Инфраструктура как услуга (IaaS) в Windows Azure
Download as PPTX, PDF1 like631 views
Документ описывает инфраструктуру и технологии, используемые для создания бизнес-приложений в облачной среде, включая crm, cms и erp. Он также охватывает управление виртуальными дисками, настройки сети и безопасность соединений между облачными и локальными системами. Важным аспектом является интеграция различных сервисов и необходимость в гибридных приложениях, требующих взаимодействия между облаком и локальной инфраструктурой.
Инфраструктура как услуга (IaaS) в Windows Azure
- 2. Бизнес приложения Интранет-приложения, CRM, CMS, ERP, бизнес-аналитика Инфраструктура приложений Хранилища, БД, удостоверения Среда разработки и тестирования Быстрый провиженинг среды, нагрузочное тестирование Гибридные приложения
- 6. >_
- 14. Параметр Диск ОС Диск данных Кэширование ReadWrite Нет Макс. размер 127 ГБ 1 ТБ Образ Да Нет Горячее Изменение типа Изменение типа кэширования добавлениезамена кэширования требует или добавлениеудаление без перезагрузки перезагрузки • D: = Не persistent-диск
- 17. Мбит/с Мбит/с Мбит/с Мбит/с Мбит/с
- 18. Тип диска По умолчанию Возможные значения Диск ОС ReadWrite ReadOnly и ReadWrite Диск данных None None, ReadOnly и ReadWrite Командлет Set-AzureOSDisk или Set-AzureDataDisk
- 24. В одной облачной службе могут размещаться несколько виртуальных машин
- 32. Перенаправление портов LB
- 34. Статус роли Статус роли
- 35. Статус роли Статус роли
- 44. Синхронизация данных SQL Azure Data Sync На уровне приложения Connectivity & Messaging Service Bus Безопасное машина- машина соединение Windows Azure Connect Безопасное Site-to-Site соединение Windows Azure Virtual Network IP-level connectivity
- 46. Нужная ли вашему приложению виртуальная сеть? Постоянный IP адрес VM, подключенная к виртуальной сети, имеет бесконечный DHCP-лиз Гибридные приложения Требуется соединение между облаком и локальной инфраструктурой Соединение между облачными сервисами Развернутая AD в облаке или соединение между PaaS и IaaS сервисами
- 47. • IKE v1 • AES 128, 256 • SHA1, SHA2
- 51. Windows Azure DNS по умолчанию не распространяется (включает) на облачный сервис
Editor's Notes
- #5: Cnews: ALT Linux перемещается в Windows Azure Alt LinuxRDP, терминальная сессияМашины имеют доступ в Интернет по умолчанию
- #12: When you create a Windows Azure Virtual Machine, the platform will attach at least one disk to the VM for your operating system disk. This disk will also be a VHD stored as a page blob in storage. As you write to the disk in the VM, the changes to the disk will be made to the page blob inside storage.Unlike for drives, the code that communicates with storage on behalf of your disk is not within your VM, so doing IO to the disk will not cause network activity in the VM, although it will cause network activity on the physical node.
- #13: Ферма SharePointAD – нельзя из образаОтличие дисков и образовStorage RecommendationsDo not use write cachingAvoid using OS drive for large databasesConsider putting database and transaction log files on separate drivesConsider putting tempdb on the non-persistent cache disk (D:\\)Database RecommendationsConsider using database page compression to reduce I/OHigh Availability RecommendationsConsider latency between primary and replica when choosing sync mode
- #15: There is another disk present in all web roles, worker roles, VM Roles, and Windows Azure Virtual Machines, called the temporary disk. This is a physical disk on the node that can be used for scratch space. Data on this disk will be lost when the VM is moved to another physical machine, which can happen during upgrades, patches, and when Windows Azure detects something is wrong with the node you are running on.
- #19: The space for a drive’s cache is allocated from your web role or worker role’s temporary disk. This cache is write-through, so writes are always committed immediately to storage. Reads will be satisfied either from the local disk, or from storage.Using the drive local cache can improve sequential IO read performance when the reads ‘hit’ the cache. Sequential reads will hit the cache if:The data has been read before. The data is cached on the first time it is read, not on first write.The cache is large enough to hold all of the data.
