Installing an Exchange 2010 Test Environment on Windows Azure (Part 1)

If you would like to read the next part in this article series please go to Installing an Exchange 2010 Test Environment on Windows Azure (Part 2).

Disclaimer

The following article details a configuration which is not officially supported by Microsoft for Production Environments. You can read the official documentation about supported workloads at the following link: Microsoft server software support for Windows Azure Virtual Machines.

Introduction

According to several industry studies, the “Cloud” is the top priority of most CIO’s and IT people in general. Instead of starting a discussion about the several benefits of moving to the cloud (yes, I’m a believer), I’ll just describe how easy is to implement an Exchange Server 2010 test environment on Microsoft’s Enterprise Cloud, Windows Azure, so that you can decide by yourself whether is it worthy or not.

As you probably noticed by the big disclaimer at the beginning of this article, Exchange Server is not currently supported on Windows Azure. This means that you can test it, taking advantage of the cloud agility, elasticity and reduced TCO, but you cannot use it on a Production environment.

Having said that, I think the Infrastructure as a Service (IaaS) features of Windows Azure, Virtual Machines, are just too good not to be used in test environments, with the following benefits:

• Reduce costs
• Free up datacenter capacity
• Shorten setup and cycle time
• Perform end-to-end testing

To write this article I used a Windows Azure 90-day free trial, so, without any costs, you can also immediately replicate the environment we are about to install.

If you are new to Windows Azure and/or Cloud technologies, I strongly advise you watch some of the videos available at the Windows Azure site, and to download the latest Windows Azure Training Kit.

Solution Topology

For the purpose of writing this article, I installed the following environment on Windows Azure:

Figure 1: Solution topology used in this article

The following table details the server characteristics, in terms of software and hardware:

Table 1: List of servers

Deployment Process

Provisioning the Exchange Server 2010 test environment on Windows Azure can be accomplished with these 5 configuration steps:

1. Create a storage account
2. Configure the virtual networking settings
3. Provision a virtual machine from the Windows Azure Gallery and configure it as a Domain Controller
4. Provision the Exchange Server virtual machine using PowerShell
5. Install Exchange Server 2010

1.    Create the Storage Account

After signing up for the Windows Azure 90 days free trial, it’s time to start configuring the environment. The first step is to create a storage account, so that we can instantiate and store the necessary VHD files of our virtual machines

1. Open a browser and navigate to the Windows Azure Management Portal: http://management.windowsazure.com. Select STORAGE from the left pane (Figure 2).
2. Click NEW and then QUICK CREATE. Enter a name in the URL box, select the datacenter you want to use at the REGION/AFFINITY GROUP box and then make sure the Enable Geo-Replication box is not selected (Figure 3). Geo-replication is enabled by default so that, in the event of a major disaster in the primary location, storage fails over to a secondary location. By disabling this feature you get a little more performance from the storage system.

Figure 2: Windows Azure Storage

Figure 3: Creating a storage account

2.    Configure Virtual Network

Although we didn’t really have, technically speaking, to configure Windows Azure Networking, I’m convinced it’s a good practice to do so and, for academic purposes, it’s a fine opportunity to spread that kind of knowledge.

Besides the networking features that must be set, for a datacenter of the size of Microsoft datacenters, some latency problems may arise if the virtual machines are placed at opposite ends of the building. To mitigate that problem we configure Affinity Groups.

Affinity groups are a way to physically group Windows Azure services together at the same datacenter to increase performance.

1. To create an affinity group, open the NETWORKS area of the Management Portal (Figure 4), click AFFINITY GROUPS, and then click either ADD AN AFFINITY GROUP or CREATE (Figure 5).
2. At the Specify Affinity Group Details screen, enter a NAME and select the same REGION used for the storage account (Figure 6).
3. Wait for the operation to complete by checking the green bars animated icon at the lower right corner of the portal (Figure 7).

Figure 4: Windows Azure Networks

Figure 5: Windows Azure Affinity Groups

Figure 6: Create Affinity Group

Figure 7: Windows Azure operations completed

4. Now let’s move to the subneting part. In the lower left-hand corner of the screen, click NEW. In the navigation pane, click NETWORKS, click VIRTUAL NETWORKS, and then click CUSTOM CREATE (Figure 8).
5. On the Virtual Network Details screen (Figure 9), enter the NAME and select an AFFINITY GROUP from the drop-down list. Click the next arrow.

