Try It Yourself, Application Deployment as a Service with Microsoft Azure PowerShell

In the last few months, I have taken a few opportunities to talk about deploying an application as a service. This is a subject with many aspects in connecting the concepts of cloud computing, application deployment process and IT operations. I find it also encompasses great frequently run routines for automation with Azure PowerShell.

Here I share the material which I have integrated into IaaS workshops I have recently delivered.

  • Part 1 is the user experience which is also supplemented with published videos. (Channel 9)

  • Part 2 highlights the PowerShell scripts I wrote to deploy the sample application. (Channel 9)

Announcing U.S. TechNet on Tour Events for Fall, 2015

You are invited to join us for free, interactive events led by Microsoft Technology Evangelists.


Cloud is making DR a feasible solution, technically and financially, for companies of all sizes by utilizing a cloud solution provider, i.e. someone else’s infrastructure. In these deliveries, attendees will learn the fundamentals of cloud and see how to employ Microsoft Azure as part of a wider disaster recovery (DR) plan! This is an opportunity to learn, experience and gain technical depth of DR, and network with IT pros in your areas and grow together.

Attendees will receive a free Microsoft Azure pass and spend most of the day in a hands-on lab environment. Customers should attend the event to learn:

Who should attend: The event is technical by nature and is aimed at IT pros who get hands-on with technology as part of their day to day jobs.  Previous experience of Microsoft Azure is beneficial but not essential. Here are the city registration links, dates and presenter. And we are looking forward to meeting you all.


City State Event Date Presenters
Seattle WA 9/1/2015 Jennelle Crothers and Brian Lewis 
San Francisco CA 9/3/2015 Jennelle Crothers and Yung Chou 
Houston TX 9/22/2015 Kevin Remde and Yung Chou 
Charlotte NC 9/29/2015 Tommy Patterson and Yung Chou 
Philadelphia PA 9/30/2015 Dan Stolts and Blain Barton 
Indianapolis IN 10/6/2015 Brian Lewis and Yung Chou 
Tampa FL 10/7/2015 Blain Barton and Tommy Patterson
New York NY 10/8/2015 Dan Stolts and Kevin Remde 
Irvine CA 10/14/2015 Jennelle Crothers and Yung Chou 
Dallas TX 10/16/2015 Kevin Remde and Yung Chou 

Get a head start with Azure today:

Try It Yourself – Configure a Point-to-Site VPN Connection to a Virtual Network (3-Part video Series)

This connection is very easy to understand and implement. Point-to-Site (or P2S) here refers as a connection between a single device (namely a connection point) and an Azure virtual network (vnet) site.

A P2S connection requires a subnet defined within the target Azure vnet site. If to examine from a connected Azure vnet site, a connecting device automatically allocates an IP within the defined P2S subnet and connects to the site via a VPN connection.

Technically, a P2S connection is specific to, not the physical but logical device which is the OS instance which a connecting physical device is running on, since the connection is based on a-private-and-a-public key pair generated with the OS. At this time, Azure P2S supports only self-signed certificates, and the x.509 certificate (i.e. a public key) of an employed key pair resides in a target Azure vent site, while the certificate of PFX format (i.e. a certificate exported with a private key) should be installed at a connecting device. An administrator can configure an Azure P2S connection by:

  1. First enabling P2S connectivity and defining a P2S subnet associated with a target Azure vnet site
  2. Generating an x.509/PFX certificate pair
  3. Uploading the x.509 certificate to the site
  4. Distributing to and installing the PFX certificate on intended (logical) devices
  5. Initiating a connection from a logical device

Although one x.509-and-PFX-certificate-pair is sufficient to establish a P2S connection between an Azure vnet site with multiple devices by uploading an x.509 certificate to a target Azure vent site and employing/installing the associated PFX file on all connecting devices. The best practices is to employ a unique certificate pair for each connecting device to better secure the P2S environment.

Here are the Azure documentation page and complementary videos to walk through the processes and operations to

  1. Create a virtual network and a VPN gateway (video)
  2. Create your certificates (video)
  3. Configure your VPN client (video)

A Memorandum to IT Pros on Imperative vs. Declarative Scripting Models

One noticeable difference of Azure Infrastructure Services (IaaS) V2 from Azure IaaS V1 (or classic Azure IaaS as I call it) is the employment of  Azure “Resource Group” templates. A resource group not only is a newly introduced artifact in Azure, but denotes a fundamental shift on automating, deploying, and managing IT resources. This change signifies the arrival of a declarative programming/scripting model for the better. I will walk through an application deployment with Azure resource group templates in an upcoming post. In this memo, the focus is on distinguishing these two programming/scripting models.

Imperative vs. Declarative

Traditionally, within a logical unit of work (or simply a transaction) the conventional wisdom is to define how to implement a business logic by programmatically referencing parameter values, verifying the dependencies, examining variables at runtime, and stepping through a predefined data flow accordingly. This is a so-called imperative programming model which uses assignments, conditions/branching and looping statements to serialize operations for establishing the state of a program at runtime, i.e. an instance. An imperative programming model is to describe virtually “how” to reach “what.” A vivid example is that C-family programming languages are based on an imperative model. An imperative model like the following pseudo code specifies the steps (i.e. how) to ensure the operability of attaching a database to a SQL server (in other words, what) by ensuring the SQL server is first up and running, i.e. ready, before attaching an intended database. The implementation logic is to repeated a routine of waiting for a specified period of time, checking the status of a target resource, until the target resource is ready for an intended operation.

Wait 30 seconds and check the SQL server status again, till it is up and running

Then attach the database

At the same time, a declarative programming model is to describe business logic based on ‘what it is and not how to do it.’ For instance, rather than programming a loop to periodically check the status of if a target SQL server is up and running like what an imperative model does as depicted by the above example, a declarative model will simply state the dependency on a target SQL server, i.e. what the state must meet, before attaching an intended database and let the system (here I use the system as an umbrella team of other components) to implement how to enforce this pre-requisite. The following illustrates a declarative approach.

This database has a dependency of the hosting SQL server

The above states the dependency, i.e. what it is, and delegates the implementations carried out later.

What vs. How

Notice that an imperative model is to specify both the what and the how of a deployment. At the same time, a declarative model implies a logical separation and focuses on the what and leave the how later.  In layman’s term, imperative vs. declarative is simply an approach of how vs. what, respectively.

Why Declarative

For simple operations, one may not be advantageous over the other. For large amount of operations or tasks with high concurrency and noticeable complexities, the orchestrations can be too overwhelming to productively implement with an imperative model. This is increasingly what IT pros are facing in a cloud setting where operations are intermittent, concurrent, and carried out on hundreds or thousands of various application instances with inter- and intra-dependencies among themselves at an application layer and a system level.

A declarative model states what a target state is and the system will make it so, i.e. enforce it as stated. Employing an declarative model will fundamentally simplify how an administrator carries out application deployment and automation with increased consistency, persistency, and predictability.

As IT is transitioning into cloud computing, the number of VMs will continue to increase while the deployment environment is likely becoming hybrid and complex, adopting a declarative programming model is, in my view, critical and inevitable.

Essentially, IT has become such a highly integrated and increasingly complex environment, which is particularly true in an emerging IT model where cloud computing combined with hybrid deployment scenarios. Programmatically describing how to establish a state in runtime can quickly overwhelm programming logic and make an implementation based on imperative model very costly to develop and maintain. Shifting to a declarative programming model is strategic and becoming “imperative” for IT.

Call to Action

Recognizing the presented opportunity, IT pros should make this shift from imperative to declarative scripting models sooner than later. Employ a declarative model as a vehicle to improve the capabilities and productivity of application deployments, to facilitate and maximize ROI of transitioning to cloud in an IT organization. To get started, there are already abundant information of Azure IaaS V2 available including:

In addition, those who are new to Azure IaaS may find the following resources helpful:

And for those who would like to review cloud computing concepts, I recommend:

Application Deployment as a Service, A Sample Implementation of with Microsoft Azure PowerShell

This is a lab delivered in the spring of 2015 for Microsoft US IT Camps, Extend Your Datacenter to Azure, which is a whole day event with hands-on experience on deploying and migrating workloads to Azure. This lab is specifically for IT pros to experience an automatic deployment of a business function/application, instead of deploying just VMs. The ability to deploy VMs are important and essential. Deploying VMs are however not the ultimate goal of moving to cloud. As I have addressed elsewhere, cloud goes way beyond virtualization and deploying VMs, instead it is about the anytime readiness and on-demand abilities to grow and shrink resource capacities based on demands, i.e. being elastic. And this lab does just that to prove this concept using Azure and PowerShell.

The script is published in github and one can run the script as it is and without making changes. In the recording below, I walked through the steps to acquire and run the script. The intent is to run it as a service, i.e. on demand, to deploy application instances from zero to running instances. Notice this script is for learning and testing Microsoft Azure and PowerShell. It does hard-code and not encrypt employed password, has very limited error handling, is not intended for production use.


For those who are not familiar with the essentials of Microsoft Azure Infrastructure Services, compliance, pricing, and cost structure, here are additional resources: