Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
WINDOWS AZURE PLATFORM
BART VANDE GHINSTE DPE MICROSOFT
INDUSTRY TRANSFORMATION
1970s and 80s | Mainframe
1990s | Client / Server
2000s | Web
Today | Cloud
CLOUD COMPUTING ACCORDING TO ANALYSTS
MORE FACTORS TO CONSIDER
DATA
SOVEREIGNTY &
PRIVACY
PHYSICAL
CONTROL
RISK ASSESSMENT
APPLICATION
MODEL
EXISTING
INFRASTRUCTURE
OPEX / CAPEX GEOGRAPHIC
PROXIMITY
REGULATORY
COMPLIANCE
MICROSOFT CLOUD VISION
Elasticity
Automated Service
Management
High Availability
Multi-
Tenancy
Off Premises On Premises
Homogeneous Heterogeneous
CapEx OpEx
Own Lease/Rent
Self Third Party
OUR VISION
Service Provider
Microsoft
Customer
CLOUD COMPUTING TAXONOMY
The Windows Azure
platform fits here
Traditional IT
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You
man
ag
e
IaaS
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Man
ag
ed
by v
en
do
r
You
man
ag
e
You
man
ag
e PaaS
Man
ag
ed
by v
en
do
r
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
SaaS
Man
ag
ed
by v
en
do
r
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
DATACENTERS
North America
Region Europe
Region Asia Pacific Region
Over 2 terabits per second of capacity from over 22 global locations
Windows Azure Content Delivery Network (CDN) service
scales your global reach automatically without user intervention
Seattle, WA
Ashburn, VA
San Antonio, TX
Bay Area, CA
Sydney, AU
Tokyo, JP
Seoul, KR
São Paulo, BR
DATA CENTER AS A COMMODITY
BEHIND THE SCENES
TWITTER (FROM JOHN ADAMS, OPS ENGINEER AT TWITTER, 2010)
Partitioned
Data
Distributed
Cache
Web
Frontend
Distributed
Storage
Apps &
Services
Queues
Async
Processes
FLICKR (FROM CAL HENDERSON, THEN DIRECTOR OF ENGINEERING AT YAHOO,
2007)
Partitioned Data Distributed
Cache
Web Frontend
Distributed Storage
Apps & Services
SLIDESHARE (FROM JOHN BOUTELLE, CTO AT SLIDESHARE, 2008)
Partitioned Data
Distributed Cache
Web
Frontend
Distributed Storage
Apps &
Services
2010 stats (Source:
http://www.facebook.com/press/info.php?statistics)
• People
• +500M active users
• 50% of active users log on in any given day
• people spend +700B minutes /month
• Activity on Facebook
• +900M objects that people interact with
• +30B pieces of content shared /month
• Global Reach
• +70 translations available on the site
• ~70% of users outside the US
• +300K users helped translate the site through
the translations application
• Platform
• +1M developers from +180 countries
• +70% of users engage with applications
/month
• +550K active applications
• +1M websites have integrated with Facebook
Platform
• +150M people engage with Facebook on
external websites /month
FACEBOOK (from Jeff Rothschild, VP Technology at Facebook, 2009)
Partitioned
Data
Distributed
Cache
Web
Frontend
Distributed
Storage
Apps &
Services
Parallel
Processes
Async
Processes
WINDOWS AZURE PLATFORM COMPONENTS
Apps & Services
Services
Web Frontend
Queues Distributed Storage
Distributed
Cache
Partitioned Data
Content Delivery
Network
Load Balancer
IIS
Web Server
VM Role
Worker Role
Web Role
Caching
Queues Access Control
Composite App
Blobs
Relational
Database Tables
Drives Service Bus
Reporting
DataSync
Virtual Network
Connect
THE WINDOWS AZURE PLATFORM
Developer Experience
WINDOWS AZURE COMPUTATION
Compute provides availability and
scalability to the application. Developers
can build services using a combination
of Windows Azure roles. These roles can
be replicated as needed to scale the
application and computational
processing power.
Virtual Machine (VM) Role • Runs a Windows Server 2008 R2 VHD
• Makes it easier to move existing
applications to Azure
Web
Role
Worker
Role
VM
Role
Web Role • Uses IIS to host web apps
• Runs ASP.NET, WCF, PHP, etc.
Worker Role • Used for generalized development
• Can host 3rd-party servers
(Tomcat, MySQL, etc.)
WINDOWS AZURE STORAGE
Storage Services allow customers to
scale to store large amounts of data –
in any format – for any length of time,
only paying for what they use or store
Windows Azure Blobs • Blob Storage
• Partitioned by container
• Unlimited containers
• CDN Capable
Windows Azure Tables • Entity Data Store
• Partitioned by key
• Unlimited keys
• Not a RDBMS
Windows Azure Queues • Read at least once
• Delete to remove message,
otherwise is returned to queue
• Partitioned by Queue Name
Windows Azure Drives • Access method for blob storage
• Mounts a blob as an NTFS Drive
• One write mount; many read mounts
Compute provides availability and
scalability to the application. Developers
can build services using a combination
of Windows Azure roles. These roles can
be replicated as needed to scale the
application and computational
processing power.
BLOBs Tables Queues Drives
WINDOWS AZURE CONTENT DELIVERY NETWORK
CDN offers a global solution for delivering
high-bandwidth content from nodes
closest to end-users
Storage Services allow customers to
scale to store large amounts of data –
in any format – for any length of time,
only paying for what they use or store
Compute provides availability and
scalability to the application. Developers
can build services using a combination
of Windows Azure roles. These roles can
be replicated as needed to scale the
application and computational
processing power.
Windows Azure
Content Delivery Network (CDN)
- Caches BLOBs at strategically placed locations
- Provides maximum bandwidth for delivering
content to users over HTTP
WINDOWS AZURE
Storage Services allow customers to
scale to store large amounts of data –
in any format – for any length of time,
only paying for what they use or store
Compute provides availability and
scalability to the application. Developers
can build services using a combination
of Windows Azure roles. These roles can
be replicated as needed to scale the
application and computational
processing power.
Virtual Network enables seamless, secure
IP-level network connectivity between
Windows Azure and on-premises resources
Windows Azure Virtual Network
- Access to Windows Azure role instances
- Domain-join Windows Azure roles
- Direct corpnet access from
Windows Azure roles
CDN offers a global solution for delivering
high-bandwidth content from nodes
closest to end-users
SQL AZURE
SQL Azure is a data platform as a service that…
- Provides relational database and data sync services as a service
- Maintains the familiar SQL Server capabilities
- Supports existing APIs and tools
- Provisions databases without managing data infrastructure
- Provides high availability and scalability for your data
Database for storing and
accessing your relational data
in the cloud
Reporting provides reporting capabilities in
the cloud
Data Sync is a tool for
synchronizing your data
between servers
(SQL Server or SQL Azure)
WINDOWS AZURE APPFABRIC
Windows Azure AppFabric provides an application infrastructure that
connects and extends existing on-premises applications to the cloud
You can use Windows Azure AppFabric to…
- Interoperate with a variety of languages and industry standards
- Simplify user access and authorization across organizations and ID providers
- Locate and Connect, using cloud-based endpoints,
to cloud services, hosted assets, and on-premises applications
Service Bus provides cloud
connectivity capabilities to
navigate firewall boundaries
Access Control is a federated
authorization management service
Caching is a distributed,
in-memory cache that
reduces data retrieval trips
Integration uses common out-of-
box integration patterns to
accelerate and simplify development
Composite App environment provides a
way to compose, deploy, and manage an
entire application as a single logical entity
THE WINDOWS AZURE MANAGEMENT
The Fabric Controller manages the pool of compute and storage
services; automating deployment and monitoring of your application
• Automates load balancing of incoming requests to role instances
• Manages your compute resources
• Instantiates and loads instances
• Continuously monitors role instances
