web. www.ciin.estwitter. @MICCantabriaemail. aacha@ciin.esblog. geeks.ms/blogs/ciin

Angel Acha Centro de Innovación en IntegraciónMicrosoft Innovation Center - Cantabria

Azure Camps

Moving Applications to the Cloud with VM Role and Web/Worker RoleNameTitleCompany

AgendaMotivation & Overview

Remote Desktop / Re-image / Reboot

Admin Mode / Service Modeling Enhancements

VM Role

Q&A

Motivation & OverviewGet more control & flexibility of the Windows Azure environment

DevelopersIT Pros

Easier migration of existing Windows applications to Windows Azure

Use above capabilities within Windows Azure service model for lower management costs and improved agility

Automated service managementBest practices for the cloud

Anatomy of a Windows Azure ServiceA Windows Azure service consists of

An isolation boundaryA set of component roles, each with endpointsNumbered, multiple instances of each role

A Windows Azure application behaves correctly when any role instance fails.All of this is specified in a service model

Worker Role

Web Role

VM Role

Comparison of Role TypesWeb Role : The role is hosted on IIS

Worker Role : The role is an executable (you can create your own web server, host a database, …)

VM Role : The role is the VM.Use Windows services, scheduled tasks, etc.You configure and maintain the OS.

ControlAbstraction (i.e. Less IT & Less Plumbing Code)

Admin Web /

Worker Role

VM RoleWeb /

Worker Role

Portal and Remote DesktopNameTitleGroup

demo

Remote Desktop

LB

IN_0IN_0

IN_1

IN_2

IN_1

Remote Forwarder

Port 3389

Internal Port 3389

Role 1 Role 2

Remote Desktop Configuration<?xml version="1.0" encoding="utf-8"?><ServiceDefinition name="RemoteAccess" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition"> <WorkerRole name="GatewayRole"> <ConfigurationSettings> <Setting name="DiagnosticsConnectionString" /> </ConfigurationSettings> <Imports> <Import moduleName="RemoteAccess" /> <Import moduleName="RemoteForwarder" /> </Imports> </WorkerRole> <WorkerRole name="TargetRole"> <ConfigurationSettings> <Setting name="DiagnosticsConnectionString" /> </ConfigurationSettings> <Imports> <Import moduleName="RemoteAccess" /> </Imports> </WorkerRole></ServiceDefinition>

Remote Desktop Configuration <Role name="WorkerRole1"> <Instances count="1" />

<ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="myuser" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="[base64]" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2010-06-16T13:04:02.9666425-07:00" /> </ConfigurationSettings> <Certificates> <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordCertificate" thumbprint="c0c23e1cdd7bfb20c14dce97b37ea67bd9f24918" thumbprintAlgorithm="sha1" /> </Certificates>

</Role>

Service Model Enhancements – OverviewWindows Server 2008 R2 & IIS 7.5

Web Role is revamped to use full IIS

Admin Access: Full administrative access to your role instancesNetwork Modeling

Well Known Ports: Easier to bring your existing applications to AzurePort Ranges: for “inbound traffic” (as opposed to 5 in the past)Load Balancer Control: Take instance on/off the load balancer for debugging purposesNetwork Filters: Enable traffic filtering between roles within a service

Improved AutomationStartup Tasks: Includes scripts that automate the preparation and configuration of roles Role Plugins: Ability to easily include “plug-ins” in the service definition(e.g., Built-in: Remote Desktop, virtual network, diagnostics; Samples: IIS Dev Mode, and more)

Admin Access & Startup Tasks• Scenarios

Perform short, unattended setups on role startup. E.g.

COM ComponentRegistry KeyConfiguring a Windows Server Role, such as IIS

Debugging

• Reminders• Durability: Runtime state on OS image does not survive

OS upgrade and hardware failure• Drift: Service should behave correctly when any role

instance fails

Admin Access & Startup Tasks<WebRole name="foo"> <Startup> <Task commandline="relative\path\ToSetupExecutable" executionContext="limited|elevated" taskType="simple|foreground|background"/> </Startup></WebRole>

Task Types:• Simple [Default] – System waits for the task to exit before any other

tasks are launched• Background – System does not wait for the task to exit• Foreground – Similar to background, except role is not restarted until

all foreground tasks exit

Full IIS – Overview • Web Role will now use full IIS by default

• One Web role can run many Web sites

• Multiple sites, applications, virtual directories, and bindings can be modeled

• Everything else can be scripted (using admin access where necessary)

Full IIS Scenario - WalkthroughPhase Key Steps

Local Development

• Use Visual Studio solution to code & deploy to Compute Emulator

• Edit local content files without redeploying to Compute Emulator

First-time Publish (~10 Min)

• Deploy service to Windows Azure• Ensure Windows Azure service definition (csdef/cscfg) configures Web role:

• To enable remote WMSVC, WebDeploy, PowerShell, etc.• As single instance

Iterative Development (seconds)

• Continue coding in same Visual Studio solution• Push intermittent changes (e.g. w/ Web Deploy)

Deployment of Final Version (~10 Min)

• Deploy service to Windows Azure• Note: If service is now multi-instance, Remote Desktop can be used, but other remote mgmt. tools will get load-

balanced to arbitrary instances.Mitigation: Run mgmt. tools inside Remote Desktop session

Startup Tasks and Full IISNameTitleCompany

demo

VM Role – Overview Developers have full control over the OS image

Ability to upload your own customized WS08R2 Enterprise images

Operators can reboot, re-image and Remote Desktop

Continue to benefit from automated service management, including service model enhancements described on subsequent slides

VM Role Lifecycle• Convert product DVD to a VHD, or use existing VHD• Prepare the VHD

Build VM Image

• Create a service model with the above image.Create Service

• Store VHD in Windows Azure blob storageUpload Image

• Include in service model. Specify instance count.• Package as cspkg, upload cskpg.Deploy Service

• Remote Desktop• Reboot / Reimage

Maintain Service

• Repeat above steps, with a new OS image.Upgrade Service

VM Role Lifecycle

CloudOn-Premises

Blob Storage

Boot VHD

Customize VHD

Save Diff.VHD

Base.VHD

Identical/similar deployment instances using

common uploaded OS image (base.VHD + diff.VHD)

& Additional Software& Windows Azure Integration Components - Agent - Runtime Interface (topo, config, shutdown notification, …) - Remote Desktop configurator - Diagnostics - Windows Azure Drives driver - Windows Azure Connect& Generalize (Recommended)

Creating a Service – Service Definition<ServiceDefinition name="MyVMRoleService" xmlns="…"> <VirtualMachineRole name="MachineRole" vmsize="Medium"> <Imports> <Import moduleName="RemoteAccess" /> <Import moduleName="RemoteForwarder" /> <Import moduleName="Diagnostics" /> </Imports> </VirtualMachineRole></ServiceDefinition>

Creating a Service – Service Configuration <ServiceConfiguration serviceName="MyVMRoleService" xmlns="…">

<Role name="MachineRole"> <OsImage href="20101020BaseVM.vhd" /> <Instances count="2" /> <ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=http;AccountName=mohittest;AccountKey=JEBzeqFeP1g==" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword" value="" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2012-07-23T23:59:59.0000000-07:00" /> <Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" /> </ConfigurationSettings> <Certificates> <Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="195FD938F86D8785FF53C660BCBD283819E0271A" thumbprintAlgorithm="sha1" /> </Certificates> </Role></ServiceConfiguration>

VM RoleNameTitleCompany

demo

VM Role – Common QuestionsWill any WS08 R2-based application work?

No, VM Role inherits some Web/worker restrictions:SLA requires at least two identical/similar instancesNo durability of OS image on hardware failureOne public IP per service (unless using Windows Azure Virtual Network)

Does Windows Azure take care of *everything*?No

With VM Role, the customer creates & maintains the OSWindows Azure does not automatically understand the health of the applications running in our VM

But, since you deploy services instead of individual VM’s, Windows Azure does automate many management tasks.

VM Role – Common QuestionsHow will it be priced?

It will be priced the same as Web and Worker roles. Customers will be charged at an hourly rate depending on the compute instance size.

How does licensing in the cloud work?Windows:

Included in the CPU-hour priceLicensing status of uploaded image is not considered

Applications: Per the licensing terms of the application

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the

date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.