deploy sql server business intelligence in windows azure virtual machines

Storage Windows Azure Virtual Machines make extensive use of .vhd files, similar to what is used in on-premises Windows Server Hyper-V environment.. Variable name Purpose/source $domai

Trang 2

Deploy SQL Server Business

Intelligence in Windows Azure Virtual Machines

Chuck Heinzelman

Summary: This document describes and walks you through the creation of a multiserver

deployment of SQL Server Business Intelligence features, in a Windows Azure Virtual Machines environment The document focuses on the use of Windows PowerShell scripts for each step of the configuration and deployment process

Category: Step-by-Step

Applies to: SQL Server 2012 SP1, Windows Azure

E-book publication date: August 2013

Trang 3

Page 2 of 89

Trang 4

Microsoft and the trademarks listed at US.aspx are trademarks of the Microsoft group of companies All other marks are property of their respective owners The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred

http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-This book expresses the author’s views and opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, Microsoft Corporation, nor its resellers, or distributors will

be held liable for any damages caused or alleged to be caused either directly or indirectly by this book

Trang 5

Page 4 of 89

1 Contents

1 Contents 4

2 Introduction 9

3 What Is Infrastructure as a Service (IaaS)? 9

4 Why Infrastructure as a Service (IaaS)? 9

5 Recommended Scenarios for BI on IaaS 10

6 Document Conventions 10

7 Getting Started with IaaS 11

7.1 Affinity Groups 11

7.2 Virtual Networks 11

7.2.1 Subnets 12

7.2.2 DNS 12

7.2.3 On-Premises Connectivity 12

7.3 Storage 13

7.3.1 Containers 13

7.3.2 Access Keys 14

7.4 Cloud Service 14

7.4.1 Deployments 14

7.4.2 Virtual IP Address 14

7.5 Endpoints 14

7.6 Virtual Machines 15

7.7 Availability Sets 15

7.8 Disks 15

7.9 Images 15

8 Prerequisites and Assumptions 17

9 Windows Azure PowerShell Commands 18

10 Non-Windows Azure PowerShell Commands 20

11 The Overall Environment 21

12 Overview of the Deployment Steps 23

13 Step 1: Configure the Windows Azure Environment 24

13.1 Create the Affinity Group 24

13.1.1 Validation 24

13.2 Network 25

Trang 6

13.2.1 Create the Virtual Network 25

13.2.3 Point-to-Site VPN 28

13.3 Cloud Service 28

13.3.1 Create the Cloud Service 28

13.4 Storage Account 28

13.4.1 Create the Storage Account 28

14 Step2: Deploy Active Directory Domain Services 30

14.1 First Domain Controller 30

14.1.1 Provision VM 31

14.1.3 Format Disks 34

14.1.4 Create Domain 34

14.1.5 Create Sites and Subnets 35

14.1.6 Remove Forwarder 37

14.2 Second Domain Controller 37

14.2.2 Format Disks 41

14.2.3 Create Domain Controller 41

14.2.4 Create Share 42

14.3 Service User Accounts 42

14.3.1 Create Service User Accounts 43

15 Step 3: Configure SQL Server Database Servers (SharePoint Back End) 46

15.1 First SQL Server Instance 47

15.2 Format Disks 49

15.3 Enable Clustering 49

15.4 Install SQL Server 49

15.5 Second SQL Server Instance 51

16 Step 4: Configure SQL Server PowerPivot Servers 52

16.1 First PowerPivot Server 53

Trang 7

Page 6 of 89

16.1.2 Install SQL Server 55

16.2 Second PowerPivot Server 56

17 Step 5: Deploy the first SharePoint Application/Central Administration Server 57

17.1 SharePoint Image 57

17.1.2 Install SharePoint Prerequisites 59

17.1.3 Install SharePoint 60

17.1.4 Install Add-Ins 60

17.1.5 Install Updates 61

17.1.6 Sysprep 61

17.1.7 Capture Image 61

17.2 First SharePoint Server 62

17.2.2 Create New Farm 64

17.2.3 Add PowerPivot Solutions 64

17.2.4 Install PowerPivot Features 65

17.2.5 Configure Service Instance 65

17.2.6 Create PowerPivot Service Application 65

17.2.7 Create Default Web Application 65

17.2.8 Deploy Web Application Solution 66

17.2.9 Create Site Collection 66

17.2.10 Activate PowerPivot Feature 66

17.2.11 Start the Claims to Windows Token Service 66

17.2.12 Configure Secure Store Service 67

17.2.13 Configure Alternate Access Mappings 68

17.2.14 Install Reporting Services 69

17.2.15 Install Reporting Services Bits 69

17.2.16 Enable Reporting Services 70

17.2.17 Create Reporting Services Shared Service Application 71

17.2.18 Grant Reporting Services permissions 71

17.3 Section Validation 72

18 Step 6: Configure AlwaysOn Availability Groups 73

Trang 8

18.1 Create Cluster 73

18.2 Enable AlwaysOn Availability Groups 74

18.3 Create Availability Group 75

18.4 Enable High Availability in SharePoint 77

19 Step 7: Deploy SharePoint Web Front End Servers 78

19.1 Provision VM 78

19.2 Join SharePoint Farm 80

19.3 Import Certificate 81

19.4 Deploy PowerPivot Solutions 81

19.5 Configure Second SharePoint Web Front End 82

20 Step 8: Deploy Additional SharePoint Application/Central Administration Servers 83

20.1 Provision VM 83

20.2 Join SharePoint Farm 85

20.3 Configure Local Service Instances 85

20.4 Start the SharePoint Services 86

20.5 Deploy PowerPivot Solutions 86

20.6 Install Reporting Services Bits 87

20.7 Enable Reporting Services 87

Trang 9

Page 8 of 89

21 Conclusion 89 21.1 For more information: 89 21.2 Feedback 89

Trang 10

2 Introduction

We’ve been getting more and more requests for guidance on running Business Intelligence (BI) workloads in Windows Azure Virtual Machines This paper is a joint effort between the Microsoft SQL Server BI portion of the Windows Azure Customer Advisory Team and Microsoft's Israel