- #30: Name resolution is handled through a multi-tenant DNS service provided by Windows Azure. Note: If you choose to configure a virtual network this DNS service is not provided and you are expected to configure your own DNS if name resolution is a requirement.
- #32: EndpointPublic PortLocal PortProtocol (TCP/UDP)NameThe architecture of cloud services makes endpoint configuration interesting. Since each cloud service has a single public IP address but multiple virtual machines can reside in it how do you address individual servers directly in a non-load balanced fashion?The answer is port forwarding.
- #33: Port forwarding allows you to configure an endpoint on a specific VM listening on any of the ephemeral ports that will then be forwarded to the correct internal port. The illustration above shows two VMs both listening on ports 3389. To address them individually from the same public IP address two endpoints are made with the first listening on port 5586 and the second on 5587. When a remote desktop client connects to either endpoint they are forwarded to the correct machine.
- #34: EndpointPublic PortLocal PortProtocol (TCP/UDP)NamePort forwarding allows you to configure an endpoint on a specific VM listening on any of the ephemeral ports that will then be forwarded to the correct internal port. The illustration above shows two VMs both listening on ports 3389. To address them individually from the same public IP address two endpoints are made with the first listening on port 5586 and the second on 5587. When a remote desktop client connects to either endpoint they are forwarded to the correct machine.
- #35: However, sometimes you need multiple VMs responding on the same port in a load balancer. Windows Azure allows you to directly configure and control which virtual machines are configured for load balancing. It does this through load balanced sets.
- #37: However, sometimes you need multiple VMs responding on the same port in a load balancer. Windows Azure allows you to directly configure and control which virtual machines are configured for load balancing. It does this through load balanced sets.
- #43: Update Domains are honored by host OS updates
- #44: With the launch of Virtual Machines comes a new SLA. With web and worker roles we offer a %99.95 uptime SLA as long as you have at least two instances of your application running to compensate for host updates and hardware failures. With VMs we realize that many applications do not need (and many do not even work with) multiple VMs. So to address this need we will offer the single instance SLA of %99.9. We will of course also offer the %99.95 SLA assuming you have >1 instance using a new feature called an Availability Set.
- #48: This scenario is the easiest to understand so I will start here first. By default when you provision a virtual machine in Windows Azure you get name resolution by default and IP address management. The defaults are usually good enough until you need to do something that would require a persistent IP (notice I did not say static IP address). In the default networking configuration your VM’s IP address can and will change. So if you need to deploy something like Active Directory the default network stack will not work. This is where virtual networks save the day.The current biggest benefit to all of this is that each VM provisioned inside a VNET will retain the same IP address no matter how many times it is rebooted or recovered.
- #49: This scenario is the easiest to understand so I will start here first. By default when you provision a virtual machine in Windows Azure you get name resolution by default and IP address management. The defaults are usually good enough until you need to do something that would require a persistent IP (notice I did not say static IP address). In the default networking configuration your VM’s IP address can and will change. So if you need to deploy something like Active Directory the default network stack will not work. This is where virtual networks save the day.The current biggest benefit to all of this is that each VM provisioned inside a VNET will retain the same IP address no matter how many times it is rebooted or recovered.
- #50: All that is needed is to configure a gateway in the virtual network configuration, share keys between the Windows Azure gateway and your VPN device and configure.
- #51: IKE (InternetKeyExchange) — стандартный протокол IPsec, используемый для обеспечения безопасности взаимодействия в виртуальных частных сетях.
- #55: Note that web and worker roles cannot currently be deployed into the same cloud service as a Virtual Machine so for direct connectivity a Virtual Network is required.Another interesting scenario is segmenting cloud services for large VM deployments. Since each VM is itself a Role in the Window Azure service model that brings with it the same limitations. There can only be 25 roles per cloud service so that means there can only be 25 virtual machines per cloud service. For truly large applications creating multiple cloud services and connecting them via a virtual network is a simple solution.
- #56: In summary I would say that with the launch of Windows Azure Virtual Machines and Virtual Networks we have opened the gates up to start migrating workloads to the cloud. You are no longer required to re-write/architect your applications to have it run in the cloud. With Virtual Networks you are no longer restricted by an “all or nothing” migration approach or forced to write lots of service wrappers to surface on-premises data over the Internet. Windows Azure still has all of the great functionality with PaaS style applications but now with the ability to run these applications side by side with traditional apps an entirely new set of opportunities have been opened up.