Building Clouds with Windows Azure Pack

By Amit Malik
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Know Windows Azure Pack and Its Architecture

About this book

Windows Azure Pack is an on-premises cloud solution by Microsoft, which can be leveraged by Organizations and Services providers for building an enterprise class cloud solution. WAP provides consistent experience to Microsoft Azure, along with capabilities such as multi-tenancy, high density, self-service, automated. WAP can be leveraged to provide both IaaS & PaaS Offerings to internal and external customers.

In this book, we will learn about planning and deployment of Cloud Fabric for Windows Azure Pack, Azure Pack components, VM Clouds and IaaS offerings, PaaS Offering including WebSites & Service Bus, DBaaS offerings, Automation with SMA, and extending capabilities with third party products integration and tenant experience for all services.

Publication date:
January 2016


Chapter 1. Know Windows Azure Pack and Its Architecture

In this chapter, we will learn about Microsoft Cloud OS vision and the role of Windows Azure Pack within it. This chapter will help in understanding Windows Azure Pack cloud solution overview, capabilities, and service offerings with building blocks. Later, we will cover the architecture of Windows Azure Pack components and their deployment models in test and production environments.

We will be covering the following topics in this chapter:

  • Microsoft Cloud OS vision

  • What is Windows Azure Pack?

  • Windows Azure Pack capabilities and offerings

  • Windows Azure Pack architectural components and functionalities

  • Windows Azure Pack cloud solution building blocks

  • Windows Azure Pack deployment models

  • Integrating Windows Azure Pack and System Center Suite for IaaS services


Microsoft Cloud OS vision

The Cloud OS is Microsoft's hybrid cloud solution comprised of Windows Server, Windows Azure, System Center, Windows Intune, and SQL Server. Microsoft Cloud OS vision enables one consistent platform and experience of cloud services hosted inside Microsoft Azure Public Cloud data center, in a customer's on-premises data center, or in a service provider data center. Cloud OS essentially does the same traditional infrastructure operations such as provisioning servers and applications, but with cloud scale capabilities and efficiencies.

Windows Azure Pack adds major contribution towards enabling Cloud OS vision, which brings Microsoft Azure's capabilities and experience inside an organization's private cloud and service provider cloud. This provides one true, consistent platform to deliver cloud services using Microsoft technologies.

It can be summarized in the following quote from Microsoft's Whitepaper, "Unified Management for Cloud OS: System Center 2012 R2":

"The Microsoft vision for a new era of IT provides one consistent platform for infrastructure, applications, and data: the Cloud OS. The Cloud OS spans your datacenter environments, service provider datacenters, and Windows Azure, enabling you to easily and cost-effectively cloud optimize your business."


More information on Microsoft Cloud OS can be found at


What is Windows Azure Pack?

Windows Azure Pack is a Microsoft solution which integrates with Windows Server 2012 R2, System Center Suite, SQL, and IIS Servers. Together, these provide an enterprise class cloud solution for both organizations and service providers. Windows Azure Pack brings the capabilities of Microsoft Public Cloud, that is, Microsoft Azure's capabilities to your data center.

Windows Azure Pack consists of a collection of Azure technologies which enables organizations to have enterprise class self-service and multitenant cloud along with consistent Microsoft Azure Public Cloud experience. Eliminating the confusion, Windows Azure Pack runs independently with Microsoft Azure Cloud, and is deployed in your own organization's data center; managed and operated by your organization only.

Windows Azure Pack provides cloud service offerings including virtual machines (Infrastructure as a Service), Database as a Service (DBaaS), Platform as a Service (PaaS) and many more along with custom offering enabled architecture which gives flexibility to provide anything as a service (XaaS).

Windows Azure Pack can primarily be used in the following use cases:

  • By an organization as a private cloud solution

  • By a cloud service provider, that is, cloud reseller, as a Hosted Cloud Platform

Amazingly, Windows Azure Pack is available at no extra cost for Microsoft customers.


Licensing for other Microsoft components like Windows Server, System Center, SQL Server, and so on has to be considered for cloud management and workload infrastructure.

Windows Azure Pack for an organization's private cloud

In today's era of cloud computing, IT departments of organizations are turning into IT service providers for their different teams and LOBs. In traditional computing models, different teams approach their IT departments for their IT needs, which becomes quite a lengthy process involving several levels of approvals, procurement of HW/SW, implementations, services, schedules, and much more. In this model, infrastructure readiness itself takes considerable amount of time and resources, resulting in various constraints when it comes to application deployment. The situation gets even worse when it comes to test and development environment-related requests.

A private cloud helps in eliminating these challenges drastically. For example, with a private cloud solution a development team can request for a VM with required specification and middleware components using an easy to use self-service portal without getting into manual e-mail threads with IT infra provider departments. In such a private cloud infrastructure, a development team can expect to have a server ready for applications usage in a matter of minutes, whereas in a traditional model it could have taken days.

Windows Azure Pack is the platform that can help the organization in getting all those private cloud benefits and capabilities in a very efficient manner. Let's have a look at few of the major requirements and characteristics of any private cloud and their solutions using Azure Pack:

  • Familiar technologies and operational simplicity: One of the important aspects of any private cloud solution is that the solution has to be managed by the organization's IT personnel only. Technology should be familiar and easily manageable. Windows Azure Pack integrates with Microsoft products such as Windows Servers, System Center, SQL, IIS, and so on, which are already being used across the world by organizations for their IT needs.

  • Self service portal and automated provisioning: Windows Azure Pack provides the same tenant portal for self-service which is being used by customers of Microsoft's public cloud along with automated provisioning using SPF, SMA, and SCVMM. These roles will be covered in upcoming topics.

  • Effective utilization of existing infrastructure: Windows Azure Pack can leverage existing infrastructure to provision workload, along with effective utilization using proven Hyper-V and SCVMM capabilities such as dynamic memory, dynamic optimization, differencing disks, and many more.

  • Support for software defined infrastructure technologies: Windows Azure Pack can leverage software-defined infrastructure components such as SDN and SDS. This can significantly help in being hardware agnostic and avoiding proprietary expensive hardware purchases. An example includes using a SDS product with commodity hardware servers and disk enclosures instead of enterprise class storage array.

  • Dynamic control and chargeback: Different teams and line of businesses have different IT needs; for example, an HR department may need more storage to store data whereas Finance may need more computing power along with storage. Built-in Windows Azure Pack plans and usage services can be leveraged to have better control over different business resources usage along with chargeback for financial management.

  • Support of multi-vendor operating systems and applications: As Windows Azure Pack cloud is integrated with Hyper-V and System Center, it supports a wide range of operating systems comprising various Windows and Linux flavors, virtualization vendors (Hyper-V by default, VMware by partner provided solutions), and application/database products.

  • Custom cloud services: Every organization may have some specific custom needs limited only to a particular entity or team. Windows Azure Pack customer offering gives organizations flexibility to design and develop their custom services and integrate them with Windows Azure Pack for cloud enablement.


All features or self-service capabilities may not be available while using VMware as a hypervisor. This will be covered in detail in Chapter 10, Extend Windows Azure Pack Capabilities with Partner Solutions.

Windows Azure Pack for cloud service providers

Windows Azure Pack gives the flexibility to cloud service providers (such as resellers/hosting service providers) to provide Microsoft Azure Cloud a consistent experience as well as capabilities to their customers. In this scenario, Windows Azure Pack components run in a service provider's data center and provide services to external or internal customers.

Windows Azure Pack provides service providers the ability to build their own cloud to host services at a lower cost and with proven Azure technologies, enabling them to win more and more business. This brings a win-win situation for cloud providers as well as for Microsoft as the Microsoft Azure technology footprint is expanding in cloud markets beyond Azure data centers.

A cloud service provider's main focus is to provide a true multitenant, self-service cloud along with extreme automation possibilities, which differs from organizational private cloud needs which we discussed earlier. Let's have a look at some major requirements of a service provider's cloud solutions and their fulfillment using Windows Azure Pack:

  • To win more and more cloud business: This is not a direct technical requirement from a cloud solution, but one of the most important aspects of any service provider's business. The service provider needs to win the customer's confidence to get their workload running in the provider's cloud. Windows Azure Pack is built using the same technologies that power one of the leading public clouds, Microsoft Azure, to serve customers worldwide. This will help service providers to offer proven technologies to their customers at a lower cost, enabling more and more business.

  • True multitenant offerings: The cloud service provider will have to serve varying needs of different customers. True multitenant architecture with respect to portal, offerings, QoS (Quality of Service), and so on is must for any provider's cloud platform. Windows Azure Pack enables these features with tenant portals, Windows Azure Pack plans and subscriptions, and so on.

  • Networking isolation and extension capabilities: A customer's workload running in same data center will have different networks, security needs and requirements to be completely isolated from each other. Windows Azure Pack's virtual network, using network virtualization, provides complete isolation of networks for a customer's workloads. Windows Azure Pack's site to site VPN capabilities, using network virtualization gateways, enables customers to extend their on-premises network to a service provider's cloud network for hybrid scenarios.

  • Wide range of cloud offerings (IaaS, PaaS, and so on): Windows Azure Pack cloud solution supports a wide range of in-built self-service IaaS, PaaS, and DBaaS offerings along with capabilities to add custom service offerings.

  • Usage and billing: Windows Azure Pack cloud solution has usage and metering capabilities which can be used along with SCOM (System Center Operations Manager) chargeback or other third party usage and billing solutions like Cloud Assert and others to provide an enterprise class cloud billing solution.

  • Extreme automation possibilities: With Service Management Automation (SMA) integration with Windows Azure Pack, service providers can have their own automation workflows (written in PowerShell workflows) exclusively written for their environments, enabling a completely automated cloud solution. Along with SMA, standard Microsoft automation solutions such as System Center Orchestrator and Windows PowerShell can be leveraged to automate operations.

  • Optimized resource usage: Windows Azure Pack cloud solution leverages proven enterprise class Hyper-V Virtualization technologies which enables maximum usage of hardware and software resources.

  • Custom offerings: Windows Azure Pack provides the option to add custom offerings integrated with its portal, which enables service providers to add custom unique offerings apart from default offerings.


Windows Azure Pack capabilities and offerings

Windows Azure Pack, along with System Center and Hyper-V, provides enterprise class IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and DBaaS (Database as a Service) capabilities. The following are the primary features and capabilities that Windows Azure Pack provides once it is deployed:

  • Management portal for cloud admins: Windows Azure Pack Service management portal for administrators provides facilities to create and manage a cloud offerings catalogue, resource providers, tenants user accounts, plans and subscriptions, and much more. This portal will be used by cloud admin of organization or service providers.

  • Management portal for tenants: The service management portal for tenants is used by tenant admins for self-service capabilities. Using this portal, tenants can provision, manage, and monitor cloud services available to them such as IaaS, websites, and databases.

  • Service management REST API: The service management API is the core of capabilities that the management portal delivers. It can be used to provide custom resource offerings and portal integrations.

  • Virtual machines: This is one of the core offerings using Windows Azure Pack. It provides Windows and Linux Virtual Machines based on Hyper-V and System Center. It includes VM gallery items for different OS flavors, VM roles for automated services provisioning post VM deployment, and scaling options.

  • Virtual networks: Windows Azure Pack tenant portal provides self-services capabilities to tenant admin to create their own virtual network along with required IP schema and VPN configurations. It works using System Center and Hyper-V Network Virtualization technologies. Virtual networks also provide site to site VPN capabilities, which can extend customers' on-premises network to cloud providers' network for hybrid cloud requirements.

  • Databases: This offering enables DBaaS capabilities for MS SQL servers and MySQL database servers. Tenants can create databases using tenant service management portals, which can be used by web servers or by any other applications for database needs.

  • Websites: Windows Azure Pack provides a scalable shared web hosting platform which can be leveraged by service providers or organizations to run web workloads. This is consistent with Microsoft Azure Public Cloud websites capabilities. Along with supporting ASP.NET, PHP, and Node.js applications, Website Cloud provides gallery items built-in for popular web applications such as WordPress and integration with custom developed applications and systems.

  • Automation:: Windows Azure Pack includes capabilities to have custom automation enabled in environments using integration with Service Management Automation (SMA), which is part of the System Center orchestrator product. With SMA integration, custom runbooks and workflows can be written and executed in an automated manner.

  • Custom offerings: Windows Azure Pack architecture allows integration of additional custom services into the service catalogue. These capabilities allow the cloud service providers to provide anything as a service. Organizations and service providers can design and develop custom resource providers for custom offering enablement.

  • Service bus: This service enables the provision of a reliable asynchronous messaging service between distributed applications. Service bus solves the challenges of communicating between on-premises applications and the outside world by allowing on-premises web services to project public endpoints.


Windows Azure Pack is supported in English, German, Spanish, French, Italian, Japanese, Chinese simplified, Chinese traditional, Brazilian, Portuguese, Korean, and Russian languages.


Windows Azure Pack components and functionalities

Now that we understand what is Windows Azure Pack, along with its capabilities and service offerings, it's time to get technical and deep dive into bits and pieces that make Windows Azure Pack.

Windows Azure Pack is made up of a collection of sites and API endpoints, which are responsible for their different functions. Windows Azure Pack components can be categorized in two categories as follows:

  • Mandatory components

  • Optional/dependency components

Mandatory components must be installed in every Windows Azure Pack deployment whereas optional components deployment depends upon use cases.


Windows Azure Pack components use SQL server database to store its configuration and run time data that is highly dependent upon database availability.

Windows Azure Pack components are as follows:

Mandatory components:

  • Service management API:

    • Admin API

    • Tenant API

    • Tenant public API

  • Authentication sites:

    • Admin authentication site

    • Tenant authentication site

  • Service management portals:

    • Management portal for administrators

    • Management portal for tenants

Optional or dependency components:

  • Resource provider's extensions (VM Cloud, websites, and so on)

  • Service bus

  • Automation and extensibility

  • PowerShell APIs

  • SQL server and MySQL server extension

  • Usage extensions (service)

  • Usage extension (collector)

  • Monitoring extension

  • Partner enabled solutions extensions (for instance, vConnect, GridPro, and so on)

  • Customer resource provider's extension

  • Windows Azure Pack BPA (Best Practice Analyzer)

Let's understand the roles and functionalities of the preceding components:

  • Service management API: A collection of service management REST API. APIs are the core endpoints that facilitate Windows Azure Pack cloud services access through management portals and PowerShell modules. We can see APIs as a backbone to the management portals and PowerShell modules to enable cloud services integration with the rest of the cloud fabric.

    There are total of three API interfaces differentiating upon their functions as follows:

    • Admin API: Admin API is responsible for administrative tasks being performed in Windows Azure Pack through management portals or PowerShell modules. This API is usually hosted inside corporate LAN networks, that is, they are not exposed to the public Internet.

    • Tenant API: Tenant API is responsible for tenant administrative tasks like configuring and managing services being performed through tenant management portals or PowerShell modules. This API isn't exposed to the public Internet.

    • Tenant public API: Tenant public API also enables tenants to configure and manage cloud services they are subscribed to. Normally, it is publicly exposed. This enables tenants to have custom automation capabilities using Azure Pack PowerShell Modules on their subscriptions from the Internet.

    Apart from cloud services provisioning and management, tenant public API enables tenants to have custom automated tasks configured on their cloud workload without involvement of an admin portal plus SMA.

  • Authentication sites: Authentication sites enable authentication services to manage interfaces for cloud administrators and tenants. When cloud admin or tenant users open their respective portals, they are redirected to authentication sites to complete sign in using their Windows AD credentials or ASP.NET credentials as applicable. Active Directory Federation Services (ADFS) authentication can be also be used instead of available default authentication. Upon successful login, the page is redirected to their respective management portals. There are a total of two authentication sites:

    • Admin authentication site: This site is responsible for providing authentication services to admin management interfaces. By default, it uses Windows authentication as an authentication source. It can also be configured to support ADFS as an authentication source. This site is normally not exposed to the public Internet.

    • Tenant authentication site: This site is responsible for providing authentication services to tenant management interfaces. By default, it uses ASP.NET membership providers to authenticate users. It can also be configured to support ADFS as an authentication source. Usually, this site is exposed to the public Internet to support tenant access across the Internet.

  • Service management portals: Service management portals are websites built upon HTML5 that are used by admins and tenants for cloud service provisioning and management. These portals provide a similar experience to Microsoft Azure Public Cloud portal. There are total two service management portals:

    • Management portal for administrators: In this portal, cloud admins configure and manage resource providers such as IaaS clouds, websites' clouds, catalogue gallery items, plans and user subscriptions, database resource providers, and many more. This portal is restricted to be accessed by cloud administrators and usually isn't exposed to the public Internet.

    • Man agement portal for tenants: This is the self-service interface for tenants to provision, manage and monitor cloud services such as websites, virtual machine, databases, and so on. This portal can also be used by tenants to sign up and subscribe to available Azure Pack plans. Usually, this portal is exposed to the public Internet.

  • Optional components: Optional components are usually required to enable resource providers' extension and any other third party solutions/custom offerings integration. The following are a few important optional component roles and their functionalities:

    • Virtual machines cloud: This allows Windows Azure Pack to provide IaaS (Infrastructure as a Service) services for Windows and Linux virtual machines and virtual networks. Virtual machine cloud requires SPF (Service provider foundation) and SCVMM (System Center Virtual Machine Manager) to function.

    • WebSite cloud extension: This extension allows Windows Azure Pack to provide WebSites as a Service (PaaS) functionality to tenants. It can be co-installed with other Windows Azure Pack internal components. To provide functionality, it needs to be integrated with website cloud resource provider fabric, which will be discussed in detail in Chapter 7, Delivering PaaS – WebSites Cloud and Service Bus.

    • SQL and MySQL resource provider: This extension enables Database as a Service functionalities for tenants. MS SQL server and MySQL databases can be provided using Windows Azure Pack and database resource provider fabric.

    • Usage extensions (API and collector): Windows Azure Pack provides a service which can collect usage of services offered by the cloud in order to have an enterprise class billing and metering system. This service can be used by partners to develop custom billing solutions and integrate with Windows Azure Pack Usage for automated and consistent billing models. Collector service collects usage data from every resource provider such as VM Cloud, websites, and so on, and stores the data in a usage database. Usage API, that is, a usage service that can be used to fetch this data by customer billing solutions.

    • Service bus extension: This extension enables reliable messaging services between distributed applications. This is similar to Microsoft Azure Service Bus functionality. It provides queued and topic based publish or subscribe functionalities.

    • Partner provided and custom offering extension: This extension includes partner provided extensibility solution to Windows Azure Pack such as request management by GridPro, vConnect by CloudAssert for VMware integration, and so on. Developers can also have their own custom extension to add custom cloud offerings.


Windows Azure Pack cloud solution building blocks

Windows Azure Pack cloud solution has different fabric components for each cloud offering required to deliver a particular service. Windows Azure Pack components discussed above would remain consistent and have integration with other system centers and other Microsoft components to provide functionality such as IaaS and PaaS.

Usually, each offering requires an extension which can be installed with Windows Azure Pack components and is responsible for portal integration and extension (admin and tenant integration). This extension communicates with resource providers' fabric components (such as SCVMM, SQL Servers, and so on) directly or indirectly to provision and manage services.

The following screenshot illustrates major components of a Windows Azure Pack cloud solution providing IaaS, DBaaS, and PaaS services.

Windows Azure Pack cloud IaaS offering solution components

To enable IaaS offering comprising Windows and Linux virtual machines, virtual networks Windows Azure Pack cloud solution requires the following components to be deployed and integrated:

  • Windows Azure Pack components

  • Service Provider Foundation (SPF)

  • System Center Virtual Machine Manager 2012 R2 (SCVMM)

  • Hyper-V 2012 R2 Hosts and Clusters (for cloud management and workload)

  • SQL database server for Windows Azure Pack, SPF, and SCVMM

  • Windows/Linux virtual machine templates and gallery items

  • Compute, network, and storage availability

  • Service Management Automation (SMA-optional)

Windows Azure Pack VM Clouds services use SPF to communicate with SCVMM to provision and manage virtual machine resources. All tasks performed by admin or tenants for virtual machines are passed to SCVMM for execution by SPF, that is, SPF is responsible for getting the work done by SCVMM. SMA is integrated with Windows Azure Pack and SPF to add custom automation capabilities to the cloud. IaaS offering also includes virtual network self-service provisioning by tenants provided by SCVMM using Hyper-V network virtualization.

Detailed building procedures for IaaS Cloud will be discussed in Chapter 2, Getting the Cloud Fabric Ready and Chapter 4, Buil ding VM Clouds and IaaS Offerings.

WebSites cloud solution components (PaaS offering)

WebSites cloud require the following components to be deployed in order to provide PaaS capabilities for websites cloud services.

Windows Azure Pack communicates to websites management servers for website cloud related operations.

Website's server roles comprise:

  • Windows Azure Pack components

  • WebSites controller

  • Management server

  • Web worker

  • Front end

  • File server

  • Publisher

  • SQL DB service for Website Cloud API database, runtime database, and application databases

Deployment and architecture of the preceding components will be discussed in Chapter 7, Delivering PaaS – WebSites Cloud and Service Bus.

DBaaS offering solution components (SQL and MySQL)

Adding DBaaS offerings in Windows Azure Pack cloud consists of the following components:

  • Windows Azure Pack components

  • SQL server for tenants workload (standalone or cluster using SQL HA or Always On)

  • MySQL server for tenants workload

Windows Azure Pack database extension API communicates with database server directly to provision and manage databases for tenants. Deployment and architecture of these components will be discussed in Chapter 8, Delivering Database as a Service.

Service bus offering solution components

Service bus is another PaaS offering using Windows Azure Pack cloud which helps developers in building and running message-driven applications. This is consistent with Microsoft Azure service bus and provides similar scalability and resiliency. Solution components for service bus offerings include the following components:

  • Windows Azure Pack components

  • Service Bus Farm (built on Windows Server 2012 R2)

  • SQL server database for service bus

Deployment and architecture of service bus will be discussed in Chapter 8, Delivering Database as a Service.

Custom resource providers

Windows Azure Pack enables capabilities to allow custom resource providers to add additional services to the cloud catalogue. Components of custom providers will depend on its architecture, but will usually contain resource providers' applications servers along with its database, and integrate it with Windows Azure Pack using its custom extensions.

In common scenarios, custom resource providers' solutions includes the following components:

  • Windows Azure Pack components

  • Custom resource provider Windows Azure Pack admin and tenant extension

  • Custom resource provider fabric


Almost all offerings require general Microsoft Infrastructure components such as Active Directory, DNS, and so on.


Windows Azure Pack deployment models

Windows Azure Pack components, both mandatory and optional can be deployed in various architectures depending upon use case. All components require Windows Server 2012 or 2012 R2 as an operating system and can be deployed in virtual or physical machines. Virtual machines are recommended to take advantage of Hypervisor level protection and other capabilities. All components can be deployed in a redundancy manner by having two or more servers for each components, eliminating any single point of failure. Windows Azure Pack components use Microsoft SQL Server for its database needs, which can also be protected against failures using SQL high availability techniques.

Mainly there are two deployment architectures for Windows Azure Pack components, with further deployment topologies available for varying needs:

  • Express deployment architecture

  • Distributed deployment architecture

Express deployment architecture

In express deployment architecture all Windows Azure Pack mandatory components are installed on a single machine, whereas optional components can be installed on the same machine or a different machine. This model isn't a recommended model for production deployments and should be used for test and evaluation purposes only.

Windows Azure Pack Express installation is done via Microsoft Web Platform Installer. For express deployment Web PI provides a single click option which is Windows Azure Pack: Portal and API Express, this will install all Windows Azure Pack mandatory and optional components as per requirement on a single machine.

In the express deployment model, MS SQL Server (Express) can also be installed on this same server or on a separate server.


The Microsoft Web Platform Installer (Web PI) is a free tool that makes getting the latest components of the Microsoft Web Platform such as IIS, SQL Server Express, Windows Azure Pack, and so on. Web PI also helps in installing these components in an easier way. Web PI can be download from

The previous diagram illustrates the components which get installed on a machine in a Windows Azure Pack express deployment model. Minimal hardware requirements for express deployment is two CPUs, 8GB Memory (without dynamic memory) with 40GB of available disk space. Detailed deployment procedure for express deployment architecture shall be covered in Chapter 3, Installing and Configuring Windows Azure Pack.


Express deployment is only for test and evaluation purposes and should not be used in a production environment.

Though Windows Azure Pack components can be installed on Windows Server 2012 or 2012 R2 OS, all features like ADFS, SMA support and so on, may not be available while deployed on Windows 2012. It is recommended to use Windows Server 2012 R2 with latest patches and updates to get all functionalities and features.

Distributed deployment architecture

Distributed deployment architecture enables installation of Windows Azure Pack roles on different servers for reliability and scalability. In this deployment model each component can be installed on a separate server or co-located with other roles as per functionality and requirement. Redundancy servers can be added for each role with load balancer to eliminate single point of failure at each layer.

The distributed deployment model is recommended for production deployment and provides scale-out capabilities. The diagram which will come next illustrates a sample distributed deployment architecture without any high availability.

In the following sample architecture, Windows Azure Pack components which will be accessed from the Internet (tenant admin portal, authentication site and tenant public API) are installed on three different servers in a separate network zone (aka DMZ Internet facing) which is separated with a firewall from other network zones. The rest of Windows Azure Pack mandatory components and Internet facing components are kept in separate network zone considering security best practices. All servers can be deployed as virtual machines on any Hypervisor hosts.

Minimal Hardware Configuration Requirement for Each Windows Azure Pack Server




8GB (no dynamic memory)

Available disk space



Hardware requirements, high availability and scalability for resource providers' servers to be in line with product specific guidelines are shown in the following screenshot:


In all deployment models, standard Microsoft Infrastructure Services such as Active Directory, DNS and Fabric should be deployed as per product specific best practices. These architecture diagrams are limited to Windows Azure Pack components deployment.

Minimal production deployment sample architecture

Distributed deployment architecture provides flexibilities to users to design and deploy Windows Azure Pack components as per their needs in terms of resiliency, scalability and security. One of the most common production deployment models is having production ready architecture with minimal footprint and no single point of failure. The following diagram illustrates a sample architecture with minimal deployment with resiliency.

In the preceding sample architecture, the number of VMs required for Windows Azure Pack components is six (excluding infra and RP servers). All Windows Azure Pack required components are segregated in three types primarily based upon functionality and placement in network zones.

Windows Azure Pack tenant servers: Tenant servers includes management portal for tenants, tenant public API and tenant authentication site. Two servers are load balanced to provide resiliency and scalability. Since these servers will be Internet facing, they have to be placed in a DMZ network zone.

Hardware Configuration Requirement for Each Windows Azure Pack Tenant Server




8GB (no dynamic memory)

Available disk space


Windows Azure Pack admin servers: Admin servers include management portal for administrators, admin API, and tenant API and admin authentication site.

Two servers are load balanced to provide resiliency and scalability. Since these servers will not be Internet facing, they have to be placed in an internal network zone.

Hardware Configuration Requirement for Each Windows Azure Pack Admin Server




16GB (no dynamic memory)

Available disk space


Windows Azure Pack DB servers: In this sample, 2 Node SQL Cluster / AlwaysOn is considered to provide the database for Windows Azure Pack and System Center components. Hosted in an internal network zone, this cluster provides resiliency for a cloud management fabric database.

Hardware Configuration Requirement for SQL DB Nodes




16GB (no dynamic memory)

Available disk space

40GB + DB Disk (subject to size or cloud)

Resource providers sizing and availability best practices should be deployed as per product specific guidelines.

This architecture is suitable for SMB organizations and cloud providers as it provides minimal production deployment feasibility as well as customization possibilities in case of specific needs.

Scaled production deployment sample architecture

In this sample architecture, each component of Windows Azure Pack solution shall be deployed on separate dedicated servers along with redundancy to eliminate any single point of failure. This architecture is best suited for large scale enterprises and cloud service providers. The diagram that will come next illustrates the components deployment model and placement along with minimal configurations.

To deploy Windows Azure Pack components in this architecture, a total of 16 virtual machines are required in this architecture comprising eight failover/LB clusters.

Minimal Hardware Configuration Requirement for Each Windows Azure Pack Server




8GB (no dynamic memory)

Available disk space


Scaling Windows Azure Pack cloud deployment

Scalability is one the most important aspects of any cloud solution. A cloud solution must support scalability without minimal changes and service disruption as soon as infrastructure size changes. Windows Azure Pack has capabilities to be scaled as and when required. Windows Azure Pack has to be deployed in a distributed model in order to support scaling; the best option would be having dedicate servers for each component in order to scale with minimal efforts.

In common scenarios scaling is required, particularly for tenant related components as tenant workload is likely to be increase with time.

There are some considerations which should be taken care of while scaling Windows Azure Pack deployment, as follows:

  • Tenant API and management portal scaling: Tenant management portal needs to be scaled along with tenant API and vice versa. While you scale management portal for tenant , you will also need to scale tenant APIs.

  • Scaling tenant authentication sites: Tenant authentication has to be scaled corresponding to ADFS servers. Tenant authentication sites have to be deployed in correspondence with ADFS in this scenario.

  • Scaling workload infrastructure: Scaling of tenant workload infrastructure depends upon the workload fabric being used. In case of IaaS workload, System Center and Hyper-V provides highly scalable capabilities by adding more compute, network and storage resources non-disruptively. The same applies for DBaaS and PaaS services as well. In most scenarios, additional resources can be added as and when required without disruption.


See product specific guidelines (such as SQL Servers, IIS, Service Bus, and so on) while scaling resource providers' workload infrastructures.


Integrating Windows Azure Pack and System Center Suite for IaaS services

Windows Azure pack leverage System Center 2012 R2 products along with Hyper-V in order to provide infrastructure as a service offering. System Center Suite is a set of multiple tightly integrated products which helps in having unified management and provisioning for your entire data center or cloud infrastructure. System Center Suite of products supports both Microsoft and non-Microsoft infrastructure integration.

System Center components are responsible for delivering IaaS services in Windows Azure Pack cloud. System Center products, which can be integrated with Windows Azure Pack are as follows:

  • System Center Service Provider Foundation: SPF adds multi-tenancy to System Center products. Available as a part of System Center Orchestrator media, it provides an extensible OData API over a REST web service enabling programmatic multi-tenant interface to System Center Virtual Machine Manager. Windows Azure Pack uses SPF to integrate with SCVMM for IaaS workload provisioning and life cycle management.

  • System Center Virtual Machine Manager: SCVMM is the management solution for virtualization infrastructure provisions and managing compute (Virtualization Hosts), network, and storage resources to deploy virtual machines and services. VMM also enables software defined networking capabilities using Hyper-V Network Virtualization. Windows Azure Pack uses SCVMM to provision and manage clouds, virtual machines, virtual networks and other IaaS services.

  • System Center Service Management Automation (optional—for custom automation capabilities): SMA is an automation solution for Windows Azure Pack cloud infrastructures. It enables provisioning, monitoring and life cycle management of resources in a Windows Azure Pack cloud solution. It is available as a part of System Center Orchestrator.

  • System Center Operations Manager (optional—for monitoring and usage metering): SCOM is a monitoring and usage metering solution. It can be used in a Windows Azure Pack cloud for real-time monitoring of infra resources (using SCOM Console) and usage metering (using partner solutions such as CloudAssert, Cloudcruiser, and so on).


Other System Center products can also be integrated with Windows Azure Pack using partner provider solutions (for example, GridPro enables System Center Service Manager integration with Windows Azure Pack for request management solution). While some components may not be able to integrate with Windows Azure Pack directly for having self-service, these can be utilized in cloud infrastructure to add capabilities as per product specific functionalities.

Other System Center product capabilities in a cloud management solution include:

  • System Center Configuration Manager: In a Windows Azure Pack based cloud, SCCM deployment would help in compliance management, asset intelligence and inventory, patching solution and device management. SCCM has to be managed using SCCM management console and doesn't have any Windows Azure Pack portal integration functionalities at this point of time.

  • System Center Data Protection Manager: DPM is an enterprise class backup solution. It can be leveraged for backup and recovery of cloud management and workload resources. DPM provides features such as VM and application centric backup with granular recovery capabilities. DPM can also archive backup data to Microsoft Azure which enables hybrid scenarios.

  • System center Service Manager: It provides an IT service management solution for cloud infrastructure. SCSM is built on frameworks by Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides a built in process for handling incident and change management, change control and life cycle management. GridPro provides a way to integrate SCSM with Windows Azure Pack for enabling effective request management solutions.

  • System Center Endpoint Protection: Endpoint protection is an antimalware and security solution for the Microsoft platform. It can be used with SCCM for enterprise class endpoint management solutions.

  • System Center App Controller: App controller provides self-service experience for VMM infrastructure along with support of provisioning workload in Microsoft Azure.

  • System Center Orchestrator (SCORCH): SMA and SPF (discussed above) are part of the SCORCH product and are tightly integrated with Windows Azure Pack for delivering IaaS services. Apart from SMA and SPF, Orchestrator provides workflow management solutions for data centers. Orchestrator can automate data center operations of deployment and management of resources.



In this chapter, we learned about Microsoft Cloud OS vision and how Windows Azure Pack contributes towards that. We got to know about capabilities and service offerings Windows Azure Pack provides along with an overview and functionalities of its architectural pieces.

We understood the building blocks of Windows Azure Pack cloud solution offerings with required and optional components details.

We also covered the deployment models of Windows Azure Pack components and discussed several sample architectures for test and production ready cloud infrastructures. We discussed the role of System Center products in delivering IaaS services with Windows Azure Pack cloud.

In the next chapter we will setup the cloud fabric which will be utilized by Windows Azure Pack for cloud management and tenant workloads.

About the Author

  • Amit Malik

    Amit Malik is an IT enthusiast and technology evangelist from Delhi, India. He specializes in Virtualization, Cloud, and emerging technology space. He has an intense knowledge in building cloud solutions with Microsoft Windows Azure Pack.

    Amit holds various industry admired certifications from all major OEM's in Virtualization and Cloud space including MCSE for Private Cloud.

    Amit has designed and built numerous virtualization and private cloud solutions comprising the product lines of Microsoft, VMware, and Citrix.

    Apart from these, he can be found working on emerging technologies including VDI, hyper convergence, Software Defined Infrastructure solutions including networking and storage, Containers, Big Data, IoT, and other similar technologies. Amit is interested in building products and doing product management in near future for related technology space.

    You can always reach Amit on LinkedIn ( email ([email protected])

    Browse publications by this author