Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Microsoft Azure Cloud Platform Overview

advertisement 
Microsoft Azure Cloud Platform
an overview
CSCI E-90 Cloud Computing
Zoran B. Djordjević
Harvard University
November 14th, 2014
(5:30 – 7:30)
Boston Azure User Group
http://www.bostonazure.org
@bostonazure
Bill Wilder
http://blog.codingoutloud.com
@codingoutloud
My name is Bill Wilder
codingoutloud@gmail.com
blog.codingoutloud.com
@codingoutloud
www.devpartners.com
www.cloudarchitecturepatterns.com
Who is Bill Wilder?
www.bostonazure.org
www.devpartners.com
Reality is Resource-Constrained
“Security is always a
tradeoff; it must be
balanced with the cost.”
- Bruce Schneier
http://www.schneier.com/essay-207.html
@Bill Wilder
4
Reality is Resource-Constrained
“_______is always a
tradeoff; it must be
balanced with the cost.”
- Bruce Schneier
http://www.schneier.com/essay-207.html
@Bill Wilder
5
Members of
Microsoft Azure
Security Team
@Bill Wilder
6
Defense in Depth Approach
Layer
Data
Application*
Host
Defense-in-Depth
 Strong storage keys for access control
 SSL support for data transfers between all parties
 Front-end .NET framework code running under partial trust
 Windows account with least privileges
 Hardened version of Windows Server 2008 OS for both VM Host
and VM Guest operating systems
 Host boundaries enforced by external hypervisor
Network
 Host firewall limiting traffic to VMs
 VLANs and packet filters in routers
Physical
 World-class physical security
 ISO 27001 and SAS 70 Type II certifications for datacenter
processes
@Bill Wilder
7
Defenses Inherited by Azure Applications
Spoofing
Tampering/
Disclosure
Repudiation
Denial of
Service
Elevation of
Privilege
VM switch
hardening
VLANs
Top of Rack
Switches
Custom
packet
filtering
Partial Trust
Runtime
Certificate
Services
Monitoring
SharedAccess
Signatures
Diagnostics
Service
Configurable
scale-out
Hypervisor
custom
sandboxing
Virtual
Service
Accounts
HTTPS
Sidechannel
protections
@Bill Wilder
8
Developer Resources
• www.windowsazure.com/develop/ is
LOADED with Dev Libraries, Training Kits,
How To Guides across:
– Mobile (iOS, Android, Win Phone, Win 8 SDKs)
– .NET, Node.js, Java, PHP, Python, REST
– PowerShell, CLI
• Example: Create Node.js web site from Mac CLI
https://www.windowsazure.com/en-us/develop/nodejs/tutorials/create-a-website-(mac)/
• Example: Create Linux (CentOS) VM from CLI
(Node-based CLI – Windows not required)
https://www.windowsazure.com/en-us/develop/php/how-to-guides/command-line-tools/
https://www.windowsazure.com/en-us/develop/nodejs/how-to-guides/command-line-tools/
• Example: Install Couchbase + VNet on VM
http://blogs.msdn.com/b/jimoneil/archive/2012/06/16/couchbase-on-azure-a-tour-ofnew-windows-azure-features.aspx
@Bill Wilder
9
PORTAL DEMO
www.windowsazure.com
manage.windowsazure.com
@Bill Wilder
10
Cloud Computing
___________________ as a Service
Apps,
$/user,
Expertise, SLA
App Services as OpEx,
$/VM/Svcs, OS, DBMS, etc.
with patching & upgrades,
Environment Monitoring,
Expertise, SLA
Virtualized Hardware as OpEx,
Networking, Automation, Elasticity,
Price Transparency, Global Data Centers,
Expertise, SLA
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
AppHarbor
.csdef
cscfg
Web Roles
“Service Model”
Worker Roles
• 1+ types
• Deployment
• 1+ types
• Windows
Package
• Windows
Server
• Config: VM sizes & Server
• Running IIS instance counts, • Could run
settings, endpoints, Tomcat, etc.
certs…
Load
Balancer
Web Role
Instances
Worker Role
Instances
Web Role
Instances
Service Bus
Queue
Worker Role
Instances
QCW Example: User Uploads Photo
www.pageofphotos.com
Web
Server
Reliable Queue
Reliable Storage
Compute
Service
QCW [on Azure]
WE NEED:
• Compute (VM) resources to run our code
Web Roles (IIS) and Worker Roles (w/o IIS)
• Reliable Queue to communicate
Azure Storage Queues
• Durable/Persistent Storage
Azure Storage Blobs & Tables; WASD
QCW on Azure: User Uploads a Photo
www.pageofphotos.com
push
Web
Role
(IIS)
pull
Azure Queue
Worker
Role
Azure Blob
UX implications: user does not wait for thumbnail
(architecture!)
QCW enables Responsive UX
• Response to interactive users is as fast as a
work request can be persisted
• Time consuming work done asynchronously
• Comparable total resource consumption,
arguably better subjective UX
• UX challenge – how to express Async to users?
– Communicate Progress
– Display Final results
– Long Polling/Web Sockets (e.g., SignalR or Node.io)
QCW enables Scalable App
• Decoupled front/back provides insulation
–
–
–
–
–
Blocking is Bane of Scalability
Order processing partner doing maintenance
Twitter down
Email server unreachable
Internet connectivity interruption
• Loosely coupled, concern-independent scaling
– (see next slide)
– Get Scale Units right
–Key to optimizing operational CO$T$
General Case:
Many Roles, Many Queues
Web
Role
(Admin)
Web
Web
Role
Web
Role
(Public)
Role
(IIS)
(IIS)
Queue
Queue
Type 1
Type 1
Queue
Queue
Type 2
Type 2
Queue
Type 3
Worker
Worker
Role
Worker
Role
Worker
Role
Role
Type 1
Worker
Worker
Role
Worker
Role
Worker
Worker
Role
Role
Worker
Role
Worker
TypeRole
2
TypeRole
2
Type 2
Type 2
• Scaling best when Investment α Benefit
• Optimize for CO$T EFFICIENCY
• Logical vs. Physical Architecture depends on current scale
Reliable Queue & 2-step Delete
var url = “http://pageofphotos.blob.core.windows.net/up/<guid>.png”;
queue.AddMessage( new CloudQueueMessage( url ) );
(IIS)
Web
Role
Queue
Worker
Role
var invisibilityWindow = TimeSpan.FromSeconds( 10 );
CloudQueueMessage msg =
queue.GetMessage( invisibilityWindow );
(… do some processing then …)
queue.DeleteMessage( msg );
QCW requires Idempotent
• Perform idempotent operation more than
once, end result same as if we did it once
• Example with Thumbnailing (easy case)
• App-specific concerns dictate approaches
– Compensating action, Last write wins, etc.
• PARTNERSHIP: division of responsibility
between cloud platform & app
– Far cry from database transaction
QCW expects Poison Messages
• A Poison Message cannot be processed
– Error condition for non-transient reason
– Use dequeue count property
• Be proactive
– Falling off the queue may kill your system
• Determine a Max Retry policy per queue
– Delete, put on “bad” queue, alert human, …
QCW requires “Plan for Failure”
• VM restarts will happen
– Hardware failure, O/S patching, crash (bug)
• Bake in handling of restarts into our apps
– Restarts are routine: system “just keeps working”
– Idempotent support needed important
– Event Sourcing (commonly seen with CQRS) may
help
• Not an exception case! Expect it!
• Consider N+1 Rule
What’s Up? Reliability as EMERGENT PROPERTY
Typical Site Any 1 Role Inst
Operating System
Upgrade
Application Code
Update
Scale Up, Down, or In
Hardware Failure
Software Failure (Bug)
Security Patch
Overall System
What about the DATA?
• You: Azure Web Roles and Azure Worker Roles
– Taking user input, dispatching work, doing work
– Follow a decoupled queue-in-the-middle pattern
– Stateless compute nodes
• Cloud: “Hard Part”: persistent, scalable data
– Azure Queue & Blob Services
– Three copies of each byte
– Geo-replicated to sister data center
– Busy Signal Pattern
Azure Services
Compute
Virtual Machines
Cloud Services
Websites
Mobile Services
Batch
Network Services
ExpressRoute
Virtual Network
Traffic Manager
Data Services
Storage
SQL Database
HDInsight
Cache
Backup
Site Recovery
Machine Learning
StorSimple
DocumentDB
Azure Search
Data Factory
Stream Analytics
Operational Insights
App Services
Media Services
Service Bus
Push Notifications
Scheduler
BizTalk Services
Active Directory
Multi-Factor Authentication
Automation
CDN
API Management
RemoteApp
Application Insights
Cloud Architecture Patterns book
Primer Chapters
1.
2.
3.
4.
Scalability
Eventual Consistency
Multitenancy and
Commodity Hardware
Network Latency
Cloud Architecture Patterns book
Pattern Chapters
1. Horizontally Scaling Compute Pattern
2. Queue-Centric Workflow Pattern
3. Auto-Scaling Pattern
4. MapReduce Pattern
5. Database Sharding Pattern
6. Busy Signal Pattern
7. Node Failure Pattern
8. Colocate Pattern
9. Valet Key Pattern
10. CDN Pattern
11. Multisite Deployment Pattern
Business Card
BostonAzure.org
• Boston Azure cloud user group
• Focused on Microsoft’s Public Cloud Platform
• Monthly, 6:00-8:30 PM in Boston area
– Food; wifi; free; great topics; growing community
• Follow on Twitter: @bostonazure
• More info or to join our Meetup.com group:
http://www.bostonazure.org
Related documents
Windows Azure Active Directory Overview
Windows Azure Active Directory Overview
NYC Code Camp 7 — 15-Sept-2012 — Bill Wilder
NYC Code Camp 7 — 15-Sept-2012 — Bill Wilder
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
CloudBrew 2013- Connecting IoT
CloudBrew 2013- Connecting IoT
Microsoft Dynamics AX Roadmap - The Partner Connections Event
Microsoft Dynamics AX Roadmap - The Partner Connections Event
AzureIntro-ShahedChowdhuri-2014-02
AzureIntro-ShahedChowdhuri-2014-02
Jonas Premier SaaS offering on Windows Azure
Jonas Premier SaaS offering on Windows Azure
Boston Azure Firestarter - Roles and Queues
Boston Azure Firestarter - Roles and Queues
Using Microsoft Cloud
Using Microsoft Cloud
Download
advertisement