windows azure iaas
Post on 23-Feb-2016
93 Views
Preview:
DESCRIPTION
TRANSCRIPT
WINDOWS AZURE IAAS
Patriek van DorpTechnology Consultant Microsoft
2
Private Cloud to Public Cloud
PaaS SaaSPhysical Virtual IaaS
3
Cloud Models
On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You
man
age
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managed by M
icrosoft
You
man
age
Platform(as a Service)
Managed by M
icrosoft
You
man
age
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Managed by M
icrosoft
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
4
Only Pay For What You Use
5
CLOUD SERVICES (PAAS)
Build infinitely scalable apps and servicesSupport rich multi-tier architecturesAutomated application management
6
What is a Cloud Service?
A container of related service roles
Web Role Worker Role
7
Roles and RoleInstances
At runtime each Role will execute on one or more instances A role instance is a set of code, configuration, and local data, deployed in a dedicated VM
Roles are defined in a Cloud ServiceA role definition specifies:VM sizeCommunication EndpointsLocal storage resourcesNumber of InstancesEtc.
8
Packaging and Configuration
CLOUD SERVICES ARE DESCRIBED BY TWO IMPORTANT ARTIFACTS:Service Definition (*.csdef)Service Configuration (*.cscfg)
YOUR CODE IS ZIPPED AND PACKAGED WITH DEFINITION (*.CSPKG)Encrypted(Zipped(Code + *.csdef)) == *.cspkg
WINDOWS AZURE CONSUMES JUST (*.CSPKG + *.CSCFG)
9
Everything goes to the Cloud!
10
We trust Microsoft without question!
11
WINDOWS AZURE VIRTUAL MACHINES
12
Infrastructure as a Service
The spring release of Windows Azure Infrastructure as a Service introduces new functionality that allows full control and management of virtual machines along with an extensive virtual networking offering.
If deploying an application requires a developer’s involvement, it’s not IaaS
13
Windows Azure Virtual Machines
Support for key server applications
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
14
Things That Don’t Work (yet)
OS Component Why not supported?Hyper-V Hyper-V on Hyper-VDHCP BroadcastNLB BroadcastFailover Clustering “Floating” IPBitlocker (on OS disk) TPM Chip
15
GETTING STARTED WITH VIRTUAL MACHINES
Demo
16
Images Available in Preview
OpenSUSE 12.1CentOS 6.2 Ubuntu 12.04SUSE Linux Enterprise Server SP2
Windows Server 2008 R2Windows Server 2008 R2 with• SQL Server 2012
EvaluationWindows Server 2012 RTM
WindowsLinux
17
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual Machine
18
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual MachineVirtual
Machine
19
Provisioning a Platform Image
Portal (API)HyperVisor
VM
OS
Data
Cache
ISO
Platform Storage Repository
Customer’s Storage Account
Stock Images
Provisioning
Repository
Unattend
Add Server Hostname Password …
Cache.VHD
Storage API
OS Disk
Data Disk
20
Persistent Disk Management
Capability OS Disk Data Disk
Host Cache Default
ReadWrite None
Max Capacity 127 GB 1 TBImaging Capable Yes No
Hot Update Cache Setting Requires Reboot
Change Cache Without Reboot, Add/Remove without Reboot.
21
Disks and Images
OS Images• Microsoft• Partner • User
Disks• OS Disks • Data Disks
Base OS image for new Virtual MachinesSys-Prepped/Generalized/Read Only Created by uploading or by capture
Writable Disks for Virtual MachinesCreated during VM creation or during upload of existing VHDs.
