1CONFIDENTIAL

CONTAINERS IN MICROSOFT AZURE

Sergii Kryshtop, Software Engineering Manager, EPAM Ukraine

APRIL 13, 2017

2CONFIDENTIAL

ABOUT THE SPEAKER

Sergii has 12+ years of experience in software development (6+ years with EPAM).

He works with Microsoft Technology Stack and Azure cloud platform being

focused on software architecture and design, cloud services, software

engineering practices, delivery management and resource management.

During his carrier, Sergii has worked with both green field and legacy systems,

with both small teams working in one room and big ones involving 30 people from

three distant geo locations.

Sergii is passionate about technology, since it enables engineers to make

people’s life easier and better. He is also fond of management, since it helps

development teams transform the intangible ideas and lines of code into tangible

products, which altogether brings real value for business and people.

SERGII KRYSHTOP

EPAM Systems, Software Engineering

Manager

3CONFIDENTIAL

AGENDA

Containers: Main Benefits1

Build Docker image in Azure2

Publish Docker image in Azure 3

Run Docker container in Azure4

Alternatives to Docker containers in Azure5

4CONFIDENTIAL

CONTAINERS: ADVANTAGES

5CONFIDENTIAL

CONTAINERS ARE LIGHTWEIGHT

SERVER

HOST OS

GUEST OS

HYPERVISOR (TYPE 2)

LIBRARIES

APP A

GUEST OS

LIBRARIES

APP B

VM

SERVER

HOST OS

LIBRARIES

APP A

LIBRARIES

APP B

CONTAINERS

• Containers are isolated but share OS

• Increase the compute density and

memory utilization

DOCKER ENGINE

6CONFIDENTIAL

VIRTUAL MACHINES CONTAINERS AND THE HOST

7CONFIDENTIAL

• Containers are industry leaders in the time to start new instance

• Container spin time for new instance takes seconds

• Provisioning and starting new Virtual Machines takes from 5 to 20 minutes

SCALABLE BY DESIGN

8CONFIDENTIAL

• One micro service application = one container

• Granular fast scalability

• Similar experience on workstation and production

• Hybrid environments: deploy to cloud and on-premise

WHY CONTAINERS ARE GOOD FOR MICROSERVICES

CONTAINERS + MICROSERVICES

9CONFIDENTIAL

10CONFIDENTIAL

DOCKER PLATFORM

Docker Image Docker Container

Docker Engine

Registry Service (Docker Hub or Docker Trusted Registry)Cloud or server based storage and distribution service for images

11CONFIDENTIAL

BUILD DOCKER IMAGE IN AZURE

WITH VISUAL STUDIO TEAM SERVICES

12CONFIDENTIAL

• Available Docker Integration Build Task

• Docker Registry Credentials Management

• Docker Build command

• Docker Push command

• Docker Run command

• Run Docker commands

• Docker Compose support

• Requires private VSTS agent with Docker tools

VISUAL STUDIO TEAM SERVICES: BUILD

13CONFIDENTIAL

PUSH DOCKER REGISTRY

IN AZURE

WITH VISUAL STUDIO TEAM SERVICES

14CONFIDENTIAL

HOSTING DOCKER REGISTRY IN AZURE

Docker Hub with Microsoft Azure storage driver Uses Microsoft Azure Blob Storage for object storage.

Azure Container Registry Service Managed private Docker registry in Azure

Docker Registry on VMThe Registry is a stateless, highly scalable server side application that

stores and lets you distribute Docker images.

15CONFIDENTIAL

DOCKER HUB WITH MICROSOFT AZURE STORAGE DRIVER

dotnet builddocker build

Target VM

Git

Microsoft Azure Docker Hub

git pull

docker pushdocker pull

docker run

CI/CD server

Registry Storage

Read/Write Images

pull image

Docker Registry

16CONFIDENTIAL

• Store and manage container images across all types of Azure deployments

• Maintain Windows and Linux container images in a single Docker registry

• Use familiar, open-source Docker command line interface (CLI) tools

• Simplify registry access management with Azure Active Directory

• Pricing: Blob storage pricing model. No addition price for the Registry service

AZURE CONTAINER REGISTRY SERVICE

17CONFIDENTIAL

AZURE CONTAINER REGISTRY SERVICE

DOCKER REGISTRY API

AZURE STORAGE ACCOUNT (LRS)

PRIVATE CONTAINER (NAME OF REGISTRY)

BLOCK BLOBS

18CONFIDENTIAL

DEMO:

BUILD AND PUSH

WITH VISUAL STUDIO TEAM SERVICES

19CONFIDENTIAL

• Application Deployment, including rollouts and rollbacks

• Horizontal Scaling

• Self-healing

• Discovery and load balancing

• Configuration management

• Monitoring

CONTAINER ORCHESTRATION

CONTAINER ORCHESTRATION = CLOUD PLATFORM

20CONFIDENTIAL

CONTAINER ORCHESTRATION BASELINE ARCHITECTURE

Master

Master

App 1 App 2

App 3

App 1 App 2

Worker Node Worker Node

OrchestrationOrchestration

Orchestration

Services

Admin UI / CLI

Load Balancing

Application Users

21CONFIDENTIAL

• Optimized provisioning of open-source container

orchestration tools

– Kubernetes

– DC/OS

– Docker Swarm

• Full automation of all orchestration platform

components

• Compatible with standard open-source

orchestration API

• ACS is a free service that clusters Virtual Machines

(VMs) into a container

• Hybrid deployment for applications

AZURE CONTAINER SERVICE (ACS)

22CONFIDENTIAL

ACS KUBERNETES DEPLOYMENT

23CONFIDENTIAL

ACS DOCKER SWARM DEPLOYMENT

24CONFIDENTIAL

ACS DC/OS

25CONFIDENTIAL

DEMO:

RUN IN ACS KUBERNETES

WITH VISUAL STUDIO TEAM SERVICES

26CONFIDENTIAL

IN DATA TIER

CONTAINERS

27CONFIDENTIAL

• Get more DTU density for given cost

• Databases runs in isolation

• Scale up/down database manually or using autoscale

SQL DATABASE ELASTIC POOL

SQL ELASTIC DATABASE POOL

eDTU POOL

28CONFIDENTIAL

DOCKER ALTERNATIVES

29CONFIDENTIAL

• The most popular service for running Web and

API applications (including microservices)

• DevOps friendly

• Scale out within several minutes

• Supported languages: .NET, Java, Node.js, PHP,

and Python

• Monitoring and Integration with Application

Insight

• Docker image support is in preview

APP SERVICE / APP SERVICE PLAN

PROS

App Service Plan

VM1

Web App 1

IIS Site Web Site

Web App 2

IIS Site Web Job

VM2

Web App 1

IIS Site Web Site

Web App 2

IIS Site Web Job

AUTOSCALING

LOAD BALANCING

30CONFIDENTIAL

• No real isolation for each application. Applications runs in IIS Application Pool Process

• Scaling is focused on scaling VMs, but not the applications

• No control on per-application restrictions on consuming resources

• Internal load balancer only in Premium service App Service Environment

APP SERVICE / APP SERVICE PLAN

CONS

31CONFIDENTIAL

AZURE SERVICE FABRIC

32CONFIDENTIAL

• Fully managed platform and programming model for microservices

• Proven platform used by Azure and other Microsoft services

• Run in Azure, on-premise or other clouds

• Introduce additional Actor programming model

• Java, Docker and Windows containers are in roadmap. Linux support Is in Preview

AZURE SERVICE FABRIC (ASF)

PROS

CONS

• Vendor lock on Platform and model

• On-premise support were released in 2016

• Need to develop expertise

33CONFIDENTIAL

DEMO:

AZURE SERVICE FABRIC

34CONFIDENTIAL

• Development of Microservices Accelerators and Reference Architectures

– Java-based microservice reference architecture is ready

– .NET-based microservice reference architecture is in progress

• Azure Service Fabric

• .NET Core and Docker

• Learning from our production experience from different business units

– KB page to find all relevant materials on the topic

– YAMER group for contribution

EPAM EXPERIENCE

35CONFIDENTIAL

• Docker and Linux are the first-class citizens in Azure

• Microsoft wrap all Docker and Docker orchestration components with easy-to-use

services which allows to build full CI and CD solution in short time

• If you build microservices on Microsoft stack and not interested in Docker and open-

source orchestration, than Azure Service Fabric might be a good option to go

WRAP UP

36CONFIDENTIAL

THANK YOU!

37CONFIDENTIAL

CONTACT ME

sergii_kryshtop@epam.com

skryshtop

skryshtop

sergii.kryshtop

@skryshtop