As part of my TechEd 2012 talk I went through the process of configuring and deploying an application that requires the Microsoft Distributed Transaction Coordinator (aka DTC). This piece of Windows Server infrastructure is more commonly found in legacy applications but still comes up from time to time in new solutions whenever they require multiple resource managers. When it turns out that multiple resources (ex. 2 SQL Databases) need to have an ATOMIC transaction they will rely on DTC to make sure it is done correctly.
In Windows Azure this has been an unsupported dependency since the platform was released. If developers wanted to get their applications running that used DTC they would have to rewrite their code to handle transaction commits and rollbacks without it. This blocks a lot of scenarios that work really well in the cloud and Windows Azure. Fortunately, with the release of Infrastructure as a Service (IaaS) on Windows Azure we can very quickly configure the environment necessary to support DTC and through my TechEd 2012 demo I did just that. What follows is a list of steps to configure and deploy the sample application I created for TechEd to showcase this new architecture option in Windows Azure.
Step 1 – Create an Active Directory Controller in IaaS and note the assigned IP by running inetpub from a cmd window after you create the new VM. This IP will now be static so we can use it from the other server instances to allow domain joining and DNS resolution.
This will require you to configure a new VM using the Win Server image and go through the typical DC promo process you would have always used to create a new domain controller. For more details on creating a DC read more here: http://technet.microsoft.com/en-us/library/cc755103(v=WS.10).aspx
Step 2 – Provision two SQL Server 2012 databases and an IIS server from the images provided (see screenshot above) and ensure the 1433 port is opened on the windows firewall for the 2 SQL server boxes. These are initially very straight forward steps and just require you to setup the VMs in the same virtual network. To do this, all you need to ensure is that the first VM is a stand alone and the following servers are connected to the initial server.
Step 3 – Once that is done ensure you enable the network access for the DTC process from the Control Panel > System & Security > Windows Firewall > Allow a Program through Windows Firewall. You should see the screenshot to the right which will need the DTC checkboxes enabled.
Step 4 – Now we need to conigure the DTC settings on all three instances. To do this you’ll have to open the MMC and add the component servers snapin. Once that is open you’ll want to get to the local DTC on all three instances and ensure you have network access to all three isntances.
Note that these settings are not creating any generic admin user and are relying on the calling process to provide credentials and do proper authentication. We are also not enabling any of the client admin access. The purpose of this configuraiton on all three servers is to enable the transaction flow only.
Step 5 – Now that we have DTC all enabled and ready to go we need to domain join the machines and ensure that they are able to do the proper security we just setup for DTC. Now is the time to use that IP we noted back when we initially created the AD server.
Step 6 – Create a new account in Active Directory that you will use as a least privileged account from IIS and into the DTC processes on the 2 SQL databases. Remember this account because we will use it in a future step to configure IIS to run as that account. As an example my domain that I created was developertofu.com and my account was dtcdemoaccount.
Step 7 – The next thing to do is setup the web server we created to support .NET and IIS and .NET 4.
To do this you’ll have to add the application server and web server role and install .NET 4 ( http://go.microsoft.com/fwlink/?linkid=186916 ).
Step 8 – We will also need to add another element to the Windows Azure IaaS portal so the load balancer knows to point incoming traffic to our IIS server. This is simply a port 80 endpoint configured and setup on the IIS VM (see screenshot to the right).
Step 9 – Now we need to get the databases setup in SQL Server so we can get the proper security configured. To do this we’ll need some SQL scripts which we can get by first runnign the code locally. You can download the code from here: http://bit.ly/L3OgYq and in that code you will see a web.config that points to two different SQL isntances.
You can use SQL Express to create these isntances and then run the code to get entity framework to generate the DB which you can then export the SQL using either EF sql migrations of just simple SQL server management studio script generation.
Note: The code you are downloading is made up of 2 projects. One is a data creation utility that you can run locally to get some test data setup and the other is the main MVC 4 WebAPI sample that uses a simple HTML/JQuery front end. The key logic for DTC is in the controllers and wraps calls to two EF contexts using System.Transactions (see below).
Step 10 – We are getting close now, the SQL databases need to be setup to allow the DTCDemoAccount we created in step 6 to access the database. This is simple SQL security. First add the login to the master security logins and then add the user mapping to the databases in SQL that you created after first getting it setup and running locally and then exporting the script.
Step 11 – Now its basically time to just upload the code and configure the app pool on our IIS server to run as the DTC Demo Account. To do this we’ll first move the InventoryServer directory onto the C:\Intepub\wwroot folder and then using IIS we can right click and “Create Application”. This will give us a application type that can use .NET 4. Make sure that the default app pool is configured to use .NET 4 (right click on the app pool > basic settings). Also change the identity of the default app pool to use our DTC demo account so it will be the account used to call the DTC process.
Step 12 – We are finally ready to test. You should be able to go to your site from any web browser based on the DNS address of the IIS server (found in the portal) + /InventoryService and add new products, edit products, or delete products. If the DTC configuration you setup is correct you will see a transaction count increasing in any of the servers involved in the DTC transaction (see screenshot).
While this may look like quite a few steps please take comfort in the fact that all this was done in the cloud with full RDP access and it was really straight forward. In only a few hours this 4 node configuration with a complex DTC dependency was setup and running using a modern WebAPI sample. I hope this high level set of steps helps you see how to take advantage of this first ever capabiltiy in Windows Azure and start moving DTC apps to the cloud right now!