Docstoc

Lab

Document Sample
Lab Powered By Docstoc
					Hands-On Lab
Connecting Apps with Windows Azure
Connect
Lab version:    1.0.0
Last updated:   12/11/2011




                                     Page | 1
Contents

OVERVIEW ................................................................................................................................................... 3

EXERCISE 1: CONNECTING AN AZURE WEB ROLE TO AN EXTERNAL SQL SERVER DATABASE
WITH WINDOWS AZURE CONNECT ......................................................................................................... 6
       Task 1 - Configuring the Application to run in Windows Azure with Windows Azure Connect ........... 6
       Task 2 - Installing Windows Azure Connect Endpoint Software in Your External Machine to Enable
       Windows Azure Connect ..................................................................................................................... 17
       Task 3 - Configuring Microsoft SQL Server Express for Remote Access.............................................. 22
       Task 4 - Managing Windows Azure Connect Groups .......................................................................... 30
       Verification .......................................................................................................................................... 35

SUMMARY .................................................................................................................................................. 37




                                                                                                                                                    Page | 2
Overview
To enable IP-level network connectivity between Azure services and external resources, Windows Azure
Connect can be used. The underlying connectivity model that supports this is quite flexible. For example,
you can use Windows Azure Connect to setup networking between arbitrary groups of machines that
are distributed across the internet in a very controlled and secure manner.
The following diagram illustrates the key elements of the Windows Azure Connect model.




Windows Azure Connect creates a logical “virtual network” which can contain two types of entities:
Azure Role groups and Machine groups.


       Role groups map to Azure roles, which have been enabled for Windows Azure Connect. Only the
        Azure VM instances for a role are members of a role group – the admin cannot manually add or
        remove members. Windows Azure Connect automatically manages the membership of role
        groups – if you add or remove role instances, Windows Azure Connect will track this and update
        the role group membership appropriately.



                                                                                                Page | 3
       Machine groups are admin-defined collections of external machines, which have been enabled
        for Windows Azure Connect through installation of the Windows Azure Connect Endpoint
        Software. An external machine can belong to at most one machine group.


Connectivity within the Windows Azure Connect virtual network is based on the following rules:
       A role group can be “linked” to a machine group – this enables connectivity between the
        members of those groups. A role group can be linked to multiple machine groups – e.g. you
        could have an Azure web role that is connected to your “My Servers” and “My Laptops”
        machine groups as shown in the diagram above.

       Members of a role group (the Azure VM instances) do not have connectivity with each other. In
        addition, a role group cannot be linked to another role group. These limitations are intentional
        – the Azure service model controls connectivity between roles and the Azure runtime supports
        connectivity between role instances. We did not want the Windows Azure Connect model to
        interfere with this behavior.
       Machine groups can be linked, as mentioned above, to role groups. Machine groups can also be
        linked to other machine groups to enable connectivity between members of those groups.
       Links are not transitive from a connectivity perspective. For example, suppose Group A is linked
        to Group B, and Group B is linked to Group C. Machines in Group A can communicate with those
        in Group B, and machines in Group B can communicate with those in Group C. However,
        machines in Group A cannot communicate with those in Group C.

       A machine group has an “interconnected” property – if it is set to true, then all members of that
        group can communicate with each other. If it is set to false, then communication between the
        members is not allowed.
       It is important to note that Windows Azure Connect does not affect or interfere with a
        machine’s existing network connectivity.




Objectives
In this hands-on lab, you will learn how to:

           Provision a Windows Azure Connect service and associate it with your Azure subscription.
           Setup network connectivity between Azure Roles and external machines.




                                                                                                 Page | 4
Prerequisites
The following is required to complete this hands-on Lab:
       Microsoft .NET Framework 4

       Microsoft Visual Studio 2010
       IIS 7 (with ASP.NET)

       Windows Azure Tools for Microsoft Visual Studio 2010 1.5
       SQL Server 2008 R2 Express Edition or higher
       SQL Server Management Studio 2008 R2 Express Edition or higher



Setup
In order to execute the exercises in this hands-on lab you need to set up your environment.
     1. Open a Windows Explorer window and browse to the lab’s Source folder.
     2. Double-click the Setup.cmd file in this folder to launch the setup process that will configure
        your environment.
     3. If the User Account Control dialog is shown, confirm the action to proceed.


 Note: Make sure you have checked all the dependencies for this lab before running the setup.




Exercises
This hands-on lab includes the following exercise:
    1. Connecting an Azure Web Role to an External SQL Server Database with Windows Azure
       Connect


Estimated time to complete this lab: 60 minutes.

