1 when deploying!  Place the DNS Server on its own subnet  Remember the full format of FQDN  http://bit.ly/fqdn
    22. IP ADDRESS ASSIGNMENT SECRETS  IP Address predictability  Sub-net isolation  Address Space Isolation
    23. AD/DC ON IAAS Highway to Clouds
    24. AC/DC NETWORK LAYOUT VNET-WE-IAASTIPS-PROD DNS/ 192.168.30.4 Address Space 192.168.30.0/29 Sub-ADDC: 192.168.30.0/29 Address Space 172.16.0.0/22 Sub-Clients: 172.16.0.0/22
    25. MAIL SERVER ON IAAS
    26. HOSTING OWN MAIL SERVER ISSUES  Public (dynamic) IP Address  Reverse DNS records (PTR Records)  http://bit.ly/azureptr
    27. KEY TAKEAWAYS  Never forget Firewall  Know your IP Addresses  Don’t host Email Server (yet)
    28. Q&A • Anton Staykov • @astaykov • http://blogs.staykov.net/

    ×