Development Center The deployment guidance in this document is based on customer experiences, customer feedback, and user research

The environment outlined in this document works as a stand-alone environment that does not need

to connect to an on-premises Active Directory domain It emphasizes BI deployment techniques for Windows Azure Virtual Machines without going too deeply into individual BI technologies The paper assumes that you already understand how to build BI environments in general and you now want to deploy a Microsoft SharePoint based BI environment in Windows Azure Virtual Machines This document should serve as a starting point to build such a Windows Azure-based BI

automated and repeated as needed

3 What Is Infrastructure as a Service (IaaS)?

IaaS is any environment that enables you to host virtual machines (VMs) without having to build and maintain the hosting infrastructure yourself Many corporate IT departments take advantage of virtualization environments to run their workloads IaaS eliminates the need to install or maintain host servers, enabling you to focus on your VMs rather than the infrastructure In Windows Azure, IaaS is provided through the Windows Azure Virtual Machines service

4 Why Infrastructure as a Service (IaaS)?

There are several reasons to run BI workloads on IaaS Some reasons are related to the general benefits of an IaaS environment Other reasons are derived from the combination of IaaS

advantages with the characteristics of BI solutions:

 Seamless migration to the cloud IaaS is the most accessible alternative for migrating BI

workloads to the cloud, because IaaS is very similar to existing on-premises architectures

 No physical infrastructure maintenance Windows Azure takes care of physical infrastructure deployment and maintenance for you

 IaaS solutions are flexible Additional VMs can be created from predefined Windows Azure

gallery images or from custom images You can deploy additional servers to increase capacity dynamically

 Reduced total cost of ownership (TCO) By accruing costs only for consumed resources,

required software SKUs, and actual resource usage time, IaaS can help to lower TCO This is especially significant for short-lived projects, such as demos or proof-of-concept (POC)

deployments

Trang 11

Page 10 of 89

5 Recommended Scenarios for BI on IaaS

IaaS is a good choice for the following scenarios:

 Demonstrations – IaaS is a convenient option when you need to demonstrate the new

Microsoft BI stack No hardware is required, and the deployed solution is available from everywhere Also, cost is associated only with the time during which the solution is

deployed

 Proof of concept (POC) – IaaS can be used for creating a POC of a BI solution Running the

POC on IaaS enables trial and error of various architectures while avoiding the high costs associated with buying hardware After the BI solution architecture is clear, it can be

decided which hardware to buy, or even continue using IaaS for the production solution Also, the Windows Azure gallery provides some building blocks that can save some work in comparison to the on-premises alternative, for example VM images that contain Operating Systems and so on

 Development/Test/Lab/Training – Development and test environments commonly require

an iterative build-and-try workflow Training environments frequently require several machines configured in a specific way for several days, and lab environments can be used for various explorations and scenario testing For all these cases, using IaaS is convenient because it provides maximum flexibility—different environments can be created quickly, and IaaS is easy to scale as needed Also, as in previous scenarios, cost is minimized to the actual required resources

6 Document Conventions

This section describes documentation conventions used in this paper

Each implementation section starts with a description of the desired end result of that section If you feel comfortable implementing the particular section without using the sample scripts included

in the document, feel free to skip the scripted guidance and implement that section on your own

Important: The implementation sections are progressively dependent on each other; later

sections build on previous sections You cannot complete sections later in the document if the previous sections have not been completed by either the scripts provided or manually by you Each implementation section concludes with steps and recommendations for how to verify that the steps for that section completed successfully You should verify the results of each section before you proceed to the next section

 Scripting Conventions – This document makes wide use of Windows PowerShell script

fragments If the fragment contains a single command, the text leading up to it provides

information on what the script does If the fragment contains several commands, the text leading up to it provides information on what the fragment as a whole does, and comments (Windows PowerShell comments start with #) embedded in the fragment describe what is happening in more detail

Trang 12

7 Getting Started with IaaS

This section goes over the topics and terminology specific to Windows Azure The content in the section is not specific to BI, but if you are new to Windows Azure, it helps you understand the overall Windows Azure IaaS environment If you are comfortable with these topics already, feel free

to skip this section and move on to the architectural guidance

Note that this information is believed to be accurate at the time of the paper’s publication The Windows Azure environment is a live service that receives updates and improvements For the most up-to-date information about Windows Azure, see the following:

 Windows Azure – http://www.windowsazure.com

 Virtual Machines –

http://www.windowsazure.com/en-us/documentation/services/virtual-machines/?fb=en-us

7.1 Affinity Groups

In Windows Azure, an affinity group is a logical grouping of resources defined by the user When

storage and virtual machines are grouped into affinity groups, Windows Azure does all it can to locate these resources physically close together in the data center, which helps minimize latency

It is important to locate your virtual machines and the storage close together physically, because the virtual hard disks (VHDs) used by the virtual machines are stored as blobs in Windows Azure storage

7.2 Virtual Networks

In Windows Azure, you can define one or more virtual networks within your subscription A virtual network is private to you and the services that you deploy to it—VMs that are not a part

of the virtual network cannot see into the virtual network You can define a single address space

or multiple address spaces within your virtual network, and you can divide those address spaces

up into multiple subnets if you want—the flexibility is yours

It is worth mentioning at this point that it is important to plan your virtual network carefully before you create resources After resources (virtual machines in this case) are deployed to a network, most of the configuration settings on that network cannot be changed The only way to change configuration settings after deployment is to deprovision the resources from the

network, make your changes, and then add the resources back to the network This is consuming, and it requires downtime of your applications and services while the work is being performed

All IP addresses within Windows Azure Virtual Machines are assigned through Dynamic Host Configuration Protocol (DHCP) and remain assigned to the VM until the VM is deallocated It is important that you do not change the IP address in your virtual machines If you manually change the IP address, you may lose connectivity to the VM Let Windows Azure provide the network settings for all of the machines that you deploy For more information, see

http://msdn.microsoft.com/en-us/library/windowsazure/dn133803.aspx

Trang 13

Page 12 of 89

7.2.1 Subnets

A virtual network in Windows Azure supports address space divided into multiple subnets Routing between the subnets is automatically handled through Windows Azure, so VMs in one subnet on your virtual network are automatically able to see VMs in other subnets within the same virtual network You can add more subnets to a virtual network after machines are deployed, but you cannot change the settings of existing subnets without removing all of the deployed resources

Windows Azure uses some of the addresses in each subnet defined for its own internal

purposes Currently Windows Azure consumes three addresses from every subnet defined (which is why a /29 subnet is the smallest that you can define) When you plan your network, make sure that you take this information into account You might need to use a larger subnet than you think to accommodate for the addresses that Windows Azure consumes

Avoid making assumptions about IP address assignments It is common for

administrators to make the assumption that the first IP address that they receive in a subnet will be the fourth possible IP address For example, for a 10.10.10.0/29 subnet, you might assume that the first IP address handed out is 10.10.10.4 Although that assumption is currently correct, the pattern of IP address assignment can change at any time without warning The best bet here is to refrain from making assumptions about the IP address that your VM will receive

7.2.2 DNS

Windows Azure provides a Domain Name System (DNS) server that allows you to access the Internet from your virtual machines You can also provide your own DNS servers on your virtual network to handle name resolution within your own network In the example deployment that

we build in this paper, two DNS servers are defined, and they provide name resolution within the virtual network

You can define the DNS servers in two places, at the virtual network level and at the Cloud Service level DNS settings that are defined at the Cloud Service level apply to every machine deployed into that Cloud Service, regardless of what the virtual network-level settings are DNS settings that are defined at the virtual network level apply to every machine deployed to that network, unless that machine is part of a Cloud Service that has custom DNS settings

7.2.3 On-Premises Connectivity

Windows Azure Virtual Networks can be set up for on-premises connectivity in two different ways —point-to-site and site-to-site Each method has its own purpose, and both can be used

in the same virtual network

Point-to-Site On-Premises Connectivity

Point-to-site connectivity is essentially a virtual private network (VPN) connection into your virtual network Your machine gets an IP address on the virtual network, and you can then communicate with the machines via IP address or via names resolved by a DNS server, if you have configured one This best way to think about point-to-site connectivity is like a corporate VPN When you are off-site, you can use VPN software provided by your employer to connect to network resources at the office This is the

Trang 14

same basic technology that corporate VPNs use The communication channel between your machine and the virtual network in Windows Azure is handled through certificates that you create and load rather than user names and passwords

Site-to-Site On-Premises Connectivity

Site-to-site connectivity is different from point-to-site connectivity Site-to-site

connectivity is meant to be a permanent tunnel between your corporate environment and your virtual network in Windows Azure If you set up site-to-site connectivity, your cloud-based virtual machines can actually be a part of your corporate domain

structure

7.3 Storage

Windows Azure Virtual Machines make extensive use of vhd files, similar to what is used

in on-premises Windows Server Hyper-V environment You can have multiple distinct storage accounts within a single Windows Azure subscription, and you can spread files from VMs across multiple storage accounts The vhd files used by Windows Azure Virtual Machines are stored in Windows Azure Blob Storage as page blobs This is an important distinction because there are two types of blobs in blob storage: page blobs and block blobs For vhd files, you use page blobs

If you have existing machines that you want to host and run in Windows Azure Virtual

Machines, you can upload the vhd files to Windows Azure Blob Storage and create a virtual machine based on them You can also upload a vhd that includes a sysprepped virtual machine that can be used as an image to create multiple virtual machines You can also create new vhd

by creating a new virtual machine ‘Disk’ in the management portal (or Windows PowerShell Add-AzureDatadisk)

7.3.1 Containers

Rather than folders, blob storage uses containers to store blobs When you are working with virtual machines, a “vhds” container is automatically created for you Containers have three different levels of security: Private, Public Container, and Public Blob The

“vhds” container that is created when you create virtual machines is created as Private When you work with virtual machines, you can use whatever container structure works best for you All you need to do when creating a virtual machine is provide the full path

to the vhd file

The following diagram illustrates the Windows Azure objects that are part of the storage environment:

Trang 15

Page 14 of 89

7.3.2 Access Keys

Windows Azure storage accounts can be accessed from various third-party tools (as well as the published API) This access is commonly done by using one of the access keys on the storage account Each storage account has two access keys: a Primary Access Key and a Secondary Access Key Both keys provide the same level of access There are two keys so that if you want

to perform periodic key maintenance you can change one of them while still accessing your storage through the other

7.4 Cloud Service

The cloud service is the heart of your cloud-based deployment It provides a public face to your infrastructure if you want it to have one Your level of exposure to the Internet is controlled by how much you open your cloud service

7.4.1 Deployments

Cloud services can have multiple deployments For the purposes of working with Windows Azure Virtual Machines, the examples in this paper use production deployments

7.4.2 Virtual IP Address

Each cloud service gets a single public-facing IP address Along with that, it gets a public DNS entry If

you name your cloud service “BIPaper”, its public DNS entry will be “BIPaper.cloudapp.net” This IP

address (and public DNS entry) is how you connect to the resources running as part of the cloud service

7.5 Endpoints

For each virtual machine that you deploy, you can define one or more public endpoints An endpoint is a public/private port pairing that acts as a bridge between the public virtual IP address and the private virtual machine IP address For example, if you want inbound (public) traffic on port 53186 of the virtual

IP address routed to port 3389 on a given virtual machine, you can set up an endpoint on that virtual machine with a public port of 53186 and a private port of 3389

A public port can only be used once per cloud service—unless you set the endpoints up as load-balanced endpoints You can share a single public endpoint across multiple virtual machines by using the built-in load balancer in Windows Azure

Trang 16

Many people may want to use remote desktop to connect to their Windows Azure-based virtual

machines The easiest way to do this is through a point-to-site VPN, but you can still do it without a VPN Set up an endpoint on each virtual machine that you want to access with a private port of 3389 (the standard port for RDP) and an obfuscated public port The obfuscation of the public port provides two benefits: 1) multiple machines in the same cloud service can use the same private port without load balancing, and 2) port 3389 is a well-known port and using it as your public RDP port can open your infrastructure up for potential attacks

of virtual machines needs to be done either through the Windows Azure Management Portal

(https://manage.windowsazure.com/) or through the exposed APIs

7.7 Availability Sets

Availability sets are logical groupings of virtual machines Periodically, the host operating systems that

run underneath your virtual machines need to be updated When these updates happen, any virtual machine running on that host is taken offline To get the promised service-level agreement (SLA) for Windows Azure Virtual Machines, you need to have at least two machines running in a given role (two domain controllers, for example) Placing those machines in the same availability set tells Windows Azure that it should make sure that one machine always remains up while host maintenance is being performed

7.8 Disks

To present a vhd stored in blob storage to a virtual machine, verify that the vhd has a Windows Azure Disk defined Disks can be marked as data disks, bootable disks (which contain an operating system image), or images (which contain a sysprepped image that can be used for creating other virtual

machines) In this paper, all three disk types are used

7.9 Images

Images are templates in the world of Windows Azure Virtual Machines There are prebuilt gallery images for a variety of technologies, including Windows Server and SQL Server If you have a situation where you need to add machines to your deployments quickly (such as scaling out a SharePoint environment), you can create your own custom images with your software preinstalled These images can then be used as a template for creating additional machines One word of caution—make sure that the software you install on the image supports being sysprepped

The procedures in this document use a base Windows Server image from the Windows

Azure Virtual Machines gallery The procedures do not use gallery images that contain SQL Server We made this choice for the following reasons:

Trang 17

Page 16 of 89

 The gallery images have most of SQL Server installed and running Many of these features are not needed for the BI scenarios covered in this document To simplify the installation and configuration procedure, the scripts install only the SQL Server features that are needed for the BI scenarios

 Leveraging the gallery images that have SQL Server already installed does not allow you to make use of your existing licenses The procedures in this document assume you supply the installation files and necessary licenses for SQL Server and SharePoint For more information, see the prerequisites and assumptions section of this document

Trang 18

8 Prerequisites and Assumptions

We made several assumptions about our readers and your environments while we were writing this paper:

 Installation Bits – For the purpose of this paper we used the Windows Server 2012 gallery

images These images do not have any additional software installed on them You will need to provide the installation media for SQL Server 2012 with SP1 (Enterprise or Business Intelligence edition), SharePoint Server 2013 (Enterprise) and any service packs and cumulative updates you want to apply The paper was written using the following software:

 SQL Server 2012 Enterprise Core edition

 SQL Server 2012 ervice pack (SP) 1 and cumulative update (CU) 4

 SharePoint Server 2013 Enterprise edition

 SharePoint Server 2013 March 2013 CU

 SharePoint Server 2013 April 2013 CU

 Licensing – Through the use of the Windows Server 2012 gallery images, the Windows licensing

is covered on a pay-by-the-hour basis Any licensing for the SQL Server and SharePoint

components are the responsibility of the person doing the installation For more information about Windows Azure pricing and licensing, see http://www.windowsazure.com/en-

us/pricing/details/virtual-machines/

 Windows Azure Subscription – You will need access to a Windows Azure subscription with a

sufficient number of cores allocated The default is 20 cores per subscription To build the entire

lab outlined in this document, you need 66 cores at the recommended machine sizes To

increase the core quota, contact http://www.windowsazure.com/en-us/support/options/

Important: After you are finished developing and testing the scripts, verify that the Windows

Azure resources are in the desired state so you are not charged for resources you do not need For example, if you leave Windows Azure Virtual Machines running, you are charged compute hours If you do not want to delete virtual machines and you do not want to incur charges while the virtual machine is unused, shut down the virtual machine(s) in the Windows Azure Management Portal For more information about the cost of Windows Azure compute charges, see

http://www.windowsazure.com/en-us/pricing/calculator/

 Management Certificate – To use the scripts included in this paper, you need to create a

management certificate and upload it into the Windows Azure Management Portal For more information about how to do this, see Cloud Spelunking, Managing Azure form your Desktop via PowerShell (the Setup) (http://blogs.msdn.com/b/sql_shep/archive/2013/03/29/cloud-

spelunking-managing-azure-form-your-desktop-via-powershell.aspx)

 VPN Certificate – If you plan to use the point-to-site VPN functionality to access your virtual

machines, you need to create your root and client certificates For more information about how

Trang 19

 Windows PowerShell Scripting – It is our assumption that people using this document will have

a basic working knowledge of Windows PowerShell, including the definition and use of variables and scripts For more information about using Windows PowerShell, see Getting Started with Windows PowerShell (http://technet.microsoft.com/en-us/library/hh857337.aspx)

 Windows PowerShell Integrated Scripting Environment (ISE) – We recommend that you use

the Windows PowerShell ISE tool for running the scripts included in this document The

Windows PowerShell ISE is installed by default on Windows Server 2012

 On-Box vs Off-Box Scripts – In this paper, the terms on-box and off-box are used when in

discussions of Windows PowerShell scripts On-box scripts are Windows PowerShell scripts that should be run while you are logged into the specified virtual machine They do not require any

of the Windows Azure settings, but they do require certain variables to be created and

populated Off-box scripts are Windows PowerShell scripts that should be run from a local workstation They require the Windows Azure settings and variables

9 Windows Azure PowerShell Commands

This section describes script related document conventions and best practices regarding the Windows Azure-related PowerShell commands contained in this document

Run the following command before you run any Windows Azure PowerShell commands

Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows

Azure\PowerShell\Azure\Azure.psd1"

This command ensures that the Windows Azure PowerShell cmdlets are loaded Make sure that the path is correct for where your Azure.psd1 file is located

The following standard variable names are used throughout the document

Variable name Purpose/source

$subscriptionName The name of your Windows Azure subscription

$subscriptionID The unique identifier for your Windows Azure subscription

(can be found in the Settings section of the Windows Azure Management Portal under Management Certificates)

$thumbPrint The thumbprint of the management certificate that you

uploaded to the Windows Azure Management Portal

$affinityGroupLocation The Windows Azure data center where you will be deploying

Trang 20

$affinityGroupLabel The label for the affinity group

$virtualNetworkName The name for the virtual network (must be unique in your

subscription)

$cloudServiceName The cloud service name you want to use (must be globally

unique)

$cloudServiceDescription The description for the cloud service

$cloudServiceLabel The label for the cloud service

$storageAccountName The storage account name you want to use (must be globally

unique)

$storageAccountLabel The label for the storage account

$domainName The NetBIOS name of the domain being created (BIPaper, for

example)

$domainNameFQ The fully qualified domain name (FQDN) of the domain being

created (BIPaper.local, for example)

We suggest having these variables and the Import-Module command in a script file that you run with each of the off-box scripts that you run Here is a sample script block that contains these variables, including default values for responses that are assumed in the paper

# Import PowerShell Module

Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows

# Affinity Group Information

$affinityGroupLocation "" # To see possible locations, run the command:

Get-AzureLocation | FT Name, AvailableServices

$affinityGroupName "BIPaper-AffinityGroup"

$affinityGroupDescription "Affinity Group used for the BI in IaaS Paper" # Maximum

of 1024 Characters

$affinityGroupLabel "BI in IaaS Paper Affinity Group" # Maximum of 100 Characters

# Virtual Network Information

$virtualNetworkName "BIPaper-Network"

# Cloud Service Information

$cloudServiceName ""

$cloudServiceDescription "Cloud Service used for the BI in IaaS Paper"

$cloudServiceLabel "BI in IaaS Paper Cloud Service"

# Storage Account Information

$storageAccountName "" # Must be globally unique and all lowercase

Trang 21

Page 20 of 89

 Without storage account:

$certificate Get-Item cert:\currentuser\my\ $thumbPrint

 With storage account:

$certificate Get-Item cert:\currentuser\my\ $thumbPrint

10 Non-Windows Azure PowerShell Commands

The following is the list of standard variables that this paper uses for Windows PowerShell

commands The variables are not used for Windows Azure PowerShell

Variable name Purpose/source

$domainNameFQ The fully qualified domain name (FQDN) that you want to use

(BIPaper.local, for example)

$domainName The NetBIOS name for the domain (BIPaper, for example)

$dbServer The name of the primary database server (BIPaper-DB1, for

example)

$dbServer2 The name of the secondary database server (BIPaper-DB2, for

example)

$farmServiceAccount The name of the service account to use for running the SharePoint

farm (SP_Farm, for example)

$reportingServiceAccount The name of the service account to use for running SQL Server

Reporting Services (SQL_Reporting, for example)

$cloudServiceName The name used for the Windows Azure cloud service (BIPaper, for

example)

$clusterName The name used for the Windows Failover Cluster required by

AlwaysOn Availability Groups (BIPaper-DB, for example)

$quorumServerName The name of the server that hosts the Quorum share (BIPaper-DC2,

for example)

As with the off-box variables discussed earlier, we suggest including all of these variables and their values in a script file that can be run with each of the on-box scripts that you run Here is a sample script block containing these variables, including default values for responses that are assumed in the paper

Trang 22

11 The Overall Environment

In this document, we are going to build a SharePoint-based BI environment that has high availability (HA) designed in at each level The environment is illustrated in the following diagram We start with the Windows Azure infrastructure, and then we proceed through building:

 Domain controllers (BiPaper-DC1, Bipaper-DC2)

 Database servers (Bipaper-DB1, Bipaper-DB2)

 PowerPivot servers (BiPaper-PP1, Bipaper-PP2)

 SharePoint farm server (BiPaper-App1)

After the system is up and operational, we scale it out by adding:

 Two Web Front End (WFE) servers (BiPaper-WFE1, BiPaper-WFE2) behind a Windows

Azure load balancer

 A second SharePoint application-tier server (BiPaper-App2) for HA

Trang 23

AppNet (172.16.3.0/24)

AppAffinityGroup

DBNet (172.16.2.0/24)

PPAffinityGroup

DBAffinityGroup

Trang 24

12 Overview of the Deployment Steps

The following table lists the high-level steps to deploy a full-featured BI environment in IaaS The steps walk you through

a deployment that is intended to illustrate several useful technologies and how they work together in a highly available design You may decide in your environment to not include some technologies

2 Deploy Active Directory Domain

Services (AD DS)

Provisioning and configuration of two domain controllers to support the environment and creation of user accounts for services

3 Configure SQL Server Database

Servers

Provisioning and configuration of two SQL Server database servers

to support highly available storage of the SharePoint databases

4 Configure PowerPivot Servers Provisioning and configuration of two (or more) SQL Server

Analysis Services SharePoint mode servers to support loading of PowerPivot workbooks

5 Deploy the first SharePoint

Application/Central Administration Server

Provisioning and configuration of the first SharePoint App-Tier server, including Central Administration, Microsoft Excel Services, Reporting Services, and PowerPivot

6 Configure AlwaysOn Availability

Provisioning and configuration of additional SharePoint App-Tier servers to support scaled-out load balancing

Trang 25

Page 24 of 89

13 Step 1: Configure the Windows Azure Environment

The first step of the process is to configure the Windows Azure environment to make it ready for deploying our virtual machines If you are comfortable with creating a Windows Azure infrastructure on your own without the samples, create the following infrastructure objects and skip to the section Step2: Deploy Active Directory Domain Services Otherwise, continue reading for the step-by-step instructions

The following list describes the different elements this paper uses in the Windows Azure environment

Important: The bold names in the following list are names that are required through the remainder of this

paper If you use different names, be sure to adjust the other scripts that use these names

 Affinity group – BIPaper-AffinityGroup

The affinity group that we create binds all of the infrastructure assets together The affinity group lets Windows Azure know that these different pieces (network, virtual machine, storage, and so on) are working together and that they should be physically located near each other to reduce latency between the different parts of the system

 Network:

 Name – BIPaper-Network

 Affinity Group – BIPaper-AffinityGroup

 Point-to-Site Address Space – 172.16.128.0/29 (this is necessary only if you are using point-to-site VPN)

 Gateway – 172.16.127.0/29 (this is necessary only if you are using point-to-site VPN)

 If you are configuring point-to-site VPN:

 Create Gateway

 Upload Root Certificate

 Configure VPN Connection

 Cloud Service:

 Name – Choose a globally unique name (for this paper, we used bipaper)

 Storage Account:

 Name – Choose a globally unique name (for this paper, we used bipapersp)

13.1 Create the Affinity Group

To create the affinity group, run the following Windows Azure PowerShell command (use the variable/subscription block

without the storage account)

Trang 26

 Portal – In the Windows Azure Management Portal (https://manage.windowsazure.com), click Settings and then

click Affinity Groups to verify that it exists (you might need to refresh the page)

 Windows PowerShell – Run the following Windows PowerShell command (include the same variable script

block used to run the command listed earlier) It should return the value True

(( Get-AzureAffinityGroup where { $_ Name -eq $affinityGroupName }) -ne $NULL )

13.2 Network

The network that we will be creating provides subnets and address spaces for each virtual machine that we deploy We have divided our network up as follows:

 Address Space – 172.16.0.0/17 This is the total possible pool of IP addresses that can be assigned in our virtual

network There are 32,763 usable addresses

 Point-to-Site Address Space – 172.16.128.0/29 This is the address space allocated to the machines that connect

via the point-to-site VPN feature There are six usable addresses

 Subnets: The subnets defined here are strictly for logical grouping of machines

 ADNet – 172.16.1.0/29 This is the address space allocated to our Active Directory servers There are three usable addresses

 DBNet – 172.16.2.0/24 This is the address space allocated to our database servers, There are 251 usable addresses

 AppNet – 172.16.3.0/24 This is the address space allocated to our app-tier servers There are 251 usable addresses

 WebNet – 172.16.4.0/24 This is the address space allocated to our web servers There are 251 usable addresses

 Gateway – 172.16.127.0/29 This is a subnet used by the internal gateway There are three usable addresses

13.2.1 Create the Virtual Network

The way that the network is created depends on whether you have existing virtual networks defined If your subscription has existing networks defined, you can merge the new network configuration into the existing configuration If your subscription does not have existing networks defined, you can create the entire network from scratch The script in step

3 automatically detects which scenario you have and acts accordingly

Here are the steps for network creation:

Trang 27

Page 26 of 89

1) Save the following XML block into a file named “C:\Temp\NetworkDef.xml”

< VirtualNetworkSite name="placeholder-network" AffinityGroup="placeholder-affinitygroup">

3) Run the following Windows Azure PowerShell (use the variable/subscription block without the storage account)

# Get a temporary path for the network config

$networkTempPath IO.Path ]:: GetTempFileName()

Trang 28

# Get the current network configuration

Get-AzureVNetConfig -ExportToFile $networkTempPath

# Determine whether we got the network configuration

if (( Test-Path $networkTempPath ) -eq $false )

{

# Didn't get a config file

# Load the full network config

[ string ] $networkConfig Get-Content ( "C:\Temp\NetworkDef-Full.xml" )

# Replace the placeholder name and affinity group with the variable values

$networkConfig $networkConfig Replace( "placeholder-network" ,

$virtualNetworkName ) Replace( "placeholder-affinitygroup" , $affinityGroupName )

# Save the network configuration

$networkConfig Save( $networkTempPath )

}

else

{

# Got a config file

# Load the config file

[ xml ] $networkConfig Get-Content $networkTempPath

# Check for VirtualNetworkSites node

# Merge in the predefined configuration

# Load the network config fragment

[ string ] $networkConfigNode Get-Content ( "C:\Temp\NetworkDef.xml" )

# Replace the placeholder name and affinity group with the variable values

$networkConfigNode $networkConfigNode Replace( "placeholder-network" ,

$virtualNetworkName ) Replace( "placeholder-affinitygroup" , $affinityGroupName )

# Merge the fragment into the full file

$networkConfig Item( "NetworkConfiguration" ) Item( "VirtualNetworkConfiguration" ) Item( "VirtualNetwor kSites" ) InnerXML += $networkConfigNode

# Save the network configuration

$networkConfig Save( $networkTempPath )

}

# Upload the network configuration

Set-AzureVNetConfig -ConfigurationPath $networkTempPath

# Clean up the temporary file

Remove-Item -Path $networkTempPath

13.2.2 Validation

There are two ways to verify that the network has been created:

 Portal – In the Windows Azure Management Portal, click Networks and verify that the network exists (you might need to refresh the page); also review the configuration to make sure it looks like what was defined earlier in the paper

 Windows PowerShell – Run the following Windows PowerShell command (include the same variable script

block used to run the command listed earlier) It should return the value True

Trang 29

AzureProvisioningConfig” commands for your virtual machines This change allows Windows Azure to create a RDP endpoint that you can use to connect to the machine

13.3 Cloud Service

The cloud service provides a container for all of the virtual machines to live in, as well as a public IP and DNS entry for us

to use for access It is possible to have multiple cloud services sharing a single virtual network, but for this paper we have only one

13.3.1 Create the Cloud Service

To create the cloud service, run the following Windows Azure PowerShell command (use the variable/subscription block

without the storage account)

There are two ways to verify that the cloud service was created:

 Portal – In the Windows Azure Management Portal, click Cloud Services and then verify that the cloud service

exists (you might need to refresh the page)

 PowerShell – Run the following Windows PowerShell command (include the same variable script block used to

run the command listed earlier) It should return the value True

(( Get-AzureService where { $_ ServiceName -eq $cloudServiceName }) -ne $NULL )

13.4.1 Create the Storage Account

To create the storage account, run the following Windows Azure PowerShell command (use the variable/subscription

block without the storage account defined)

New-AzureStorageAccount `

-StorageAccountName $storageAccountName `

-Label $storageAccountLabel `

-AffinityGroup $affinityGroupName

Trang 30

13.4.2 Validation

There are two ways to verify that the storage account was created:

 Portal – In the Windows Azure Management Portal, click Storage and then verify that the storage account exists

(you might need to refresh the page)

 Windows PowerShell – Run the following Windows PowerShell command

(( Get-AzureStorageAccount where { $_ StorageAccountName -eq $storageAccountName }) -ne $NULL )

At this point, your Windows Azure environment should be configured and ready for us to move on to creating the actual virtual machines

To Overview of the deployment steps

Trang 31

Page 30 of 89

14 Step2: Deploy Active Directory Domain Services

Now that our Windows Azure infrastructure is in place, we need to start building out the virtual machines that will

support the BI scenario This starts with two domain controllers (BIPaper-DC1 and BIPaper-DC2) We need two domain

controllers for high availability and to meet the Windows Azure SLA (which requires two or more machines in the same role—in this case the role is domain controller) One of the machines will have a share on it to hold our installation media for the other servers that we build, and the other machine will have a share that will serve as the quorum share for the Windows Failover Cluster that we build in a later step It is a best practice to put your Active Directory databases

on a disk that does not have write caching enabled (the C: drive of your VM will have caching enabled, and you should not change that setting), so that will be part of our build-out procedure Another thing that we learned in testing is that the Windows Azure DNS server automatically gets added to the first domain controller as a forwarder In the scripts we remove this automatic configuration

At the end of this section, you will have an environment that looks like this:

 First Domain Controller:

 Server Name – BIPaper-DC1

 Storage Account – <your globally unique name>

 Domain/Forest Name – BIPaper.local

 Domain/Forest Functional Level – Windows Server 2012

 Acting as a DNS Server

 Active Directory Sites and Subnets Created to match the Virtual Network definition

 Attached Disk – 50 GB for Active Directory databases (scripts format as Z)

 Network Subnet – ADNet

 Availability Set – ADAvailabilitySet

 Server added to Windows Azure Virtual Network as a DNS server

 Second Domain Controller:

 Server Name – BIPaper-DC2

 Storage Account – <your globally unique name>

 Domain/Forest Name – BIPaper.local

 Domain/Forest Functional Level – Windows Server 2012

 Acting as a DNS Server

 Attached Disk – 50 GB for Active Directory databases (scripts format as Z)

 Network Subnet – ADNet

 Availability Set – ADAvailabilitySet

 Server added to Windows Azure Virtual Network as a DNS server

 Public Share – Quorum

 Change access granted to everyone

If you feel comfortable creating this environment on your own, you can do so and then skip to the “Service User

Accounts” section

14.1 First Domain Controller

The first domain controller that we will create provides the foundation for all other machines that we build It serves as not only an Active Directory server, but also as an internal DNS server for name resolution between our VMs As with all

of the virtual machines we will be creating, the first step is a Windows Azure PowerShell command that runs off-box and creates the machine itself The remaining steps are Windows PowerShell commands that run while you are logged into the VM

Trang 32

 VM Creation – This section (starting with the comment “Creating the virtual machine…”) consists of the

following Windows Azure commands:

 New-AzureVMConfig – This command begins the definition of the virtual machine It sets the name, size, image, vhd location and label, and availability set

 Add-AzureProvisioningConfig – This command determines how Windows Azure should provision the VM defined in the last command It tells Windows Azure that this will be a Windows machine, that

automatic updates should be disabled (you can turn this back on if you want), that there should not be endpoints for RDP or Remote Windows PowerShell, and what the administrator user and password should be

 Set-AzureSubnet – This command defines what subnet the virtual machine should be deployed into

 Add-AzureDataDisk – This command attaches an empty disk to the virtual machine when it is created The command defines the size and storage location of the disk, as well as the LUN and cache setting

 New-AzureVM – This command creates the virtual machine that was defined in the earlier commands In addition to the information gathered from the earlier commands, it defines the cloud service and virtual network that should be used The script loops until creation of the VM is complete and the script writes

a status to the screen every 15 seconds

 DNS Creation – This section (starting with the comment “DNS Variables…”) consists of the following sections:

 DNS Variables – A set of variables used to create a DNS entry in the virtual network

 Get the Windows Azure Network Configuration File – Loads the current virtual network configuration

 Check for DNS Node – Checks the network configuration XML for a DNS node and creates one if it does not exist

 Check for DnsServers Node – Checks the network configuration XML for a DnsServers node and creates one if it does not exist

 Add DNS Server Entry – Adds the newly created domain controller as an available DNS server

 Add DNS Servers Reference – Checks the network configuration XML for a DnsServersRef node in the paper’s virtual network and creates one if it does not exist

 Add DNS Server Reference – Checks the network configuration XML for a DnsServerRef node in the paper’s virtual network and creates one if it does not exist

 Save the Network Configuration – Saves the network configuration XML

 Update the Network Configuration – Uploads the updated network configuration to Windows Azure

 Clean Up After Yourself – Cleans up the temporary file used for the network configuration

To create the first domain controller, run the following Windows Azure PowerShell command (use the

variable/subscription block with the storage account defined)

# Get the name for the VM

$vmName "BIPaper-DC1"

# Get the admin user name for the VM

$vmAdminUserName Read-Host -Prompt "Server Administrator User Name"

# Ask for the password that should be used for the server and convert it to a format usable by the commands

$vmAdminPasswordSecure Read-Host -AsSecureString -Prompt "Server Administrator Password"

$stringMarshal

[ System.Runtime.InteropServices.Marshal ]:: SecureStringToBSTR( $vmAdminPasswordSecure )

$vmAdminPassword System.Runtime.InteropServices.Marshal ]:: PtrToStringAuto( $stringMarshal )

Trang 33

Page 32 of 89

# Get the name of the VM Image to use

$vmImageName ( Get-AzureVMImage Where { $_ Category -eq "Microsoft Windows Server Group" -and

$_ Label -like "Windows Server 2012 Datacenter*" } | Sort-Object PublishedDate -Descending SELECT

ImageName) 0 ] ImageName

# Set the location for the vhd files

$storageAccountContainer "https://" $storageAccountName ".blob.core.windows.net/vhds/"

$vmVHDLocation $storageAccountContainer $vmName ".vhd"

$vmADVHDLocation $storageAccountContainer $vmName "_ADData.vhd"

$vmADVHDName $vmName " AD Data"

# Create the virtual machine

Write-Host "Creating the VM "

# Loop until Status = ReadyRole

Write-Host "`tWaiting for Provisioning to Complete "

$VMStatus Get-AzureVM -name $vmName -ServiceName $cloudServiceName

$dcIPAddress ( Get-AzureVM -ServiceName $cloudServiceName -Name $vmName ) IpAddress

# Remove Temporary File if It Exists

if (( Test-Path $networkTempPath ) -eq $true )

{

Remove-Item $networkTempPath

}

# Get the Azure Network Configuration File

[ xml ] $dnsNetwork Get-Content $networkTempPath

# Check for DNS Node

if ( $dnsNetwork Item( "NetworkConfiguration" ) Item( "VirtualNetworkConfiguration" ) Item( "Dns" ) -eq

$NULL )

{

$dnsNetwork Item( "NetworkConfiguration" ) Item( "VirtualNetworkConfiguration" ) AppendChild( $dnsNetwor

k CreateNode( "element" , "Dns" , $virtualNetworkNamespace ))

Trang 34

# Save the Network Configuration

$dnsNetwork Save( $networkTempPath )

# Update the Network Configuration

There are two ways to verify that the virtual machine was created:

 Portal – In the Windows Azure Management Portal, click Virtual Machines and then verify that the virtual machine exists (you might need to refresh the page)

Trang 35

Page 34 of 89

 PowerShell – Run the following Windows PowerShell command (include the same variable script block used to

run the command listed earlier) It should return the value True

(( Get-AzureVM -name "BIPaper-DC1" -ServiceName $cloudServiceName ) -ne $NULL )

To validate that the DNS server entry was created, open the Windows Azure Management portal, select the network

used for this paper (BIPaper-Network is the default unless you used a different name) and navigate to the Configure page You should see an entry under dns servers for the domain controller that was just created and its IP address (you

might need to refresh the page)

The rest of the scripts for this domain controller are run while you are logged into the machine Connect through remote desktop (either through a public endpoint on the virtual machine or through a point-to-site VPN) before you run these scripts

14.1.3 Format Disks

This on-box script formats the disk that was created to host the Active Directory databases

The script block requires that the following text be stored in a text file named “C:\Temp\DiskpartUnattended.txt” rescan

select disk

online disk noerr

create partition primary

This command promotes the machine to a domain controller There are four components to the script:

 Get the Safe Mode Administrator Password – Prompts the user for the safe mode administrator password that you want to use for the domain

 Install the Active Directory Feature – Installs the Windows feature for Active Directory Domain Services and also installs the appropriate management tools

 Import the ADDS PowerShell Module – Imports the Windows PowerShell module for the feature that was just installed so that it can be used for the next command

Trang 36

 Promote the Domain Controller – Turns this server into a domain controller

Run the following script in Windows PowerShell on the target machine using the on-box variable block defined earlier in the document

# Get the Safe Mode Administrator Password

$password Read-Host -AsSecureString -Prompt "Safe Mode Administrator Password"

# Install the Active Directory Feature

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Import the ADDS PowerShell Module

Note: You will receive warnings about the server not having a static IP address This is fine, because the IP address that is

assigned to a VM in Windows Azure, though it is dynamically assigned, has an infinite lease

Note: After you promote the machine to a domain controller, you will need to log in with domain\username (using the

same user name you specified for the local machine administrator account)

After you run this command, restart the server

Validation

To verify that this command worked:

1 Log in to the server

2 Open Windows Explorer

3 In the left-hand tree view, right-click Computer, and then click Properties

4 In the window that is displayed, verify that the domain listed is what you set for the variable $domainNameFQ

14.1.5 Create Sites and Subnets

This script will create the Active Directory sites and subnets to support the network configuration that we defined earlier

Run the following script in Windows PowerShell on the target machine using the on-box variable block defined earlier in the document

Trang 37

-OtherAttributes @{siteObject = "CN=Default-First-Site-Name,CN=Sites,CN=Configuration $dc " }

# Create the DC Site

-OtherAttributes @{siteObject = "CN=DC,CN=Sites,CN=Configuration $dc " }

# Create the DB Site

-OtherAttributes @{siteObject = "CN=DB,CN=Sites,CN=Configuration $dc " }

# Create the App Site

-OtherAttributes @{siteObject = "CN=App,CN=Sites,CN=Configuration $dc " }

# Create the Web Site

2 Start Active Directory Sites and Services

3 In the left-hand tree-view, expand the Sites node

4 In the left-hand tree-view, you should see nodes for App, DB, DC, Default-First-Site-Name and Web

5 In the left-hand tree-view, click Subnets

Trang 38

6 In the right-hand list-view, verify that the following subnet/name combinations are present:

2 Start DNS Manager

3 In the left-hand tree-view, right-click BIPaper-DC1 (or your server name if you have changed it from the default used in the scripts), and then click Properties

4 In the Properties dialog box, click Forwarders

5 Verify that the list of forwarders is empty

14.2 Second Domain Controller

The second domain controller that we will create provides the high availability that is required for this environment It will serve as not only an Active Directory server, but also as an internal DNS server for name resolution between our VMs As with all of the virtual machines we will be creating, the first step is a Windows Azure PowerShell command that runs off-box and creates the machine itself The remaining steps are Windows PowerShell commands that run while you are logged into the VM

 VM Creation – This section (starting with the comment “Creating the virtual machine…”) consists of the

following Windows Azure commands:

 New-AzureVMConfig – This command begins the definition of the virtual machine It sets the name, size, image, vhd location and label, and availability set

 Add-AzureProvisioningConfig – This command determines how Windows Azure should provision the VM defined in the last command It tells Windows Azure that this will be a Windows machine, that

automatic updates should be disabled (you can turn this back on if you want), that there should not be endpoints for RDP or Remote Windows PowerShell, and what the administrator user and password should be Additionally, this command provides the information necessary to automatically join the machine to our domain

 Set-AzureSubnet – This command defines what subnet the virtual machine should be deployed into

Trang 39