Wednesday, 31 October 2012

Hosting Web Application using Azure IaaS capabilities - Part 1

Microsoft released IaaS capabilities with Windows Azure recently which allows us to explore lots of capabilities. For example, Creating VM on Azure as a standalone public machine, Creating VPN/VPC and connect one or more VMs in a network, Connecting on-premise network in a secured tunnel etc.,

In this post, I am planning to walkthrough the implementation of the following requirement –

First Requirement -
  1. Create an Azure Virtual Machine with SQL Server 2012 platform image. Create a test database (such as Northwind) and install necessary objects for transaction from an application.
  2. Create another VM with Windows Server 2012 platform image and install all necessary software such as IIS, .NET runtime etc.,
  3. Create a Website in IIS and install all necessary files for running a Web application which connects the database created in Step 1.
Second Requirement –
Once the application running successfully as per First Requirement, we need to be able to scale up and down the Web App VM when required. So the requirement would be –
  1. Create snapshot from the VM running for front end Web Application (created in Step 2).
  2. Create a new Cloud Service and add initial number of instances from the snapshot created in Step 4.
  3. Add/Remove the instances from the Cloud Services and make them to be load balanced across all front end VMs.
As mentioned above, the first requirement helps us hosting a web application in two tier architecture. The second requirement helps us to scale up and down the front end tier using the snapshot.

To achieve this requirement, we need to have the two VMs in the same network. As per me, we can have these two VM in the same network in three ways.
  1. Creating these two VMs under same cloud service. So the cloud service will have network connectivity between both the VMs.
  2. Creating a Virtual Network on Azure as a standalone VPC. Create these two VMs under the VPC created. So both the VMs will be put under the same network with different (or same) subnets.
  3. Create a Virtual Network on Azure by extending the on-premise Network. Create the Web Application on Azure under the VPC and keep the SQL Server database in the on-premise network. So the Web Application can connect to the database as both are in a network.
I am planning to take the first way for implementing this requirement (as it is very simple). I am planning to look other ways in other posts.

Creating an VM with SQL Server 2012 Image (NorthwindBE)

Creating SQL Server 2012 VM using Management Portal
Open Windows Azure management portal ( and create a VM using SQL Server 2012 platform image.

Following screenshots shows the inputs on the VM creation wizard I used for creating the VM with SQL Server 2012.

Start with New button to create a new Virtual Machine


Select Microsoft SQL Server 2012 Evaluation Image

Provide a unique VM Name and password.

Provide the DNS name, Storage Account and Region (Select Standalone VM option)

No Availability set is required. Press OK

Once the Virtual Machine is created, it will show in the Virtual Machine list. So, select Virtual Machine in the left menu to check the list of VMs created.

Click the NorthwindBE VM to show its properties.

Press Connect to download the RDP file and get connect to that machine.

Creating SQL Server 2012 VM using PowerShell
The Azure VM can be created using PowerShell command as well. To configure PowerShell cmdlets to connect to Windows Azure, please refer the following post.

(Note: You need Windows 8, Windows 7, Windows Server 2012, or Windows Server 2008 R2 for configuring Power Shell to connect Windows Azure environment).

Run the below script for creating a standalone SQL Server 2012 VM which does not connect with any other VPC/VPN.
Set-AzureSubscription -SubscriptionName "Subscription-1 Introductory special" -CurrentStorageAccount azurevpntest

$sqlimage = 'MSFT__Sql-Server-11EVAL-11.0.2215.0-08022012-en-us-30GB.vhd'

$sqlvm = New-AzureVMConfig -Name 'NorthwindBE' -InstanceSize Small -ImageName $sqlimage |
 Add-AzureProvisioningConfig -Windows -Password 'password@123'

# Create Azure Cloud Service and Create VMs
New-AzureVM -ServiceName 'WebFarm' -VMs $sqlvm  -Location 'West Europe'

Configuring Northwind Database on NorthwindBE VM (NorthwindBE)
Step 1: Open the SQL Server Management Studio and create a database Northwind
Step 2: Download and execute the Northwind database script to create object on that database.
Step 3: In this implementation, the Web Application will be installed in NorthwindFE VM and will be connecting to the database installed in NorthwindBE VM. As these two VMs are not connected with any Domain Controller (even under same Cloud Services), the Web Application won't be able to connect the database with any windows user credential (Trusted connection) as there is no common user.

So to connect the database from Web server, we need to create a new SQL Server user and provide access to the database or can enable an existing user to use it. (As this is just for testing, I am planning to enable the sa credentials to login with.)

By default SQL Server allows only Windows Authentication. So let us first enable the SQL Server to allows Mixed mode authentication.

Right click the SQL Server and select the Properties. Select the Security tab and choose SQL Server and Windows Authentication option and press OK.
Restart the SQL Server to take the affect.
Step 4: Expand the Security -> Logins from the Object Explorer window and double click the sa user to get the Properties window.

Provide the password and select the Status tab and choose Enabled the Login: option.

Press OK to continue.

Step 5: To connect SQL Server from any other machine, TCP Port 1433 inbound must be open on the database server to allows the request to the SQL Server. By default, TCP Port 1433 wont't allow on the firewall. So we need to specifically add the port in the firewall setup.

So, open the Windows Firewall window by selecting Start -> Administrative Tools -> Windows Firewall with Advanced Security.

Select the Inbound Rules from the left tree menu and choose New Rule... from the Action panel to add new rule.

Select Port

Choose TCP port and specify port # 1433

Choose Allow the connection (Note, we can allow only to particular IP address also, but here to all)

Added firewall rule shown at first line

In the next port we will look the Web Tier on this architecture.

The other links on Hosting Web Application using Azure IaaS capabilities:
  1. Hosting Web Application using Azure IaaS capabilities - Part 1
  2. Hosting Web Application using Azure IaaS capabilities - Part 2
  3. Hosting Web Application using Azure IaaS capabilities - Part 3
  4. Hosting Web Application using Azure IaaS capabilities - Part 4

0 Responses to “Hosting Web Application using Azure IaaS capabilities - Part 1”

Post a Comment