Windows Azure Virtual Machines - Overview of New Features

    Good afternoon, dear colleagues.
    In the near future we will consider another aspect of the new functionality of Windows Azure - virtual machines. Virtual machines are a new service provided by the Windows Azure platform, and they make it much easier and more flexible to transfer local infrastructures to the cloud or create new software solutions that are critical to persistent storage (not cleaned for each restart of the execution instance).

    What will you see in this article?
    1. Differences between the new service and VM role
    2, Virtual Machine Architecture
    3. Virtual Networks
    4. Availability of virtual machines and guarantees
    Practice - creating a web server farm in Windows Azure

    Windows Azure Virtual Machines

    Virtual machines are a new service provided by the Windows Azure platform, and they make it much easier and more flexible to transfer local infrastructures to the cloud or create new software solutions that are critical to persistent storage (not cleaned for every restart of the execution instance). In fact, after June 7, 2012, it is difficult to name Windows Azure SaaS, PaaS, or any platform, now it is more like an umbrella term, combining many abbreviations.

    The scenarios for using virtual machines in Windows Azure include almost all types of applications that can be used in a local infrastructure: business applications, CRM, Active Directory, native applications, as well as allowing to combine local and cloud infrastructure, creating a hybrid solution.

    Differences between the new service from the VM-role Fig. 1. Differences between VM and VM role After the announcement of the new service, the question arose - how does it differ from what we saw before, namely the VM role in the role model of Cloud Services (then - Hosted Services). Let's first see what a VM role is. The VM role was introduced into the platform for use in cases where the capabilities of the Web / Worker roles were not enough to implement certain solutions, such as, for example, moving complex applications to the cloud (Sharepoint, ...). At the same time, no SLAs were provided for the operating system in the virtual machine, since the user loaded their own VHD disk. However, the SLA on the virtual machines themselves was preserved - it was possible to load two virtual machines and get 99.95% SLA for the role availability.


    However, suppose if you booted several virtual machines and something happened (for example, a hardware failure) from one of the virtual machines, everything that was on this machine disappeared - all the unique data that was saved to disk and to memory, and other things. This was due to the fact that, in response to an error, Windows Azure was deploying a new virtual machine, before doing this sysprep on the image uploaded by the user.

    This all seems to be normal for a simple application, but it turned into a big problem - given the inconsistent storage, we had to redesign our application in such a way that it takes this feature into account.

    So, the differences include:
    • Type of storage . Since the VM role, in fact, was some kind of service with a virtual machine, it did not have permanent storage - with a hardware, for example, an error, you lost all the data from this machine. With virtual machines, it’s a little different - now you can add persistent storage in the form of a data disk, in addition, the disk of your virtual machine is constantly replicated in three replicas.
    • Deployment types . You had to create your VHD locally and upload it to the cloud, after which you could use it. With the new service, you can both create and download VHD, and use it as well as any other available in the image gallery.
    • Network setup . The settings for the VM role needed to be done in the service model, while the new virtual machine service could be configured on the Windows Azure management portal and even automated using Powershell or scripts.


    Fig. 2. Virtual Machine Life Cycle in the Cloud

    Virtual Machine Architecture

    In general, Windows Azure virtual machines are based on the service model used by Web / Worker roles for a long time, with major modifications such as persistent storage and one instance = one role.

    When you create a virtual machine, a Cloud Service is automatically created, which acts as a container for this virtual machine. Moreover, if the Cloud Service has two deployment cells (Staging / Production), then in the case of a virtual machine, it is deployed only in Production (which means that VIP swap is not available) (Fig. 3). Fig. Figure 3. Cloud Service as a container for virtual machines 4.



    As for where the virtual machines are stored, these are page blobs in the Windows Azure storage. When creating a virtual machine, VHD is placed in a page blob with the possibility of further recording. In this case, several disks are available:
    • C: - operating system;
    • D: - physical data on storage that is not backed up and used only for temporary storage;
    • E: - user data;
    • F: - logs.

    The maximum size of the operating system can be up to 127 gigabytes, but you can attach a certain amount (depending on the size of the virtual machine) of additional data disks to the virtual machine (Fig. 8), including during the execution of the virtual machine. Fig. 5. Dimensions of the virtual machine


    Virtual machines located within the same Cloud Service have a direct channel of communication with each other - there is no need to configure something separately, as is the case with separate virtual machines, when in order to ensure connectivity, you must open the ports in the service model. Of course, you should not forget about firewalls on operating systems. With this, everything is clear - you only need to think about firewalls and configure them clearly (since the forums occasionally had questions about why traffic does not "go"). So what if you need to configure what are called endpoints? Everything here is also simple. Each entry endpoint is associated with a virtual machine and indicates whether to allow traffic.

    The properties of the entry endpoint include:

    Name - the logical name in the system.

    Protocol - tcp / udp

    Local port

    Public port

    Configure the same load balancing port (Fig. 9), i.e. the one that the user will come to and then be sent to one of the virtual machines in the set can be determined by defining one entry point on all the required virtual machines and the special property LoadBalancedEndpointSetName. Fig. 6. Load balancing and the endpoint of entry into the virtual machine As you probably already saw, there is scope for setting up port forwarding. Since each Cloud Service has one public IP address, but many virtual machines are inside, port forwarding is exactly what you need to access a specific machine from the outside (Fig. 7).



    Fig. 7. Port forwarding in Windows Azure Virtual Machines

    For example, as in the image under number 5, port forwarding is configured for the system - an external client, initiating a request to 5586, switches to the RDP port (for example) to virtual machine No. 1, initiating a request to 5587 goes to virtual machine number 2, and so on.

    Virtual networks

    The most important function was the emergence of virtual networks. Virtual Networks (Virtual Networks) - this is the functionality that allows you to connect your local infrastructure to the cloud, as well as configure the network inside the deployed service. If everything is more or less clear with the first scenario (you need a VPN that supports Site-To-Site VPN), then what are the advantages of using virtual networks inside a deployed service? Firstly, this is a permanent IP scenario (not static, but permanent). When you need to transfer Active Directory to Windows Azure, do not use the same standard mode, when the IP will change? Here you can use VNET, with which you can determine the general IP addressing scheme for your cloud network. In this case, you determine the address space, subnets, and ownership of the virtual machines. Thus, each deployed virtual machine belonging to a specific VNET will have the same IP address regardless of its state (reboot, other actions that lead to a change of IP). This IP is non-static since it is not prescribed by statics (an indisputable fact), but is issued as if it were DHCP with an infinite leasing time. In this case, of course, the question of name resolution may arise. By default, there is no name resolution when placing a virtual machine on a virtual network - it is believed that you yourself will take care of this. There are three options for resolving the problem: manually configure DNS on the network adapter for each machine (the main drawback, of course, in the phrase "configure for each"), determine the DNS server in the network configuration (which is also inconvenient,


    Fig. 8. A hybrid solution using virtual networks

    To deploy a virtual machine to a virtual network, you need to remember a few simple rules:

    1) You cannot transfer an already deployed virtual machine, you need to deploy it directly to the virtual network.

    2) DNS settings - if you do not plan everything in advance, you can come to the conclusion that for an already deployed virtual machine, you cannot change these settings without redeployment.

    3) Each virtual network needs an affiliate group. In addition, the storage account must be in the same region as the affiliate group, or in this affiliate group.

    Virtual Machine Availability and Warranties

    Cloud Services SLA as it was 99.95%, and remained, given the minimum number of application instances (it is equal to two). The situation with virtual machines is a bit more confusing - it was decided that several virtual machines would not be needed for most applications, so 99.9% SLA is offered for one instance, but if you use the Availability Set, then 99.95% is offered.

    Availability Set

    The Availability Set concept is similar to the concept of update domains and error domains, but extends it somewhat - virtual machines in the AS are physically located in different rivers (racks) and when updating the host operating system, not all virtual machines in the AS are updated at the same time (Fig. 9 ) Fig. 9. Consolidated Error and Update Domain Concept and Availability Set



    Fig. 10. Visual representation of various SLA scenarios.

    That, in fact, allows for fault tolerance and redundancy at all levels. Fig. 11. Fault tolerance at all levels Fig. 12. What is included and what is not included in the Windows Azure Virtual Machines SLA Practice There are several methods for creating a virtual machine in Windows Azure, and we will cover everything. A virtual machine from an image Actually, the simplest and most understandable method is that the cloud already has a gallery of images, which currently supports a certain set of OS (Fig. 16). Please note that this list is from the Preview version, that is, it will be constantly updated even, possibly by going to Production. Fig. 13. Gallery of images of virtual machines




    Давайте перейдём к практике. Войдите на портал управления WindowsAzure (, используя учетные данные WindowsLiveID (рис. 14).


    Рис. 14. Страница входа в систему

    Войдя на портал управления (рис.15), нажмите кнопку New, расположенную в нижнем левом углу страницы, для открытия диалогового окна Newform (рис. 16).


    Рис. 15. Портал управления Windows Azure

    Выберите в открывшемся диалоге VirtualMachine. Выберите From Gallery (рис. 16)

    . Fig. 16. New form Note that in the VM OS Selection dialog box there are four display options - All (all images), Platform Images (the gallery of images on the platform), My Images (images provided by the client) and My Disks (virtual machine disks) . Now select Windows Server 2008 R2 SP1, July 2012 and click Next . In the VM Configuration dialog box (Fig. 17), enter the necessary data, select the instance size (since virtual machines require serious resources, select the smallest instance) and click Next . Fig. 17. Initial virtual machine configuration In the VM dialog boxclip_image028


    Mode (Fig. 18) select Standalone Virtual Machine , since we do not have any virtual machines. Enter the DNS Name and select the vault account and region or the affiliate group or virtual network. Click Next . Fig. 18. Initial virtual machine settings Select Create Availability Set and enter a name. Click Next to begin deploying the virtual machine. After a while, the virtual machine will start. Now let's connect to the created virtual machine via Remote Desktop Connection.


    Go to the Windows Azure Management Portal and select the created virtual machine. Click the Connect button in the control panel below. Actually, this is a link to the connection file to your virtual machine, and after clicking on it, the .rdp file with the name of the virtual machine should be downloaded. Run it and enter the administrator password.

    Upon entering the virtual machine, you will see the interface of the OS that was configured for this virtual machine. We configured Windows Server 2008 R2.

    Click Add Roles . Click Next . Choose the role of Web Server ( IIS ) - we will place the IIS in the virtual machine and create a farm of web servers from two virtual servers. Fig. 22.


    Click Next and select all the necessary components (Fig. 19). Fig. 19. This completes this paragraph and move on to the next. Creating from your own image The second way to create a virtual machine is to create your own image and deploy virtual machines from it. All this can be done right on the platform - once you have created a virtual machine from a pre-configured image, you can customize it as you like, then use sysprep for Windows and waagent for Linux and click Capture, after turning off this virtual machine. Naturally, you can carry out this process offline by creating VHD and downloading it using csupload.exe from the Windows Azure SDK 1.7.


    Since we have already deployed the virtual machine, we will use it.

    Go to the created virtual machine via RDP and open the Windows \ System32 \ sysprep directory. Run sysprep (Figure 20), select the generalize option

    and shutdown as the shutdown options . Click OK. Fig. 20. Sysprep interface After losing connection to the virtual machine, wait a couple of minutes until it turns off - monitor the status of the machine in the Windows Azure management portal - then select the virtual machine and click the Capture button on the control panel . In the dialog box that appears, enter the name of the image. Check the option “I have sysprepped the virtual machine”


    . Click OK .

    After the end of the process, the created virtual machine will be deleted, but a new image will appear in the Images section (Fig. 21). Fig. 21. A new virtual machine image Now you can create a new virtual machine. Click the New button located in the lower left corner of the page to open the New form dialog box . Select Virtual Machine in the opened dialog . Select From Gallery . Select your image (Fig. 22). Fig. 22. Image Gallery On the following Configuration pages, fill in the required fields (Fig. 23, 24).




    Fig. 23. Initial setup of the virtual machine Fig. 24. On the Availability Sets page, select Create Availability Set . Click OK. Create a second virtual machine from the same image, but on the VM Mode page, check Connect to existing virtual machine (Figure 25). Fig. 25. On the Availability Sets page, select the previously created Set . After everything is created and started, configure the entry endpoints for both machines. To do this, go to the virtual machine control panel, on the tab



    Endpoints . Click Add Endpoint . On the Specify Endpoint details page (Figure 26), enter http, 80.80. Fig. 27. Configuring the entry endpoint Repeat the configuration for the second virtual machine, specifying Load - balance traffic on an existing endpoint on the first page and selecting the created entry point. Wait for the update process to finish and click on the link in the DNS Name field to make sure that IIS is working and balancing the load between two instances of our service. Download your own VHD


    The third, and already existing in Windows Azure, option is to load an existing virtual machine in VHD format using csupload.exe or VHDupload from the Windows Azure Training Kit. We will use the first option.

    Open the Disk Management console : on the Start menu, type diskmgmt.msc in the search bar and press Enter .

    In the Disk Management console, open the Action menu and select Create VHD .

    In the Create and Attach Virtual Hard Disk dialog box, click Browse , specify the location and name of the future disk, and then click Save . Specify Disk SizeVirtual hard disk size as 16 MB , Virtual hard disk format as Fixed size , then click OK to create and connect a virtual hard disk. Pay attention to the disk size - we will not create a disk for the operating system at this point, we will create it as a data disk, upload it to the cloud, connect it to the virtual machine and view its contents. If you want to create a disk with the OS, there is nothing easier - create a larger disk, format it in NTFS and upload to the cloud.

    Before using a new disk, you must initialize it: right-click on the disk icon for the created disk in the bottom panel of Disk Management and clickInitialize Disk .

