Deploying Windows Azure Pack (Part 2)

by [Published on 6 March 2014 / Last Updated on 6 March 2014]

The second article in this series outlines the different scenarios for deploying Windows Azure Pack in enterprise datacenters.

If you would like to read the other parts in this article series please go to:

Terminology

Let's start with some terminology used when talking about Windows Azure Pack. Here are two key terms you need to know:

  • Administrator - Someone who deploys, configures and manages Windows Azure Pack and makes cloud services available to tenants.
  • Tenant - Someone who subscribes to and uses cloud services made available through Windows Azure Pack.

When Windows Azure Pack is deployed by a hoster (cloud hosting provider) the administrator refers to IT staff at the hoster while the tenants are the customers to which the hoster is selling cloud services. And when Windows Azure Pack is deployed in an enterprise datacenter, the administrator will be your own IT department; the tenants in this case will be the other departments, divisions, or business units within your organization that want to take advantage of the cloud services your IT department is offering.

Required components

Windows Azure Pack currently includes eight components. Two of these components are portals:

  • Management Portal for Administrators - A web-based portal that lets administrators configure and manage user accounts, resource clouds, tenant offers, and so on.
  • Management Portal for Tenants - A web-based self-service portal that lets tenants provision, monitor and manage the following cloud services: Web Sites, Virtual Machines, and Service Bus.

The self-service capabilities of the Management Portal for Tenants enables tenants to deploy and manage the cloud services they need when they need them without having to go through the slow procurement processes of the traditional approach to enterprise IT.

Authentication is another key feature of Windows Azure Pack to ensure that only properly authenticated administrators have access to the Management Portal for Administrators and only properly authenticated users have access to the Management Portal for Tenants. By default, the Management Portal for Administrators uses Windows authentication (Kerberos or NTLM) but you can optionally use Active Directory Federation Services (AD FS) for authentication purposes. The Management Portal for Tenants on the other hand uses the ASP.NET Membership Provider for authentication purposes. Windows Azure Pack includes two authentication sites, an Admin Authentication Site and a Tenant Authentication Site, for these purposes.

Windows Azure Pack also includes components that provide the following application programming interfaces (APIs):

  • Windows Azure Pack Admin API - Enables administration tasks to be performed using the Management Portal for Administrators and Windows PowerShell.
  • Windows Azure Pack Tenant API - Enables tenant-specific tasks to be performed using the Management Portal for Tenants and Windows PowerShell.
  • Windows Azure Pack Tenant Public API - Provides additional tenant-specific functionality primarily for hosting provider environments.

All of the above components are required in any Windows Azure Pack deployment.

Optional components

The following components of Windows Azure Pack may be deployed in order to offer additional forms of cloud services and other resources to tenants:

  • Web Sites - Provides you with a managed web environment you can use to create new websites or migrate your existing business website into the cloud.
  • Virtual Machines - Provides you with a general-purpose computing environment that lets you create, deploy, and manage virtual machines running in the Windows Azure cloud.
  • Service Bus - Allows you to keep your apps connected across your private cloud environment and the Windows Azure public cloud.
  • Automation and Extensibility - Allows you to automate and integrate custom services into your services framework using runbooks.
  • SQL and MySQL - Allows you to provision Microsoft SQL and MySQL databases for tenants to use.

Deployment scenarios

There are two basic deployment scenarios for Windows Azure Pack:

  • Express architecture - Recommended for proof of concept testing only.
  • Distributed architecture - Recommended for production environments.

In addition, the distributed architecture can be implemented in various ways depending on the scale and degree of availability needed. Let's briefly examine each of these scenarios.

Express architecture

In an express deployment of Windows Azure Pack, you install all of the required components on a single server and any optional components needed on one or more additional servers. Specifically, the following required components must all be installed on your first server:

  • Windows Azure Pack Admin API
  • Windows Azure Pack Tenant API
  • Windows Azure Pack Tenant Public API
  • Admin Authentication Site
  • Tenant Authentication Site
  • Management Portal for Administrators
  • Management Portal for Tenants

In addition, your first server must host the SQL Management Database used by the required components. This means you must install a required version of Microsoft SQL Server on the first server.

Distributed architecture

In a distributed deployment of Windows Azure Pack, you spread out the required components across multiple servers. There are many ways you can do this, but the following recommendations should generally be adhered to in order to ensure optional performance and supportability for your deployment:

  1. Install a management portal and its corresponding authentication site on the same server. For example, install the Management Portal for Administrators and the Admin Authentication Site on the same server.
  2. If you will be providing cloud services to tenants over the public Internet, install the following components on the same public-facing server:
  • Management Portal for Tenants
  • Tenant Authentication Site
  • Windows Azure Pack Tenant Public API
  1. If Active Directory Domain Services (AD DS) is to be used for authentication purposes, install it on a separate identity server.
  2. If Active Directory Federation Services (AD FS) is to be used for authentication purposes, install it on a separate identity server.
  3. For greater scalability and high availability in large deployments, install the SQL Management Database on a separate failover cluster. In addition, use failover clustering for your public-facing servers and for the servers hosting your other required components.
  4. For even higher scalability, install each required component on a separate failover cluster and the SQL Management Database on another failover cluster. In other words, use eight failover clusters to deploy the seven required components plus the SQL Management Database.

In the next article of this series we will begin our walkthrough of deploying Windows Azure Pack. We will focus primarily on the express deployment scenario in this series along with two types of cloud services: Web Sites and Virtual Machines. In future series we will look at how tenants can use Windows Azure Pack to provision Web Sites and Virtual Machines.

If you would like to read the other parts in this article series please go to:

Featured Links