Microsoft Azure ITPro

Editor's Notes

• #5: Slide Objectives: Describe the various computing patterns that are good for Cloud Computing Speaking Points: There are numerous terms and definitions floating around in the industry for “the cloud”, “cloud computing”, “cloud services”, etc. Microsoft thinks of the cloud as simply an approach to computing that enables applications to be delivered at scale for a variety of workloads and client devices. The cloud can help deliver IT as a standardized service…freeing you up to focus on your business Cover the workloads in the slide
• #18: We have looked under the hood and covered the fundamentals of the technology building blocks. Now, lets turn our attention to what these technologies really enable you to do… With Windows Azure infrastructure services; you can architect a variety of hybrid or cloud only scenarios. We will talk about 5 scenarios in particular. These are some of the most common uses cases we have been seeing amongst our customers and partners – yet, there are many more ways you can take advantage of Infrastructure Services to help address growing business needs.
• #37: Slide Objective: Introduce how VMs relate to Cloud Services Key Talking Points: All VMs exist inside a container known as a Cloud Service When a new VM is created, if an existing Cloud Service is not specified, a new Cloud Service is created for that VM Cloud Service serves as a boundary. All VMs inside the same Cloud Service share: Same Public IPv4 Address Same Public DNS name ( *.cloudapp.net ) Common Internet Firewall / Load Balancer instance In terms of IP Address lifetimes … Public IP Addresses are aligned to the lifetime of a Cloud Service Internal IP Addressses are aligned to the lifetime of a VM
• #38: Slide Objective: Discuss the ability to host multiple VMs in the same Cloud Service. Key Talking Points: Multiple VMs can be configured in the same cloud service so that they can share a common public IPv4 address and be load balanced. If VM’s are configured in same Cloud Service and Availability Set, they can also be configured to “Auto-scale” based on load – VM’s will be turned on during scale-up and turned-off during scale-down. NOTE: The limits per subscription are: Maximum IaaS VMs per Cloud Service: 50 Maximum Cloud Services per Subscription: 20 Maximum VMs per Virtual Network: 1,024 From: http://pointers/Questions/6568/Soft-and-Hard-limits-on-Azure-subscriptions-and-accounts These limits can be increased simply by an account request in the management portal
• #43: Slide Objectives: Discuss availability Speaking Points: For a cloud service, Windows Azure maintains the infrastructure for you, performing routine maintenance, patching the operating systems, and attempting to recover from service and hardware failures. If you define at least two instances of every role, most maintenance, as well as your own service upgrades, can be performed without any interruption in service. A cloud service must have at least two instances of every role to qualify for the Windows Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least 99.95 of the time.
• #44: Slide Objectives: Describe the Windows Azure Web Sites Feature
• #45: Slide Objectives: Discuss Shared Instances in Windows Azure Web Sites Speaking Points: Windows Azure allows you to deploy and host up to 10 web-sites in a free, shared/multi-tenant hosting environment. You can start out developing and testing web sites at no cost using this free shared mode, and it supports the ability to run web sites that serve up to 165MB/day of content (5GB/month).  A web-site running in shared mode is deployed in a shared/multi-tenant hosting environment.  Unlike the free tier, though, a web-site in shared mode has no quotas/upper-limit around the amount of bandwidth it can serve.  The first 5 GB/month of bandwidth you serve with a shared web-site is free, and then you pay the standard “pay as you go” Windows Azure outbound bandwidth rate for outbound bandwidth above 5 GB. A web-site running in shared mode also now supports the ability to map multiple custom DNS domain names, using both CNAMEs and A-records, to it.  With A-record support you have the ability to support “naked domains” with your web-sites (e.g. http://microsoft.com in addition to http://www.microsoft.com).  We will also in the future enable SNI based SSL as a built-in feature with shared mode web-sites (this functionality isn’t supported with today’s release – but will be coming later this year to both the shared and reserved tiers). You pay for a shared mode web-site using the standard “pay as you go” model that we support with other features of Windows Azure (meaning no up-front costs, and you pay only for the hours that the feature is enabled).  A web-site running in shared mode costs only 1.3 cents/hr. during the preview (so on average $9.36/month).
