Friday, November 18, 2011

Cloud Management with System Center - Connecting App Controller to Azure Part 1

Welcome to the sixth instalment in my series on 'Cloud Management with System Center' and in this post I will be explaining how to connect System Center App Controller 2012 (SCAC 2012) to the Microsoft public cloud offering - Azure.

If you want to know how to install System Center App Controller 2012 or haven't read the other posts in this series, then check out the links below for more information:

Installing System Center App Controller 2012

Cloud Management with System Center - Building a Private Cloud with SCVMM 2012


So, to begin with, here is a high level overview of what is required to connect your App Controller installation to a Windows Azure subscription:
  • Obtain / Create either a public or self-signed certificate for authentication
  • Add the certificate to Azure as a Management Certificate
  • Add the certificate to App Controller with Private Key attached
  • Create the connection within App Controller to connect to the Azure subscription
Sound easy so far? That's because it is! If you have a good handle on certificates and how they work, a basic knowledge of Azure subscriptions and a server or two to use, then you will be connected to the public cloud in no time!

For the purpose of this series, I will be using a self-signed certificate for authentication purposes but would always recommend using a trusted 3rd party CA in a production environment for additional security.

There are a number of ways that you can create a self-signed certificate and none of them are the right or wrong way but in this example, I will be using the IIS Manager on the App Controller server to create the certificate.

Using IIS to Create your Self-Signed Certificate

Open the Internet Information Services (IIS) Manager by typing inetmgr in the Start menu textbox

In the IIS section of the center pane, double-click Server Certificates


Click Create Self-Signed Certificate, and then finish the wizard




Once you have completed the certificate creation wizard, you will see your new certificate listed in the central window 'Server Certificates' window as below



Double clicking on the certificate will confirm to you that you have a new certificate issued today with a private key that corresponds to it



Now that we have our certificate created within IIS, we need to export this certificate as a .PFX file which essentially is your certificate with the private key attached and will be the file needed when creating the App Controller side of the connection

Exporting a .PFX file using IIS Manager

Open the Internet Information Services (IIS) Manager by typing inetmgr in the Start menu textbox and then in the IIS section of the center pane, double-click Server Certificates, right-click the certificate in the center pane, and then click Export.


Select the location for the file, enter the name for the file, and enter the password for the private key


Click 'OK' to complete the .PFX export.

Exporting the .CER certificate file with Certificate Manager

At this point we have our new self-signed certificate added to the Certificate ‘Local Computer\Personal Store’ of our App Controller server (the IIS certificate creation automatially does this) and we have also exported the certificate as a .pfx file which contains the private key of the certificate.

We must now export the certificate again from the personal store but this time we wont be exporting the private key and as such we want to end up with a certificate that ends in a .cer extension.

To do this, open up your Certificate ‘Local Computer\Personal Store’ by clicking on ‘Start’, ‘Run’ then typing ‘mmc’ and clicking ‘Enter’

Now click on ‘File’, select ‘Add/Remove Snapin’ and then double click on ‘Certificates’ from the ensuing list

This now opens up the ‘Certificates’ snapin and it is imperative that you select ‘Computer Account’ from the menu that comes up as below


Once you have selected ‘Computer Account’, click on ‘Next’ and then click ‘Finish’ from the next screen leaving the default selection of ‘Local Computer’ enabled

Now you need to expand down to the ‘Certificates\Personal\Certificates’ folder as below and you should see any certificates that have been created and self-signed to this server


To export the certificate as a .cer file with no private key, follow the screenshots below



Make sure you select 'No, do not export the private key' here





You should now have two files on the C drive of your App Controller server, one is a .cer and the other is a .pfx



In the Part 2 of this post I will explain how to import these certificates into Azure and App Controller and also how to then configure the link between the two.

This series of posts also coincide with the new Microsoft Private Cloud Community Evaluation Program starting up and you can sign up at any time to the CEP by clicking on the link below (you will need a Microsoft Live ID to sign in):

No comments:

Post a Comment