Windows Azure Pack: How to add and troubleshoot VM Clouds


Hi, folks!

Finally, this is the third and last part of series of posts related with Windows Azure Pack (WAP) and VMM Clouds. Previously we’ve described installation of Windows Azure Pack and Service Provider Foundation. Now it’s time to implement the first cloud service. No doubt the most popular service is VM Cloud. Let’s describe what is it and how to deploy one with WAP.

Requirements

Component Requirement Description
Service Provider Foundation Install and configure Service Provider Foundation The VM Clouds service in Windows Azure Pack uses Service Provider Foundation to communicate with VMM. So, before provisioning VM Clouds
Guide HOW TO
Windows Azure Pack Install and configure Windows Azure Pack Installation guide: Windows Azure Pack
Cloud In the underlying VMM server that is associated with the Service Provider Foundation endpoint, you must have created a cloud and it’s associated components such as VM Templates, Hardware Profiles, VM Networks, Gallery Items For clouds to work with Windows Azure Pack, you must ensure that the clouds are created with the following considerations:

  • You must create a cloud from host groups.
  • You must have already created logical networks that can be associated with the cloud
  • You must have already created a VM library share.
  • You must assign the right amount of capacity to the cloud. The capacity that you assign to the cloud governs the resources that will be available to the tenants while provisioning virtual machines using VM Clouds.
  • You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud. If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.

HOW-TO is described below
Service Provider Foundation service account The Service Provider Foundation service account must be added to the administrator user role in the VMM server See below
VMM RunAsAccount To successfully complete all steps in this mini-guide Create RunAsAccount in VMM and assign Administrator Role

Register SPF in Windows Azure Pack

  1. Log in to WAP admin portal (in my case, https://wapportal.domain.com:30091)

2.Click on VM Clouds and then “Register System Center Service Provider Foundation

wap_spf_1

  1. Type URL for Service Provider and provide required credentials

wap_spf_2

  1. Verify status of SPF registration. It should be the same as shown on the pic below

wap_spf_3

Add SPF Service Account as VMM administrator

  1. Log in to SPF Server, open IIS and note user identity for SPF Pools

spf_service_accouns_apppools_thumb

  1. Open VMM Console and connect to VMM

  2. Go to Security –> User Roles –> Administrator and add SPF Service account to this role

vmm_spf_admin_svc

or use PowerShell:

$UserRole = Get-SCUserRole -Name "Administrator"
Set-SCUserRole -UserRole $UserRole -AddMember Domain\SPFServiceAccount

Create VMM cloud

In this section we create BASIC VMM cloud only for demo purposes.You have to carefully plan/design your cloud components.

  1. Add hosts to host group (VMs and Services –> right click on host group name –> add hyper-v hosts and clusters“) or PS:
#In my case, host group called as All Hosts and 1 member hv01

$runAsAccount = Get-SCRunAsAccount -Name "Administrator"
$hostgroup =  Get-SCVMHostGroup -Name "All Hosts"
Add-SCVMHost -ComputerName "hv01.domain.com" -VMHostGroup $hostgroup -Credential $runAsAccount
  1. Add Logical Network (Fabric –Logical Networks – Add Logical Network).
#Create new logical network
$LogicalNetwork=New-SCLogicalNetwork -Name VM -LogicalNetworkDefinitionIsolation $false -EnableNetworkVirtualization $true -UseGRE $true -IsPVLAN $false
$HostGroup =@()
#Get Host Group
$HostGroup += Get-SCVMHostGroup -Name "All Hosts"
#Add VLAN Subnet ID and IP with netmask
$SubnetVLAN = @()
$SubnetVLAN += New-SCSubnetVLAN -Subnet "10.10.25.0/24" -VLAN 0
#New Definition for logical network VM
New-SCLogicalNetworkDefinition -Name VM -LogicalNetwork $LogicalNetwork -VMHostGroup $HostGroup -SubnetVLAN $SubnetVLAN

sc_vmm_logical_network_1

sc_vmm_logical_network_2

  1. Add Library server if it has not deployed yet (Library –> Library Servers –> Add Library Server)
#Get Library Servers
Get-SCLibraryServer

image

Copy sysprepped vhds to Library (highlight library and click “Import Physical Resource” button) or through PS:

Import-SCLibraryPhysicalResource -SourcePath "path to VHDs" -SharePath "\\libraryFQDN\foldername"

In my demo, I use clean 2012 R2 Std with the latest updates.

  1. Create new cloud (VMs and Services –> Clouds –> New Cloud). Pictures are clickable (see cloud properties from left to right)

Do not forget:  You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud.

If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.

imageimage image

image image  image

image  image image

That’s it . Our demo cloud is ready. But it’s not enough.

Now we need to create VM templates.

Create VM Templates

1.  Add hardware profiles (Library –> Profiles –> right click –> Create Hardware Profiles). I have one pre-created profile with the following properties:

image

Create a few profiles for different VM configurations, if it is necessary.

  1. Go to Virtual Templates – right click and “Create VM Template” , use your sysprepped vhd as a source for VM template

image

Specify Template Name, Generation ID and choose Hardware Profile (it is not required but let’s do it Улыбка).

OS configuration page (my future VMs will be based on 2012 R2 Standard, so you have to verify that the right Operating System is specified):

image

The next step is VMM registration on WAP portal.

Register VMM in WAP

  1. Log in to admin management portal (https://wapportal.domain.com:30091)

  2. Go to VM Clouds –> Clouds and click on “Use an existing virtual machine cloud…”

wap_spf_cloud_1

  1. Type VMM server name and Register

wap_spf_cloud_2

  1. OMG! Look at this…it is my cloud Улыбка

wap_spf_cloud_3

Create WAP Hosting Plan

  1. Go to Plans and click on “Create a new hosting plan”

wap_spf_cloud_4

  1. Devise friendly name for you plan

wap_spf_cloud_5

  1. We want to provide VM Clouds

wap_spf_cloud_6

  1. Just click next

wap_spf_cloud_7

5.Our demo plan is created. Verify that status is green.

wap_spf_cloud_8

  1. Open newly created plan and go to “virtual machine clouds” service

wap_spf_cloud_9

7.Review and change properties (add virtual network, hardware profiles, vm templates) for service

wap_spf_cloud_10 wap_spf_cloud_11wap_spf_cloud_12wap_spf_cloud_13

Thanks to gallery items we have options to create workloads  (Exchange, Lync,SQL and etc) from gallery (just like in Azure). I will describe it my next posts.

Create new user account for WAP

Finally, we have to create user and map him to our plan with VM clouds service

Go to User Accounts and click on “Create a new user”

wap_spf_cloud_14

Type mail for example, password and choose plan. Click on Create

wap_spf_cloud_15

Our demo user (tenant) is created. Now you can access client management portal using this email address and password.

Create demo VM under tenant account

Open in IE https://wapportalfqdn:30081 and sign-in as tenant, then click on Virtual Machines

Standalone –> Quick Create –> choose template, type Name of VM and admin’s password and click on “Create VM Instance

wap_vm_creation_1

Woohooo!  As you can see out tenant successfully created testVM and VM is running.

wap_vm_creation_final

From VMM side (vm creation progress):

wap_cloud_vm_creation_1

User tenants (VMM side):

wap_vmm_user_tenants

How to troubleshoot WAP,SPF,VMM

WAP Troubleshooting:

A ton of information you can find here:

https://technet.microsoft.com/en-us/library/dn554311.aspx

My favorite steps:

image

Additional links:

10 thoughts on “Windows Azure Pack: How to add and troubleshoot VM Clouds”

  1. Pingback: Step-by-step installation of Service Provider Foundation 2012 R2 | UseIT
  2. Pingback: Step-by-step installation of Windows Azure Pack | UseIT

  3. год назад разворачивал это в продакшн. Не считая кривых рук кастомера – все работает до сих пор. Самый затык был с Windows Server Gateway – ему нужен диапазон свободных интернет IP адресов для натирования.
    И недавно был затык с WAP-ADFS федерацией после смены сертификатов (год же прошел). Переподключил – заработало

    Reply

    1. привет. если демо и время позволят, то продвинусь дальше и до adfs и тд. но более интересно gallery items,которые ещё не смотрел.

      Reply

  4. Great article as usual, I have a question that I cant seem to wrap my head around it which it should be pretty simple. When you are registering your SPF within WAP under vmclouds and you use the following user “democorp\spfadmin” where else is the user being specified? Is it a member of the local administrator group to the SPF server or WAP maybe? Reason why I am asking is when I try to register the SPF it only works with my domain admin account, I cant seem to register with any of the service account that I created for SPF. The only thing that I can think of is during the SPF install for the “Admin web service, Provider web service, web service” configuration page I specified my domain account but I created three different service account for each of the Application pool credentials via service account, maybe I should of added the service account that I am trying to use “svc-spfreg” to each of the configuration page of SPF along with my domain admin account.

    Thoughts?

    Keep up the excellent articles.
    Cheers

    Reply

        1. Hello rlevchenko,

          So I ended up getting the service account to work with registering the SPF to WAP however I do find something weird and it will be great if you can clear this up for me. In this article you stated that you need to “ADD the SPF Service Account as a VMM administrator” the account you used for this is Domain\SPFService, I understand that part but what I don’t get is in your earlier Article 1: SPF installation, you mentioned “It is recommend to create to create new domain accounts for every SPF services instead of using Network Service Account”. So for Admin web service, Provider web service and Usage web service all have there own service account but than in this article I can see that within your IIS, application Pools the identity of Provide, Usage and VMM is using the same service account maybe this image was reused? Never the less I just want to confirm this new SPF Service Account is it a new account that has been created just to be added to the VMM administrator and if so what its purpose and does this account need to be the service account that the SPF Provider, Usage and VMM is using?

          Oh and I will be purchasing your book for sure, keep up the good work.

          Reply

          1. Is it PM that you sent me?:)

            1 account was used just for simplifying deployment in my demo. Best practice – diff.accounts for each SPF service/app.pool, and there are only some of them should be added to the VMM Administrators group. SPF accounts (pools’ identities) must also have local administrator rights on SPF server + belong to the relevant groups created during SPF installation (they are all comes with SPF_ prefix). PM me (https://rlevchenko.com/contact-me/) and I will send you a simple script that prepares SPF’s pool identities for integration with WAP.

            Reply

Leave a comment