• #46: Slide Objectives: Discuss Scalability of Shared Instances in Windows Azure Web Sites Speaking Points: Windows Azure Web Sites allows you to scale-up or down your capacity within seconds.  This allows you to deploy a site using the shared mode option to begin with, and then dynamically scale up to the reserved mode option only when you need to – without you having to change any code or redeploy your application. If your site traffic starts to drop off, you can scale back down the number of reserved instances you are using, or scale down to the shared mode tier – all within seconds and without having to change code, redeploy, or adjust DNS mappings.  You can also use the “Dashboard” view within the Windows Azure Portal to easily monitor your site’s load in real-time (it shows not only requests/sec and bandwidth but also stats like CPU and memory usage).
• #47: Slide Objectives: Discuss Reserved Instances in Windows Azure Web Sites Speaking Points: In addition to running sites in shared mode, we also support scaling them to run within a reserved instance mode.  When running in reserved instance mode your sites are guaranteed to run isolated within your own Small, Medium or Large VM (meaning no other customers run within it).  You can run any number of web-sites within a VM, and there are no quotas on CPU or memory limits. Unlike shared mode, there is no per-site cost when running in reserved mode.  Instead you pay only for the reserved instance VMs you use – and you can run any number of web-sites you want within them at no extra cost (e.g. you could run a single site within a reserved instance VM or 100 web-sites within it for the same cost).  Reserved instance VMs start at 8 cents/hr. for a small reserved VM. 
• #48: Slide Objectives: Discuss Scalability of Reserved Instances in Windows Azure Web Sites Speaking Points: You can run your sites using either a single reserved instance VM, or scale up to have multiple instances of them (e.g. 2 medium sized VMs, etc.).  Scaling up or down is easy – just select the “reserved” instance VM within the “scale” tab of the Windows Azure Portal, choose the VM size you want, the number of instances of it you want to run, and then click save.  Changes take effect in seconds. [USE BUILD TO ILLUSTRATE]
• #50: Slide Objectives: Highlight the ability to get started quickly with the Windows Azure Web App Gallery Speaking Points: Along-side the publishing capabilities, Windows Azure Web Sites also offers the Web App Gallery which provides many turn key solutions based off of well known open source web applications. Notes:
• #51: Slide Objectives: Highlight the Windows Azure Virtual Machines feature Speaking Points: As you saw you can use both Windows Server or Linux You can install any software you want in the virtual machine. It’s your virtual machine You can also setup a virtual private network to connect VMs to your on-premises infrastructure
• #52: We are now moving on to discuss another main component of infrastructure services – which is Virtual Network. For those customers and partners who want to retain select data and applications on-premises while having layers of applications running in the cloud, Virtual Network is the key to build the desired hybrid architecture. Virtual Network (VNET) allows you to create a logically isolated section of Windows Azure and treat it like your own network. You can customize the network configuration for a VNET - create subnets, assign private IP addresses and bring your own DNS server if you wish.  Within a Virtual Network for example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. There are a few other very important benefits of using Virtual Network. Some of the scenarios we will talk about later come to life through Virtual Network. For instance, with Virtual Network: You can persist your IP address for Virtual Machines. That means when you are deploying SharePoint in Windows Azure or enabling Active Directory in Virtual Machines, the persistent IP address you need is there and available. You can build services with common tiers, where all apps – whether in cloud or on-premises - use the same AD , use the same database tier or be managed by the same System Center Operations Manager since they are in the same network and can communicate directly to each other. You can build composite, multi-tier applications that take advantage of Windows Azure web and worker role instances, PaaS model, as well as Virtual Machines instances, IaaS model. Using Virtual Network will enable those instances to talk to each other. You can point all Virtual Machines to a DNS server on-premises or a DNS server running in a Virtual Network. This capability enables you to use your Domain Controllers in Windows Azure to enable single sign-on for your applications. You can find the list of supported VPN devices in the appendix.
• #53: There is even more news on the networking front… In addition to Cisco and Juniper, we have new partners that support Windows Azure’s site to site networking capability with their gateway devices. F5, Juniper and WatchGuard gateway devices have recently became available for use with Window Azure Virtual Network. When setting up your cross-premises and cloud connectivity, now you have more options. We also have enhanced the existing ‘Site-to-Site VPN’ connectivity so you also can use Windows Server 2012 RRAS (Routing and Remote Access) as an on-premises VPN server. This gives you the flexibility of using a software based VPN solution, as opposed to a physical gateway device, to connect your on-premises network to Windows Azure. Software based VPN and more physical hardware options. More ways to get started with the power of AND.
• #54: When we announced general availability of infrastructure services, we have re-iterated our commitment to make the power of AND work for our customers. We have more than one view of the world, it is cloud AND on-premises and we continue to deliver on that theme. Case in point is Point-to-Site VPN. It allows you to setup virtual private network (VPN) connections between individual computers and a virtual network in Windows Azure. We built this capability based on customer requests and learnings from a preview feature called Windows Azure Connect. Point-to-Site VPN greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations. Using Point-to-Site VPN enables some new and exciting ways to connect to Windows Azure that are not possible from other cloud providers. Here are a few examples: You can securely connect to your Windows Azure environment from any location. You can connect your laptop to a Windows Azure test and development environment and continue to code away while sipping coffee at an airport café! Small businesses or departments within an enterprise who don’t have existing VPN devices and/or network expertise to manage VPN devices can rely on the Point-to-Site VPN feature to securely connect to workloads running in Windows Azure virtual machines. You can quickly set up secure connections to Windows Azure even if your computers are behind a corporate proxy or firewall. Independent Software Vendors (ISVs) wanting to provide secure access to their cloud apps can leverage the Point-to-Site VPN feature to offer a seamless application experience.
• #55: Slide Objective: Input port forwarding is how you can configure direct communication to multiple VMs that have services listening on the same port. Key Talking Points: Input Endpoints are used to perform Port Address Translation (PAT) from a single Public IP Address ( called a VIP in Windows Azure ) to the Private IP Addresses ( called DIPs in Windows Azure ) of each VM inside the Cloud Service to selectively allow only permitted applications to be accessed from the public Internet. Default endpoints for Windows Server VM’s to allow for remote administration – Remote Desktop and PowerShell Default endpoints for Linux VM’s to allow for remote administration – Secure Shell (SSH) In the slide example, Windows Server VM’s are illustrated with input endpoints to permit inbound Remote Desktop connections For Linux VM’s – Secure Shell (SSH) would be used instead – input endpoints would forward traffic to each VM on tcp/22 Additional Information: Public IP Address Ranges for Windows Azure datacenters: http://msdn.microsoft.com/en-us/library/windowsazure/dn175718.aspx
• #56: Slide Objective: Introduce load-balancing of endpoints for distributing traffic across multiple VM’s running the same application. Key Talking Points: Public and Private ports can be different, if needed Load-balancing uses simple round-robin distribution of traffic – any client state information needs to be maintained by application. Endpoint monitoring probes are used to verify that the application within each VM is responding Default probe intervals are every 15 seconds. After 2 missed probe intervals, VM will be considered unresponsive. Custom endpoint monitoring probes can be created by a developer inside each VM to perform more sophisticated availability checks. ( configured via Portal or Set-AzureLoadBalancedEndpoint PowerShell cmdlet )
• #57: Another new feature we’ve added is Public Endpoint Access Control Lists for Virtual Machines. We are adding an additional security option so that you can control inbound traffic to your Virtual Machines. In the Windows Azure management portal or by using PowerShell, simply define how traffic from outside of your corporate firewall communicates with your Virtual Machine public endpoints. You can simply determine what ports to open and which IP addresses can communicate with your instances. Public Endpoint ACLs put additional security controls at your fingertips.
• #58: Slide Objective: Introduce Windows Azure Traffic Manager as method to globally load-balance users across application instances. Key Talking Points: Traffic Manager provides a globally load-balanced DNS namespace ( foo.cloudapp.net in the slide ) that can transparent direct users to the closest application instance provisioning in a cloud service. Policies can be used to load-balance users based on Performance ( network latency/closeness ), Round-robin, or Failover Traffic Manager uses HTTP or HTTPS to monitor available of each application instance by periodically sending tests to each cloud service. Creating a Traffic Manager Profile: http://msdn.microsoft.com/en-US/library/windowsazure/dn339012.aspx
• #62: Key talking point: Point out that not ALL workloads are supported running as a VM on Windows Azure (i.e. Hyper-V) Windows Server 2008 R2 and later versions are supported for the following roles: Active Directory Domain Services Active Directory Federation Services Active Directory Lightweight Directory Services Application Server DNS Server Fax Server Network Policy and Access Services Print and Document Services Web Server (IIS) Windows Deployment Services Windows Server Update Services File Services
• #64: Slide Objective: Discuss the instance sizing and costs Key Talking Points: Costs are based on public Pay-As-You-Go pricing for Windows VMs. Additional discounts available via 6-month/12-month prepaid plans or Volume Licensing purchases Although costs are commonly shown as per-hour compute charges, Windows Azure uses per-minute billing for partial hours. Additional Resources Virtual Machine and Cloud Service Sizes for Windows Azure - http://msdn.microsoft.com/en-us/library/windowsazure/dn197896.aspx
• #65: Slide Objective: Discuss how to achieve an SLA of 99.95% for VMs Key Talking Points: Configuring at least two VMs performing the same workload in the same availability set provides a 99.95% SLA Without at least two virtual machines performing the same workload grouped into an availability set, you get a 99.9% SLA. Virtual Network SLA = 99.9% VMs in same availability set are automatically placed in separate upgrade and failure domains ( racks ) within a datacenter. Azure SLA is more granular than competition – mapped to availability of specific infrastructure components that are hosting VMs, instead of generically mapped to edge of a datacenter region SLA for VM’s based on monthly availability instead of annual availability ( most of competition ). Complete SLA for VMs available at http://www.microsoft.com/en-us/download/details.aspx?id=38427
• #66: Slide Objective: Explain availability sets Key Talking Points: Availability sets tell the Fabric Controller to place VMs in the same set on different racks for faults and in separate upgrade domains for updates. This essentially tells the FC not to take the guest OS down of all VMs in the same set for host updates.
• #67: Slide Objective: Introduce how load balancing and availability sets can be combined to provide and end-to-end highly available solution. Key Talking Points: Explain that each tier of an application can be enabled with its own availability set which ensures at a physical hardware level in the data center that there is no single point of failure. Load-balancing used for Internet-facing VMs to distribute traffic across VM’s within same cloud service.
• #68: Slide Objective: Explain workflow for creating a custom image in the cloud Key Talking Points: This use case is all about using the capture feature of IaaS to create OS images. The first part you start with a base vhd that you then custom with software binaries, registry settings etc.. You run sysprep.exe and generalize/shutdown the OS. You can then upload it if coming from on-premises or just click the capture button if you created the VM in the cloud. Capture allows you to take a generalized VM and save the underlying VHD as a new image in your image library. Steps: How to capture an image of a Windows Server VM - http://www.windowsazure.com/en-us/manage/windows/how-to-guides/capture-an-image/ Steps: How to capture an image of a Linux VM - http://www.windowsazure.com/en-us/manage/linux/how-to-guides/capture-an-image/
• #69: Slide Objective: Explain workflow for bringing your own VHD Key Talking Points: This use case is when you already have a “golden image(s)” your company uses for server provisioning or you have a VM running on premises that you would just like to run in our data center. You take the vhd – use PowerShell or System Center 2012 SP1 App Controller to upload as a page blob to a storage account. From there use the portal to add as an image (sysprepped) or disk (configured VM) and there you can create a VM based off of the vhd. Steps: Copy VHD to Windows Azure Storage – See “PowerShell” Appendix slides, use 3rd Party GUI Tool, such as CloudXplorer or System Center 2012 SP1 App Controller ( discussed in Management and Monitoring module ). Note: When using 3rd Party Tools to copy VHDs to Windows Azure Storage, ensure that tool supports copying files to “Page Blobs” ( many 3rd party tools either only support, or default to, copying files to “Block Blobs” which will not work for VHDs ).
