I have always been a huge fan of Lab Management and now that you have the ability to create “standard environments” out of the box I couldn’t resist to try this scenario out against Azure VM Roles.
VS11 Lab Management
Lab Management in VS11 now allows you to manage environment you already have setup. This means you can deploy builds and run tests, but not manage the environment (such as stopping, starting and taking snapshots). This does mean you can manage environments that are not defined in Hyper-V/SCVMM – for instance physical environments, VMware defined environments or in my case Azure defined VM environments. Below is a screenshot if the end result – read on to find out how to do it.
Azure VM Roles and Azure Connect
I am not going to go into too much detail of Azure VM Roles and Azure Connect in this post, I will simply outline what I have done to create my to-be-managed-by-lab-management environment in Azure.
Below is a high level topology of what I am trying to achieve.
- I have defined a Team Foundation Server 11 in our labs – these are situated at our offices (Avanade) in Soho, London. TFS is member of the ALM.UK.Avanade domain.
- I have Visual Studio 11 on my laptop (Hyper-V VM) and is also member of the ALM.UK.Avanade domain. I have a VPN connection with the lab environment.
- I have defined a Azure VM (worker role) – this is situated somewhere in North Central US region. At present, in order for this scenario to work I need to add the Azure VM to my ALM.UK.Avanade domain. This can be achieved by leveraging Azure Connect – this will allow me to create an IPSec connection between my lab environment and the Azure VM thus allowing it to join my domain.
Step 1 – Creating a new Azure VM and prepping it with Azure Connect
Download the latest Azure SDK - this allows you to define Azure VM Roles within Visual Studio. Select the Worker Role (others also include Web Role and your own Virtual Machine Role) – I will just focus on the Worker Role in this post.
Then set the following properties on the Worker Role:
Configuration properties – left as is. This allows you to for example specify the number of instances that you’d like to create and what VM Size they should be (small to extra large).
Virtual Network properties – added my Azure Connect Activation token.
You get this token from your Azure Connect portal. Go to Virtual Network section on the Azure Management Portal and select the Get Activation Token for you subscription:
To enable joining to Domain (you need to provide these details):
Microsoft.WindowsAzure.Plugins.Connect.EnableDomainJoin [set to "true"]
Microsoft.WindowsAzure.Plugins.Connect.DomainFQDN [set to "ALM.UK.Avanade"]
Microsoft.WindowsAzure.Plugins.Connect.DomainControllerFQDN [set to "W2K8R2-ALM01.ALM.UK.Avanade"]
Microsoft.WindowsAzure.Plugins.Connect.DomainAccountName [set to "ALM\Administrator"]
Microsoft.WindowsAzure.Plugins.Connect.DomainPassword [set to encrypted password - this is the password of the DomainAccountName in encrypted format specified in above setting]. See here for more information on how to create this encrypted password.
Microsoft.WindowsAzure.Plugins.Connect.Administrators [set to "ALM\Administrator"]
You can leave the other properties as is.
Note: the Microsoft.WindowsAzure.Plugins.Connect.DomainOU property allows you to specify an Organisational Unit where the VM Role will be added to. If left empty it will add it to the default location.
TestAgent Incoming traffic – TCP on port 6910
File and Printer Sharing (MSB-IN) – TCP on port 445 (this is needed in the verification and configuration of Test Agent and Lab Agent by Lab Manager – see later in post)
That’s all there is to the properties for the moment.
Then select Publish on your Azure Role. This allows you to specify your subscription in the Sign-in section of the wizard.
Environment settings – you can leave this as is. In this example I selected ["Production"].
Build Configuration settings – you can leave this as is. In this example I selected ["Release"].
Service Configuration settings – you can leave this as is. In this example I selected ["Cloud"].
Enable the Remote Desktop connection setting. This will allow you to remote into the created VM. This brings up a different dialog box where you can specify user name, password and expiration date.
Click on the Settings… link. This brings you to the Remote Desktop Configuration window where you can provide user credentials to connect to the VM.
Click on the More Options – this will allow you to export (save) the certificate.
In the Details tab you can Copy to File (export) the certificate.
A export certificate wizard starts.
Select not to export the private key.
Save the certificate in a known place on your hard disk. Keep it safe.
You must now upload this certificate to the Azure Management Portal. Go to the Management Certificates section.
Select the certificate you just saved.
You can now go ahead and publish a new Azure VM Role. A Windows Azure Activity Log within Visual Studio shows you the progress.
You can also check the progress in the Azure Management Portal.
Once the environment is in a ready state you need to do some additional steps with regards to the Azure Connect bits.
First thing is make sure you have the Endpoint software installed in your local environment. In my case I have installed the Azure Connect Endpoint Software on my Team Foundation Server 11 Server, Domain Controller (which has also the DNS Service running) and my Visual Studio 11 development workstation.
You can do this by browsing (in each of your local servers/workstations) to the Virtual Network – Install Local endpoint option (top left of your Azure Management Portal).
Once you have installed the Connect Endpoint Software on each of your local servers/workstations you will see them appear in the Connect Subscription section alongside your newly created VM Worker Role.
You now need to group all of them together – you do this by either creating a new Endpoint Group or edit an existing one (like in my example).
In my case I already have another VM Worker Role added to the same group (another environment I did previously).
Once this step is done, hopefully you will be see the Local Endpoints enabled in all environments – the local servers and the VM Worker Role.
Check the diagnostics window to see if everything is OK.
At this point your Azure VM Role should be automatically added to your local domain. If it is not, then you can easily add it manually.
If your VM was not added to the domain automatically, you can still add it manually.
Configuring Lab Management 11 Environment
You are now ready to start creating a new Lab Management environment. Open MTM 11 and go to the Lab Management section and select New to create a new environment.
Step 1 - Select Standard Environment and provide name & description.
Step 2 - Provide the Azure Role VM name and Lab Role. In my example this is ["RD00155D423994"] and this is a ["Web Server"].
You must also make sure you provide the correct credentials enabling Lab Management to log on to the target VM Role. This must be a user that is member of the Administrators group.
At this point you are in a position to Verify the Lab Environment configuration – press the Verify button.
The second step in this list is the most difficult one to get right. Make sure you have enabled the firewall exceptions correctly as outlined above and that you have provided the correct credentials to access the machine. In order for this step to succeed you must have enabled File & Print Sharing on your VM Role.
Finish the wizard. At this point Lab Manager is preparing the Azure VM Role – it is uploading the Test Agent 11 and Lab Agent 11 and trying to configuring them.
Now at this point things will go wrong. First of all this step takes a very long time and eventually it will come back with an error.
This error is caused because the Test Agent cannot connect back to the Test Controller. This is due to some change in the implementation – a new checkpoint – in VS11 and its incompatibility with Azure VM Roles (at the moment).
The way around this is to add the following key in the AppSettings section of the QTAgentService.exe.config on the Azure VM Role.
<add key=”IgnoreNetworkAdapterInfo” value “true” />
You can find the QTAgentService.exe.config on the D-Drive (Windows) most probably in D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE
[Many thanks to Vijay Machiraju and Darshan Desai from Microsoft for helping to debug this problem]
Once you have added this you must restart the Test Agent service.You can now go back to MTM 11 and check the status of the environment – it should be in a Ready state. If not then you can remove the environment and start the procedure of creating a new environment again. This time the installation will go much quicker and the environment should now end up in a ready state.
If you still notice an error on the right side – you can safely ignore this error – it is a remnant from the first configuration attempt. You can get rid of this by opening the environment and updating something (for instance the name). This will refresh everything and remove the error message.
In the next post I will outline how to effectively use this environment in an End to End Build, Deploy and Test scenario using MTM 11, Web Deploy and TFS 11 Build Services (possibly also defined in Azure VM Role).