Windows Azure Pack Azure Pack Guide Page 2 of 111 Table of Contents Architecture ..... 6...
-
Upload
nguyenkiet -
Category
Documents
-
view
213 -
download
0
Transcript of Windows Azure Pack Azure Pack Guide Page 2 of 111 Table of Contents Architecture ..... 6...
Windows Azure Pack Guide Page 1 of 111
Windows Azure Pack for
Windows Server 2012 R2
Windows Azure Pack Guide Page 2 of 111
Table of Contents Architecture ......................................................................................................................................... 6
Architecture layers .............................................................................................................................. 7
Windows Azure Pack and System Center ........................................................................................ 8
Windows Azure Pack Customization and Extensibility Capabilities ............................................. 8
Partner Solutions ................................................................................................................................ 9
For More Information: ............................................................................................................................ 9
Windows Azure Pack - Installing & Configuring Series. .............................................................. 10
Scenario: ............................................................................................................................................. 10
Pre-requisites. ................................................................................................................................... 12
Installing Windows Azure Pack: .............................................................................................................. 12
Validating the installation succeeded: ............................................................................................... 15
Configuring VMM and SPF ...................................................................................................................... 16
Virtual Machine Manager (VMM) High Level Configuration .......................................................... 16
Service Provider Foundation High Level Configuration .................................................................. 18
Add a local user to SPF_ local groups ............................................................................................ 18
Verify that the SPF Web Service is running under the right user credentials ........................... 19
Configuring the Windows Azure Pack ................................................................................................... 19
Configuring VM Clouds Resource Provider in the Windows Azure Pack ...................................... 19
Configure SQL Servers Resource Provider in Windows Azure Pack .............................................. 21
Configuring a Plan in Windows Azure Pack ...................................................................................... 22
Configure a Admin Account and a subscription in Windows Azure Pack .................................... 24
Login as a Tenant and provision a VM and SQL Database to a Cloud. ............................................. 25
Reconfigure portal names for Windows Azure Pack ........................................................................... 30
Create a DNS record for the new portals. ......................................................................................... 31
Use trusted certificates for the Windows Azure Pack .......................................................................... 31
Install a CA Server ................................................................................................................................. 32
Configure CA Server ............................................................................................................................. 32
Change WEB Sites to use Certificate .................................................................................................. 33
Issue Certificate for the WAP Admin Portal .................................................................................. 33
Change ports and certificates for the WAP Admin Portal ............................................................... 35
Windows Azure Pack Guide Page 3 of 111
Change ports and certificates for the WAP Tenant Portals ............................................................ 35
Update Windows Azure Pack with the new settings ........................................................................... 36
Updating the Windows Azure Admin Portal ..................................................................................... 36
Updating the Windows Azure Tenant Portal .................................................................................... 38
Verify the WAP modification works. ....................................................................................................... 39
Summary .................................................................................................................................................... 40
Scenario ..................................................................................................................................................... 42
Personas ..................................................................................................................................................... 42
Assumptions and Scope .......................................................................................................................... 43
Enabling the AD FS Role .......................................................................................................................... 43
Configuring the AD FS server .................................................................................................................. 45
Scenario ..................................................................................................................................................... 52
Personas ..................................................................................................................................................... 52
Scope .......................................................................................................................................................... 53
Federating AD FS with WAP .................................................................................................................... 53
AD FS Configuration ............................................................................................................................. 54
WAP Configuration ............................................................................................................................... 68
Scenario ..................................................................................................................................................... 71
Personas ..................................................................................................................................................... 72
Assumptions and Scope .......................................................................................................................... 72
Overview of Scenario ............................................................................................................................... 72
Establish trust between Contoso's AD FS and WAP Tenant Portal .................................................... 74
Adding a WAP Tenant Portal as a Relying Party to Contoso's AD FS ........................................... 74
Adding Contoso's AD FS as a Claims Provider to the Tenant Portal ............................................. 78
Add Fabrikam's AD FS as Claims Provider to Contoso's AD FS ...................................................... 78
Adding Contoso AD FS as a Relying Party to Fabrikam's AD FS .................................................... 90
Windows Azure Pack blog posts on Building Clouds & TechNet .................................................... 104
Windows Azure Pack Introduction, Overview and Concepts ............................................................ 104
Windows Azure Pack & Installing and Configuring ........................................................................... 105
Windows Azure Pack & Service Provider Foundation (SPF) ............................................................. 105
Windows Azure Pack & Service Management Automation (SMA) .................................................. 106
Windows Azure Pack Guide Page 4 of 111
Windows Azure Pack & Gallery Items and VM Roles ........................................................................ 107
Windows Azure Pack & Web Sites ....................................................................................................... 108
Windows Azure Pack & Plan and Subscriptions ................................................................................. 108
Windows Azure Pack & Usage and Billing .......................................................................................... 108
Windows Azure Pack & Identity and ADFS ......................................................................................... 109
Windows Azure Pack & Networking .................................................................................................... 109
Windows Azure Pack & Troubleshooting ........................................................................................... 110
Windows Azure Pack & Extending and Customization ..................................................................... 111
Windows Azure Wiki .............................................................................................................................. 111
Windows Azure Pack Guide Page 5 of 111
Throughout this Success with Hybrid Cloud series, I’ve emphasized the importance of linking private and public
clouds – and Windows Azure Pack (WAP) is that link. WAP provides a consistent experience between Windows
Azure and private clouds, and this allows service providers (hosters) and enterprises to offer their “customers”
Windows Azure like capabilities, hosted within their own data center.
WAP leverages the same console and API technology used in Azure, and this brings a consistent platform of
portal + API between private, public, and hosted clouds.
WAP offers a series of services to its consumers by providing an Azure-like experience that includes a consistent
interface, as well as a common API, that enables a consistent way to consume these services. These services
include, but are not limited to, IaaS, Web PaaS and Database as a Service (DBaaS).
The architecture of this consistent experience looks like this:
Source : Anders Ravnholt
http://blogs.technet.com/b/privatecloud/
Author : James van den Berg
http://mountainss.wordpress.com
Twitter : @jamesvandenberg
System Center Cloud and Datacenter Management
Windows Azure Pack Guide Page 6 of 111
Architecture
WAP architecture is an amalgamation of different web services which, when combined, offer an array of service
layers.
There are two portals that makes up the WAP solution.
Admin Portal
This portal lets you configure the different services offered via WAP, as well as defining plans (what
services can be consumed and how much), and mapping these to subscriptions (who can consume
services) so tenants can start using those services via the customer portal. The admin portal also offers
the possibility to manage automation and metering for services consumed by customers. The admin
portal resides inside the datacenter as an interface for WAP administrators.
Customer (tenant) Portal
This portal allows tenants to consume services from WAP. These services include IaaS, Web PaaS, and
DBaaS – and it enables 3rd party extensions to be used by customers. Using the WAP Tenant Portal,
customers can manage these services in a way that’s very similar to how services are managed in
Azure. The WAP portal experience is almost identical and offers very similar capabilities for the service
listed above as in Azure.
To understand how these two portals look side-by-side, consider this illustration:
Windows Azure Pack Guide Page 7 of 111
Architecture layers
WAP is made of a series of sites and endpoints responsible for different functions. Each component (sites &
endpoints) use web services (REST DATA). The WAP service can be illustrated in the following way:
The two WAP deployment options are:
1. Express Deployment
All WAP Portal and API services deployed on a single server
Distributed Deployment
Components are separated for security
Increased numbers of servers to address performance
Scale out all nodes for high availability
Windows Azure Pack Guide Page 8 of 111
Windows Azure Pack and System Center
Windows Azure Pack uses System Center 2012 R2 for IaaS. Windows Azure Pack uses Service Provider
Foundation (a new component in System Center) to manage IaaS. Service Provider Foundation (SPF) provides a
multitenant interface to components of System Center. System Center uses SPF as an interface to communicate
with Virtual Machine Manager and Operations Manager to deploy, manage, and delete VMs using VMM.
System Center also uses SPF to extract usage from SCOM for metering and usage in WAP.
By using SPF, WAP can use multiple “stamps” and scale the environment when needed for IaaS service.
Windows Azure Pack Customization and Extensibility Capabilities
One of the strengths of WAP is its rich extensibility model. The different extensibility and customization
capabilities include:
Custom Management Portals
Custom Theming
Usage Service
Custom Resource Providers
PowerShell
Custom Management Portals
While WAP provides a consistent UX with Windows Azure, you may want to use your own portal to offer cloud
services to your tenants. WAP supports this setup and it allows organizations to build or use their own custom
portals while leveraging the WAP Service Management API as it allows organizations to programmatically
perform tasks that are accessible through the default WAP portals.
For more details on how to integrate custom portals with WAP check out this article, and also check this
sample portal from the Building Clouds Blog that leverages the Service Management API.
Custom Theming
WAP allows you to customize the theming of the tenant site with your organization’s logo, colors, and icons.
You can refer to this site for more details on WAP custom theming.
Usage Service
A very important aspect of the cloud services provided through WAP is that the consumption usage of those
services and resources is captured – thus, service providers can extract that data for analytic purposes and for
billing their tenants for the resources they consume.
While WAP does not provide an out-of-the-box implementation of a billing system, it does provide a Usage
Service REST API. Service Providers can then develop a Billing Adapter that acts as the interface between the
WAP Usage Service and the service providers own billing service.
You can read more about the WAP Usage Service here, and you can check some sample Billing Adapters here
and here.
Windows Azure Pack Guide Page 9 of 111
Custom Resource Providers
WAP offers clouds services using Resource Providers. Out of the box, WAP includes the Web Sites, VM Clouds,
SQL Server, My SQL and Service Bus Resource Providers. When these resource providers don’t provide the
cloud services you would want to offer, WAP allows you to create Custom Resource Providers that can offer
additional cloud services to your tenants by leveraging the Service Management API.
For more guidance on custom Resource Providers refer to the Windows Azure Pack Custom Resource Providers
section in the Windows Azure Pack Developers Kit. For a jumpstart on using Custom Resource Providers go
ahead and download, deploy and evaluate the “Hello World” sample that is included in the WAP Developers
Kit.
PowerShell
Windows PowerShell support for WAP is provided in two different ways:
Administrative tasks (such as feature configuration, plans, and resource management) are provided via
the PowerShell cmdlets that are included when you install WAP.
The PowerShell cmdlets for the management of tenant resources (available under a specific
subscription) are included as part of the Windows Azure SDK and can be obtained from this link.
Partner Solutions
Windows Azure Pack has a list of partner solutions which enrich the experience for given scenarios. In particular,
check out:
Cloud Cruiser
Enables billing (Finance Management) for WAP Services which enable the service provider to bill for
the services consumed by tenants. More info here.
For More Information:
Windows Azure Pack Overview from the Building Clouds Blog.
Windows Azure Pack: Installing & Configuring Series.
Intro to Troubleshooting Installation & Configuration of Windows Azure Pack.
IaaS Usage and Service Reporting using System Center 2012 R2 and WAP.
Service Management Automation: Getting Started with SMA Runbooks.
Windows Azure Pack Guide Page 10 of 111
Windows Azure Pack - Installing & Configuring Series.
Anders Ravnholt [MSFT]
Anders Ravnholt [MSFT]
Microsoft
MSFT
2,255 Points 5 2 1
Recent Achievements
Blog Party Starter Blog Conversation Starter First Forums Reply
View Profile
6 Dec 2013 5:00 AM
Comments 36
Likes
After numerous requests from people we have talked to, we are now doing a blog post on how to install
Windows Azure Pack and configuring the basic settings for IaaS and Databases Resource Providers.
In the following series of blog posts Shri from the Windows Azure Pack Product team and I will explain how you
can:
Windows Azure Pack - Installing & Configuring Series. (This blog post)
Windows Azure Pack - Reconfigure portal names, ports and use trusted certificates
Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3
Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3
Federated Identities to Windows Azure Pack through AD FS – Part 3 of 3
Scenario:
Contoso Inc is a Service Provider offering IaaS Service like Virtual Machines and SQL Databases to its customers
(tenants).
Contoso has a domain called Contoso.com and wants to deploy a Windows Azure Pack infrastructure which
enables them to offer VM and Database services.
Windows Azure Pack Guide Page 11 of 111
They want to setup a Proof of Concept to test the solution, the solution has a simplified setup from what it
would look like it production, as it will be used to test general concepts.
The Proof of Concept environment will look like the following:
The Servers will be configured as follows:
Role Name Function
Active Directory DC01.contoso.com Active Directory, ADFS, Certificate Server
Windows Azure Pack WAP01.contoso.com Windows Azure Pack Express Install
Service Provider Foundation SPF01.contoso.com Service Provider Foundation
SQL Server DB01.contoso.com SQL Instance
Virtual Machine Manager VMM01.contoso.com Virtual Machine Manager 2012 R2
managing one Hyper-v host
This blog post will take you from Installing Windows Azure Pack all the way to deploying your first VM and
Database in your Cloud.
This is not in any way replacing the TechNet documentation, but due to many requests of having a scenario
based example we have taken the feedback and created this blog post.
The following links are the official documentation for Installing and configuring Windows Azure Pack.
Windows Azure Pack Guide Page 12 of 111
Deploy Windows Azure Pack for Windows Server
Windows Azure Pack installation checklist
Administer Plans and Add-ons
In this blog post we will explain how to perform the following tasks;
Installing Windows Azure Pack
Configuring VMM and SPF
Configuring Windows Azure Pack
Login as a Tenant and provision a VM and SQL Database
Pre-requisites.
Virtual Machine Manager is installed and configured and:
o Member of the Contoso.com domain.
o One or more VMM Clouds created in VMM.
o One or more VM Networks created in VMM.
Service Provider Foundation is installed using default install on the server specified above.
o Running Windows Server 2012 R2
o Database running on DB01
o SPF IIS Web service running under a domain account
o Member of the Contoso.com domain
SQL Server is installed running SQL 2012
o With SQL Authentication enabled (Using SA)
o Member of the Contoso.com domain
Disclaimer: This environment is meant for testing only. This should not be considered guidance for
production use, as several decisions made in this blog post are not targeting a production environment.
Let's get started:
Installing Windows Azure Pack: 1. Deploy a Windows Server 2012 R2 GUI server and join it to the domain.
2. Install the following prerequisites:
3. Disable Internet Explorer Enhanced Security.
1. Install Microsoft Web Platform Installer 4.6 (can be downloaded from here if the WAP server
has no Internet follow this blog post)
2. In Windows Server 2012 R2, install the following software through Web Platform Installer, in
this order:
1. Enable Microsoft .NET Framework 3.5 SP 1 in Server Manager.
2. .NET 4.5 Extended, with ASP.NET for Windows 8.
3. IIS recommended configuration.
4. Launch WEB PI Installer.
5. Select Products from the top menu.
6. Type: Windows Azure Pack in the search field in the left side.
7. Click Add Windows Azure Pack: Portal and API Express.
Windows Azure Pack Guide Page 13 of 111
Figure 1: WAP Express installer in Web PI
8. Click Install at the bottom of the WEB PI windows.
9. Read the terms of use, Click I Accept.
10. When the Wizard completes the installation, it will present a screen as the one described in the picture
below asking to Continue. When clicking in the Continue button, an Internet Explorer Window will be
launched.
Figure 2: WAP Install screen in Web PI
Figure 3: WAP Install screen in Web PI
Windows Azure Pack Guide Page 14 of 111
11. In the recently opened Internet Explorer page, copy the URL, and launch a new browser with
administrative privileges. When the new browser is opened, paste the URL you obtained before
(https://localhost:30101/).
12. In the browser, if you are presented with warnings related to the certificate, click in continue. Then the
Windows Azure Pack Setup will be displayed.
Figure 4: WAP Install screen in Web PI
13. In the Database Server page, provide the following information:
1. Server Name: an instance that accepts SQL Authentication (for example db01.contoso.com).
2. Authentication type: SQL authentication (Windows Authentication can also be used).
3. Database server admin username: sa
4. Password: ********
5. Passphrase: ********
14. Click on the arrow for next.
Figure 5: Database Server setup in WAP install
Windows Azure Pack Guide Page 15 of 111
15. In the Customer Experience Improvement program select one option and click on Next.
16. In the Features Setup page click on the to finish the wizard.
17. Once the setup has completed, click in the arrow button.
18. Sign out and Sign in from WAP01 (this needs to be done for the user to be registered correctly in
WAP).
19. Open a browser and go to: https://wap01:30091.
Validating the installation succeeded: In order to verify that the installation succeeded do the following:
1. Log on to the WAP Server as Administrator.
2. Start IIS Management Console.
3. Check that the following IIS WEB Sites are created:
4. Logon on the SQL Server (SQL01) as SQL Administrator.
5. Open SQL Management Studio on the SQL Server as SA.
6. Check that the following Databases were successfully created:
Windows Azure Pack Guide Page 16 of 111
Figure 6: Websites created after WAP Install
Figure 7: Databases created after WAP Install
Configuring VMM and SPF In this section we want to configure the following:
Virtual Machine Manager (VMM) High Level Configuration
Service Provider Foundation High Level Configuration
Virtual Machine Manager (VMM) High Level
Configuration
Things to configure in SCVMM are the following in high level steps.
1. Logon to VMM Server as Administrator.
2. Start the VMM Console.
3. In the SCVMM console go to Fabric - Add Resources - Windows Server Computers in an AD Domain or
Untrusted AD domain and add the Hyper-V host to VMM.
Windows Azure Pack Guide Page 17 of 111
4. Once hosts have been added, copy one or more syspreped vhds to the VMM Library (e.g.
\\vmm01\MSSCVMMLibrary\VHDs).
5. Now create one or more clouds in SCVMM (in this case we created two: Contoso and Fabrikam) and
assign one or more logical networks to the cloud. Make sure you leave Capability Profiles unchecked.
6. Under VM Networks, create a VM Network, a subnet and an IP Pool. Connect the VM Network to a
logical network that was assigned to the cloud created earlier. (e.g. Contoso Tenant)
7. Then create one or more hardware profiles (for example, small, medium and large).
8. Create templates from the syspreped VHDs copied to the library (for example, Windows Server 2012
R2 Core and Windows Server 2012 R2 GUI).
Windows Azure Pack Guide Page 18 of 111
NOTE: - when creating the VM templates, in Hardware Profiles it's not necessary to select one, for our
example we created medium, then click next, and make sure that you select Create a new Windows
Operating System Customization Settings, and select the operating system (for example, Windows
Server 2012 R2 Datacenter). If this is not selected, the VM will not show up in the Windows Azure Pack
Portal.
9. Select Settings.
10. Add the user under which the SPF Web Service (Application Pool) account is running to the
Administrators group.
1. Click Security > User Roles.
2. Click Administrators > Members.
3. Click Add and select the user that SPF Web Service (Application Pool) is running with. (e.g
contoso\!spf).
Service Provider Foundation High Level
Configuration
Add a local user to SPF_ local groups
Things to configure in Service Provider Foundation are the following in high level steps.
1. Logon to the SPF Server as Administrator.
2. Start Computer Management.
3. Select Local User and Groups.
4. Create a user you want to use for SPF by right click Users > new user (e.g. spf)
Note: This is not the same as the SPF Web Service (Application Pool). This is a local user on the SPF
Server.
5. Click on the user and select the "Member Of" tab.
6. Make the user member of all Groups starting with SPF_,.
Windows Azure Pack Guide Page 19 of 111
Verify that the SPF Web Service is running under the right user
credentials
The way SPF executes commands against VMM will be in the context of the user under which the web service is
running.
To verify that the SPF Web Service is running under the right service account do the following:
1. Login to the SPF server as an administrator
2. Start IIS Manager
3. Expand SPF Server > Sites and verify that SPF shows in the list.
4. Select Applications Pools under connection menu
5. Verify that both the VMM and Provider Application Pools are running under the account (Identity) that
is also a member of the VMM Administrators (e.g. contoso\!spf)
Configuring the Windows Azure Pack In this section we want to configure the following:
Configuring VM Clouds Resource Provider in the Windows Azure Pack
Configure SQL Servers Resource Provider in the Windows Azure Pack
Configuring a plan in Windows Azure Pack
Configure an Admin Account and a subscription in the Windows Azure Pack
To do this we need to do the following:
Windows Azure Pack Guide Page 20 of 111
Configuring VM Clouds Resource Provider in the
Windows Azure Pack
1. Logon to WAP Admin Portal as an administrator (e.g. https://wap01.contoso.com:30091)
2. Finish the Intro tour and click Ok.
3. In the main window Select VM Clouds
4. In the VM Clouds Window select Register System Center Service Provider Foundation.
5. Type the Service URL, Username and Password.
Note: the User name and password is the user created locally on the SPF server and which was added
to the SPF groups (e.g. SPF01\spf).
6. Verify that the registration goes well.
7. Register VMM: Go to VM Clouds - Clouds - Use an existing Virtual Machine Cloud Provider to Provision
Virtual Machines, and provide the following info:
1. Virtual machine manager server: vmm01
2. Port number (optional):
3. Remote Desktop Gateway:
4. Click on register.
8. Verify that VMM Server registers correctly by selecting the server under clouds and verify that all
clouds shows for the VMM Server.
Windows Azure Pack Guide Page 21 of 111
Configure SQL Servers Resource Provider in
Windows Azure Pack Now we'll configure SQL Server for hosting. To do this do the following:
1. In the WAP Admin Portal go to SQL Servers
2. Click on Add an existing server to the hosting server group.
3. In the wizard provide the following information:
1. SQL Server Group: Default
2. SQL Server name: db01
3. Username: sa
4. Password: ********
5. Size of hosting server in GB: 20
Note: The SQL Server used for the SQL server must have SQL Authentication enabled for the Service
Provider service to work.
4. Verify that the following message shows in the status area.
Windows Azure Pack Guide Page 22 of 111
5. Under Servers there should now be a new SQL Server showing.
Configuring a Plan in Windows Azure Pack
1. In the WAP Admin Portal go to Plans.
2. Click on + New -> PLAN -> CREATE PLAN.
3. Specify a name for the plan (e.g. Contoso).
4. Select the service that should be offered via the plan (e.g. Virtual Machine Clouds and SQL Servers) and
click next.
5. Skip add-ons and Click Ok.
Note: In our scenario we created two plans: Contoso and Fabrikam.
6. Under plan verify that the new Plan(s) shows in the list.
Windows Azure Pack Guide Page 23 of 111
7. Click on the first plan created.
8. Under plan service click on Virtual Machine Clouds.
9. Select the VMM Server (There should only be one in the list).
10. Under Virtual Machine Cloud select the Cloud for which you would like to use with the plan (e.g.
Contoso).
11. Under Usage limit specify the usage limits that the plan should use.
12. Under networks click Add network.
13. Select the VM networks that should be used for the plan and click Ok.
14. Click Add hardware profiles.
15. Select the hardware profiles that should be used for the plan and click Ok.
16. Click Add Templates and select the templates that should be used for the plan.
Windows Azure Pack Guide Page 24 of 111
17. Under Additional settings select the actions that should be allowed within the plan
18. Click Save
19. Verify that the plan service shows as configured and Active for both services
Configure a Admin Account and a subscription in
Windows Azure Pack
1. In the WAP Admin main menu click User Accounts
2. Click + New -> User Account > Quick Create >
3. Provide the following information:
1. E-mail: eg. [email protected]
2. Password: *******
3. Select a plan (e.g. Contoso)
4. Click Create.
5. Click on the newly created user and verify that a subscription shows.
Windows Azure Pack Guide Page 25 of 111
Login as a Tenant and provision a VM and
SQL Database to a Cloud. 1. Open a browser and go to the WAP Tenant Portal (e.g. https://wap01.contoso.com:30081)
2. Specify the user account created earlier and password (e.g. [email protected])
3. Click on Submit.
4. Finish the introduction wizard.
5. Click on Virtual Machines.
6. Click Create a virtual Machine Role.
7. Select Standalone Virtual Machine.
8. Select From Gallery -> Templates.
9. Select a template in the list and click Next.
10. Provide the following information of the VM.
1. Name: e.g. Contoso01
2. Password:
3. Product Key
Note: Depending on what kind of sysperped image is used, it's necessary to provide a product
key. Only if the image is build using a Volume License image it might not be needed to provide a
product key.
11. Select a network for the Virtual Machine e.g. Contoso Tenant (this is the network that was selected
when creating the plan).
12. Click Next
Windows Azure Pack Guide Page 26 of 111
13. Go to Virtual Machine Manager.
14. Start the VMM Console.
15. Select Job and Select Running
16. Verify that one job shows provisioning the virtual machine.
17. Go back to the WAP Tenant Portal.
18. Select SQL Server Databases.
19. Click Add a New Database.
20. Specify a Name for the Database (e.g. DB01).
21. Click Next.
22. Provide a User Name and a Password (e.g. dba01).
23. Click Ok to create the Database.
24. Verify that the job completes with success.
25. Click on All Items.
26. Verify that a VM and a Database shows in the list.
Windows Azure Pack Guide Page 27 of 111
Hope this blog post will help you with Installing and configuring Windows Azure Pack by providing an example
end to end.
In the next blog post we will look at how you can create certificates for Windows Azure Pack
Until Next time, happy installing and configuring Windows Azure Pack!
Windows Azure Pack - Reconfigure
portal names, ports and use trusted
certificates Following up from the Installing and configuring Windows Azure Pack (WAP) series we are now at the point
where we want to reconfigure server names and ports as well as assigning trusted certificates to my WAP
Portals.
Blog post in the series are:
Installing & Configuring Windows Azure Pack
Configuring Ports and Certificates for Windows Azure Pack (This blog post)
Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3
Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3
Federated Identities to Windows Azure Pack through AD FS – Part 3 of 3
In this blog post we will look at how you can change portal names and ports for the Tenant and Admin portals
in WAP.
Once that is done we are going to issue certificates from an Enterprise CA to the Admin portal as well as issuing
a certificate to the Tenant Portal. As I don't have a Public CA Certificate I'm going to use one from my Enterprise
CA, but the concept for a Public CA is exactly the same as if I was using certificates from a trusted CA like
VeriSign or similar.
Windows Azure Pack Guide Page 28 of 111
Figure 1: Windows Azure Pack Tenant Portal
Architecture:
Windows Azure Pack has different components which serve various functions.
By looking at the roles being installed on a WAP Server for an express install, we can see a long list of Web
Services running on the WAP Server.
These different Web Services provide various roles within the WAP Infrastructure
In this blog post scenario, we will be working with the following Web Services:
WAP Tenant Portal Service (MgmtSvc-TenantSite): Hosts the WAP Tenant Portal
WAP Tenant Authentication Service (MgmtSvc-AuthSite): Hosts the authentication for tenants
WAP Admin Portal Service (MgmtSvc-WindowsAdminSite): Hosts the Admin Portal
WAP Admin Authentication Service (MgmtSvc-WindowsAuthSite): Hosts the Admin Authentication
Windows Azure Pack Guide Page 29 of 111
Figure 1: List of Web Sites
(roles) running on a WAP Server (Express install)
Figur 2: WAP Infrastructure example
When a tenant accesses the WAP Tenant portal (exposed to the Internet) they will be redirected to the WAP
Tenant Authentication Service to validate if the user is allowed to access the system, once the WAP Tenant
Authentication service has validated the user, it will be redirected back to the WAP Tenant portal with access to
WAP services. The tenant authentication service uses claim based authentication and can use different
authentication methods like ADFS or .Net. In this scenario we are using default authentication (.Net), in the
following three blog posts Shri from the WAP Product team will explain how you can change the WAP tenant
authentication service to make use of ADFS.
In the PoC setup these services are running on the same server (WAP01.contoso.com) as shown on "figure 1".
A similar scenario happens when a WAP Administrator accesses the WAP Admin portal (only accessible on the
internal network), the WAP admin portal will redirect the admin to the WAP Admin Authentication service which
by default uses Windows Authentication. Once Windows Authentication service has authenticated the user, the
user is redirected back to the WAP Admin portal with access to WAP.
Scenario:
After Installing and configuring Windows Azure Pack with the basic settings for the Contoso.com proof of
concept (PoC), the next steps are to configure the following:
Change WAP portal name.
Configure tenant and admin portals to run on port 443 (Https).
Replace the self-signed certificates with certificates provided by the enterprise CA (and consequently
remove the warnings displayed in Internet Explorer due to the self-signed certificates).
Change the WAP Tenant Portal to use an internet facing url.
Change the WAP Tenant Authentication site to use the public web address that is also used by the
WAP Tenant Portal.
Windows Azure Pack Guide Page 30 of 111
The Servers are configured as follows:
Role Name Function
Active Directory DC01.contoso.com Active Directory, ADFS, Certificate Server
Windows Azure Pack WAP01.contoso.com Windows Azure Pack Express Install
Service Provider
Foundation SPF01.contoso.com Service Provider Foundation
SQL Server DB02.contoso.com SQL Instance hosting the WAP databases
Virtual Machine Manager VMM01.contoso.com Virtual Machine Manager 2012 R2 managing one Hyper-
v host
The portals DNS names will be renamed to the following:
WAP Admin Portal: wapadmin.contoso.com port 443
WAP Tenant Portal Internal: WAPCloud.contoso.com port: 443
WAP Tenant Auth: wapcloud.contoso.com port: 444
Disclaimer: This environment is meant for testing only. This should not be considered guidance for
production use, as several decisions made in this blog post are not targeting a production environment.
Reconfigure portal names for Windows
Azure Pack As the two WAP Portals by default (in our proof of concept) are installed with https://wap01.contoso.com:30081
for the Tenant Portal and https://WAP01.contoso.com: 30091 for the Admin Portal we want to change these to
use more portal friendly names.
To do this we need to do the following:
Create a DNS record for the new portals.
Install and configure an enterprise CA.
Request certificates for WAP Web Services from the CA.
Change ports and assign certificates for WAP Services.
Update Windows Azure Pack with the new web service modifications.
Windows Azure Pack Guide Page 31 of 111
Create a DNS record for the new portals. To create new DNS records do the following:
1. Logon to the DNS server.
2. Start DNS Manager
3. Expand dc01 > Forward Lookup Zone > <Yourdomain> (e.g. contoso.com)
4. Right click on <Yourdomain> and select New Host (A-Record)
5. Provide the DNS name and the IP address of the WAP Admin Server (e.g. Name: wapadmin, IP:
192.168.1.40)
Figure 3: Creating a new A-record in DNS manager
6. Create the other DNS name for the remaining portal (e.g. wapcloud,) and provide the WAP01 IP
address as all roles are installed on the same server in the PoC.
7. Verify that the DNS records shows in the list.
Figure 2: List of DNS records in DNS Manager.
8. Close the DNS Manager.
Windows Azure Pack Guide Page 32 of 111
Use trusted certificates for the Windows
Azure Pack In order to use CA signed certificates in our PoC environment we need to do the
following:
Install a CA Server
Configure the CA Server
Request Web Server certificates from the CA Server
Change Web Sites to use certificate.
Install a CA Server To install a CA Server do the following steps:
1. Logon to the server that will be running the CA Server (e.g. DC01)
2. Start Server Manager.
3. Select Dashboard on the left.
4. Click Add roles and features.
5. Click next to: before you begin, Installation type and server selection.
6. In Server Roles select Active Directory Certificate Services under Roles.
7. Click next to features.
8. Under Role Services Select the following: Certification Services, Certificate Enrolment Policy..,
Certificate Enrolment Web, Certification Authority..
9. Accept the add-ons and click next to Web Role Services.
10. Click Install.
11. Verify that the install finishes with success.
Configure CA Server Do the following to configure the newly installed CA Server:
1. On the CA Server start Server Manager as a user that is member of Enterprise Admins.
2. Select AD CS on the left.
3. A message will show in the main window:
Windows Azure Pack Guide Page 33 of 111
Figure 3: Configuring CA Server in Server Manager
4. Click on More.
5. In the server task details click on Configure Active Directory Cert..
6. Select All Roles to configure except for Web Service and click Next.
7. Select Enterprise CA.
8. Select Root CA.
9. Select Create a new private key and click next.
10. Click next to cryptography.
11. Click next to CA Name and keep default.
Figur 4: CN Names for the CA Server
12. Keep 5 years and click next
13. Click next to Certificate Database
14. Select Windows Integrated auth.. and click next
15. Under Server Certificate Select Choose and assign a certificate for SSL later and click next
16. Click Configure
17. Click Close
Change WEB Sites to use Certificate
Issue Certificate for the WAP Admin Portal
Greg from CAT has created a blog post which describes how the certificate can be automated. The blog post
can be found here: Automating Active Directory Certificate Services with Windows PowerShell – Part 1.
The manual steps will be described below:
Windows Azure Pack Guide Page 34 of 111
To issue certificates for the WAP Services the following steps needs to be done:
1. Logon to the WAP Server as an administrator (e.g. wap01.contoso.com)
2. Open IIS Manager on the WAP Portal Server
3. Select the IIS server under connections
4. In the main window select server certificates under IIS
5. In the right windows select create a domain certificate
6. Specify the following:
1. WAPAdmin FQDN under common name (e.g. wapadmin.contoso.com)
2. Orginazation: Contoso
3. Organ unit: NA
4. City NA
5. State NA
7. Click Next
8. Select a CA and provide the friendly name for the certificate (e.g. wapadmin.contoso.com)
Figure 5: Certificate request from IIS Manager
9. Click Finish
10. Verify that the certificate shows in the list of certificate
Figure 6: Certificate list in IIS Manager
We now have a web certificate, which we can use for the WAP Admin Portal.
11. Request two more certificate following the same procedure:
1. WAP Authentication: wap01.contoso.com
2. WAP Tenant Portal Internal: WAPCloud.contoso.com
12. There should now be three certificates in the Web Server Certificate list from Contoso CA.
Figure 7: WAP Certificates in IIS Manager
Windows Azure Pack Guide Page 35 of 111
Change ports and certificates for the WAP Admin
Portal The following steps needs to be done in order to change ports and certificates for the
admin portal.
1. Logon to the WAP server as Administrator (This assumes it's an express install).
2. Start ISS Manager.
3. Expand IIS Server > Sites.
4. Right click on MgmtSvc-AdminSite and select edit bindings.
5. Select https 30091 and select edit.
6. Change port to 443.
7. Set hostname to wapadmin.contoso.com.
8. Select the certificate from the drop down list which was created earlier from the CA.
Figure 8: IIS Certificate list for Web Site Bindings
9. Click Ok.
10. Restart the Web Site.
11. Right click on MgmtSvc-WindowsAuthSite and select edit bindings.
12. Select the certificate from the list wap01.contoso.com.
13. Click Ok.
Change ports and certificates for the WAP Tenant
Portals The following steps needs to be done in order to change ports and certificates for the
tenant portal.
1. Logon to the WAP server as Administrator (This assumes it's an express install).
2. Start ISS Manager.
3. Expand IIS Server > Sites.
4. Right click on MgmtSvc-TenantSite and select edit bindings.
5. Select https 30081 and select edit.
6. Change port to 443.
Windows Azure Pack Guide Page 36 of 111
7. Set hostname to wapcloud.contoso.com.
8. Select wapcloud.contoso.com in the drop down list for certificates
9. Click Close
10. Right click on MgmtSvc-AuthSite and select edit bindings
11. Select https 30071 and select edit.
12. Change port to 444.
13. Select wapcloud.contoso.com in the drop down list for certificates.
14. Restart the MgmtSvc-TenantSite Web Site from the action menu.
15. Restart the MgmtSvc-AuthSite Web Site from the action menu.
Update Windows Azure Pack with the new
settings
Updating the Windows Azure Admin Portal The TechNet documentation can be found here: Reconfigure FQDNs and Ports in Windows Azure Pack
To update WAP with our modifications the following commands needs to be executed, where we will use the
values used in the scenario.
Set-MgmtSvcFqdn: This command will update the FQDN names for the modified services in the WAP
Database.
Set-MgmtSvcRelyingPartySettings: This command will set the relay location for the WAP
authentication service (Tenant or Admin)
Set-MgmtSvcIdentityProviderSettings: This command will update the authentication service
where redirects will be redirected once verified.
We will be using the following arguments while executing the commands:
WAP Database Server: db02.contoso.com
WAP Database user: sa
Admin Portal FQDN: wapadmin.contoso.com
Admin Portal Port: 443
Admin Auth Service: wap01.contoso.com:30072
Windows Azure Pack Guide Page 37 of 111
To update the modification made to WAP Services in the WAP database do the
following.
1. Logon to the WAP Server as a WAP Administrator.
2. Start a PowerShell window.
3. Import the WAP PowerShell module:
Import-Module -Name MgmtSvcConfig
4. Update WAP Admin Portal with the updated FQDN settings by running the following command:
Set-MgmtSvcFqdn -Namespace "AdminSite" -FullyQualifiedDomainName
"wapadmin.contoso.com" -Port 443 -Server "db02"
5. To set the WAP authentication service FQDN for the admin portal run the following command.
Set-MgmtSvcRelyingPartySettings –Target Admin –MetadataEndpoint
'https://wap01.contoso.com:30072/FederationMetadata/2007-
06/FederationMetadata.xml' -ConnectionString "Data
Source=db02.contoso.com;User ID=sa;Password=*******"
6. To set the authentication service redirection location to the admin portal run the following command:
Set-MgmtSvcIdentityProviderSettings –Target Windows –MetadataEndpoint
'https://wapadmin.contoso.com/FederationMetadata/2007-
06/FederationMetadata.xml' -ConnectionString "Data
Source=db02.contoso.com;User ID=sa;Password=********"
Windows Azure Pack Guide Page 38 of 111
Updating the Windows Azure Tenant Portal The following attributes are used for configuring the WAP Tenant Portal.
WAP Database Server: db02.contoso.com
WAP Database user: sa
Tenant Portal FQDN: wapcloud.contoso.com
Admin Portal Port: 443
Admin Auth Service: wapcloud.contoso.com:444
To update the tenant portal do the following:
1. Logon to the WAP Server as an Administrator.
2. Start PowerShell.
3. Import the WAP PowerShell module:
Import-Module -Name MgmtSvcConfig
4. Update WAP Tenant Portal with the updated settings by running the following command:
Set-MgmtSvcFqdn -Namespace "TenantSite" -FullyQualifiedDomainName
"wapcloud.contoso.com" -Port 443 -Server "db02"
5. Update WAP Tenant Auth Site with the updated settings by running the following command:
Set-MgmtSvcFqdn -Namespace "AuthSite" -FullyQualifiedDomainName
"wapcloud.contoso.com" -Port 444 -Server "db02"
6. To set the WAP authentication service FQDN for the tenant portal run the following command.
Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint
'https://wapcloud.contoso.com:444/FederationMetadata/2007-
Windows Azure Pack Guide Page 39 of 111
06/FederationMetadata.xml' -ConnectionString "Data
Source=db02.contoso.com;User ID=sa;Password=********"
7. To set the authentication service redirection location to the admin portal run the following command.
Set-MgmtSvcIdentityProviderSettings –Target Membership –
MetadataEndpoint 'https://wapcloud.contoso.com/FederationMetadata/2007-
06/FederationMetadata.xml' -ConnectionString "Data
Source=db02.contoso.com;User ID=sa;Password=********"
Verify the WAP modification works. To verify that the modification works do the following:
Pre-requisite: As we don't have a public certificate for our PoC setup we are going to install the CA certificate
on the computers in the Trusted Certificates store from where we will access the WAP Portals.
1. Login to a computer as a user that has WAP Admin Portal access.
2. Start a browser.
3. Type the URL that the WAP Admin Portal was changed to (E.g. https://wapadmin.contoso.com)
Verify that the WAP Admin Portal loads using the new URL
Figure 9: Updated URL in the WAP Admin Portal
4. Verify that the tenant portal works by opening a browser and go to https://wapcloud.contoso.com.
5. During the authentication sign-in process note the redirection to the wapcloud.contoso.com:444
authentication site.
Windows Azure Pack Guide Page 40 of 111
Figure 10: Updated URL in the WAP Tenant Portal
6. Verify that after login the login redirects you back to the WAP Portal.
Figure 11: Updated URL in the WAP Tenant Portal
Windows Azure Pack Guide Page 41 of 111
Summary The goal with this blog post was to show how it's possible to reconfigure portal names, ports and use trusted
certificates after deploying the Windows Azure Pack.
In the blog post we did the following
Created new DNS records
Installed and configured CA Enterprise server
Issued certificates for the WAP Web Services
Change host names, ports and certificates for the WAP Web Services
Updated WAP Database with the new configurations
Verified that the configuration was successful.
In the next three blog posts Shri from the WAP Product team will walk you through how
to configure ADFS with Windows Azure Pack.
Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3 (Coming soon)
Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3 (Coming soon)
Federated Identities to Windows Azure Pack through AD FS – Part 3 of 3 (Coming soon)
Happy building your PoC environment for Windows Azure Pack.
Anders Ravnholt
Windows Azure Pack Guide Page 42 of 111
Federated Identities to Windows Azure Pack
through AD FS – Part 1 of 3
In few of the previous posts, Anders Ravnholt discussed Installation & Configuration of WAP and
Reconfiguration with FQDNs, ports and Trusted Certificates in detail. In this series, I will discuss how to
configure AD FS and enable it to provide Identities to your WAP installation.
Scenario Contoso Inc. is a Service Provider that hosts a private cloud stack and offers Compute resources to their
customers. Contoso wants to install a Windows Azure Pack stack and
1. Provide administrative access to users from its own Active Directory
2. Provide self-service access to the Tenant Portal to users from Fabrikam Corp, one of its customers.
We will run through this scenario in 3 parts:
In this first part of the blog series, we will discuss how Contoso can set up an AD FS instance in their Corp domain.
In the second part, we will discuss how Contoso can set up trust between the AD FS instance and the WAP Admin
Portal and provides its users, access to the Management Portal.
In the third part, we will discuss how Contoso can enable Fabrikam's users to access the Tenant portal by
establishing trust between Fabrikam's AD FS and Contoso's AD FS.
Windows Azure Pack Guide Page 43 of 111
Personas Rob is a Fabric Administrator who is responsible for maintaining the infrastructure. Rob was tasked with installing
the Windows Azure Pack Stack for Contoso Inc.
Mary is the Domain administrator for pcloud.contoso.corp domain in Contoso's Active Directory. Mary has
necessary permissions to configure the AD FS linked to the domain.
Alan is a Tenant Administrator who is responsible for Creating and Managing Plans and Subscriptions in Windows
Azure Pack.
Assumptions and Scope
In this scenario, we assume the following about the environment:
Windows Azure Pack is already set up in the pcloud.contoso.corp domain
All the components in the environment have been configured with certificates from a Trusted CA
We also assume the following about you, the reader:
You are familiar with the installation of the Windows Azure Pack. For more information about Windows
Azure Pack deployment, visit http://technet.microsoft.com/en-us/library/dn296432.aspx
You are familiar with some fundamentals of Claims based Authentication (Refer white paper at
http://download.microsoft.com/download/6/F/7/6F7BB9DD-0D65-492F-9180-75A47A520F80/Claims-
Based Authentication in WAP.docx )
You are familiar with AD FS and the AD FS Console. For more information about AD FS visit
http://technet.microsoft.com/en-us/library/hh831502.aspx
This post will not discuss enabling and configuring AD FS using PowerShell. Details about PowerShell
based configuration can be found in the Windows Azure Pack Installation Guide at
http://technet.microsoft.com/en-us/library/dn296436.aspx
Enabling the AD FS Role Mary is the Domain Administrator for the domain ‘pcloud’ which is a domain in the ‘Contoso.corp’ forest. She
has the necessary permissions to add an AD FS instance to the pcloud domain.
1. Mary logs into a machine that is joined to the pcloud domain and which will host the AD FS service.
She enables the AD FS role from the Server Manager by clicking on ‘Manage’ and selecting ‘Add Roles
Windows Azure Pack Guide Page 44 of 111
and Features’
2. After selecting the local server, she selects ‘Active Directory Federation Services’ from the Server Roles
tab and clicks ‘Next’. The rest of the steps are standard and nothing needs to be changed, so she clicks
Windows Azure Pack Guide Page 45 of 111
through the wizard and Clicks ‘Finish’. This will install the AD FS instance on the server
Configuring the AD FS server 1. Once Installation completes, Server Manager will show an Exclamation mark in the Notifications to
indicate that the role has not been configured yet. Mary clicks on the notification to open the AD FS
Configuration Wizard. This is the first server in the AD FS farm, so she selects ‘Create the first
Windows Azure Pack Guide Page 46 of 111
federation server in a federation server farm’ and moves on to the next step
Windows Azure Pack Guide Page 47 of 111
2. She Selects the current user (herself) as the one configuring the farm
3. The next step is to configure the Federation Service Name. Note that this can be different from the
actual AD FS Machine name. This is the name that will be used by other services to reach AD FS.
In this step, Mary also has to provide a certificate for SSL/TLS based access. This certificate needs to be
issued by a trusted Public CA as this is presented to the users when they attempt to login. She already
has a wild card cert for *.pcloud.contoso.com that she can use to configure the AD FS server.
Note: In case a wild card certificate is not available, the certificate subject name should match with the
AD FS Federation Service name
Windows Azure Pack Guide Page 48 of 111
Windows Azure Pack Guide Page 49 of 111
4. In the Specify Database Step, Mary decides which database to use to store AD FS install. She can either
use a Windows Internal Database or a SQL Server.
Windows Azure Pack Guide Page 50 of 111
5. Once all the options are reviewed, she clicks on ‘Configure’ to configure AD FS
Windows Azure Pack Guide Page 51 of 111
6. That’s it! the pcloud domain now has an AD FS instance that is associated with it and can be used
to provide administrative users to the WAP installation
You can find more information about AD FS at http://technet.microsoft.com/en-us/library/hh831502.aspx
Visit Part 2 of this blog series for a walkthrough on how Contoso uses this AD FS instance to provide Admin
identities to WAP.
Visit Part 3 of this blog series for a walk through on how Contoso uses this AD FS instance to federate with
Fabrikam’s AD through a Fabrikam AD FS to provide tenant Identities to WAP
Windows Azure Pack Guide Page 52 of 111
Federated Identities to Windows Azure Pack
through AD FS – Part 2 of 3
In few of the previous posts, Anders Ravnholt discussed Installation & Configuration of WAP and
Reconfiguration with FQDNs, ports and Trusted Certificates in detail. In this series, I will discuss how to
configure AD FS and enable it to provide Identities to your WAP installation.
Scenario Contoso Inc. is a Service Provider that hosts a private cloud stack and offers Compute resources to their
customers. Contoso wants to install a Windows Azure Pack stack and
1. Provide administrative access to users from its own Active Directory
2. Provide self-service access to the Tenant Portal to users from Fabrikam Corp, one of its customers.
In the first part of this blog series, we discussed how Contoso can set up an AD FS Farm in their Corp domain
pcloud.contoso.corp.
In this second part, we will discuss how Contoso can set up trust between the AD FS instance and the WAP Admin
Portal and provides its users, access to the Management Portal.
In the third part, we will discuss how Contoso can enable Fabrikam's users to access the Tenant portal by
establishing trust between Fabrikam's AD FS and Contoso's AD FS.
Windows Azure Pack Guide Page 53 of 111
Personas Rob is a Fabric Administrator who is responsible for maintaining the infrastructure. Rob was tasked with installing
the Windows Azure Pack Stack for Contoso Inc.
Mary is the Domain administrator for pcloud.contoso.corp domain in Contoso's Active Directory. Mary has
necessary permissions to configure the AD FS linked to the domain.
Alan is a Tenant Administrator who is responsible for Creating and Managing Plans and Subscriptions in Windows
Azure Pack.
Scope
In this scenario, we assume the following about the environment:
Windows Azure Pack is already set up in the pcloud.contoso.corp domain
AD FS is enabled and configured for the pcloud.contoso.corp domain
Alan has a user id in the pcloud.contoso.corp domain
All the components in the environment have been configured with certificates from a Trusted CA
We also assume the following about you, the reader:
o You are familiar with the installation of the Windows Azure Pack. For more information about
Windows Azure Pack deployment, visit http://technet.microsoft.com/en-
us/library/dn296432.aspx
o You are familiar with some fundamentals of Claims based Authentication (Refer white paper at
http://download.microsoft.com/download/6/F/7/6F7BB9DD-0D65-492F-9180-
75A47A520F80/Claims-Based Authentication in WAP.docx )
o You are familiar with setting up AD FS and the AD FS Console. For more information about AD
FS visit http://technet.microsoft.com/en-us/library/hh831502.aspx
This post will describe, how to perform the scenario using the AD FS Console
This post will not talk about performing the scenarios using AD FS PowerShell
Federating AD FS with WAP In Order to enable AD FS to provide Identities with WAP, configurations need to happen in two places:
1. Mary, who is the domain administrator, needs to add the WAP Admin Portal as a Relying Party with AD
FS. This is to let AD FS know that the Admin portal will be requesting identities from it
2. Rob, who has access to the infrastructure, needs to configure the WAP Admin Portal to forward users
to AD FS to get their identities validated.
Windows Azure Pack Guide Page 54 of 111
AD FS Configuration
1. Mary opens the AD FS Console, from either the Server Manager, or by adding the AD FS snapin from
the mmc console
2. On the AD FS console, selects “Relying Party Trusts” and clicks on “Add Relying Party Trust” from
the Actions sidebar to open the “Add Relying Party Trust Wizard”
Windows Azure Pack Guide Page 55 of 111
3. In the Select Data Source step, Mary points the wizard to pick up federation metadata settings from
the WAP admin Portal. The federation metadata file can usually be found at
https://<adminPortalUri>/federationmetadata/2007-06/federationmetadata.xml
Windows Azure Pack Guide Page 56 of 111
Alternatively, this metadata file can also be downloaded from the above location and imported into the
wizard from a file
Windows Azure Pack Guide Page 57 of 111
4. She specifies a friendly display name for the Admin Portal and clicks Next
5. The remaining steps in the wizard deals with configuring Multifactor Authentication, Issuance
Authorization rules etc which are not currently needed for this scenario and so she leaves them as is
Windows Azure Pack Guide Page 58 of 111
with the default values and completes the wizard
6. Once the Relying Party has successfully been added, Mary will have to configure the Claim
Transformation Rules so that ADFS is aware of what claims to send to the particular relying party, in
this case, the WAP Admin Portal. The WAP portals can understand two kinds of Claims, UPN and
Group Claims. So there are four rules that have to be created in ADFS to issue these claims
7. In the “Add Transform Claim rule Wizard” , the Claim rule template should be selected as "”Send
LDAP Attributes as Claims” and click Next
Windows Azure Pack Guide Page 59 of 111
In the next step, Mary provides a Friendly rule name and selects the Attribute store as Active Directory
and in the Mapping table, maps User-Principal-Name to UPN outgoing claim.
Windows Azure Pack Guide Page 60 of 111
A similar process is repeated for adding Group Claims. Select Token-Groups – Qualified by Domain
to map to Group outgoing claim
Windows Azure Pack Guide Page 61 of 111
8. In some cases a UPN might already be available to AD FS. To handle these scenarios, there are two
additional rules that need to be added to flow the UPN claims through as-is. In the “Add Transform
Claim rule Wizard” select, “Pass Through or Filter an Incoming Claim”
Windows Azure Pack Guide Page 62 of 111
in the next step, she provides a friendly name to the rule, and specifies the Incoming Claim Type as
UPN and clicks Finish
Windows Azure Pack Guide Page 63 of 111
A similar process is repeated for the Group Claim
Windows Azure Pack Guide Page 64 of 111
Windows Azure Pack Guide Page 65 of 111
9. Now that all four rules are added for this relying party, she finally clicks on Apply and is done with the
Claim Transformation Rules
10. Now that this is done, as the final step, Mary has to enable JWT tokens for the Relying Party. This
cannot be done via UI and so she opens up a PowerShell window and verifies the settings of the
Relying Party that was just added. The command is as below
1: Get-AdfsRelyingPartyTrust -Name "WAP Admin Portal"
Windows Azure Pack Guide Page 66 of 111
11. She notes down the Identifier for the relying Party which is typically “http://azureservices/AdminSite”
and confirms that the EnableJWT value is set to False. This now needs to be set to true to enable JWT
tokens. She uses the cmd below to do this
1: Set-AdfsRelyingPartyTrust -TargetIdentifier 'http://azureservices/AdminSite' -
EnableJWT $true
Windows Azure Pack Guide Page 67 of 111
Windows Azure Pack Guide Page 68 of 111
With that, the AD FS side of things is done and ready to go!
WAP Configuration
Once Mary is done configuring AD FS, Rob, the fabric administrator, can now come in and configure the WAP
Admin Portal to add AD FS as the Identity Provider. Rob will also have to give Alan permissions to Administer
Plans and subscriptions and maintain the WAP stack.
1. Rob logs on to the machine where WAP is installed, and runs the following PowerShell
1: $fqdn = 'adfs.pcloud.contoso.corp'
2: $dbServer = 'ContosoWAP'
3: $dbPassword = 'pass@word1'
4: $portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial
Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID=sa;Password={1}', $dbServer,
$dbPassword)
5:
6: Set-MgmtSvcRelyingPartySettings -Target Admin `
7: -MetadataEndpoint https://$fqdn/FederationMetadata/2007-
06/FederationMetadata.xml `
8: -ConnectionString $portalConfigStoreConnectionString
the $fqdn variable refers to the Federation Service Name of AD FS
2. The only thing left to do is to give Alan permissions to access the Admin portal. ie. add him as an
administrator. This can be done by the following PowerShell command
Note: The name specified in the Principal parameter should match exactly with the UPN that is
supplied by AD FS.
1: $dbServer = 'ContosoWAP'
2: $dbPassword = 'pass@word1'
3: $portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial
Catalog=Microsoft.MgmtSvc.Store;User ID=sa;Password={1}', $dbServer, $dbPassword)
4:
5: Add-MgmtSvcAdminUser -Principal [email protected] -ConnectionString
$portalConfigStoreConnectionString
3. Now Alan can sign in with his credentials to the Admin Portal
Windows Azure Pack Guide Page 69 of 111
Windows Azure Pack Guide Page 70 of 111
That’s it! Alan can take over from here and administer Windows Azure Pack .
In the next part, we will take a look at the tenant side of things and how to federate Fabrikam’s AD FS with
Contoso to provide tenant identities.
Windows Azure Pack Guide Page 71 of 111
Federated Identities to Windows Azure Pack
through AD FS – Part 3 of 3
In few of the previous posts, Anders Ravnholt discussed Installation & Configuration of WAP and
Reconfiguration with FQDNs, ports and Trusted Certificates in detail. In this series, I will discuss how to
configure AD FS and enable it to provide Identities to your WAP installation.
Scenario Contoso Inc. is a Service Provider that hosts a private cloud stack and offers Compute resources to their
customers. Contoso wants to install a Windows Azure Pack stack and
1. Provide administrative access to users from its own Active Directory
2. Provide self-service access to the Tenant Portal to users from Fabrikam Corp, one of its customers.
We will run through this scenario in 3 parts:
In the first part of this blog series, we discussed how Contoso can set up an AD FS Farm in their Corp domain
pcloud.contoso.corp.
In the second part, we discussed how Contoso can set up trust between the AD FS instance and the WAP
Admin Portal and provides its users, access to the Management Portal.
In this third part, we will discuss how Contoso can enable Fabrikam's users to access the Tenant portal by
establishing trust between Fabrikam's AD FS and Contoso's AD FS and Contoso's AD FS and the WAP Tenant
Portal.
Windows Azure Pack Guide Page 72 of 111
Personas Rob is a Fabric Administrator who is responsible for maintaining the infrastructure. Rob was tasked with
installing the Windows Azure Pack Stack for Contoso Inc.
Mary is the Domain administrator for pcloud.contoso.corp domain in Contoso's Active Directory. Mary has
necessary permissions to configure the AD FS linked to the domain.
George is the domain administrator of Fabrikam.corp domain. He has the necessary credentials to federate
Fabrikam's AD FS with Contoso's AD FS.
Assumptions and Scope In this post, the following are the assumptions about the environment:
Windows Azure Pack is already set up in the pcloud.contoso.corp domain
AD FS is enabled and configured for the pcloud.contoso.corp domain
AD FS is enabled and configured for the Fabrikam.corp domain
All the components in the environment have been configured with certificates from a Trusted CA
Both Contoso and Fabrikam have setup the necessary DNS routing to talk to each other
We also assume the following about you, the reader:
You are familiar with the installation of the Windows Azure Pack. For more information about Windows
Azure Pack deployment, visit http://technet.microsoft.com/en-us/library/dn296432.aspx
You are familiar with some fundamentals of Claims based Authentication (Refer white paper at
http://download.microsoft.com/download/6/F/7/6F7BB9DD-0D65-492F-9180-75A47A520F80/Claims-
Based Authentication in WAP.docx )
You are familiar with setting up AD FS and the AD FS Console. For more information about AD FS visit
http://technet.microsoft.com/en-us/library/hh831502.aspx
This post will describe, how to perform the scenario using the AD FS Console
This post will not talk about performing the scenarios using AD FS PowerShell
Overview of Scenario Before I move on to explain how federation is established, I would like to give you an overview of the steps that
need to be completed to get this working.
1. Add the WAP Tenant Portal as a Relying Party to Contoso's AD FS
This is done so that the AD FS knows that the Tenant Portal will be relying on it to provide
authenticated Identities. This process has been explained in the second part of the blog series in the
context of the Admin Portal.
2. Add Contoso's AD FS as Claims Provider to the WAP tenant Portal
This is done so that the Tenant Portal knows that AD FS is the entity that provides User Claims and that
Windows Azure Pack Guide Page 73 of 111
the users will have to authenticate against it. This process has been explained in the second part of the
blog series in the context of the Admin Portal.
A similar relationship exists between Contoso's AD FS and Fabrikam's AD FS,
1. Add Contoso's AD FS as a Relying Party to Fabrikam's AD FS
This is done so that Fabrikam's AD FS knows that Contoso's AD FS will rely on it to authenticate users
within its own realm
2. Add Fabrikam's AD FS as a Claims Provider to Contoso's AD FS
This is done to tell Contoso's ADFS that it can trust Fabrikam's AD FS and that it will be one of the
trusted Claims Providers in the Federation Chain
Windows Azure Pack Guide Page 74 of 111
All four of these steps have to be completed for the proper trusts to be established and enable users to login to
the system.
Establish trust between Contoso's AD FS and
WAP Tenant Portal
Adding a WAP Tenant Portal as a Relying Party to Contoso's AD FS This process has already been explained in the second part of the blog series in the context of the Admin
portal. We will go over it again here briefly.
Mary, Contoso's Domain Administrator, has to add the WAP Tenant Portal as a relying party with AD FS which
tells AD FS that the Tenant Portal will be looking to get tokens from it. To do that Mary kicks off the "Add
Relying party trust Wizard" from the AD FS Console
Windows Azure Pack Guide Page 75 of 111
She enters the federation metadata information for the WAP Tenant Portal which is typically
<https://<<tenant portal url>>/federationmetadata/2007-06/federationmetadata.xml
Windows Azure Pack Guide Page 76 of 111
Mary provides a friendly name for the Tenant Portal and proceeds with the rest of the wizard leaving default
values.
Windows Azure Pack Guide Page 77 of 111
Windows Azure Pack Guide Page 78 of 111
Now Mary adds Claim Transformation Rules to the Tenant Portal, similar to the ones added to the Admin Portal
(per the second part of this blog series).
Additionally, she ensures that the Tenant portal gets JWT Claims by using the Set-ADFSRelyingPartyTrust
cmdlet. (Again, per the second part of this blog series)
1: Set-AdfsRelyingPartyTrust -TargetIdentifier 'http://azureservices/TenantSite' -EnableJWT
$true
Adding Contoso's AD FS as a Claims Provider to
the Tenant Portal Rob, who is the Fabric Administrator, logs on to the WAP box to complete the second half of this handshake.
He runs the following script on the WAP Tenant Portal to let the Portal know it needs to Rely on AD FS for
identities
1: $fqdn = 'adfs.pcloud.contoso.corp'
2: $dbServer = 'ContosoWAP'
3: $dbPassword = 'pass@word1'
4: $portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial
Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID=sa;Password={1}', $dbServer, $dbPassword)
5:
6: Set-MgmtSvcRelyingPartySettings -Target Tenant `
7: -MetadataEndpoint https://$fqdn/FederationMetadata/2007-06/FederationMetadata.xml `
8: -ConnectionString $portalConfigStoreConnectionString
Add Fabrikam's AD FS as Claims Provider to
Contoso's AD FS
Windows Azure Pack Guide Page 79 of 111
1. Mary, the Domain Administrator for the pcloud.contoso.corp domain opens the AD FS console and
clicks "Add Claims Provider Trust" from the Actions pane on the right.
2. In the Select Data Source screen, she enters the address to the Federation Metadata information of
Fabrikam's AD FS. It is typically https:// <adfs federation servicename>/federationmetadata/2007-
06/federationmetadata.xml
Alternatively, the file can also be downloaded from the above location and imported into the wizard
Windows Azure Pack Guide Page 80 of 111
Windows Azure Pack Guide Page 81 of 111
3. The next step is to provide a friendly name for the Fabrikam AD FS. For easy identification, let's call it,
well, Fabrikam AD FS
4. The remaining steps in the wizard deals with configuring Multifactor Authentication, Issuance
Authorization rules etc which are not currently needed for this scenario and so she leaves them as is
with the default values and completes the wizard. In the final step, Mary ensures that the "Open the
Windows Azure Pack Guide Page 82 of 111
Edit Claim Rules dialog.." checkbox is checked and clicks "Close"
5. In the "Add Transform Claim rule Wizard" , the Claim rule template should be selected as ""Send
LDAP Attributes as Claims" and click Next
Windows Azure Pack Guide Page 83 of 111
In the next step, Mary provides a Friendly rule name and selects the Attribute store as Active Directory
and in the Mapping table, maps User-Principal-Name to UPN outgoing claim.
Windows Azure Pack Guide Page 84 of 111
A similar process is repeated for adding Group Claims. Select Token-Groups – Qualified by Domain
to map to Group outgoing claim
Windows Azure Pack Guide Page 85 of 111
6. In some cases a UPN might already be available to AD FS. To handle these scenarios, there are two
additional rules that need to be added to flow the UPN claims through as-is. In the "Add Transform
Claim rule Wizard" select, "Pass Through or Filter an Incoming Claim"
Windows Azure Pack Guide Page 86 of 111
in the next step, she provides a friendly name to the rule, and specifies the Incoming Claim Type as
UPN and clicks Finish
Windows Azure Pack Guide Page 87 of 111
Mary clicks on Yes in the AD FS Management Popup
Windows Azure Pack Guide Page 88 of 111
A similar process is repeated for the Group Claim
Windows Azure Pack Guide Page 89 of 111
Windows Azure Pack Guide Page 90 of 111
7. Now that all four rules are added for this relying party, she finally clicks on Apply and is done with the
Claim Transformation Rules
8. Once this is done Mary needs to ensure that when users are redirected to the ADFS from the WAP
Tenant Portal, they should be taken directly to Fabrikam’s AD FS page for authentication. This is done
by the following cmdlet
1: Set-AdfsRelyingPartyTrust -TargetName "WAP Tenant Portal" -ClaimsProviderName
@("Fabrikam AD FS")
Adding Contoso AD FS as a Relying Party to
Fabrikam's AD FS
To complete the second part of the handshake, George, who is the Domain Administrator for Fabrikam should
add Contoso's AD FS as a Relying Party. This is the same process as adding a Claims Provider and has pretty
much the same set of steps:
Windows Azure Pack Guide Page 91 of 111
1. Enters the location to the Federation metadata of Contoso's AD FS
Windows Azure Pack Guide Page 92 of 111
2. Specifies a friendly name to the registered Relying Party
Windows Azure Pack Guide Page 93 of 111
3. Clicks through the rest of the wizard by choosing appropriate values or the default ones depending on
his preferences. On completing the wizard, he is shown the 'Add Transform Claim Rule Wizard'
4. In the "Add Transform Claim rule Wizard" , the Claim rule template should be selected as ""Send
LDAP Attributes as Claims" and click Next
Windows Azure Pack Guide Page 94 of 111
5. In the next step, he provides a Friendly rule name and selects the Attribute store as Active Directory
and in the Mapping table, maps User-Principal-Name to UPN outgoing claim.
Windows Azure Pack Guide Page 95 of 111
6. A similar process is repeated for adding Group Claims. Select Token-Groups – Qualified by Domain
to map to Group outgoing claim
Windows Azure Pack Guide Page 96 of 111
7. In some cases a UPN might already be available to AD FS. To handle these scenarios, there are two
additional rules that need to be added to flow the UPN claims through as-is. In the "Add Transform
Claim rule Wizard" select, "Pass Through or Filter an Incoming Claim"
Windows Azure Pack Guide Page 97 of 111
8. In the next step, he provides a friendly name to the rule, and specifies the Incoming Claim Type as UPN
and clicks Finish
Windows Azure Pack Guide Page 98 of 111
A similar process is repeated for the Group Claim
Windows Azure Pack Guide Page 99 of 111
Windows Azure Pack Guide Page 100 of 111
9. Now that all four rules are added for this relying party, he finally clicks on Apply and is done with the
Claim Transformation Rules
10. Once this is done, George needs to ensure that JWT tokens are issued to Contoso's AD FS. This is done
by the following Powershell
1: Set-ADFSRelyingPartyTrust -TargetIdentifier
http://adfs.pcloud.contoso.corp/adfs/services/trust -EnableJWT $true
Windows Azure Pack Guide Page 101 of 111
11. That’s it! Now when users access the Tenant Portal, they will be redirected to
Contoso AD FS which will then redirect them to Fabrikam AD FS. The Fabrikam
AD FS will then authenticate the user
12. Once authenticated, users will be redirected all the way back to the WAP Tenant Portal to access their
resources!
Windows Azure Pack Guide Page 102 of 111
Windows Azure Pack Guide Page 103 of 111
Windows Azure Pack Guide Page 104 of 111
Windows Azure Pack blog posts on Building
Clouds & TechNet You might be thinking, that was a lot of Windows Azure Packs blog posts going out on Building Clouds over
the past two months, what's going on?
You are right, there has been a lot of blog posts about WAP or its related components. In November and
December we released over 30 blog posts on Building Clouds and System Center blog to help our readers
familiarize them self with this new technology from Microsoft.
For the same reason you might also be looking for a nice overview on TechNet where you can navigate through
the different blog posts.
This blog post is designed to bring you exactly that.
Windows Azure Pack Introduction, Overview
and Concepts
Name Blog Date Author
What's New in 2012 R2: IaaS Innovations
In the
Cloud
31-07-
2013
Brad
Anderson
What's New in 2012 R2: Service Provider & Tenant IaaS
Experience
In the
Cloud
01-08-
2013
Brad
Anderson
What You Have to Gain from Cloud-based Financial
Management IT
In the
Cloud
22-10-
2013
Brad
Anderson
What's New in 2012 R2: Enabling Modern Apps with the
Windows Azure Pack
In the
Cloud
21-08-
2013
Brad
Anderson
What's New in 2012 R2: PaaS for the Modern Web
In the
Cloud
28-08-
2013
Brad
Anderson
Table of Contents: Success with Hybrid Cloud
In the
Cloud
12-11-
2013
Brad
Anderson
Windows Azure Pack Guide Page 105 of 111
Windows Azure Pack & Installing and
Configuring
Name Blog Date Author
Windows Azure Pack - Installing & Configuring Series.
Building
Clouds
06-12-
2013
Anders
Ravnholt
Windows Azure Pack - Reconfigure portal names, ports
and use trusted certificates
Building
Clouds
10-12-
2013
Anders
Ravnholt
Adding an already running VM in Virtual Machine
Manager to a Windows Azure Pack Subscription
Building
Clouds
05-12-
2013
Anders
Ravnholt
Application Management - System Center and the Web
Platform Installer (WebPI)
Building
Clouds
30-08-
2013
Shawn Gibbs
[MSFT]
Windows Azure Pack & Service Provider
Foundation (SPF)
Name Blog Date Author
Troubleshooting Windows Azure Pack, SPF &
VMM
Building
Clouds
06-12-
2013
Anders
Ravnholt
Configuring Portals for Service Provider
Foundation
TechNet 01-11-2013 Microsoft
Service Provider Foundation Developer's Guide TechNet 01-11-2013 Microsoft
Windows Azure Pack Guide Page 106 of 111
Windows Azure Pack & Service
Management Automation (SMA)
Name Blog Date Author
Using the Service Management Automation feature of
Orchestrator in System Center 2012 R2
Orchestrator
29-10-
2013
Eamon O
Reilly
Service Management Automation: Integrating into the
OData web service
Orchestrator
11-12-
2013
Eamon O
Reilly
Service Management Automation: Monitoring and
Troubleshooting Your Runbooks
Orchestrator
13-11-
2013
Chris Sanders
MS
SMA capabilities in depth – Runbook Tasks (library,
configuration, starting, scheduling, creation and
tagging)
Orchestrator
09-12-
2013
Justin
Incarnato
Service Management Automation: Portable Modules –
What, Why, and How
Orchestrator
04-11-
2013 Joe Levy_
Automation–An Introduction to Service Management
Automation
Building
Clouds
09-08-
2013
Jim Britt
[MSFT]
Automation–Service Management Automation Runbook
Spotlight–Getting Started with SMA Runbooks
Building
Clouds
14-08-
2013
Jim Britt
[MSFT]
Automation–Service Management Automation Runbook
Spotlight–Exchange Distribution List Creation
Building
Clouds
15-08-
2013
Jim Britt
[MSFT]
Automation–Service Management Automation
Tip/Trick–Leveraging InlineScript and $Using:Variable
with PowerShell Workflow
Building
Clouds
27-08-
2013
Jim Britt
[MSFT]
Automation–Service Management Automation Runbook
Spotlight–Virtual Machine Startup by Priority (Part 1)
Building
Clouds
21-08-
2013
Charles Joy
[MSFT]
Automation–Service Management Automation Runbook
Spotlight–Virtual Machine Startup by Priority (Part 1.5)
Building
Clouds
27-08-
2013
Charles Joy
[MSFT]
Automation–Service Management Automation–Utility
Runbook Spotlight–VMM Custom Property
Management
Building
Clouds
27-08-
2013
Charles Joy
[MSFT]
Automation–Service Management Automation Runbook
Spotlight–Virtual Machine Startup by Priority (Part 2)
Building
Clouds
29-08-
2013
Charles Joy
[MSFT]
Windows Azure Pack Guide Page 107 of 111
Automation – Fun with Orchestrator and SMA
integration points
Building
Clouds
12-12-
2013
Charles Joy
[MSFT]
Calling an Orchestrator Runbook from SMA – Part 1
Building
Clouds
01-12-
2013
Tiander
Turpijn [MSFT]
Calling an Orchestrator Runbook from SMA – Part 2
Building
Clouds
11-12-
2013
Tiander
Turpijn [MSFT]
Orchestrated offline VM Patching using Service
Management Automation
Building
Clouds
07-12-
2013
Thomas
Roettinger
Windows Azure Pack & Gallery Items and
VM Roles
Name Blog Date Author
Windows Azure Pack VMRole Gallery Items for
Collaboration Workloads
Building
Clouds
11-12-
2013
Michael
Greene
VMRole Gallery Item – Exchange Server 2013
Building
Clouds
11-12-
2013
Michael
Greene
VMRole Gallery Item – SharePoint Server 2013
Building
Clouds
11-12-
2013
Michael
Greene
VMRole Gallery Item – Lync Server 2013
Building
Clouds
11-12-
2013
Michael
Greene
Virtual Machine Role Example Kit
Building
Clouds
11-12-
2013
Michael
Greene
VMRole Guide for the Service Template Admin
Building
Clouds
11-12-
2013
Michael
Greene
Troubleshooting Windows Azure Pack & Gallery Items
(VM Roles) (Part 1)
Building
Clouds
25-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack and Gallery Items
(Part 2)
Building
Clouds
27-11-
2013
Anders
Ravnholt
Application Management - Virtual Hard Disk
Requirements of Windows Azure Pack Gallery Items
Building
Clouds
26-10-
2013
Kurt Scherer
[MSFT]
Windows Azure Pack Guide Page 108 of 111
Windows Azure Pack & Web Sites
Name Blog Date Author
Application Management - Service Models Web
Platform Installer Gallery
Building Clouds
26-10-
2012
Kurt Scherer
[MSFT]
Offlining Web Application Gallery Feed for
Windows Azure Pack
Building Clouds
06-12-
2013 Shriram [MSFT]
Leveraging IaaS and PaaS with Windows Azure
Pack and System Center 2012 R2
Virtual Machine
Manager
06-11-
2013 J.C. Hornbeck
Windows Azure Pack & Plan and
Subscriptions
Name Blog Date Author
How to Create a Basic Plan Using the Service
Administration Portal
Building
Clouds
01-08-
2013
Ranganathan
Srikanth
Troubleshooting Windows Azure Pack - Plans and
Subscriptions
Building
Clouds
02-12-
2013 Anders Ravnholt
Windows Azure Pack & Usage and Billing
Name Blog Date Author
How to Integrate Your Billing System with the Usage
Metering System
Building
Clouds
06-12-
2013
Ranganathan
Srikanth
Windows Azure Pack Guide Page 109 of 111
IaaS Usage and Service Reporting using System
Center 2012 R2 and Windows Azure Pack
Building
Clouds
27-08-
2013 Anders Ravnholt
Configuring VMM and OM for IaaS usage and
metering.
Building
Clouds
27-09-
2013 Anders Ravnholt
Configuring SPF and Windows Azure Pack for IaaS
usage and metering.
Building
Clouds
01-10-
2013 Anders Ravnholt
Installing & configuring Service Reporting for IaaS
usage and metering
Building
Clouds
11-10-
2013 Anders Ravnholt
Troubleshooting Windows Azure Pack & Usage (Part
1)
Building
Clouds
20-11-
2013 Anders Ravnholt
Troubleshooting Windows Azure Pack & Usage (Part
2)
Building
Clouds
21-11-
2013 Anders Ravnholt
Windows Azure Pack & Identity and ADFS
Name Blog Date Author
Federated Identities to Windows Azure Pack through
AD FS – Part 1 of 3
Building
Clouds
17-12-
2013
Shriram
[MSFT]
Federated Identities to Windows Azure Pack through
AD FS – Part 2 of 3
Building
Clouds
17-12-
2013
Shriram
[MSFT]
Federated Identities to Windows Azure Pack through
AD FS – Part 3 of 3
Building
Clouds
18-12-
2013
Shriram
[MSFT]
Windows Azure Pack & Networking
Name Blog Date Author
Software Defined Networking – Hybrid Clouds using
Hyper-V Network Virtualization (Part 1)
Building
Clouds
20-11-
2013
Nader
Benmessaoud
Windows Azure Pack Guide Page 110 of 111
Software Defined Networking – Hybrid Clouds using
Hyper-V Network Virtualization (Part 2)
Building
Clouds
21-11-
2013
Nader
Benmessaoud
Software Defined Networking – Hybrid Clouds using
Hyper-V Network Virtualization (Part 3)
Building
Clouds
28-11-
2013
Nader
Benmessaoud
Windows Azure Pack & Troubleshooting
Name Blog Date Author
Troubleshooting Installation & Configuration of
Windows Azure Pack – An Introduction
Building
Clouds
05-11-
2013
Anders
Ravnholt
Troubleshooting Installation of Windows Azure Pack
Building
Clouds
06-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack, SPF & VMM
Building
Clouds
08-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack & Usage (Part 1)
Building
Clouds
20-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack & Usage (Part 2)
Building
Clouds
21-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack & Gallery Items
(VM Roles) (Part 1)
Building
Clouds
25-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack and Gallery
Items (Part 2)
Building
Clouds
27-11-
2013
Anders
Ravnholt
Troubleshooting Windows Azure Pack - Plans and
Subscriptions
Building
Clouds
02-12-
2013
Anders
Ravnholt
Service Management Automation: Monitoring and
Troubleshooting Your Runbooks
Orchestrator
13-11-
2013
Chris Sanders
MS
General Troubleshooting List for Windows Azure Pack
(WAP) and SPF Integration
Orchestrator
12-11-
2013 J.C. Hornbeck
Windows Azure Pack Guide Page 111 of 111
Windows Azure Pack & Extending and
Customization
Name Blog Date Author
Sample Billing Adapter Code for Windows Azure Pack
Building
Clouds
11-12-
2013
Kandavel
KR
Sample Portal Code based on Windows Azure Pack, Service
Provider Foundation and Virtual Machine Manager
Building
Clouds
28-11-
2013
Kandavel
KR
Windows Azure Pack Developers Kit TechNet
15-11-
2013 Microsoft
Navigating The Hello World Custom Resource Provider
Sample
TechNet
15-11-
2013 Microsoft
Windows Azure Pack Wiki
Name Blog Date Author
Windows Azure Pack (WAP) and Related Blogs, Videos
and TechNet Articles
TechNet
30-10-
2013 Community
Hyper-v.nu
Partner
blog
30-10-
2013
Hans
Vredevoort
Peter
Noorderijk
Marc van Eijk
Hope this whitepaper gives you a good overview over the Windows Azure Pack and its components on TechNet
blogs.
Until next time have fun with Windows Azure Pack.