August 17, 2017

Install Azure Stack in Azure - Part 2

Welcome back dear friends to the next installment of getting Azure Stack up and going in Azure. Read my last post to get the basics first!

Spinning up #AzureStack on #Azure for POCs and Demos. Part 1 - The basics.

Now that your CloudBuilder download has completed, you need to set up some networking for your Level 2 VM to talk to the internet. We do this by way of NAT. PowerShell has a nice little command to set this up. Here you go:

$SwitchTest=Get-VMSwitch -Name "NATSwitch" -ErrorAction SilentlyContinue if($SwitchTest -eq $null){ New-VMSwitch -Name "NATSwitch" -SwitchType Internal -Verbose $NIC=Get-NetAdapter|Out-GridView -PassThru New-NetIPAddress -IPAddress -PrefixLength 24 -InterfaceIndex $NIC.ifIndex New-NetNat -Name "NATSwitch" -InternalIPInterfaceAddressPrefix "" -Verbose }

This means that the CloudBuilder Level 2 VM will live on the 172 IP range. Couldn't care less with Host VM network looks like, as long as it can hit the Net. Now, in HyperV Manager, create a Virtual Machine called Azure Stack. When you get done, it should look like this:

Some notes about this bad boy:

  1. The VM has 131 GB of RAM. This is pretty much bare minimum if you plan to add anything to your install afterwards like tenant, PaaS services, etc. The official docs say less, I say, use what you go.
  2. I created two additional SCSI Controllers and those additional controllers have two Data disks each. Now, each of these data disks, along with the OS disk do live on the SAME volume, but recall that this is actually TEN disks brought together. These Data disks are each 1TB and are NOT dynamically expanding - fixed size these suckers. Lo to the power of ReFS, full expansion of 1TB takes about .03 seconds!
  3. Why extra SCSI Controllers? Extra flexibility in the future and it seemed like a good idea.
  4. Why 4 data disks? Azure Stack REQUIRES there be at least 3 data disks to work with. Additionally, it should be noted that if you have 5 or more disks presented to Azure Stack, it will go into a fault tolerant mode, which while nice, slows things down due to parity and striping AND isn't necessary, cause Azure.
  5. Why 4 TB total? That's about what you need. If you want, you can make them bigger, but remember not to fill up the full 10TB volume, that removes your flexibility in the future.
  6. The OS drive is the CloudBuilder.vhdx image you downloaded. There are other sites out there on the web tubes that talk about copying files into a clean 2016 VM - don't do it. This CloudBuilder.vhdx has some PRIVATE KBs applied to it that help keep your POC stable. Trust me...I've encountered that joy.
  7. The TPM is enabled but just cause. Everything else is pretty standard.
  8. I gave this VM 24 processors. This will save a bit for the HOST but we'll need all we can get.
  9. The OS drive, CloudBuilder.vhdx, needs to be EXPANDED to 200GB. By default, it is set to 127GB and installation WILL FAIL.
  10. The NIC card is assigned to NATSwitch. This is NOT the default. This NATSwitch is what you created in the PowerShell up above.

After saving your settings, and BEFORE booting the VM for the first time, you need to tell CloudBuilder about the fact that it has Hypervisor capabilities. Recall, perhaps, that Nested Virtualization means you can go N levels deep and still use the hardware on the physical host. By default, however, such facilities are NOT presented to virtual machines. So, let's enable that. From HOST, run this PowerShell command:

Set-VMProcessor -VMName AzureStack -ExposeVirtualizationExtensions $true –Verbose

Now, pause for a moment and consider what you just did. You just created a VM within a VM that has 24 processors and 130GB of RAM. Niiiiice.

Finally, before booting, from HOST, open up Windows Defender and EXCLUDE H:\ AND *.vhdx from scanning.

(I went a bit overkill)

Let's boot this machine! CloudBuilder will boot into OOBE, give it a password. Note that in a while, when we actually start installing Azure Stack, you'll want THIS password and the Azure Stack password to be the same. (This is POC, security < important). Once you boot it up, log in via the console.


First thing's first:

  1. Do NOT patch CloudBuilder. Nope. Don't even THINK about patching CloudBuilder. You'll get about 80% done with the install and have spent about 6 hours and realize you get to start over.

Open up Disk Management and EXPAND the OS drive to the full 200GB:

Also, not pictured, Online and Initialize the four DATA disks. DO NOT CREATE VOLUMES OR DRIVES. Use GPT.

Next, let's get networking good to go. You're NAT'ed so you'll want to match your network with static addresses to get you on the net. Ping or something after setting this to make sure you are up and going.

Yes, there is irony and humor in using Google's DNS servers from Azure. The important part is that the IP addy and Gateway match the net that is presented from the Net Nat switch you created with PowerShell.

Now, you are getting close to being ready to think about getting ready to install Azure Stack. First, a quick survey:

C:\ shows several important folders, namely, CloudDeployment, which is where you are going to spend a great deal of time. Open up PowerShell and run these commands (everything should already be in place, but best to double check):

`Add-WindowsFeature Hyper-V, Failover-Clustering, Web-Server -IncludeManagementTools

Add-WindowsFeature RSAT-AD-PowerShell, RSAT-ADDS -IncludeAllSubFeature

Install-PackageProvider nuget –Verbose`

Now, run these commands and procedure:

Set-Item wsman:localhost\client\trustedhosts -Value *

Open the gpedit.msc console and navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credential Delegation.

Activate Allow Delegating Fresh Credentials with NTLM-only Server Authentication and add the value WSMAN/*

Close out of gpedit. Run these two scripts:

Enable-WSManCredSSP -Role Client -DelegateComputer *

Enable-WSManCredSSP -Role Server

Now, we are ready to go! That's the next part...stay tuned :)