Hosting Microservices in Microsoft Azure

1CONFIDENTIAL
HOSTING MICROSERVICES IN
MICROSOFT AZURE
Sergii Kryshtop, Software Engineering Manager, EPAM Ukraine
APRIL 21, 2018

2CONFIDENTIAL
ABOUT THE SPEAKER
Sergii has 12+ years of experience in software development (6+ years with EPAM).
He works with Microsoft Technology Stack and Azure cloud platform being
focused on software architecture and design, cloud services, software
engineering practices, delivery management and resource management.
During his carrier, Sergii has worked with both green field and legacy systems,
with both small teams working in one room and big ones involving 30 people from
three distant geo locations.
Sergii is passionate about technology, since it enables engineers to make
people’s life easier and better. He is also fond of management, since it helps
development teams transform the intangible ideas and lines of code into tangible
products, which altogether brings real value for business and people.
SERGII KRYSHTOP
EPAM Systems, Software Engineering
Manager

3CONFIDENTIAL
MICROSERVICES
ARCHITECTURE:
CHARACTERISTICS

4CONFIDENTIAL
MONOLITHS AND MICROSERVICES
source: https://martinfowler.com/articles/microservices.html

5CONFIDENTIAL
• Single application as a suite of small
services (100+)
• Services are independently deployable and
scalable
• Different services to be written in different
programming languages
• Different services can be managed by
different teams
• Design for failure, requires monitoring and
logging
MONOLITHS VS. MICROSERVICES
• Change cycles are tied together
• Hard to keep a good modular structure
• Scaling requires scaling of the entire application
MICROSERVICE ARCHITECTURE MONOLITHIC ARCHITECTURE

6CONFIDENTIAL
• Networking, Service Discovery
• Configuration management
• Deployment w/o downtime
• Scaling
• Monitoring
COMPONENTS

7CONFIDENTIAL
SELECTING INFRASTRUCTURE
FOR MICROSERVICES

9CONFIDENTIAL
• App/OS Customization: ability to select OS and support of different programming languages and
runtimes
• Deployment: Built-in tools for application deployment, upgrade and integration with CI/CD tools
• Scalability: built-in capabilities for scaling-out application on specific condition
• Monitoring: built-in features for monitoring
• Cost Efficiency: hosting service cost per single application. The higher efficiency, the lower cost
• Security: ability to secure access to application on different OSI model levels. Higher mark indicates
ability to control access on lower levels (network, transport, application)
CRITERIA

10CONFIDENTIAL
• OS: Linux, Windows, Custom Image
• Deployment: No built-in support, Infrastructure only
• Scalability: autoscale with Azure Insights Autoscale
• Infrastructure monitoring (CPU, Memory, App metrics)
• SLA:
– 1 x VM: 99.9%
– 2 x VM in Availability Zones: 99.99%
• Cost for 50 microservices:
– 2 x 50 * A1 v2 ($31.39) = $3,139 / month
VIRTUAL MACHINE / VM SCALE SET
App/OS Customization:
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

11CONFIDENTIAL
• The most popular service for running Web and
API applications (including microservices)
• DevOps friendly
• Scale out within several minutes
• Supported languages: .NET, Java, Node.js, PHP,
and Python
• Monitoring and Integration with Application
Insight
• Docker image support is in preview
APP SERVICE / APP SERVICE PLAN
PROS
App Service Plan
VM1
Web App 1
IIS Site Web Site
Web App 2
IIS Site Web Job
VM2
Web App 1
IIS Site Web Site
Web App 2
IIS Site Web Job
AUTOSCALING
LOAD BALANCING

12CONFIDENTIAL
• No real isolation for each application. Applications runs in IIS Application Pool Process
• Scaling is focused on scaling VMs, but not the applications
• No control on per-application restrictions on consuming resources
• Internal load balancer only in Premium service App Service Environment
APP SERVICE / APP SERVICE PLAN
CONS

13CONFIDENTIAL
• OS: Windows and Linux
• Platforms: .NET Fx, .NET Core , Java, Node.js, PHP, Python
• Deployment:
– Integrated CD with major Git Repositories,
– Blue/Green and Canary support with Slots
• Scalability: autoscale (5 min window)
• Automatic OS update management
• SLA: 1 x App Service Plan: 99.95%
– 1 x 50 * S1 ($73.00) = $3,650 / month
APP SERVICE / WEB APPS
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

