John Joyner details the steps of producing a working VM role in the Azure public cloud.
In a previous article, using Microsoft Visual Studio, we created the service model for your Azure virtual machine (VM) role and configured it to use your uploaded virtual hard drive (VHD) image. We are ready to perform the final steps that will produce a working VM role in the Azure public cloud. We will complete customization of the service model in Visual Studio and generate the service package files. After completing the steps in this article, you will be ready to deploy the service package to your Azure subscription using the Windows Azure Platform Management Portal.
Completing the service model
We resume work in Visual Studio, with your Windows Azure Project open, and immediately follow the step where we select the VHD for the VM role (from those uploaded to the Azure subscription).
- On the Configuration tab, enter the number of VM instances and the VM size of the instances.
- To benefit from the Azure VM Service Level Agreement (SLA), you must have two or more VM instances per VM role. A single instance represents a single point of failure in your Azure application.
- VM sizes are per the Microsoft VM Sizing Chart. The economical "small" instance works for many VM roles -- it provides 1.75-GB RAM, 165-GB storage, and a 100-Mbps bandwidth allocation.
- On the Settings tab, you have the option to define Azure Plugin Settings that affect the virtual machine after it is started.
- Settings that enable Remote Desktop Protocol (RDP) access to the VM are automatically included, such as the user name you specify later when configuring Remote Desktop connections to the Azure VM role.
- Azure developers can leverage the Azure Software Development Kit (SDK) to write a Windows service that runs in the VM. Such a custom service could read variables (defined as plugin settings to the Azure VM instance), to do such things as rename the VM, or perform other automatic configuration.
On the Endpoint tab, define the protocol names, port numbers, and certificates involved in publishing your application to the Internet.
- If you don't specify endpoints here, your VM will only have outbound access to the Internet.
- A common practice with Azure development VMs running web services is to expose a port 80 endpoint. This will allow easy testing of successful VM role deployment by browsing to the default "Welcome to IIS7" web page. The endpoint settings shown in Figure A will publish HTTP (TCP port 80), as well as an additional port of your selection. You can publish as many TCP ports to the Internet as are needed for your Azure application. In this step, you are essentially configuring the Internet-facing Azure firewall infrastructure that will publish your application.
- On the Virtual Network tab, optionally paste the GUID (character string) of your Azure Connect activation token. With Windows Azure Connect, you can configure IPSEC-protected connections between one or more computers or VMs in your local network and VM role instances running in Windows Azure.
Figure A - The Endpoint tab of the VM role application in Visual Studio 2010 (click to enlarge).
Creating the service package
The service package-that contains the service model-consists of two files that will be uploaded to Windows Azure. The following steps will create the service package, and in the process configure Remote Desktop Protocol (RDP) access permissions for the VM.
- Right-click the Azure cloud service project in Visual Studio, Solution Explorer and select Publish. In the Deploy Windows Azure Project dialog box, click Configure Remote Desktop connections.
- Check the option labeled Enable connections for all roles, expand the drop down list and select Create, then type a friendly name you will recognize. (In this step you are generating a second digital certificate, used only for RDP access, which is different from the Windows Azure Account Credentials certificate you created when uploading your VHD.)
- Choose the newly created certificate from the drop-down list, enter the name of the user that is allowed to connect remotely to your VM (this can be any name of your choice), enter a password and confirm it, and leave the account expiration date unchanged.
- Now you need to export a copy of the RDP certificate for use later. Click View next to the certificate drop down list. In the Certificate dialog, switch to the Details tab and click Copy to File. Follow the wizard to export the certificate to a file, making sure that you choose the option to export the private key. Save the resulting file to a suitable location in your hard disk. You will need to upload this file to the Management Portal later, once you create a hosted service for your role. Figure B shows this step being performed.
- Finally, you are ready to generate your Azure VM role service package. With "Create Service Package Only" selected in the Deploy Windows Azure project dialog, push the OK button. Visual Studio will compile the two service package files and open an Explorer window to the file location, typically <current user profile>\Documents\Visual Studio 2010\Projects\<Azure Project Name>\<Azure Project Name>\bin\Debug\Publish.
- The Service Package file (.cspkg) and the Cloud Service Configuration file (.cscfg) are ready to upload to the Azure Management Portal to complete the VM role deployment process.