Connecting Apps with Windows Azure Connect

childrenpenNetworking and Communications

Oct 26, 2013 (4 years and 18 days ago)

148 views

Page |
1






Hands
-
On Lab

Connecting Apps with
Windows Azure
Connect



Lab version:

1
.
0
.0

Last updated:

10/27/2013
















Page |
2



Contents

OVERVIEW

................................
................................
................................
................................
...................

3

EXERCISE 1: CONNECTI
NG A
N AZURE WEB ROLE TO
AN EXTERNAL SQL SERV
ER DATABASE
WITH WINDOWS AZURE C
ONNECT

................................
................................
................................
.........

6

Task 1
-

Configuring the Application to run in W
indows Azure with Windows Azure Connect

...........

6

Task 2
-

Installing Windows Azure Connect Endpoint software in your External Machine to
enable
Windows Azure Connect

................................
................................
................................
.....................

16

Task 3
-

Configuring Microsoft SQL Server Express for Remote Access
................................
..............

20

Task 4
-

Managing Windows Azure Connect Groups

................................
................................
..........

29

Verification

................................
................................
................................
................................
..........

34

SUMMARY

................................
................................
................................
................................
..................

36



Page |
3



Overview

To enable

IP
-
level network connectivity between Azure services and external resources
, Windows Azure
Connect can be used
. The underlying connectivity model that supports this is quite flexible. For example,
you can use
Windows
Azure Connect

to setup networking between arbitrary groups of machines that
are distributed across the internet in a very co
ntrolled and secure manner.

The following diagram illustrates the key elements of the
Windows Azure Connect

model.






Windows Azu
re Connect

creates a logical “virtual network” which can contain two types of entities:
Azure Role groups and Machine groups.





Role groups map to Azure
roles, which

have been enabled for
Windows Azure Connect
.
Only the
Azure VM instances for a role are members of a role group


the admin cannot manually add or
remove members.
Windows Azure Connect
automatically manages the membership of role
groups


if you add or remove role instances,
Windows Azure Connect
wil
l track this and update
the role
group membership appropriately.

Page |
4





Machine groups are admin
-
defined collections of external
machines, which

have been enabled
for
Windows Azure Connect

through installation of the
Windows Azure Connect Endpoint
Software
. An ex
ternal machine can belong

to at most one machine group.



Connectivity within the
Windows Azure Connect

virtual network i
s based on the following rules:



A role group can be “linked” to a machine group


this enables connectivity betwee
n the
members of those groups.
A role group can be linked to multiple machine groups


e.g. you
could have an Azure web role that is connected to your “My Servers” and “My Laptops”
machine groups

as shown in the diagram above.



Members of a role group (the
Azure VM instances) do not have

connectivity with each other.
In
addition, a role group cannot be

linked to another role group.
These limitations are intentional


the Azure service model controls connectivity between roles and the Azure runtime supports
c
onnec
tivity between role instances.
We did not want the
Windows Azure Connect

model t
o
interfere with this behavior.



Machine groups can be linked, as mentioned above, to
role groups.
Machine groups can also be
linked to other machine groups to enable conne
ctivity b
etween members of those groups.



Links are not transitive fr
om a connectivity perspective.
For example, suppose Group A is linked
to Group B, and Group B is li
nked to Group C.
Machines in Group A can communicate with those
in Group B, and machines
in Group B can comm
unicate with those in Group C.
However,
machines in Group A cannot comm
unicate with those in Group C.



A machine group has an “interconnected” property


if it is set to true, then all members of that
group ca
n communicate with each other
.
If it is set to false, then communication betwe
en the
members is not allowed.



It is important to note that
Windows Azure Connect
does not
affect

or interfere with a
machine’s existing network connectivity.


Objectives

In this
h
ands
-
o
n
l
ab, you will learn

how to:



P
rovision a
Windows Azure Connect

service and associate it with your Azure subscription
.



S
etup network connectivity between Azure Roles and external machines
.


Page |
5



Prerequisites

The followin
g is required to complete this
h
ands
-
o
n
L
ab:



Microsoft .NET Framework 4



Microsoft Visual Studio 2010



IIS 7 (
with ASP.NET
)



Windows Azure Tools for Microsoft Visual Studio 2010 1.4



SQL Server 2008 R2 Express Edition or higher



SQL Server Management Studio 2008 R2 Express Edition or higher


You must have Internet access to complete th
e lab
.

Setup

To check the prerequisites of the lab:

1.

Open a Windows Ex
plorer window and browse to the lab’s

Source
\
Setup

folder.

2.

Double
-
click the

Dependencies.dep

file in this folder to launch the Dependency Checker

tool
and install any missing prerequisites and the Visual Studio code snippets.

3.

If the User Account Control dialog is shown, confirm the action to proceed.


Note:

This

process may require elevation.
The
.dep

extension is associated with the
Dependency Checker tool during its installation. For additional information about the

setup

pro
cedure and how to install the Dependency Checker tool, refer to the

Setup
.docx

document
in the

Assets

folder of the training kit.


Using the Code Snippets

Throughout the lab document, you will be instructed to insert code blocks. For your convenience, most

of that code is provided as Visual Studio Code Snippets, which you can use from within Visual Studio
2010 to avoid having to add it manually.

If you are not familiar with the Visual Studio Code Snippets, and want to learn how to use them, you can
refer t
o the
Setup.docx

document in the
Assets

folder of the training kit, which contains a section
describing how to use them.


Page |
6



Exercises

This
h
ands
-
o
n
l
ab
includes

the following exercise
:

1.

Getting Started: Provision a
Windows Azure Connect

Service

2.

Connecting an Azure Web Role to an External SQL Server Database with
Windows Azure
Connect



Estimated time to complete this lab:
60

minutes
.

Note:

When you first start Visual Studio, you must select one of the predefined settings collections.
Every predef
ined collection is designed to match a particular development style

and determines
window layouts, editor behavior, IntelliSense code snippets, and dialog box options.

The procedures in
this lab describe the actions necessary to accomplish a given task in
Visual Studio when using the
General Development Settings

collection
. If you choose a different settings collection for your
development environment, there may be differences in these procedures that you need to take into
account.



Exercise 1: Connecting
an Azure Web
Role to an External SQL Server Database
with Windows Azure Connect

In this exercise, you will s
etup network connectivity between
a simple Web Role and your local machine.
The Web Site used for sample purposes in this exercise will leverage
W
indows Azure Connect

and
connect to your local SQL Server instance to retreive a list of customers that will be shown in a simple
table within the site.


Task 1
-

Configuring

the Application to run in Windows Azure with
Windows Azure Connect

To use
Windows

Azure Connect

to connect external resources with your Azure service, you need to
ena
ble one or more of its roles.

You do this by provisioning the role with the
Connect

plug
-
in that is part
of the Windows Azure SDK v1.
4

release. Only roles of the service provisioned with the
Connect

plug
-
in
will be able to connect to external resources.

Page |
7



1.

In order to make

the Azure Web Role be able to connect with the database using SQL Server
credentials,
o
pen
SQL

Server

Management Studio

and connect to the

local

SQL S
erver

(i.e.
.
\
sqlexpress
)
.

2.

Right click in the server node and select
Properties
.

3.

Select
Security

and make sure
SQL Server and Windows Authentication mode

is selected.


Figure
1

SQL
Server Properties

-

Security


4.

Click
OK

button.

5.

Restart the SQL Server instance

in
order to

make
previous

configuration change

to

take effect.

Page |
8




Figure
2

Restart SQL Server


6.

O
pen
Visual Studio 2010

as

an a
dministrator
. Go to
File | Open | Project

menu

and select the
Begin
.sln

located in
Source
\
Ex1
-
ConnectingToExternalSQL
\
Begin

folder of the lab.

7.

Press
F5

key to run

the

application.

8.

Notice in the connection information panel that the application is connected

to the local SQL
Server SQLEXPRESS instance.

Page |
9




Figure
3

Application running locally


9.

Navigate

to
http://windows.azure.com


10.

Click on
Virtual Network

link on Windows Azure Platform left pane. This are the contents
related to Windows Azure Connect.

Page |
10




Figure
4

Clicking Virtual Network


11.

Click on
{your
-
service
-
subscri
p
tion
-
name}

node located under
Connect

node

on the upper side
of left pane.

12.

Click
Ok

on
Enable Windows Azure Connect

popup. This popup appears only the first time you
need to enable Windows Azure Connect with the current subscription.


Figure
5

Enabling Windows Azure Conne
ct


13.

Once enabled, click
Close
on
Enable Windows Azure Connect

popup.

Page |
11




Figure
6

Windows Azure Connect enabled


14.

Click on
{your
-
service
-
subscri
p
tion
-
name}

node to expand and see Windows Azure Connect
information. To do this, click on
Connect

node on the upper side of the left pane.



Figure
7

Reviewing Windows Azure Connect information


15.

Click
t
he “
Get
Activation Token
” button. You
will
retrieve the “client
activation

token” for your
Windows Azure

service
.

Page |
12




Figure
8

Getting Activation Token


16.

Click on
Copy
Token
to
C
lipboard

button

on
Get Activation Token for Windows Azure Roles

popup

to configure your Windows Azure Service
.


Figure

9

Copying
Client
Activation

token


17.

Click
Yes

if Microsoft Silverlight
ask you to allow clipboard access.

Page |
13




Figure

10

Allowing Silverlight access clipboard


18.

Click
Ok

to close the
Get Activation Token for Windows Azure Roles

popup.


Figure
11

Closing popup


19.

Go back to
Visual Studio 2010
. Under the
CustomerSearch

project,

open the
CustomersWebRole

settings and select the
Virtual

Network

tab. Ensure that the option labeled
Activate
Windows Azure Connect

is selected. Paste from the clipboard the token you have
copied in the previous step.

Page |
14




Figure
12

Filling Virtual Network tab


20.

Press
Ctrl
-
S

to save config

file.

21.

Open
the
W
eb.config

file for the
CustomersWebRole

project
to update the
SQL
connection

s
tring. Find the
CustomersEntities

connectionString
,
and
replace the
.
\
SQLE
XPRESS

value in the
Data Source
attribute

to
{
your
-
machine
-
name}
\
SQLE
XPRESS
,1433
.

The

number
1433

in the
attribute
represents the port number.

The following snippet show the result after applying the
update, assuming that your machine name is “
Your
Machine” (replace this value with your
machine mane):

XML


<
connectionStrings
>


...



<
add

name
=
"
CustomersEntities
"

connectionString
=
"
metadata=res://*/Customers.csdl|res://*/Customers.ssdl|res://*/C
ustomers.msl;provider=System.Data.SqlClient;provider connection string=
&quot;
Data
Source=
YourMachine
\
SQLEXPRESS
,1433
;Initial Catalog=
Customers;Persist Security
Info=True;User ID=labUser;Password=Passw0rd!;MultipleActiveResultSets=True
&quot;
"

providerName
=
"
System.Data.EntityClient
"

/>



</
connectionStrings
>


Note:
Once you deploy the application to Windows Azure, the Web Role will connect to the
SQL Server running in your machine through the machine name. That is the reason why you
need to change the
.
\
SQLExpress

value to use explicitly your machine name.

Notice als
o th
at

you need to explicitly specify the default port as part of the data source because the
connection will be set using TCP/IP as the protocol.


Page |
15



22.

You need to deploy the solution

to Windows Azure. You can deploy the application using the
Windows Azure Too
ls for Visual Studio, or create a service package and use the portal to deploy
it. For more information on deployment options, see the “Windows Azure Deployment” hands
-
on lab.

23.

Once

the deployment completed successfully you
should

see
information about the
roles
in
Virtual Network. To do this
,

click on
Connect

node on the left pane
.



Figure
13

Roles information


24.

Click on
Hosted Services, Storage Account
CDN

link on the left pane to review your role
information.

If
Hosted
Services

is not already selected, click
Hosted
Services

to
select it.


Figure
14

Selecting Compute, Storage & CDN


Page |
16



25.

Click on
you
r

service located on the center pane to review your service information.

Once
selected, click on the
DNS Name

link

on the right pane. This opens

the

published Web site.



Figure
15

Clicking on Web Site URL


26.

V
erify that
the

application is running in Windows Azure, without
being able to connect
to
the

external SQL server

machine
.

You should see an exception saying that the connection to SQL
Server could not be established.



Figure
16

Application running in Azure
, showing an exception saying that the connection to SQL Server
could not be established



Tas
k 2
-

Installing
Windows Azure Connect Endpoint software

in your
External Machin
e

to enable

Windows Azure Connect

1.

Click back on
Virtual Network
.


Page |
17



2.

Click on the
Install Local Endpoint

button.


Figure
17

Getting Install link


3.

Click on
Copy Link

to Clipboard

button on the
Install Windows Azure Connect Endpoint
Software

popup
.


Figure
18

Client Installation Link


4.

Click
Yes

if Microsoft Silverlight ask you to allow clipboard access.

Page |
18




Figure

19

Allowing Silverlight access clipboard


5.

Click
Ok

to close the popup.

6.

Paste the copied

link in the Internet E
xplorer navigation bar

and press enter to download the
client
.

7.

Click on
Run

button to install the
Windows Azure Connect E
ndpoint software
.


Figure
20

Downloading the
Windows Azure Connect Endpoint software


8.

Click on
Run

button in the
Security Warning

dialog.

9.

Click on
Yes

button if the
UAC

dialog appears.

10.

Follow the steps

in the
Windows Azure Connect Endpoint software
installation wizard
.

Page |
19





Figure
21

Windows Azure Connect Endpoint software
installation

wizard


11.

To verify
that
the
Windows Azure Connect Endpoint software
installed
successfully
, right click
the icon in the tray.



Figure
22

Windows Azure Connect Endpoint software
icon


12.

Click
Open Windows Azure
Connect
.

Page |
20




Figure
23

Windows Azure Connect Endpoint software

context
menu


13.

The Windows Azure
Connect
dialog
box will
show the
current
status.


Figure
24

Windows Azure Connect
status


14.

We are able to create groups. To do this,
g
o back to browser. Click on
Virtual Network

on left
pane.

15.

Once
the
Windows Azure Connect Endpoint

software
is running locally, our external machine is
shown i
n the

center pane
.

To review this, click on
Roles and Groups

node on the left pane.

Figure
25

Windows Azure Connect,
your

external machine added



Task
3

-

Configuring
Mi
crosoft SQL Server Express for Remote A
ccess

Page |
21



Microsoft SQL Server Express needs to be accessible from the machines in our local network.

If your SQL
Server Express instance is already enabled for remote access, you will notice that many of the
instructio
ns below are not necessary, in either case, we recommend you go through the steps below to
confirm
.

1.

To enable remote connections
,

Open
SQL
Server
Management Studio

and connect to the
local
SQL S
erver.

2.

Right click in the server node and select
Properties
.

3.

S
elect
Connections

and make sure
Allow
r
emote
c
onnections to this
s
erver

option
is checked.


Figure
26

Server Properties

-

Connections


4.

Open
SQL
Server
Configuration Manager
.

5.

Make sure
the
SQL

Server

Browser

service
is disabled

or stopped.

Page |
22




Figure
27

SQL Server Browser stopped


6.

Enable
TCP/IP

Protocol in the
SQL Server Network Configuration

/
Protocols for SQLEXPRESS
.


Figure
28

Enabling TCP/IP protocol


7.

Edit
TCP/IP

protocol

Pro
perties
. Select
the
IP A
d
dresses

tab.
Scroll to the bottom of the form
until

you locate the
I
P

All

entry
, and
make sure the

TCP Dynamic Port
s

is set to blank.
Then s
et
the
TCP Port

to
1433
.

Page |
23




Figure
29

TCP/IP Protocol properties


Note:
The SQL Browser service is only required when using dynamic ports for remote
connections, in our scenario, we simply want to expose the default TCP port: 1433. The benefit
of having this service running is that users connecting remotely do not have t
o specify the port
in the connection string, but on the other hand, it is a security best practice to not run the SQL
Browser service as it reduces the attack surface area by elim
inating the need to listen on
a

UDP port.


8.

Click
OK
.

9.

Restart the SQL Service.

To do this right click
SQL Server
and click
Restart
.

Page |
24




Figure
30

SQL Server service running


10.

To allow TCP connections to
go throw the firewall we need to add a new rule.

Open
Windows
Firewall with Advanced Security
.

11.

Select
Inbound

Rules
. Create a
New Rule
.


Figure
31

Windows Firewall


Inbound Rules


New Rule


12.

In the
New Inbound Rule Wizard

select
Port

for the rule type.

Page |
25




Figure
32

New Inbound Rule Wizard


Rule Type step


13.

Set the
TCP

port to
1433
.

Page |
26




Figure
33

New Inbound Rule Wizard


Protocols and Ports step


14.

Select
Allow
the
Connection

in the
Action

step.

Page |
27




Figure
34

New Inbound Rule Wizard


Action step


15.

Apply the rule to all the profiles in the
Profile

step.

Page |
28




Figure
35

New Inbound Rule Wizard


Profile step


16.

Set the name to
SQLPort

in the
Name

step
.

Page |
29




Figure
36

Ne
w Inbound Rule Wizard


Name step



Task
4

-

Managing

Windows Azure Connect

G
roups

To allow access between the external machines and the Windows Azure Roles a group
linking the Azure
Roles and the external machines
should be created. The following steps are the instructions to do this.

1.

Go back to
the
browser. Click on
Virtual Network

link on left pane.

2.

Click
on
Create

Group

button.

Page |
30




Figure
37

Creating a Group


3.

In the
Create
a New Endpoint
Group

popup

add a
Group

Name
, a

Description
,

and
optionally
check
Allow connections b
etween endpoints in group

to enable connectivity between external
machines of the group.


Figure
38

Filling
Create a New Endpoint Group

popup


Page |
31



4.

Click
Add

button on
Connect from
.



Figure
39

Adding local
endpoints


5.

Select your local endpoint from the available endpoints.


Figure
40

Adding local endpoints

Page |
32




6.

Click
Ok

button.

7.

Click
Add

button on
Connect
to
.


Figure
41

Adding Azure roles


8.

Select your roles
from the available groups and roles.

Page |
33




Figure
42

Adding Azure roles


9.

Click
Ok

button to close popup.

10.

Click
Create

button in order to create a new endpoint group.


Figure
43

Creating a new endpoint group

Page |
34




11.

Y
our new group is now

set
. Make sure the new group policies were updated in the external
machine. To do this, right click on the
Windows Azure Connect endpoint software

Refresh

on
the tray.


Figure
44

Refreshing local policies


12.

Onc
e the policies are updated
,

Open
Windows Azure
Connect
and

verify you are in a
n

endpoint

group.


Figure
45

Local status



Verification

At this point, you should have network connectivity between the Azure Role and your local machine.
Let’s run the application again and

verify
this by

repeating the steps used in task 1.

1.

Click on
Hosted Services
, Storage
Account
& CDN

link on the left pane
to review your role
information.

Page |
35




Figure
46

Selecting Compute, Storage & CDN


2.

Click on you
r

service located on the center pane to review your service information. Once
selected, click on the
DNS Name

link to navigate to the Web ro
le.


Figure
47

Clicking on Web Site URL


3.

We can verify that our application is running in Windows Azure, and
retrieving the date from
the
external SQL server

machine
.

Page |
36




Figure
48

Application running in Azure with
Windows Azure Connect



Summary

In this lab, you have learned

how to establish network connectivity between an Azure Web Role and an
external SQL Server machine. By using
Windows Azure Connect
,

you enabled IP
-
level netwo
rk
connectivity between Azure services and external resources.