14CONFIDENTIAL
• OS: Linux
• Deployment:
– CI/CD with Docker Hub, Azure Container Registry, and
GitHub
– Blue/Green and Canary support with Slots
• Scalability: autoscale (min 5 min window)
• SLA: 1 x App Service Plan: 99.95%
– 1 x 50 * S1 ($73.00) = $3,650 / month
APP SERVICE / WEB APPS FOR CONTAINERS
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

15CONFIDENTIAL
• Dedicated App Service environment
• Predicted performance on RPS
• Deployed into Virtual Network
• All features of Azure App Service
• Up to 100 App Service Plans
– Flat fee for each ASE: $981.19/month
– 50 * I1 (255.50) = $12,775 / month
APP SERVICE ENVIRONMENT (ASE)
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

16CONFIDENTIAL
• Serverless architecture
• Reach deployment options from App Service Plan
• Predicted cost per transaction or use App Service Plan
• Languages: C#, JavaScript, F#
• Triggers: schedule, Azure Service events (Blob, Queue,
etc.), webhook
– Execution Time: $0.000016/GB-s
– Total Executions: $0.20 per mln executions
3 mln executions, 1 second, 512MB ~ $20 /month
AZURE FUNCTIONS
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

17CONFIDENTIAL
AZURE SERVICE FABRIC

18CONFIDENTIAL
• Fully managed platform and programming model for microservices
• Proven platform used by Azure and other Microsoft services
• Run in Azure, on-premise or other clouds
• Introduce additional Actor programming model
• Java, Docker and Windows containers are in roadmap. Linux support Is in Preview
AZURE SERVICE FABRIC (ASF)
PROS
CONS
• Vendor lock on Platform and model
• On-premise support were released in 2016
• Need to develop expertise

19CONFIDENTIAL
• OS: Windows, Linux
• Deployment: Rolling updates, etc.
• Scalability: built-in autoscale
• Infrastructure monitoring, App monitoring
• Programming Models: from containers and guest-
executables to microservices and actors.
• SLA: 99.99% (from VM)
– 5 x D2 V3 ($80.30) = $401.5 / month
– 5 x D4 V3 ($160.60) = $803.0 / month
AZURE SERVICE FABRIC
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

21CONFIDENTIAL
CONTAINERS ARE LIGHTWEIGHT
SERVER
HOST OS
GUEST OS
HYPERVISOR (TYPE 2)
LIBRARIES
APP A
GUEST OS
LIBRARIES
APP B
VM
SERVER
HOST OS
LIBRARIES
APP A
LIBRARIES
APP B
CONTAINERS
• Containers are isolated but share OS
• Increase the compute density and
memory utilization
DOCKER ENGINE

22CONFIDENTIAL
VIRTUAL MACHINES CONTAINERS AND THE HOST

23CONFIDENTIAL
• Application Deployment, including rollouts and rollbacks
• Horizontal Scaling
• Self-healing
• Discovery and load balancing
• Configuration management
• Monitoring
CONTAINER ORCHESTRATION
CONTAINER ORCHESTRATION = CLOUD PLATFORM

24CONFIDENTIAL
• Optimized provisioning of open-source container
orchestration tools
– Kubernetes
– DC/OS
– Docker Swarm
• Full automation of all orchestration platform
components
• Compatible with standard open-source
orchestration API
• ACS is a free service that clusters Virtual Machines
(VMs) into a container
• Hybrid deployment for applications
AZURE CONTAINER SERVICE (ACS)

25CONFIDENTIAL
CONTAINER ORCHESTRATION BASELINE ARCHITECTURE
Master
Master
App 1 App 2
App 3
App 1 App 2
Worker Node Worker Node
OrchestrationOrchestration
Orchestration
Services
Admin UI / CLI
Load Balancing
Application Users

26CONFIDENTIAL
ACS KUBERNETES DEPLOYMENT

27CONFIDENTIAL
ACS DOCKER SWARM DEPLOYMENT

28CONFIDENTIAL
ACS DC/OS (APACHE MESOS)

30CONFIDENTIAL
• Optimized provisioning of open-source container
orchestration tools
• Full automation of all orchestration platform
components
• Compatible with standard open-source
orchestration API
• ACS is a free service that clusters Virtual Machines
(VMs) into a container
• Hybrid deployment for applications
AZURE KUBERNETES SERVICE (AKS)

31CONFIDENTIAL
• Azure-Hosted Control Plane
• Control version of Kubernetes
• Upgrade to new version of Kubernetes
• No payment for Master Nodes
AZURE CONTAINER SERVICE (MANAGED) (AKS)
UNMANAGED KUBERNETES (ACS) MANAGED KUBERNETES (AKS)
Control Plane
Master
VM
Master
VM
Master
VM
Agent Pool
Agent
VM
Agent
VM
Agent
VM
Hosted
Control Pane
Agent Pool
Agent
VM
Agent
VM
Agent
VM

32CONFIDENTIAL
• OS: Linux
• Deployment: Rolling updates, etc.
• Scalability: in-cluster scaling
• Infrastructure monitoring, App monitoring (K8s tools)
• Programming Models: Any that can run in Linux containers
• SLA: 99.99% (from VM when 2+ workers)
– Master: 3 x D2 V3 ($80.30) ~ $241.0 / month
– Worker: 3 x D4 V3 ($160.60) ~ $483.0 / month
AZURE KUBERNETES SERVICE (AKS)
Deployment:
Scalability:
Monitoring:
Cost Efficiency:
Security:

33CONFIDENTIAL
• Store and manage container images across all types of Azure deployments
• Azure Container Registry is a managed Docker registry service based on the open-source
Docker Registry 2.0.
• Maintain Windows and Linux container images in a single Docker registry
• Use familiar, open-source Docker command line interface (CLI) tools
• Simplify registry access management with Azure Active Directory
• Managed Registry and Classic
AZURE CONTAINER REGISTRY SERVICE

34CONFIDENTIAL
ACR PRICING
Managed Registry SLA 99.9% successfully process Registry Transactions.
The SLA for Classic Registry is provided through Azure Storage (99.9%).

36CONFIDENTIAL
IN DATA TIER
CONTAINERS

37CONFIDENTIAL
• Get more DTU density for given cost
• Databases runs in isolation
• Scale up/down database manually or
using autoscale
SQL DATABASE ELASTIC POOL
SQL ELASTIC DATABASE POOL
eDTU POOL

38CONFIDENTIAL
DEMO:
DEPLOY TO ACS KUBERNETES

39CONFIDENTIAL
1. Provision Managed Kubernetes Cluster
2. Provision Azure Container Service
3. Get sample application from GitHub and create docker package
4. Push app image to registry
5. Deploy application to cluster
SCENARIO
https://github.com/sergekryshtop/gab2018_aksdemo

43CONFIDENTIAL
CREATE DOCKER REGISTRY SECRET WITH JMESPATH
http://jmespath.org/

44CONFIDENTIAL
• Available Docker Integration Build Task
• Docker Registry Credentials Management
• Docker Build command
• Docker Push command
• Docker Run command
• Run Docker commands
• Docker Compose support
• Requires VSTS agent with Docker tools or
Agent running in Docker Container
VISUAL STUDIO TEAM SERVICES: BUILD

45CONFIDENTIAL
BUILD STEPS AND RESULT

46CONFIDENTIAL
BUILD STEPS FOR AGENT IN DOCKER

48CONFIDENTIAL
• Depending on product engineering maturity and system architecture you have several Azure services
to deployment
• Containers and Linux are the first-class citizens in Azure
• Microsoft wrap all Container orchestration components with easy-to-use services which allows to
build full CI and CD solution in short time
• It is a trend from Microsoft and industry to move into better resource utilization and containers
• If you build microservices on Microsoft stack and not interested in Containers and open-source
orchestration, than Azure Service Fabric might be a good option to go
WRAP UP

49CONFIDENTIAL
CONTACT ME
sergii_kryshtop@epam.com
skryshtop
skryshtop
sergii.kryshtop
@skryshtop

Hosting Microservices in Microsoft Azure

More Related Content

What's hot (20)

Similar to Hosting Microservices in Microsoft Azure (20)

More from Katherine Golovinova (20)

Recently uploaded (20)

Hosting Microservices in Microsoft Azure