Presentation is loading. Please wait.

Presentation is loading. Please wait.

Except where noted contents © 2014 Development Partners Software Corporation the Microsoft Azure.

Similar presentations


Presentation on theme: "Except where noted contents © 2014 Development Partners Software Corporation the Microsoft Azure."— Presentation transcript:

1 Except where noted contents © 2014 Development Partners Software Corporation http://www.devpartners.com http://www.devpartners.com the Microsoft Azure Cloud Platform Bill Wilder, Finomial CTO @codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder Zoran’s Class 04-December-2015 Bill Wilder

2 Don’t Mess with the Zoran R

3 Questions during or after? @codingoutloud

4 Image credit: https://www.flickr.com/photos/richardstep/7437999566https://www.flickr.com/photos/richardstep/7437999566 Azure is a Toolbox

5 Image credit: https://www.flickr.com/photos/richardstep/7437999566https://www.flickr.com/photos/richardstep/7437999566 Azure is a BIG Toolbox

6 Amount we’ll touch on

7 Compared to What? Similar to AWS Similar to Google Compute + AppEngine

8 … but different

9 Cloud Computing Packaged Software Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Managed by vendor You manage Platform (as a Service) Managed by vendor You manage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data Software (as a Service) Managed by vendor Storage Servers O/S Middleware Virtualization Applications Runtime Data Networking

10 Azure Services Compute Virtual Machines Cloud Services Websites Mobile Services Batch Network Services ExpressRoute Virtual Network Traffic Manager App Services Media Services Service Bus Push Notifications Scheduler BizTalk Services Active Directory Multi-Factor Authentication Automation CDN API Management RemoteApp Application Insights Data Services Storage SQL Database HDInsight Cache Backup Site Recovery Machine Learning StorSimple DocumentDB Azure Search Data Factory Stream Analytics Operational Insights https://manage.windowsazure.com https://portal.azure.com

11 IaaS According to Gartner http://www.gartner.com/technology/reprints.do?id=1-1IMDMZ8&ct=130819&st=sb http://www.gartner.com/technology/reprints.do?id=1-1IMDMZ8&ct=130819&st=sb Aug 2013

12 PaaS According to Gartner http://www.gartner.com/technology/reprints.do?ct=140108&id=1-1P502BX&st=sb http://www.gartner.com/technology/reprints.do?ct=140108&id=1-1P502BX&st=sb Jan 2014

13 ___________________ as a Service Apps, $/user, Expertise, SLA App Services as OpEx, $/VM/Svcs, OS, DBMS, etc. with patching & upgrades, Environment Monitoring, Expertise, SLA Virtualized Hardware as OpEx, Networking, Automation, Elasticity, Price Transparency, Global Data Centers, Expertise, SLA Public Cloud Rental Models AppHarbor http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

14 Reality is Resource-Constrained “Security is always a tradeoff; it must be balanced with the cost.” - Bruce Schneier http://www.schneier.com/essay-207.html @Bill Wilder14

15 Reality is Resource-Constrained “_______ is always a tradeoff; it must be balanced with the cost.” - Common Sense Wisdom http://www.schneier.com/essay-207.html @Bill Wilder15

16 Members of Microsoft Azure Security Team @Bill Wilder16

17 Defenses Inherited by Azure Applications Spoofing Tampering/ Disclosure Elevation of Privilege Configurable scale-out Denial of Service VM switch hardening Certificate Services Shared- Access Signatures HTTPS Sidechannel protections VLANs Top of Rack Switches Custom packet filtering Partial Trust Runtime Hypervisor custom sandboxing Virtual Service Accounts Repudiation Monitoring Diagnostics Service @Bill Wilder17

18 Data Defense in Depth Approach Physical Application* Host Network  Strong storage keys for access control  SSL support for data transfers between all parties  Front-end.NET framework code running under partial trust  Windows account with least privileges  Hardened version of Windows Server 2008 OS for both VM Host and VM Guest operating systems  Host boundaries enforced by external hypervisor  Host firewall limiting traffic to VMs  VLANs and packet filters in routers  World-class physical security  ISO 27001 and SAS 70 Type II certifications for datacenter processes Layer Defense-in-Depth @Bill Wilder18

19 SQL Database Column-level Encryption Always Encrypted

20 Azure Active Directory

21 Key Management Azure Key Vault

22 Client Encryption Azure Storage SDK + Azure Active Directory + Azure Key Vault

23 Azure is a Toolbox Key Point to remember!

24 Azure is a Toolbox Code your app Deploy your app Host your app source code Host your app database Manage and Monitor your app User management Integration (hybrid cloud) Dev/Test Automate Operations And much much much much more…

25 Code Your App Visual Studio integration & cross-platform tooling Platform support for PaaS and IaaS Fast-start templates for creating a web site in many languages / toolkits Supports many frameworks and languages – REST – ASP.NET, Node.js, Python, Java, PHP, …

26 Deploy Your App Visual Studio Online (VSO) Continuous Deployment (CD) from VSO, github, others

27 Monitor Your App: App Insights Monitoring support Alerting support Services for gathering logs – “pets vs. cattle” Application Insights

28 Automating Automation: RunBooks I have stuff to automate … … with PowerShell On a schedule or ad hoc Might have sensitive credentials Might require auditing

29 A Tale of Two Portals

30 Where’s Azure? A global map: http://azuremap.blob.core.wind ows.net/apps/bingmap- geojson-display.html

31 Azure “Geo” Coming to India http://www.business-standard.com/article/news-ians/microsoft-s-private-preview-of-cloud-services-from-india-in-july-115060401040_1.html http://news.microsoft.com/en-in/microsoft-announces-commercial-cloud-services-from-local-datacenters-by-end-2015/ “Microsoft Announces Commercial Cloud Services from Local Datacenters by End 2015” “Microsoft's private preview of cloud services from India in July”

32 Concrete Example Modern App Pattern

33 Microsoft Azure Compute Options HDInsight (Hadoop) – specialized: big data RunBooks service for automation/scripting Mobile Services – specialized: devices Virtual Machines – most flexible Web Sites – most convenient Cloud Services – most scalable, most efficient

34 Microsoft Azure Compute Options HDInsight (Hadoop) – specialized: big data RunBooks service for automation/scripting Mobile Services – specialized: devices Virtual Machines – most flexible Web Sites – most convenient Cloud Services – most scalable, most efficient Azure Service Fabric New Feature!

35 Cloud Services Build highly scalable apps and services Multi-tier, multi-instance architectures Can be combined with other compute services Stateless node, horizontal scaling approach Automated management

36 Cloud Services Web Roles 1+ types Windows Server Running IIS Worker Roles 1+ types Windows Server Could run Tomcat, etc. “Service Model” Deployment Package Config: VM sizes & instance counts, settings, endpoints, certs…

37 Cloud Services Web Role Instances Load Balancer Worker Role Instances

38 Service Bus Queue Durable – won’t lose your data Reliable – backed by SLA and ops team Scalable – Internet scale Approachable – REST + SDKs Feature rich – supports “at least once” and “at most once” delivery guarantees, pinning, suspend, & more… See also: Azure Storage Queue

39 Scalable Architecture Service Bus Queue Web Role Instances Worker Role Instances

40 Queue-Centric Workflow Pattern (QCW for short) Pattern x of y

41 Extend www.pageofphotos.com example into Service Tier QCW enables applications where the UI and back-end services are Loosely Coupled (Compare to CQRS at end if there is interest)

42 QCW Example: User Uploads Photo www.pageofphotos.com Web Server Compute Service Reliable Queue Reliable Storage

43 QCW WE NEED: Compute (VM) resources to run our code Reliable Queue to communicate Durable/Persistent Storage

44 Where does Azure fit?

45 QCW [on Azure] WE NEED: Compute (VM) resources to run our code Web Roles (IIS) and Worker Roles (w/o IIS) Reliable Queue to communicate Azure Storage Queues Durable/Persistent Storage Azure Storage Blobs & Tables; WASD

46 QCW on Azure: User Uploads a Photo Web Role (IIS) Web Role (IIS) Worker Role Worker Role Azure Queue Azure Blob UX implications: user does not wait for thumbnail (architecture!) www.pageofphotos.com push pull

47 download_blob_to_file.py from azure.storage import * blob_service = BlobService( account_name = az_storage_account_name, account_key = az_storage_account_key) stream = blob_service.get_blob( blob_container_name, blob_name) with open(file_path, 'w') as f: f.write(stream)

48 QCW enables Responsive UX Response to interactive users is as fast as a work request can be persisted Time consuming work done asynchronously Comparable total resource consumption, arguably better subjective UX UX challenge – how to express Async to users? – Communicate Progress – Display Final results – Long Polling/Web Sockets (e.g., SignalR or Node.io)

49 QCW enables Scalable App Decoupled front/back provides insulation – Blocking is Bane of Scalability – Order processing partner doing maintenance – Twitter down – Email server unreachable – Internet connectivity interruption Loosely coupled, concern-independent scaling – (see next slide) – Get Scale Units right – Key to optimizing operational CO$T$

50 General Case: Many Roles, Many Queues Web Role (IIS) Web Role (IIS) Worker Role Worker Role Web Role (IIS) Web Role (IIS) Web Role (Public) Web Role (Public) Worker Role Worker Role Worker Role Worker Role Worker Role Type 1 Worker Role Type 1 Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Type 2 Worker Role Type 2 Queue Type 1 Queue Type 2 Queue Type 1 Queue Type 2 Queue Type 3 Scaling best when Investment α Benefit Optimize for CO$T EFFICIENCY Logical vs. Physical Architecture depends on current scale Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Web Role (Admin) Web Role (Admin)

51 Reliable Queue & 2-step Delete (IIS) Web Role (IIS) Web Role Worker Role Worker Role var url = “http://pageofphotos.blob.core.windows.net/up/.png”; queue.AddMessage( new CloudQueueMessage( url ) ); var invisibilityWindow = TimeSpan.FromSeconds( 10 ); CloudQueueMessage msg = queue.GetMessage( invisibilityWindow ); (… do some processing then …) queue.DeleteMessage( msg ); Queue

52 QCW requires Idempotent Perform idempotent operation more than once, end result same as if we did it once Example with Thumbnailing (easy case) App-specific concerns dictate approaches – Compensating action, Last write wins, etc. PARTNERSHIP: division of responsibility between cloud platform & app – Far cry from database transaction

53 QCW expects Poison Messages A Poison Message cannot be processed – Error condition for non-transient reason – Use dequeue count property Be proactive – Falling off the queue may kill your system Determine a Max Retry policy per queue – Delete, put on “bad” queue, alert human, …

54 Image credit: https://www.flickr.com/photos/richardstep/7437999566https://www.flickr.com/photos/richardstep/7437999566 Azure is a Toolbox

55 App Toolbox Compute Producer: VM, Cloud Service Web Role, Service Fabric, Web Site Compute Consumer: VM, Cloud Service Worker Role, Service Fabric, Web Job Storage: SQL DB, Azure Storage Blob, Azure Storage Table, Document DB Messaging: Service Bus, Azure Storage Queue Telemetry: App Insights Management: portal.azure.com

56 More Tools Compute Producer: VM, Cloud Service Web Role, Service Fabric, Web Site, Console app on your laptop Compute Consumer: VM, Cloud Service Worker Role, Service Fabric, Web Job Storage: SQL DB, Azure Storage Blob, Azure Storage Table, Document DB, MySQL, Mongo, … Messaging: Service Bus, Azure Storage Queue, RabbitMQ, … Telemetry: App Insights, New Relic, AppDynamics, … Management: portal.azure.com, …

57 QCW requires “Plan for Failure” VM restarts will happen – Hardware failure, O/S patching, crash (bug) Bake in handling of restarts into our apps – Restarts are routine: system “just keeps working” – Idempotent support needed important – Event Sourcing (commonly seen with CQRS) may help Not an exception case! Expect it! Consider N+1 Rule

58 Typical SiteAny 1 Role InstOverall System Operating System Upgrade Application Code Update Scale Up, Down, or In Hardware Failure Software Failure (Bug) Security Patch What’s Up? Reliability as EMERGENT PROPERTY

59 What about the DATA? You: Azure Web & Worker Roles – Taking user input, dispatching work, doing work – Follow a decoupled queue-in-the-middle pattern – Stateless compute nodes Cloud: “Hard Part”: persistent, scalable data – Azure Queue & Blob Services – Three copies of each byte – Geo-replicated to sister data center – Busy Signal Pattern – Scalability targets: https://msdn.microsoft.com/en- us/library/azure/dn249410.aspx https://msdn.microsoft.com/en- us/library/azure/dn249410.aspx

60 Questions? Comments? More information? ?

61 Developer Resources www.windowsazure.com/develop/ is LOADED with Dev Libraries, How To Guides across: www.windowsazure.com/develop/ – Mobile (iOS, Android, Win Phone, Win 8 SDKs) –.NET, Node.js, Java, PHP, Python, REST – PowerShell, CLI Azure Readiness:https://github.com/Azure- Readiness/DevCamphttps://github.com/Azure- Readiness/DevCamp Use your MSDN resources And/Or Create a personal Azure account and use some of the free services (Web Sites, DB, etc.) @Bill Wilder61

62 Non-.NET Developer Resources Example: Create Node.js web site from Mac CLI https://www.windowsazure.com/en-us/develop/nodejs/tutorials/create-a-website-(mac)/ https://www.windowsazure.com/en-us/develop/nodejs/tutorials/create-a-website-(mac)/ Example: Create Linux (CentOS) VM from CLI (Node-based CLI – Windows not required) https://www.windowsazure.com/en-us/develop/php/how-to-guides/command-line- tools/ https://www.windowsazure.com/en-us/develop/nodejs/how-to- guides/command-line-tools/ https://www.windowsazure.com/en-us/develop/php/how-to-guides/command-line- tools/https://www.windowsazure.com/en-us/develop/nodejs/how-to- guides/command-line-tools/ Example: Install Couchbase + VNet on VM http://blogs.msdn.com/b/jimoneil/archive/2012/06/16/couchbase-on-azure-a- tour-of-new-windows-azure-features.aspx http://blogs.msdn.com/b/jimoneil/archive/2012/06/16/couchbase-on-azure-a- tour-of-new-windows-azure-features.aspx @Bill Wilder62

63 Cloud Architecture Patterns book Primer Chapters 1.Scalability 2.Eventual Consistency 3.Multitenancy and Commodity Hardware 4.Network Latency

64 Cloud Architecture Patterns book Pattern Chapters 1.Horizontally Scaling Compute Pattern 2.Queue-Centric Workflow Pattern 3.Auto-Scaling Pattern 4.MapReduce Pattern 5.Database Sharding Pattern 6.Busy Signal Pattern 7.Node Failure Pattern 8.Colocate Pattern 9.Valet Key Pattern 10.CDN Pattern 11.Multisite Deployment Pattern

65


Download ppt "Except where noted contents © 2014 Development Partners Software Corporation the Microsoft Azure."

Similar presentations


Ads by Google