Post on 29-Nov-2014
description
WINDOWS AZURE IAAS TIPS & TRICKS
• Anton Staykov• @astaykov
THANK YOU, SPONSORS!
The Cloud for Modern Business
Grab your benefit
aka.ms/azuretry
Deploy fast in the cloud, scale elastically and minimize test cost
Activate your Windows Azure MSDN benefit at no additional charge
aka.ms/msdnsubscr
ABOUT ME
• Windows Azure MVP (3 times now)
• With Azure from the beginninghttp://blogs.staykov.net/@astaykov
AGENDA
Azure IaaS Outside-In connection issues Virtual Networks IP Address predictability AD/DC – Highway to … Mail Server on Azure
PaaS SaaSPhysical Virtual IaaS
A CONTINUOUS OFFERING FROM PRIVATE TO
PUBLIC CLOUD
WINDOWS AZURE VIRTUAL MACHINES
Support for key server applications*
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
* http://bit.ly/azurevmsupport
COMMON ISSUES
VM Disappears or was deleted (MSND /Free Trial)
Blob storage occupied (VHD not deleted)
Temporary Disk (how temporary is it?) What disk size should I chose?
DEMO
INTERNET CONNECTIVITY
Outside-In
DIP
LBVIP
Virtual Machine (IaaS)
Windows Azure Cloud Service (foo.cloudapp.net)
INTERNET
NETWORKING PICTURE
OUTSIDE-IN CONNECTIVITY
Endpoint Definition Windows Firewall Rules Corporate Firewalls PING times out
VIRTUAL NETWORK
VNET SCENARIOS
Define IP Address space for DIP IaaS Interconnectivity Site-to-Site Point-to-Site IaaS-to-PaaS and vice-versa
VNET
Address Spaces 10.0.0.0 172.16.0.0 192.168.0.0
Sub Nets Gateway Sub-Net
ADDRESS ALLOCATION SECRETS
Always and only by DHCP The first host gets the 4th IP
Address i.e. 192.168.0.4
Automatic cross-sub-net connectivity
VNET CROSS-PREMISES
Site-to-Site Point-to-Site Local Address Management
NAME RESOLUTION
NAME RESOLUTION SCENARIOS
When not in VNetPaaS only (Web/Worker Roles)
IaaS only (Virtual Machines)
When in Vnet IaaS / PaaS only
IaaS + PaaS IaaS + LocalPaaS + Local IaaS + PaaS + Local
DNS SERVER ON IAAS
DNS SERVER SECRETS
Just for the DNS server machine, set DNS to 127.0.0.1 when deploying!
Place the DNS Server on its own subnet Remember the full format of FQDN http://bit.ly/fqdn
IP ADDRESS ASSIGNMENT SECRETS
IP Address predictability Sub-net isolation Address Space Isolation
AD/DC ON IAAS
Highway to Clouds
AC/DC NETWORK LAYOUT
VNET-WE-IAASTIPS-PROD
DNS/ 192.168.30.4
Address Space 192.168.30.0/29
Sub-ADDC: 192.168.30.0/29
Address Space 172.16.0.0/22Sub-Clients: 172.16.0.0/22
MAIL SERVER ON IAAS
HOSTING OWN MAIL SERVER ISSUES
Public (dynamic) IP Address Reverse DNS records (PTR Records) http://bit.ly/azureptr
KEY TAKEAWAYS
Never forget Firewall Know your IP Addresses Don’t host Email Server
(yet)
Q&A
• Anton Staykov
• @astaykov
• http://blogs.staykov.net/