WINDOWS AZURE IAAS
Patriek van Dorp
Technology Consultant Microsoft
2
Private Cloud to Public Cloud
PaaS SaaSPhysical Virtual IaaS
3
Cloud Models
On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anag
e
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Manag
ed
by M
icroso
ft
You m
anag
e
Platform(as a Service)
Manag
ed
by M
icroso
ft
You m
anag
eStorage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Manag
ed
by M
icroso
ft
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
4
Only Pay For What You Use
5
CLOUD SERVICES (PAAS)
Build infinitely scalable apps and servicesSupport rich multi-tier architecturesAutomated application management
6
What is a Cloud Service?
A container of related service roles
Web Role Worker Role
7
Roles and RoleInstances
At runtime each Role will execute on one or more instances A role instance is a set of code, configuration, and local data, deployed in a dedicated VM
Roles are defined in a Cloud ServiceA role definition specifies:VM sizeCommunication EndpointsLocal storage resourcesNumber of InstancesEtc.
8
Packaging and Configuration
CLOUD SERVICES ARE DESCRIBED BY TWO IMPORTANT ARTIFACTS:Service Definition (*.csdef)
Service Configuration (*.cscfg)
YOUR CODE IS ZIPPED AND PACKAGED WITH DEFINITION (*.CSPKG)Encrypted(Zipped(Code + *.csdef)) == *.cspkg
WINDOWS AZURE CONSUMES JUST (*.CSPKG + *.CSCFG)
9
Everything goes to the Cloud!
10
We trust Microsoft without question!
11
WINDOWS AZURE VIRTUAL MACHINES
12
Infrastructure as a Service
The spring release of Windows Azure
Infrastructure as a Service introduces
new functionality that allows full
control and management of virtual
machines along with an extensive
virtual networking offering.
If deploying an application requires a developer’s involvement, it’s not IaaS
13
Windows Azure Virtual Machines
Support for key server applications
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
14
Things That Don’t Work (yet)
OS Component Why not supported?Hyper-V Hyper-V on Hyper-V
DHCP Broadcast
NLB Broadcast
Failover Clustering “Floating” IP
Bitlocker (on OS disk) TPM Chip
15
GETTING STARTED WITH VIRTUAL MACHINES
Demo
16
Images Available in Preview
OpenSUSE 12.1CentOS 6.2 Ubuntu 12.04SUSE Linux Enterprise Server SP2
Windows Server 2008 R2
Windows Server 2008 R2 with• SQL Server 2012
Evaluation
Windows Server 2012 RTM
WindowsLinux
17
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual Machine
18
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual Machine
Virtual Machine
19
Provisioning a Platform Image
Portal (API)HyperVisor
VM
OS
Data
Cache
ISO
Platform Storage Repository
Customer’s Storage Account
Stock Images
Provisioning
Repository
Unattend
Add Server Hostname Password …
Cache.VHD
Storage API
OS Disk
Data Disk
20
Persistent Disk Management
Capability OS Disk Data Disk
Host Cache Default
ReadWrite None
Max Capacity 127 GB 1 TB
Imaging Capable Yes No
Hot Update Cache Setting Requires Reboot
Change Cache Without Reboot, Add/Remove without Reboot.
21
Disks and Images
OS Images
• Microsoft• Partner • User
Disks
• OS Disks • Data Disks
Base OS image for new Virtual MachinesSys-Prepped/Generalized/Read Only Created by uploading or by capture
Writable Disks for Virtual MachinesCreated during VM creation or during upload of existing VHDs.
22
VIRTUAL MACHINES AND CLOUD SERVICES
23
Cloud Services, Roles and Instances
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Cloud Service is a management, configuration, security, networking and service model boundary
24
Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Virtual Machines are roles with exactly one instance
IMPLICIT CLOUD SERVICE
VM
25
Cloud Services with Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Multiple Virtual Machines can be hosted within the same cloud service
IMPLICIT CLOUD SERVICE
VM
CLOUD SERVICE
VM VM
26
VIRTUAL MACHINE NETWORKING
27
Virtual Machine Names and DNS
FULL CONTROL OVER MACHINE NAMES
WINDOWS AZURE PROVIDED DNSResolves VMs by name within the same cloud service
Machine names are modeled explicitly and registered in the DNS service
BRING YOUR OWN DNS SERVERUse your on-premises DNS servers
Deploy a DNS server in Windows Azure
Use public DNS services
28
Protocols and Endpoints
UDP TRAFFIC SUPPORTED IN WA Load-balanced incoming traffic and allows outbound traffic
SUPPORT FOR ALL IP-BASED PROTOCOLS (VM TO VM)Instance-to-instance communication
TCP, UDP and ICMP, dynamic ports
PORT FORWARDED ENDPOINTSDirect communication to multiple VMs in the same cloud app
CUSTOM LOAD BALANCER HEALTH PROBESHealth check with probe timeouts
HTTP based probing, allowing granular control of health checks
29
Port Forwarding Input Endpoints
PORT 3389PORT 5586
PORT 5587
Single Public IP Per Cloud Service
Cloud Service
PORT 3389
30
Load Balanced Sets
PORT 80
Cloud Service
31
LOAD BALANCED SETS
Demo
32
VIRTUAL MACHINE AVAILABILITY
33
Service Level Agreement
99.95% FOR MULTIPLE ROLE INSTANCES4.38 hours of downtime per year
99.9% FOR SINGLE ROLE INSTANCES8.75 hours of downtime per year
WHAT’S INCLUDED?Compute Hardware failure (disk, cpu, memory)Datacenter failures - Network failure, power failureHardware upgrades, Software maintenance – Host OS UpdatesPlanned downtime – 6 day notice, 6 hour window, 25 minute downtime
WHAT’S NOT INCLUDEDVM crashes caused by 3rd party software, Guest OS Updates
34
Fault and Update Domains
FAULT DOMAINSRepresent groups of resources anticipated to fail together (i.e. Same rack, same server)
UPDATE DOMAINSRepresents groups of resources that will be updated together
Host OS updates honour service update domains
Specified in service definition
Default of 5 (up to 20)
Fabric Controller spreads role instances across Update Domains and Fault Domains
35
Fault and Update Domains
Fault Domain
Rack
Fault Domain
Rack
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
UD #1
UD #1
UD #2
UD #2
36
Virtual Machines Availability SetsUpdate Domains are honored by Host OS updates
Fault Domain
Rack
Fault Domain
Rack
IIS1
SQL1
IIS2
SQL2
UD #2
UD #2
UD #1
UD #1
37
WINDOWS AZURE VIRTUAL NETWORKS
38
Windows Azure Connectivity Options
Data SynchronizationSQL Data Sync
Application-Layer Connectivity & Messaging
Service Bus
CLOUD ENTERPRISE
Secure Machine-to-Machine Network
ConnectivityWindows Azure Connect
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
39
Windows Azure Virtual Networks
YOUR “VIRTUAL” BRANCH OFFICE / DATACENTER IN THE CLOUD
Enables customers to extend their Enterprise Networks into Windows Azure
Networking on-ramp for migrating existing apps and services to Windows Azure
Enables customers to run “hybrid” apps that span cloud and their premises
A PROTECTED PRIVATE VIRTUAL NETWORK IN THE CLOUD
Enables customers to setup secure private IPv4 networks fully contained within Windows Azure
IP address persistence
Inter-service DIP-to-DIP communication
40
Virtual Network Features
CUSTOMER-MANAGED PRIVATE VIRTUAL NETWORKS WITHIN WINDOWS AZURE
Bring your own IPv4 addresses
Control over placement of Windows Azure Roles within the network
Stable IPv4 addresses for VMs
HOSTED VPN GATEWAY THAT ENABLES SITE-TO-SITE CONNECTIVITY
Automated provisioning & management
Support existing on-premises VPN devices
USE ON-PREMISE DNS SERVERS FOR NAME RESOLUTION
Enables customers to use their on-premise DNS servers for name resolution
Enables VMs running in Windows Azure to be joined to corporate domains running on-premise (use your on-premise Active Directory)
41
GETTING STARTED WITH VIRTUAL NETWORKS
Demo
42
Supported VPN Device List
CISCOPlatform OS Family
ASA 5500 Series (Adaptive Security Appliances)
ASA Software 8.4+
ASR 1000 Series Aggregation Services Routers
IOS XE 2.1+
ISR Series Integrated Services Routers
IOS 12.2+
JUNIPERPlatform OS Family
SRX Series Routers JunOS 10.2+
J Series Routers JunOS 9.4+
ISG Series Routers ScreenOS 6.2+
SSG Series Routers ScreenOS 6.2+
GENERIC VPN DEVICES MUST SUPPORTIKE v1AES 128, 256SHA1, SHA2
43
SCENARIOS
44
Virtual Network Scenarios
HYBRID PUBLIC/PRIVATE CLOUDEnterprise app in Windows Azure requiring connectivity to on-premise resources
ENTERPRISE IDENTITY AND ACCESS CONTROLManage identity and access control with on-premise resources (on-premises Active Directory)
MONITORING AND MANAGEMENTRemote monitoring and trouble-shooting of resources running in Windows Azure
ADVANCED CONNECTIVITY REQUIREMENTSCloud deployments requiring persistent IP addresses and direct connectivity across services
45
Connecting Applications and VMs
SQL Data Access Traffic
Through Public
Endpoint
WA Web Role or Web Site
Cloud Service
SQL Server
Load Balancer
80
2001-1433
Secure Endpoints with Windows Server Firewall
Load Balancer
STRENGTHSSimplicityTenant AutonomyVIP Swap (cloud services)Easy Local Dev/Test
WEAKNESSESHigher LatencyLess SecureManagement/Deployment Overhead
Cloud Service
46
Connecting Cloud Services with VNET
Direct Access
via VNET
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet (10.1.0.0/16)
Load Balancer
80
WA Web Role Role
Cloud Service 1
Cloud Service 2
AD
SQL Mirror
AD Subnet(10.2.0.0/16)
ContosoVNet (10.0.0.0/8)STRENGTHS
More SecureLow LatencyCloud App AutonomyVIP Swap (stateless roles)Advanced Connectivity Requirements
WEAKNESSESVNET ComplexityNo Windows Azure provided DNS
47
Mixing PaaS and IaaS in the Same Cloud Service
WA Web Role
Virtual Machine
Load Balancer
80
Cloud Service
STRENGTHSWindows Azure provided DNSLow latency connectivitySingle deployment, update and management unit
WEAKNESSNo VIP Swap (coming in the future)
Available at General Availability
48
Summary
CHOOSE THE CLOUD MODEL THAT FITS YOUR NEEDS
With PaaS (Web/Worker Roles) you loose some control and you need to fit the mold of the Cloud vendor
With IaaS you have full control over your platform and you can run (almost) any software you like
USE VIRTUAL NETWORKS TO LEVERAGE LEGACY SYSTEMS ON-PREMISES
Use the existing IT Pro skills present in your organization to extend your corporate network to the Cloud
Create subnets to control the applications that can access resources on-premises
PAAS AND IAAS – BETTER TOGETHER
Mix and Match PaaS and IaaS to create the most desirable architectures fast and save
49
QUESTIONS
patriek.van.dorp@soget
i.nl
@pvandorp
http://
onwindowsazure.com
http://
windowsazure.com
50
Local touch - Global reach
Top Related