Hands-on Lab: Build and Manage a Dev/Test Server Farmin the Cloud using Windows Azure Infrastructure Services
Windows Azure Infrastructure Services provides cloud-based storage, virtual networks and virtual machines that can be provisioned on-demand to support lab, pilot or production application workloads.
In this Hands-on Lab, you’ll build a functional Dev/Test lab environment that includes Active Directory, SQL Server and SharePoint Server 2013 virtual machines on a common virtual network running on the Windows Azure cloud platform, as depicted in blue in the figure below.
You’ll be leveraging a Windows Azure FREE Trial Subscription program to build this cloud-based lab environment for development and test lab purposes.
As you provision this lab environment, you’ll gain hands-on experience with the following management tools:
- Windows Azure Management Portal
- Windows PowerShell and the Windows Azure PowerShell Module
- System Center 2012 R2 App Controller
- System Center 2012 R2 Orchestrator
After completing this hands-on lab document, you will be able to easily extend this lab environment with additional virtual machines if load-balancing and high availability are needed.
Lab Requirements
The following components are required to successfully complete this Hands-on Lab:
- A modern web-browser with HTML5 and Javascript enabled
- Remote Desktop Client connection software
- Internet connectivity
Lab Conventions
In this lab, we’ll be using a naming convention of XXXlabYYY01for some cloud resources, where XXX will be replaced with your unique initials and YYY will be replaced with an abbreviation representing the function of a virtual machine or Windows Azure configuration component, such as ad, db or web.
Let’s Get Started!
In this step-by-step lab guide, you will learn how to:
1)Get Started with Windows Azure Infrastructure Services
2)Register a DNS Server in Windows Azure
3)Define a Virtual Network in Windows Azure
4)Configure Windows Server Active Directory in a Windows Azure VM
5)Configure SQL Server 2012 in a Windows Azure VM
6)Configure SharePoint Server 2013 in a Windows Azure VM
7)Provision Virtual Machines via Windows PowerShell for System Center 2012 R2
8)Manage Windows Azure with System Center 2012 R2 App Controller
9)Automate Windows Azure with System Center 2012 R2 Orchestrator
10)Shutdown the On-demand Dev/Test Lab Environment
Estimated time to complete: 3 hours
COMPLETING LAB EXERCISES … This Hands-on Lab Guide provides flexibility when completing exercises. If you are interested in provisioning SharePoint as part of your Dev/Test lab environment on Windows Azure, you can complete the exercises in the order written. However, if you are more interested in managing Windows Azure with System Center 2012 R2, you can complete Exercises 1-5 and then skip to Exercises 7-9. You can complete Exercise 6 later, as time permits.
POWERSHELL BEGINNER? Some of the steps in this Hands-on Lab require typing PowerShell command lines. If you’re new to PowerShell, we’ve made it easy to copy/paste these command lines into the appropriate virtual machine by providing a set of PowerShell snippets for these lab exercises. You can access these snippets at from the browser on your local PC.
BEFORE LEAVING TODAY … be sure to complete Exercise 10 to shut down all running Windows Azure virtual machines to avoid continuing virtual machine compute charges.
Exercise 1: Get Started with Windows Azure Infrastructure Services
In this exercise, you will activate a free Windows Azure Trial Subscription and then setup two components that will be needed for the other exercises in this lab: a Windows Azure Affinity Group and a Windows Azure Storage Account.
1)Sign-up for your FREE Windows Azure Trial Account.
Sign-up for a FREE trial of Windows Azureat that you can follow along with the steps in this Hands-on Lab.
When signing up for a Free Trial subscription, you will be prompted to login with Microsoft Account (formerly Windows Live ID) credentials. If you do not have valid Microsoft Account credentials, you may create new credentials at
Note: During the Free Trial sign-up process, you will be asked for credit card information to confirm that you are a legitimate free trial subscriber. Your credit card information is only used to confirm your identity and you will NOT be charged for any Windows Azure services unless you explicitly convert your trial subscription to a paid subscription at a later date.
2)Login to the Windows Azure Management Portal.
Login to the web-based Windows Azure Management Portalat the same logon credentials you used to sign-up for the FREE Trial above.
Once you’ve logged in, you should see the main Windows Azure Management portal dashboard.
On the blue side navigation bar of the Windows Azure Management Portal, you’ll find the options for managing Virtual Machines, Virtual Networks, Storage and Settings in the cloud. These are the items we’ll be primarily working with in this hands-on lab.
TIP!You may need to scroll the blue side navigation bar up and down to see all of the options.
3)Define a new Windows Azure Affinity Group.