Fabric Controller
Developer Portal
THE WINDOWS AZURE PLATFORM AN OPEN PLATFORM
Ru
nti
mes
&
Serv
ices
http:// REST Web Services XML oData AtomPub RSS
Ap
pFab
ric
SD
Ks
Windows Azure
Tools for Windows Azure
Command-Line Tools for Windows Azure
Companion
Win
do
ws
Azu
re
SD
Ks
SERVICE LEVEL AGREEMENT
Partner
Cloud App
CHALLENGES CROSSING ORGANIZATIONAL BOUNDARIES
A POWER YOU CAN HARNESS ON YOUR TERMS
MANAGEMENT COMMON: DEVELOPMENT
PRIVATE CLOUD PUBLIC CLOUD
VIRTUALIZATION IDENTITY
Slide 29
ENTERPRISE
WINDOWS AZURE
PLATFORM
Identity
Access Control
Application-layer
Connectivity & Messaging
Service Bus
Network Connectivity
Windows Azure Connect
Data Synchronization
SQL Azure Data Sync
Slide 30
ENTERPRISE
WINDOWS AZURE
PLATFORM
Identity
Access Control
Application-layer
Connectivity & Messaging
Service Bus
Network Connectivity
Windows Azure Connect
Data Synchronization
SQL Azure Data Sync
• User – Doesn’t want to use different identity for every app • Developer – Doesn’t want to write code to support multiple identity providers • Administrator – Wants to easily grant access to apps to Active Directory identities
Cloud App
Active Directory
IDENTITY CHALLENGES
HOW IT WORKS
Access Control
Your
Service 5. Send message
with token
0. Establish trust
via key exchange
Customer
1. Define access control
rules
3. Map input claims
to output claims based on
access control rules
6. Process
token
IDENTITY SOLUTION: CLOUD SINGLE SIGN-ON WITH ACCESS CONTROL
Active Directory
ADFS 2.0 AC
• User – Can use his preferred Identity Provider • Developer – Writes one set of code to accommodate multiple Identity Providers • Administrator – Grants access to all Active Directory users by establishing trust
between Active Directory and Access Control
Slide 34
ENTERPRISE
WINDOWS AZURE
PLATFORM
Identity
Access Control
Application-layer
Connectivity & Messaging
Service Bus
Network Connectivity
Windows Azure Connect
Data Synchronization
SQL Azure Data Sync
Partner
EXTEND REACH OF SOA ASSETS THROUGH THE CLOUD
Cloud App
Service Bus
HOW IT WORKS
• Traverse NAT/Firewall – Each App initiates outbound connection
• Exchange messages between loosely coupled applications
• Support for a variety of messaging patterns
• Message buffering for loosely connected applications
Send Receive Receive Send
App 1 App 2
Partner Partner
Cloud App
CONNECTIVITY SOLUTION: EXPOSE ON-PREMISES SERVICES THROUGH THE SERVICE BUS
Extend reach of existing on-premise services to facilitate greater
collaboration between partners, branch offices, remote workers and devices
Slide 38
ENTERPRISE
WINDOWS AZURE
PLATFORM
Identity
Access Control
Application-layer
Connectivity & Messaging
Service Bus
Network Connectivity
Windows Azure Connect
Data Synchronization
SQL Azure Data Sync
SQL AZURE DATA SYNC
Sync
SQL
Azure
• Powers movement of data
• Cloud cloud
• On-premises cloud
• Getting data where you need it
• Sync SQL Azure instances
• Sync SQL Server to SQL Azure
• Sync offline apps to SQL Azure
• Enable geo-replication of data
SQL AZURE DATA SYNC
On-Premises (Headquarters)
Syn
c
Remote Offices Data Sync
Service For
SQL Azure Retail Stores
SQL Azure
Database
Slide 41
ENTERPRISE
WINDOWS AZURE
PLATFORM
Identity
Access Control
Application-layer
Connectivity & Messaging
Service Bus
Network Connectivity
Windows Azure Connect
Data Synchronization
SQL Azure Data Sync
Virtual Network
WINDOWS AZURE CONNECT
• Provides seamless, secure IP-level network connectivity between Windows
Azure and on-premise resources
• Connecting to cloud resources (roles) for administrative purpose
HYBRID SOLUTION BUILDING BLOCKS
AppFabric Access Control AppFabric Service Bus
SQL Azure Data Sync Windows Azure Connect
• Claims-based security: Integrates
with Windows Identity
Foundation
• Protocols: WS-Federation, WS-
Security, WS-Trust
• Identity Providers: ADFS 2.0,
Facebook, Windows LiveId,
Yahoo, Google)
• Application-layer connectivity &
messaging
• Secure WCF service-remoting,
eventing & protocol tunneling
• Synchronize SQL Azure instances
• SQL Server to SQL Azure Sync
• Move Data Closer to Apps
• Secure network connectivity
between on-premises and cloud
• IP-level connectivity, IP-sec based
• Extend Active Directory to Cloud
Assets