This topic has not yet been rated - Rate this topic

Requirements to Add Windows Azure Nodes with Microsoft HPC Pack

Updated: April 17, 2013

Applies To: Microsoft HPC Pack 2008 R2, Microsoft HPC Pack 2012, Windows HPC Server 2008 R2

This section describes the requirements to add Windows Azure nodes to your on-premises HPC cluster.

In this section:

Install a supported version of Microsoft HPC Pack on your cluster
Configure the head node to support deployments of Windows Azure nodes
Configure the network firewall
Obtain a Windows Azure subscription account

Install a supported version of Microsoft HPC Pack on your cluster

To deploy Windows Azure nodes on your Windows HPC cluster, you must be running at least Microsoft® HPC Pack 2008 R2 with Service Pack 1 (SP1), or a later version of HPC Pack. For information about the Windows Azure features that are supported by the version of HPC Pack on your cluster, see Windows Azure Feature Compatibility with Microsoft HPC Pack.

For installation instructions for HPC Pack and service packs, see:

Configure the head node to support deployments of Windows Azure nodes

The head node computer (or computers) where HPC Pack is installed must be fully configured (that is, all the steps required in the Deployment To-do List have been completed). Your HPC cluster can be configured in any cluster network topology (1-5) that is supported by HPC Pack. The head node must be able to connect over the Internet to Windows Azure services. In most cases, this Internet connectivity is provided by the connection of the head node to the enterprise network. You might need to contact your network administrator to configure this connectivity.

For more information about the cluster network topologies that are supported by HPC Pack, see Appendix 1: HPC Cluster Networking.

If you are considering deploying a large number of Windows Azure nodes, be aware that large deployments can place significant demands on your head node and the HPC cluster databases. You may need additional RAM or disk space on the head node computer, and you might need to install the cluster databases on a remote server that is running Microsoft SQL Server. For more information, see Best Practices for Large Deployments of Windows Azure Nodes with Microsoft HPC Pack.

Important
When adding Windows Azure nodes to an on-premises cluster, the name of the head node must adhere to the following naming rules: Contains only alphanumeric characters Does not begin with a numeric character

Important

When adding Windows Azure nodes to an on-premises cluster, the name of the head node must adhere to the following naming rules:

Contains only alphanumeric characters
Does not begin with a numeric character

Configure the network firewall

If a network firewall is running on your enterprise network, the firewall must allow TCP communication on port 443 from your head node to Windows Azure services. Depending on the version of HPC Pack that is installed, and whether you use features such as remote desktop connections to Windows Azure nodes, you may need to configure connectivity over additional ports. If necessary, contact your network administrator to open the necessary firewall ports. For detailed information about the ports in any internal or external firewalls that must be open by default for the deployment and operation of Windows Azure nodes, see Firewall ports used for communication with Windows Azure nodes.

You can verify that the necessary firewall ports are open by running the Windows Azure Firewall Ports Test, which is a diagnostic test installed in HPC Pack starting with HPC Pack 2008 R2 with SP2. This test verifies general communication from the head node to Windows Azure through any existing internal and external firewalls. For more information, see Running Diagnostic Tests.

Advanced firewall and proxy client configuration (optional)

If your enterprise network uses a proxy server or network firewall device that manages Internet traffic, you may need to perform additional configuration steps on the head node, or on your proxy server or network firewall device, to allow the HPC Pack services to communicate with Windows Azure. This is necessary only in some cluster and network environments.

To deploy and use the Windows Azure nodes, the following services that run under the system account on a HPC Pack head node must be able to communicate over the Internet with the services for Windows Azure:

HPCManagement
HPCScheduler
HPCBrokerWorker

Because these services run under the system account, they may be blocked by certain proxy servers or network firewalls unless those devices are configured to allow their traffic. Depending on your network environment, you may also need to configure client software on the head node to associate specific user credentials with the services.

Important
You should consult with your network administrator and the vendor of your proxy server or network firewall to find out if a proxy server or network firewall on your enterprise network will block the traffic for the HPCManagement, HPCScheduler, and HPCBrokerWorker services for HPC Pack. If additional configuration is needed, the specific configuration steps will depend on factors such as your specific network and security policies, your proxy server or network firewall, and whether and what type of firewall client software is running on the head node. The Windows Azure Firewall Ports Test can help detect this issue. If all of the firewall ports required for communication between HPC Pack and Windows Azure are open, but the diagnostic test fails, this can indicate a problem with the configuration of a proxy server or network firewall.

Important

You should consult with your network administrator and the vendor of your proxy server or network firewall to find out if a proxy server or network firewall on your enterprise network will block the traffic for the HPCManagement, HPCScheduler, and HPCBrokerWorker services for HPC Pack. If additional configuration is needed, the specific configuration steps will depend on factors such as your specific network and security policies, your proxy server or network firewall, and whether and what type of firewall client software is running on the head node.
The Windows Azure Firewall Ports Test can help detect this issue. If all of the firewall ports required for communication between HPC Pack and Windows Azure are open, but the diagnostic test fails, this can indicate a problem with the configuration of a proxy server or network firewall.

Obtain a Windows Azure subscription account

You must obtain or have access to a Windows Azure subscription account. At a minimum, a Windows Azure cloud service, a Windows Azure storage account, and a management certificate must be configured to support a deployment of Windows Azure nodes. Depending on the version of HPC Pack that is installed on your cluster and the subscription terms, you may be able to configure or use other Windows Azure features or services from a subscription in your deployment. For more information, see Windows Azure Feature Compatibility with Microsoft HPC Pack.

To create a Windows Azure subscription, go to the Windows Azure site.
To access an existing subscription, go to the Windows Azure Management Portal.
For an overview of the information from the subscription that is needed to configure a Windows Azure node template, see Understanding Windows Azure Subscription Information for Microsoft HPC Pack.

Note
To create or access a Windows Azure subscription, you must sign in by using a Microsoft ID (formerly called a Windows Live ID) and password. Each subscription limits the number of role instances that can be provisioned in a cloud service, as well the number of cloud services and storage accounts. If you are planning a large deployment of Windows Azure nodes, you may need multiple subscriptions or multiple cloud services, and you may need to request an increase in the quota of role instances. For more information, see Best Practices for Large Deployments of Windows Azure Nodes with Microsoft HPC Pack.

Note

To create or access a Windows Azure subscription, you must sign in by using a Microsoft ID (formerly called a Windows Live ID) and password.
Each subscription limits the number of role instances that can be provisioned in a cloud service, as well the number of cloud services and storage accounts. If you are planning a large deployment of Windows Azure nodes, you may need multiple subscriptions or multiple cloud services, and you may need to request an increase in the quota of role instances. For more information, see Best Practices for Large Deployments of Windows Azure Nodes with Microsoft HPC Pack.

Windows Azure management certificate

Before you can deploy Windows Azure nodes from your HPC Pack cluster, a management certificate must be configured in your Windows Azure subscription, on the head node of the cluster (or head nodes, if the head nodes are configured for high availability), and on any client computer that is used to manage the cluster and needs a connection to Windows Azure. The management certificate must be a valid X.509 v3 certificate with a key size of at least 2048 bits and is required to authenticate access from the HPC cluster to resources in the Windows Azure subscription.

Note
The same management certificate can be used for more than one Windows Azure node deployment from a subscription.

If you do not already have a management certificate configured in your Windows Azure subscription, you have the following options to obtain one:

Use the Default Microsoft HPC Azure Management certificate that is generated automatically on the head node when HPC Pack is installed. This certificate is self-signed and unique to your installation of HPC Pack on the head node. This certificate is intended only for testing purposes and proof-of-concept deployments. This certificate file is located in the following location on the head node computer: %CCP_HOME%\bin\hpccert.cer.
Obtain a certificate from a public or enterprise certification authority.
Create a self-signed X.509 v3 certificate. To create the management certificate by using the Certificate Creation Tool (makecert.exe) in Visual Studio, see Create a Management Certificate for Windows Azure.
Reuse an existing certificate that is configured in the Windows Azure subscription.

If you obtain or use a new management certificate or the Default Microsoft HPC Azure Management certificate, upload the .cer file to your Windows Azure subscription by using the Management Portal.

The management certificate must also be imported to appropriate certificate stores on the head node or head nodes and on any client computer that is used to manage the Windows HPC cluster and that needs a connection to Windows Azure. The certificate stores and certificates that must be populated are listed in the following table.

Computer	Certificate store	Certificate
Head node(s)	Local Computer\Personal	Certificate with private key (.pfx)
	Local Computer\Trusted Root CAs	Certificate only (.cer)
	Current User\Personal	Certificate with private key (.pfx)
Client computer	Current User\Personal	Certificate with private key (.pfx)
	Current User\Trusted Root CAs	Certificate only (.cer)

For more information and detailed procedures to configure and troubleshoot the management certificate, see Step 1: Configure the Windows Azure Management Certificate for Windows Azure Burst Deployments.

Windows Azure cloud service and storage account

If you have not already done so, create a cloud service and a storage account in your Windows Azure subscription to add Windows Azure nodes to your Windows HPC cluster. You can perform these procedures by using the Windows Azure Management Portal.

Important
You must configure a separate cloud service for each Windows Azure node template that you create. However, you can configure a storage account that is used in multiple node templates. As a best practice, the storage account that is used for a Windows Azure node deployment should not be used for purposes other than node provisioning. If you plan to use Windows Azure storage to move job and task data to and from the head node or to and from the Windows Azure nodes, configure a separate storage account for that purpose. To optimize performance, for each Windows Azure node template, configure the cloud service, the storage account (or accounts), and any geographically bound feature such as a Windows Azure virtual network in the same region or affinity group. Do not deploy a custom cloud service package to a cloud service that is used to add Windows Azure nodes to a Windows HPC cluster. A cloud service package will be automatically deployed by HPC Pack when the Windows Azure nodes are provisioned.

Important

You must configure a separate cloud service for each Windows Azure node template that you create. However, you can configure a storage account that is used in multiple node templates.
As a best practice, the storage account that is used for a Windows Azure node deployment should not be used for purposes other than node provisioning. If you plan to use Windows Azure storage to move job and task data to and from the head node or to and from the Windows Azure nodes, configure a separate storage account for that purpose.
To optimize performance, for each Windows Azure node template, configure the cloud service, the storage account (or accounts), and any geographically bound feature such as a Windows Azure virtual network in the same region or affinity group.
Do not deploy a custom cloud service package to a cloud service that is used to add Windows Azure nodes to a Windows HPC cluster. A cloud service package will be automatically deployed by HPC Pack when the Windows Azure nodes are provisioned.

Pricing considerations

The subscription for Windows Azure will be charged for the time that the Windows Azure nodes in a deployment are available, as well as for the compute and storage services that are used. For more information, review the terms of the subscription for Windows Azure. For general information, see Windows Azure Pricing Overview.
Each time that you start (provision) a set of Windows Azure nodes by using HPC Pack, additional proxy role instances are automatically configured in Windows Azure to facilitate communication between the head node and the Windows Azure nodes. Depending on your version of HPC Pack, this number is either fixed (2 proxy nodes per deployment with HPC Pack 2008 R2) or configurable. The proxy role instances incur charges in Windows Azure along with the Windows Azure node instances, and they consume cores that are allocated to the subscription (and thus reduce the number of cores that are available to deploy Windows Azure nodes). For more information, see Set the Number of Windows Azure Proxy Nodes.

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)