1. Windows Azure
Introducing Virtual Machines (IaaS)
Mario Szpuszta
Platform Strategy Advisor, EMEA Windows Azure Incubation
Microsoft Corporation
2. Infrastructure as a Service
The spring release of Windows Azure
Infrastructure as a Service introduces
new functionality that allows full control
and management of virtual machines
along with an extensive virtual
networking offering.
If deploying an application requires a developer’s involvement, it’s not IaaS
5. Windows Azure Virtual Machines
Support for key server applications and workloads
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
Easy Application Migration
If it requires development, it’s not IaaS
6. Images Available at Preview
OpenSUSE 12.1
CentOS 6.2
Ubuntu 12.04
SUSE Linux Enterprise Server
SP2
Windows Server 2008 R2
Windows Server 2008 R2 with
• SQL Server 2012
Evaluation
Windows Server 8 RC
Windows
Linux
7. Virtual Machine vs VM Role
VM Role Virtual Machine
Storage Non-Persistent Storage Persistent Storage
Easily add additional storage
Deployment Build VHD offsite and upload
to storage.
Build VHD directly in the cloud or build
the VHD offsite and upload
Networking Internal and Input Endpoints
configured through service
model.
Internal Endpoints are open by default.
Access control with firewall on guest
OS. Input endpoints controlled
through portal, service model or
API/Script.
Primary Use Deploying applications with
long or complex installation
requirements into stateless
PaaS applications
Applications that require persistent
storage to easily run in Windows
Azure.
8. Persistent Disks and Highly
Durable
Windows Azure Storage
Windows Azure
Storage (Disaster
Recovery)
Virtual
Machine
9. Persistent Disks and Highly
Durable
Windows Azure Storage
Windows Azure
Storage (Disaster
Recovery)
Virtual
Machine
Virtual
Machine
10. Disks and Images
OS Images
• Microsoft
• Partner
• User
Disks
• OS Disks
• Data Disks
Base OS image for new Virtual Machines
Sys-Prepped/Generalized/Read Only
Created by uploading or by capture
Writable Disks for Virtual Machines
Created during VM creation or during
upload of existing VHDs.
11. Cross-premise Connectivity
IP-level connectivity
Data Synchronization
SQL Azure Data Sync
Application-layer
Connectivity & Messaging
Service Bus
Secure Machine-to-Machine
Network Connectivity
Windows Azure Connect
Secure Site-to-Site
Network Connectivity
Windows Azure Virtual Network
CLOUD ENTERPRISE
12. Corpnet
Windows Azure Virtual Network
Your “virtual” branch office /
datacenter in the cloud
Enables customers to extend their Enterprise Networks
into Windows Azure
Networking on-ramp for migrating existing apps
and services to Windows Azure
Enables “hybrid” apps that span cloud and their premises
A protected private virtual
network in the cloud
Enables customers to setup secure private IPv4
networks fully contained within Windows Azure
IP address persistence
Inter-service DIP-to-DIP communication
Subnet 2
Subnet 1
13. Windows Azure Virtual Network
Scenarios
Hybrid Public/Private Cloud
Enterprise app in Windows Azure requiring connectivity to on-premise resources
Enterprise Identity and Access Control
Manage identity and access control with on-premise resources
(on-premises Active Directory)
Monitoring and Management
Remote monitoring and trouble-shooting of resources
running in Windows Azure
Advanced Connectivity Requirements
Cloud deployments requiring persistent IP addresses
and direct connectivity across services
14. Bringing Workloads to the Cloud
On Premises
Production
S2S VPN
Device
IIS Servers
AD / DNS
SQL Farm
Exchange
S2S VPN tunnels
SharePoint PaaS Roles
File Servers Local AD SQL VMs
16. Why Mix Models?
What Value does this Provide?
Unblocks Development or Migration of new applications that have dependencies
on resources that require virtual machines such as Active Directory, MongoDB,
MySQL, SharePoint, SQL Server, COM+, MSMQ etc…
Migration On-Ramp for Existing Applications
Administrators can quickly take advantage of Windows Azure by migrating an
existing application as-is using virtual machines. If desired, connecting different
application models such as websites or web and worker roles provides the
capability to take advantage of PaaS roles alongside IaaS roles.
17. Cloud Service
Windows Azure Service Model
Example cloud service configuration with a single web role and a single worker role
VM1 VM2
VM5 VM6
VM9
VM3 VM4
VM7 VM8
VMn
VM1 VM2
VM5
VM3 VM4
VMn
18. Cloud Service 2
Mixing Virtual Machines and Stateless
Roles
Multiple cloud services with stateless and virtual machines
Cloud Service 1
VM1 VM2
VM5 VM6
VMn
VM1 VM1
VM1 VM2
VM5 VM6
VMn
19. Connecting Cloud Services via VIPs
Strengths
Simplicity
Tenant Autonomy
VIP Swap (stateless roles)
Easy Local Dev/Test
Persistent Service is
Easily Accessible
(even from other services!)
SQL Data
Access
Traffic
Through
Public
Endpoint
Weaknesses
Higher Latency
Less Secure
Management/Deployment Overhead
WA Web Role
Cloud
Service 1
Cloud
Service 2
SQL
Server
Load
Balancer
80
2001-1433
Secure Endpoints
with Windows
Server Firewall
Load
Balancer
20. Deployment Steps (VIP Connectivity)
Deploy Virtual Machine(s)
Use RDP to customize the new virtual machine(s) by installing software,
configuring roles etc.
Build and test locally using the emulator.
Testing live can be achieved by using public endpoints.
Specify instance count and other configuration details.
Deploy to a separate hosted service.
Configure public endpoints to virtual machine services.
ACL with firewall as appropriate.
21. Connecting Cloud Services with VNET
Strengths
More Secure
Low Latency
Cloud App Autonomy
VIP Swap (stateless roles)
Advanced Connectivity Requirements
Weaknesses
VNET Complexity
No iDNS – use BYOD
Direct Access
via VNET
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet
(10.1.0.0/16)
Load
Balancer
80
WA Web Role
Cloud
Service1
Cloud
Service 2
AD
SQL
Mirror
AD Subnet
(10.2.0.0/1
6)
ContosoVNet(10.0.0.0/8)
23. VNET Connected with VPN
ContosoVNet (10.0.0.0/8) MyAffinityGroup
AD / DNS
VPN Tunnel
• Access on premises resources
• Local Testing - allows direct connection
to Virtual Machines in the cloud
Direct Access
via VNET
FrontEndSubnet
(10.0.0.0/16)
SQLSubnet
(10.1.0.0/16)
AD
Load
Balancer
80
WA Web Role
SQL
Mirror
On Premises
WA Developer
Fabric
Developer
Cloud
Service 1
Cloud
Service 2
24. VNET Connected Deployment
Steps
Deploy Virtual Machine(s). If AD is desired deploy at this stage
so remaining VMs can start domain joined.
Use RDP to customize the new persistent VM(s) by installing software,
configuring roles etc…
Build and test locally using the emulator. Testing live can be achieved by
using public endpoints or VPN connectivity.
Specify instance count, virtual network settings and other configuration
details. Deploy to a separate hosted service.
If previously opened, close public endpoints to lock down service.
Define virtual networks and subnets for hosted services to reside in.
25. Mixed Mode – Shared Cloud
Service
Strengths
Simplicity
Connectivity
iDNS
WA Web Role
Virtual
Machine
Load
Balancer
80
Cloud
App
Available in Fall Release
Weaknesses
Lack of VIP Swap
26. VM to VM Performance
Category Latency
(Round-Trip)
Comment Network
Link Details
Inter-VM within a
deployment (or deployment
to deployment with VNET)
0.29 ms
DIP
to DIP
Traffic does not flow
through the LB
Inter-VM crossing a
deployment (same region)
0.88 ms
VIP
to VIP
Traffic flows
through the LB
27. Tiered Migrations
Take Advantage of PaaS Where You Can
Many Applications could benefit from migrating to a mixed deployment.
Migrating to web/worker roles or taking advantage of other
Windows Azure services (storage, cache etc..)
Benefits of Web and Worker Roles
Simplified Deployment and Configuration
Health Model
Easy High Availability
Instance Scalability
OS Patching
Automatic Firewall Configuration
Simple Certificate Deployment
Many others
28. Horizontal Migration
Use Virtual Machines and VNET for Forklift
Migration
Web Tier
App Tier
AD
Data Tier
Convert Web Apps
to Web Roles (optional)
Web Role
Worker Roles
SQL Azure
Convert App Logic
to Worker Roles (optional)
Convert Data Tier
to Azure SQL DB (optional)
29. Wrap Up
Connecting IaaS and PaaS
Connecting an application hosted in Windows Azure such as Web Sites or
Web/Worker Roles with a Virtual Machine.
Unblocks Building Applications with Dependencies
Dependencies such as Active Directory, SharePoint, SQL Server, Linux, Mongo DB,
COM+, MSMQ etc…
Migration On-Ramp for Existing Applications
Migrate application from on-premises take advantage of PaaS efficiencies without
blockers on dependencies.
