locked
VM Roles in Azure RRS feed

  • Question

  • Is it possible to setup Active Directory (DNS / DHCP Server) in Azure VM Role?


    Thanks & Regards, Deep
    Wednesday, April 27, 2011 3:59 AM

Answers

  • I dont think it is advisable to do that
    If this post answers your question, please mark it as an answer. If this post is helpful to you, then vote it as helpful.
    TechyFreak | Mobile Development Resources
    Thursday, April 28, 2011 6:16 AM
  • Hi Deepesh

    I disagree with UDP traffic. It is true that generally UDP traffic is not allowed in VM, Web or worker role. But if you install AzureConnect you get a IP-level connectivity - check here and here. So I still believe if you can install active directory on a VM Image - which looks theoretically possible to me - it should work.

    If this is a good design or if you will experience other issues with this setup I am not sure about.

     

    ---Is there any other option to perform Software distribution across various VM Roles ... save the snap shot of the VM roles:

    No, uploading differencing VHDs is the only way for now. Be aware, because the lack of a snapshot functionality in Azure for a VM role - in case of hardware failture you will loose all you data.

    Hope this helps,

    Marc

     


    although you might overcome the connectivity issue by using Azure Connect - where would the AD data be stored? Typically this resides on the system drive, which as we all know isn't durable in VM Role. So anytime an instance needs to restart that AD information is lost. The risk may be minimized using two or more instances and do all the heavy scripting stuff to promote any new instance to AD controller in case of. Still you have a risk of loosing everything which is dependend on the AD if for some reason the remaining .01% of the availability SLA kicks in and all AD instances are reset...
    Sunday, May 1, 2011 5:49 PM

All replies

  • Hi Deepesh

    basically you can install and configure a VM role as you like. To make it work I think you need to use Azure Connect. Until now I have seen the other way around - joining a vm role to a on premises Active directory with Azure Connect. But I guess the other way around works as well. Have a look here and here.

    Wednesday, April 27, 2011 7:08 AM
  • Thanks for the reply.

    It is mentioned in the link that lack of UDP traffic on the cloud means that Domain Controller (Active Directory) will not work in VM Role.

    As an Active Directory cannot be set up on cloud, we will always have to design with the AD on an On-Premise server.

    We are looking at various options of updating the Server Images of VM Roles on Windows Azure, the option recommended by Azure is to use Differencing Disks which allows  us to upload the changes in OS/Application in the Base VHD as differencing VHDs to the Cloud.

    Is there any other option to perform Software distribution across various VM Roles on Cloud or to save the snap shot of the VM roles VHD on blob or other storage so that the settings in the VM role is not lost when the ephemeral VHD to which it is connected gets reset or is reimaged to the base VHD.?

     


    Thanks & Regards, Deep
    Wednesday, April 27, 2011 12:05 PM
  • Hi Deepesh

    I disagree with UDP traffic. It is true that generally UDP traffic is not allowed in VM, Web or worker role. But if you install AzureConnect you get a IP-level connectivity - check here and here. So I still believe if you can install active directory on a VM Image - which looks theoretically possible to me - it should work.

    If this is a good design or if you will experience other issues with this setup I am not sure about.

     

    ---Is there any other option to perform Software distribution across various VM Roles ... save the snap shot of the VM roles:

    No, uploading differencing VHDs is the only way for now. Be aware, because the lack of a snapshot functionality in Azure for a VM role - in case of hardware failture you will loose all you data.

    Hope this helps,

    Marc

     

    Wednesday, April 27, 2011 12:22 PM
  • I dont think it is advisable to do that
    If this post answers your question, please mark it as an answer. If this post is helpful to you, then vote it as helpful.
    TechyFreak | Mobile Development Resources
    Thursday, April 28, 2011 6:16 AM
  • Hi Deepesh

    I disagree with UDP traffic. It is true that generally UDP traffic is not allowed in VM, Web or worker role. But if you install AzureConnect you get a IP-level connectivity - check here and here. So I still believe if you can install active directory on a VM Image - which looks theoretically possible to me - it should work.

    If this is a good design or if you will experience other issues with this setup I am not sure about.

     

    ---Is there any other option to perform Software distribution across various VM Roles ... save the snap shot of the VM roles:

    No, uploading differencing VHDs is the only way for now. Be aware, because the lack of a snapshot functionality in Azure for a VM role - in case of hardware failture you will loose all you data.

    Hope this helps,

    Marc

     


    although you might overcome the connectivity issue by using Azure Connect - where would the AD data be stored? Typically this resides on the system drive, which as we all know isn't durable in VM Role. So anytime an instance needs to restart that AD information is lost. The risk may be minimized using two or more instances and do all the heavy scripting stuff to promote any new instance to AD controller in case of. Still you have a risk of loosing everything which is dependend on the AD if for some reason the remaining .01% of the availability SLA kicks in and all AD instances are reset...
    Sunday, May 1, 2011 5:49 PM