Prerequisites for deploying Azure Cloud Services (extended support)

To ensure a successful Cloud Services (extended support) deployment review the below steps and complete each item prior to attempting any deployments.

Required Service Configuration (.cscfg) file updates

1) Virtual Network

Cloud Service (extended support) deployments must be in a virtual network. Virtual network can be created through Azure portal, PowerShell, Azure CLI or ARM Template. The virtual network and subnets must also be referenced in the Service Configuration (.cscfg) under the NetworkConfiguration section.

For a virtual networks belonging to the same resource group as the cloud service, referencing only the virtual network name in the Service Configuration (.cscfg) file is sufficient. If the virtual network and cloud service are in two different resource groups, then the complete Azure Resource Manager ID of the virtual network needs to be specified in the Service Configuration (.cscfg) file.

Virtual Network located in same resource group

<VirtualNetworkSite name="<vnet-name>"/> 
  <AddressAssignments> 
    <InstanceAddress roleName="<role-name>"> 
     <Subnets> 
       <Subnet name="<subnet-name>"/> 
     </Subnets> 
    </InstanceAddress> 
  </AddressAssignments> 

Virtual network located in different resource group

<VirtualNetworkSite name="/subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>"/> 
   <AddressAssignments> 
     <InstanceAddress roleName="<role-name>"> 
       <Subnets> 
        <Subnet name="<subnet-name>"/> 
       </Subnets> 
     </InstanceAddress> 
   </AddressAssignments>

2) Remove the old plugins

Remove old remote desktop settings from the Service Configuration (.cscfg) file.

<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="gachandw" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="XXXX" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2021-12-17T23:59:59.0000000+05:30" /> 
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> 

Remove old diagnostics settings for each role in the Service Configuration (.cscfg) file.

<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />

Required Service Definition file (.csdef) updates

Note

Changes in service definition file (.csdef) requires the package file (.cspkg) to be generated again. Please build and repackage your .cspkg post making the following changes in the .csdef file to get the latest settings for your cloud service

1) Virtual Machine sizes

The following sizes are deprecated in Azure Resource Manager. However, if you want to continue to use them update the vmsize name with the associated Azure Resource Manager naming convention.

Previous size name Updated size name
ExtraSmall Standard_A1_v2
Small Standard_A1_v2
Medium Standard_A2_v2
Large Standard_A4_v2
ExtraLarge Standard_A8_v2
A5 Standard_A2m_v2
A6 Standard_A4m_v2
A7 Standard_A8m_v2
A8 Deprecated
A9 Deprecated
A10 Deprecated
A11 Deprecated
MSODSG5 Deprecated

For example, <WorkerRole name="WorkerRole1" vmsize="Medium" would become <WorkerRole name="WorkerRole1" vmsize="Standard_A2".

Note

To retrieve a list of available sizes see Resource Skus - List and apply the following filters:
ResourceType = virtualMachines
VMDeploymentTypes = PaaS

2) Remove old remote desktop plugins

Deployments that utilized the old remote desktop plugins need to have the modules removed from the Service Definition (.csdef) file and any associated certificates.

<Imports> 
<Import moduleName="RemoteAccess" /> 
<Import moduleName="RemoteForwarder" /> 
</Imports> 

Deployments that utilized the old diagnostics plugins need the settings removed for each role from the Service Definition (.csdef) file

<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />

Access Control

The subscription containing networking resources needs to have network contributor access or above for Cloud Services (extended support). For more details on please refer to RBAC built in roles

Key Vault creation

Key Vault is used to store certificates that are associated to Cloud Services (extended support). Add the certificates to Key Vault, then reference the certificate thumbprints in Service Configuration file. You also need to enable Key Vault 'Access policies' (in portal) for 'Azure Virtual Machines for deployment' so that Cloud Services (extended support) resource can retrieve certificate stored as secrets from Key Vault. You can create a key vault in the Azure portal or by using PowerShell. The key vault must be created in the same region and subscription as the cloud service. For more information, see Use certificates with Azure Cloud Services (extended support).

Next steps