Affinity Groups in Windows Azure are used to group your cloud-based services together, such as Virtual Machines, Virtual Networks and Storage, in order to achieve optimal performance.When you use an affinity group, Windows Azure will keep all services that belong to your affinity group running within a common cluster of resourcesin the same datacenter region to reduce latency and increase performance.
a)Create a new Affinity Group by selectingSettings from the blue side navigation bar in the Windows Azure Management Portal.You may need to scroll the blue side navigation bar down to see this selection.
b)On theSettings page, select theAffinity Groupstab on the top navigation bar.
c)Click the +ADD button on the bottom navigation bar.
d)On the Create Affinity Group form, enter the following details:
Name: Enter a unique name for your new Affinity Group, such as labag01
Region: Select your closest Windows Azure datacenter sub-region.
Click the button to create a new Affinity Group.
4)Create a new Windows Azure Storage Account.
Virtual Machines that are provisioned in Windows Azure are stored in the world-wide cloud-based Windows Azure Storage service. In terms of high availability, the Storage service provides built-in storage replication capability – where every VM is replicated to three separate locations within the Windows Azure data center region you select. In addition, Windows Azure Storage provides a geo-replication feature for also replicating your VMs to a remote data center region.
a)Create a new Storage account by clicking the +NEW button on the bottom toolbar in the Windows Azure Management Portal and then select Data Services | Storage | Quick Create.
b)Complete the following fields for creating your Storage account:
URL: Enter a globally unique DNS hostname for your new storage account, such as XXXlabstor01 (where XXX is replaced with your initials)
Region/Affinity Group: Select the Affinity Group you created in Step 3 above.
Replication: Ensure that the Geo-Redundant option is selected.
Click the CREATE STORAGE ACCOUNT button to create your new Windows Azure Storage account.
Exercise 2: Register a DNS Server in Windows Azure
Register the internal IP address that our domain controller VM will be using for Active Directory-integrated Dynamic DNS services by performing the following steps:
1)Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2)Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
3)Click the +NEW button located on the bottom navigation bar and select
Networks | Virtual Network | Register DNS Server.
4)Complete the DNS Server fields as follows:
NAME: Enter a unique name for the new DNS Server information, such as labdns01
DNS Server IP Address: 10.0.0.4
5)Click the REGISTER DNS SERVER button.
Exercise 3: Define a Virtual Network in Windows Azure
Define a common virtual network in Windows Azure for running Active Directory, Database and SharePoint virtual machines by performing the following steps:
1)Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2)Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
3)Click the +NEW button located on the bottom navigation bar and select
Networks | Virtual Network | Quick Create.
4)Complete the Virtual Network fields as follows:
NAME: Enter a unique name for the new Virtual Network, such as labnet01
Address Space: 10.---.---.---
Maximum VM Count: 4096 [CIDR: /20]
Affinity Group: Select the Affinity Group defined in Exercise 1 above.
DNS Server: Select the DNS Server registered in Exercise 2 above.
5)Click the CREATE A VIRTUAL NETWORK button.
Exercise 4: Configure Windows Server Active Directory in a Windows Azure VM
Provision a new Windows Azure VM to run a Windows Server Active Directory domain controller in a new Active Directory forest by performing the following steps:
1)Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free Windows Azure Trial.
2)Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
3)Click the +NEW button located on the bottom navigation bar and select
Compute | Virtual Machine | From Gallery.
4)On the Choose an Imagepage, select Windows Server 2012 R2 Datacenter and click the button.
5)On the Virtual machine Configuration page, complete the fields as follows:
Version Release Date: Select the latest version release date to build a new VM with the latest OS updates applied.
Virtual Machine Name: labad01
Size: Small (1 core, 1.75GB Memory)
New User Name:AzureAdmin
New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
Record the password you entered here: ______.
Click the button to continue.
TIP! It is suggested to use secure passwords for Administrator users and service accounts, as Windows Azure virtual machines could be accessible from the Internet knowing just their DNS. You can also read this document on the Microsoft Security website that will help you select a secure password:
6)On the Virtual machine Configurationpage, complete the fields as follows:
Cloud Service: Create a new cloud service
Cloud Service DNS Name: Enter a globally unique DNS name for the new cloud service, such as XXXlabad.cloudapp.net
Region/Affinity Group/Virtual Network: Select labnet01 – the Virtual Network defined in Exercise 3 above.
Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
Storage Account: Select the Storage Account defined in Exercise 1 above.
Availability Set: Create an availability set
Availability Set Name: Enter a name for the new availability set, such as labad.
Click the button to continue.
7)On the Virtual Machine Configuration - Endpointspage, click the button to accept the default firewall endpoint values and begin provisioning the new virtual machine.
As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning). When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.
8)After the new virtual machine has finished provisioning, click on the name (labad01)of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
9)On the virtual machineDashboard page for labad01, make note of the Internal IP Address displayed on this page located on the right-side of the page. This IP address should be listed as 10.0.0.4.
TIP!If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly. In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for labad01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
10)On the virtual machineDashboard page for labad01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.
Logon at the console of your virtual machine with the local Administrator credentials as follows:
User name: labad01\AzureAdmin
Password: Enter the password recorded in Step 5 above.
11)From within the Remote Desktop session for labad01, install the Active Directory Domain Services role and promote this server to a domain controller in a new Active Directory forest.
This task can be performed in two different ways: (1) by using the Add Roles and Features wizard in the Server Manager tool or (2) via the Active Directory PowerShell cmdlets. To reduce the time required to complete this task in this lab, you’ll be using PowerShell to complete this task.
a)From the Server Manager tool, click on the Tools menu in the top-right menu bar and select Windows PowerShell ISE.
b)In the Administrator: Windows PowerShell ISE window, run the following cmdlets:
Set-DnsClient –InterfaceAlias "Ethernet*"`
–ConnectionSpecificSuffix contoso.com
Install-WindowsFeature AD-Domain-Services –IncludeManagementTools
Install-ADDSForest –DomainName contoso.com
c)When prompted for the SafeModeAdministratorPassword, enter and confirm the same password recorded in Step 5 above.
d)When prompted with Do you want to continue with this operation, press Enter to accept the default answer.
e)A new Active Directory Domain Services forest will be configured. After labad01 restarts, continue with the next step.
12)On the virtual machineDashboard page for labad01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.
Logon at the Remote Desktop console of your virtual machine with the domain Administrator credentials as follows:
User name:
Password: Enter the password recorded in Step 5 above.
13)From within the Remote Desktop session for labad01, create user accounts in Active Directory that will be used when installing and configuring SharePoint Server 2013 and System Center 2012 R2 later in this hands-on lab:
CONTOSO\sp_farm – SharePoint Farm Data Access Account
CONTOSO\sp_serviceapps – SharePoint Farm Service Applications Account
CONTOSO\sc_admin – System Center Service Account
This task can be performed in two different ways: (1) by using the Active Directory Users and Computers tool located in the Server ManagerTools menu or (2) via the Active Directory PowerShell cmdlets. To reduce the time required to complete this task in this lab, you’ll be using PowerShell to complete this task.
a)From the Server Manager tool, click on the Tools menu in the top-right menu bar and select Windows PowerShell ISE.
b)In the Administrator: Windows PowerShell ISE window, run the cmdlets provided below. When prompted to Provide New Password, enter the password recorded in Step 5 above.
$newPassword = (Read-Host -Prompt "Provide New Password" `
-AsSecureString)
New-ADUser -Name sp_farm -AccountPassword $newPassword`
-ChangePasswordAtLogon $False -PasswordNeverExpires $True`
–Enabled $True
New-ADUser -Name sp_serviceapps -AccountPassword $newPassword`
-ChangePasswordAtLogon $False -PasswordNeverExpires $True`
–Enabled $True
New-ADUser -Name sc_admin -AccountPassword $newPassword`
-ChangePasswordAtLogon $False -PasswordNeverExpires $True`
–Enabled $True
Add-ADGroupMember -Identity "Domain Admins" -Members "sc_admin"
c)After the new Active Directory users are created, close the Administrator: Windows PowerShell ISEwindow and continue with the next step.
14)From within the Remote Desktop session of labad01, disable Internet Explorer Enhanced Security Configuration (ESC).
a)In the Server Manager tool, click on Local Server in the left navigation pane and select IE Enhanced Security Configuration.
b)Turn off enhanced security for Administrators and click the OK button.
Note: Modifying Internet Explorer Enhanced Security configurations is not good practice for production environments and is only performed for the purpose of this particular hands-on labguide.
15)From within the Remote Desktop session for labad01, download the installation bits for System Center 2012 R2. You’ll be using these installation bits later in this hands-on lab.
a)Create a new folder named C:\Installs
b)Click the Start button and launch Internet Explorer from the Start screen.
c)From within Internet Explorer, browse to
d)Click the Get Started Now button to begin the download process.
e)Login with your Microsoft account and complete the download registration form.
f)When prompted to install theAkamai Netsession Interface download tool, scroll down inside the dialog box and click If you cannot complete the installation, click here.
g)Click the OK button to use an alternate download method.
h)In the Downloading Files list located on the top-right of the web page, scroll inside the list box and download the following files to the C:\Installs folder:
- SC2012_R2_SCAC.exe
- SC2012_R2_SCO.exe
- SC2012_R2_SCVMM.exe
Once the download of the last file has begun,continue with the next exercise while the process completes in the background.
Exercise 5: Configure SQL Server 2012 in a Windows Azure VM
Provision a new Windows Azure VM to run SQL Server 2012 by performing the following steps: