In this blog post, I want to show you how to convert an on-premises web application (with SQL backend connection) to run in a VM in Azure. This is part of a series which you can find at The Hybrid Cloud for the IT Professional. In a nutshell what you need to do is:
- Create an Azure Infrastructure foundation for the virtual machine
- Create Network (this will be needed as you add additional services to your deployment)
- Create Storage Container (you could do it at the same time as creating the virtual machine, but I will list it separately so you have detailed instructions that can be easily leveraged for other projects.)
- Cloud Service (this is the public IP address place holder)
- Create a Virtual Machine in Azure and configure with IIS for your application
- Copy the Website to the Azure Virtual machine
- Open Ports and configure Azure for the new service
- Change Configuration information on website
Assumptions:
- SQL Server name is SQL01
- The ports and network connectivity for your web server to connect to SQL01 are put into place. If this is in Azure, it is easy, just put it on the same cloud service. If it is on-premises, setup a site-to-site vpn between your Azure account and your on-premises infrastructure.
- The database name is Test
- There is an SQL user named DataManagementApp that has Read and Write capabilities to the database
- if you want to setup a SQL01 database to use with this lab, see http://ITProGuru.com/AzLab2
- you can change these settings to as you go through the instructions as you see fit.
Part 1: Building the Foundation
The First step is to build core IaaS infrastructure in Microsoft Azure.
- Virtual Network
- Storage
- Cloud Service
The services mentioned above are the core tenants that provide a foundation for your applications, virtual machines and hybrid connectivity in Azure. Having this well thought out, provides a great architecture for all of your cloud services.
Login to the Azure Portal; Perform the following tasks:
- Open a browser, and then navigate to http://manage.WindowsAzure.com
- Click PORTAL located at the top of the Microsoft Azure site.
- Log in using your Microsoft Azure credentials for your Microsoft Azure subscription.
- If this is your first time logging into your Azure management portal, close the WINDOWS AZURE TOUR.
Create a new virtual network and subnets for objects
First, you will create a Microsoft Azure network object and corresponding subnet. Virtual Network lets you provision and manage virtual networks in Azure and, optionally, link them via secured VPN tunnels with your on-premises IT infrastructure to create hybrid and cross-premises solutions. With virtual networks, IT administrators can control network topology, including configuration of DNS and IP address ranges.
You can use a virtual network to:
- Create a dedicated private cloud-only virtual network
- Securely extend your data center
- Enable hybrid cloud scenarios
The virtual network you are creating will provide IP addresses to objects and virtual machines you create that are associated with this virtual network. You will also leverage subnets to help organize your IP addresses.
Perform the following tasks in the Azure management portal.
- In the Azure management portal (in the leftmost column), scroll to and click NETWORKS.
- Click NEW (Plus “+” Sign) located at the bottom of the Azure management portal
- Click CUSTOM CREATE.
- In NAME, type ITC-VNet (note: you can change the name if you want but I will use this name in all documentation for ease of following along) and then in LOCATION, select your closest location, and then click the Next arrow. (Important: Remember this choice. You will use the same Location for all options in future steps)
- Leave all DNS setting blank, and then click the NEXT arrow.
This network will initially use Azure DNS. - In STARTING IP, type 192.168.0.0.
- In CIDR (ADDRESS COUNT), select /16.
- Under SUBNETS, highlight Subnet-1, and then replace it with AD-Production.
- Under STARTING IP, type 192.168.10.0.
- Under CIDR (ADDRESS COUNT) select /24.
- Click the Complete icon (Check Mark).
Create a new storage account from the Azure management portal
Microsoft Azure Storage is a massively scalable, highly available, and elastic cloud storage solution that empowers developers and IT professionals to build large-scale modern applications. Azure Storage is accessible from anywhere in the world, from any type of application, whether it’s running in the cloud, on the desktop, on an on-premises server, or on a mobile or tablet device. In this lab, you will create a storage account to contain all objects for your Azure services. Your VHDs, which you will create in lab 2 for your Azure virtual machines, will be stored in this storage account.
Perform the following tasks in the Azure management portal:
- In the leftmost column, scroll to and click STORAGE.
- Click NEW (“+”), located at the bottom of the Azure management portal.
- Make sure STORAGE is highlighted and click QUICK CREATE
- In URL, type itcstore<Unique ID (can use your initials)> For example:
itcstoredan01 (PLEASE NOTE: has to be all lowercase) - In LOCATION/AFFINITY GROUP, select your closest datacenter region (make sure it is the same as you used for your network).
- In REPLICATION, select Locally Redundant (you could geo replicate the storage by changing this value, it literally is that easy)
- Click CREATE STORAGE ACCOUNT.
Create a new service from the Microsoft Azure management portal
At the most basic level, the Azure Service gives you a public IP address as well as a context container to put related services together. By creating a cloud service, you can deploy a multi-tier application in Azure, defining multiple roles to distribute processing and allow flexible scaling of your application. A cloud service consists of one or more web roles and/or worker roles, each with its own application files and configuration. Azure Websites and Virtual Machines also enable web applications on Azure. The main advantage of cloud services is the ability to support more complex multi-tier architectures. In this section you will create a new service to contain your virtual machines. By assigning your new VMs to this service, they will be able to communicate internally.
Perform the following tasks in the Azure management portal.
- In the leftmost column, scroll to and click CLOUD SERVICES.
- Click NEW (“+”) located at the bottom of the Azure management portal
- Make sure CLOUD SERVICE is highlighted and click QUICK CREATE.
- In URL, type ITCservice<ID>. <Unique ID (can use your initials)> For example: ITCserviceDan01
NOTE: ID should be between 3-6 alpha-numeric. Must be unique in all of Azure (all customers/all accounts) - In REGION OR AFFINITY GROUP, select your closest datacenter region
- Click CREATE CLOUD SERVICE.
End Building the Foundation
Now we need to build the Virtual machine!!!!
Create a new web server virtual machine
You will create a new virtual machine to run the web application. You can create this VM using quick create; however, that will not enable you to specify the service or storage, and will create separate storage and services for this VM. You will use the gallery option to ensure you can specify the storage and services for the VM.
Perform the following tasks in the Azure management portal:
- Click VIRTUAL MACHINES located on the left menu of the Azure management portal.
- Click +New to CREATE A VIRTUAL MACHINE.
- Click COMPUTE, click VIRTUAL MACHINE, and then click FROM GALLERY.
- In Choose an Image, click Windows Server 2012 R2 Datacenter, and then click the Next arrow.
- Create a new virtual machine using the values in the following table, and then click the Next arrow. Change values if you like, but remember what you used!
Note: These credentials are designed for the lab and should be changed upon completing the lab to protect your systemsProperty Value VIRTUAL MACHINE NAME WEBFE01 TIER Standard SIZE A2 NEW USER NAME SysAdmin NEW PASSWORD and CONFIRM Passw0rd! - On the Virtual machine configuration page, in CLOUD SERVICE, select itcservice<ID>.
- In STORAGE ACCOUNT, select itcstore<ID>.
- In REGION/AFFINITY GROUP/VIRTUAL NETWORK, verifity ITC-VNet is selected
- In VIRTUAL NETWORK SUBNETS select AD-Production, a dynamic lease in Azure is not renewed regularly like it is on-premises. Once you get a dynamic IP, it is reserved for this machine.
- Click the Next arrow.
- On the Virtual machine configuration page, under Security Extensions, check Microsoft Antimalware.
- Click the Complete icon.
- The virtual machine will take a few minutes to create. Depending on the load this may take between 5 and 25 minutes.
- Wait for the new virtual machine to finish before proceeding.
It is beyond the scope of this document to also move the SQL Server. However, if you do want to move the SQL Server to Azure, see http://ITProguru.com/AZLab2. In this lab, I walk through creating the SQL Server and Migrating the database step-by-step.
Security Warning:
These instructions are designed for a lab environment, there may be other concerns related to your application or environment that you should take into account
In order to work through this example in detail, I have uploaded a sample application. We will download that and install it. When you are ready to do this with your application, just repeat the steps with that application.
Perform these steps while logged into your Web Server on Azure.
- Click on the Folder on the task bar to open Computer. Double-Click Data (C:) Click Home | New Folder type AzureManagement press Enter You can then close the computer window and the Server Manager window to continue.
- Open a web browser Start, Internet Explorer. “Don’t use recommended settings” (for now) click OK
- You need to Add the site https://itcmaster.blob.core.windows.net to your trusted sites. In Internet Explorer; Click Tools (Gear in upper right corner); Internet Options; Security Tab – Trusted Sites; Sites; Type: https://itcmaster.blob.core.windows.net then click Add; Close; OK
- NOTE: you can just click OK to any security warnings you get
- Download https://itcmaster.blob.core.windows.net/fy15q3/AzureManagement.zip by typing the URL into the address bar on your WEBFE01 server. Click Save as then save to C:AzureMangement Folder
- Using File Explorer Open the c:AzureManagement folder, right-click on the AzureManagement.zip file; select Extract All Change the path to C: then click ExtractClose Local Disk (C:) window. You should have a window up still that is showing you C:AzureManagement
Building Application Workload – Deploy Data Access App
Configure endpoints for WEBFE01
In this task, you will configure the required public endpoints for WEBFE01.
Perform the following tasks in the Azure management portal.
- In the Azure management portal, click in VIRTUAL MACHINES.
- Click WEBFE01, and then click ENDPOINTS.
- Click ADD.
- In ADD ENDPOINT, click the Next arrow.
- In Name, select HTTP, and then click the Completed button.
- Click ADD.
- In ADD ENDPOINT, click the Next arrow.
- In Name, select HTTPS, and then click the Completed button.
- You will have to wait for the endpoint to be created then continue
- Click ADD.
- In ADD ENDPOINT, click the Next arrow.
- In NAME, type Custom5000.
- In PUBLIC PORT and PRIVATE PORT, type 5000, and then click the Completed button.
- Click ADD.
- In ADD ENDPOINT, click the Next arrow.
- In NAME, type Custom5001.
- In PUBLIC PORT and PRIVATE PORT, type 5001, and then click the Completed button.
- Click Dismiss Completed in Azure Portal after all are done
Configure firewall ports for WEBFE01
Next, you must enable WEBFE01 to communicate internally within the service. While general IP connectivity is provided by DHCP, the server will have a local firewall and have the public firewall profile enabled. You will enable Application ports and PING traffic on WEBFE01.
Perform the following tasks in an RDP connection to WEBFE01.
- In your RDP session to WEBFE01, open Server Manager.
- Click Local Server.
- Next to Windows Firewall, click Public: On.
- In Windows Firewall, click Advanced settings.
- In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
- In Rule Type, click Port, and then click Next.
- In Specific local ports, type 80, 443, 5000, 5001, and then click Next.
- On the Action page, click Next.
- On the Profile page, click Next.
- In Name, type Allow WebApp, and then click Finish.
- In Windows Firewall with Advanced Security, click Inbound Rules, and then click New Rule.
- In Rule Type, click Custom, and then click Next.
- On the Program page, click Next. (All programs should be selected)
- On the Protocol and Ports page, in Protocol type, select ICMPv4, and then click Next.
- On the Scope page, click Next.
- On the Action page, click Next.
- On the Profile page, click Next.
- In Name, type Allow PING, and then click Finish.
-  Get-WindowsFeature Web-Server | Add-WindowsFeature -IncludeAllSubfeature
- Wait for the command to complete before proceeding. BE PATIENT. It takes several minutes.
-  Iisreset
- Wait for the command to complete before proceeding.
where <ID> is your unique identifier.
- You have now connected to your running web server and are ready to hand off this environment for installation of your company’s software.
- If you cannot connect, wait 2 mins and try the IISReset again. if that still does not work, check to make sure your firewall ports and endpoints were not skipped or botched.
Deploy and test the Contoso Data Access sample site
In this task, you will deploy a sample site. The sample web site simulates the types of tasks the Contoso production application performs, and will prove that the Azure infrastructure meets the base technical requirements of the production system.
Perform the following tasks in RDP sessions to WEBFE01.
- Switch to the RDP session for WEBFE01.
- Using File Explorer, navigate to c:inetpubwwwroot.
- Delete all files and folders in this folder.
- Using File Explorer, navigate to Navigate to C:AzureMangementWebsite.
- Copy all Files and folders from C:AzureMangementWebsite[Website] to C:inetpubwwwroot.
- The global.asax file should be directly in the C:inetpubwwwroot folder, not a subfolder.
- Open the Web.Config file in Notepad, and then locate the following lines.
This connection string provided by the developer of the application assumes a locally installed SQL database, and assumes the locally logged on user has permission to access the database. This is not appropriate for a distributed web application and you will be updating the database location, name, and the credentials used.<connectionStrings><add name=”AdventureWorksConnection”
connectionString=”data source=.MSSQL14;initial catalog=AdventureWorks;integrated security=True;multipleactiveresultsets=True;application name=EntityFramework” providerName=”System.Data.SqlClient” />
</connectionStrings>
- Edit the line so that it reads as follows. Changed information is highlighted in yellow, new information is highlighted in green, and removed information is highlighted in red (in above).
-
- This configures the sample application to use the database stored on SQL01 named Test. There are three changes that are made. You change the SQL Server Name (data source), you change the database name (initial catalog), and you replace the credential with a fixed username and password (integrated security replaced with user and password) If you changed your password for DataManagementApp SQL user you will need to change it here too.
- You can optionally, copy the following XML from this document to web server’s web.config file. Note that there should only be three lines in the final file for <connectionStrings> the open (<conn…), <add name…, and close (</conn…)<connectionStrings>
<add name=”AdventureWorksConnection” connectionString=”data source=SQL01;initial catalog=test;user id=DataManagementApp;
password=Passw0rd!;multipleactiveresultsets=True;application name=EntityFramework” providerName=”System.Data.SqlClient” /></connectionStrings>
- On your Local Laptop computer, using Internet Explorer, navigate to Error! Hyperlink reference not valid..
NOTE: You may have to refresh your browser. - Under Data Management Login, type 12345, and then click Login.
- Click Product Listings.
-
- The result set indicates the web application is communicating with the hosted SQL database correctly.
- Download and Install Windows Azure PowerShell You can follow Step-By-Step instructions at
http://itproguru-app.azurewebsites.net/expert/2015/02/azure-powershell-getting-started-authenticate-with-certificate