An introduction to architecting in Azure What’s This Azure Thing Anyway? An introduction to architecting SQL Server in Azure IaaS
Agenda Azure Architecting in Azure 2 Implementing SQL Server in Azure IaaS 3 Implementing AlwaysOn in Azure IaaS 4 Resources 5 Questions 6
Introduction I have been working with SQL Server since I am currently working for Oakwood Systems as the SQL Server Team Lead and a Senior SQL Engineer in the Managed Services line. Additionally I hold an MCSA in SQL 2012 and an MCP for Implementing Azure Infrastructure Solutions. – or As my schedule allows, I try to blog at:
Azure 101 Azure SQL Database (PaaS) Pros You don’t have to manage the OS or the hardware You can spin up a database/instance very quickly High availability/fault tolerance built into platform Cons You don’t manage the OS or the hardware Very little control (subtitled: no) over the instance There are requirements for your database in order for it to be migrated to Azure SQL Database
Azure 101 Azure Virtual Machines (IaaS) Pros Complete management of the guest OS Complete management of the instance No up-front expenditure Quick deployment Cons Complete management of the guest OS No visibility into host/infrastructure related issues Recurring monthly cost No SLAs around performance
Azure 101 Overview of levels of virtualization/cloud integration (src:
Architecting in Azure - Storage Standard Tier A and D Series Capacities A8 – A11 compute intensive instances leverage Intel Xeon E vs. AMD Opteron 4171 HE SizeCoresRAMLocal DiskMax Data Disks Max IOPs per Disk A01768 MBTemp 20GB1500 A GBTemp 70GB2500 A223.5 GBTemp 135GB4500 A347 GBTemp 285GB8500 A4814 GBTemp 605GB16500 A5214 GBTemp 135GB4500 A6428 GBTemp 285GB8500 A7856 GBTemp 605GB16500 A8*856 GBTemp 382GB16500 A9*16112 GBTemp 382GB16500 SizeCoresRAMLocal DiskMax Data Disks Max IOPs per Disk A10*856 GBTemp 382GB16500 A11*16112 GBTemp 382GB16500 D113.5 GBTemp (SSD) 50GB2500 D227 GBTemp (SSD) 100GB4500 D3414 GBTemp (SSD) 200GB8500 D4828 GBTemp (SSD) 400GB16500 D11214 GBTemp (SSD) 100GB4500 D12428 GBTemp (SSD) 200GB8500 D13856 GBTemp (SSD) 400GB16500 D GBTemp (SSD) 800GB32500
Architecting in Azure - Storage Premium Storage DS Series Capacities Cache and local SSD do not count against max VM IOPs and Throughput (they have roughly 4000 IOPS and 33 MB/sec per core for cache and local SSD IOs) SizeCoresRAMLocal DiskMax Data Disks (1023 GB) Max IOPs per Disk Max Disk ThroughputCache SizeMax VM IOPs Max VM Disk Throughput Standard_DS113.5 GBOS 1023 GB Local SSD 7GB GB3,20032 MB/sec Standard_DS227 GBOS 1023 GB Local SSD 14GB GB6,40064 MB/sec Standard_DS3414 GBOS 1023 GB Local SSD 28GB GB12, MB/sec Standard_DS4828 GBOS 1023 GB Local SSD 56GB GB25, MB/sec Standard_DS11214 GBOS 1023 GB Local SSD 28GB GB6,40064 MB/sec Standard_DS12428 GBOS 1023 GB Local SSD 56GB GB12, MB/sec Standard_DS13856 GBOS 1023 GB Local SSD 112GB GB25, MB/sec Standard_DS GBOS 1023 GB Local SSD 224GB GB50, MB/sec Disk Type Disk Size (GB) IOPs per Disk Throughput per Disk (MB/s) P P P
Architecting in Azure - Storage Lessons Learned – What NOT to do Software RAID Under absolutely, positively no circumstances do you ever use software RAID Not use all of your data disks You only pay for the storage you actually use, so always provision out the data disk max Put anything important on the temp drive This is local storage with no redundancy and no guarantees around availability or performance This includes the TempDB on A-Series Azure VMs There are some caveats around highly available D-Series VMs TempDB should absolutely go here, BUT you need to apply permissions and/or create subfolders on startup
Architecting in Azure - Storage Lessons Learned – What TO do Use storage pools or striped SQL Server data files within file groups IO performance scales near 1:1 up to 4 data disks in storage pools - writes also scale better than reads IO performance scales better with striped SQL Server data files, but… Increased management overhead Loss of single disk offlines databases Can’t stripe transaction log files (meaningfully)
Architecting in Azure - Storage Lessons Learned – What TO do Two methods for implementing storage pools (let the holy war begin) Break up the disks by purpose (right) Put all disks in single storage pool (wrong) To make your life easy, create all storage pools before you create a WSFC Storage pools are added as cluster resources upon creation if the server is already a member of a WSFC AlwaysOn assumes non-shared storage, so this needs to be fixed if deploying an AlwaysOn Availability Group (link to detailed steps is at the end)
Implementing SQL Server in Azure IaaS Instance Configuration Yes, it still matters. You’ll want to tune Windows Server and your SQL Server instance(s) much like any other VM/physical server. Standard configuration modifications Windows Perform volume maintenance tasks (IFI) – public cloud means the argument around security implications is possibly more valid Lock pages in memory – be a little less aggressive with your max memory settings when enabling this Power Plan settings – high performance (I have no explanation for this, but I found a 6-8% performance gain tested at random times of day)
Implementing SQL Server in Azure IaaS Standard configuration modifications (cont.) SQL Server Max/min memory settings Fill factor defaults (ie. SharePoint instance) Backup compression default Optimize for ad hoc queries Cost threshold for parallelism/maxdop TempDB configuration Multiple, equal-sized data files T1118 and T1117
Implementing AlwaysOn in Azure IaaS SQL Server AlwaysOn Deploying AlwaysOn on premise is a pretty straightforward task due to complete control over the entire infrastructure SQL Server AlwaysOn in Azure The tricky portion of this revolves around the ownership of the IP assigned to the listener There are two ways to configure the listeners: Internal Load Balanced Endpoints External Load Balanced Endpoints
Implementing AlwaysOn in Azure IaaS Order of operations: Create Cloud Services, Storage Accounts and vNets Create/extend domain into Azure Create Azure VMs in appropriate cloud services/vNet subnets Join VMs to domain either at time of creation or after they are created Add Azure Data disks to Azure VMs Create storage pools, disks, and volumes Configure OS to prep for WSFC feature (ie. static IPs, disable Windows Firewall for domain network, etc.) Add WSFC feature to AG nodes
Implementing AlwaysOn in Azure IaaS Order of operations (cont.): Create a new cluster (save yourself some time and make sure “Add all eligible storage to the cluster” is NOT selected) Note: if you run cluster validation, storage checks will fail
Implementing AlwaysOn in Azure IaaS Order of operations (cont.): Add DHCP reservation for cluster VIP and change cluster from DHCP to static IP:
Implementing AlwaysOn in Azure IaaS Order of operations (cont.): Configure file share witness for Cluster Modify cluster settings for IaaS WSFC deployment:
Implementing AlwaysOn in Azure IaaS Order of operations (cont.): Add windows feature.NET 3.5 (if you’re like me, you always forget) Install SQL Server Make any/all SQL Server instance tuning modifications Enable AlwaysOn: Create AlwaysOn Availability Group
Implementing AlwaysOn in Azure IaaS Back to the order of operations (cont.) Finalize cluster modifications for IaaS deployment: And now for the Listener…
Implementing AlwaysOn in Azure IaaS External (Public) Load Balanced Endpoints If you need public access to your SQL Server via the public virtual IP Make sure you *always* apply an ACL to the endpoint for some semblance of Layer 3 security Use SSL encryption for the SNI Internal Load Balanced Endpoints If you don’t need public access to your SQL Server via the public virtual IP Internal Load Balancing requires vNet scope to be the new’ish regional scope (no affinity groups) Access is restricted to VMs in the same cloud service or vNet Depending on the need for security, it’s still not a bad idea to introduce ACL policies on traffic for layer 3 security
Implementing AlwaysOn in Azure IaaS Back to the order of operations (cont.) Create an ILB Add endpoints for ILB Open firewall ports for (actual port values are configurable): Probe Port: Listener Port: 1433 Stage AG listener CNO Add Client Access Point for listener Right-click IP Address resource and rename or copy name of IP resource for powershell script
Implementing AlwaysOn in Azure IaaS Order of operations (cont.) Register SPNs
Implementing AlwaysOn in Azure IaaS Back to the order of operations (cont.) Add dependency on listener access point to AG Add port to listener Configure read only routing lists if using them
Resources Listener creation error when you bring resource online - failover-cluster-instance.aspx failover-cluster-instance.aspx Sizes for Virtual Machines - machines-size-specs/ machines-size-specs/ Internal Load Blanaced Endpoint - machines-sql-server-configure-ilb-alwayson-availability-group-listener/ machines-sql-server-configure-ilb-alwayson-availability-group-listener/ External Load Balanced Endpoint - machines-sql-server-configure-public-alwayson-availability-group-listener/ machines-sql-server-configure-public-alwayson-availability-group-listener/ How to fix storage pools if you accidentally created them after the WSFC was created: for-sql-server-storage.aspx for-sql-server-storage.aspx Setting static private IPs in Azure - addresshttp://windowsitpro.com/windows-azure/set-azure-vm-static-ip- address Arguably the most difficult resource to actually find, but great information - windows-azure-virtual-machines.aspx windows-azure-virtual-machines.aspx