Rock Solid Azure Hosting

How to Rock stewardship by hosting with Azure.

Download PDF
Current Version: McKinley 9.0

Updates for McKinley 9.0

No updates made.

Updates for McKinley 6.0

No updates made.

Updates for McKinley 8.0

No updates made.

Introduction

So you've heard about Microsoft Azure's $3,500 annual hosting credit for non-profits, and you'd like to give it a try? Good news; those who have gone before you have marked the path to success. This guide will walk you through the steps to get Rock up and running with Azure. First, though, let's go over a few things we need to know up front.

How Do I Receive My Credit?

The $3,500 credit allows you to "spend" up to $291 per month with approved Azure products, and you'll be able to track your usage and the remaining balance in regular statements. Although the program expires one year after you set it up, Azure for Nonprofits has stated that they plan to do an "annualized refresh," turning this into a perpetual donation. Thanks, Microsoft!

Prerequisites

Yes, prerequisites. While Azure's hosting credit is an exciting prospect and a good fit for many organizations, it may not work for all. Take a look at this short list to see if it will work for you.

  • Organizations must be nonprofit or non-governmental organizations with 501(c)(3) status under the United States Internal Revenue Code.
  • Religious organizations are allowed.

What does that mean? It essentially means that you must be licensed as a 501(c)(3) or NGO and you must be a US-based organization.

To sign up for the 501(c)(3) grant for $3,500 annually you will need to:

  • Register for TechSoup.
  • Register for Microsoft Philanthropies.
  • Below we have the links and steps on registering for both of these.

    First: Register for TechSoup

    1. Register for a Microsoft TechSoup account on their website.
    2. Follow the directions to get set up.
    3. To complete your registration, request your Validation Token from this page by selecting New To TechSoup.org.

    Second: Register with Microsoft Philanthropies for the Azure credit

    1. Register on the Get Started page.
    2. Sign in using your TechSoup Validation Token.
    3. Register for the Azure Non-Profit Sponsorship.
    4. (Optional) For a little extra help, set up a free online meeting with Microsoft Support to get your Azure account set up.
    5. (Optional) If you already have an Azure account, it is important that you submit a support request to have them merge your Azure accounts (so you can use the credit with your current setup).

    Hybrid Use Benefit for Windows Server

    Now, before we start creating our servers in Azure, let’s talk about another option you can use to help keep costs down – frequently below the amount of the credit Microsoft offers your nonprofit.

    Already have a Windows Server License?

    Typically when you have a Windows Virtual Machine hosted in one of Microsoft’s Azure datacenters, part of what you pay is the cost of the Windows license yourself. If you have already purchased a qualifying Windows Server license however, you can simply indicate that to Microsoft and reduce the amount you’re paying on an ongoing basis. That option is called “Hybrid Use Benefit”, and it’s especially helpful when you get the Windows Server license from Tech Soup at a significant discount.

    You can check out the requirements for Hybrid Use Benefit yourself, but the summary is that if you’ve licensed Windows Server Standard with an ongoing Software Assurance subscription, you can use Hybrid Use Benefit on up to (2) Azure VMs with 8 or fewer processor cores each (or a single Azure VM with 16 or fewer processor cores).

    If you’ve purchased Windows Server Standard, be sure that you’re not also using this license on another local server. Be sure to renew your Software Assurance on the license though, so you stay in compliance with the requirements! Typically Software Assurance is renewed for 1 or 2 years at a time.

    Note

    This is one of the rare cases where Microsoft doesn’t require activation or proof of the license in order to activate Hybrid Use Benefit, so you don’t need to actually provide the key anywhere in Azure.

    Set Up Steps

    Purchase Windows Server 2016 and SQL Server 2016 Licenses from TechSoup

    Remember the SQL Server 2016 Licenses is Optional but highly recommened for Organizations with more than 75,000 records.

    1. Find these products on the TechSoup site.
    2. Browse products in the Microsoft Server Software and Licenses category. Find Windows Server and SQL Server, and add them to your cart.
    3. Check out with required information.
    4. Downloads and product keys will appear in Volume Licensing Service Center, or VLSC, after the donation is processed.

    Use your Azure portal to create the virtual machine

    Create a New Resource - basic page
    Azure VM
    1 Create a resource
    Choose the Windows Server 2016 image that’s offered.
    2Add a subscription
    Here you will choose a subcription (Azure Sponorship should show up here if you have it).
    3Instance
    Provide all your instance details.
    4Server Size
    Choose the size of server you want to deploy.
    5Server Credentials
    Provide a login for your new server.
    6Inbound Ports
    Allow traffic into the server - typically that will be HTTP, HTTPS, and sometimes RDP.
    7Save Money
    Check “Already have a Windows license?” = Yes.
    8Next Step
    Click Next to Disks

    Disks

    1. OS Disk space = Premium SSD works best in most cases.
    2. You can optionally "create and attach a new disk" if you wanted to keep your Rock installation on a separate virtual disk from the OS disk.

    Network - advanced

    1. Here you will choose a subnet address.
    2. Choose to allow a public IP address.
    3. In the first page of creating the new VM, we specified some TCP ports which would allow traffic to connect to the server. If you need more control over when the connections are allowed, you can create a Network Security Group here. For instance: you can add rules allowing traffic from “any” source to access port 80 and 443 for your web server, then you can add another rule that only allows RDP (port 3389) connection from one specific IP address.

    External Static IP

    We recommend if your organization has a static external IP address that you create and configure a Network Security Group that allows TCP traffic on ports 80 and 443 for all source IP addresses, but only allow TCP port 3389 traffic originating from your network. That will prevent anyone else in the world from attempting to guess your remote access password and log into your Azure server.

    Management

    • You probably won't need any of these settings to be on. Some might be set by default. Go head and manually select "no" for all of them.
    • One exception here is if you want to learn more about "backup" you might find some benefit in turning this on.

    Advanced

    • This section can be skipped.

    Tags

    • Unless your organization is using Tags, you can skip this section.

    Review and create

    1. Review all of the settings you've set to double check your settings.
    2. Choose "Create" when done.
    3. It should take about 10 minutes for it to complete after selecting "create."

    This server is your new Web Host, where you'll configure IIS. You can repeat this process to create a second server, which will be your Server where you install the SQL Server software. This time, you won't need to create a new Resource Group; the two servers should both be created in the same group together. You also won't need an external IP address, since your IIS server will be able to "talk" with the SQL Server on their virtual local network. In fact, you might not need to allow any ports in to your SQL server at all if you want to remote desktop into that server from your IIS server.

    Alternatively, depending on your needs and budget, smaller organizations can consider running in a "single server" configuration where you install both IIS and SQL Server on the same VM.

    Another option is to set up Azure SQL; this is single database that Microsoft hosts for you, rather than having to create and maintain a second server for that database. With this option, you don't need a license of SQL Server at all.

    Optional - Set up Azure SQL

    As noted above, this is only required if you want to avoid licensing, installing and maintaining SQL Server yourself. If you want to use this option, you can create a new database from the Azure portal by clicking "Create a resource" and choosing `SQL Database` from the templates offered in the Azure Marketplace (instead of choosing Windows Server like we did above).

    • You'll need to create a new "database server" in this case, but this isn't the same as a VM, because you won't need to manage it (and you don't even actually have access to it). It's more of a "container" to hold your database. When you create this server, you'll be prompted to set the database connection username and password that you'll need to install Rock.
    • When prompted, understand that you probably don't need an elastic pool, since you just need a single database.
    • Microsoft's official guidance is that 100 DTUs (such as a Standard s3 plan) is roughly equivalent to a VM with a single processor. Some have found success using fewer DTUs, but in general use that conversion as a guideline when you're trying to figure out what size to use.
    • When you get to the "subscription > resource group" you will choose the same resource group as the other server just created.
    • Don't allow any inbound ports.
    • Once you get to the Network page - skip a public IP address.
    • If you wanted to allow access to Rock information on a SQL software you can add an advanced network using port 1433.

    Rock Solid Internal Hosting Guide

    Now that you have your host ready, follow the Rock Solid Internal Hosting Guide to get started installing Rock.

    Be sure to check out the rest of the Rock guides and manuals to help you get the most out of your Rock experience.

    Improve