Deploying Microsoft Azure Stack TP1 nested on Hyper-V end to end

Hello the community!
I was kind of busy lastly and couldn’t find the time to blog about Microsoft Azure Stack but i was deeply involved into it! So here it comes my first article about it from a long coming series.
Moving to a better hardware for one of my labs and then having to redeploy completely my Microsoft Azure Stack Installation. i take the opportunity to share with you the process on how to install it on a nested hyper-v VM.
Before doing so i would like to state that to be honest this is not something i would encourage you to do if you want to evaluate the solution with the best user experience. Over time your performance can be greatly degraded and then your experience as well. In addition, keep in mind that using nested can lead you to weird behaviors/issues for which you will not be able to find any help but from the community itself.
As a reminder the hardware requirement for Microsoft Azure Stack TP1 PoC can be found here .
If you want to go deeper with the hardware tweaks there is an excellent post from Robert Smit on how to do it here.
Now you could tell me, then Alain why are you showing us this and why do you do it? Well first of all i have a good hardware which can actually handle Azure Stack but i don’t have enough drives (5 are required without tweaks). In addition i have been running it like this on my previous hardware (Dell R320) for 3 weeks without any issue. So it can be only better with an hardware upgrade. And of course this is a great solution if it for self learning purposes.
The physical hardware I’m using is Dell R730 with 128 GB DDR4, 2 X intel xeon E5-2620 v3 which provides 24 logical processors. The system is installed on a 15K SAS 300 GB drive from Dell. I’m storing all my VMs on a RAID 0 at hardware layer (PERC H730) of 2 server classes SSDs. The system run Windows Server 2016 TP4 at least and is completely up to date.
1\ Create the MAS VM
The VM specs which will be created and act as MAS host is configured as follow:
– Generation 2
– 12 Virtual Processors
– 64 GB fixed memory
– 1 single NIC Card with Mac Spoofing enabled and connected to an internal switch, disable all other features and hardware acceleration
– 1 system VHDX (provided by MAS installation binaries), 4 dynamic Data VHDX with 80 GB
– Nesting enabled
– VM name = MAS
The network configuration is tricky and will vary depending on the environment. Since I’m using an internal switch, i also need to create an external switch on my physical host and then use a virtual appliance acting as router/edge to link traffic between both using NAT. In my case I’m using a vyatta/vyos appliance because it is built on the same system as my physical ubiquity LTE edge router at home. I’m doing this because i don’t have any other choice, my server is hosted by a provider which only gives me a single NIC on my physical server.
My virtual switch manager looks like this:
My Edge is the bridge between all my internal networks and my external networks. it does provide DHCP, NAT, firewall and so on.
Internal-NAT10 will be the segment dedicated for the MAS nested host so it’s “Public IP” will be on 192.168.10.0/24
Here is a look at my edge interfaces (one interface per vswitch), all internal segments NAT to the WAN
/!\ Once again you can avoid all this trouble if you can dedicate an external switch (which has internet connectivity of course) to the NIC of your MAS VM. /!\
This is it for the prerequisites so now let’s create the VM and move forward.
To prepare the VM, i have created a script that i use every time i want to wipe my MAS VM and recreate it from scratch or simply do a new install on a new hardware. Basically it does copy the boot vhd from the MAS PoC sources to my VM store, mount the VHD and copy all required sources into it then create the VM with the required disks and start it.
This is a V1 of my script which does not include any variable, so you need to modify it according to your environment. I’ll update it later to make it usable without editing it but simply providing parameters.
Simply copy this script to your MAS PoC source folder and execute it from an elevated PS window. Change the paths in the script if needs to be before starting it.
It should take less than 10 minutes to get your MAS VM deployed. You will have to set local settings though and local administrator password in addition to provide a license key.
The VM once deployed will look like this :
I always disable checkpoints as well on my nested hosts.
2\ Deploy Microsoft Azure Stack
Now log on the VM using the credentials you have set during it’s deployment and check connectivity (ping and name resolution).
Bring the 4 data disks online but do not initialize them.
Customize your server at your wishes (computer name, windows defender configuration, enabling remote desktop and so on)
Then run a “quick” Windows Updates.
Restart your server once updates are completed and log in as Administrator.
/!\ From this stage you can already kick off the deployment by starting the script DeployAzureStack.ps1 from the C:\MAS_POC folder if you were using a dedicated external switch for this VM. /!\
If you are like me and you are using an internal switch then you will need to provide additional parameters to the script. Indeed you will have to provide the IP address that the NATVM should use (its public IP) and the gateway for this address. these needs to be on the same segment as the MAS VM which is in my case 192.168.10.0/24.
So let’s check our current lease to find a free IP for our NATVM.
I’m going to pick up 192.168.10.254/24 since it’s not being used. The gateway address is the router interface connected to this segment so 192.168.10.1.
Open en elevated PS window and move to the C:\MAS_POC folder then run the following command:
The process will then be quite straight forward. You will be prompted for different inputs, including an existing Azure AD credential.
/!\ This means that you must already have an existing AAD credential and AAD directory before starting MAS POC TP1 deployment, this is mandatory since the deployment will create some objects into this directory and AAD is being used for MAS authentication in TP1 /!\
Enter a password that meets AD prerequisites, this password will be used for all account which will be created in the domain AzureStack and also set as local administrator password.
You need now to log on Azure.
/!\ i have seen some posts of people having issue at this step and seeing the script fails. If it does happen to you, ensure that your session cookies are properly configured, let me a comment if you are facing this issue and need help /!\
Enter your Azure credential and the process will look for an existing Azure AD directory and will ask you if it can use it.
Type “Y” and press enter, the process will create some objects into your AAD directory and then initiate the deployment of MAS.
At this stage you are done for all inputs, Type “Y” then press enter and call it a coffee or even lunch time, actually i just did let it run over night and went to bed but on my hardware it takes about 2 hours to complete.
A couple hours later if everything went fine you should have a success message upon completion.
Let’s check it out! RDP to the ClientVM using the newly created RDP shortcut created on your desktop. Use the password set during deployment configuration.
Once on the portal VM, launch the Microsoft Azure Stack Portal shortcut.
use your AAD credential.
And “Voilà” your Microsoft Azure Stack is properly deployed but many steps are still required before being able to consume it. We need to create a plan, an offer and make them available to the tenants which indeed we also need to create.
First of all let’s customize a little bit the blade and check the provider state. At the moment we are connected as the provider administrator so we have access to all resources monitoring.
From the blades, select location then local and ensure all providers are healthy (green mark)
3\ Configure Microsoft Azure Stack
First of all we need to create a plan and make it public. From the blades, go to new, Tenant Offers and Plans then select Plan.
Provide required information as you wish but be sure to select the 3 services: Storage, Compute and Network.
Configure each service and take the time to review the different options available for each service such as quotas, network QoS and so on.
When all services are configured, click on Create.
Now we need to make the Plan Public to make it available. Click on change state on the Plan blade and select Public
Now we need to create an offer based on this Plan. Go to New, Tenant Offers and Plan, provide the required information and be sure to select the previously created Plan then click on create.
Just like the Plan we need to make the offer Public to let it be available.
From a provider perspective we are done, we need now to create a tenant since we have none yet.
4\ Create a tenant for MAS
Connect to your Azure Classic Portal, go to the directory blade and select your directory.
Create a new user and give it an explicit name. Also notice the objects created by Azure Stack deployment. (i have 4 TIP in my directory because i still have 2 MAS deployment, i didn’t yet removed the one on my old hardware. In your case you should only have 2 TIP)
Once the user is created, close all your edge windows and start the Azure Stack Portal shortcut again from the ClientVM desktop.
This time click on use another account and log in with the tenant account freshly created.
You should be logged in with a warning complaining that you don’t have any subscription.
So let’s subscribe to the offer that we have created. Click on get a subscription, give it a name and then select the offer previously created.
If everything is fine, the hub event should give you a success message.
This is it, your Azure Stack is configured and you are connected as a tenant to the new subscription.
In order to see all new resources, you need to refresh the Edge page.
Let’s customize our portal view with our favorite blades and try a deployment to validate the configuration.
Click on browse and mark with a star all resources that you want to bookmark on your home blade.
Once done, it is time to try a deployment.
5\ Create our first VM in MAS
Still connected as a tenant, go to new, Compute then select the Windows 2012 R2 template and fill in your information.
I’ll pick up an A2 standard machine
I’ll then use all default settings for my test regarding the settings pane.
Once the deployment is started you can move to the resources group blade, you should see your new resource group and all its resources being deployed.
On the MAS host we can see that the VM is being created
Let’s get back to the portal and give it a few minutes to complete the VM creation.
Once you get the hub notification for the success of your deployment you can try to connect to the VM by clicking connect from the VM pane.
From your VM pane review the settings to see how they exactly match Azure settings and options, virtual network, network security group, public IP, storage account, everything is there!
Click on connect to log on to your VM.
use the credential that you have provided in the VM configuration.
As you can see the VM has been properly deployed and configured. Connectivity is fine since i can ping the outside world.
My DNS resolution is not working but this is expected, this is a nested environment , the VM public IP is NATed and i didn’t configure yet DNS traffic forwarding on my router for this network segment.
Now if you are wondering how look the performance of the MAS VM since everything is deployed, well i have to say: It is very smooth!
Here is a look at the current performance on the nested hyper-V (MAS VM)
And another this time from the physical host hosting the MAS VM itself.
If you are wondering why I’m not using dynamic memory to spare some RAM, well it’s quite obvious, while nesting an hyper-V fixed memory has to be use if you want to avoid issues and get smooth performance. In addition using SSD to store the nested hyper-V is highly recommended if not mandatory..
I hope this article will help you evaluate Microsoft Azure Stack because it is really an amazing solution and I’m really excited about it. Even if it’s an early stage and this the first preview, it does already provide a great experience and capabilities.
In a future post I’ll explain how to add the new provider released for PaaS which brings Webapps, SQL and MySQL into this Microsoft Azure Stack setup so stay tuned!
If you have any questions or issues, feel free to post a comment.
[Edit 3/11/2016] : it turns out that this setting has issues. Everything will work as intended as long as you don’t connect to any fabric VM. If you only connect to the ClientVM and tenant VM everything will be fine. But if you connect to one of the other VM the virtual host will freeze as long as Mac spoofing is enabled. After digging a little bit into the issue, it seems it is related to the usage of VXLAN 1001 on management network. Mac spoofing and VXLAN are not friends at all …. Since there is no way at the moment to set the switch or hyper-v port on promiscious mode i didn’t find any solution to this issue.
I then tried to deploy the same setup on VMware Workstation 12 and ESX 6.0 and everything works properly since we can use promiscious mode at switch level. I’ll try to add a new article on how to create the VM on ESX if i have some free time in the next days.