Reading Time: 4 minutes
Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

During the deployment of Azure Stack, a number of VM’s are created and set up. As of GA, the Azure Stack Developer Kit consists of 13 VM’s, each help makes up what is Azure Stack. Each VM runs Windows Server 2016 Core. For the Azure Stack Integrated System, most of the VM’s are redundant and load balanced using the Software Load Balancer (SLB). Resource providers add features and functionality to the Azure Stack by means of predefined structures, API Sets, design and VM’s.

Below, I will list out what VM’s are installed and write a brief description of what each one does.

VM Name Description
AzS-ACS01 This VM is hosting one of the most important resource providers the Azure Stack storage provider service. Azure Stack uses Storage Spaces Direct for its storage needs and this is the VM that manages it.
AzS-ADFS01 This VM hosts ADFS (Active Directory Federation Services). This is one authentication and authorization model Azure Stack offers you. If you have not set up your Azure Stack Using Azure AD then this VM will be used. The ADFS authentication model is best used for disconnected scenarios.
AzS-BGPNAT01 This VM only exists in the Azure Stack Developer Kit. For Azure Stack Integrated Systems you will have a TOR (top of rack) switch. It provides NAT and VPN access based on the BGP routing protocol, the default in Azure Stack. When a tenant creates a VPN to another on or off premises network environment, all the traffic will flow through this VM.
AzS-CA01 This VM runs the Certificate Authority Services for Azure Stack. All of the communication within Azure Stack is secured using certificates issued from this VM. This Is a mandatory service and needs to always be in good health. Every 30 days each certificate will be refactored. This is done completely in the Azure Stack management environment, so you will not have to log on to this VM ever.
AzS-DC01 As Azure Stack runs in a dedicated Active Directory domain it needs to have a Domain Controller. That’s what this VM is. Being the only Domain Controller it is also responsible for all the FSMO Roles and the Global Catalogue. It is also the DHCP and DNS Server for the Azure Stack environment. It also provides the Microsoft Graph resource provider which is the REST endpoint to Active Directory.
AzS-ERCS01 This VM is used by the external support (Microsoft or the Azure Stack supplier) to connect up to the Azure Stack deployment using Just Enough Administration (JEA) and Just In Time Administration (JIT) if you have issues with Azure Stack. This can be called a break the cloud scenario.
AzS-GWY01 This VM is used for site-to-site VPN connections. This is what tenant networks use. It is needed in order to provide in-between network connectivity. It is a very important VM.
AzS-NC01 This VM is hosts the Network Controller services. It uses the SDN (Software Defined Networking) capabilities of Windows Server 2016. Thanks to this VM we have network fault tolerance. It also allows us to bring our own address space for IP Addressing (VxLAN and NVGRE technology. VxLAN being preferable). The following services utilise virtual IP addressing: Admin and Tenant Portals, Storage, ADFS, Graph API, Key Vault, and Site-to-Site VPN. The Network Resource Provider (Network Controller) routes the communication to the correct place. This VM is also responsible for the networking stack of Azure Stack. The VM’s in the networking stack are: AzS-BGPNAT01 AzS-Gwy01 AzS-SLB01 AzS-Xrp01.
AzS-SLB01 This VM is the Software Load Balancer. It is responsible for all of the Load Balancing in Azure Stack from providing high availability for the Azure Stack infrastructure services to Load balancing for the tenant . This is also present in Microsoft Azure. The underlying technology used for load balancing is based on hashes. By default, a 5-tuple has is used containing the following: Source IP, Source Port, Destination IP, Destination Port, and Protocol type.
AzS-SQL01 This VM provides the complete SQL services for Azure Stack. Every time you create for example an Offer, Plan, or an ARM Template the data is stored into the SQL instance on this VM. One thing to note is that this SQL VM is only going to store internal data for the infrastructure roles. No tenant data is stored on this VM.
AzS-WAS01 This VM hosts the Azure Stack Admin Portal and also runs the Azure Resource Manager services for it.
AzS-WASP01 This VM hosts the Azure Stack Tenant Portal and also runs the Azure Resource Manager services for it.
AzS-XRP01 This VM is basically the heart of Azure Stack. It is responsible for the core resource providers: Compute, Storage, and Network.


(Re)starting an Azure Stack environment

When you shutdown or restart Azure Stack all the VM’s will go into a Save State. When Azure Stack comes back up after a restart or shutdown the VM’s should recover from their saved state. If for some reason the system does not come back up correctly or you start to get issues and it is not a good idea to do a full restart then the following boot order is the best practice. Just make sure you leave at least a 60-second delay between each.

AzS-DC01 (this should be rebooted with the host)
AzS-BGPNAT01
AzS-NC01
AzS-SLB01
AzS-Gwy01
AzS-SQL01
AzS-ADFS01
AzS-CA01
AzS-ACS01
AzS-WAS01
AzS-WASP01
AzS-Xrp01
AzS-ERCS01

To shutdown just reverse the above sequence.

Thanks for reading, I hope you found this blog post helpful. If you have any questions please leave a comment.

Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *