Installing on Microsoft Azure
Introduction
This is a step by step guide for installing Deploy Kit on Microsoft Azure.
Azure Deploy Kit is a reference program designed to install Movable Type Advanced (MTA) on the Azure Cloud Services (PaaS). In order to support SLA 99.9 percent, a computing environment that can handle activating multiple instances in order to balance the load is required. Also, as the Shared Drive function is unavailable at this time, a public server separate from MTA is also required.
Optional customization for Deploy Kit is possible as long as basic system requirements are met.
For more information on purchasing the Deploy Kit, please contact us.
System Requirements
Microsoft Azure
Guest OS
- OS Family: 4 (Windows Server 2012 R2)
- OS Family: 3 (Windows Server 2012)
- OS Family: 2 (Windows Server 2008 R2)
Database
- SQL Azure / SQL Database
Storage
- BLOB storage
Client PC
OS
- Windows 7 or higher
Software
- Azure PowerShell
- Microsoft Windows SDK for Windows 7 and .NET Framework4
- Windows Software Development Kit (SDK) for Windows 8.1
Installation Guide
These instructions assume your environment is the same as below. Replace filenames or other information where appropriate.
Assumed Environment
- Cloud Service:
mtdevcs01
(OS Family 4) - Database:
mtdevdb01
(SQL_Latin1_General_CP1_CI_AS
) - BLOB Storage:
mtdevst01
- Sub-Region: “East US”
Other Requirements
- Basic authorization enabled
- Can operate Movable Type scripts via FastCGI
- Can protect Movable Type scripts via SSL
Contents
- Set up client environment
- Configure Microsoft Azure PowerShell
- Manage operations in the Azure management portal
- Upload to BLOB storage
- Create service certificate
- Create self-signed SSL certificate
- Upload certificate
- Create RDP encrypted password
- Modify
ServiceDefinition.csdef
- Modify
ServiceConfiguration.Cloud.cscfg
- Create package
- Upload package
Set up client environment
- Download and install Microsoft Azure PowerShell. During installation, select Web Platform Installer.
- The Web Platform Installer will launch. Once open, click Options.
- From the “Select your preferred language for software installation” column, select English and then click OK.
- Click Install and a dialogue box will appear.
- Click Accept to start installing Microsoft Azure PowerShell.
- Once Microsoft Windows Management Framework 3.0 has finished installing, a restart confirmation dialogue box will appear. Click Yes to restart the system.
- After the system restarts, the installation process will continue. Once the installation is finished, click Exit.
- Next, download and install Microsoft Windows SDK for Windows 7 and .NET Framework4.
- Add the following directories to your PATH. Your directories might differ, so verify the path matches your environment. In particular, Microsoft rebranded “Windows Azure” as “Microsoft Azure” in April 2014.
C:\Program Files\Microsoft SDKs\Windows Azure\.NET SDK\v2.2\bin
C:\Program Files\Microsoft SDKs\Windows Azure\AzCopy
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin
- Run a Windows Update to make sure your system is up to date.
Configure Microsoft Azure PowerShell
- Start up Microsoft Azure PowerShell.
Run
Add-AzureAccount
.PS C:\> Add-AzureAccount
Enter the email address associated with the Azure management portal account and then click Continue.
The sign in window will appear. After entering your password, click Sign In.
PS C:\> Add-AzureAccount VERBOSE: Account "xxxx@xxxx.xxx" has been added. VERBOSE: Subscription "xxxxxxxx" is selected as the default subscription. VERBOSE: To view all the subscriptions, please use Get-AzureSubscription. VERBOSE: To switch to a different subscription, please use Select-AzureSubscription.
It is possible to register multiple subscriptions. With the list of registered subscriptions displayed, specifications for each subscription can be set using
Get-AzureSubscription
andSelect-AzureSubscription
:PS C:\> Get-AzureSubscription SubscriptionName : xxxxxxxx SubscriptionId : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ServiceEndpoint : https://management.core.windows.net/ ActiveDirectoryEndpoint : https://login.windows.net/ ActiveDirectoryTenantId : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx IsDefault : True Certificate : CurrentStorageAccountName : CurrentCloudStorageAccount : ActiveDirectoryUserId : xxxx@xxxx.xxx SubscriptionName : xxxxxxxx SubscriptionId : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ServiceEndpoint : https://management.core.windows.net/ ActiveDirectoryEndpoint : https://login.windows.net/ ActiveDirectoryTenantId : xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx IsDefault : False Certificate : CurrentStorageAccountName : CurrentCloudStorageAccount : ActiveDirectoryUserId : xxxx@xxxx.xxx PS C:\> Select-AzureSubscription -SubscriptionName "xxxxxxxx"
Manage operations in Azure management portal
Signing in to the Azure management portal
First, access the Microsoft Azure web page. You will be automatically transferred to the sign in screen if you are not already signed in. Once signed in, you will then be automatically moved to the management portal screen.
Creating a new database
- Click the Create new link at the bottom left.
- Select Data Service.
- Select SQL Database.
- Select Create custom, and a module window will appear:
- Name: Enter the database name, such as
mtdevdb01
. - Edition: Select WEB.
- Database Size Limit: 1GB (or more, depending on your requirements)
- Collating Sequence: Select
SQL_Latin1_General_CP1_CI_AS
. - Server: Select an existing server or New SQL database server.
- Name: Enter the database name, such as
- After entering all required information, click the arrow at the bottom right.
- Next, set up the database server:
- Log In Name: Enter the administrator account name.
- Password: Enter the administrator account password.
- Region: Select US.
- Allow Microsoft Azure Service to access the server: Enable
- After entering all required information, click the checkmark at the bottom right.
- The database should now be created.
Creating a new BLOB storage
- Click the Create new link located in the bottom left.
- Select Data Service.
- Next, select Storage.
- Select Basic create and enter the following information:
- URL: Enter the storage URI, such as
mtdevst01
. - Region/Affinity–Group: Select US or a group of your choosing.
- Enable Geographic Replication: Enable
- URL: Enter the storage URI, such as
- Once the required information is entered, click Create storage account.
- A new BLOB storage should now be created.
- Now, select Storage from the left menu to open the storage listing screen.
- Select the storage for which you want an access key and then click Manage access key from the menu near the bottom.
- A modal window should appear. Make note of the following information:
- Storage account name
- Primary access key
- Secondary access key
- Once you have this information, click the checkmark in the bottom right.
Creating a new cloud service
- Click the Create new link located in the bottom left.
- Select Computing.
- Select Cloud Service.
- Select Create Custom and a module window will open. Enter the following information:
- URL: Enter the cloud service URI, such as
mtdevcs01
. - Region/Affinity–Group: Select US or a group of your choosing.
- Deploy the Cloud Service Package: Disable
- URL: Enter the cloud service URI, such as
- Once the required information is entered, click the checkmark in the bottom right.
- The cloud service should now be created.
Upload to BLOB storage
- Unzip the Movable Type Advanced file to a directory, such as
C:\tmp\MTA-6.0.2
, on your local PC. - Delete any unnecessary plugins or scripts from the unzipped location.
- Start the command prompt.
Run this command:
AzCopy UPLOAD_SOURCE UPLOAD_DESTINATION /destKey:PRIMARY_ACCESS_KEY /S /Y /XO
Example:
C:\tmp>AzCopy C:\tmp\MTA-6.0.2\ https://mtdevst01.blob.core.windows.net/mta/ ^ /destKey:RxwfwsDMkHWyjfLfQVon5zbnekWEDIA0BIpb2EwSSKlw5F9qNk9DpG4qfIREGtXMz0AAfASBN0GmxDJtzQyqRw== /S /Y /XO
Next, run this command:
C:\tmp>AzCopy C:\tmp\tools\ https://mtdev.blob.core.windows.net/tools/ ^ /destKey:c8lEO+2rwLr9VGiu6ncxJOS+VHJ8eun518JkOGoaJiQviEOopdFaDsUP/tzdQW+rGC2ly9LV6usdFNvcNCM/oQ== /S /Y
About AzCopy
Neither rsync nor robocopy has a delete option. We recommend using CloudXplorer or Azure Storage Explorer to delete any files located in storage.
Create service certificate
The service certificate is issued by the Cloud service allowing for an RDP connection with the Azure Deploy Kit. A service certificate can be created using the following steps.
- Open a command prompt.
Run this command:
makecert.exe -a sha1 -b [ start date MM/DD/YYYY ] -len 2048 -n "CN=[ ID ]" -pe -r -sky exchange -ss My "[ filename ].cer" -sv "[ filename ].pvk"
Example:
C:\tmp>makecert.exe -a sha1 -b 11/01/2013 -len 2048 -n "CN=AzureRDPCert" -pe -r -sky exchange -ss My "AzureRDPCert-mtdevcs01.cer" -sv "AzureRDPCert-mtdevcs01.pvk"
Next, run this command:
pvk2pfx.exe -pvk "FILENAME.pvk" -pi "PASSWORD" -spc "FILENAME.cer" -pfx "FILENAME.pfx"
Example:
C:\tmp>pvk2pfx.exe -pvk "AzureRDPCert-mtdevcs01.pvk" -pi "Mel0dyNels0n" -spc "AzureRDPCert-mtdevcs01.cer" -pfx "AzureRDPCert-mtdevcs01.pfx"
Create self signed SSL certificate
- Open a command prompt.
Run this command:
makecert.exe -a sha1 -b [ start date MM/DD/YYYY ] -len 2048 -n "CN=[ ID ]" -pe -r -sky exchange -ss My "[ filename ].cer" -sv "[ filename ].pvk"
Example:
C:\tmp>makecert.exe -a sha1 -b 11/01/2013 -len 2048 -n "CN=SSLCert" -pe -r -sky exchange -ss My "SSLCert-mtdevcs01.cer" -sv "SSLCert-mtdevcs01.pvk"
Next, run this command:
pvk2pfx.exe -pvk "FILENAME.pvk" -pi "PASSWORD" -spc "FILENAME.cer" -pfx "FILENAME.pfx"
Example:
C:\tmp>pvk2pfx.exe -pvk "SSLCert-mtdevcs01.pvk" -pi "Mel0dyNels0n" -spc "SSLCert-mtdevcs01.cer" -pfx "SSLCert-mtdevcs01.pfx"
Upload certificate
- Sign in to the Azure management portal.
- From the left-hand menu, select Cloud Service to open the service listing screen.
- Select the Cloud Service to which you want to upload the certificate. Once selected, the Quick Start screen should appear.
- Click Certificate.
- Select Upload from the menu near the bottom.
- A modal window will appear. Enter the following information.
- File: Specify the certificate file (.PFX) you want to upload.
- Password: Enter the certificate password.
- Once the required information is entered, click the checkmark at the bottom right.
- Your certificate file should now be uploaded.
- Make a note of the thumbprint value located on the certificate listing screen.
Create RDP encrypted password
- Open a command prompt.
Run this command:
csencrypt.exe Encrypt-Password -CopyToClipboard -Thumbprint SERVICE_CERT_THUMBPRINT
Example:
C:\tmp>csencrypt.exe Encrypt-Password -CopyToClipboard -Thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Copy the encrypted password to the clipboard. The generated encrypted password contains unnecessary newline characters which need to be removed. Once these newline characters are deleted, save the password in a secure location.
Modify ServiceDefinition.csdef
Open ServiceDefinition.csdef
in an editor and make the following changes in accordance with your computing environment:
ServiceDefinition
name: Enter a service name of your choosing
ServiceDefinition/WebRole/Startup/Task/Environment
name=”PERL_MSI”
If you have a version of Perl installed that differs from the Perl packaged with Deploy Kit, you must set the installer’s file name. Otherwise, the name can be left as is. The file that is specified must be uploaded to BLOB storage.
Modify ServiceConfiguration.Cloud.cscfg
Open ServiceConfiguration.Cloud.cscfg
in an editor and make the following changes in accordance with your computing environment:
serviceName
: Should be the same as the Name defined in ServiceDefinition.csdef.osFamily
: The classification of the cloud service applied to the guest OS. Typical classification of osFamily is 4.osVersion
: Specify the guest OS release version. For automatic updates, use*
.MovableType.Role
: In general, cms is set for Movable Type installation mode. Different values can be used for different installation modes.MovableType.AppsURI
: The URI of the BLOB storage used for uploading Movable Type.MovableType.DataURI
: The URI of the BLOB storage used as the scheduled tasks backup destination.MovableType.ToolURI
: The URI of the BLOB storage used for uploading software other than Movable Type.MovableType.AppsKey
: The primary access key for the BLOB storage used for uploading Movable Type.MovableType.DataKey
: The primary access key for the BLOB storage used as the scheduled tasks backup destination.MovableType.ToolKey
: The primary access key for the BLOB storage specified for MovableType.ToolURI.MovableType.AppPath
: The Movable Type installation destination directory path. In most cases, the default path can be left as is.MovableType.DataPath
: The data directory used by Movable Type. In most cases, the default path can be left as is.MovableType.SubDirectories
: Specify subdirectories created in the Movable Type data directory, separating multiple entries with commas. In most cases, the default sub-directories can be left as is.MovableType.Domain
: The domain that contains Movable Type.MovableType.AdminName
: The system administrator’s name. This name is used if the upgrade tool is activated on start-up.MovableType.NotifyTo.Deploy
: The email used when sending out a deployment notification mail.Perl.Modules
: The Perl modules that must be added upon startup, separating multiple entries with commas.MovableType.ODBCDriver
: The driver necessary for database server connections with Movable Type. In most cases, the default driver can be left as is.MovableType.Database
: The name of the Movable Type database.MovableType.DBHost
: The Movable Type database server.MovableType.DBUser
: Username of the user that has access to the Movable Type database.MovableType.DBPassword
: Password required for accessing the Movable Type database.MovableType.EmailAddressMain
: Email address used for receiving messages from Movable Type.MovableType.MailTransfer
: The method used by Movable Type for sending mail. In most cases, the default method can be left as is.MovableType.SMTPAuth
: Encryption method for the mail server that processes mail from Movable Type.MovableType.SMTPServer
: SMTP server address for the mail server that processes mail from Movable Type.MovableType.SMTPPort
: Communication port for the mail server that processes mail from Movable Type.MovableType.SMTPUser
: User name for the mail server that processes mail from Movable Type.MovableType.SMTPPassword
: Password for the mail server that processes mail from Movable Type.MovableType.DefaultLanguage
: The default language for the Movable Type admin screen.MovableType.AdditionalDirectives
: Specify additionalmt-config.cgi
configuration directives in aCONFIG_DIRECTIVE_NAME VALUE
format, separating multiple entries with commas. Configuration directives with values that contain commas cannot be used.MovableType.CGI
: Any scripts that run on normal CGI, separating multiple entries with commas.MovableType.FastCGI
: Any scripts that run on FastCGI, separating multiple entries with commas.Microsoft.IIS.BasicAuthCredentials
: Specify basic authentication information in a “USERNAME:PASSWORD” format, separating multiple entries with commas.Microsoft.IIS.ForceSSL
: Set a value of1
if you want to force SSL when a connection to Movable Type is attempted. Default value is0
.Microsoft.IIS.IPSecurity
: Specify allowable IP addresses if access is restricted to specific IP addresses only, separating multiple entries with commas.Microsoft.Tasks.Backup.Schedule
: Specify the timing (Daily, Minute, etc.) for scheduled tasks (backup). The default value is Daily.Microsoft.Tasks.Backup.StartTime
: Specify the start time for scheduled tasks (backup) in ahh:mm:ss
format. Note that the system is UTC based.Microsoft.Tasks.Backup.TimePeriod
: Specify the time period for scheduled tasks (backup). Daily timing cannot be used.Microsoft.Tasks.RPT.StartTime
: Specify the start time for scheduled tasks (run-periodic-tasks
) in ahh:mm:ss
format. Note that the system is UTC based.Microsoft.Tasks.RPT.TimePeriod
: Specify the time period for scheduled tasks (run-periodic-tasks
).Microsoft.Tasks.AzcopyLogs.StartTime
: Specify the start time for scheduled tasks (AZCopy Log
) in ahh:mm:ss
format. Note that the system is UTC based.Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword
: The encrypted password used with RDP connections.Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration
: The RDP connection account’s expiration date in an ISO 8601 format, such as2011-12-17T23:59:59.0000000-00:00
.Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername
: The username required for RDP connections.Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled
: A value of true will enable RDP connections.Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled
: A value of true will enable RDP forwarding.
Create package
- Start up Microsoft Azure PowerShell.
- Move to the directory that contains
ServiceDefinition.csdef
. Make sure theMovableTypeOnAzure
directory andServiceConfiguration.cloud.cscfg
are also located in this directory. - Run
Save-AzureServiceProjectPackage
. If successful, acloud_package.cspkg
file should be created.
Upload package
- Sign in to the Azure management portal.
- Select Cloud Service from the left hand menu, and a list of all available Cloud Services for the specified subscription will appear.
- Select the service you want to upload the package to.
- Click the Instance tab.
- Click either the Operate or Staging tabs. If uploading a new item, select Operate.
- From the menu near the bottom, click the Upload button, and a module window will appear. Enter the following information:
- Deploy Label: Used for version management. Enter a unique nickname.
- Package: The previously created package.
- Configuration:
Service.Configuration.cloud.cscfg
- Deploy even if a single instance is included in more than 1 role: Enable
- Start Deploy: Enable
- Once the required information has been entered, click the checkmark on the bottom right, then check the management portal status. If the status is “Running,” an RDP connection is now possible.