VB Magic

2014/03/31

Connecting an Azure Web Role to an existing Virtual Network connected to company WAN

Filed under: Azure — Tags: , , , , , , — vbmagic @ 3:34 pm

I’ve just been trying to deploy an Azure web role so that it would be available on our company WAN. This is easy for a VM as you just need to specify the Virtual Network when you create the VM. But for a Cloud Service it’s not so straight forward. It turned out to be pretty simple though once I had done some research. The first thing that needs to happen is a small change to the ServiceConfiguration.Cloud.csfg file.

...
  </Role>
  <NetworkConfiguration>
    <VirtualNetworkSite name="myVirtualNetwork" />
    <AddressAssignments>
      <InstanceAddress roleName="myWebSite">
        <Subnets>
          <Subnet name="MySubNet" />
        </Subnets>
      </InstanceAddress>
    </AddressAssignments>
  </NetworkConfiguration>
...

The VirtualNetworkSite name is the name of your Virtual Network.
InstanceAddress roleName is the name of the Web Role in your Cloud Service (Usually the name of your website in your solution).
Subnet name can be found on your Virtual Network Address Spaces section on the Configure tab of your virtual network.

Once that is done and you deploy your website (Make sure you deploy in the same datacentre as the virtual network), you should be able to access your site on the internal network.

In my case there was still a problem. This was an internal site but by default, it was accessible via the Cloud Service’s cloudapp.net address. I did the following things to fix this:

First Double click the role in the Cloud Server project of your solution in Visual Studio. Select Endpoints and change the default end point from External to Internal. Then 80 in the private port.

If you deployed now you would no longer be able to access the website via the external cloudapp.net address. But there is a problem, the Cloud Service’s internal firewall will block port 80 making it impossible to connect to via the internal network as well.

To get around the firewall issue, I created a .bat file and added it to the website project and set “Copy to Output Directory” to “Always”. The bat file contained one command:

netsh advfirewall firewall add rule name="HTTP IN" dir=in action=allow service=any enable=yes profile=any localport=80 protocol=tcp

I then modified the ServiceDefinition.csdef file to add an elevated task just after the WebRole element. (It has to be elevated as netsh will require admin privileges)

  <WebRole name="myWebSite" vmsize="Small">
    <Startup>
      <Task commandLine="fwrules.bat" executionContext="elevated" taskType="simple" />
    </Startup>
...

Once this was deployed the site was blocked from the internet but available on the internal network.

2012/07/19

Taking a IIS pre-generated web service and putting into Azure

Filed under: Azure, Learning, SQL Azure, VB.NET — Tags: , , , , — vbmagic @ 3:11 pm

I had, what I thought, was a simple job to do; but it took over two weeks of discovery to find out it actually was easy, but not quite in the way I was planning to do it.

I had two web services that I needed to host in Azure. For a temporary measure, I create a single Azure instance and this had a simple elevated start up task that installed required run-times and then downloaded 7zip file from Azure storage and then extracted this file.

I then connected to the instance via remote desktop, launched IIS Manager and created the web applications there. I also manually started a back end process.

The next step was to try and automate the deployment of this process using two instances. I moved the required database into SQL Azure which worked fine.

Next I created a new C# Azure project with an ASP.net web role and added the tasks to install the runtime and also looked up the commands required to add the website applications.

I hit a problem that I never really managed to solve where the installation of the C++ 10 runtime would just hang the start-up task. After spending around three days trying to diagnose what had happened I decided to start again from scratch.

I created a new VB Azure project with an ASP.net web role. I added the same task which ran a batch file. This time round the run-times installed with no problem. (I guess I’ll never know what went wrong with that one)

The next part of the script was to download and extract the 7zip archive file. (To download from storage I used the Azure Command Line tools from Rob  Blackwell/Two10 Degrees: https://github.com/RobBlackwell/AzureCommandLineTools)

I then extracted the archive using 7zip command line tools (http://www.7-zip.org/download.html)

It was when I came to run AppCmd.exe to add the extracted web applications, I learned about the order that Tasks etc. are run in Azure. (After a day or so of tracking things down)

The following article helped clarify this a lot. (I’ve borrowed the picture from the article below) http://msdn.microsoft.com/en-us/library/windowsazure/hh127476.aspx

Azure Startup flow chart

Azure Startup flow chart

 

So basically, any start-up tasks would not be able to run scripts that try to modify the website (Like adding the web applications). I abandoned that idea.

Now there is an Elevated Simple task which installs the required run-times and downloads and extracts the files required.

Then there is an Elevated Foreground task which starts the back end process.

All that was left to do was get the web applications (Which were extracted by the Simple Task onto the C: drive)

After a lot more web searching I decided to modify the service definition file for the website and added the virtual applications to this file. (As described in this article: http://msdn.microsoft.com/en-us/library/windowsazure/gg433110.aspx )

I pointed the physical directory to where the application will be extracted to on the C drive of the instance. This caused a build error saying it couldn’t find the directories. I created these directories on the C drive of the machine I was publishing from which allowed the publish to complete.

Unfortunately the deployment got stuck in busy until I deleted it. (Waited a good few hours and tried a couple of times just in case of a “Glitch”).

As a last resort, I extracted the web applications and added the files to the web role’s project folder and then included them into the project. Next I modified the physical directory to a relative directory pointing to the included application directories.

Published and to my great surprise it actually work. Phew!

Took a few weeks but was a great learning process (If a bit frustrating at times 😉 )

Jas

Blog at WordPress.com.