次の方法で共有


IT-Camp Azure Labs–Lab 2 Building Workloads–Step-By-Step

Lab 2: Building Workloads

Azure virtual machines give you the flexibility of virtualization without spending the time and money to buy and maintain the hardware that hosts the virtual machine. However, you do need to maintain the virtual machine — configuring, patching, and maintaining the operating system and any other software that runs on the virtual machine. In this lab you are going to deploy 2 virtual machines into Azure for the two workloads of identity and database. You will create these two virtual machines:

  • A Domain Controller (DC01)
  • A SQL Server (SQL01)

Deploy a domain controller in Microsoft Azure

In this task, you will deploy a new virtual machine(VM) to function as a domain controller in your newly created virtual network created in Lab01. As you provision the VM you will leverage a custom script extension to install Active Directory as a part of the provisioning process. Custom Script Extensions can automatically download scripts and files from Azure Storage and launch a PowerShell script on the VM. These scripts can be used to install additional software components, and in this lab you will use it to install Active Directory. Like the any other VM extensions, Custom Script Extensions can be added during VM creation or after the VM has been running. During the last portion of the lab you will also configure the AD service as the DNS server for the virtual network you created in Lab 1, and you’ll assign it a static IP Address(technically speaking this is a DHCP reservation in the subnet but it will be referred to as a static IP pretty much everywhere in Azure documentation.)

Perform the following tasks in the Azure management portal.

  1. In the Azure management portal, click VIRTUAL MACHINES.  
  2. Click NEW (Plus “+” Sign) located at the bottom of the Azure management portal
  3. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY
  4. In Choose an Image, click Windows Server 2012 R2 Datacenter, and then click the Next arrow. Create a new virtual machine using the values in the following table.  Please note: You can user your own username and password, just make sure to remember it!
    image
  5. Create a new virtual machine using the values in the following table.  Please note: You can user your own username and password, just make sure to remember it!

Property

Value

VIRTUAL MACHINE NAME

DC01

TIER

Standard

SIZE

A1

USER NAME

SysAdmin

NEW PASSWORD and CONFIRM

Passw0rd!

  1. then click the Next arrow
  2. On the Virtual machine configuration page 3, in CLOUD SERVICE, select itcservice<ID>. (From Lab 1) 
    • ITC-VNet will be automatically selected. If you do not have ITC-VNet available, you likely have the ITC-VNet in a different Location. Go back and fix location to make sure it’s the same.
  3. In STORAGE ACCOUNT, select itcstore<ID>  (From Lab 1)
    • If your storage account is not in the list, you may have to cancel out of this wizard, wait a few minutes for it to finish building, and try again.
  4. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, verify that ITC-VNet is selected.
  5. In VIRTUAL NETWORK SUBNETS , verify that AD-Production (192.168.10.0)/24 is selected, and then click the Next arrow. 
  6. In a separate tab or window: Download https://ITProGuru.com/downloads/ADProvisionScriptv2.txt to your local machine. Make sure you Click on File>Save As.. and save it as ADProvisionScriptv2.ps1. Make a note of where you put it. It will be needed for the next step.
  7. On the Virtual machine configuration page, under Configuration Extensions, check Custom Script.
  8. Click FROM LOCAL, Navigate to the ADProvisionScriptv2.ps1 file you download above click Open
  9. In the Arguments field type the following (including quotation marks, the password can change to match the one you gave in step 5 if you did not use the lab’s recommended password):
    • **       “ContosoAzure.com” “Passw0rd!”**
    • This password sets the –SafeModeAdministratorPassword for Active Directory by the way.
  10. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware
  11. Click the Complete icon. 
    • The virtual machine will take a few minutes to create. Depending on the load this may take between 5 and 25 minutes. 
    • You will return to complete the rest of the DC networking configuration at the end of the lab

Explore the virtual machines and connect via RDP

Now that the virtual machine is created, you want to log on and verify that it looks, feels, and behaves just like any server on your network. 

Perform the following tasks in the Azure management portal

  1. On the left menu of the Azure management portal, scroll to and click VIRTUAL MACHINES
  2. Next to DC01, click the DNS Name to open the Service dashboard
  3. Click DASHBOARD
    • You can review information about the running virtual machines, as well as view the current health.
  4. Click MONITOR
    • You can view performance and data statistics.
  5. Click INSTANCES
  6. Click DC01 to open the VM dashboard. 
  7. Click DASHBOARD
    • You can review information about the running virtual machines, as well as view the current health.
  8. Click MONITOR
    • You can view performance and data statistics.
  9. Click ENDPOINTS
    • You can configure published endpoints, which are similar to firewall rules, to allow applications to access services running on the VM.
  10. Click CONFIGURE
    • You can modify the properties of the virtual machine. You can also configure monitoring from multiple locations to ensure your endpoint is operational.
  11. Click DASHBOARD
  12. On the bottom bar, click CONNECT, and then click Open
  13. Click Connect
  14. When prompted, log on as sysadmin using Passw0rd! as the password. (Substitute the username and password you used during VM Creation if different than the lab recommendations.)
  15. Click Yes
    • You are now logged on to your newly created virtual machine.
  16. Click No when prompted to enable discovery of devices.

 

Migrate DC01 to the designated static IP subnet

In this task, you will move DC01 to the designated static IP subnet. You will then configure a static IP address. When you assign static IP addresses it is highly recommended you also provision a dedicated subnet for the static machines, which is why we already handled this in Lab01

You can accomplish what we’re about to do in two separate ways – PowerShell, or the new Azure Preview Portal

For our Lab, we’re going to use PowerShell, and then show you where it can be found and configured in the new portal.

Perform the following tasks on your workstation using PowerShell

NOTE: You will need to make sure you have installed the Microsoft Azure PowerShell cmdlets and connect it (or authenticate) to your subscription. You can read the Install PowerShell Tools section for more information.

  1. Open Azure PowerShell
  2. To migrate the VM, type the following command (all on one line) and then press ENTER. Replace <ID> with your unique ID.
    • Get-AzureVM -Name DC01 -ServiceName itcservice<ID> | Set-AzureSubnet -SubnetNames AD-Production-Static | Update-AzureVM
  3. To verify the VM has been migrated, type the following command, and then press ENTER. Replace <ID> with your unique ID.
  • Get-AzureVM -Name DC01 –ServiceName itcservice<ID>
  • Note the value of IPAddress and PowerState. The VM should have a new IP address on your new subnet, and be starting.
  • To test the pending static IP for availability, type the following command (on one line), and then press ENTER.  
    • Test-AzureStaticVNetIP –VnetName ITC-VNet –IPAddress 192.168.11.100
    • The output of True indicates this address is available. An output of false indicates the address is assigned, and will also provide a list of available IP addresses.
  • To assign the desired static IP, type the following command (on one line), and then press ENTER. Replace <ID> with your unique ID. 
    • Get-AzureVM -Name DC01 –ServiceName itcservice<ID> | Set-AzureStaticVNetIP –IPAddress 192.168.11.100 | Update-AzureVM
  • To verify the VM has been configured, type the following command, and then press ENTER. Replace <ID> with your unique ID. 
    • Get-AzureVM -Name DC01 –ServiceName itcservice<ID>
    • Note the value of IPAddress and PowerState. The VM should have the assigned static IP on your new subnet, and be starting.

Before proceeding to the next step you may need to wait for the last operation to complete. Assigning a new IP address forces the VM to restart. Now let’s take a look at where we can configure IP addressing using the New Preview Portal.

While the new portal offers some great enhancements to managing Azure. It is still in preview, while this task will give you a glimpse into the new portal, there is one thing you cannot currently do when setting a static IP address: Setting a separate subnet. You can still do it, but you have to leverage PowerShell.

  1. In the Azure management portal, click on your Account ID e-mail address in the upper right hand corner and click on Switch to new portal. Notice a new tab automatically opens
  2. If prompted for your credentials, enter your ID and password to enter the new portal
  3. On the left hand toolbar in the portal click Browse and scroll to and select Virtual machines
  4. In the Virtual machine list select DC01
  5. In the DC01 journey pane select SETTINGS
  6. In the SETTINGS options select IP addresses
  7. In the IP addresses journey, NOTE that the Private IP address is set to Static. If it hadn’t already been set that way, we could have changed it here.
  8. NOTE that the IP address is 192.168.11.100, **** just as we had set using PowerShell. If we wanted to, we could change it here and click Save up above.

You may now close the new preview portal tab.

Install Active Directory on DC01 using PowerShell

In this task, you will use Windows PowerShell to install and configure Active Directory. To perform this task, you will use Windows PowerShell ISE in administrator mode.

