The Basics of Getting Started With Microsoft Azure

MICROSOFT CONF IDENTIAL – INTERNAL ONLY

Jason ClarkeAzure Product managerMicrosoft Corporation

The Basics of Getting Started with Microsoft Azure: Storage, Networking, and Compute

Disruptive Force ENABLES IT AS A SERVICE

Insights and availability

Application Management

Infrastructure management

Infrastructure foundation

Agreement

Consumer - Business

Producer -IT

PRIV

SPH

PUBLIC

IO +

Implemented by WS 2012, SC 2012, Azure

Microsoft’s Private and Public CloudPrivate PublicCommon

TechnologiesService

ProvidersCommon

Technologies

IdentityVirtualizatio

n Managemen

t Developmen

t

Virtualization Virtualization Virtualization

IdentityVirtualizatio

n Managemen

t Developmen

t

Windows Server 2012 –CLOUD OS


How Did We Get Here?

2007 Project Red Dog Launched

PDC’08Windows Azure CTPWeb/Worker RolesPartial Trust .NET Only

11-’09Full trust/Native PHP & Java Support

2-’10Windows Azure RTM

11-’10VM Role, ConnectAdmin ModeStartup TasksFull IISRemote Desktop

11-’11Cross Language SDKsJava, Node.JSEclipse Plugin

4-’13Virtual MachinesVirtual Networks

Windows Azure Services - Compute• Virtual Machines

• Use Virtual Machines to provision on-demand, scalable compute infrastructure when you need flexible resources. You can create VMs that run Windows, Linux, and enterprise applications. Or, capture your own images to create custom VMs.

• Mobile Services• Windows Azure Mobile Services provides a scalable cloud backend for building Windows Store,

Windows Phone, Apple iOS, Android, and HTML/JavaScript applications. Store data in the cloud, authenticate users, and send push notifications to your application within minutes.

• Web Sites• Host web apps in a scalable, reliable environment. Use frameworks and templates to create web

sites in seconds. Choose from source control options like TFS, GitHub, and BitBucket. Use any tool or OS to develop your site with .NET, PHP, Node.js or Python.

• Cloud Services• Deploy and manage powerful applications and services with Cloud Services. Upload your

application and Windows Azure handles the deployment details - from provisioning and load balancing to health monitoring for continuous availability.

Windows Azure Services - Data• Storage

• Store and access data with Windows Azure Storage services. Use blobs to store unstructured binary and text data. Use queues to store messages that a client can access. Store non-relational structured data in tables.

• HDIsight• Process, analyze, and gain new insights from big data using the power of Apache Hadoop• Gain actionable insights by analyzing unstructured data, and drive decisions with Windows

Azure HDInsight, a big data solution powered by Apache Hadoop. Build a Hadoop cluster in minutes when you need it, and tear it down once you run your MapReduce jobs. Choose the right cluster size to optimize for computation speed or cost. Analyze unstructured data in Excel and with PowerPivot and Power View. Choose your language, including Java and .NET. Query and transform data through Hive.

• SQL Database• Use SQL Database for business applications, sophisticated cloud-based services, or

hybrid solutions. Share data between SQL databases or between an on-premise instance of SQL Server and a Windows Azure SQL database.

Windows Azure Services - Data• Cache

• High throughput, low-latency data access to build fast, scalable applications• Build highly responsive applications using a distributed cache that scales independently

from your application. Use the Cache Service with Web Sites, Cloud Services, or applications hosted on Virtual Machines

• Recovery Services

• Configure automated server backups; orchestrate recovery of private clouds• Use the services in the Recovery Services category to protect your data and clouds.

Hyper-V Recovery Manager helps you automate protection and orchestrate recovery for your private clouds. Backup lets you move your backups into the cloud and automate them.

Windows Azure Services – APPS• Media Services

• Create, manage and distribute content• Target any device or media format• Ingest, Encode, Protect, Stream

• Service Bus• Keep your apps connected across private and public cloud environments• Service Bus is a messaging solution for applications. It sits between components of your

cloud app or between your cloud and on-premises applications and enables them to exchange messages in a loosely coupled way for improved scale and resiliency.

• Notification Hubs• Keep your apps connected across private and public cloud environments• Service Bus is a messaging solution for applications. It sits between components of your

cloud app or between your cloud and on-premises applications and enables them to exchange messages in a loosely coupled way for improved scale and resiliency.

Windows Azure Services – APPS• Bitalk Services

• Seamlessly integrate the enterprise and the cloud with BizTalk Services• Use the integration capabilities of BizTalk Services to extend on-premises applications to

the cloud. Process and transform messages, use business-to-business messaging, and integrate with applications in the cloud and on-premises.

• Active Directory• Manage identity and access of services and applications• Active Directory enables developers to implement single sign-on for enterprise and

software-as-a-service applications and to integrate with on-premises Active Directory. Administrators can use the cloud-based store for directory data and core identity services.

• MFA• Enable added authentication for cloud and on-premises applications• Multi-Factor Authentication helps safeguard access to your data and applications. Users

must also authenticate by using a mobile app or by responding to an automated text message or phone call before access is granted.

Windows Azure Services – Networking • Virtual networks

• Configure and monitor virtual networks in Windows Azure• Use Virtual Network to connect your cloud infrastructure to your on-premises

datacenter, to connect cloud applications hosted in a hybrid environment, and to connect development computers and virtual machines in Windows Azure.

• Traffic manager• Distribute user traffic to similar hosted services within the same data center or in

different data centers.• Use Traffic Manager as part of your overall networking solution - Traffic Manager applies

an intelligent policy engine to the DNS queries on your domain names so that you can send traffic to the best data center for performance, business continuity, price, compliance, legal, or tax purposes.

• CDN• Configure and monitor virtual networks in Windows Azure• Use Virtual Network to connect your cloud infrastructure to your on-premises

datacenter, to connect cloud applications hosted in a hybrid environment, and to connect development computers and virtual machines in Windows Azure.

Windows Azure Roadmap

Click to launch

http://infopedia/fastsearchcenter/pages/results.aspx?k=cloud%20os%20futures#All%20InfoPedia


Windows Azure IaaSIT Pro experience

Support for key server applications

Easy storage manageability

High availability features

Advanced networking

Integration with compute PaaS

If it requires a developer, it’s not IaaS

Integration Heterogeneity Security

On-premises and Cloud

Broad and flexible

Secure and reliable

Enterprise ready by design.

delivers.

On-premises AND cloud

Trustworthy

Open, Broad, Flexible

data

servicestableHDInsight

blob storage

SQL database

app

services

media

hpcintegratio

n analytics

caching identityservice

bus

web sitesmobile

services

cloud services

infrastructure

servicescdn

virtual machines

virtual network vpn

traffic manager

Apps

virtual network

tablecloud services

caching identitydata


blob storage

SQL database

app

services

media

hpcintegratio

n analytics


bus

web sitesmobile

services

cloud services

infrastructure

servicescdn

virtual machines

virtual network vpn

traffic manager

virtual network

data


blob storage

SQL database

app

services

media

hpcintegratio

n analytics


bus

web sitesmobile

services

cloud services

infrastructure

servicescdn

virtual machines

virtual network vpn

traffic manager

Azure datacenters,your datacenters.

vpn

virtual network

virtual machine

s

vpn


How Did We Get Here?

2007 Project Red Dog Launched

PDC’08Windows Azure CTPWeb/Worker RolesPartial Trust .NET Only

11-’09Full trust/Native PHP & Java Support

2-’10Windows Azure RTM

11-’10VM Role, ConnectAdmin ModeStartup TasksFull IISRemote Desktop

11-’11Cross Language SDKsJava, Node.JSEclipse Plugin

4-’13Virtual MachinesVirtual Networks

Worker Role (PaaS) Virtual Machine (IaaS)

Storage Non-Persistent Storage Persistent StorageEasily add additional storage

Deployment

Stock VHDs Build VHD directly in the cloud or build the VHD offsite and upload

Networking

Internal and Input Endpoints configured through service model.

Internal Endpoints are open by default.Access control with firewall on guest OS. Input endpoints controlled through portal, service model or API/Script.

Primary Use

Stateless scale-out applications Applications that require persistent storage to easily run in Windows Azure.

Virtual Machines: IaaS vs PaaS


Windows Azure Virtual Machines key requirements

IT Pro experience

Support for key server applications

Easy storage manageability (hybrid cloud)


Advanced networking

Integration with compute PaaS

If it requires a developer, it’s not IaaS


Demo create VM


Images AvailableWindows Server (2008+)

SQL Server

BizTalk Server

SharePoint

Ubuntu

OpenSUSE

CentOS

SUSE Linux Enterprise Server

VM Depot


End-to-End Support Status – Server Applications

http://support.microsoft.com/kb/2721672

Product StatusSharePoint (2010 and 2013) Supported

SQL Server (2008 and later) Supported

BizTalk (2013) Supported

Project Server Supported

Dynamics NAV Supported

System Center (2012 SP1)AppController, OM, Orchestrator, App-V, Service Manager

Supported

Dynamics GP Supported

Team Foundation Server Supported

Exchange Server In validation

Dynamics CRM In validation

Dynamics AX In validation

22



Virtual Machines and Cloud Services


Cloud Services, Roles and InstancesCloud Service is a management, configuration, security, networking and service model boundary

VM1 VM2 VM3

VM4 VM5 VM…

INS

TA

NC

ES

RO

LES


Virtual Machines“Standalone” Virtual Machines are Cloud Services roles with exactly one instance

VM


Connected Virtual MachinesMultiple Virtual Machines can be hosted within the same cloud service

VM VM

Virtual Machine Images, Disks and Storage

Base OS image for new Virtual Machines

Sys-Prepped/Generalized/Read Only

Created by uploading or by capture

Writable Disks for Virtual Machines

Created during VM creation or during upload of existing VHDs.

Images and DisksOS Images

MicrosoftPartner User

Disks

OS Disks Data Disks


Virtual Machine Sizes

Each Persistent Data Disk Can be up to 1 TB

VM Size CPU Cores Memory# Data Disks

IOPs

Extra Small Shared 768 MB 1 500

Small 1 1.75 GB 2 2x500

Medium 2 3.5 GB 4 4x500

Large 4 7 GB 8 8x500

Extra Large 8 14 GB 16 16x500

A5 2 16 GB 8 8x500

A6 4 28 GB 16

A7 8 56 GB 16 16x500

New


Disk Caching

Disk Type Default Supported

OS Disk ReadWrite ReadOnly and ReadWrite

Data Disk None None, ReadOnly and ReadWrite

Modify using Set-AzureOSDisk or Set-AzureDataDisk

Windows Azure Storage

Disk Storage• Images and disks are stored as Windows Azure Storage Blobs• Data is triplicated • All existing storage tools just work

4. Back up encrypted data

2. Install agent

1. Sign up

Window Server 2012

3. Register a

nd

configure

5. Recover to the same or a different server ` Small business or branch office

How Windows Azure Backup works

4. Back up encrypted data

2. Install agent

1. Sign up

3. Register a

nd

configure

5. Recover to the same or a different server

How Windows Azure Backup works

Enterprises with System CenterSystem Center

DPM Server

Security

• Only you have your key.• Data cannot be recovered without your key.• Microsoft does not have your key.

…encrypted on the network…

… and remains encrypted while stored.

Data is encrypted on-premises…

Virtual Machine Availability

Service Level Agreements

99.9% for single role instances8.75 hours of downtime per year

What’s includedCompute Hardware failure (disk, cpu, memory)Datacenter failures - Network failure, power failureHardware upgrades, Software maintenance – Host OS Updates

What is not includedVM Container crashes, Guest OS Updates

99.95% for multiple role instances4.38 hours of downtime per year


How Does this Relate to SLA in IaaS

SLA 99.95

SQL Server

Primary

SQL Server

Secondary

Availability set

Fault and Update Domains

Fault DomainsRepresent groups of resources anticipated to fail togetheri.e. Same rack, same serverFabric spreads instances across fault at least 2 fault domains

Update DomainsRepresents groups of resources that will be updated togetherHost OS updates honour service update domainsSpecified in service definitionDefault of 5 (up to 20)

Fabric spreads role instances across Update Domains and Fault Domains



Physical Machines

Power UnitRack Switch



Physical Machines


Availability Set

VM1

VM1 VM2 VM2

Availability SLA: 99.95%


Rack

Fault and Update Domains

RackUD #1

UD #1

UD #2

UD #2


Virtual Machine Availability SetsUpdate Domains are honored by host OS updates

RackRack

Windows Azure Networking


Virtual Machine Names and DNS

Bring your own DNS serverUse your on-premise DNS serversDeploy a DNS server in Windows AzureUse public DNS services

Windows Azure provided DNS Resolves VMs by name within the same cloud serviceMachine names are modeled explicitly and registered in the DNS service

Full control over machine names


Protocols and Endpoints

Port Forwarded EndpointsDirect communication to multiple VMs in the same cloud app

Support for All IP-Based Protocols (VM to VM)Instance-to-instance communicationTCP, UDP and ICMP, dynamic ports (RPC’s)

UDP Traffic Supported in WALoad-balanced incoming traffic and allows outbound traffic

Custom Load Balancer Health ProbesHealth check with probe timeoutsHTTP based probing, allowing granular control of health checks


EndpointPublic PortLocal PortProtocol (TCP/UDP)NameACL

Port Forwarding Input EndpointsCloud App/Hosted Service

Single Public IP Per Cloud Service


Load Balanced SetsEndpoint SetPublic PortLocal PortProtocol (TCP/UDP)NameACL

Cloud App



Physical Machines


Availability Set

VM1

VM1 VM2 VM2

Load-Balanced Set

Load Balanc

er

Availability SLA: 99.95%


Load Balancer Custom ProbesLoad Balancer ProbeSet NameProtocol (TCP)Probe PortProbe Path(/healthcheck.aspx)

Looks for HTTP 200

Cloud App


Cross-premise ConnectivityCLOUD ENTERPRISE

Data SynchronizationSQL Azure Data Sync

Application-layer Connectivity &

Messaging Service Bus

Secure Point-to-Site Network Connectivity

Windows Azure Virtual Network

Secure Site-to-Site Network Connectivity



Your “virtual” branch office/datacenter in the cloudEnables customers to extend their Enterprise Networks into AzureNetworking on-ramp for migrating existing apps and services to Windows AzureEnables “hybrid” apps that span cloud and their premises

A protected private virtual network in the cloud

Enables customers to setup secure private IPv4 networks fully contained within Windows AzureIP address persistenceInter-service DIP-to-DIP communication

Windows Azure

VM 1 VM 2

ROLE 1Subnet 2

Subnet 1

Connecting Cloud Services with VNET

Protect virtual machines from the open Internet

Note: Windows Azure provided DNS does not span cloud services

Direct Access

via VNET

SQLSubnet (10.1.0.0/16)

Load Balancer

80

IIS Virtual Machines

Cloud Service1

Cloud Service 2

SQL Mirror

ContosoVNet (10.0.0.0/8)

FrontEndSubnet (10.0.0.0/16)

Events Manager – VNET Joined

VNET Provides Direct Network Access


BackEndSubnet(10.3.3.0/24)

IIS Servers

Fabrikam-CloudSvc

Fabrikam-CloudApps

SQL Mirror

DNSSubnet(10.3.2.0/24)

APPVNET – Virtual Network (10.3.0.0/16)

S2S VPN Device

AD / DNSS2S VPN Tunnel

Virtual Network Gateway

Corp-OnPrem(192.168.1.0/24)

192.168.1.6 (Local AD)

Fabrikam-CloudDC

ADData

Acce

ss

Auth

Connecting Cloud Services with VNETStrengths

More Secure

Low Latency

Cloud Service Autonomy

VIP Swap (stateless roles)

Advanced Connectivity Requirements

WeaknessesVNET Complexity

No Windows Azure provided DNS

Direct Access

via VNET


SQLSubnet (10.1.0.0/16)

Load Balancer

80

WA Web Role

Cloud Service1

Cloud Service 2

AD

SQL Mirror

AD Subnet

(10.2.0.0/16)

ContosoVNet (10.0.0.0/8)

Events Manager – VNET Joined

VNET Provides Direct Network Access


BackEndSubnet(10.3.3.0/24)

Fabrikam-CloudSvc

Fabrikam-CloudApps

SQL Mirror

DNSSubnet(10.3.2.0/24)

APPVNET – Virtual Network (10.3.0.0/16)

S2S VPN Device

AD / DNSS2S VPN Tunnel

Virtual Network Gateway

Corp-OnPrem(192.168.1.0/24)

192.168.1.6 (Local AD)

Fabrikam-CloudDC

AD

WA Web Roles Auth

Data

Acce

ss

The Basics of Getting Started With Microsoft Azure

Technology

Transcript of The Basics of Getting Started With Microsoft Azure