Building Highly Available and Scalable Applications in

Microsoft Azure Narayan Annamalai, Stephen Malone

DEV-B311

Agenda

Global scale with Microsoft Azure

Scenarios

Achieving high availability with Microsoft Azure

Demos

Global presence

Azure footprint: 16 regions world-wide in 2014

Azure Network Stack

Network Services

Logical Network

Network Manager Virtual SwitchVirtual NetworkInfrastructure

SoftwareLoad Balancer

Traffic ManagerVirtual NetworkS2S and P2S VPN DNS ExpressRoute

Security, Compliance

Physical Network

Network Topology Network MonitoringNetwork Hardware Automation

NIC Performance Offloads

Network APIs

Network services

Core SDN tech

Uniform shared network

Global Scale and Resilience – Azure Traffic Manager

Traffic Manager: Intelligent customer routing

www.yourapp.com

Performance - Direct to “closest” service based on network latencyRound-robin - Distribute equally across all servicesFailover - Direct to “backup” service if primary fails

—also included in other policies

Load balancing policies

www.yourapp.com

Performance - Direct to “closest” service based on network latencyRound-robin - Distribute equally across all servicesFailover - Direct to “backup” service if primary fails

—also included in other policies

Load balancing policies

Traffic Manager: Intelligent customer routing

Automated failure detection and re-directionNorth America Region Europe Region Asia Pacific Region

30ms 20ms40ms

Service health monitoring

120ms

How Azure Traffic Manager worksDNS (Domain Name System) based

global traffic management

Traffic Manager profile created with name (contoso.trafficmanager.net), routing policy, and health monitoring configuration

Service instances (endpoints) then added to the Traffic Manager profile to route traffic between those services

Traffic Manager supports IaaS VMs, PaaS Web/Worker roles, Azure Websites and Non-Azure endpoints as peers in the same profile with active monitoring for all endpoints

www.contoso.com

CNAME

Non-AzureEndpoints

Load-balancing

Endpoint monitoring

contoso.trafficmanager.net

Cloud service

Azure web site

“choose the best performing deployment” between:

Deployment ADeployment BDeployment C

DNS Server

Q: What is contoso.trafficmanager.net?

Policy Engine

Traffic Manage

r

5

contoso policy

How Azure Traffic Manager works

Deployment AUS North

Deployment BWest Europe

Deployment C (Down)

IP=11.22.33.44 IP=22.33.44.55IP=33.44.55.66

20ms 80ms

ns1.contoso.comns2.contoso.com

Q: What is www.contoso.com?

A: CNAME to contoso.trafficmanager.net

34

6

7

8

Which deployments are up?

What are the regions for deployments A and B?

What is the network distance between IP 99.88.77.66 and the US North and West Europe regions?

Users’ LDNSIP=99.88.77.

66

a.root-servers.net…

k.root-servers.net

Q: What is www.contoso.com?A: Ask ns1/2.contoso.com

12

9A: 11.22.33.44

Now supporting external, non-Azure, endpoints for all traffic manager policies with full support for automated monitoring, failure detection and end-user re-directionInclude endpoints from different Azure subscriptions in the same policyAdd redundancy for your on-premises service using Azure Traffic ManagerInclude your on-premises endpoints as scale units to achieve greater scale, or as additional geographical locations to improve performance for your end usersEnables burst to cloud scenarios transparently to the end-user

New support for External Endpoints

DemoExternal EndpointsStephen Malone

Built to scale- Regional Virtual Networks

Virtual Network

<subnet X>

<subnet Y>

<subnet Z>

Virtual network

DNS Server

Logical isolation with control over network

Create subnets with your private IP addresses

Stable and persistent private IP addresses

Bring your own DNS

Use Azure-provided DNS

Secure VMs with input endpoint ACLs

Microsoft Azure

Isolated and connectedMicrosoft

Azure

Customer Virtual Network

SharePointActive Directory

Internet

Public VIP

Isolated private channel

Web Servers

Regional scopeVNET spans to an entire regionFully connected private and isolated network across datacentersNew services requiring specific SKUs (A8, A9) can be added to same VNet – Seamless expansion

Azure Front End

US West South East Asia

RNM RNM

VNet scope

VNet scope

PortalAPI

Inter connected VNets VNets can be connected through secure Azure gateways VNets can be in different subscriptionsVNets in same or across regions can be connected

VNet East US

VNet West Europe

VNet East Asia

Cross region secure channel

AD/DNS

Connecting to Multiple sites

Multiple Site-to-Site connections

Multiple on-premises sites connect to same virtual networksites may be geographically dispersed

Connect to multiple on-premises locationsGlobal private network

Global Connectivity

VNet1US West VNet2

East Asia

Contoso NorthAm

HQ (10.0.0.0/16)

Contoso East Asia (10.3.0.0/16)