Perform the following tasks on your DC01 Server.

  1. In the Azure management portal, click VIRTUAL MACHINES, click DC01, and then click Dashboard. On the bottom bar, click CONNECT, and then click Open. Click Connect.
  2. When prompted, log on as sysadmin using Passw0rd! as the password. Click yes.
  3. Open a web browser on DC01 to Browse to https://itcmaster.blob.core.windows.net/fy15q3/ADProvisionScriptv2.txt
  4. Click on the text then press CTRL-A to select all text – Then Click CTRL-C to copy it to your clipboard.
  5. NOTE: you can just click OK to any security warnings you get
  6. On DC01, Click Start – type Windows PowerShell ISE, Right click on “Windows PowerShell ISE and select Run as administrator. NOTE: you must run elevated! Select Yes on the User Access Control Popup.
  7. From PowerShell ISE menu select FileNew – Click on line 1 of Untitled1.ps1 and then press CTRL-V to paste in the script.
  8. Press CTRL-A to select all text then press F8 to run the script. DC01 will automatically restart to finish installing AD

After Restart, Login to DC01 to confirm AD and DNS are running on DC01 (Server Manager should list Active Directory) From Tools, you should be able to open DNS and AD Users and Computers)

Create a new database server VM from the Microsoft Azure management portal 

In this task, you will create a database server to run the database portion of the application. This will be a SQL Server Enterprise 2014 VM.  You will leverage one of the many virtual machine images that are located in the virtual machine gallery. Images are used in Azure to provide a new virtual machine with an operating system. An image might also have one or more data disks. Images are available from several sources:

  • Azure offers a gallery of images — recent versions of Windows Server and several distributions of the Linux operating system. Some images also contain applications, such as SQL Server. MSDN Benefit and MSDN Pay-as-You-Go subscribers have access to additional images.
  • The open source community offers images through VM Depot.
  • You can store your own images in Azure, by either capturing an existing Azure virtual machine for use as an image or uploading an image.

Perform the following tasks in the non-preview Azure management portal.

  1. Click NEW (“+”), located at the bottom of the Azure management portal. 
  2. Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY
  3. In Choose an Image, click SQL Server, and
    find and select SQL Server 2014 RTM Enterprise. Click the Next arrow. 
  4. Create a new virtual machine using the values in the following table, and then click the Next arrow. 

Property

Value

VIRTUAL MACHINE NAME

SQL01

TIER

Standard

SIZE

A3

NEW USER NAME

SysAdmin

NEW PASSWORD and CONFIRM

Passw0rd!

  1. On the Virtual machine configuration page, in CLOUD SERVICE DNS NAME, type itcservice<ID> (where <ID> is your unique ID). 
  2. In STORAGE ACCOUNT, select itcstore<ID>
  3. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select ITC-VNet
  4. In VIRTUAL NETWORK SUBNETS select AD-Production-Static (192.168.11.0)/24,
  5. In STORAGE ACCOUNT Select itcstore<ID>
    Then click the Next arrow.  
  6. On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware
  7. Click the Complete icon. 
  • The virtual machine will take a several minutes to create. Depending on the load this may take between 15 and 35 minutes. 
  • You will return to complete the rest of the SQL configuration in an up-coming lab.

Assign a new DNS server and subnet for the virtual network

In this task you will create a new DNS server entry. This entry will be assigned to all computers using DHCP on their next restart, since all VMs use DHCP in Azure, even the ones with “static IPs” as these are technically just DHCP reservations on the VNet. Azure provides automatic routing between subnets on the same virtual network, but automatic name resolution only when machines are in the same Cloud Service.  Though we won’t be doing so in these labs, if we were to add new VMs to the domain, they would have entries in DNS, so that it wouldn’t matter what cloud service they were in. They’d have name resolution through DNS on the Domain Controller.

URGENT NOTE: Please confirm that the creation of the domain is complete on DC01 BEFORE changing DNS. You can do this by looking in Server Manger on DC01, AD DS and DNS should both be listed in the left NAV. If you do not, name resolution will fail

Perform the following tasks in the non-preview Azure management portal

  1. In the Azure management portal, click NETWORKS
  2. Click ITC-VNet
  3. Click CONFIGURE
  4. In dns servers, type DC01, and then in IP ADDRESS, type 192.168.11.100
  5. Click Save.