 Note: When you first start Visual Studio, you must select one of the predefined settings collections.
 Every predefined collection is designed to match a particular development style and determines
 window layouts, editor behavior, IntelliSense code snippets, and dialog box options. The procedures in
 this lab describe the actions necessary to accomplish a given task in Visual Studio when using the
 General Development Settings collection. If you choose a different settings collection for your


                                                                                                 Page | 5
 development environment, there may be differences in these procedures that you need to take into
 account.




Exercise 1: Connecting an Azure Web
Role to an External SQL Server Database
with Windows Azure Connect
In this exercise, you will setup network connectivity between a simple Web Role and your local machine.
The Web Site used for sample purposes in this exercise will leverage Windows Azure Connect and
connect to your local SQL Server instance to retreive a list of customers that will be shown in a simple
table within the site.


Task 1 - Configuring the Application to run in Windows Azure with Windows Azure Connect
To use Windows Azure Connect to connect external resources with your Azure service, you need to
enable one or more of its roles. You do this by provisioning the role with the Connect plug-in that is part
of the Windows Azure SDK v1.5 release. Only roles of the service provisioned with the Connect plug-in
will be able to connect to external resources.
    1. In order to make the Azure Web Role be able to connect with the database using SQL Server
       credentials, open SQL Server Management Studio and connect to the local SQL Server (i.e.
       .\sqlexpress).
    2. Right click in the server node and select Properties.
    3. Select Security and make sure SQL Server and Windows Authentication mode is selected.




                                                                                                   Page | 6
   Figure 1
   SQL Server Properties - Security


4. Click OK button.
5. Restart the SQL Server instance in order to make previous configuration change to take effect.




                                                                                          Page | 7
   Figure 2
   Restart SQL Server


   6. Execute the CreateDatabase.cmd script located in the \Source\ Setup\Scripts folder.

     Note: In order to continue the exercise make sure you executed the setup.cmd as mentioned
     in the Setup section of this lab.



7. Open Visual Studio 2010 as an administrator. Go to File | Open | Project menu and select the
   Begin.sln located in \Source\Ex1-ConnectingToExternalSQL\Begin folder of the lab.
8. Press F5 key to run the application.
9. Notice in the connection information panel that the application is connected to the local SQL
   Server SQLEXPRESS instance.




                                                                                           Page | 8
   Figure 3
   Application running locally


10. Navigate to http://windows.azure.com.
11. Click Virtual Network link on Windows Azure Platform left pane. This are the contents related
    to Windows Azure Connect.




                                                                                           Page | 9
   Figure 4
   Clicking Virtual Network


12. Click {your-service-subscription-name} node located under Connect node on the upper side of
    left pane.
13. Click Ok on Enable Windows Azure Connect popup. This popup appears only the first time you
    need to enable Windows Azure Connect with the current subscription.




   Figure 5
   Enabling Windows Azure Connect
                                                                                       Page | 10
14. Once enabled, click Close on Enable Windows Azure Connect popup.




   Figure 6
   Windows Azure Connect enabled


15. Click {your-service-subscription-name} node to expand and see Windows Azure Connect
    information. To do this, click Connect node on the upper side of the left pane.




   Figure 7
   Reviewing Windows Azure Connect information



                                                                                    Page | 11
16. Click the “Get Activation Token” button. You will retrieve the “client activation token” for your
    Windows Azure service.




   Figure 8
   Getting Activation Token


17. Click Copy Token to Clipboard button on Get Activation Token for Windows Azure Roles popup
    to configure your Windows Azure Service.




   Figure 9
   Copying Client Activation token
                                                                                            Page | 12
18. Click Yes if Microsoft Silverlight ask you to allow clipboard access.




   Figure 10
   Allowing Silverlight access clipboard


19. Click Ok to close the Get Activation Token for Windows Azure Roles popup.




   Figure 11
   Closing popup


20. Go back to Visual Studio 2010. Under the CustomerSearch project, open the
    CustomersWebRole settings and select the Virtual Network tab. Ensure that the option labeled
    Activate Windows Azure Connect is selected. Paste from the clipboard the token you have
    copied in the previous step.




                                                                                       Page | 13
   Figure 12
   Filling Virtual Network tab


21. Press Ctrl-S to save config file.
22. Open the Web.config file for the CustomersWebRole project to update the SQL connection
    string. Find the CustomersEntities connectionString, and replace the .\SQLEXPRESS value in the
    Data Source attribute to {your-machine-name}\SQLEXPRESS,1433. The number 1433 in the
    attribute represents the port number. The following snippet show the result after applying the
    update, assuming that your machine name is “YourMachine” (replace this value with your
    machine mane):

     Note: To retrieve your computer’s name by going to Start, right-click on Computer and select
     Properties. The computer name will be displayed in the middle of the Properties window.




   XML
      <connectionStrings>
        ...

       <add name="CustomersEntities"
   connectionString="metadata=res://*/Customers.csdl|res://*/Customers.ssdl|res://*/C
   ustomers.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data
   Source=YourMachine\SQLEXPRESS,1433;Initial Catalog=Customers;Persist Security
   Info=True;User ID=labUser;Password=Passw0rd!;MultipleActiveResultSets=True&quot;"
   providerName="System.Data.EntityClient" />

      </connectionStrings>




                                                                                         Page | 14
     Note: Once you deploy the application to Windows Azure, the Web Role will connect to the
     SQL Server running in your machine through the machine name. That is the reason why you
     need to change the .\SQLExpress value to use explicitly your machine name. Notice also that
     you need to explicitly specify the default port as part of the data source because the
     connection will be set using TCP/IP as the protocol.



23. You need to deploy the solution to Windows Azure. You can deploy the application using the
    Windows Azure Tools for Visual Studio, or create a service package and use the portal to deploy
    it. For more information on deployment options, see the “Windows Azure Deployment” hands-
    on lab.
24. Once the deployment completed successfully you should see information about the roles in
    Virtual Network. To do this, click Connect node on the left pane.




   Figure 13
   Roles information


25. Click Hosted Services, Storage Account CDN link on the left pane to review your role
    information. If Hosted Services is not already selected, click Hosted Services to select it.




                                                                                              Page | 15
   Figure 14
   Selecting Compute, Storage & CDN


26. Click your service located on the center pane to review your service information. Once selected,
    click the DNS Name link on the right pane. This opens the published Web site.




   Figure 15
   Clicking on Web Site URL


27. Verify that the application is running in Windows Azure, without being able to connect to the
    external SQL server machine. You should see an exception saying that the connection to SQL
    Server could not be established.




                                                                                          Page | 16
       Figure 16
       Application running in Azure, showing an exception saying that the connection to SQL Server
       could not be established



Task 2 - Installing Windows Azure Connect Endpoint Software in Your External Machine to Enable
Windows Azure Connect
    1. Click back on Virtual Network.
    2. Click the Install Local Endpoint button.




       Figure 17
       Getting Install link


    3. Click Copy Link to Clipboard button on the Install Windows Azure Connect Endpoint Software
       popup.

                                                                                             Page | 17
   Figure 18
   Client Installation Link


4. Click Yes if Microsoft Silverlight ask you to allow clipboard access.




   Figure 19
   Allowing Silverlight access clipboard


5. Click Ok to close the popup.
6. Paste the copied link in the Internet Explorer navigation bar and press enter to download the
   client.
7. Click Run button to install the Windows Azure Connect Endpoint software.




                                                                                         Page | 18
   Figure 20
   Downloading the Windows Azure Connect Endpoint software


8. Click Run button in the Security Warning dialog.
9. Click Yes button if the UAC dialog appears.
10. Follow the steps in the Windows Azure Connect Endpoint software installation wizard.




                                                                                           Page | 19
   Figure 21
   Windows Azure Connect Endpoint software installation wizard


11. To verify that the Windows Azure Connect Endpoint software installed successfully, right click
    the icon in the tray.




   Figure 22
   Windows Azure Connect Endpoint software icon


12. Click Open Windows Azure Connect.




                                                                                           Page | 20
   Figure 23
   Windows Azure Connect Endpoint software context menu


13. The Windows Azure Connect dialog box will show the current status.




   Figure 24
   Windows Azure Connect status



     Note: In case you cannot get Windows Azure Connect endpoint configured check the Windows
     Service “IKE and AuthIP IPsec Keying Modules” is running.



14. We are able to create groups. To do this, go back to browser. Click Virtual Network on left
    pane.
15. Once the Windows Azure Connect Endpoint software is running locally, our external machine is
    shown in the center pane. To review this, click Groups and Roles node on the left pane.




   Figure 25

                                                                                           Page | 21
       Windows Azure Connect, your external machine added



Task 3 - Configuring Microsoft SQL Server Express for Remote Access
Microsoft SQL Server Express needs to be accessible from the machines in our local network. If your SQL
Server Express instance is already enabled for remote access, you will notice that many of the
instructions below are not necessary, in either case, we recommend you go through the steps below to
confirm.
    1. To enable remote connections, Open SQL Server Management Studio and connect to the local
       SQL Server.
    2. Right click in the server node and select Properties.
    3. Select Connections and make sure Allow remote connections to this server option is checked.




       Figure 26
       Server Properties - Connections
                                                                                              Page | 22
4. Open SQL Server Configuration Manager.
5. Make sure the SQL Server Browser service is disabled or stopped.




   Figure 27
   SQL Server Browser stopped


6. Enable TCP/IP Protocol in the SQL Server Network Configuration / Protocols for SQLEXPRESS.




   Figure 28
   Enabling TCP/IP protocol


7. Edit TCP/IP protocol Properties. Select the IP Addresses tab. Scroll to the bottom of the form
   until you locate the IP All entry, and make sure the TCP Dynamic Ports is set to blank. Then set
   the TCP Port to 1433.




                                                                                           Page | 23
   Figure 29
   TCP/IP Protocol properties



     Note: The SQL Browser service is only required when using dynamic ports for remote
     connections, in our scenario, we simply want to expose the default TCP port: 1433. The benefit
     of having this service running is that users connecting remotely do not have to specify the port
     in the connection string, but on the other hand, it is a security best practice to not run the SQL
     Browser service as it reduces the attack surface area by eliminating the need to listen on a
     UDP port.



8. Click OK.
9. Restart the SQL Service. To do this right click SQL Server and click Restart.




                                                                                             Page | 24
   Figure 30
   SQL Server service running


10. To allow TCP connections to go throw the firewall we need to add a new rule. Open Windows
    Firewall with Advanced Security.
11. Select Inbound Rules. Create a New Rule.




   Figure 31
   Windows Firewall – Inbound Rules – New Rule


12. In the New Inbound Rule Wizard select Port for the rule type.




                                                                                      Page | 25
   Figure 32
   New Inbound Rule Wizard – Rule Type step


13. Set the TCP port to 1433.




                                              Page | 26
   Figure 33
   New Inbound Rule Wizard – Protocols and Ports step


14. Select Allow the Connection in the Action step.




                                                        Page | 27
   Figure 34
   New Inbound Rule Wizard – Action step


15. Apply the rule to all the profiles in the Profile step.




                                                              Page | 28
   Figure 35
   New Inbound Rule Wizard – Profile step


16. Set the name to SQLPort in the Name step and click Finish.




                                                                 Page | 29
        Figure 36
        New Inbound Rule Wizard – Name step



Task 4 - Managing Windows Azure Connect Groups
To allow access between the external machines and the Windows Azure Roles a group linking the Azure
Roles and the external machines should be created. The following steps are the instructions to do this.
    1. Go back to the browser. Click Virtual Network link on left pane.
    2. Click Create Group button.




                                                                                              Page | 30
   Figure 37
   Creating a Group


3. In the Create a New Endpoint Group popup add a Group Name, a Description, and optionally
   check Allow connections between endpoints in group to enable connectivity between external
   machines of the group.




   Figure 38
   Filling Create a New Endpoint Group popup


                                                                                    Page | 31
4. Click Add button on Connect from.




   Figure 39
   Adding local endpoints


5. Select your local endpoint from the available endpoints.




   Figure 40

                                                              Page | 32
   Adding local endpoints


6. Click Ok button.
7. Click Add button on Connect to.




   Figure 41
   Adding Azure roles


8. Select your roles from the available groups and roles.




                                                            Page | 33
   Figure 42
   Adding Azure roles


9. Click Ok button to close popup.
10. Click Create button in order to create a new endpoint group.




   Figure 43

                                                                   Page | 34
        Creating a new endpoint group


    11. Your new group is now set. Make sure the new group policies were updated in the external
        machine. To do this, right click the Windows Azure Connect endpoint software Refresh Policy
        the tray.




        Figure 44
        Refreshing local policies


    12. Once the policies are updated, Open Windows Azure Connect and verify you are in an endpoint
        group.




        Figure 45
        Local status



Verification
At this point, you should have network connectivity between the Azure Role and your local machine.
Let’s run the application again and verify this by repeating the steps used in task 1.
    1. Click Hosted Services, Storage Account & CDN link on the left pane to review your role
       information.




                                                                                            Page | 35
   Figure 46
   Selecting Compute, Storage & CDN


2. Click your service located on the center pane to review your service information. Once selected,
   click the DNS Name link to navigate to the Web role.




   Figure 47
   Clicking on Web Site URL


3. We can verify that our application is running in Windows Azure, and retrieving the date from
   the external SQL server machine.




                                                                                         Page | 36
       Figure 48
       Application running in Azure with Windows Azure Connect



         Note: Take into account that the endpoint may take several minutes to be added to the new
         group. You will get “the underlying provider failed to open” errors until the endpoint is ready.



Summary
In this lab, you have learned how to establish network connectivity between an Azure Web Role and an
external SQL Server machine. By using Windows Azure Connect, you enabled IP-level network
connectivity between Azure services and external resources.




                                                                                                Page | 37

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:14
posted:12/11/2011
language:English
pages:37