This article is part of the multi part article, if you haven’t read the introduction please read it here
In this stage we are going to do some basic work creating the infrastructure. Here are the top level things we are going to accomplish:
- Create Virtual Network and Affinity Group
- Create few Virtual machines and add it to Virtual Network
- Make sure they can talk to each other
Create Virtual Network with Affinity Group
Before creating a virtual network and an affinity group, let’s understand the basics about affinity group and why we need them. Microsoft Window Azure is a global platform, and Microsoft got data centres spread across the globe.
When you are creating resources in Windows Azure, things like cloud service, storage, virtual machine, virtual network etc you need to specify the location where your cloud artifacts are going to reside, as shown below
Affinity groups are the way in which you tell Azure you want the service to be deployed in a specific locations. You are also asking Azure to keep your artifacts within a close proximity. This helps to avoid latency and it makes lot of sense in certain scenarios like you don’t want your web front end hosted in West US talking to a database hosted in Asia. This is increases both latency and possible cost implication of data transfer in/out of two data centres.
In our case, we are trying to create a virtual network and we want all of our artifacts (virtual machines, storage, etc.) all to co-exist in a close proximity. In fact it’s a mandatory step in the portal to have an affinity group to create a virtual network.
Login to the portal (http://manage.windowsazure.com)
and click the big “+” button in the bottom, select Network> Custom Create
TIP: We are going to follow a naming convention throughout this article, we are going to prefix all our artifacts with ”QE-”, so we understand they are together. You pick your own prefix, something unique so that you can follow the article without getting errors like DNS name already taken
Choose, “Create a new affinity group” from the drop down box and provide a name for the virtual network, and affinity group as shown above and choose the region “West US” (this is the one we tested). Click the small right-arrow in the bottom to move to next step.
Provide an address space IP address 10.0.30.0/16 and click the “+” sign. You should be able to use the same IP address, Windows Azure won’t complain it’s already be taken, it knows how to virtualize it.
Provide a Subnet name “QE-SUBNET” and the IP address as shown below. Click the small right-arrow in the bottom to move to next step.
You can leave this setting blank, since we don’t need it. You will need this setup if you are going to connect this Azure Virtual network with your corporate network, in which case server names need to be resolved between both the networks. Click the small tick in the bottom to finalize your setting. Once done, you should see the below screen with your virtual network details.
Create few Virtual machines:
Once our affinity group and virtual network is setup, let’s create some virtual machines that’s going to be part of our network.
Click on the big “+” button at the bottom of the portal, select Virtual Machines -> From Gallery. In the list, select “Windows Server 2008 R2” (BizTalk server 2010 only runs on Windows 2008, so we are going to create all our servers based on W2008R2).
Once the image name is selected, Click the small right-arrow at the bottom to move next.
Specify the name QE-BTS1 for the virtual machine name, a password of your choice and confirm the password. Small instance is sufficient for our setup. Click the small right-arrow at the bottom to move next.
This screen is very important, provide the DNS name for the server “QE-BTS1”, choose your storage account, and most importantly the virtual network “QE-NETWORK” we created earlier. Don’t proceed further if you can’t see the virtual network, otherwise the VM won’t be part of the network. One of the possible reason not seeing the virtual network: if you choose a storage account that’s not part of the same affinity then virtual network won’t be visible. Click on the small right-arrow to move to the next screen
This again is an important screen, make sure you select the subnet QE-SUBNET we created earlier. Click on the small tick and Windows azure will start provisioning and starting your virtual machine.
Follow the same steps as above creating the virtual machine and create few more virtual machines as shown below. You probably don’t need all of them at this stage, but it’s easy to provision them now (beware of cost :-))
We created the above servers for
QA-AD-DNS: This is going to be our Active Directory/DNS server for our virtual network
QE-BTS1, QE-BTS2: Are the 2 standalone BizTalk Servers
QE-BTS3, QE-SQL3: Our BizTalk multi server environment environment with remote SQL server.
Once you created all the virtual machines, they should appear on the list and you can see their status as running as shown below.
Make sure virtual machines can talk to each other
Now that we got all our virtual machines part of the virtual network (QE-NETWORK) we wanted to make sure they can talk to (ping) one another.
Click on the virtual machines link in the portal, which will bring the above screen with list of all the virtual machines currently provisioned. Make sure the status is running (otherwise click on the “Restart” button at the bottom). Select the virtual machine QE-BTS1 and click “Connect”. A RDP file will get downloaded with all the correct connection detail, open it and provide the password and click next for security warning. You’ll be logged into the server.
We cannot ping the servers using the name at this stage, since there is no name resolution DNS server configured. We need to identify the IP addresses assigned to the machine at the moment to ping each other.
Open a command prompt and type ipconfig
to determine the IP address assigned to the machines QE-BTS1 and QE-BTS2.
You will not be able to ping the machines at this stage, because by default ICMPv4 (required for ping) is disabled in Windows 2008 R2 and we need to make changes to our firewall.
Create a new rule to open ICMPv4 in the firewall
Type “Windows Firewall with Advanced Security” in the start menu, and follow the below steps on both the (in-fact all the) virtual machines QE-BTS1, QE-BTS2
- In the Windows Firewall with Advanced Security snap-in, click Inbound Rules in the tree, and click New Rule in the Actions Pane.
- Click Custom and click Next.
- Click All programs and click Next.
- For Protocol type, select ICMPv4.
- Click Next 3 times leaving default until you reach the screen where it asks for Name
- For Name type a name for this rule and for Description an optional description. Click Finish.
Once the above changes are made in all the virtual machines, you will be able to ping each other as shown below
In the above screen we are able to ping QE-BTS2 (which is 10.0.0.5) from QE-BTS1 machine (which is 10.0.0.4)
Let’s continue with the remaining stages in the follow up post tomorrow. In the next stage we will explain how we can setup our own Active Directory and DNS for the virtual network