Secure private channel

Running Highly Available Services

Public facing ServicesEvery cloud service is given a public IP address (VIP) from Azure’s pool of addressVirtual machines, Web/Worker roles in the cloud service can be accessed through the VIP using endpointsAzure provides load balancing at no charge

Internet

To VIP

Cloud service

VIP

Azure Load Balancer

Microsoft Azure

IP: 101. 121.---.255

IP: 127.255. ---.---

IP: 2001:4898:9:2:---:e

60c:b118:---

IP: 111.111. ---.---

Public Endpoint Access Control Lists

22

VirtualMachines

IP: 101. 121.---.255

IP: 127.255. ---.---

End Point ACL

P

P

Internal Load balancing (ILB) between VMs without public facing endpoints Enables load balancing among VMs with private IP addresses Load balanced endpoint accessible only by customer’s virtual and on-premises networks or just within the cloud service

Multi-tier applications with internal

facing tiers require load balancingMiddle tier, DB backend not

exposed to InternetLoadbalanced endpoints exposed

only to CorpNet Sharepoint, LOB Apps

External load

balancer

Web frontend tier Logic tier

Customer Virtual Network

Internal load

balancer

Customer on-premises

Back end

Front end

Internet

Internal load balancing (preview)

Microsoft Azure

Internal VIP

Public VIP

S2S, P2S or Express Route tunnel

Scenario– LOB AppsPrivate, highly available Sharepoint farm accessible from other VNets and on premises sites

Client VNet

Customers from VNet & On-Prems

Contoso US HQ Contoso East Asia

ILB

AD/DNS

FE

SQL

FE

SQL

FE

SQL

Sharepoint VNet

Japan West

Japan East

Web Subnet (10.0.0.0/24)

10.0.0.100

Data Subnet (10.0.0.4/24)

IP reservationToday, every cloud service gets a VIP (public virtual IP address) assigned by Azure Instances and VMs inside a cloud service get private IP addresses. These VMs only accessible via endpoint port mapping from VIP to the VM.

IP reservation:Reserve public IP addressesCustomers can own IP addresses and assign them to cloud servicesReserved IP can be used on any cloud service on the regionCurrent IP Address on existing service can be reserved as wellReserved IPs are customers to keep

Internet

Reserved VIP

DIP1 DIP2

VM1 VM2

Cloud service

Reserved VIP

VIP: <port x> DIP1:<port y> OR DIP2:<port y>

LBMicrosoft Azure

Azure Front EndReserve IP

Reserved IP

Use Reserved IP

Instance level public IPs (Preview)Today, every cloud service gets a VIP (public virtual IP address) assigned by Azure Instances and VMs inside a cloud service get private IP addresses. These VMs only accessible via endpoint port mapping from VIP to the VM.

Instance-level Public IPs Assign public IPs to VMsDirect reachability to the VM, no endpoint requiredPublic IP used as the outgoing IP addressEnables scenarios like FTP services, external monitoring etc

instance level public IPs

PIP1

Internet

DIP1 DIP2

Cloud service Reserved VIP

Load Balanc

er

Microsoft Azure

Public IP1

Public IP2

DIP1

DIP2

Create a Regional VnetReserve a VIPDeploy IaaS VMs with Reserved VIPCreate public LB endpointCreate ILB endpointAttach Instance level

Public IPS

Demo

Vnet Japan West

Reserved VIP

80 100

80 100

ILB VIP

ClientWebServer1 WebServer

2Public IP 1

Internet

Public IP 2

DEV-B312 What’s new in Windows Azure IaaSDEV-B346 What’s new in Windows Azure NetworkingDEV-B311 Building highly available and scalable applications in Windows AzureDEV-B360 Extending your premises to Windows Azure with Virtual Networks and ExpressRouteDEV-B415 ExpressRoute: Connecting private and public clouds through Exchange ProvidersDEV-B422 ExpressRoute: Connecting private and public clouds through WAN providersDEV-B324 Security and Windows Azure IaaSDEV-B328 Running your Dev/Test in Windows AzureDEV-B375 Public Cloud Security: Surviving in a Hostile Multitenant Environment DEV-B334 Disaster Recovery and Windows Azure IaaSDEV-B338 IaaS: Hosting a Microsoft SharePoint 2013 Farm on Windows AzureDEV-B361 Oracle in Windows Azure

Related Sessions

ResourcesMicrosoft Engineering Stories

How Microsoft Builds Softwarehttp://aka.ms/EngineeringStories

Visual Studio Industry Partner Program

Meet Our New Visual Studio Online Partners or Join Now.http://vsipprogram.com

Visual Studio | Integrate

Create Your Own Dev Environmenthttp://integrate.visualstudio.com

Development tools & services for teams of all sizeshttp://www.visualstudio.com

Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.