22
VIRTUAL MACHINES AND CLOUD SERVICES
23
Cloud Services, Roles and Instances
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INST
ANCE
S
ROLE
S
Cloud Service is a management, configuration, security, networking and service model boundary
24
Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INST
ANCE
S
ROLE
S
Virtual Machines are roles with exactly one instance
IMPLICIT CLOUD SERVICE
VM
25
Cloud Services with Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INST
ANCE
S
ROLE
S
Multiple Virtual Machines can be hosted within the same cloud service
IMPLICIT CLOUD SERVICE
VM
CLOUD SERVICE
VM VM
26
VIRTUAL MACHINE NETWORKING
27
Virtual Machine Names and DNS
FULL CONTROL OVER MACHINE NAMESWINDOWS AZURE PROVIDED DNS
Resolves VMs by name within the same cloud serviceMachine names are modeled explicitly and registered in the DNS service
BRING YOUR OWN DNS SERVERUse your on-premises DNS serversDeploy a DNS server in Windows AzureUse public DNS services
28
Protocols and Endpoints
UDP TRAFFIC SUPPORTED IN WA Load-balanced incoming traffic and allows outbound traffic
SUPPORT FOR ALL IP-BASED PROTOCOLS (VM TO VM)Instance-to-instance communicationTCP, UDP and ICMP, dynamic ports
PORT FORWARDED ENDPOINTSDirect communication to multiple VMs in the same cloud app
CUSTOM LOAD BALANCER HEALTH PROBESHealth check with probe timeoutsHTTP based probing, allowing granular control of health checks
29
Port Forwarding Input Endpoints
PORT 3389PORT 5586
PORT 5587
Single Public IP Per Cloud Service
Cloud Service
PORT 3389
30
Load Balanced Sets
PORT 80
Cloud Service
31
LOAD BALANCED SETS
Demo
32
VIRTUAL MACHINE AVAILABILITY
33
Service Level Agreement99.95% FOR MULTIPLE ROLE INSTANCES
4.38 hours of downtime per year99.9% FOR SINGLE ROLE INSTANCES
8.75 hours of downtime per year
WHAT’S INCLUDED?Compute Hardware failure (disk, cpu, memory)Datacenter failures - Network failure, power failureHardware upgrades, Software maintenance – Host OS UpdatesPlanned downtime – 6 day notice, 6 hour window, 25 minute downtime
WHAT’S NOT INCLUDEDVM crashes caused by 3rd party software, Guest OS Updates
34
Fault and Update DomainsFAULT DOMAINSRepresent groups of resources anticipated to fail together (i.e. Same rack, same server)UPDATE DOMAINSRepresents groups of resources that will be updated togetherHost OS updates honour service update domainsSpecified in service definitionDefault of 5 (up to 20)
Fabric Controller spreads role instances across Update Domains and Fault Domains
35
Fault and Update Domains
Fault DomainRack
Fault DomainRack
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
UD #1
UD #1
UD #2
UD #2
36
Virtual Machines Availability SetsUpdate Domains are honored by Host OS updates
Fault DomainRack
Fault DomainRack
IIS1
SQL1
IIS2
SQL2
UD #2
UD #2
UD #1
UD #1
37
WINDOWS AZURE VIRTUAL NETWORKS
38
Windows Azure Connectivity Options
Data SynchronizationSQL Data Sync
Application-Layer Connectivity & Messaging
Service Bus
CLOUD ENTERPRISE
Secure Machine-to-Machine Network
ConnectivityWindows Azure Connect
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
39
Windows Azure Virtual NetworksYOUR “VIRTUAL” BRANCH OFFICE / DATACENTER IN THE CLOUD
Enables customers to extend their Enterprise Networks into Windows AzureNetworking on-ramp for migrating existing apps and services to Windows AzureEnables customers to run “hybrid” apps that span cloud and their premises
A PROTECTED PRIVATE VIRTUAL NETWORK IN THE CLOUD
Enables customers to setup secure private IPv4 networks fully contained within Windows AzureIP address persistenceInter-service DIP-to-DIP communication
40
Virtual Network FeaturesCUSTOMER-MANAGED PRIVATE VIRTUAL NETWORKS WITHIN WINDOWS AZUREBring your own IPv4 addressesControl over placement of Windows Azure Roles within the networkStable IPv4 addresses for VMs
HOSTED VPN GATEWAY THAT ENABLES SITE-TO-SITE CONNECTIVITYAutomated provisioning & managementSupport existing on-premises VPN devices
USE ON-PREMISE DNS SERVERS FOR NAME RESOLUTIONEnables customers to use their on-premise DNS servers for name resolutionEnables VMs running in Windows Azure to be joined to corporate domains running on-premise (use your on-premise Active Directory)
41
GETTING STARTED WITH VIRTUAL NETWORKS
Demo
42
Supported VPN Device List
CISCOPlatform OS Family
ASA 5500 Series (Adaptive Security Appliances)
ASA Software 8.4+
ASR 1000 Series Aggregation Services Routers
IOS XE 2.1+
ISR Series Integrated Services Routers
IOS 12.2+
JUNIPERPlatform OS Family
SRX Series Routers JunOS 10.2+
J Series Routers JunOS 9.4+
ISG Series Routers ScreenOS 6.2+
SSG Series Routers ScreenOS 6.2+
GENERIC VPN DEVICES MUST SUPPORTIKE v1AES 128, 256SHA1, SHA2
43
SCENARIOS
44
Virtual Network ScenariosHYBRID PUBLIC/PRIVATE CLOUD
Enterprise app in Windows Azure requiring connectivity to on-premise resources
ENTERPRISE IDENTITY AND ACCESS CONTROLManage identity and access control with on-premise resources (on-premises Active Directory)
MONITORING AND MANAGEMENTRemote monitoring and trouble-shooting of resources running in Windows Azure
ADVANCED CONNECTIVITY REQUIREMENTSCloud deployments requiring persistent IP addresses and direct connectivity across services
45
Connecting Applications and VMs
SQL Data Access Traffic
Through Public
Endpoint
WA Web Role or Web Site
Cloud Service
SQL Server
Load Balancer
80
2001-1433
Secure Endpoints with Windows Server Firewall
Load Balancer
STRENGTHSSimplicityTenant AutonomyVIP Swap (cloud services)Easy Local Dev/Test
WEAKNESSESHigher LatencyLess SecureManagement/Deployment Overhead
Cloud Service
46
Connecting Cloud Services with VNET
Direct Access
via VNET
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet (10.1.0.0/16)
Load Balancer
80WA Web Role
Role
Cloud Service 1
Cloud Service 2
AD
SQL Mirror
AD Subnet(10.2.0.0/16)
ContosoVNet (10.0.0.0/8)STRENGTHS
More SecureLow LatencyCloud App AutonomyVIP Swap (stateless roles)Advanced Connectivity Requirements
WEAKNESSESVNET ComplexityNo Windows Azure provided DNS
47
Mixing PaaS and IaaS in the Same Cloud Service
WA Web RoleVirtual
MachineLoad
Balancer
80
Cloud Service
STRENGTHSWindows Azure provided DNSLow latency connectivitySingle deployment, update and management unit
WEAKNESSNo VIP Swap (coming in the future)
Available at General Availability
48
SummaryCHOOSE THE CLOUD MODEL THAT FITS YOUR NEEDSWith PaaS (Web/Worker Roles) you loose some control and you need to fit the mold of the Cloud vendorWith IaaS you have full control over your platform and you can run (almost) any software you like
USE VIRTUAL NETWORKS TO LEVERAGE LEGACY SYSTEMS ON-PREMISESUse the existing IT Pro skills present in your organization to extend your corporate network to the CloudCreate subnets to control the applications that can access resources on-premises
PAAS AND IAAS – BETTER TOGETHERMix and Match PaaS and IaaS to create the most desirable architectures fast and save
49
QUESTIONS
patriek.van.dorp@sogeti.nl@pvandorphttp://onwindowsazure.comhttp://windowsazure.com
50
Local touch - Global reach
top related