One of the core tenants for working with cloud services is automation. When it comes to deploying our new cloud solutions, we want to automate the process as much as possible too. Both Visual Studio and the Windows Azure online management portal make deployments pretty easy - but it's manual. By leveraging tools like PowerShell we can automate much of the mundane deployment tasks, allowing us to have confidence in the final solution. We can further enhance our build and deploy solution by leveraging TFS - giving us continuous cloud deployments! Besides covering deployment options with PowerShell and TFS, in this session we'll also discuss techniques for handling the inevitable updates of our cloud services. Coming away from this session you'll have a solid understanding, backed by practical real-world examples, of handling service deployments and updates.
This session was presented at Visual Studio Live (Las Vegas, March 2013).
Elevating Windows Azure Deployments (Visual Studio Live - Las Vegas 2013)
1. Elevating Windows Azure
Deployments
Michael S. Collier
National Architect, Cloud
Level: Intermediate
2. About Me
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
3. Today’s Agenda
• Authentication
• Visual Studio
• PowerShell
• TFS
• Command Line Options
4. Why?
• Build & deployment process
crucial to any project.
– Easily overlooked initially.
– Good tools and/or process
are worth the time.
5. Automation is the Key
• Windows Azure – nearly
everything is automated.
• Scale makes automation a
necessity.
• Failure to automate puts
projects at risk
• Several deployment options
available with Windows
Azure.
6. Windows Azure Deployment Options
Management Portal
Great for quick deployments or updates.
Need to have deployment package and config prepared.
7. Windows Azure Deployment Options
Visual Studio
Very low developer friction – wizards make it easy.
Automatically handles some of the necessary tasks
8. Windows Azure Deployment Options
PowerShell
Very powerful – can do pretty much anything from PowerShell.
Slight learning curve if not familiar with PowerShell.
9. Windows Azure Deployment Options
Management API
The native interface – everything else uses the management API.
More code to write – build your own tools or processes.
10. Windows Azure Deployment Options
• Team Foundation Server
– Tap into existing build workflows.
– Need to understand how to edit build
tasks and workflows.
– Use PowerShell script or MSBuild
target to deploy.
• Team Foundation Service
– Already includes workflow to build
and deploy.
• Everything requires some form of
authentication.
11. Microsoft Account
• Used only with Windows Azure Management Portal.
• Can delegate co-admin access to other Microsoft Accounts.
https://manage.windowsazure.com
12. Management Certificate
• Identifies you with Windows Azure
– X509 certificate.
– Can create yourself or have Windows Azure create one for you.
– Anything that uses the management API (Visual Studio, PowerShell, TFS, etc.)
• Key Management
– Upload the .cer file to the Windows Azure management portal.
– You keep the private key in your certificate store.
13. Create a Cert using IIS
• Quick and easy, but limited control
– IIS Management Console
Server Certificate
Link to „Create Self-Signed Certificate‟
Provide a name – file in Local ComputerPersonal store
– Export the PFX to a CER without the private key
Add Certificate snap-in for MMC
Find certificate and Export
14. Create a Cert using IIS
• Quick and easy, but limited control
– IIS Management Console
Server Certificate
Link to „Create Self-Signed Certificate‟
Provide a name – file in Local ComputerPersonal store
– Export the PFX to a CER without the private key
Add Certificate snap-in for MMC
Find certificate and Export
15. Create a Cert using IIS
• Quick and easy, but limited control
– IIS Management Console
Server Certificate
Link to „Create Self-Signed Certificate‟
Provide a name – file in Local ComputerPersonal store
– Export the PFX to a CER without the private key
Add Certificate snap-in for MMC
Find certificate and Export
16. Import a Cert from Windows Azure
• Import a Certificate via a
.publishsettings file
– Created automatically by visiting
https://windows.azure.com/download/pu
blishprofile.aspx
– Contains a base64 encoded certificate
(w/ the private key).
• Advantages
– Fast and easy – minimal developer
friction.
• Disadvantages
– Certificate created in every subscription
associated with your Microsoft Account.
– Can‟t control the certificate name
(<subscription_name>-<date_created>-
credentials)
– Easy to hit 25 certificate limit within a
subscription or Microsoft Account.
17. Import a Cert from Windows Azure
• Protect Your Secrets
– Delete the .publishsettings file after
import (or at least keep someplace
safe).
– Visual Studio places local file at
%UserProfile%My DocumentsVisual
Studio 2012SettingsWindows Azure
Connections.xml.
18. Create a Cert using MAKECERT
• Offers a great deal of control.
• Create a .cmd file for easy reuse & share with team.
One line
20. Visual Studio Deployment
• Create a Project
– New Windows Azure Cloud Service project.
– Add Windows Azure deployment to existing
project.
• Authenticate
– Import certificate from a .publishsettings file.
– Use an existing certificate.
Load certificate to the management portal.
Associate certificate with Visual Studio.
• Publish
– Visual Studio verifies deployment package.
– Creates new Cloud Service (if necessary).
– Uploads package (.cspkg and .cscfg) to blob
storage and deploys.
More details at http://msdn.microsoft.com/en-us/library/ee460772.aspx
21. Where are the Files?
• Visual Studio publish location
– Temporarily stored at <storage_account>vsdeploy<guid>
22. • Keep deployment files in blob storage for
easy & fast deployments in the future.
• No need to re-upload – deploy from blob
storage.
23. PowerShell Deployment
• Automate as much as possible.
– Figure out the process first.
– Automate the tedious and error prone – like deployments.
– Save time and frustrations.
• One script for all.
– One script for local and source control builds (TFS).
– Share across a team – everybody follows the same process.
25. Getting Started
• Download from https://www.windowsazure.com/en-
us/manage/downloads/
– Officially supported cmdlets – not the previous version on CodePlex.
– Not everything from previous version has made it over yet (e.g. storage)
• Import module
– Import-Module "C:Program Files (x86)Microsoft SDKsWindows
AzurePowerShellAzureAzure.psd1“
• Authenticate
– Import certificate from a .publishsettings file or use an existing certificate.
• Subscription
– Select a subscription and a storage account for deployments
– Default location - %userprofile%AppDataRoamingWindows Azure Powershell
27. Leverage Team Foundation Service
• Includes pre-built deployment
workflow.
– Use default settings
– Override settings to customize
deployment (name, storage account,
slot, label, etc.)
– See full tutorial at
https://www.windowsazure.com/en-
us/develop/net/common-
tasks/publishing-with-tfs/
• Currently in Preview
28. Leverage Team Foundation Service
• Includes pre-built deployment
workflow.
– Use default settings
– Override settings to customize
deployment (name, storage account,
slot, label, etc.)
– See full tutorial at
https://www.windowsazure.com/en-
us/develop/net/common-
tasks/publishing-with-tfs/
• Currently in Preview
30. PowerShell and TFS
• Execute PowerShell script from TFS build workflow
– Call to the same PowerShell script created previously.
– Edit build definition to accept input parameters for the PowerShell script.
31. Enabling Continuous Deployment
• Check-in the source code.
• Package and deploy to Windows Azure.
• NOT cost efficient!
– Deployed services cost money regardless of use.
– Each time a service is deleted and deployed == 1 hour cost charge.
32. Build Server Configuration
• Not “hard”, but somewhat time consuming.
– Turn on logging in the build – very helpful in understanding why something doesn‟t work.
• Several misc. components to install manually.
– Developer workstations – Web PI often handles these things for you as part of Visual Studio
setup.
• Give build service account at least Read access to mgmt. certificate.
• What You May Need
– .NET Framework version(s)
– Windows Azure Authoring Tools
– Windows Azure Tools for Visual Studio
– Windows Azure PowerShell Cmdlets
– Microsoft.WebApplications.targets file (copy from computer w/ Visual Studio installed)
– Management Certificate
34. Cross Platform Tools (command line)
• Websites • Service Bus
– Create & manage – Create & manage namespaces
– Download logs • Cloud Services
– Manage deployments – List & delete services
– Github integration – Manage service certificates
• Virtual Machines • Storage Account
– Create & manage – Create & manage
– Endpoints & images
• Mobile Services
– Create & manage
– Tables, scripts, & configuration
– Logs
• Command reference at http://www.windowsazure.com/en-us/manage/linux/other-resources/command-line-
tools/
• Check out https://github.com/windowsazure/azure-sdk-tools-xplat for bug list and updates. Look at the dev
branch to see the future!
35. Get the Tools
• Get node.js • Get node.js
– http://nodejs.org – Windows installer
– npm install –g azure-cli – http://go.microsoft.com/fwlink/
– V0.8.x ?LinkID=275464&clcid=0x409
38. Support for Logical Environments
• Different Windows Azure projects for different logical
environments
– Handle differences in .csdef (i.e. machine size).
• Different build definitions - different environments.
– Different configuration settings (instance count, connection strings, etc.)
– Adjust input parameters to match the environment.
Storage account name Development QA Production
Service name
Deployment slot CS CS CS CS
... CS DB DB
Staging Staging Staging
CS CS CS
CS
CS DB
DB DB
Production Production Production
39. Windows Azure Deployments
TFS
Multiple paths available
Pick an authentication approach that works for you – understand the pros and cons.
Automate as much as possible – invest early and save yourself time and money later.
40. Resources
• Windows Azure Guidance
– https://www.windowsazure.com/en-us/develop/net/Guidance/
• Windows Azure Training Kit
– https://www.windowsazure.com/en-us/develop/net/other-resources/training-kit/
• Windows Azure Continuous Delivery
– https://www.windowsazure.com/en-us/develop/net/common-tasks/continuous-
delivery/
• Deploy Cloud Services with Visual Studio
– http://msdn.microsoft.com/en-us/library/ee460772.aspx
• Windows Azure Web Sites Cheat Sheet
– http://windowsazurewebsitescheatsheet.info
42. Thank You!!
Michael S. Collier
National Architect, Cloud
michael.collier@neudesic.com
@MichaelCollier
www.MichaelSCollier.com
http://www.slideshare.net/buckeye01
Please fill out your session evals!