• #70: Slide Objective: Introduce auto-scaling of Windows Azure VM’s Key Talking Points: Auto-scaling provides the ability to elastically spin-up/spin-down VM instances based on utilization thresholds Configured in the properties of the Cloud Service CPU Utilization supported for IaaS VM’s Low water mark threshold – Stop VM instances when utilization below High water mark threshold – Start VM instances when utilization exceeds Queue Length also supported as scaling metric for PaaS instances Each VM within the Cloud Service initially needs to be provisioned, but some VM’s remain in a Stopped state until high-water mark threshold is exceeded.
• #73: In this slide I want to show you how easy it is to use System Center 2012 SP1 to take virtual machines that are running on premise and move them to Windows Azure. Using the App Controller component you can actually save to the library a virtual machine that’s running and then using App Controller you can actually take the virtual machine that’s been stored in the library and then move it to Windows Azure. We will do our best attempt to actually fit the VM according the capabilities that exist for Windows Azure VM role, if not we allow you as a customer to modify the settings of the virtual machine as it is moved to Windows Azure. We also allow the use of Orchestrator and it’s Azure IP to automate tasks against Windows Azure. And from a monitoring perspective we support or rather System Center SP1 Operations Manager allows you to monitor the virtual machine that is now running inside the data center. New Capabilities in SP1 Windows Azure IaaS features – disks, images (AC) Build runbooks against Azure (SCO) Copy VMs from on-premises to Windows Azure, and vice-versa (AC, SCO) Deploy VMs on Azure (AC, SCO) Backup running workloads onto Windows Azure (DPM) Orchestrate & Automate Windows Azure Service management tasks (SCO) Leverage outside-in view of service health (OM) Leverage Visio Authoring tool to monitor Windows Azure (OM)
• #74: For many customers and partners, scripting and automation is the key to efficient operations. Fear not! Microsoft’s popular task automation framework PowerShell is available for use with Windows Azure as well. Whether you want to automate provisioning of lots and lots of Virtual Machines or configure your Virtual Network settings through scripts, PowerShell cmdlets are ready for you. You can download PowerShell cmdlets from http://www.windowsazure.com/en-us/downloads/ to get started. You can configure and manage all 3 elements of infrastructure services (IaaS) with PowerShell: Virtual Machines, Virtual Network and Storage. When you want to upload custom VHDs into Windows Azure or bring your images back to on-premises, at scale, use PowerShell. When you are working across many Windows Azure subscriptions and need to copy VHDs in between, use PowerShell. Or when you want to convert images virtualized with VMware (VMDK format) into VHD to run in Virtual Machines, use the Microsoft Virtual Machine Converter (MVMC Toolkit) first and then upload the converted images using PowerShell cmdlets. PowerShell is here to help increase your productivity, and to give you advanced management options.
• #76: Slide Objective: Describe native monitoring capabilities that are accessible via the Windows Azure Management Portal. Key Talking Points: VMs, Virtual Networks and Storage all have built-in monitoring support VMs and Virtual Networks – monitoring enabled by default Storage – monitoring disabled by default – storage monitoring stores monitoring metric data in four tables – the storage consumed by these metrics and the transactions for writing this monitoring data is billable and can increase the cost of storage. Metrics can be added/deleted to customize dashboard Alerts can be configured to notify administrators when thresholds are exceeded.