Figure 8: New Virtual Network

Figure 9: Virtual Network Details

6. On the Address Space and Subnets screen (Figure 10), start by entering the desired ADDRESS SPACE (must be a private address range, specified in CIDR notation 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16, as specified by RFC 1918). Define new subnets, by entering a name, a valid subnet and clicking the plus button.
7. On the DNS Servers and Local Network screen (Figure 11), on the lower right-hand of the screen, click the check button. If you want to use a public DNS service, you can enter that information on this screen. Otherwise, name resolution will default to the Windows Azure service. For more information, see Windows Azure Name Resolution Overview.

Figure 10: Address Space and Subnets

Figure 11: DNS Servers and Local Network

3.    Install and Configure the Domain Controller

A virtual machine in Windows Azure is a server in the cloud that you can control and manage, you can delete and re-create it whenever you need to, and you can access it like any other server.

Follow these simple steps to create a custom virtual machine running Windows Server, using the Windows Azure Management Portal:

1. At the Windows Azure Management Portal, on the command bar, click NEW, click VIRTUAL MACHINE, and then click FROM GALLERY (Figure 13).
2. The VM OS Selection dialog box appears (Figure 14). We’ll select the latest Windows Server 2008 R2 image available and then click the arrow to continue.

Figure 12: Windows Azure Virtual Machines

Figure 13: Create virtual machine from gallery

Figure 14: Virtual machine operating system selection

3. At the VM Configuration dialog (Figure 15), type the VIRTUAL MACHINE NAME you want to use, type a (complex) PASSWORD for the Administrator account and select the SIZE of the virtual machine. For our Domain Controller, Small is just fine. Click the arrow to continue.
4. At VM Mode dialog box (Figure 16), select STANDALONE VIRTUAL MACHINE. In DNS NAME type a name for the cloud service that is created for the virtual machine. Select the STORAGE ACCOUNT for the VHD file. In REGION/AFFINITY GROUP/VIRTUAL NETWORK, select e2k10-vnet previously created and select the DC-Subnet from the available VIRTUAL NETWORK SUBNETS. Click the arrow to continue.
5. The VM Options dialog box (Figure 17) appears. We’ll create a new AVAILABILITY SET and define a new name for it. Click the check mark to create the virtual machine.

Figure 15: Virtual machine configuration

Figure 16: Virtual machine mode

Figure 17: Virtual machine options

6. Windows Azure creates the virtual machine and configures the operating system settings. After Windows Azure creates the virtual machine, it is listed as Running in the Windows Azure Management Portal. Click the newly created virtual machine and notice the DNS name at the DASHBOARD (Figure 18). This will be the name used to connect by RDP to the server (Figure 19). Also notice the INTERNAL IP ADDRESS, as we’ll need to use it as the internal DNS server for the Exchange virtual machine.
7. Connect to the machine and follow the regular steps to promote it to a Domain Controller (dcpromo). For more information, please read Install a new Active Directory forest in Windows Azure. All the virtual machines on Windows Azure need to have a dynamically assigned IP by DHCP, so you’ll be presented with a warning sign (Figure 20) during the dcpromo process. Click Yes, the computer will use an IP address automatically assigned by a DHCP server (not recommended). Although the IP address on the Windows Azure Virtual Network is dynamic, its lease lasts for the duration of the VM. Therefore, you do not need to set a static IP address on the domain controller that you install on the virtual network. Setting a static IP address in the VM will cause communication failures.

Figure 18: Virtual machine dashboard

Figure 19: Remote Desktop Connection

Figure 20: Static IP assignment warning

4.    Provision the Exchange Server Virtual Machine

With the domain controller running, it’s time to provision the virtual machine for the Exchange Server. Instead of using the Windows Azure Management Portal, this time we’ll use a PowerShell script, since it allows us more functionality than the portal.

This script will execute the following functions:

• Connect to our subscription
• Create a Medium virtual machine with Windows Server 2008 R2 SP1 and connect it to the E2K10-Subnet
• Add 2 data disks to the virtual machine, one with 50GB for the DB, other with 10GB for the logs
• Open the necessary external endpoints: SMTP (25), HTTP (80) and HTTPS (443)
• Define the IP address of the domain controller (10.10.10.4) as the primary DNS
• Join the machine to the CONTOSO domain

# Create Exchange Server

CLS

# Your imported subscription name

$subscriptionName = "MSExchange.org"

$storageAccount = "e2k10"

Import-AzurePublishSettingsFile 'C:\Temp\e2k10-demo\MSExchange.org-credentials.publishsettings'

Select-AzureSubscription -SubscriptionName $subscriptionName

Set-AzureSubscription -SubscriptionName $subscriptionName  -CurrentStorageAccount $storageAccount

# Cloud Service Paramaters

$e2k10ServiceName = "az-e2k10"

$e2k10ServiceLabel = "az-e2k10"

$e2k10ServiceDesc = "Cloud Service for Exchange Server 2010"

# Gallery Images

$e2k10image= 'MSFT__Win2K8R2SP1-Datacenter-201210.01-en.us-30GB.vhd'

#Network Settings

$vnetname = 'e2k10-vnet'

$e2k10SubnetName = 'E2K10-Subnet'

$ag = 'e2k10-ag'

$primaryDNS = '10.10.10.4'

# Availability Sets

$avsete2k10 = 'e2k10-as'

# Domain Settings

$domain = 'contoso'

$joindom = 'contoso.com'

$domuser = 'administrator'

$dompwd = 'P@ssw0rd2012'

$advmou = 'OU=AzureVMs,DC=contoso,DC=com'

# MediaLocation

$mediaLocation = "http://e2k10.blob.core.windows.net/vhds/E2K10/"

# Create Exchange Server

$size = "Medium"

$vmStorageLocation = $mediaLocation + "AZ-E2K10-01.vhd"

$e2k10 = New-AzureVMConfig -Name 'AZ-E2K10-01' -AvailabilitySetName $avsete2k10 `

            -ImageName $e2k10image -InstanceSize $size -MediaLocation $vmStorageLocation |

        Add-AzureProvisioningConfig -WindowsDomain -Password $dompwd `

            -Domain $domain -DomainUserName $domuser -DomainPassword $dompwd `

            -MachineObjectOU $advmou -JoinDomain $joindom |

        Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'ExDB' -LUN 0 -HostCaching ReadOnly |

        Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel 'ExLogs' -LUN 1 -HostCaching ReadOnly |

        Add-AzureEndpoint -Name 'smtp' -LocalPort 25 -PublicPort 25 -Protocol tcp |

        Add-AzureEndpoint -Name 'http' -LocalPort 80 -PublicPort 80 -Protocol tcp |

        Add-AzureEndpoint -Name 'https' -LocalPort 443 -PublicPort 443 -Protocol tcp |

        Set-AzureSubnet $e2k10SubnetName

$dns1 = New-AzureDns -Name 'E2K10-DNS' -IPAddress $primaryDNS

New-AzureVM -ServiceName $e2k10serviceName -ServiceLabel $e2k10serviceLabel `

            -ServiceDescription $e2k10serviceDesc -Verbose `

            -AffinityGroup $ag -VNetName $vnetname -DnsSettings $dns1 `

            -VMs $e2k10

In order to run the PowerShell script, you must have Windows Azure PowerShell, which can be installed from the Downloads for Managing Services in Windows Azure page.

With the necessary management tools installed, we’ll use Windows PowerShell ISE to run the script:

1. Run Windows Azure PowerShell with elevated privileges. In Windows Azure PowerShell, run the following cmdlet, and then type Y to finish the command:
   Set-ExecutionPolicy RemoteSigned
2. Run the following cmdlet:
   Import-Module ‘C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1’
3. Run the following cmdlet:
   Get-AzurePublishSettingsFile
   You will be prompted to sign on to the Windows Azure portal and then prompted to save a .publishsettings file (Figure 19). Save the file in a directory, for example, C:\Temp\e2k10-demo\MSExchange.org-credentials.publishsettings. To subsequently run any other Windows Azure PowerShell cmdlets, steps 1 through 3 do not need to be repeated because they only need to be completed once.
4. Run the following cmdlet to open Windows Azure PowerShell ISE:
   powershell ise
5. Paste the script into Windows PowerShell ISE and hit Run (F5). Wait for the virtual machine to be provisioned.
6. After the completion of the provisioning process, at the Windows Azure Management Portal, click the newly created machine and select ENDPOINTS. Notice the endpoints were created (Figure 22) and take special attention to the remote desktop external port, since most probably it won’t be 3389 (standard RDP port).
7. Establish a remote desktop connection to the server and run Disk Management (Figure 23), in order to create volumes on the 2 data disks created during the provisioning process.

Figure 21: Save publishsettings file

Figure 22: AZ-E2K10-01 Endpoints

Figure 23: Disk Management

Summary

This concludes part 1 of this 2-part article. In the second and last part we’ll cover the remainder of the provisioning process and also some tweaks and considerations for Exchange Server on a public cloud like Windows Azure. We’ll also take a look at some hypothetical more advanced scenarios, with hybrid configurations (local servers connected to cloud servers).

At the time of writing this article, Windows Azure Virtual Machines are still in Technical Preview and running Exchange Server on Windows Azure it’s not supported by Microsoft. Nevertheless, for test environments, you can start taking advantage of the cloud benefits today and, best of all, completely free by signing up to one of the 90-days free trials.

If you would like to read the next part in this article series please go to Installing an Exchange 2010 Test Environment on Windows Azure (Part 2).