Thursday, July 26, 2012

Windows Azure Services for Windows Server - Part 2

In Part 2, we will take a closer look at the experience of this solution, already running in Windows Azure and the changes that were announced early in June. This is to help you to better understand Windows Azure in general, and to be able to use it in your strategy and also explain the long term goal of a common experience in cloud computing, no matter if it`s on-premise or public.

Windows Azure used to be PaaS – Only until recently.

I have blogged several times about Windows Azure and that it`s PaaS and not IaaS, even with the VM Role in mind.

A bit of history:

In the early beginning in 2007, Windows Azure did only support ASP.NET for the front-end and .NET in the back-end and was ideal for running Microsoft based code in the cloud and take advantage of Microsoft`s scalable datacenters. The only thing the developer had to focus on was to write code.

Based on feedback from customers, Microsoft had to open up a bit to support various workloads. People wanted to move to cloud computing but didn’t had the time or effort necessary to perform the transition. And of course, it was a huge question about costs as well.

In fact, If you needed to create a hybrid solution back then, you had to code everything. This also included the Service Bus for being able to communicate with on-premise resources or other roles in the cloud. Back in 2010 during PDC, Microsoft announced several new features like VM Role, Azure Connect and Admin mode among others.

Immediately people assumed that this was IaaS.

To make a long story short: Someone tried to move their VMs to Windows Azure (through Visual Studio, which they should consider as odd) and connected their VMs to on-premise resources by installing Azure Connect on their domain controller (also odd).

Things were running for a while, not fast as lightening but it did work, until Windows Azure did reset the image they uploaded. The reason for this was that the VM Role was stateless only.

The whole idea behind the VM role was to make it easier to move existing applications – that also required some manual configuration prior to launching the code for their applications. The developers knew this and was happy, but the IT pros who did misunderstand the concept, was failing beyond recognition. The really key to understand all this is to know cloud computing and its service models. PaaS is very different from IaaS when it comes to responsibility and functionality in the cloud stack. A rule to remember: if things are able to scale out, then it is stateless.

So what did change in June this year?

-        Windows Azure is now also considered as an IaaS cloud

When that said, the long term goal for your applications should be to be able to run in a PaaS environment which is considered as the most effective and modern pattern. But you have now an option for your server applications when using IaaS, since IaaS serves to the OS stack in the cloud stack. This means you can put whatever you want into your OS, and that IaaS is basically virtual machines – the most flexible service model in cloud computing.

Comparison of Virtual Machines (IaaS) vs. VM Role

Virtual Machine has persistent storage, included system partition

VM Role gives you a stateless VM with pre packed applications for advanced setup of applications

IaaS in Windows Azure introduces the following:

-        Support for key server applications

-        Easy storage manageability

-        High available features

-        Advanced networking

-        Integration with PaaS (as ‘Cloud Services’ in the new portal)

For us that have been working with infrastructure in general and private cloud, we know what this means. But we still need to dive into the PaaS offering in Windows Azure, although we’re not developers. The reason why I am saying this is because Windows Azure has a goal to deliver the same capabilities with their IaaS offering as with PaaS.
This will include things as VIP swap, fault domains and upgrade domains, affinity groups etc.

In the preview of the new Windows Azure portal you`ll find several images available.

-        Windows Server 2008 R2

-        Windows Server 2008 R2 with SQL Server 2012 Evaluation

-        Windows Server 2012 Release Candidate

-        Several versions of LINUX

Virtual Machine Architecture in Windows Azure

It was a question about storage for the persistent storage and Microsoft decided to used what they already had available in Windows Azure Storage, by leverage their Blobs which also creates at least three replicas. By using their existing Blobs in Azure Storage, they had to make several improvements for the overall performance as this was designed for PaaS. This has in turns lead to a greater performance for both PaaS and IaaS as a result of that.  (Amazon created a SAN solution for their VM storage).

You will find both Disks and Images in Windows Azure.

Image is a generalized VHD that you can clone and create VMs with.

Disks is the virtual hard disks associated with the VMs – as you already are familiar with through the concept of virtualization.

How many disks you can have attached to a single VM in Azure depends on the ‘VM Size’ like extra small, small, large and extrra large. The good thing though is that you only pay for what you are using (yeah, it`s cloud computing) so that every resources are dynamic.

By default, the OS disk in the VMs supports ReadWrite disk caching, and also ReadOnly.

The data disks supports None, ReadOnly and can be modified using ‘Set-AzureOSDisk’ or ‘Set-AzureDataDisk’ cmdlets. To connect to a VM in Windows Azure, you must use the ‘Connect’ button in the Azure portal to initiate a RDP session, and use the admin login you specified during creation. If it`s a Linux operating system you would use SSH to logon, that you installs on your client computer.

Cloud Service Architecture in Windows Azure

The concept of PaaS in Windows Azure is now called ‘Cloud Service’ and consists of Web Roles and Worker Roles which are running on VM instances.

In addition, when you create a stand-alone Virtual Machine in Windows Azure, it`s not bound to a cloud service. But when you are creating an additional VM you can then find an option to bound those VMs into a cloud service. So in other words, you can add virtual machines to existing cloud services.

Each cloud service has their own virtual private network where they can see each other and doesn’t have to communicate through the public IP/DNS name. The drawback for the moment is that it`s not possible that two different cloud services can communicate without going through the public IP/DNS name, but this is a feature that will come in the future. (Announced during TechEd)

Understanding High Availability in Windows Azure

SLA is an everlasting discussion between the vendor and the customer.

When we are talking about SLA we are always thinking about ‘how many nines do we need’. Windows Azure gives you 99,95% availability if you are following the rules and have at least two instances for your roles, and 99,9% for a single role instance.

We have something called Fault Domains and Upgrade Domains in Windows Azure.

Fault Domains represents hardware faults (rack) and default there is two fault domains for each role.

Update Domains represents how to service the roles during updates and default there is five update domains. You can create VM availability sets and spread the VMs on different fault domains

Windows Azure Virtual Networking

As I wrote in the beginning of this article, you could connect your cloud applications with on-premise resources by using Service Bus or Azure Connect. The last alternative was not ideal from an IT pros perspective, as you would have to install this agent on your domain controller. So let`s take a closer look at the enhancement in the networking space in Windows Azure.

You have now full control over VM names and can also take advantage of the Windows Azure provided DNS server, and resolve VMs by name within the same cloud service. If you want to be able to have name resolution between virtual machines and role instances located in the same virtual network but different cloud services, you must use your own DNS server (more about that in a later blog post).

One of the biggest benefit of Windows Azure DNS server is that you won’t get the degraded performance by lookup public IP/DNS when roles and VMs in the same cloud service must communicate, leading to fewer hops, since they are now communicating on the same virtual network, using internal IP`s/names.

As a ‘replacement’ for Azure connect, Windows Azure Virtual Network enables you to design and create secure site-to-site connectivity and protected virtual networks in the cloud.

Define your own address space for virtual networks and virtual networks gateways in the same manner as you would do when you`re working with branch offices.

We will not dive deep into all the details in this blog post, but you must take a moment and plan carefully when you are working with your network design, prior to publishing services and roles in Windows Azure. Consider the following:

-        DNS design

-        Address Space

-        Supported VPN gateway devices

-        Internet-accessible IP address for your VPN gateway device

And there`s more…
You can also take advantage of the new offerings like Web Sites and SQL Databases, and this will also be available in ‘Windows Azure Services for Windows Server’, but since this blog is mainly focusing on cloud computing and infrastructure, it will not be covered in this blog post.

No comments: