Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are...

19
01 White Paper Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With the recent GA release of several key platform service features and a comprehensive IaaS offering portfolio, Azure is now all decked up and ready for prime time. This whitepaper examines the significant IaaS capabilities and service readiness of Azure for industrial strength deployments of mission-critical workloads. *Analysis is based on the services available as of September 2014 Table of Contents 02 Abstract 03 Infrastructure as Service – All that matters: 03 IaaS vs. PaaS – Who manages what 04 IaaS Deployment – Key Capabilities: 04 Deep Dive – Azure IaaS Key Capabilities: 04 Data center Infrastructure: 07 Server Hardware Alternates 07 Data Storage and transfer capabilities: 08 Networking & Connectivity 10 Supported Platforms: OS and Application Stacks 11 Load Balancing 12 Scalability 12 Essential Application Infrastructure 13 Security 15 Management and monitoring: 16 High Availability and Disaster Recovery: 17 Integrated Dev & Test 17 Azure IaaS Pricing Model 18 Azure Beyond IaaS: 18 Azure PaaS 19 Hybrid Cloud Computing Potential: 20 References

Transcript of Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are...

Page 1: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

01

White Paper

Azure IaaS– Ready for prime time: Are you game?

Microsoft Azure has been on a long and incremental path to maturity. With the recent GA release of several key platform service features and a comprehensive IaaS offering portfolio, Azure is now all decked up and ready for prime time.

This whitepaper examines the significant IaaS capabilities and service readiness of Azure for industrial strength deployments of mission-critical workloads.

*Analysis is based on the services available as of September 2014

Table of Contents02 Abstract

03 Infrastructure as Service – All that matters:

03 IaaS vs. PaaS – Who manages what

04 IaaS Deployment – Key Capabilities:

04 Deep Dive – Azure IaaS Key Capabilities:

04 Data center Infrastructure:

07 Server Hardware Alternates

07 Data Storage and transfer capabilities:

08 Networking & Connectivity

10 Supported Platforms: OS and Application Stacks

11 Load Balancing

12 Scalability

12 Essential Application Infrastructure

13 Security

15 Management and monitoring:

16 High Availability and Disaster Recovery:

17 Integrated Dev & Test

17 Azure IaaS Pricing Model

18 Azure Beyond IaaS:

18 Azure PaaS

19 Hybrid Cloud Computing Potential:

20 References

Page 2: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

02

AbstractCloud computing is well past its hype and is already recognized as a key component in Enterprise IT strategy today. While cloud SaaS leads the charge for cloud adoption in enterprises, however, the fiscal, technical, and operational value of deeply exploiting cloud PaaS and cloud IaaS offerings in conjunction with on-premises infrastructure is deeply appreciated in enterprises today.

Integrating cloud computing into Enterprise IT strategy is a significant initial challenge, especially for large enterprises that are deeply entrenched with on-premises IT. The change demands thorough assessment and remediation for effectively addressing the constraints, risks, and changes that the service-based IT delivery model brings. However, once enterprises are past this chasm, the adoption and value realization of cloud computing then becomes both rapid and tectonic. – CIOs are increasingly pressing for a ‘“cloud first”’ strategy, pushing as much compute needs to cloud as possible.

As cloud computing moves into the mainstream, technology teams are often confronted with the difficult decision of choosing the right cloud service provider, one that meets current needs, but also fits well into the broader enterprise IT strategy, and is synergetic with their on-premises investments.

Historically, this has been a skewed choice, against Microsoft Azure even in cases where a large piece of the current IT might be on Microsoft stacks, and a Microsoft-stack–based cloud platform would make for an intuitive choice. A conspicuous absence of IaaS portfolio on Azure and long delays in GA of certain key PaaS service capabilities made for the chief reasons for this skewed adoption of Azure. However, with the recent release of a comprehensive IaaS portfolio and general availability of several key PaaS services, this situation is now set to change, forever!

Azure, with its compelling PaaS service portfolio, comprehensive IaaS offering suite, robust deployment and operational support tooling, trendsetting pricing, regulatory readiness, along with the prospect of a seamless deployment spanning across on-premises and on-cloud infrastructure, is now at the center stage of cloud computing. This whitepaper examines Azure IaaS offerings in detail and highlights the significant capabilities of the platform, that make it a key option in the cloud toolkit for enterprises.

Page 3: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

03

As indicated previously, in stark contrast with PaaS consumption, wherein platform management needs are limited to application management, IaaS management extends beyond the application realm to include runtime, platform middleware building blocks (such as databases), OS, deployment security, auto-scaling enablement, HA, DR, besides other typical ITIL aspects. The IaaS deployment thus enables some distinct advantages including greater control over deployment, finer cost management, deeper and enterprise policy-specific security tooling, flexibility of stack choices with potential of capitalizing on pre-owned licenses, among others. This, however, comes at a price, in the form of greater operational and cloud deployment tooling and aggressive IT infrastructure management (many times across non-coherent on-premise and on-cloud platforms). Effectively dealing with these requires several additional tooling capabilities from the provider, besides core IaaS offerings. Let’s examine these in detail.

Infrastructure as a Service: All that mattersDeveloping and deploying mission-critical production applications on cloud with industrial-class strength calls for a lot more, besides the core compute, storage, and network infrastructure. This is also fairly discrete from leveraging PaaS offerings wherein the service provider manages a broad segment of all needs, leaving only application management to the platform consumer.

Let’s start our assessment with a quick roundup of who manages what between PaaS and IaaS:

IAAS VS. PAAS: WHO MANAGES WHAT

Infrastructure (as a Service)

You Manage

Applications

Runtimes

Security & Integration

Databases

Platform (as a Service)

Managed by Vendor

Servers

Virtualization

Server HW

Storage

Networking

Applications

You Manage

Managed by Vendor

Servers

Virtualization

Server HW

Storage

Networking

Runtimes

Security & Integration

Databases

Page 4: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

04

IAAS DEPLOYMENT: KEY CAPABILITIES

The following form the key IaaS capabilities central to enterprise consumption of IaaS cloud offerings.

1. Data center infrastructure:a. Geo-distributed global datacenter infrastructureb. Reliability capabilities c. Service-level agreementsd. Platform support

2. Server hardware options

3. Data storage and transfer capabilities

4. Networking and connectivity

5. Supported platforms: OS and application stacks

6. Load balancing

7. Scalability

8. Essential application infrastructurea. Session managementb. Cachingc. CDN

9. Securitya. Data-center–level security servicesb. Application access control c. Security in transitd. Regulatory compliance

10. Management and monitoringa. Deployment automation: OpsCodeb. Azure management APIc. Detailed application performance monitoringd. Alerts e. Operation logs

11. High availability and disaster recovery

12. Integrated development and testing

Page 5: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

05

DeepDive: Key capabilities of Azure IaaSWith the key expectations set, let us now examine how Azure IaaS fares on these key capabilities.

DATA CENTER INFRASTRUCTURE

Azure data centers are strategically spread across the globe at 11 locations. Azure services are available in 140 countries. It speaks 10 languages and accepts 19 currencies.

Azure’s global presence helps their customers to host their applications close to their user base, thus enhancing user experience.

1. Geo distributed global data center infrastructure: World-class data centers, across the world!

Azure data center footprint across the globe

At the time of writing this, all datacenters except those in Australia are publicly available.

Most of the Azure data centers are MS Generation4 Modular type, the latest in design and technology, designed to achieve highest operational efficiency and reliability at lower costs.

Sao Paulo State

Operating Yet to start it’s operations

Texas

CaliforniaVirginia

Ireland NetherlandsIllinois

Australia

Singapore

Hongkong

Osaka Prefecture

Saitama Prefecture

Iowa

Page 6: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

06

2. Reliability capabilities: Data center HA capabilities aim at providing higher fault tolerance against local infrastructure failures. Azure data centers apply a variety of industry best practices around these across a broad range of aspects.

Starting from deployment alternates that allow Azure VMs to offer HA through availability sets, wherein placing VMs in availability sets guarantees that they are under separate fault and upgrade domains. Two VMs in the same fault domain are placed in different racks, insulating them against network and power supply failures.

Similarly, placing VMs in the same upgrade domain ensures that both of them will not be taken down simultaneously for OS and software upgrades.

Insulation against catastrophic data-center–level failures is provided by leveraging a distributed network of data centers, placed at strategic locations across the globe. Choosing a distant data center as a standby or secondary location for your application and data offers protection in such situations.

Azure Storage also offers geo-replication, wherein your data is replicated to a geographically-distant data center automatically. Having a copy of your application and data at a remote data center will ensure business continuity with minimal downtime and close-to-zero data loss.

Mission-critical applications can be deployed at multiple data centers with live asynchronous replication, balanced by Azure Traffic Manager. This will be naturally at significantly higher costs, but could be better cost managed if the DR RPO and RTO requirements are eased.

Moreover, in every geographic region, Azure has two data centers located at least 500 miles apart. This makes disaster recovery possible without moving your data out of the geo-political boundaries, thus complying with regulatory requirements, if any.

3. Service-level agreements: Azure services are offered with varied-availability SLAs. These must be cautiously examined in light of specific application needs.

It must also be noted that much higher application level reliabilities can be realized by exploiting various redundancy constructs such as VM availability sets, multi-datacenter deployments amongst other Higher HA realization constructs, which form the recommended HHA deployment architecture strategy on Azure.

Availability SLAs of key services: a. Azure Storage: 99.99% b. Traffic manager: 99.99% c. Virtual machines: 99.95% d. Virtual networks: 99.9%

Page 7: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

07

Instance name CPU cores Memory Max. data disk (1 TB each)A0 Shared(0.25) 768 MB 1

A1 1 1.75 GB 2

A2 2 3.5 GB 4

A3 4 7 GB 8

A4 8 14 GB 16

A5 2 14 GB 4

A6 4 28 GB 8

A7/8 8 56 GB 16

A9 16 112 GB 16

4. Platform support: Basic support is included in Azure subscription along with billing and subscription, community forums, and service dashboard. Customers can also purchase support from a basket of premium support plans.

Support plans start from Developer and go up to Premier, providing unlimited on-call support, onsite visit, unlimited break- fix, advisory support, and 15-minute response window, to name a few.

Support is available in 9 local languages apart from English.

Support pricing is competitively aggressive.

Virtual Machines

SERVER HARDWARE OPTIONS

The Azure Virtual Machine (Azure VM) is the primary IaaS compute infrastructure. Azure VMs run MS Hyper-V and are built on state-of-the-art hardware, offering various combinations of compute power, memory, and storage options that suite a broad range of use cases—from the very basic to the most demanding compute needs.

VMs are available in various sizes, starting from the minimal shared core 768 MB RAM to a massive 16-core 112 GB RAM. Customers can further choose between options suitable for CPU-intensive and memory-intensive instances to match diverse workload needs.

Page 8: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

08

DATA STORAGE AND TRANSFER CAPABILITIES Azure offers a scalable and durable cloud storage choice backed by strong redundancy options. The data disks used by Azure VMs are provisioned on Azure Storage. Multiple data disks of 1 TB each can be attached to Azure VM.

Any data stored on Azure Storage is triplicated by default. The geo-replication option allows replication of data to a distant Azure data center, ensuring your application against a disaster at one data center. Data is stored in multiple copies at both locations. Geo-replication is done asynchronously, not impacting the live application. Read access to geo-replicated data is also provided, which can be used in case of unavailability of the primary data store.

Azure data storage with geo-replication

Page 9: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

09

Massive data transfer across on-premises and Azure data center can be enabled through multiple options:

a. StorSimple, a cloud-integrated storage service offers an on-premise, enterprise-grade storage area network that integrates seamlessly with Azure Blob storage.

b. Azure Import/Export service offers a cheap and fast way of transferring very high volume of data to and from Azure. It involves shipping of physical drive to Azure data center.

c. Azure AZCopy tool can be used to directly copy data from on-premises to Azure.

NETWORKING AND CONNECTIVITY

Enterprise applications can assume very demanding networking needs. These may include complex interconnect topologies within applications and also spanning across enterprise networks, cloud providers and third party services providers.

Azure provides a comprehensive networking fabric that can meet complex deployment needs very effectively.

IP addresses: IP addresses can be local and public. Azure offers fixed public IP addresses, named as Reserved IPs. It offers five fixed IPs per subscription at no additional cost.

Fixed IPs save the effort of reconfiguring DNS entries or firewall entries in case of system restart. It is beneficial in case of hybrid connectivity across cloud and on-premises, where on-premises firewall controls inbound access based on IP address.

Azure Virtual Network: Azure Virtual Network aids in seamlessly integrating your Azure deployments with workloads running on on-premises network. Virtual network logically isolates your deployment on Azure and transparently integrates it with your on-premises network, bringing your private IPv4 space to Azure. Azure offers both Site-to-Site and Point-to-Site VPN as cross-premise connectivity options.

Site-to-Site VPN is used to connect multiple nodes on-premises with virtual machines deployed on Azure and bring them under the same network umbrella. This facilitates deployment scenarios where frontend applications are deployed on Azure, while backend systems are still hosted on-premises. All the applications can access each other using private IP addresses and are a part of the secured network.

Point-to-Site VPN is used to connect a standalone machine to a virtual machine on Azure. This is helpful in scenarios such as—a sales and marketing team moving in the field wants to connect to their enterprise systems to access information.

Azure Virtual Network helps in extending an organization’s on-premises network to cloud without compromising on security or compliance requirements. By establishing connectivity between cloud and your on-premises infrastructure, it opens gates to numerous hybrid application hosting scenarios.

Page 10: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

10

Azure Virtual Network offers 99.9% availability guarantee.

Azure ExpressRoute service offers a high-bandwidth, secure, and private connectivity from Azure to on-premises or any other co-location environment. This connection is secluded from the Internet. This service can be used to transfer huge volumes of sensitive data to and from Azure. It can be used for large data replication or to extend your data center to on-premises. Connectivity is provided by select network service providers such as AT&T, Level3, Equinix, BT, Verizon, and Telecity. They support bandwidth from 10 Mbps to 10 Gbps. This service is currently available only in the United States, Europe and Asia Pacific. Inter-region data transfer is not possible using ExpressRoute. Azure guarantees 99.9% availability of this service.

DNS unavailable: Azure does not offer a DNS service presently. Deployments are required to use an external DNS server. However, in case of S2S VPN, option to use on-premises DNS server is available.

SUPPORTED PLATFORMS: OS AND APPLICATION STACKS

Azure offers a comprehensive assortment of deployment stack choices—from out-of-box leading OS images, prebaked application platform stacks, to the all-flexible custom stack packaging options.

OS Images: Out of box

Azure supports both Windows and Linux platforms, covering the platform requirements for a majority of enterprise workloads. Azure offers various flavors in Windows and Linux OSes. It provides readymade images of Windows Server 2008R2+ on the Windows platform and Ubuntu, CentOS, OpenSuse, and Oracle Linux on the Linux platform with several prebaked platform components.

• Windows Server 2008 R2 onwards• Windows 7 • SQL Server 2008 R2 SP2 onwards• SharePoint Server 2013• BizTalk Server 2013• Microsoft Dynamics 2013• Visual Studio 2013

• openSUSE• CentOS • Ubuntu • SUSE Linux Enterprise Server • Oracle Linux• Oracle Database• Oracle WebLogic Server

Stock deployment stacks: Pre-baked application platform stacks

Page 11: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

11

Apart from OOB OS images, Azure offers numerous readymade VM images of popular platform stacks such as LAMP, Magento, and WordPress. These are provided through its integration with VMDepot and BitNami stack. This makes provisioning VMs for a majority of application stacks very simple and time-effective.

Custom VMs: The custom VM option allows enterprises to build their custom VMs around unique stack combinations, enterprise IT management, and compliance and hardening needs. Customers can build and upload their own custom images and create VMs using them.

Flexibility and control offered by Azure VMs allow customers to install any supporting components required to run their application.

All Azure VMs are Hyper-V compatible; making migrations from on-premises Hyper-V–based VMs to Azure seamless.

LOAD BALANCING

Load balancing is a basic requirement for scaling out any application. Azure offers two major load balancing options.

1. Load-balanced endpointsLoad-balanced endpoints are used to distribute load among various virtual machines. If a web application is hosted on multiple VMs, load-balanced endpoints will be used to distribute incoming traffic to various VMs. Traffic routing in load-balanced endpoints is based on the round-robin method. Azure does not offer other routing options in this case.

Load-balanced endpoints work only in case of VMs in the same cloud service. To distribute traffic among machines spanning various cloud services, Traffic Manager needs to be used.

2. TrafficManagerTraffic Manager is used to distribute traffic among various cloud services. Traffic Manager should be used if VMs are hosted in different cloud services to cater to users from different geographies. Traffic Manager cannot be used if VMs are hosted under the same cloud service. Traffic manager offers three routing options:

Performance-based routing: Request will be routed to the closest web server, geographically.

Round robin: Request will be routed in round-robin fashion.

Failover routing: Request will be routed to another server only in case the primary server fails to respond. This option is very useful in case of disaster recovery.

Page 12: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

12

SCALABILITY

The ability to handle peak-load conditions effectively, low-load conditions cost-efficiently, and transition between these load extremes gracefully, is a key system requirement.

To cater to peak loads, both the application and the infrastructure should be designed to scale. One of the driving forces behind cloud migration is the enormous scalability it can offer on demand. One can add or remove virtual machines as required within minutes. Just provision the machines you anticipate at peak loads and turn them off. Add these machines to distribute load as and when required and then turn them off again.

Organizations can thus handle loads of any magnitude without the slightest deterioration in end user experience. Apart from manually adding virtual machines and provisioning capacity on demand, Azure also offers auto scaling options on two load metrics. One can add or remove virtual machines based on aggregate CPU usage or queue depth. Auto scaling manages compute capacity automatically based on rules without manual intervention, ensuring consistent user experience even under peak loads and rapid variations. It not only adds capacity, but also scales down compute capacity when the load tapers, to avoid incurring unwanted cost for unused capacity.

ESSENTIAL APPLICATION INFRASTRUCTURE

Vital application infrastructure building blocks are:

1. Session management: Session management is a very important part of any web application. Sessions are used to store user-specific information on the server temporarily. Storing user-specific information in a session does not create any issues till the application is deployed only on one server. But the moment one has to scale out the application, session information stored in server memory can cause an issue due to sticky sessions. Azure load balancers do not support sticky sessions. So, using a caching service is a recommended measure to avoid this problem.

2. Caching: Caching is a very important feature to increase application performance. Storing relevant and frequently-used data in memory reduces the request-response cycle time. Azure offers two cache services that can be consumed from Virtual Machines:

a) Azure Redis Cache (Currently in preview): Azure Redis Cache is based on the highly popular Redis cache that offers the low-latency, high-throughput capabilities of Redis engine. This opens the door to utilizing one of the highly-popular, open-source cache service backed by reliability and availability standards of Azure. It is currently in the preview state and is offered in two tiers—Basic and Standard.

Page 13: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

13

3. CDN: Just like load balancers, Content Delivery Network (CDN) is a primary component to scale any web application. CDNs cache static files such as images, videos, and scripts at various data centers across the globe and serve them from the nearest location, saving round trips to the original web server. This helps in reducing both network traffic and server load on the actual web servers hosting the application.

Azure offers cutting-edge, enterprise-ready, high-performance CDN network built on modern network topology of large, centralized POPs backed by massive storage and compute capacity.

Azure CDN network is spread across the globe with nodes present in 29 countries as of today. Regions include USA, Europe, Asia Pacific, Latin America, and Australia.

SECURITY

Backed by years of experience in managing large-scale data centers, Microsoft provides world-class security to all its data centers. Microsoft provides a secure platform on which customers can build and deploy their applications without worrying about the infrastructure’s security. Furthermore, Azure provides comprehensive, multi-tier security architecture for applications to exploit through numerous deployment choices.

1. Data-center–level security controls and services: All Azure data centers have 24-hour physical security shielding the centers from unauthorized access. Apart from personnel security, high-end technology is used to protect the data centers. The premises are equipped with 2-factor authentication swipe systems, cameras, and integrated alarm systems.

Apart from physical intrusion, data centers have a very high risk of digital intrusion. Antivirus and antimalware software is installed on all virtual machines to identify and remove viruses, malware, and spyware. Intrusion detection and Denial of Service attack prevention tools are also installed.

Zero standing privileges prevent access to customer data by Microsoft operations and support personnel. In case you delete your data or leave Azure, Microsoft ensures that your data disks are overwritten before reuse. Decommissioned disks are physically destroyed before disposal.

Regular audits and penetration tests are performed to identify and plug loopholes, if any.

2. Application access control (authentication and authorization): All enterprise applications require some level of authentication and authorization to tap unauthorized access.

Page 14: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

14

Enterprise applications using Active Directory for on-premises authentication can capitalize on the same security infrastructure after moving to cloud. Azure offers Active Directory as a service on cloud. This directory can be synchronized with the local Active Directory using DirSync utility. Users will be able to seamlessly authenticate themselves and access the application on cloud using the same organization credentials they use on-premises. They can directly create users online in the Active Directory service and grant access to various applications they have hosted on cloud.

In case customers do not want to use the online Active Directory service, they can authenticate users against their on-premises Active Directory, by connecting from their cloud-hosted application. Azure Access Control Service offers a claim-based identity model to provide single sign-on and federated identity. This allows applications to authenticate against popular identity providers such as Google, Facebook, Windows Live ID, or any other Security Token Service (STS) provider.

Certain systems, such as financial systems, deal with critical data and require a very high level of security. Multi-factor authentication offered by Azure addresses the security needs of such systems. It uses two or more levels of authentication. It authenticates the user based on:

• What the user knows (password)• What the user has (trusted device, like phone)• What the user is (biometrics)

Azure multi-factor authentication service can be used for applications hosted on Azure as well as those hosted on-premises.

3. Security in transit: Azure supports SSL and IPSEC transport to secure data in transit. It supports both SNI SSL and IP-based SSL. In case of virtual network, IPSEC tunnel is established between on-premises and Azure to secure data in transit. VPN gateway is provided at the Azure end, while a VPN gateway device is required at on-premises in order to establish this connectivity.

Applications dealing with highly sensitive data that cannot be moved to cloud due to compliance or regulatory reasons can keep their data on-premises and still access it from their applications hosted on cloud using Azure Virtual Network.

4. Regulatory compliance: Software applications dealing with critical information are often required to adhere to specific rules. Azure services are compliant with many legal and regulatory requirements. These services are externally audited on a regular basis to achieve compliance. Microsoft provides detailed compliance and audit information to customers so that they can assess Azure services against legal and regulatory

Page 15: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

15

requirements pertaining to their geography. A few security and compliance certificates procured by Azure are:

1. ISO/IEC 27001:20052. SOC 1 & 23. Cloud Security Alliance4. PCI DSS5. HIPAA BAA6. FedRAMP7. UK G-Cloud

Variation note: A majority of the Azure infrastructure—cloud services, including virtual machines, storage, and virtual network are compliant with the above standards. However it must be noted that depending on regions of deployments, deployment models and service type variations exercised, compliance levels may vary. Architects must cautiously assess compliance needs with respect to these aspects.

MANAGEMENT AND MONITORING

Azure offers a variety of options to manage cloud resources. Easiest of all is the Azure Management Portal. It provides an interface to create and manage a majority of Azure resources with the help of its friendly UI. Be it creating VMs, configuring them, enabling storage replication, creating virtual networks, or configuring traffic manager—these are a few of the many tasks that can be done from the Azure Management Portal.

Deployment Automation - OpsCode: PowerShell Command-let is a powerful scripting language that can be used to manage any resource on the Azure platform. It is very useful when doing large deployments because of its speed and console-based interface. Other OpCode tools such as Chef and Puppet are fully supported as well.

Azure Management API provides both .NET API and RESTful interface to a majority of Azure resources. So, one can write small applications consuming these interfaces, and manage resources on cloud.

Detailed application performance monitoring – OOB absent: Currently, Azure does not provide APM tools OOB for comprehensive monitoring capabilities. However, this is not a real issue as industry leading APM tools such as New Relic can be fully integrated.

Alerts: Alerts can be configured in Azure to notify the concerned teams about changes in resource usage pattern or unavailability. Rules can be configured on various metrics including, but not limited to, CPU usage, web endpoint status, storage capacity usage etc, among others. Email notification can be set up as well to allow notification to admins when the threshold configured in the rule metrics is breached.

Page 16: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

16

Operation logs: Operation logs maintain historical data of all Create, Update, and Delete operations performed on Azure services. These logs can be viewed at any time from the Azure Management Portal to get an insight into various activities occurring on Azure. Even auto scaling creates a log entry each time a resource is added or taken off.

HIGH AVAILABILITY AND DISASTER RECOVERY

Higher availability: Azure IaaS HA aims at providing fault tolerance against local infrastructure failures. Azure VMs offer HA through availability sets. Placing VMs in availability set guarantees that they are under separate fault and upgrade domains. Two VMs in the same fault domain are placed in different racks, insulating them against network and power supply failures. Placing VMs in the same upgrade domain ensures that both of them will not be taken down simultaneously for OS and software upgrades.

Disaster recovery: Enterprise applications enabling critical services and storing business-critical data cannot afford large downtime or data loss. Natural disasters can result in a data-center–wide outage. To protect your application and data in such situations, Azure has a distributed network of data centers, placed at strategic locations across the globe. Choosing a distant data center as a backup location for your application and data offers protection in such situations. Azure Storage offers geo-replication, wherein your data is replicated to a geographically-distant data center automatically. Having a copy of your application and data at a remote data center will ensure business continuity with minimal downtime and close to zero data loss. There is a clear trade-off between downtime and cost. So, an informed decision should be taken considering the criticality of the application. Having live application and database servers at remote location with live asynchronous replication, balanced by Azure Traffic Manager will provide near-zero downtime, but at a significant additional cost. If RPO and RTO goals permit, then redundancy can be obtained at a lower cost, but with a tolerable downtime by provisioning VMs at a remote location and enabling geo-replication of database log files. In case of a disaster, VMs will have to be turned on and database be restored using the backup files.

In every geographic region, Azure has two data centers located at least 500 miles apart. This makes disaster recovery possible without moving your data out of the geo-political boundaries, thus complying with regulatory requirements, if any.

INTEGRATED DEVELOPMENT AND TESTING

Development and testing form an integral part of any Software Development Life Cycle. Utilizing Azure IaaS for development and testing has commercial and engineering agility advantages. A server farm containing hundreds of machines can be spawned in minutes to perform high-scale load tests. These machines can be de-provisioned once the test is over; thus saving on capital investment without compromising on software quality. Integration of source-control systems such as Team Foundation Server and GitHub with Azure makes development and testing on Azure virtual machines simple and streamlined.

Page 17: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

17

Azure IaaS pricing model

Azure offers both ‘pay-as-you-use’ and subscription-based pricing, enabling customers to choose the one that best suits their requirements. Azure is the only cloud service provider that charges per minute instead of per hour in case of the pay-as-you-go billing model. This makes it very cost-effective in scenarios with a high resource requirement only for a limited time frame.

Azure also offers Bring Your Own License (BYOL), where enterprises can use the existing platform and OS licenses that they may already have.

Cloud computing, in general, continues to witness serious pricing competition in the vendor ecosystem. Azure IaaS pricing leads the pack with aggressive billing tiers, pricing structures, and personalized pricing negotiations, making it one of the most attractive pricing leaders in its class.

Azure beyond IaaSIn a concluding note, we examine the other significant high-value capabilities of Azure beyond IaaS. While this merits its own detailed assessment, we briefly capture two significant aspects of Azure offerings that make a stronger case as regards to long-term fitment assessment:

1. Azure PaaS offerings: A rich and comprehensive platform services ecosystem

2. Hybrid cloud computing potential: Seamless Azure fabric across on-premises and on-cloud assets

AZURE PAAS

Microsoft ventured into cloud computing as a PaaS provider. They started with basic platform services and continuously added new services to their arsenal. Today, many platform services can be used along with Microsoft’s IaaS offerings. We have already talked about a few such as CDN, Azure Storage, Active Directory, API Management and Caching. A few other noteworthy PaaS services are as follows:

Azure SQL database

SQL database is a managed database service offered by Azure. It is SQL-Server–based relational, multi-tenant database service. It offers on-demand scalability, high availability, and disaster recovery through geo-replication.

Page 18: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

18

Backup

Azure Backup service helps save your on-premises data to an offsite location. Data is encrypted before transfer and stored in encrypted format on reliable Azure Storage. Backups can be automated.

Site Recovery

Site Recovery service handles the protection and recovery of your application. It provides automated protection and replication of VMs, remote health monitoring, customizable recovery plans, and recovery plan testing.

Scheduler

Azure Scheduler can invoke web services over HTTP or HTTPS and also post messages to Azure Storage Queue at scheduled intervals. Long-running background processes can be triggered using this scheduler. Azure itself uses this scheduler for internal use for a few of its services such as Mobile Services.

BizTalk Services

BizTalk Services offer cloud-based EDI processing, enterprise application integration, and hybrid connectivity capabilities. It provides readymade cloud to on-premises, and line of business application integration for major players such as SAP, Oracle, and SQL Server. It also provides a very simplified clickthrough configuration between Azure websites and Azure mobile services to on-premises SQL Server or other web services using a feature called Hybrid Connectivity. Using Azure BizTalk Service does not require BizTalk server on-premises. It runs on Azure in a dedicated per-tenant environment, which you can provision on demand.

HYBRID CLOUD COMPUTING POTENTIAL

Enabling a high-value, seamless hybrid cloud computing platform continues to be an aspirational segment despite many tall claims and repeated attempts at it by various cloud and data center technology providers.

The primary issues continue to hinge around infrastructure heterogeneity, stack incompatibility, inherent latencies, workload nature, and differential tooling across stack components and deployment models.

While many cloud vendors continue to make progress in this space, Microsoft is arguably one of the few technology vendors that are set to make a deep impact in this space.

Consider the following premise:

• Consistent hypervisor: Hyper-V as Hyper Visor both on-premises and on-cloud (Azure)• Consistent operating system: Windows Server OS both on-premises and on-cloud

(Azure)

Page 19: Azure IaaS– Ready for prime time: Are you game?€¦ · Azure IaaS– Ready for prime time: Are you game? Microsoft Azure has been on a long and incremental path to maturity. With

19

• Consistent database: SQL Server on-premises and SQL Azure on-cloud• Consistent application stack: Any stack support, but deeper benefits when having

Microsoft stacks both on-premises and on-cloud. • Platform middleware: A large and growing set of consistent application middleware

both on-premises and on-cloud• Consistent and seamless identity and access management: AD and Federated AD• Seamless license reuse: BYOL on-cloud• Consistent OpsCode tooling: PowerShell, across Azure and on-premises • Seamless development and testing tools: Visual Studio, VSTF, MTM• Deployment federation tooling: Azure Service Bus, Azure Traffic Manager• Unified infrastructure management tooling: MS System Center provides a unified• administration platform to manage infrastructure, applications, and data across on-

premises, co-location, and Azure environment. System Center provides enterprise-class, cost-effective, simple, application-focused, and hybrid-enabled management capabilities that are consistent across hosting options. It enables virtual networking in isolated, multi-tenant environment in conjunction with Hyper-V, resulting in extensive flexibility of your workloads

• On-premises platform capabilities: The Windows Azure Pack enables enterprises to create an environment similar to public cloud inside their own data centers. It empowers IT to manage infrastructure in a way similar to Microsoft Azure through self-service portal

• Single-vendor relationship: Across a large cross-section of IT needs

The aforementioned premises reiterate Microsoft’s most qualified position to deliver on the potential of high-value hybrid clouds. Cybage, however, recommends these to be interpreted as evolutionary directional bearings that are set to deliver high value in future, but still have a major gap to address to deliver the full potential for this segment.

Referenceshttp://azure.microsoft.comhttp://azure.microsoft.com/en-us/regionshttp://azure.microsoft.com/en-us/documentation/http://www.gartner.comhttp://www.globalfoundationservices.com

© 2014. Cybage Software Ltd. All rights reserved.

HQ: Cybage Towers, Survey No 13A/ 1+2+3/1, Vadgaon Sheri, Pune 411014 |

Tel: 91 20 6604 4700 | Fax: 91 20 6604 1701

Pune | Hyderabad | Gandhinagar | Seattle | New Jersey | San Francisco |

Atlanta | Austin | London | Frankfurt | Amsterdam | Sydney

[An SEI-CMMI Level 5 & ISO 27001 Company]

www.cybage.com

Cybage Software Pvt. Ltd.