In this exercise, you will setup network connectivity between a simple Web Role and your local machine. The Web Site used for sample purposes in this exercise will leverage Windows Azure Connect and connect to your local SQL Server instance to retreive a list of customers that will be shown in a simple table within the site.
Task 1 - Configuring the Application to run in Windows Azure with Windows Azure Connect
To use Windows Azure Connect to connect external resources with your Azure service, you need to enable one or more of its roles.You do this by provisioning the role with the Connect plug-in that is part of the Windows Azure SDK v1.5 release. Only roles of the service provisioned with the Connect plug-in will be able to connect to external resources.
- In order to make the Azure Web Role be able to connect with the database using SQL Server credentials, open SQL Server Management Studio and connect to the local SQL Server (i.e. .\sqlexpress).
- Right click in the server node and select Properties.
- Select Security and make sure SQL Server and Windows Authentication mode is selected.
Figure 1
SQL Server Properties - Security - Click OK button.
- Restart the SQL Server instance in order to make previous configuration change to take effect.
Figure 2
Restart SQL Server - Execute the CreateDatabase.cmd script located in the \Source\Setup\Scripts folder.
Note:In order to continue the exercise make sure you executed the setup.cmd as mentioned in the Setup section of this lab. - Open Visual Studio 2010 as an administrator. Go to File | Open | Project menu and select the Begin.sln located in \Source\Ex1-ConnectingToExternalSQL\Begin folder of the lab.
- Press F5 key to run the application.
- Notice in the connection information panel that the application is connected to the local SQL Server SQLEXPRESS instance.
Figure 3
Application running locally - Navigate to http://windows.azure.com.
- Click Virtual Network link on Windows Azure Platform left pane. This are the contents related to Windows Azure Connect.
Figure 4
Clicking Virtual Network - Click {your-service-subscription-name} node located under Connect node on the upper side of left pane.
- Click Ok on Enable Windows Azure Connect popup. This popup appears only the first time you need to enable Windows Azure Connect with the current subscription.
Figure 5
Enabling Windows Azure Connect - Once enabled, click Close on Enable Windows Azure Connect popup.
Figure 6
Windows Azure Connect enabled - Click {your-service-subscription-name} node to expand and see Windows Azure Connect information. To do this, click Connect node on the upper side of the left pane.
Figure 7
Reviewing Windows Azure Connect information - Click the “Get Activation Token” button. You will retrieve the “client activation token” for your Windows Azure service.
Figure 8
Getting Activation Token - Click Copy Token to Clipboard button on Get Activation Token for Windows Azure Roles popup to configure your Windows Azure Service.
Figure 9
Copying Client Activation token - Click Yes if Microsoft Silverlight ask you to allow clipboard access.
Figure 10
Allowing Silverlight access clipboard - Click Ok to close the Get Activation Token for Windows Azure Roles popup.
Figure 11
Closing popup - Go back to Visual Studio 2010. Under the CustomerSearch project, open the CustomersWebRole settings and select the VirtualNetwork tab. Ensure that the option labeled Activate Windows Azure Connect is selected. Paste from the clipboard the token you have copied in the previous step.
Figure 12
Filling Virtual Network tab - Press Ctrl-S to save config file.
- Open the Web.config file for the CustomersWebRole project to update the SQL connection string. Find the CustomersEntitiesconnectionString, and replace the .\SQLEXPRESS value in the Data Source attribute to {your-machine-name}\SQLEXPRESS,1433. The number 1433 in the attribute represents the port number. The following snippet show the result after applying the update, assuming that your machine name is “YourMachine” (replace this value with your machine mane):Note:
To retrieve your computer’s name by going to Start, right-click on Computer and select Properties. The computer name will be displayed in the middle of the Properties window. -
XML 
Copy Code
<connectionStrings> ... <add name="CustomersEntities" connectionString="metadata=res://*/Customers.csdl|res://*/Customers.ssdl|res://*/Customers.msl;provider=System.Data.SqlClient;provider connection string="Data Source=YourMachine\SQLEXPRESS,1433;Initial Catalog=Customers;Persist Security Info=True;User ID=labUser;Password=Passw0rd!;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" /> </connectionStrings>
Note:Once you deploy the application to Windows Azure, the Web Role will connect to the SQL Server running in your machine through the machine name. That is the reason why you need to change the .\SQLExpress value to use explicitly your machine name. Notice also that you need to explicitly specify the default port as part of the data source because the connection will be set using TCP/IP as the protocol.
- You need to deploy the solution to Windows Azure. You can deploy the application using the Windows Azure Tools for Visual Studio, or create a service package and use the portal to deploy it. For more information on deployment options, see the “Windows Azure Deployment” hands-on lab.
- Once the deployment completed successfully you should see information about the roles in Virtual Network. To do this, click Connect node on the left pane.
Figure 13
Roles information - Click Hosted Services, Storage Account CDN link on the left pane to review your role information. If Hosted Services is not already selected, click Hosted Services to select it.
Figure 14
Selecting Compute, Storage & CDN - Click your service located on the center pane to review your service information. Once selected, click the DNS Name link on the right pane. This opens the published Web site.
Figure 15
Clicking on Web Site URL - Verify that the application is running in Windows Azure, without being able to connect to the external SQL server machine. You should see an exception saying that the connection to SQL Server could not be established.
Figure 16
Application running in Azure, showing an exception saying that the connection to SQL Server could not be established
Task 2 - Installing Windows Azure Connect Endpoint Software in Your External Machine to Enable Windows Azure Connect
- Click back on Virtual Network.
- Click the Install Local Endpoint button.
Figure 17
Getting Install link - Click Copy Linkto Clipboard button on the Install Windows Azure Connect Endpoint Software popup.
Figure 18
Client Installation Link - Click Yes if Microsoft Silverlight ask you to allow clipboard access.
Figure 19
Allowing Silverlight access clipboard - Click Ok to close the popup.
- Paste the copied link in the Internet Explorer navigation bar and press enter to download the client.
- Click Run button to install the Windows Azure Connect Endpoint software.
Figure 20
Downloading the Windows Azure Connect Endpoint software - Click Run button in the Security Warning dialog.
- Click Yes button if the UAC dialog appears.
- Follow the steps in the Windows Azure Connect Endpoint software installation wizard.
Figure 21
Windows Azure Connect Endpoint software installation wizard - To verify that the Windows Azure Connect Endpoint software installed successfully, right click the icon in the tray.
Figure 22
Windows Azure Connect Endpoint software icon - Click Open Windows Azure Connect.
Figure 23
Windows Azure Connect Endpoint software context menu - The Windows Azure Connect dialog box will show the current status.
Figure 24
Windows Azure Connect statusNote:In case you cannot get Windows Azure Connect endpoint configured check the Windows Service “IKE and AuthIP IPsec Keying Modules” is running. - We are able to create groups. To do this, go back to browser. Click Virtual Network on left pane.
- Once the Windows Azure Connect Endpoint software is running locally, our external machine is shown in the center pane. To review this, click Groups and Roles node on the left pane.
Figure 25
Windows Azure Connect, your external machine added
Task 3 - Configuring Microsoft SQL Server Express for Remote Access
Microsoft SQL Server Express needs to be accessible from the machines in our local network. If your SQL Server Express instance is already enabled for remote access, you will notice that many of the instructions below are not necessary, in either case, we recommend you go through the steps below to confirm.
- To enable remote connections, Open SQL Server Management Studio and connect to the local SQL Server.
- Right click in the server node and select Properties.
- Select Connections and make sure Allow remote connections to this server option is checked.
Figure 26
Server Properties - Connections - Open SQL Server Configuration Manager.
- Make sure the SQL Server Browser service is disabled or stopped.
Figure 27
SQL Server Browser stopped - Enable TCP/IP Protocol in the SQL Server Network Configuration / Protocols for SQLEXPRESS.
Figure 28
Enabling TCP/IP protocol - Edit TCP/IPprotocolProperties. Select the IP Addresses tab. Scroll to the bottom of the form until you locate the IP All entry, and make sure the TCP Dynamic Ports is set to blank. Then set the TCP Port to 1433.
Figure 29
TCP/IP Protocol propertiesNote:The SQL Browser service is only required when using dynamic ports for remote connections, in our scenario, we simply want to expose the default TCP port: 1433. The benefit of having this service running is that users connecting remotely do not have to specify the port in the connection string, but on the other hand, it is a security best practice to not run the SQL Browser service as it reduces the attack surface area by eliminating the need to listen on a UDP port. - Click OK.
- Restart the SQL Service. To do this right click SQL Server and click Restart.
Figure 30
SQL Server service running - To allow TCP connections to go throw the firewall we need to add a new rule. Open Windows Firewall with Advanced Security.
- Select Inbound Rules. Create a New Rule.
Figure 31
Windows Firewall – Inbound Rules – New Rule - In the New Inbound Rule Wizard select Port for the rule type.
Figure 32
New Inbound Rule Wizard – Rule Type step - Set the TCP port to 1433.
Figure 33
New Inbound Rule Wizard – Protocols and Ports step - Select Allow the Connection in the Action step.
Figure 34
New Inbound Rule Wizard – Action step - Apply the rule to all the profiles in the Profile step.
Figure 35
New Inbound Rule Wizard – Profile step - Set the name to SQLPort in the Name step and click Finish.
Figure 36
New Inbound Rule Wizard – Name step
Task 4 - Managing Windows Azure Connect Groups
To allow access between the external machines and the Windows Azure Roles a group linking the Azure Roles and the external machines should be created. The following steps are the instructions to do this.
- Go back to the browser. Click Virtual Network link on left pane.
- Click Create Group button.
Figure 37
Creating a Group - In the Create a New Endpoint Group popup add a GroupName, a Description, and optionally check Allow connections between endpoints in group to enable connectivity between external machines of the group.
Figure 38
Filling Create a New Endpoint Group popup - Click Add button on Connect from.
Figure 39
Adding local endpoints - Select your local endpoint from the available endpoints.
Figure 40
Adding local endpoints - Click Ok button.
- Click Add button on Connect to.
Figure 41
Adding Azure roles - Select your roles from the available groups and roles.
Figure 42
Adding Azure roles - Click Ok button to close popup.
- Click Create button in order to create a new endpoint group.
Figure 43
Creating a new endpoint group - Your new group is now set. Make sure the new group policies were updated in the external machine. To do this, right click the Windows Azure Connect endpoint software Refresh Policy the tray.
Figure 44
Refreshing local policies - Once the policies are updated, Open Windows Azure Connect and verify you are in an endpoint group.
Figure 45
Local status
Verification
At this point, you should have network connectivity between the Azure Role and your local machine. Let’s run the application again and verify this by repeating the steps used in task 1.
- Click Hosted Services, Storage Account & CDN link on the left pane to review your role information.
Figure 46
Selecting Compute, Storage & CDN - Click your service located on the center pane to review your service information. Once selected, click the DNS Name link to navigate to the Web role.
Figure 47
Clicking on Web Site URL - We can verify that our application is running in Windows Azure, and retrieving the date from the external SQL server machine.
Figure 48
Application running in Azure with Windows Azure ConnectNote:Take into account that the endpoint may take several minutes to be added to the new group. You will get “the underlying provider failed to open” errors until the endpoint is ready.
