I recently deployed my first Azure Stack Development Kit (ASDK) in order to allow teams that will be responsible for developing our Azure Stack Services. I have tried in the past to deploy Azure Stack TP2 and have successfully deployed Azure Stack TP3 before Azure Stack went GA. I was really looking forward to getting the ASDK deployed and starting my new adventure with Stack. This blog won’t go into detail on how to deploy the ASDK but I will comment on some of my experiences with deploying it. I really wanted to share my experiences with App Services on Azure Stack.
I would like to start out by giving some words of wisdom. READ THROUGH THE ENTIRE DOCUMENTATION FIRST!!!!! There, I am done and saved you a lot of time. There is a lot of good information on Microsoft’s Doc site on how to correctly deploy these services. However, I seem to get myself into trouble if I don’t read through it before I jump into things.
Deploying The Azure Stack Development Kit
First thing is to deploy the ASDK. This was actually a very smooth and uneventful process compared to deploying TP2 and TP3. It did take some time so just be prepared to do a lot of clicking and waiting.
Once you have the ASDK deployed and you have installed PowerShell for Azure Stack on your management VM then you can continue on with registering your Azure Stack. This is important in order to test all the functionality of the Stack including things like usage reports and most important, syndication of your marketplace.
Now, the next step isn’t important unless you have a group of people that need access to work within the Admin Portal or even the Tenant portal. Since you can only log on to the management server with a single user we connect to our ASDK using VPN from another jump server within our lab environment.
From this point on I will go over my experience with Deploying the App Service to our Development Kit.
Deploying App Services on the Azure Stack Development Kit
So my first attempt I missed a few things. I immediately went into hurry up and deploy mode. I skipped a few important steps that are really not mentioned in the App Service on Azure Stack overview section. In the Before You Get Started section of the documentation, it will walk you through all the prerequisites. At a high level, download the App Service on Azure Stack Deployment helpers scripts, the App Service on Azure Stack installer, and walk through the instructions provided in the Before You Get Started section.
I. Add Windows Server Image to Marketplace
First I never added a Windows Server 2016 image to our Marketplace. This is a fairly easy step that was overlooked.
II. Prepare the File Server
In the Before you get started section of the App Services documentation it mentioned deploying a File Server that is required. There is good documentation that takes you through using an ARM template to deploy the file server. However, like I mentioned above, I ran into some issues because I never added the Windows Server 2016 image to the Marketplace. The one thing I didn’t mention before is all these services need available resources. So make sure your server you are deploying ASDK has the resources available. Enough capacity storage, enough memory, and enough CPU’s.
- Provision Content share and Users and Groups in Workgroup:
***NOTE: These steps are already done for you if you use the ARM Deployment Template.***
I used the example ARM deployment template for my first deployment. This process creates the VM along with provisioning the groups and accounts in the workgroup machine. My next round I will try to manually do this but for now, this should work. Just remember the local Admin account that will be created and the password you assign to that parameter. I used the default accounts and used a simple password that I have been using throughout my deployment of ASDK.
III. Create Certificates
There is some confusion in the instructions at the time of this blog. I posted a comment on the documentation web site. I ran the first script, Create-AppServiceCerts.ps1 using the AzureStackAdmin. However, you can see from the snippet below that they say to run as CloudAdmin but then in the next line they say to run it as AzureStackAdmin
Run the script on the Azure Stack Development Kit host and ensure that you’re running PowerShell as azurestack\CloudAdmin:
- In a PowerShell session running as azurestack\AzureStackAdmin, run the Create-AppServiceCerts.ps1 script from the folder where you extracted the helper scripts. The script creates four certificates in the same folder as the script that App Service needs for creating certificates.
- Enter a password to secure the .pfx files, and make a note of it. You must enter it in the App Service on Azure Stack installer.
I then ran the second script, Get-AzureSTackRootCert.ps1 as CloudAdmin.
There are 4 other certificates I did not create. I was unsure if these are manually created certificates or if there was a process in place that created these scripts. These four scripts are required for Production deployments but this isn’t a production deployment.
The Default Domain Certificate
IV. Prepare A SQL Server Instance
I will be honest. When I got to this section I was a little confused. I had first thought they wanted a PaaS SQL instance and was wondering why they didn’t point that out before we even started to deploy the App Service. However, this is just a simple VM running a SQL Instance. For this deployment, I had downloaded into my marketplace the Free SQL Server 2017 Express on Windows Server 2016.
Note: Make sure you also import from Azure into your Marketplace the SQL IaaS Extension.
I used an A3 Standard VM and placed it in the same resource group that the FileServerVM was in. I also am just going to use the same VNET so the VM’s can communicate without having to create more network rules for now. Make sure you can communicate with your SQL server.
V. Create Azure Active Directory Application
The one thing I didn’t mention is that we are using Azure Active Directory (AAD) over Active Directory Federation Services (ADFS). I took the steps below directly from the Microsoft Documentation on how to Create an Azure Active Directory Application.
- Open a PowerShell instance as azurestack\AzureStackAdmin.
- Go to the location of the scripts that you downloaded and extracted in the prerequisite step.
- Install PowerShell for Azure Stack. (This should already be done.)
Note: Step 3 and 4 didn’t come up for me until after I put the path in for the certificate and the password for the certificate.
- Run the Create-AADIdentityApp.ps1 script. When you’re prompted, enter the Azure AD tenant ID that you’re using for your Azure Stack deployment. For example, enter myazurestack.onmicrosoft.com.
- In the Credential window, enter your Azure AD service admin account and password. Select OK.
- Enter the certificate file path and certificate password for the certificate created earlier. The certificate created for this step by default is sso.appservice.local.azurestack.external.pfx. My path was C:\AppServiceHelperScripts\sso.appservice.local.azurestack.external.pfx
- The script creates a new application in the tenant Azure AD instance. Make note of the application ID that’s returned in the PowerShell output. You need this information during installation.
- Open a new browser window, and sign in to the Azure portal as the Azure Active Directory service admin.
- Open the Azure AD resource provider.
- Select App Registrations.
- Search for the application ID returned as part of step 7. An App Service application is listed.
- Select Application in the list.
- Select Required Permissions > Grant Permissions > Yes.
At this point, I am ready to actually deploy the App Services Resource provider.
VI. Deploy App Service Resource Provider
Now, at this point, it is pretty much all click click click. It will ask you for a few things but if you did everything correctly in the Before you get started section of the Microsoft documentation you shouldn’t have any issues here.
Installing the App Service resource provider into your Azure Stack environment can take up to an hour. During this process, the installer will:
- Create a blob container in the specified Azure Stack storage account.
- Create a DNS zone and entries for App Service.
- Register the App Service resource provider.
- Register the App Service gallery items.
I want to point out again that the documentation again says to use azurestack\cloudadmin for this process. I was still logged on using AzureStack\AzureStackAdmin and didn’t have issues using this account.
I am really excited about Azure Stack and being able to work with technologies like Azure Stack. I have so much more to learn but with time I am hoping to one day be almost as good as Thomas Maurer and various other Cloud & Data Center Management MVP’s. It has been a few years since I really worked with Azure and getting back into this arena is at times stressful but exciting. I will try and blog about my experiences with deploying SQL as PaaS and also MySQL as PaaS within Azure Stack a well.