During the deployment of Azure Stack, a number of VM’s are created and set up. As of GA, the Azure Stack Developer Kit consists of 13 VM’s, each help makes up what is Azure Stack. Each VM runs Windows Server 2016 Core. For the Azure Stack Integrated System, most of the VM’s are redundant and load balanced using the Software Load Balancer (SLB). Resource providers add features and functionality to the Azure Stack by means of predefined structures, API Sets, design and VM’s.
Below, I will list out what VM’s are installed and write a brief description of what each one does.
VM Name | Description |
---|---|
AzS-ACS01 | This VM is hosting one of the most important resource providers the Azure Stack storage provider service. Azure Stack uses Storage Spaces Direct for its storage needs and this is the VM that manages it. |
AzS-ADFS01 | This VM hosts ADFS (Active Directory Federation Services). This is one authentication and authorization model Azure Stack offers you. If you have not set up your Azure Stack Using Azure AD then this VM will be used. The ADFS authentication model is best used for disconnected scenarios. |
AzS-BGPNAT01 | This VM only exists in the Azure Stack Developer Kit. For Azure Stack Integrated Systems you will have a TOR (top of rack) switch. It provides NAT and VPN access based on the BGP routing protocol, the default in Azure Stack. When a tenant creates a VPN to another on or off premises network environment, all the traffic will flow through this VM. |
AzS-CA01 | This VM runs the Certificate Authority Services for Azure Stack. All of the communication within Azure Stack is secured using certificates issued from this VM. This Is a mandatory service and needs to always be in good health. Every 30 days each certificate will be refactored. This is done completely in the Azure Stack management environment, so you will not have to log on to this VM ever. |
AzS-DC01 | As Azure Stack runs in a dedicated Active Directory domain it needs to have a Domain Controller. That’s what this VM is. Being the only Domain Controller it is also responsible for all the FSMO Roles and the Global Catalogue. It is also the DHCP and DNS Server for the Azure Stack environment. It also provides the Microsoft Graph resource provider which is the REST endpoint to Active Directory. |
AzS-ERCS01 | This VM is used by the external support (Microsoft or the Azure Stack supplier) to connect up to the Azure Stack deployment using Just Enough Administration (JEA) and Just In Time Administration (JIT) if you have issues with Azure Stack. This can be called a break the cloud scenario. |
AzS-GWY01 | This VM is used for site-to-site VPN connections. This is what tenant networks use. It is needed in order to provide in-between network connectivity. It is a very important VM. |
AzS-NC01 | This VM is hosts the Network Controller services. It uses the SDN (Software Defined Networking) capabilities of Windows Server 2016. Thanks to this VM we have network fault tolerance. It also allows us to bring our own address space for IP Addressing (VxLAN and NVGRE technology. VxLAN being preferable). The following services utilise virtual IP addressing: Admin and Tenant Portals, Storage, ADFS, Graph API, Key Vault, and Site-to-Site VPN. The Network Resource Provider (Network Controller) routes the communication to the correct place. This VM is also responsible for the networking stack of Azure Stack. The VM’s in the networking stack are: AzS-BGPNAT01 AzS-Gwy01 AzS-SLB01 AzS-Xrp01. |
AzS-SLB01 | This VM is the Software Load Balancer. It is responsible for all of the Load Balancing in Azure Stack from providing high availability for the Azure Stack infrastructure services to Load balancing for the tenant . This is also present in Microsoft Azure. The underlying technology used for load balancing is based on hashes. By default, a 5-tuple has is used containing the following: Source IP, Source Port, Destination IP, Destination Port, and Protocol type. |
AzS-SQL01 | This VM provides the complete SQL services for Azure Stack. Every time you create for example an Offer, Plan, or an ARM Template the data is stored into the SQL instance on this VM. One thing to note is that this SQL VM is only going to store internal data for the infrastructure roles. No tenant data is stored on this VM. |
AzS-WAS01 | This VM hosts the Azure Stack Admin Portal and also runs the Azure Resource Manager services for it. |
AzS-WASP01 | This VM hosts the Azure Stack Tenant Portal and also runs the Azure Resource Manager services for it. |
AzS-XRP01 | This VM is basically the heart of Azure Stack. It is responsible for the core resource providers: Compute, Storage, and Network. |
(Re)starting an Azure Stack environment
When you shutdown or restart Azure Stack all the VM’s will go into a Save State. When Azure Stack comes back up after a restart or shutdown the VM’s should recover from their saved state. If for some reason the system does not come back up correctly or you start to get issues and it is not a good idea to do a full restart then the following boot order is the best practice. Just make sure you leave at least a 60-second delay between each.
AzS-DC01 (this should be rebooted with the host)
AzS-BGPNAT01
AzS-NC01
AzS-SLB01
AzS-Gwy01
AzS-SQL01
AzS-ADFS01
AzS-CA01
AzS-ACS01
AzS-WAS01
AzS-WASP01
AzS-Xrp01
AzS-ERCS01
To shutdown just reverse the above sequence.
Thanks for reading, I hope you found this blog post helpful. If you have any questions please leave a comment.
0 Comments