Microsoft Windows Azure Pack

What is Windows Azure Pack?

Microsoft has worked relentlessly to develop a Cloud vision with a consistent platform framework that allows an application to be deployed on premises, in the Microsoft Azure public cloud, or at a Service Provider hosted facility using IaaS and PaaS technologies. A key aspect of the Microsoft Cloud vision is that these environments should be so much alike to an application that it can be moved between environments with little to no modification. In addition, Microsoft has developed a self-service portal that provides provisioning, monitoring and management of applications so the user can move between environments with ease through a common and consistent interface.

Windows Azure Pack is the solution that provides the self-service portal for the Microsoft Cloud vision. Also, the Windows Azure Pack includes components that provide IaaS, PaaS, and application level services.

Windows Azure Pack Architecture

Windows Azure Pack is not the Microsoft Azure infrastructure deployed on an organizations’ premises. Windows Azure Pack at its core is the Microsoft Azure portal that has been modified to work in an on premises and Service Provider hosted environment.

Windows Azure Pack is more than just a portal though because it has pluggable interfaces that allow the portal to provide access to multi-tenant IaaS, PaaS and application level services. While the portal interface is basically the same code that is used in the Microsoft Azure portal, the underlying architecture that is used to enable the actions that the portal allows is different. This is driven by the difference in the complexity required to manage an enterprise implementation with typically hundreds or thousands of servers, and the Microsoft Azure datacenters that have several hundred thousand servers.

The Windows Azure Pack architecture is composed of the top three layers shown in the diagram in Figure 1.

Figure 1: Windows Azure Pack Architecture

The lower layer in the diagram is a set of shared compute, networking and storage hardware. The next layer is composed of Windows Server 2012 R2 and Hyper-V. There is also an interface layer that allows access to the hypervisor and hardware. Above this layer are the Windows Azure Pack pluggable resource providers that deliver IaaS, PaaS, and application level services. Next there is a Service Management API layer that allows the Windows Azure Pack portal layer to interface with the lower layers. The portal layer includes both the Admin portal that provides access to the management components and the Tenant portal that allows end users to consume the services offered. All layers leverage common authentication capabilities.

Windows Azure Pack Portals

As you know by now, Windows Azure Pack contains two portals. The Admin portal provides the ability to configure and manage resource providers, user accounts, service plans, quotas, and pricing information. The Tenant portal provides the end users a self-service interface to provision, monitor, manage, and deprovision resources offered by the resource providers. Each portal is implemented as a separate web site that listens on different ports.

  • Admin portal default port:30091
  • Tenant portal default port:30081


Authentication to the portals is handled by two authentication services: Admin-Auth and Tenant-Auth. The Admin portal uses Admin-Auth to provide direct Windows Authentication from a local or Active Directory source. The Tenant portal leverages Tenant-Auth to access an ASP .Net membership provider that handles self-registration to the tenant portal and storage, and authentication of the user credentials. The ASP .Net credentials are stored in an SQL database in encrypted form.

It is possible to leverage Active Directory Federation Services (ADFS) as an alternate provider to both the Admin and Tenant authentication. Leveraging ADFS allows the Tenant portal to leverage Windows credential via claims authentication.

Service Management API

The Service Management API consists of three ODATA REST API interfaces that are used by the portals. Each REST API also provides functionality that is only available through Windows Azure Pack PowerShell cmdlets. The Admin API provides the interfaces to perform administrative tasks exposed in the Admin portal. The Tenant API enables tenants to manage and configure resources that they have access to in the portal, and this is typically implemented behind a firewall and is the secure interface for the Tenant Public API. The Tenant Public API is designed to be exposed to the Internet and to be the interface all portal requests are made and passed through to the Tenant API for execution.

Since the Tenant portal leverages the Service Management API to do all of its work, it is possible to not use the Tenant portal and instead use the REST API web services from an existing portal or for a customer or service provider to build their own portal.

Resource Providers

Windows Azure Pack provides the ability to develop pluggable resource providers. Microsoft provides a set of resource providers and 3rd parties also develop resource providers to provide additional services or enhance basic services provided by Windows Azure Pack. Resource providers are optional and are not required for the Windows Azure Pack portals to operate, but they are required to leverage any of the services they provide.