    In the Initialize Disk dialog box, make sure that the drive corresponding to the connected VHD is selected, select MBR (Master Boot Record) and click OK .

    Right-click on the unallocated Unallocated area of ​​the connected virtual hard disk and click New Simple Volume . In the New Simple Volume Wizard, click Next . On the next page, leave the Simple volume size set to the same — it should match the Maximum disk space — and click Next . Assign a drive letter and click Next. Select the format type for the new partition. Specify the File system as NTFS , leave the default value for the Allocation unit size and define the Volume label as OurVHD . Make sure you enable the Perform a quick format option and leave Enable file and folder compression disabled . Click Next .

    Check the information on the Summary page and click Finish to create a new volume.

    Wait for the formatting to complete, which should take several seconds. When AutoPlay is OnYou will be asked if you need to view the mapped drive. In this case, click Open folder to view files . If the question is not asked, right-click on the volume in the Disk Management console and click Open . Leave the window open. Copy any files there.

    Switch to the Disk Management console, right-click on the mapped drive — click on the drive, not the partition area — and click Detach VHD .

    In the Detach Virtual Hard Disk dialog box , make sure the Delete the virtual hard disk file after removing the disk option is disabled, then click OK .

    Now you need to load the virtual hard disk (VHD) into the Windows Azure storage. Let me remind you that virtual hard disks are stored in page blobs in Windows Azure, and that you can load or create a hard disk using the storage library API.

    Before downloading VHD, you need to determine the name and access key for your account - to do this, go to the management portal and select the subscription in which your application will be deployed. Select the storage service from the list of services and write down the values ​​of the name name (the first segment of the entry point URL) and the Primary Access Key by pressing the View button (to copy the key to the clipboard, use the Copy to Clipboard button) On the new portal, you can see the keys by going to the storage account and clicking Manage Keys . Fig. 28. Viewing Windows Azure storage account information Open with Windows Azure Command Prompt administrator privileges and go to the bin folder - there will be the csupload utility , which we will use to upload the disk to the cloud. Create a certificate using the makecert utility or using the appropriate snap-in in Visual Studio or IIS. makecert -sky exchange -r -n "CN =


    "-Pe -a sha1 -len 2048 -ss My".cer "

    Download it using the old Windows Azure management portal to the Management Certificates certificate store. Copy the thumbnail of the downloaded certificate. This way you should have the following data: subscription ID, thumbnail certificate, repository key and repository account name.

    Run the following commands :

    csupload Set-Connection “SubscriptionID =; CertificateThumbprint =;ServiceManagementEndpoint=»

    csupload.exe Add-Disk -Destination “http://[accountname]" -Label ourvhd -LiteralPath «c:\temp\ourvhd.vhd»

    Когда будет выведено сообщение «Diskourvhd.vhdisregisteredsuccessfully», это будет означать, что ваш диск данных загружен в галерею образов.

    Обратите внимание, что для загрузки образов виртуальных машин нужно пользоваться другими параметрами. Подробнее про csupload:

    Switch back to the new Windows Azure management portal to the control panel of any virtual machine. Click Attach and connect a disk from storage, then log into the virtual machine via RDP and pay attention to the increased number of disks. This feature allows you to quickly upload huge amounts of data to the cloud, as well as migrate data both to the cloud and from the cloud to the local infrastructure.




    Now let's create a Linux virtual machine and connect to it via SSH. There is nothing easier. Repeat the steps to create an image from the image gallery, but this time select openSUSE 12.1. Do not check various additional options like Upload SSH Keys.

    Connecting to a freshly created virtual machine is simple - via ssh, vnc or using putty (Windows), which we will use. To connect, go to the virtual machine control panel and in the Quick Glance panel (Fig. 29) there will be all the data for the connection. Fig. 29. Quick Glance data panel Now run Putty and fill in the required fields with information obtained from the Quick Glance panel (Fig. 30). Fig. 30. Putty interface Click Open . At the security warning, click Yes . Actually, that’s all - enter your administrator credentials, and you are inside the virtual machine.



    In order to create a blank image from this virtual machine, you will have to use the Windows Azure Linux Agent (waagent –deprovision). To do this, run the command sudo / usr / sbin / waagent - deprovision (Fig. 31). Fig. 31. Image generalization Turn off the virtual machine using the Shutdown button on the virtual machine control panel. After shutting down, click Capture . All other actions are identical to what we performed for the Windows machine. As you know, we can easily configure load balancing for Linux machines. Summary


    In general, with the launch of the new functionality of virtual machines and virtual networks, there are much more opportunities for simple migration of existing local infrastructures to the cloud, while there remains the possibility of partial migration and further integration of parts of the infrastructure using virtual networks.

    Also popular now: