Upload
conrad-black
View
216
Download
2
Tags:
Embed Size (px)
Citation preview
Michael EpprechtIT Pro EvangelistMicrosoft Corporation
Inside Windows Azure
michaelepprechtmicrosoftcom twitter fastflame
Public cloud A cloud platform run by a service provider such as Microsoft Amazon or Google made available to many end-user organizations
Private cloud A cloud platform run solely for a single end-user organization such as a bank or retailer
The technology can be much like public clouds but the economics are differentAn organization might combine private and public clouds to form a hybrid cloud
Public Clouds vs Private Clouds - Typical definitions
Infrastructure as a Service (IaaS) basic compute and storage resource
On-demand serversAmazon EC2 VMWare vCloud
Platform as a Service (PaaS) cloud application infrastructure
On-demand application-hosting environmentEg Google AppEngine Salesforcecom Windows Azure
Software as a Service (SaaS) cloud applications
On-demand applicationsEg Office 365 Intune LiveHotmail GMail Microsoft Office Web Companions
Cloud Fundamentals
The Cloud is about cheap on-demand capacity
The Benefits of the Cloud
= Managed for You
Standalone
Servers
IaaS PaaS SaaS
Applications
Runtimes
Database
Operating System
Virtualization
Server
Storage
Networking
Windows Azure
The Data Center
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Public cloud A cloud platform run by a service provider such as Microsoft Amazon or Google made available to many end-user organizations
Private cloud A cloud platform run solely for a single end-user organization such as a bank or retailer
The technology can be much like public clouds but the economics are differentAn organization might combine private and public clouds to form a hybrid cloud
Public Clouds vs Private Clouds - Typical definitions
Infrastructure as a Service (IaaS) basic compute and storage resource
On-demand serversAmazon EC2 VMWare vCloud
Platform as a Service (PaaS) cloud application infrastructure
On-demand application-hosting environmentEg Google AppEngine Salesforcecom Windows Azure
Software as a Service (SaaS) cloud applications
On-demand applicationsEg Office 365 Intune LiveHotmail GMail Microsoft Office Web Companions
Cloud Fundamentals
The Cloud is about cheap on-demand capacity
The Benefits of the Cloud
= Managed for You
Standalone
Servers
IaaS PaaS SaaS
Applications
Runtimes
Database
Operating System
Virtualization
Server
Storage
Networking
Windows Azure
The Data Center
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Infrastructure as a Service (IaaS) basic compute and storage resource
On-demand serversAmazon EC2 VMWare vCloud
Platform as a Service (PaaS) cloud application infrastructure
On-demand application-hosting environmentEg Google AppEngine Salesforcecom Windows Azure
Software as a Service (SaaS) cloud applications
On-demand applicationsEg Office 365 Intune LiveHotmail GMail Microsoft Office Web Companions
Cloud Fundamentals
The Cloud is about cheap on-demand capacity
The Benefits of the Cloud
= Managed for You
Standalone
Servers
IaaS PaaS SaaS
Applications
Runtimes
Database
Operating System
Virtualization
Server
Storage
Networking
Windows Azure
The Data Center
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
The Cloud is about cheap on-demand capacity
The Benefits of the Cloud
= Managed for You
Standalone
Servers
IaaS PaaS SaaS
Applications
Runtimes
Database
Operating System
Virtualization
Server
Storage
Networking
Windows Azure
The Data Center
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
The Data Center
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Some of Microsoftrsquos Data Centers
ChicagoQuincyDublin
Amsterdam
Hong Kong
Singapore
Japan
Datacenters have become as vital to the
functioning of society as power stations
The Economist
San Antonio
BoydtonDes Moines
Quincy Washington
27MW 100 Hydro power
Chicago Illinois Up to 60MW
Water side economization Containers
Dublin Ireland Up to 50MW
Outside air cooling PODs Wind Power
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
What is a Data Center
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Who needs coolingThis was just a private test
But it does illustrate there are opportunities that are unexplored
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Modular DatacenterGeneration 4
Datacenter Colocation
Generation 1
San Antonio amp Quincy
Generation 2
Chicago amp DublinGeneration 3
Containers amp PodsScalability and
Sustainability12-15 PUE
Rack Density and Deployment14 ndash 16 PUE
Server
Capacity~2 PUE
ITPACFaster Time to Market
Reduced Carbon105-115 PUE
Microsoftrsquos Datacenter Evolution
EFFICIENT RESOURCE USAGED E P LOY M E N T S C A L E U N I T
2005 2006
2007 2008
2009 2010+
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure is an OS for the data centerModel Treat the data center as a machineHandles resource management provisioning and monitoringManages application lifecycleAllows developers to concentrate on business logic
Provides shared pool of compute disk and network
Virtualized storage compute and networkIllusion of boundless resources
Provides common building blocks for distributed applications
Reliable queuing simple structured storage SQL storageApplication services like access control and connectivity
Windows Azure
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure Components Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes NET 354 ASP NET PHP
Operating System Windows Server 2008 or 2008 R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob Queue Table)
Networking Windows Azure-Configured Networking
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Developer ExperienceUse existing Skills and Tools
Windows Azure Platform
platformAppFabric
Compute Storage
Management
Relational data
ManagementConnectivity
Access control
Billing amp Payments
Flexible APIs
Information Marketplace
CDN
Internet
Reporting amp BI
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
1 A Windows Azure application is built from one or more roles
2 A Windows Azure application runs multiple instances of each role
3 A Windows Azure application behaves correctly when any role instance fails
The Three Rules
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure Application Characteristics
Single InstancePersistent OS
Single Instance
Stateless OS
Multi-Instance
Stateless OSAutomated Consistent Application UpdatesAutomated Consistent Configuration ChangesMulti-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Windows Azure
Single Instance
Persistent OS
Single InstanceStateless
OS
Multi-InstanceStateless
OS
Automated Consistent Application Updates
Automated Consistent Configuration Changes
Multi-Instance ManagementScale-out
High Availability
Automated Consistent OS Servicing
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Configuration and deploymentCertificate management (eg SSL)Load-balanced public endpointsInternal endpoint configuration and discovery
OperationsRemote desktop access managementAutomated OS and runtime updatesCoordinated updates
AvailabilityHealth monitoringSLA guaranteed uptime
Basic Windows Azure Functionality
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
A cloud application is typically made up of different components
Front end eg load-balanced stateless web serversMiddle worker tier eg order processing encodingBackend storage eg SQL Server tables or filesMultiple instances of each for scalability and availability
Modeling Cloud Applications
Front-End
Cloud Application
Front-End
HTTPHTTPSWindow
sAzure
StorageSQL
Azure
Load Balancer Middl
e-Tier
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
A Windows Azure application is called a ldquoservicerdquo
Definition informationConfiguration informationAt least one ldquorolerdquo
Roles are like DLLs in the service ldquoprocessrdquoCollection of code with an entry point that runs in its own virtual machine
There are currently three role typesWeb Role IIS7 and ASPNET in Windows Azure-supplied OSWorker Role arbitrary code in Windows Azure-supplied OSVM Role uploaded VHD with customer-supplied OS
The Windows Azure Service Model
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure ComponentsROLE
Virtual Machine
IIS (in web roles)
Role Runtime
Application Code
Operating System
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Definition Role nameRole typeVM size (eg small medium etc)Network endpoints
Code WebWorker Role Hosted DLL and other executablesVM Role VHD
ConfigurationNumber of instancesNumber of update and fault domains
Role ContentsService
Role Front-End
DefinitionType WebVM Size SmallEndpoints External-1ConfigurationInstances 2Update Domains 2Fault Domains 2
Role Middle-Tier
DefinitionType WorkerVM Size LargeEndpoints Internal-1ConfigurationInstances 3Update Domains 2Fault Domains 2
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
RDFEService
Portal Service
Northern Europe Datacenter
Service package uploaded to portal
Windows Azure Portal Service passes service package to ldquoRed Dog Front Endrdquo (RDFE) Azure serviceRDFE converts service package to native ldquoRDrdquo version
RDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service
Deploying a Service to the Cloud The 10000 foot view
FC
Service
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
The ldquokernelrdquo of the cloud operating system
Manages datacenter hardwareManages Windows Azure services
Four main responsibilities
Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health management
InputsDescription of the hardware and network resources it will controlService model and binaries for cloud applications
The Fabric Controller (FC)
Server
Kernel
Process
Datacenter
Fabric Controller
Service
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Datacenter Architecture
TOR
LB
LB
Agg
PDU
LB
LB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg L
BLB
Agg
Racks
Datacenter Routers
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
TOR
PDU
helliphelliphellip hellip hellip
Top of RackSwitches
Power Distribution Units
hellip
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Nodes
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure Datacenters
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
FC is a distributed stateful application running on nodes (blades) spread across fault domains
Installed by ldquoUtilityrdquo Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade and services continue to run even if FC fails entirely
High-Level FC Architecture
TOR
FC1
hellip hellip
TOR
FC2
hellip hellip
TOR
FC3
hellip hellipFC3
TOR
FC4
hellip hellip
TOR
FC5
hellip hellip
LB
LB
AGG
LBL
BLB
Nodes
Rack
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
1 Power on node2 PXE-boot
Maintenance OS3 Agent formats disk
and downloads Host OS
4 Host OS boots runs Sysprep specialize reboots
5 FC connects with the ldquoHost Agentrdquo
Provisioning a NodeFabric Controller
RoleImage
s
RoleImage
s
RoleImage
s
RoleImage
s
Image Repository
Maintenance OS
Parent OS
Node
PXEServe
r
Maintenance OS
Windows Azure
OS
Windows Azure
OS
FC Host Agen
t
Windows Azure Hypervisor
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
ExampleRole B
Count 2Update Domains 2Fault Domains 2
Size Medium
Role ACount 3
Update Domains 2
Fault Domains 2Size Large
Fault Domain 1 Fault Domain 2 Fault Domain 3
LoadBalancer
10100036
101000122101000185
wwwmycloudappnet
wwwmycloudappnet
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Where does VM Role fit in
ControlAbstraction (ie Less IT amp Less Plumbing Code)
Admin Web Role
Admin Worker Role
(Startup Tasks)
Worker Role
Web Role
VM Role
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Long running application installations
Error-prone application installations
Application installations requiring manual interaction
VM Role Use Cases
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
On Premise1 Create Hyper-V image with Windows Server 2008 R2
unlicensed2 Install your applications3 Install Azure Integration Components4 SysPrep5 Upload image to Azure with CSUPLOAD
On Azure1 Enable your VM in Azure Management Portal2 Start the VM role Azure Management Portal3 Azure Licenses and Activates VM4 FinalizeConfigure Application
VM Role Prep
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
The VM is the security boundary upon which Windows Azure security is based
The host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same service
Allows access to Internet addresses
FC uses certificates and network security to authorize access to datacenter resources
Fabric Controller Security
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
FC maintains service availability by monitoring the software and hardware health
Based primarily on heartbeats Automatically ldquohealsrdquo affected roles
Node and Role Health Maintenance
Problem How Detected Fabric Response
Role instance crashes
FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node ldquoout for repairrdquo
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Moving a role instance is similar to a service updateOn source node
Role instances stoppedVMs stoppedNode reprovisioned
On destination nodeSame steps as initial role instance deployment
Warning Resource VHD is not moved
Moving a Role Instance (Service Healing)
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Secure network connectivity between on-premises and cloud
Supports standard IP protocols
Customer benefits and motivation
Leverage current IT investmentsCloud app integration with existing apps data sourcesCompliance security drivers
Simple setup and management
Windows Azure Connect Azure
Enterprise
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Windows Azure Connect in ContextCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity amp
Messaging Service Bus
SecurityFederated Identity and Access Control
Secure Network Connectivity
Windows Azure Connect
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Enable WA Roles for external connectivity via service modelEnable external computers for connectivity by installing Connect agent
Win Server 2008 2008 R2 Vista and Win7 supported platforms
Network policy managed through WA portal
Granular control over connectivity
Automatic setup of secure IPv6 network between connected role instances and external computers
Tunnel firewallsNATrsquos through hosted SSL-based relay serviceSecured via end-to-end IPSecDNS name resolution
Windows Azure Connect ndash Closer Look
Role A
Role B
Role C(multiple
VMrsquos)
Windows Azure
Enterprise
Dev machines
Databases
Relay
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Instance Size
CPU RAM Instance
HDD
Peak Mbps
Price per Hour
Extra Small
10 GHz 768 MB 20 GB 5 CHF 0055
Small 16 GHz 17 GB 225 GB 100 CHF 0132
Medium 2 x 16 GHz
35 GB 490 GB 200 CHF 0264
Large 4 x 16 GHz
7 GB 1000 GB
400 CHF 0528
Extra Large
8 x 16 GHz
14 GB 2040 GB
800 CHF 1056
Azure Role Sizes
httpwwwmicrosoftcomwindowsazurepricing
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
SQL Azure
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
SQL Azure Service Provisioning Model
Each account has zero or more serversAzure wide provisioned in a common portalEstablished a Billing instrument
Each server has one or more databasesLogical concept equal to a master DBContains metadata about database amp usageUnit of authentication geo-location billing reportingGenerated DNS-based name
Each database has standard SQL objectsUsers Tables Views Indices etcUnit of consistency
Account
Server
Database
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
SQL Azure High Level Architecture
Internet Azure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Load balancer forwards lsquostickyrsquo sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability Fabric Failover Replication and Load balancing
SQL SQL SQL SQL SQLSQL
Gateway TDS protocol gateway enforces AUTHNAUTHZ policy proxy to backend SQL
Data Center Boundary
Application
Applications use standard SQL client libraries ODBC ADONet PHP hellip
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
SQL Azure Reporting
Load Balancer
SQL Azure Database Server
hellip
Catalog
TempDB
Data Source
[tenant]databasewindowsnet
https[tenant]reportswindowsnetreportsreport1rdl
RS Gateways
RS Instances
Windows Azure
SQL Azure Reporting Services ArchitectureMicrosoft SQL Azure
Reporting Infrastructure SQL Azure for data tier and Windows Azure for hosting
Availability RS Gateway for tenant isolation and ldquosmartrdquo routing
Multitenancy Stateless RS instances as a shared ldquoenginerdquo
Performance Co-locate RS with user DBs
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Monthly Service Level Agreements
All running roles will be continuously monitored
If role is not running we will detect and initiate corrective action
gt999
Instance Monitoring amp Restart
Database is connected to the internet gateway
All databases will be continuously monitored
gt999
Database availability
gt999
Service bus and access control endpoints will have external connectivity
Message operation requests processed successfully
Service Bus amp Access Control
Availability
Your service is connected and reachable via web Internet facing roles will have external connectivity
gt9995
ComputeConnectivity
gt999
Storage service will be available reachable (connectivity)
Your storage requests will be processed successfully
Storage Availability
gt999
Service will respond to client requests and deliver the requested content without error
Content Delivery Network
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azurersquos PaaS
Provisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healing
The Fabric Controller continues to evolveRelational Databases Reporting Security Connectivity all part of the Platform with more to come
Conclusion
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
Global Foundation Services (GFS)httpwwwglobalfoundationservicescom
Windows Azurehttpwwwazurecom
Links
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
QampA
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION
copy 2011 Microsoft Corporation All rights reserved Microsoft Windows Windows Vista and other product names are or may be registered trademarks andor trademarks in the US andor other countries
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation Because Microsoft must respond to changing market conditions it should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation MICROSOFT MAKES NO WARRANTIES EXPRESS IMPLIED OR STATUTORY AS TO THE INFORMATION IN THIS PRESENTATION