windows azure iaas
DESCRIPTION
Until recently Windows Azure has been a Platform-as-a-Service (PaaS) offering. PaaS is great in terms of scalability, availability, lower TCO and time-to-market, but there are a lot of real world scenarios that either are hard to implement on PaaS or still require on-premises infrastructure. June 7th this year Microsoft launched a preview offering of Infrastructure-as-a-Service as well. Now, we have Windows Azure Virtual Machines and Windows Azure Virtual Network at our disposal, which makes a lot of these real world scenarios feasible in Windows Azure without harming the business case for that scenario.TRANSCRIPT
![Page 1: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/1.jpg)
WINDOWS AZURE IAAS
Patriek van Dorp
Technology Consultant Microsoft
![Page 2: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/2.jpg)
2
Private Cloud to Public Cloud
PaaS SaaSPhysical Virtual IaaS
![Page 3: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/3.jpg)
3
Cloud Models
On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anag
e
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Manag
ed
by M
icroso
ft
You m
anag
e
Platform(as a Service)
Manag
ed
by M
icroso
ft
You m
anag
eStorage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Manag
ed
by M
icroso
ft
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
![Page 4: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/4.jpg)
4
Only Pay For What You Use
![Page 5: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/5.jpg)
5
CLOUD SERVICES (PAAS)
Build infinitely scalable apps and servicesSupport rich multi-tier architecturesAutomated application management
![Page 6: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/6.jpg)
6
What is a Cloud Service?
A container of related service roles
Web Role Worker Role
![Page 7: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/7.jpg)
7
Roles and RoleInstances
At runtime each Role will execute on one or more instances A role instance is a set of code, configuration, and local data, deployed in a dedicated VM
Roles are defined in a Cloud ServiceA role definition specifies:VM sizeCommunication EndpointsLocal storage resourcesNumber of InstancesEtc.
![Page 8: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/8.jpg)
8
Packaging and Configuration
CLOUD SERVICES ARE DESCRIBED BY TWO IMPORTANT ARTIFACTS:Service Definition (*.csdef)
Service Configuration (*.cscfg)
YOUR CODE IS ZIPPED AND PACKAGED WITH DEFINITION (*.CSPKG)Encrypted(Zipped(Code + *.csdef)) == *.cspkg
WINDOWS AZURE CONSUMES JUST (*.CSPKG + *.CSCFG)
![Page 9: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/9.jpg)
9
Everything goes to the Cloud!
![Page 10: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/10.jpg)
10
We trust Microsoft without question!
![Page 11: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/11.jpg)
11
WINDOWS AZURE VIRTUAL MACHINES
![Page 12: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/12.jpg)
12
Infrastructure as a Service
The spring release of Windows Azure
Infrastructure as a Service introduces
new functionality that allows full
control and management of virtual
machines along with an extensive
virtual networking offering.
If deploying an application requires a developer’s involvement, it’s not IaaS
![Page 13: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/13.jpg)
13
Windows Azure Virtual Machines
Support for key server applications
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
![Page 14: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/14.jpg)
14
Things That Don’t Work (yet)
OS Component Why not supported?Hyper-V Hyper-V on Hyper-V
DHCP Broadcast
NLB Broadcast
Failover Clustering “Floating” IP
Bitlocker (on OS disk) TPM Chip
![Page 15: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/15.jpg)
15
GETTING STARTED WITH VIRTUAL MACHINES
Demo
![Page 16: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/16.jpg)
16
Images Available in Preview
OpenSUSE 12.1CentOS 6.2 Ubuntu 12.04SUSE Linux Enterprise Server SP2
Windows Server 2008 R2
Windows Server 2008 R2 with• SQL Server 2012
Evaluation
Windows Server 2012 RTM
WindowsLinux
![Page 17: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/17.jpg)
17
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual Machine
![Page 18: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/18.jpg)
18
Persistent Disks and High Durability
Windows Azure Storage
Windows Azure Storage (Disaster Recovery)
Virtual Machine
Virtual Machine
![Page 19: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/19.jpg)
19
Provisioning a Platform Image
Portal (API)HyperVisor
VM
OS
Data
Cache
ISO
Platform Storage Repository
Customer’s Storage Account
Stock Images
Provisioning
Repository
Unattend
Add Server Hostname Password …
Cache.VHD
Storage API
OS Disk
Data Disk
![Page 20: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/20.jpg)
20
Persistent Disk Management
Capability OS Disk Data Disk
Host Cache Default
ReadWrite None
Max Capacity 127 GB 1 TB
Imaging Capable Yes No
Hot Update Cache Setting Requires Reboot
Change Cache Without Reboot, Add/Remove without Reboot.
![Page 21: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/21.jpg)
21
Disks and Images
OS Images
• Microsoft• Partner • User
Disks
• OS Disks • Data Disks
Base OS image for new Virtual MachinesSys-Prepped/Generalized/Read Only Created by uploading or by capture
Writable Disks for Virtual MachinesCreated during VM creation or during upload of existing VHDs.
![Page 22: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/22.jpg)
22
VIRTUAL MACHINES AND CLOUD SERVICES
![Page 23: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/23.jpg)
23
Cloud Services, Roles and Instances
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Cloud Service is a management, configuration, security, networking and service model boundary
![Page 24: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/24.jpg)
24
Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Virtual Machines are roles with exactly one instance
IMPLICIT CLOUD SERVICE
VM
![Page 25: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/25.jpg)
25
Cloud Services with Virtual Machines
CLOUD SERVICE
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
Multiple Virtual Machines can be hosted within the same cloud service
IMPLICIT CLOUD SERVICE
VM
CLOUD SERVICE
VM VM
![Page 26: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/26.jpg)
26
VIRTUAL MACHINE NETWORKING
![Page 27: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/27.jpg)
27
Virtual Machine Names and DNS
FULL CONTROL OVER MACHINE NAMES
WINDOWS AZURE PROVIDED DNSResolves VMs by name within the same cloud service
Machine names are modeled explicitly and registered in the DNS service
BRING YOUR OWN DNS SERVERUse your on-premises DNS servers
Deploy a DNS server in Windows Azure
Use public DNS services
![Page 28: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/28.jpg)
28
Protocols and Endpoints
UDP TRAFFIC SUPPORTED IN WA Load-balanced incoming traffic and allows outbound traffic
SUPPORT FOR ALL IP-BASED PROTOCOLS (VM TO VM)Instance-to-instance communication
TCP, UDP and ICMP, dynamic ports
PORT FORWARDED ENDPOINTSDirect communication to multiple VMs in the same cloud app
CUSTOM LOAD BALANCER HEALTH PROBESHealth check with probe timeouts
HTTP based probing, allowing granular control of health checks
![Page 29: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/29.jpg)
29
Port Forwarding Input Endpoints
PORT 3389PORT 5586
PORT 5587
Single Public IP Per Cloud Service
Cloud Service
PORT 3389
![Page 30: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/30.jpg)
30
Load Balanced Sets
PORT 80
Cloud Service
![Page 31: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/31.jpg)
31
LOAD BALANCED SETS
Demo
![Page 32: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/32.jpg)
32
VIRTUAL MACHINE AVAILABILITY
![Page 33: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/33.jpg)
33
Service Level Agreement
99.95% FOR MULTIPLE ROLE INSTANCES4.38 hours of downtime per year
99.9% FOR SINGLE ROLE INSTANCES8.75 hours of downtime per year
WHAT’S INCLUDED?Compute Hardware failure (disk, cpu, memory)Datacenter failures - Network failure, power failureHardware upgrades, Software maintenance – Host OS UpdatesPlanned downtime – 6 day notice, 6 hour window, 25 minute downtime
WHAT’S NOT INCLUDEDVM crashes caused by 3rd party software, Guest OS Updates
![Page 34: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/34.jpg)
34
Fault and Update Domains
FAULT DOMAINSRepresent groups of resources anticipated to fail together (i.e. Same rack, same server)
UPDATE DOMAINSRepresents groups of resources that will be updated together
Host OS updates honour service update domains
Specified in service definition
Default of 5 (up to 20)
Fabric Controller spreads role instances across Update Domains and Fault Domains
![Page 35: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/35.jpg)
35
Fault and Update Domains
Fault Domain
Rack
Fault Domain
Rack
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
INSTANCE
UD #1
UD #1
UD #2
UD #2
![Page 36: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/36.jpg)
36
Virtual Machines Availability SetsUpdate Domains are honored by Host OS updates
Fault Domain
Rack
Fault Domain
Rack
IIS1
SQL1
IIS2
SQL2
UD #2
UD #2
UD #1
UD #1
![Page 37: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/37.jpg)
37
WINDOWS AZURE VIRTUAL NETWORKS
![Page 38: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/38.jpg)
38
Windows Azure Connectivity Options
Data SynchronizationSQL Data Sync
Application-Layer Connectivity & Messaging
Service Bus
CLOUD ENTERPRISE
Secure Machine-to-Machine Network
ConnectivityWindows Azure Connect
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
![Page 39: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/39.jpg)
39
Windows Azure Virtual Networks
