Prerequisites for deploying Azure Cloud Services (extended support)

To ensure a successful Cloud Services (extended support) deployment review the below steps and complete each item prior to attempting any deployments.

Required Service Configuration (.cscfg) file updates

1) Virtual Network

Cloud Service (extended support) deployments must be in a virtual network. Virtual network can be created through Azure portal, PowerShell, Azure CLI or ARM Template. The virtual network and subnets must also be referenced in the Service Configuration (.cscfg) under the NetworkConfiguration section.

For a virtual networks belonging to the same resource group as the cloud service, referencing only the virtual network name in the Service Configuration (.cscfg) file is sufficient. If the virtual network and cloud service are in two different resource groups, then the complete Azure Resource Manager ID of the virtual network needs to be specified in the Service Configuration (.cscfg) file.

Virtual Network located in same resource group

<VirtualNetworkSite name="<vnet-name>"/> 
    <InstanceAddress roleName="<role-name>"> 
       <Subnet name="<subnet-name>"/> 

Virtual network located in different resource group

<VirtualNetworkSite name="/subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>"/> 
     <InstanceAddress roleName="<role-name>"> 
        <Subnet name="<subnet-name>"/> 

2) Remove the old plugins

Remove old remote desktop settings from the Service Configuration (.cscfg) file.

<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="gachandw" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="XXXX" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2021-12-17T23:59:59.0000000+05:30" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> 

Remove old diagnostics settings for each role in the Service Configuration (.cscfg) file.

<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />

Required Service Definition file (.csdef) updates


Changes in service definition file (.csdef) requires the package file (.cspkg) to be generated again. Please build and repackage your .cspkg post making the following changes in the .csdef file to get the latest settings for your cloud service

1) Virtual Machine sizes

The following sizes are deprecated in Azure Resource Manager. However, if you want to continue to use them update the vmsize name with the associated Azure Resource Manager naming convention.

Previous size name Updated size name
ExtraSmall Standard_A0
Small Standard_A1
Medium Standard_A2
Large Standard_A3
ExtraLarge Standard_A4
A5 Standard_A5
A6 Standard_A6
A7 Standard_A7
A8 Standard_A8
A9 Standard_A9
A10 Standard_A10
A11 Standard_A11

For example, <WorkerRole name="WorkerRole1" vmsize="Medium" would become <WorkerRole name="WorkerRole1" vmsize="Standard_A2".


To retrieve a list of available sizes see Resource Skus - List and apply the following filters:
ResourceType = virtualMachines
VMDeploymentTypes = PaaS

2) Remove old remote desktop plugins

Deployments that utilized the old remote desktop plugins need to have the modules removed from the Service Definition (.csdef) file and any associated certificates.

<Import moduleName="RemoteAccess" /> 
<Import moduleName="RemoteForwarder" /> 

Deployments that utilized the old diagnostics plugins need the settings removed for each role from the Service Definition (.csdef) file

<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />

Key Vault creation

Key Vault is used to store certificates that are associated to Cloud Services (extended support). Add the certificates to Key Vault, then reference the certificate thumbprints in Service Configuration file. You also need to enable Key Vault 'Access policies' (in portal) for 'Azure Virtual Machines for deployment' so that Cloud Services (extended support) resource can retrieve certificate stored as secrets from Key Vault. You can create a key vault in the Azure portal or by using PowerShell. The key vault must be created in the same region and subscription as the cloud service. For more information, see Use certificates with Azure Cloud Services (extended support).

Next steps