Post on 11-Nov-2014
description
transcript
John CraddockInfrastructure and security ArchitectXTSeminars Ltd
Take the Spaghetti out of Windows Azure An insight for IT Pro Techies Part 1
Agenda• Part1• Introduction to the Cloud• Windows Azure fundamentals• Building and deploying a Windows Azure service
• Part 2• Windows Azure storage• Connecting on-premise and Cloud systems• Managing identity with the Access Control Service
Demos
On-Premise Computing• Requires hardware, space, electricity, cooling• Requires managing OS, applications and updates • Software Licensing• Difficult to scale• Too much or too little capacity
• Difficult to be agile• High upfront capital costs• You have complete controland responsibility
Managing Demand
Time
IT Capacity
Entry barrier
Under capacity
Over capacity
Forecast demand
Compute capacity
Potential business
loss
Wasted capacity
Demand Burst
Time
IT Demand
Concert ticket web site
Ticket sales openTicket sales open
How do we deal with this?
A Typical Application
Web layerRequest
Business layer DatabaseResponseBrowser
What do we do when it starts to overheat?
Web layerRequest
Business layer DatabaseResponse
Scale Up and Out
• How much is that going to cost you?• Do you need it all the time?
• How long will it take you?• Do you have the capital expenditure budget?
Web layerRequest
Business layer DatabaseResponse
Web layer
Web layer
Web layer
Web layer
NLB
Business layer
Business layer
Business layer
Business layer
NLB
Public Cloud Computing• On demand compute and storage capacity• Internet based• Pay for what you use
• Delivered as a service• Don’t expect to be able to change what’s delivered• Read the SLAs• If they don’t give you what you need, look to another vendor
Cloud services and identity
• Application• On-premise• Partner
organization• Somewhere!!!
User
• User• On-premise• Partner
organization• Somewhere!!! • User’s Identity
• On-premise• Partner
organization• 3rd Party Identity
provider
Name: FredPassword: *****Age: 107Country: Japan
Federation joins it all together
Cloud Offerings
Operating System
Frameworks
Application
OS Services
Virtualized Instance
Hardware
Operating System
Frameworks
Application
OS Services
Virtualized Instance
Hardware
Operating System
Frameworks
Application
OS Services
Virtualized Instance
Hardware
Operating System
Frameworks
Application
OS Services
Virtualized Instance
Hardware
Your control and responsibility
On-premise IaaS PaaS SaaS
Someone else does the work!
Windows Azure
What does Azure Offer• A platform for your applications• Run code in compute instances• web roles, worker roles and VM roles
• Persistent storage• Blobs, tables, queues, SQL
• AppFabric building blocks for distributed services• Access control• Network connectivity• Connect on-premise and cloud applications
• Caching• Management portal• Deployment and management of services• Can be managed programmatically
Platform built for availability• Scale out for capacity and redundancy• Short timeouts and retries• Idempotent operations• Stateless compute instances• Simplifies scale out and upgrades• Instances always consistent
IT Professionals
• On-premise will be around for a long time• IT roles will become more strategic• Choosing best of breed to meet business requirements
• Requirement to manage networking between on-premise and systems in multiple clouds
• Managing authentication and authorization for distributed cloud services
What about by Job???
Azure cloud offers you the opportunity to be the expert at bringing scalability and agility to your company’s applications and services
A chance to innovateTest out new ideas with small
upfront costsSell in-house expertise by
packaging as a service
If you need to scale rapidly, you can
Windows Azure Spaghetti
Web Roles
Worker Roles
VM Roles
Access Control Service
AppFabric
Affinity GroupsContent Delivery Network
CertificatesAccess Keys
Storage Accounts
BLOBs
Queues
TablesService BusCaching
Azure ConnectSQL Azure
StagingProduction
Subscriptions
REST
Fabric ControllerVIP Swap
Web Roles
Worker Roles
VM Roles
Access Control Service
AppFabric
Affinity Groups
Content Delivery Network
Certificates
Access Keys
Storage Accounts
BLOBs
Queues
Tables
Service Bus
CachingAzure Connect
SQL Azure
Staging
Production
Subscriptions REST
Fabric Controller
VIP Swap
Ready To Go…
• Start by creating a subscription• Check for introductory offers• MSDN subscriptions include Windows Azure service
www.azure.com
Worker Role 1Roles
• Pay per role instance• Add and remove instances based on demand• Elastic computing!• Load balancing is part of the Azure fabric and automatically allocated
instance #0
RequestDatabas
eResponseBrowser
Communications viaQueues and Tables
instance #1
instance #2
instance #3
instance #1
instance #3L
B
instance #0
Scale upand down
Web Role 1
Compute Model
• The Windows Azure 99.95% SLA requires at least two instances for each role
Distribute task
Database
instance #0
Request
ResponseBrowser
instance #1
LB
Web Role 1
Worker Role 1
instance #1
instance #3
instance #0
instance #4
Demand Burst With Azure
Time
IT Demand
Concert ticket website
Ticket sales open
Ticket sales open
On-demand compute capacity
Compute Capacity
Scale prior todemand
VM Role• You build and deploy it as a VHD• Is it a true VM as we know and love?• No, because it is stateless• Changes you make to a running instance are not persistent• For persistent changes you need to supply a new VHD
• What operating systems can you run in a VM Role?• Windows 2008 R2
• Unlike web and worker roles you are responsible for OS updates
• Why does it exist?• Use when your application requires a long install• Use when a manual install/configuration is required• Supports legacy applications
Hosted Services
• Windows Azure refers to a published application as a hosted service• You decide which region of the world it is deployed in• You cannot choose a datacentre
• Affinity groups can be created to ensure that a hosted service and storage are in the same datacentre within a region
DemoMy First Azure Application
Instance SizesCompute Instance Size CPU Memory Instance
StorageI/O Performance
Extra Small 1.0 GHz 768 MB 20 GB Low
Small 1.6 GHz 1.75 GB 225 GB Moderate
Medium 2 x 1.6 GHz 3.5 GB 490 GB High
Large 4 x 1.6 GHz 7 GB 1,000 GB High
Extra Large 8 x 1.6 GHz 14 GB 2,040 GB High
• Each instance is deployed in its own VM• Cost is based on deployed instance sizes• Charged even if the instance is not running
• Remember the SLA require at least two instances per role
Creating a service• Binaries• Web/worker role code• VM roles: VHDs
• Definition file (.csdef)• Role names and types• Instance sizes• Network endpoints
• Configuration file (.cscfg)• Number of instances for each role• Configuration settings for modules
and strings declared in the definition file
<WorkerRole name="Example1_WorkerRole1" vmsize="Small"> <Imports> <Import moduleName="Diagnostics" /> <Import moduleName="RemoteAccess" /> <Import moduleName="RemoteForwarder" /> </Imports> <ConfigurationSettings> <Setting name="DataConnectionString" />
<Role name="Example1_WorkerRole1"> <Instances count="2" /> <ConfigurationSettings><Setting name="DataConnectionString" value="DefaultEndpointsProtocol=https;AccountName=xtsstorage;AccountKey=LR44MguTHmD1bGpcObJxdr22zZcYrPj8UclhJMBllyFngsHq+Z5OYqdJ8Na6y1+xxxxxxxxxxxxxxxxxxx==" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="Tom" />
Deploying the service
• Configuration data values can be update on the live system
The binaries and definition (csdef) file are zipped intoservice package file
Running the Service
• The Fabric Controller manages• Resource allocation• Service provisioning• Service lifecycle • Service health
Develop and package service
Portal Service
RDFE
Fabric Controller
Regional datacenter
Resources allocated for roles
Public IPLB
Update & Fault Domains
• Windows Azure distributes instances across multiple update domains to support in-place upgrades• One domain is updated at a time• Supports application and Windows Azure OS updates
• Service remains running with reduced capacity• Similar concept used to support Windows Azure
datacentre hardware failures• Instances are distributed across multiple fault domains• A single failure will allow service to remain running
Worker Role Inst #0
Web Role Inst #0
Update domain 0
Worker Role Inst #1
Web Role Inst #1
Update domain 1
Worker Role Inst #2
Update domain 2
Staging and Production
• A service can be deployed to staging, tested and “moved” to production by swapping the VIP
• A service upgrade can be deployed to staging and then swapped to the production environment• During the swap the current production
environment is “moved” to staging
Production
Staging
Production URL
Staging URL
LB
LB
http://<guid>.cloudapp.net
http://<name>.cloudapp.net
Remote Desktop
• Certificates required by a role instance are deployed to the Hosted Services node of the portal• The certificates will be in pfx format and include the private
key• These certificates are automatically installed on the role
instances• Examples of certificates include RDP and SSL Certs
Portal
Define RDP requirements for roleincluding user name and password
.cscfg
Encrypt password
Copy certificateand private key
to portal
Deploy as part of new packageor upgrade
Role instance
Management via Visual Studio
Portal
Associate a certificateand subscription ID
Copy certificate(not private key)
Requires a storage account
DemoMy Second Azure Application
What role does the IT Pro have?• The Cloud becomes part of our service offering• Work out how best to leverage the Cloud• Work out the best mix of on-premise and Cloud services
• Build VHDs for VMRoles• Plan and implement update strategies• Manage and Monitor Windows Azure applications
with System Center 2012• Manage certificates
Summary• Part1• Introduction to the Cloud• Windows Azure fundamentals• Building and deploying a Windows Azure service
• Part 2• Windows Azure storage• Connecting on-premise and Cloud systems• Managing identity with the Access Control Service
TechEd 2012• I will be speaking a TechEd 2012• Precon: Building Federated External Access for Microsoft
SharePoint 2010• Other breakouts
Consulting Services on Request
John.craddock@xtseminars.co.uk
John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including, TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars. www.xtseminars.co.uk
John CraddockInfrastructure and security ArchitectXTSeminars Ltd
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.