global scale with microsoft azure scenarios achieving high availability with microsoft azure demos
TRANSCRIPT
Building Highly Available and Scalable Applications in
Microsoft Azure Narayan Annamalai, Stephen Malone
DEV-B311
Agenda
Global scale with Microsoft Azure
Scenarios
Achieving high availability with Microsoft Azure
Demos
Global presence
Azure footprint: 16 regions world-wide in 2014
Azure Network Stack
Network Services
Logical Network
Network Manager Virtual SwitchVirtual NetworkInfrastructure
SoftwareLoad Balancer
Traffic ManagerVirtual NetworkS2S and P2S VPN DNS ExpressRoute
Security, Compliance
Physical Network
Network Topology Network MonitoringNetwork Hardware Automation
NIC Performance Offloads
Network APIs
Network services
Core SDN tech
Uniform shared network
Global Scale and Resilience – Azure Traffic Manager
Traffic Manager: Intelligent customer routing
www.yourapp.com
Performance - Direct to “closest” service based on network latencyRound-robin - Distribute equally across all servicesFailover - Direct to “backup” service if primary fails
—also included in other policies
Load balancing policies
www.yourapp.com
Performance - Direct to “closest” service based on network latencyRound-robin - Distribute equally across all servicesFailover - Direct to “backup” service if primary fails
—also included in other policies
Load balancing policies
Traffic Manager: Intelligent customer routing
Automated failure detection and re-directionNorth America Region Europe Region Asia Pacific Region
30ms 20ms40ms
Service health monitoring
120ms
How Azure Traffic Manager worksDNS (Domain Name System) based
global traffic management
Traffic Manager profile created with name (contoso.trafficmanager.net), routing policy, and health monitoring configuration
Service instances (endpoints) then added to the Traffic Manager profile to route traffic between those services
Traffic Manager supports IaaS VMs, PaaS Web/Worker roles, Azure Websites and Non-Azure endpoints as peers in the same profile with active monitoring for all endpoints
www.contoso.com
CNAME
Non-AzureEndpoints
Load-balancing
Endpoint monitoring
contoso.trafficmanager.net
Cloud service
Azure web site
“choose the best performing deployment” between:
Deployment ADeployment BDeployment C
DNS Server
Q: What is contoso.trafficmanager.net?
Policy Engine
Traffic Manage
r
5
contoso policy
How Azure Traffic Manager works
Deployment AUS North
Deployment BWest Europe
Deployment C (Down)
IP=11.22.33.44 IP=22.33.44.55IP=33.44.55.66
20ms 80ms
ns1.contoso.comns2.contoso.com
Q: What is www.contoso.com?
A: CNAME to contoso.trafficmanager.net
34
6
7
8
Which deployments are up?
What are the regions for deployments A and B?
What is the network distance between IP 99.88.77.66 and the US North and West Europe regions?
Users’ LDNSIP=99.88.77.
66
a.root-servers.net…
k.root-servers.net
Q: What is www.contoso.com?A: Ask ns1/2.contoso.com
12
9A: 11.22.33.44
Now supporting external, non-Azure, endpoints for all traffic manager policies with full support for automated monitoring, failure detection and end-user re-directionInclude endpoints from different Azure subscriptions in the same policyAdd redundancy for your on-premises service using Azure Traffic ManagerInclude your on-premises endpoints as scale units to achieve greater scale, or as additional geographical locations to improve performance for your end usersEnables burst to cloud scenarios transparently to the end-user
New support for External Endpoints
DemoExternal EndpointsStephen Malone
Built to scale- Regional Virtual Networks
Virtual Network
<subnet X>
<subnet Y>
<subnet Z>
Virtual network
DNS Server
Logical isolation with control over network
Create subnets with your private IP addresses
Stable and persistent private IP addresses
Bring your own DNS
Use Azure-provided DNS
Secure VMs with input endpoint ACLs
Microsoft Azure
Isolated and connectedMicrosoft
Azure
Customer Virtual Network
SharePointActive Directory
Internet
Public VIP
Isolated private channel
Web Servers
Regional scopeVNET spans to an entire regionFully connected private and isolated network across datacentersNew services requiring specific SKUs (A8, A9) can be added to same VNet – Seamless expansion
Azure Front End
US West South East Asia
RNM RNM
VNet scope
VNet scope
PortalAPI
Inter connected VNets VNets can be connected through secure Azure gateways VNets can be in different subscriptionsVNets in same or across regions can be connected
VNet East US
VNet West Europe
VNet East Asia
Cross region secure channel
AD/DNS
Connecting to Multiple sites
Multiple Site-to-Site connections
