Azure Virtual Machines - building up your Infrastructure in the cloud

1,019 views

Published on

Published in: Technology
  • Be the first to comment

Azure Virtual Machines - building up your Infrastructure in the cloud

  1. 1. WINDOWS AZURE IAAS TIPS & TRICKS • Anton Staykov • @astaykov
  2. 2. ABOUT ME • Windows Azure MVP (3 times now) • With Azure from the beginning  http://blogs.staykov.net/  @astaykov
  3. 3. AGENDA  Azure IaaS  Outside-In connection issues  Virtual Networks  IP Addresses  AD/DC – Highway to …  Mail Server on Azure
  4. 4. A CONTINUOUS OFFERING FROM PRIVATETO PUBLIC CLOUD
  5. 5. WINDOWS AZUREVIRTUAL MACHINES * http://bit.ly/azurevmsupport
  6. 6. COMMON ISSUES  VM Disappears or was deleted (MSND /Free Trial)  Blob storage occupied (VHD not deleted)  Temporary Disk (how temporary is it?)  What disk size should I chose?
  7. 7. DEMO
  8. 8. INTERNET CONNECTIVITY Outside-In
  9. 9. Virtual Machine (IaaS) Local IP (DIP) LB VIP Windows Azure Cloud Service (foo.cloudapp.net) INTERNET NETWORKING PICTURE
  10. 10. OUTSIDE-IN CONNECTIVITY  Endpoint Definition  Windows Firewall Rules  Corporate Firewalls  PING times out
  11. 11. VIRTUAL NETWORK
  12. 12. VNET SCENARIOS  Define IP Address space forVMs  IaaS Interconnectivity  Site-to-Site  Point-to-Site  IaaS-to-PaaS and vice-versa
  13. 13. VNET  Address Spaces  10.0.0.0  172.16.0.0  192.168.0.0  Sub Nets  Gateway Sub-Net
  14. 14. ADDRESS ALLOCATION SECRETS  Always and only by DHCP  The first host gets the 4th IP Address  i.e. 192.168.0.4  Automatic cross-sub-net connectivity  Internal IP Address Reservation!
  15. 15. VNET CROSS-PREMISES  Site-to-Site  Point-to-Site  Express Route
  16. 16. VNET LIMITATIONS  No Cross-Data-Center Connections  No site-to-multiple-sites Connections
  17. 17. NAME RESOLUTION
  18. 18. NAME RESOLUTION SCENARIOS  When not inVNet  PaaS only (Web/Worker Roles)  IaaS only (Virtual Machines)  When inVnet  Cloud only  Cloud + Site-to- SiteVPN
  19. 19. DNS SERVER ON IAAS
  20. 20. DNS SERVER SECRETS  Just for the DNS server machine, set DNS to 127.0.0.1 when deploying!  Place the DNS Server on its own subnet  Remember the full format of FQDN  http://bit.ly/fqdn  Reserve “Static IP Address” for theVM  http://bit.ly/azurestaticip
  21. 21. IP ADDRESS ASSIGNMENT SECRETS  IP Address predictability and reservations  Sub-net isolation  Address Space Isolation
  22. 22. AD/DC ON IAAS Highway to Clouds
  23. 23. AC/DC NETWORK LAYOUT VNET-WE-IAASTIPS-PROD DNS/ 192.168.30.4 Address Space 192.168.30.0/29 Sub-ADDC: 192.168.30.0/29 Address Space 172.16.0.0/22 Sub-Clients: 172.16.0.0/22 http://bit.ly/azuread
  24. 24. MAIL SERVER ON IAAS
  25. 25. HOSTING OWN MAIL SERVER ISSUES  Public (dynamic) IP Address  Reverse DNS records (PTR Records)  http://bit.ly/azureptr
  26. 26. KEYTAKEAWAYS  Never forget Firewall  Know your IP Addresses  Don’t host Email Server (yet)  Password Expiration
  27. 27. Q&A • Anton Staykov • @astaykov • http://blogs.staykov.net/

×