Microsoft resource providers consist of a subset of the resource providers offered in Microsoft Azure, including the following components:

  • VM Clouds – Infrastructure as a Service (IaaS) capability
  • SQL Clouds – Platform as a Service (PaaS) capability to provision Microsoft SQL databases
  • MySQL Clouds – Platform as a Service (PaaS) capability to provision MySQL databases
  • Service Bus – Application message queuing system that allows inter-application communications
  • Web Site Clouds – Platform as a Service (PaaS) capability to provision hosted web sites
  • Automation – Optional Infrastructure as a Service (IaaS) capability to automate processes
  • Monitoring and Usage – Optional Infrastructure as a Service (IaaS) capability to gather and track data for usage and billing purposes

Third party resource providers are also available, and include the following components:

  • Cloud Cruiser – Billing and reporting solution that enhances the base capability in Windows Azure Pack
  • GridPro Resource Management for Windows Azure Pack – Provides the ability to integrate System Center Service Manager 2012 R2 Service Catalog feature in the portal
  • Service Mesh – Provides the ability to manage other cloud providers from Windows Azure Pack

VM Clouds

The VM Clouds resource provider provides Infrastructure as a Service (IaaS) features for tenant users of the Windows Azure Pack portal. The VM Clouds resource provider enables self-service virtual machine provisioning and virtual networking. To accomplish this, the VM Clouds resource provider has dependencies on System Center 2012 R2.

Virtual machine provisioning requires that the following Windows Server 2012 R2 roles and System Center 2012 R2 components are implemented:

  • Windows Server 2012 R2 Hyper-V role on all compute hosts
  • Virtual Machine Manager 2012 R2 (VMM) for virtual machine provisioning
  • Service Provider Framework (SPF) for interfacing the Service Management API to VMM

SQL and MySQL Clouds

SQL and MySQL resource providers offer self-service database provisioning services. SQL or MySQL servers are registered in the Windows Azure Pack portal and databases are created on the existing instances that are registered. When a tenant requests a database, they must provide an account that will be given local administration rights to the database. There is no ability to self-service provision a named instance with a database, only databases in existing instances.

Service Bus

The Service Bus resource provider enables application messaging capabilities. Service Bus implements reliable messaging delivery and queuing services between distributed applications. Applications can be implemented in the Windows Azure Pack environment, in Microsoft Azure, or any other location that has access to the Service Bus service.

Web Site Clouds

Web Site Clouds resource provider enables self-service web site provisioning. The Web Site Clouds resource provider is the same code base that is deployed in Microsoft Azure. It is a highly scalable web site hosting solution that provides load balancing. The Web Site Clouds implementation consists of the following services:

  • Controller – provisions and manages the web sites roles.
  • Management Server – Provides a REST API interface for web site management.
  • Web Workers – Process web requests and display the web site information. Web workers can be implemented as shared or reserved. A shared web worker hosts multiple web sites in a web worker process and a reserved web worker hosts a single web site in a web worker process.
  • Front End – Accepts web request and routes traffic to the correct web worker.
  • Publisher – Provides the interface to publish content via FTP, Visual Studio, Web matrix or any other supported mechanism.
  • Database – stores all the metadata information about a web site.
  • File services – stores all the actual web site content.

It is worthwhile to note that each web site role must be deployed on a separate machine, whether a physical or virtual machine.

In addition to basic web hosting, the Web Site Clouds provider enables a customizable web application gallery of open source web applications and integration with source control systems for custom-developed websites and applications.

Web Site Clouds integration with SQL Clouds and the web application gallery allows a user to self-service provision a web site with an application from the gallery and store any application data in a provisioned database from a SQL Cloud.


An optional feature of the VM Clouds resource provider is Automation. Automation provides the capability to create PowerShell based runbooks that can automate actions in the IaaS infrastructure and other components. Automation requires that the following System Center 2012 R2 component is implemented:

  • System Center Orchestrator 2012 R2 – Service Management Automation (SMA)

Monitoring and Usage Information

An additional optional, but highly recommended, feature of the Windows Azure Pack is the capability to collect and maintain historical performance and usage data. By default, Windows Azure Pack enables the collection of very basic performance and usage information. To enhance data collection and provide the ability to report on historical data, the Monitoring and Usage Information component requires that the following System Center 2012 R2 component is implemented:

  • System Center Operations Manager 2012 R2 – management, monitoring, and reporting services


In this article, you learned that the Windows Azure Pack is a key piece of the Microsoft Cloud vision that supports the ability to deploy self-service, multi-tenant cloud services that are consistent with the Microsoft Azure experience. Windows Azure Pack requires and runs on top of Windows Server 2012 R2 (and Hyper-V) and System Center 2012 R2. An added benefit is that Microsoft Windows Azure Pack is available at no cost for installation in customer data centers.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top