Multiple on-premises sites connect to same virtual networksites may be geographically dispersed
Connect to multiple on-premises locationsGlobal private network
Global Connectivity
VNet1US West VNet2
East Asia
Contoso NorthAm
HQ (10.0.0.0/16)
Contoso East Asia (10.3.0.0/16)
Secure private channel
Running Highly Available Services
Public facing ServicesEvery cloud service is given a public IP address (VIP) from Azure’s pool of addressVirtual machines, Web/Worker roles in the cloud service can be accessed through the VIP using endpointsAzure provides load balancing at no charge
Internet
To VIP
Cloud service
VIP
Azure Load Balancer
Microsoft Azure
IP: 101. 121.---.255
IP: 127.255. ---.---
IP: 2001:4898:9:2:---:e
60c:b118:---
IP: 111.111. ---.---
Public Endpoint Access Control Lists
22
VirtualMachines
IP: 101. 121.---.255
IP: 127.255. ---.---
End Point ACL
P
P
Internal Load balancing (ILB) between VMs without public facing endpoints Enables load balancing among VMs with private IP addresses Load balanced endpoint accessible only by customer’s virtual and on-premises networks or just within the cloud service
Multi-tier applications with internal
facing tiers require load balancingMiddle tier, DB backend not
exposed to InternetLoadbalanced endpoints exposed
only to CorpNet Sharepoint, LOB Apps
External load
balancer
Web frontend tier Logic tier
Customer Virtual Network
Internal load
balancer
Customer on-premises
Back end
Front end
Internet
Internal load balancing (preview)
Microsoft Azure
Internal VIP
Public VIP
S2S, P2S or Express Route tunnel
Scenario– LOB AppsPrivate, highly available Sharepoint farm accessible from other VNets and on premises sites
Client VNet
Customers from VNet & On-Prems
Contoso US HQ Contoso East Asia
ILB
AD/DNS
FE
SQL
FE
SQL
FE
SQL
Sharepoint VNet
Japan West
Japan East
Web Subnet (10.0.0.0/24)
10.0.0.100
Data Subnet (10.0.0.4/24)
IP reservationToday, every cloud service gets a VIP (public virtual IP address) assigned by Azure Instances and VMs inside a cloud service get private IP addresses. These VMs only accessible via endpoint port mapping from VIP to the VM.
IP reservation:Reserve public IP addressesCustomers can own IP addresses and assign them to cloud servicesReserved IP can be used on any cloud service on the regionCurrent IP Address on existing service can be reserved as wellReserved IPs are customers to keep
Internet
Reserved VIP
DIP1 DIP2
VM1 VM2
Cloud service
Reserved VIP
VIP: <port x> DIP1:<port y> OR DIP2:<port y>
LBMicrosoft Azure
Azure Front EndReserve IP
Reserved IP
Use Reserved IP
Instance level public IPs (Preview)Today, every cloud service gets a VIP (public virtual IP address) assigned by Azure Instances and VMs inside a cloud service get private IP addresses. These VMs only accessible via endpoint port mapping from VIP to the VM.
Instance-level Public IPs Assign public IPs to VMsDirect reachability to the VM, no endpoint requiredPublic IP used as the outgoing IP addressEnables scenarios like FTP services, external monitoring etc
instance level public IPs
PIP1
Internet
DIP1 DIP2
Cloud service Reserved VIP
Load Balanc
er
Microsoft Azure
Public IP1
Public IP2
DIP1
DIP2
Create a Regional VnetReserve a VIPDeploy IaaS VMs with Reserved VIPCreate public LB endpointCreate ILB endpointAttach Instance level
Public IPS
Demo
Vnet Japan West
Reserved VIP
80 100
80 100
ILB VIP
ClientWebServer1 WebServer
2Public IP 1
Internet
Public IP 2
DEV-B312 What’s new in Windows Azure IaaSDEV-B346 What’s new in Windows Azure NetworkingDEV-B311 Building highly available and scalable applications in Windows AzureDEV-B360 Extending your premises to Windows Azure with Virtual Networks and ExpressRouteDEV-B415 ExpressRoute: Connecting private and public clouds through Exchange ProvidersDEV-B422 ExpressRoute: Connecting private and public clouds through WAN providersDEV-B324 Security and Windows Azure IaaSDEV-B328 Running your Dev/Test in Windows AzureDEV-B375 Public Cloud Security: Surviving in a Hostile Multitenant Environment DEV-B334 Disaster Recovery and Windows Azure IaaSDEV-B338 IaaS: Hosting a Microsoft SharePoint 2013 Farm on Windows AzureDEV-B361 Oracle in Windows Azure
Related Sessions
ResourcesMicrosoft Engineering Stories
How Microsoft Builds Softwarehttp://aka.ms/EngineeringStories
Visual Studio Industry Partner Program
Meet Our New Visual Studio Online Partners or Join Now.http://vsipprogram.com
Visual Studio | Integrate
Create Your Own Dev Environmenthttp://integrate.visualstudio.com
Development tools & services for teams of all sizeshttp://www.visualstudio.com
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.