Kicking the tires on TP3 using an All-In-One OpsMgr virtual in Azure IaaS

Technical Preview 3 is now available for both Windows Server 2016 and System Center vNext. This blog post will showcase a method to use Azure IaaS to augment your existing monitoring environment allowing you to test functionality in the new version while maintaining your on-prem monitoring solution. I am using a multihomed configuration to allow these agents to report to both my on-prem OpsMgr instance to the new OpsMgr TP3 configuration. This approach provides a way to test the new functionality in the upcoming release with little to no impact to my existing monitoring environment.

This blog post will cover the following topics:

  • Creating a Windows Server 2016 Technical Preview 3 virtual machine in Azure
  • Configuring requirements for an All-In-One environment
  • Configuring pre-requisites for OpsMgr vNext TP3
  • Installation of OpsMgr vNext TP3
  • Configuring On-Prem DNS to access the OpsMgr environment
  • Certificate requirements
  • Benefits to using Azure for this configuration
  • Scaling up and Scaling down
  • So what does it look like?

 

Creating a Windows Server 2016 Technical Preview 3 virtual machine in Azure

The process to create a new virtual machine in Azure for Windows Server 2016 TP3 was extremely simple as there was a pre-existing image for Windows Server 2016 TP3 shown below.

To be able to determine costs, check out the pricing calculator (https://azure.microsoft.com/en-us/pricing/calculator/) to determine what level you can use. For my example, I expected that I would need at least 4 cores and 7 GB of memory considering what this server will be doing (domain controller, PKI server, SQL server, OpsMgr server, etc).

When estimating leave some room for additional charges which may occur such as data transfer out, storage transactions and standard IO. An example of this for my lab after running for a few days is shown below.

During the virtual machine creation process I also added on inbound port to allow connectivity to Operations Manager from agents in my environment.

The total process time to create the virtual was less than 10 minutes from starting the wizard until I was able to access the VM via RDP.

 

Configuring requirements for an All-In-One environment

To create this as an All-In-One OpsMgr vNext TP3 environment, it needs to be fully self-contained as a single virtual machine. To make that happen we need at least the following:

  • A domain controller for a new domain
  • A PKI server to provide certificates for clients to report to OpsMgr in this new (and untrusted) domain

For previous instances of these types of efforts see:

 

The next step was to configure this server to be a domain controller in its own domain through adding the Active Directory Domain Services role.

And then we use the option in Server Manager to do the configuration for the domain controller (DCPromo). Unlike the screenshot below, I used a new domain with a new domain name (CloudAzure.pvt is what I used which will later be relevant in the DNS configuration pieces for this example).

To provide the ability for untrusted agents to report to this Operations Manager environment we need to configure certificates to communicate with the TP3 environment. To allow this functionality add the Active Directory Certificate Services server role as shown below.

 

Configuring pre-requisites for OpsMgr vNext TP3

Prior to installation of Operations Manager TP3 we needed to get all of the software required. System Center 2016 TP3 and SQL 2014 are both available for MSDN subscribers at https://msdn.microsoft.com/en-us/subscriptions/downloads/

The quickest way I could find to download these files was to use Internet Explorer as it appears that Edge blocks the default admin user account. To facilitate this download, I added the MSDN sites to the trusted list to allow downloads. Additionally I had to make changes to allow the download including the one document at: http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/error-message-your-current-security-settings-do/59cc236d-7baf-4552-92ff-b34b9a6942aa?auth=1

It is also possible to download the files that you want locally and then to copy them over via the RDP connection. However, it was much faster to get the software downloaded directly from the IaaS virtual than it was to upload files through the RDP connection in my environment.

 

The installation of SQL 2014 (not shown here) was pretty straight forward. There were two gotcha’s to be aware of:

  1. Add the “.NET Framework 3.5 Features”
  2. Be sure to install SQL Full Text Search during the installation of SQL 2014

 

Installation of OpsMgr vNext TP3

Screenshots are shown below for reference – first for extracting the technical preview software:

The installation of TP3 for SCOM worked very much like previous versions of Operations Manager. Screenshots below are for reference:

Standard requirements including Report Viewer, IIS and other pre-requisites still apply as shown below.

I did not remember seeing this before, so this screen may be one visible change in TP3.

The installation process completed without issue. From spinning up the virtual, to installing features, to installing SQL server, and installing OpsMgr TP3 was less than 5 hours. The console with version information is shown below.

 

 

Configuring On-Prem DNS to access the OpsMgr environment:

One challenge to face for this configuration is the FQDN of the server. Since we are creating our own domain, the FQDN for this server is: AllInOneOMTP3.CloudAzure.pvt. However, the external name for this server is actually AllInOneOMTP3.cloudapp.net. Since we are using certificates, the name of the server which the clients are accessing needs to be the same as the actual name of the server. This is an issue however because clients in my lab will not know how to resolve the name for AllInOneOMTP3.CloudAzure.pvt. To fix this for the on-prem environment we create a DNS zone with one record in it.

The screenshot below shows the new domain (ClourAzure.pvt) which has a single Alias (CNAME) record which points AllInOneOMTP3.CloudAzure.pvt to AllInOneOMTP3.cloudapp.net. This resolution allows the OpsMgr clients to communicate with the management server using the correct name.

 

Certificate requirements:

Since this is an all-in-one environment with its own domain/forest which isn’t trusted by any other domains or forests we need to have certificates both for the management server and for each of the clients which will report to this system. To handle these certificates I highly recommend the following:

 

Benefits to using Azure for this configuration:

There are several benefits that I have found for using Azure for this configuration:

  1. The ease and speed of building up the environment was much faster than it historically was in my lab environments due to the increased speed and performance of Azure versus my lab environment.
  2. Once the IaaS virtual has been built, if it is not required for monitoring it can be shut down to decrease usage.
  3. Scaling up and scaling down can be used to keep costs low. Details on this follow in the next section of this blog post.

 

Scaling up and scaling down:

The initial configuration I identified for my All-In-One was an A3 (as shown earlier in this blog post). I found that the server could function and collect data as an A2. A screenshot of this configuration is shown below:

The change from an A3 down to an A2 decreases the monthly costs significantly as shown below: (saving just over $100 per month if it was in this configuration for the full month)

The VM configuration can also be increased to an A4 level during demos. If we split the hours we can see that if the VM is run for 600 hours as an A2, this should easily leave plenty of funding available to demo the VM as an A4.

TIP: What happens when you change the hardware on an IaaS server? From my tests it appears that when the hardware is changed the VM is shut down, then changes are made to the configuration and then the VM is restarted. This means that any option applications or documents will be lost so be sure to have everything closed before making this change. In my lab the RDP session disconnected when the change was made, but it re-connected within the default 20 retry count for an RDP connection. If you want to get really advanced on this you can create automations in Azure Automation to scale up and scale down the VM as required versus manually making this change.

My hope is that by running this as an A2 for when demos are not running and increasing it to an A4 for when demos are running I will be able to keep the environment within the $250/month budget that I have for this subscription.

 

So what does it look like?

Not surprisingly in Azure this looks like it would on-prem. The screenshot below shows the Administrator pane and highlights the new Scheduled Maintenance functionality (this should look familiar, it’s from the same lab I used for this blog post: http://blogs.catapultsystems.com/cfuller/archive/2015/08/27/scheduled-maintenance-mode-in-operations-manager-vnext/).

What do the agents look like? The agent below shows how it is multihomed to both my on-prem OpsMgr environment and to the one running in Azure.

To find out what is new in OpsMgr vNext I recommend the following links:

 

Summary: The process to create an All-In-One environment for a Windows Server 2016 Technical Preview 3 and Operations Manager Technical Preview 3 using Azure proved to be a quick way to bring up a new demo environment to test these technologies. If you have an existing subscription (such as an MSDN) you can leverage that subscription’s Azure benefits to provide a functional All-In-One environment to test functionality like this (for details see http://blogs.catapultsystems.com/cfuller/archive/2012/10/01/creating-my-first-server-running-in-azure-using-my-msdn-subscription-windowsserver-azure/?utm_medium=twitter&utm_source=twitterfeed and http://blogs.catapultsystems.com/cfuller/archive/2013/02/28/windows-azure-get-more-benefits-from-the-msdn-subscription-windowsserver-azure/).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.