#2:Expanding Windows Azure capabilities to provide infrastructure as a service
Provides us with a full continuum of offerings
Brings us relative parity with Amazon, who focuses on IaaS
IaaS Details
Durable virtual machines with Windows Server or Linux
Commercial and community Linux distributions
Select from a library of images or bring your own
E.g. Select an image with SQL Server
Licensing approach
Support SharePoint, SQL Server & Active Directory within IaaS images
Enable deployments containing both PaaS and IaaS services
Create virtual private networks (VPNs) between on-premise servers and Windows Azure
Single Instance SLA (99.9%)
Planned Upgrade Notification Support
Integration between on-premises and public cloud
Easily create a hybrid virtual private network (VPN) between on-premise servers and Windows Azure
Public / Private cloud symmetry
Write apps to common APIs and services that are available within both Windows Azure and on-premise Windows Server
#3:Slide Objectives:
Explain the differences and relationship between IaaS, PaaS, and SaaS in more detail.
Speaking Points:
Here’s another way to look at the cloud services taxonomy and how this taxonomy maps to the components in an IT infrastructure.
Packaged Software
With packaged software a customer would be responsible for managing the entire stack – ranging from the network connectivity to the applications.
IaaS
With Infrastructure as a Service, the lower levels of the stack are managed by a vendor. Some of these components can be provided by traditional hosters – in fact most of them have moved to having a virtualized offering.
Very few actually provide an OS
The customer is still responsible for managing the OS through the Applications.
For the developer, an obvious benefit with IaaS is that it frees the developer from many concerns when provisioning physical or virtual machines.
This was one of the earliest and primary use cases for Amazon Web Services Elastic Cloud Compute (EC2).
Developers were able to readily provision virtual machines (AMIs) on EC2, develop and test solutions and, often, run the results ‘in production’.
The only requirement was a credit card to pay for the services.
PaaS
With Platform as a Service, everything from the network connectivity through the runtime is provided and managed by the platform vendor.
The Windows Azure best fits in this category today.
In fact because we don’t provide access to the underlying virtualization or operating system today, we’re often referred to as not providing IaaS.
PaaS offerings further reduce the developer burden by additionally supporting the platform runtime and related application services.
With PaaS, the developer can, almost immediately, begin creating the business logic for an application.
Potentially, the increases in productivity are considerable and, because the hardware and operational aspects of the cloud platform are also managed by the cloud platform provider, applications can quickly be taken from an idea to reality very quickly.
SaaS
Finally, with SaaS, a vendor provides the application and abstracts you from all of the underlying components.
#4:Microsoft provides a continuous solution from private cloud to the public cloud. No matter where you are on your technology roadmap we have a solution to fit your needs.
We are a trusted advisor and platform in the traditional enterprise and ISV space and with the new IaaS offering we are making it easier to bring this same level of trust and ease of use to the public cloud.
#5:Windows Azure Virtual Machines and Virtual Networks support adds the capability to run key server applications and workloads such as Active Directory, SharePoint, SQL Server and most applications that run on a Virtual Machine today.
Adding storage capacity is simple. Either through the portal or PowerShell add up to 16 TBs of storage on an X-Large VM.
Virtual machines allows you to the option of splitting virtual machine loads across multiple racks in the data center using availability sets.
Virtual Networks provide the capability of connecting two cloud services for direct communication. This enables scenarios such as web and worker roles communicating directory with SQL Server.
Application migration is much simpler. In most cases the app will just run without changes on a virtual machine.
#8:The OS and Data Disks are stored in Windows Azure storage. So in addition to the data being persistent you also get the benefits of storage which means your VHD is replicated 3X’s locally and also 3X’s in a separate data center in the same region (geo-replication)
#9:This slide simply highlights that if the physical hardware backing your VM goes down a new server will start and pick up the same VHD.
#11:Microsoft think about the stack to provide connectivity between on-premise and cloud.
Specifically this deck focuses on the last two layers
Servicebus vs connect – SB requires app code change, Connect/Virtual Networks do not.
Virtual Networks are the net new here. They provide site to site connectivity where Connect provided server to server connectivity.
Virtual Networks are the more flexible and powerful option.
#12:Windows Azure Virtual Networks is our solution to providing hybrid solutions and solutions that require advanced connectivity in the cloud.
Hybrid on-premises to cloud is enabled by using the VPN solution that allows site<->site connectivity allowing machines on premise and machines in the cloud to appear on the same network.
Advanced connectivity solutions are enabled because Windows Azure applications that are deployed in to a virtual network will have persistent IP addresses. This is a requirement for solutions like Active Directory.
Other solutions enabled by virtual networks in the cloud are mixing VMs and web/worker role solutions in the same Windows Azure network. This allows for scenarios like web/worker roles to communicate back to VMs running applications like SQL server.
#15:Building new PaaS applications is a no-brainer when looking at some of the benefits:
Simplified Deployment and Configuration
Health Model
Easy High Availability
Instance Scalability
OS Patching
Automatic Firewall Configuration
Simple Certificate Deployment
However, building new applications sometimes comes with a dependency on other systems or legacy code.
This has sometimes blocked the development of PaaS applications. The IaaS offering will unblock these types of applications and allow for the two development models to co-exist and directly communicate.
