Part 2 – Uploading Certificate on Windows Azure Developer Portal

This is the second part of this blog post series about Establishing Remote Desktop to Windows Azure. You can check out the first part here.

So far we’ve just only do the work on the development environment side. There’re still something needs to be done on Windows Azure Portal.

Export Your Certificate

1. The first step is to export the physical certificate file since we need to upload it to Windows Azure Portal.

There’re actually few ways to export certificate file. The most common way is using MMC. Since we use Visual Studio to configure our remote desktop, we can utilize the feature as well. I refer to step 4 of the first part of the post, where you’ve just create a certificate using Visual Studio wizard. With the preferred certificate selected, click on View to see the detail of your certificate.

2. Click on Details tab of the Certificate dialog box, and then click on Copy to File button. It should bring you to a Certificate Export Wizard.

3. Clicking on Next button will bring you the next step where you can select whether to export private or public key. On the first step, select “No, do not export private key” first, keep following the wizard and eventually it will prompt you to the last page where you need to name the physical file [Name].CER.

4. Repeat from the step 1 to 3 but this time, select “Yes, export private key” which eventually will require you to define your password and export it to another [Name].pfx file.

Upload the certificate to Windows Azure Portal

Since we are done exporting both private and public key of the certificate, the next step is to upload it to Windows Azure.

5. Log-in to your Windows Azure Developer Portal (https//windows.azure.com). I assume that you’ve your subscription ready with your live id.

6. Click on the “Hosted Service, Storage Account, and CDN” on the left-hand side menu. On the upper part, click on Management Certificate. If you previously have uploaded the certificate, obviously you will see some of them.

7. Next step is to click on Add Certificate button and a modal pop up dialog will prompt you to select your subscription as well as upload your .CER certificate.

As instructed, go ahead to select your subscription and browse your .CER file where you’ve exported in step 3. It may take a few second to upload your certificate. You’ve successfully uploaded your public key of the certificate.

8. Now, you will also need to upload the private key. To do that, click on Hosted Service upper menu. Click on New Hosted Service button on upper menu and you will see Create a new Hosted Service dialog show up. There are a few section which you need to enter here.

a. Enter the name of your service and well as the URL prefix. Please note that the URL prefix must be globally unique.

b. Subsequently, select your region / affinity group, where do you want to host your service.

c. The next one is about your deployment option, whether you want to deploy it immediately as staging or production environment or do not deploy it first. I assume that you deploy it as production environment.

d. You can give your deployment name or label on it. People sometimes like to use either version number or current time as the label.

e. Now it’s your time to browse your package as well as configuration where you’ve created on the step 9 in previous post.

f. Finally, you need to add certificate again, but this time it’s private key certificate that you’ve specified in step 4 above.

Click OK when you are done with that. In the case where an warning occur, stating that you’ve only 1 instance, you can consider whether to increase your instance count to meet the 99.95% Microsoft SLA. If you are doing this only for development or testing purpose, I believe 1 instance doesn’t really matter. You can click on OK to continue.

8. It will definitely take some time to upload the package as well as wait for the fabric controller to allocate a hosted service place for you. You may see that the status will change slowly from “uploading”, “initializing”, “busy”, and eventually “ready”, if everything goes well.

Remote Desktop to Your Windows Azure Instance.

9. Assuming that your instance has been successfully uploaded. Now you can remote desktop by selecting the instance of your hosted service. And click on the Connect button in upper menu.

This will prompt you to download an .rdp file.

10. Open up the .rdp file and you will see a verification are you want to connect despite these certificate error. Just simply ignore it and click on Yes.

It will then prompt your for username and password that you’ve specified in Visual Studio when configuring the remote desktop. But, here’s little trick here. Just just simply click on your name since it will use your computer as domain. Instead, use “” (backslash) and follow-up with your username. For example: “wely”. And of course you’ll need to enter your password as well.

11. If it goes well, you’ll see that you’ve successfully remote desktop to you Windows Azure instance. Bingo!

Alright, that’s all for this post. Hope it helps! See you on another blog post.

Introduction

As a Platform-As-a-Service (PAAS) provider, Windows Azure provides provisioned VM environment for customer. It’s no longer our responsibility to take care of platform related matters. This also includes applying new patch on the operating system. Also the instance is actually sited behind the load-balancer.

We would be only focus on taking care of our application that is hosted in Windows Azure.

The application that is hosted on Windows Azure is precisely hosted on the VM instance. Those VM instances are actually provisioned as Windows Server 2008 images based on the VM size that we specify in ServiceDefinition file (small, medium, large, etc.).

Troubleshooting on Windows Azure

In many scenarios, especially troubleshooting an issue, we would need to understand the actual problem in the environment. Traditionally, we’ve got a well-known tools and protocol which has great ability to perform remote desktop to the particular machine. Before Windows Azure SDK 1.3, it’s just too hard to troubleshoot Windows Azure Application, really it was very painful. With the released of Windows Azure SDK 1.3 (around end of 2010), we are now be able to perform RDP to particular Windows Azure instance.

How It Works

The idea of RDP-ing to Windows Azure instance is to utilize RemoteAccess plugin in the Windows Azure project. As mentioned earlier the VMs on Windows Azure are actually sited behind the load-balancer, which mean when we perform RDP,we are not directly hitting the VM. In fact,it uses port 3389 to pass our request to the VM.

Alright, let’s more to the more hands-on stuff. There are 2 major set of tasks to be done. Firstly, we use Visual Studio to configure the RemoteDesktop settings. Secondly, we need to upload a certificate on Windows Azure Platform.

Part 1. Some settings on Visual Studio

0. I assume that you are ready to go with your application.

1. Right click on your Windows Azure Project, and select Publish.

2. You will see a Deploy Windows Azure project dialog box show up.

Regardless you want to deploy it now or later, click on the Configure Remote Desktop connections… link.

3. You will see another dialog box comes up, the Remote Desktop Configuration.

Check the Enable connection for all roles checkbox.

4. The next step is to select certificate. Essentially, we would also need to specify username and password that will be used when remote-in the instance. To ensure that our credential (username and password) to be encrypted properly, it uses certificate to secure communication between Visual Studio environment and the Windows Azure instance. The certificate itself could be self-signed by our own without having to purchase it to certificate provider.

Click on the dropdown list to select available certificate or create a new one. To create a new one, you can either make use of “makecert tools” or just simply use the wizard provided there.

In this example, I assume we have available certificate installed.

5. Subsequently, we’ll need to enter username, password. We would also need to specify the account expiration that to avoid inappropriate usage, just in case the credential is lost.

Click OK on Remote Desktop Configuration dialog.

6. Just click on Cancel. Do not click-on OK for the Deploy Windows Azure project dialog.

7. If you open ServiceDefinition.csdef and ServiceConfiguration.cscfg file, you will notice that there’re some new stuff added automatically.

In ServiceDefinition.csdef file it adds 1 or 2 plugin module? Why it’s 1 or 2?

At the moment you have more than one role in your service, it will add RemoteAccess plugin to the all role, but add RemoteForwarder to only one of the role. It doesn’t really matter the RemoteForwarder will be added to. The function of the RemoteForwarder is actually forward the traffic to other role. It’s anyway transparent for us if we use Visual Studio to enable the remote desktop.

 
Still can’t understand? Forget it, it’s actually transparent for us anyway

8. How about, check out the ServiceConfiguration.cscfg file.

It’s basically key-value pair of our setting that we’ve done in the wizard.

9. The final step of this first part is to package and publish this service. On the Deploy Windows Azure project dialog, simply click on OK button and in a while you will see a Windows Explorer opened for you with 2 files created, namely the [Your-Service].cspkg file and [Your-Service].cscfg file.

Time out here…

Take a break here. I’ll continue this on the next post again. Stay tuned.

As you can seen from the invitation here, last Wednesday was our second meeting of Windows Azure User Group Singapore. The evening was attended by 18 participants.

Here’s short summary for the event.

First Session – Best practices for designing & developing applications for Azure

The first session was delivered by Rishi Agrawal, Technical Sales Specialist for Windows Azure, from Microsoft. Rishi discussed the various best practices in designing and developing Windows Azure applications. He started with basic concept of Windows Azure including the service roles (web and worker). He later explained some storage option in the cloud (SQL Azure VS Windows Azure Storage) and discussed each of the appropriate choice in various condition.

Second Session – Advanced Topics on Windows Azure Service Roles

Frankly speaking, I was under unfit condition. In fact, I was on sick leave that day (you can see I was wearing a thick sweater). However, I still need to make it no matter what, that’s commitment .

I talked about 4 sections namely Windows Azure Service Roles, Advanced Topic on those roles, setting up the remote desktop, and finally admin-mode and startup task. Plus an bonus of answering a common question: “can we install something on Windows Azure?”.

I support the presentation with a practical demo by showing a sample application called CloudUnRar. Although this is not a sophisticated application, it is used to demo the installation of WinRAR on Windows Azure using Windows Azure Start-up Task.

For those who are interested in the topic,feel free to download my presentation slide and demo here.

Hope this helps! See you on the next UG meeting.