presenta

CP004Microsoft Azure & Amazon AWS Architectural comparison

Francesco Diaz - @francedit

francesco.diaz@insight.com

http://francescodiaz.azurewebsites.net

Francesco Delfino- @delfinof

francesco@musixmatch.com

Session Objective andAgenda

SESSION OBJECTIVE

• Provide an architectural description of the two platforms, comparing main features and workloads

AGENDA

• Introduction and overview

• Authentication

• Networks

• Virtual Machines

• Storage

• Databases

• Final considerations

• Other features (if we have time )

Introduction

Amazon AWS and Microsoft Azure

Both are leaders in Public Cloud market

Both have global coverage

Many services are similar

Web Portal and Administration tools via CLI/Powershell/API

Two platforms very similar, but

different

Platform Services

Infrastructure Services

Web Apps

MobileApps

APIManagement

API Apps

Logic Apps

Notification Hubs

Content DeliveryNetwork (CDN)

Media Services

BizTalkServices

HybridConnections

Service Bus

StorageQueues

HybridOperations

Backup

StorSimple

Azure SiteRecovery

Import/Export

SQL Database

DocumentDB

RedisCache

AzureSearch

StorageTables

DataWarehouse

Azure AD Health Monitoring

AD PrivilegedIdentity Management

OperationalAnalytics

Cloud Services

BatchRemoteApp

ServiceFabric

Visual Studio

AppInsights

Azure SDK

VS Online

Domain Services

HDInsight MachineLearning

StreamAnalytics

Data Factory

EventHubs

MobileEngagement

Data Lake

IoT Hub

Data Catalog

Security & Management

Azure ActiveDirectory

Multi-FactorAuthentication

Automation

Portal

Key Vault

Store/Marketplace

VM Image Gallery& VM Depot

Azure ADB2C

Scheduler

Microsoft Azure

Technology Stack Comparison

Capability Microsoft Azure Amazon Web Services

Compute Virtual Machines AWS EC2

Networking Virtual Network, Traffic Manager, Azure DNS ,

Express Route

Direct Connect, VPC, Elastic Load Balancer,

Route 53

Content Delivery Azure CDN AWS CloudFront

Infrastructure Services

Data Services

Capability Microsoft Azure Amazon Web Services

Database Azure SQL DB, Azure SQL DataWarehouse Amazon RDS, Amazon RedShift

Big Data HDInsight Elastic Map Reduce

Blob storage Azure Blobs Simple Storage Service (S3)

Table storage Azure Tables, DocumentDB SimpleDB, DynamoDB

Storage – Drives Azure Drives Elastic Block Storage

Hybrid Storage Solutions StorSimple, Backup Service AWS Gateway

Technology Stack Comparison

Capability Microsoft Azure Amazon Web Services

Messaging Azure Service Bus, Queues , Notification Hubs AWS SQS , AWS SNS

Caching Service Azure Cache AWS Elastic Cache

Management Management Portal, Power Shell, CLI, System

Center 2012

AWS Management Console, Powershell, CLI

Monitoring Diagnostics & Service, Management APIs,

SCOM Pack

CloudWatch, Alarm

Authentication & Authorization Azure Active Directory Identity & Access Management

(IAM),

Development Tools Toolkit for Eclipse and Visual Studio Toolkit for Eclipse and Visual Studio

Supported Libraries and SDKs many many

App Services Azure Media Services, Visual Studio Online,

RemoteApp

Elastic Transcoder, AWS Workspaces

App Deployment Automatically handled , PowerShell, Azure

Resource Manager

Amazon Elastic Beanstalk, CloudFormation,

OpsWorks

App Services

Pricing model

Amazon AWS

Free tier for 1 year (limited to some services)

Pay per use

Spot instances

Reserved instances (limited to some services)

Microsoft Azure

1 month trial (limited to 170€)

Pay per use

Monetary commitment

https://azure.microsoft.com/it-

it/pricing/free-trial/https://aws.amazon.com/free/

Security and authentication

Access control with AAD

• Manage users and access to cloud resources.

• Extend your on premise Active Directory to the cloud.

• Provide single-sign-on (SSO) across your cloud applications.

• Reduce risks by enabling multi-factor authentication.

• Support development’s need to build secure directory integrated applications for the enterprise.

Microsoft Azure Active Directory

11

Account Control with Identity and Access Management (IAM)

Securely control access to AWS services and resources

Create and manage user identities

Grant permissions for those users to access your resources

Grant permission for users outside of AWS (“federated users”)

Lets you use existing corporate identities to grant secure access to your resources (e.g. Amazon S3 bucket)

DEMO- Where do I need to start?

- Portal

- Authentication

- Amazon CLI and Azure CLI e cofigurazione

- Utilizzo tool CLI amazon per l’allocazione di un IP

Networking

Users

Internet

Azure Networking

Azure

Virtual Network

Dynamic/Reserved Public IP addresses

Direct VM access, ACLs for security

Load balancing

DNS services: hosting, traffic

management

DDoS protection

“Bring Your Own Network”

Segment with subnets and

security groups

Control traffic flow with User

Defined Routes

Point-to-site for dev / test

VPN Gateways for secure site-

to-site connectivity

ExpressRoute for private

enterprise grade connectivity

Backend Connectivity

ExpressRouteVPN Gateways

Layered Security, Protection, and Isolation

DDoS

Protection

Virtual

Network

Isolation

NSGVM

Firewall

Cloud Services

&Virtual Machines Internet

ACLs

Multi-Tier Public Web Applications

Only the public load balancer

is public

VPC-to-VPC: AWS Direct Connect

DEMO- VNET Setup on Azure (192.168.132.0/22)

- VPN Gateway on Azure (Dynamic Routing Gateway)

- VPC Setup on Amazon ( 192.168.128.0/22)

- Internet Gateway on Amazon

Virtual Machines

Choose a VHD from:

Import from on-premises

Linux, Windows

Pre-configured images

Azure Marketplace

Create your own image

Admin and scale:

Admin via API, Powershell, CLI

Scale as needed

Azure Virtual Machines

What is Amazon Elastic Compute Cloud (Amazon EC2)?

Service

Query API instance (EC2-RunInstances, EC2-TerminateInstances)

Virtual machines

Select a pre-configured Amazon Machine Image (AMI) to get up and running immediately

AWS has no access into your host operating system

Elastic web-scale computing

Scale as needed

Thousands of cores, multiple Availability Zones, global locations

Utility

Pay for only what you use

Computing in the AWS Cloud: Amazon Elastic Compute Cloud

Amazon Machine Image (AMI) provides the information required to launch an instance

Root Volume + Metadata

Choose an AMI from:

Basic Amazon Machine Image (AMI) provided by AWS

AWS Marketplace (http://aws.amazon.com/marketplace)

• Leverage BigIP or NetScaler AMI for load balancer

• SAP

• …etc

Community AMIs

Create your own AMI

• Customize and create your own AMI from a base AMI

VM Import/Export

• Tool to import VM images from your local environment into AWS

Where Does the Operating System Come From?

Virtual Machines types and use cases

Microsoft Azure A basic

general purpose (Dev/Test, non storage intensive apps)

A standard (medium DBs, biz apps)

A8-A11compute intensive (HPC, network perf., etc.)

D seriesSSD local storage (up to ent. App. Level)

DS seriespremium storage (storage optimized)

Ghigh mem/cpu and local storage

GSsame as G with storage premium

GPU optimized(Private Preview)

Others...

Amazon AWST1low throughput apps

T2general purpose (Dev/Test, small DBs, etc.)

M3SSD instance storage (medium DBs, Business APPs)

C4computed optimized (High-performance apps, video encoding, MMO, Analytics)

R3memory optimized (in-memory analytics, distributed mem caches

G2GPU opt. (server side graphics, game streaming)

I2storage opt (NoSQL, DW, Scale out OLTP)

D2MPP DW, HDFS, MapReduce

Others...

DEMO- Linux server on Azure

- Linux server on AWS (bash script)

- Windows Server on AWS (powershell script, RRAS)

- Security Group config on AWS

Storage

• Azure Storage

AWS and Azure Storage

Foundational building block of the Azure cloud

Data offerings: Object storage (Blobs, Files), NoSQL (Tables), Reliable Queues, Persistent Disks

Hybrid storage and backup

• Azure Backup,

• StorSimple

Storage solutions available in the AWS cloud:

Block Storage• Amazon Elastic Block Store (EBS)

and Instance Store

Object Storage

• Amazon S3

• Amazon Glacier

Azure Storage Offerings

Queues“Reliable messaging

at scale for cloud

services”

Disks“Persistent disks for

Azure IaaS VMs”

Files“SMB Access to

Azure Storage”

Queues“Reliable messaging system at scale for cloud services”

• Decouple components and scale them independently

• Scheduling of asynchronous tasks

• Building processes/work flows

• No limits on number of queues or messages

• Message visibility timeout to protect from component issues

• UpdateMessage to checkpoint progress part way through

Disks“Persistent disks for your Azure IaaS VMs”

• All Azure IaaS VMs – Both OS and data disks

• VHDs are backed to page blobs

• 3 synchronous, strongly consistent copies

• Can stripe disks for more capacity/throughput

• Premium Storage disks allow for scale up workloads

Files“SMB Access to Azure Storage”

• Lift and shift on-premise applications

• Natively supported by OS APIs, libraries and tools

• Built on SMB2.1, works with Windows and Linux

• No limits on number of shares; 5TB and 1000 IOPS per share

SubscriptionResource

Group

Relating Azure Storage Concepts

Storage Account Container Blob

Table

Block Blob

Page Blob

Amazon EBS is virtual network-attached block storage

Each volume is like a network-attached virtual hard drive

Amazon EBS volume persists and can be attached to another Amazon EC2 instance

Decoupling the life of your data from the life of your instance volume is like a network-attached

Amazon EBS volume can be re-attached to another Amazon EC2 instance

Multiple volumes can be attached to a single Amazon EC2 instance

What are the Characteristics of Amazon EBS?

Note: Volumes

cannot be

shared with

multiple Amazon

EC2 instances

General Purpose (SSD) Provisioned IOPS (SSD) Magnetic

Use case • System boot volumes

• Virtual desktops

• Small to medium-

sized databases

• Development and

test environments

• Critical business

applications that

require sustained IOPS

performance above

3000 IOPS

• Large database

workloads, such as

MongoDB, SQL Server,

MySQL, PostgreSQL,

and Oracle

• Cold workloads

where data is

infrequently accessed

• Scenarios where the

lowest storage cost is

important

Volume size 1 GiB–16 TiB 4 GiB–16 TiB 1 GiB–1 TiB

IOPS

Performance

3 IOPS/GiB (up to 10000

IOPS) baseline, with the

ability to burst to 3000

IOPS maximum

Consistently performs at

provisioned level, up to

20000 IOPS maximum

100 IOPS on average

with the ability to burst

to hundreds of IOPS

Amazon EBS Types

Bucket name must be unique and object key must be unique within a bucket

Bucket name + object name (key) = globally unique

Max 1024 bytes UTF-8

Including ‘path’ prefixes

Terminologies: Buckets, Objects, and Keys

this is an object key

drafts/rpt.doc

DEMO- RDP and SSH connection in AWS/Azure

- RRAS configuration- Remember to check Source Check to false on the network interface)

- Connect a EBS disk to a Linux instance

Databases

DB as a service

NoSQLSQL

AWS

RDS DynamoDB

Azure

SQL Database DocumentDB

Produce and consume large volumes of data

Need instant response times to match modern user expectations

Develop iteratively

Support multiple platforms & versions concurrently

Need query & processing capabilities absent in NoSQL

Experience traffic with extreme highs and lows

DocumentDB is good fit if you …

• Rich SQL queries over schema-less data Real-time SQL over JSON

documents

Requires no secondary indices or hints or attributes

• Language Integrated Transactions JavaScript as a “modern day T-SQL”

Multi-document transactions over stored procedures and pre and post-triggers

Capabilities• Tunable Consistency Levels

Flexible to trade-off between performance and staleness

Not just the polar extremes of strong and eventual consistency

• Indexing, storage, tooling Automatic document indexing

Data stored on SSD disks

JavaScript, Java, Node.js, Python, .NET

• Predictable performance & Pricing

• Elastic database pool for unpredictable SaaS workloads

• Geo-replication and restore services for data protection

• Secure and compliant for your sensitive data

• Almost 100% compatible with SQL Server

• V12 with embedded enterprise features (partitioning, TDE, In-Memory, etc.

• Third-party RDBMS (e.g. MySQL) via Marketplace

Azure SQL Database

Low latency

SSD-based storage nodes

Latency = single-digit milliseconds

Massive and seamless scalability

No table size or throughput limits

Live repartitioning for changes to storage and throughput

Predictable performance

Provisioned throughput model

Durable and available

Consistent, disk-only writes

Fully managed NoSQL database service – Zero Administration!

Key Chatacteristics of Amazon DynamoDB

DynamoDB Data Model

Amazon Relational Database Service (RDS) is a fully managed SQL database service.

Choice of database engines: MySQL, Oracle, Microsoft SQL Server, PostgreSQL, and Aurora

Simple to deploy and scale

Supports multi-AZ deployment for high availability and failover

Reliable and cost-effective

Removes undifferentiated heavy lifting

Why Amazon RDS instead of DIY?

DEMO- Review Azure / AWS environment

- Creation of table on DynamoDB

Other

Additional services

• For each of the services that could come up into your mind...

• ...probably there is a service available

Recap and Q/A

RECAP

• Introduction and overview

• Authentication

• Networks

• Virtual Machines

• Storage

• Databases

THANK YOU!

Francesco Diazfrancesco.diaz@insight.com

insight.com

Mobile:

Francesco Delfino

francesco@musixmatch.com

musixmatch.com

Mobile:

46

@francedit

@delfinof

it.linkedin.it/in/francescodiaz

it.linkedin.it/in/fdelfino