YOUR “VIRTUAL” BRANCH OFFICE / DATACENTER IN THE CLOUD
Enables customers to extend their Enterprise Networks into Windows Azure
Networking on-ramp for migrating existing apps and services to Windows Azure
Enables customers to run “hybrid” apps that span cloud and their premises
A PROTECTED PRIVATE VIRTUAL NETWORK IN THE CLOUD
Enables customers to setup secure private IPv4 networks fully contained within Windows Azure
IP address persistence
Inter-service DIP-to-DIP communication
![Page 40: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/40.jpg)
40
Virtual Network Features
CUSTOMER-MANAGED PRIVATE VIRTUAL NETWORKS WITHIN WINDOWS AZURE
Bring your own IPv4 addresses
Control over placement of Windows Azure Roles within the network
Stable IPv4 addresses for VMs
HOSTED VPN GATEWAY THAT ENABLES SITE-TO-SITE CONNECTIVITY
Automated provisioning & management
Support existing on-premises VPN devices
USE ON-PREMISE DNS SERVERS FOR NAME RESOLUTION
Enables customers to use their on-premise DNS servers for name resolution
Enables VMs running in Windows Azure to be joined to corporate domains running on-premise (use your on-premise Active Directory)
![Page 41: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/41.jpg)
41
GETTING STARTED WITH VIRTUAL NETWORKS
Demo
![Page 42: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/42.jpg)
42
Supported VPN Device List
CISCOPlatform OS Family
ASA 5500 Series (Adaptive Security Appliances)
ASA Software 8.4+
ASR 1000 Series Aggregation Services Routers
IOS XE 2.1+
ISR Series Integrated Services Routers
IOS 12.2+
JUNIPERPlatform OS Family
SRX Series Routers JunOS 10.2+
J Series Routers JunOS 9.4+
ISG Series Routers ScreenOS 6.2+
SSG Series Routers ScreenOS 6.2+
GENERIC VPN DEVICES MUST SUPPORTIKE v1AES 128, 256SHA1, SHA2
![Page 43: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/43.jpg)
43
SCENARIOS
![Page 44: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/44.jpg)
44
Virtual Network Scenarios
HYBRID PUBLIC/PRIVATE CLOUDEnterprise app in Windows Azure requiring connectivity to on-premise resources
ENTERPRISE IDENTITY AND ACCESS CONTROLManage identity and access control with on-premise resources (on-premises Active Directory)
MONITORING AND MANAGEMENTRemote monitoring and trouble-shooting of resources running in Windows Azure
ADVANCED CONNECTIVITY REQUIREMENTSCloud deployments requiring persistent IP addresses and direct connectivity across services
![Page 45: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/45.jpg)
45
Connecting Applications and VMs
SQL Data Access Traffic
Through Public
Endpoint
WA Web Role or Web Site
Cloud Service
SQL Server
Load Balancer
80
2001-1433
Secure Endpoints with Windows Server Firewall
Load Balancer
STRENGTHSSimplicityTenant AutonomyVIP Swap (cloud services)Easy Local Dev/Test
WEAKNESSESHigher LatencyLess SecureManagement/Deployment Overhead
Cloud Service
![Page 46: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/46.jpg)
46
Connecting Cloud Services with VNET
Direct Access
via VNET
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet (10.1.0.0/16)
Load Balancer
80
WA Web Role Role
Cloud Service 1
Cloud Service 2
AD
SQL Mirror
AD Subnet(10.2.0.0/16)
ContosoVNet (10.0.0.0/8)STRENGTHS
More SecureLow LatencyCloud App AutonomyVIP Swap (stateless roles)Advanced Connectivity Requirements
WEAKNESSESVNET ComplexityNo Windows Azure provided DNS
![Page 47: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/47.jpg)
47
Mixing PaaS and IaaS in the Same Cloud Service
WA Web Role
Virtual Machine
Load Balancer
80
Cloud Service
STRENGTHSWindows Azure provided DNSLow latency connectivitySingle deployment, update and management unit
WEAKNESSNo VIP Swap (coming in the future)
Available at General Availability
![Page 48: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/48.jpg)
48
Summary
CHOOSE THE CLOUD MODEL THAT FITS YOUR NEEDS
With PaaS (Web/Worker Roles) you loose some control and you need to fit the mold of the Cloud vendor
With IaaS you have full control over your platform and you can run (almost) any software you like
USE VIRTUAL NETWORKS TO LEVERAGE LEGACY SYSTEMS ON-PREMISES
Use the existing IT Pro skills present in your organization to extend your corporate network to the Cloud
Create subnets to control the applications that can access resources on-premises
PAAS AND IAAS – BETTER TOGETHER
Mix and Match PaaS and IaaS to create the most desirable architectures fast and save
![Page 49: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/49.jpg)
49
QUESTIONS
patriek.van.dorp@soget
i.nl
@pvandorp
http://
onwindowsazure.com
http://
windowsazure.com
![Page 50: Windows Azure IaaS](https://reader035.vdocument.in/reader035/viewer/2022081413/548ca4b6b4795931018b46fa/html5/thumbnails/50.jpg)
50
Local touch - Global reach