Notes de l'éditeur
Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
Windows Azure – nearly everything is automated (server provisioning, updates, etc.)Scale makes automation a necessity – can’t reasonably & reliably handle large manual operations.Failure to automate puts projects at risk (turnover, slow reaction time, human mistakes, etc.)http://www.istockphoto.com/stock-photo-274969-huge-gear-arches-under-sky.php?st=3b552a1
Cloud Services Only
Cloud Services Only
Cloud Services Only
1 – Open IIS Management Console2 – Select ‘Server Certificates’3 – Select link to ‘Create Self-Signed Certificate’4 – Enter the name for the certificate. File place in Local Computer\\Personal store.Need to export the PFX certificate to a CER without the private key5 – Open MMC and add the Certificate snap-in for the Local Computer6 – Right click on the certificate and select Export7 – Follow the wizard to complete the process. Do not export the private key.http://msdn.microsoft.com/en-us/library/windowsazure/gg432987.aspx
1 – Open IIS Management Console2 – Select ‘Server Certificates’3 – Select link to ‘Create Self-Signed Certificate’4 – Enter the name for the certificate. File place in Local Computer\\Personal store.Need to export the PFX certificate to a CER without the private key5 – Open MMC and add the Certificate snap-in for the Local Computer6 – Right click on the certificate and select Export7 – Follow the wizard to complete the process. Do not export the private key.http://msdn.microsoft.com/en-us/library/windowsazure/gg432987.aspx
1 – Open IIS Management Console2 – Select ‘Server Certificates’3 – Select link to ‘Create Self-Signed Certificate’4 – Enter the name for the certificate. File place in Local Computer\\Personal store.Need to export the PFX certificate to a CER without the private key5 – Open MMC and add the Certificate snap-in for the Local Computer6 – Right click on the certificate and select Export7 – Follow the wizard to complete the process. Do not export the private key.http://msdn.microsoft.com/en-us/library/windowsazure/gg432987.aspx
.publishsettings file makes getting started easy, but has some drawbacks when working with multiple subscriptions and across teams.I prefer to create my own certificate.Use my certificate instead of importing a .publishsettings file as many labs and examples show. Prefer full control.“Windows Azure Connections.xml” file contains listing of subscription ID and cert thumbprint.http://blogs.msdn.com/b/tomholl/archive/2011/12/06/automated-build-and-deployment-with-windows-azure-sdk-1-6.aspx
.publishsettings file makes getting started easy, but has some drawbacks when working with multiple subscriptions and across teams.I prefer to create my own certificate.Use my certificate instead of importing a .publishsettings file as many labs and examples show. Prefer full control.“Windows Azure Connections.xml” file contains listing of subscription ID and cert thumbprint.http://blogs.msdn.com/b/tomholl/archive/2011/12/06/automated-build-and-deployment-with-windows-azure-sdk-1-6.aspx
Upload resulting .cer file to the Azure mgmt portal.Share the certificate with the rest of your team. They install in their local workstation certificate store.
Vstudio temporarily places files in a private container called ‘vsdeploy’. Deleted after the deployment
A tip that sometimes comes in handy . . .
Launch Web PI to install the cmdlets and any missing dependencies.Be sure to follow the ‘How To’ and ‘Cmdlets’ links on the download page – very helpful docs on the ever growing set of cmdlets.More details at http://msdn.microsoft.com/en-us/library/windowsazure/jj554332.aspx.
Create and use basic PowerShell script to deploy.Create .ps1 file to build (MSBuild against the .ccproj file) and then execute PowerShell script to deploy.Update deployment (mention issue with Upgrade and local .cspkg vs. URI).
There seem to be some restrictions on what type of projects can be built. Build services are still in Preview mode.ASP.NET MVC 4 (Internet Application) – Web RoleWorker RoleASP.NET MVC4 web site
There seem to be some restrictions on what type of projects can be built. Build services are still in Preview mode.ASP.NET MVC 4 (Internet Application) – Web RoleWorker RoleASP.NET MVC4 web site
Goal is to create a build workflow and new custom input parameters to let us set values for our PowerShell script.The build workflow will exec out to PowerShell, providing the path to our script and input parameters.If you’re not comfortable or familiar with TFS build workflows, this is the worst part. Not bad once you understand it, but for me it wasn’t the most straight forward thing – don’t edit build workflows that much.
Authentication OptionsMicrosoft AccountCertificateVisual StudioLow developer frictionHides some of the detailsPowerShellVery powerful – do whatever you want.Scripts to automate the repetitive.TFSEnable a continuous deployment process.Leverage PowerShell from build workflow.
Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.