Microsoft Azure Overview Ken Casada Technical Evangelist Microsoft Switzerland kcasada@Microsoft.com

Microsoft Azure Flexible Open Solid

Global Footprint

Pay only for what you use

Windows Azure – Running your Apps Infrastructure Services (VM) Cloud Services Web Sites Mobile Services Applications Multi-tier Apps Web Apps Mobile Apps Data Data Data Data Firewall Rules Service Model Virtual Network O/S Focus on the Application

IaaS (VM & VNET) Windows Server and Linux Virtual Private Networking Capabilities (VNET)

Does Your App Need a Virtual Network? IP Address Requirements Virtual Machines deployed into a virtual network have an infinite DHCP lease (not static but effectively the same thing) Deploy apps in the cloud that requires Active Directory Hybrid On-Premises Cloud Apps Requirement for connectivity between your data center and the public cloud Connectivity between cloud services Connecting a PaaS to IaaS Service (for better performance / there are apps that have dependencies on resources that require VM such as SharePoint, SQL Server, Active Directory,…) Corpnet Windows Azure VM 1 VM 2 ROLE 1 Subnet 2 Subnet 1

Creating a Virtual Private Network

Creating a Virtual Private Network

How does a private IP get allocated to a VM? - One of the available IP addresses is allocated as the VM is allocated! - The IP address remains the same as long as the VM is allocated. New: - You can statically set a private IP address to a VM (today only via PowerShell) - How? Configure a Static Internal IP Address (DIP) for a VM

Demo Virtual Machines

Built-In Extensions by Microsoft (Demo Summary) BGInfo Extension Display useful server information to the desktop as a wallpaper VMAccess Extension Did you previously lost your IaaS VM password? Are the RDP settings of the VM broken?  With VMAccess you can now reset the password and the username !!! Custom Script Extension Allows you to specify a powershell script file to run in the VM immediately after it’s created.  http://blogs.msdn.com/b/windowsazure/archive/2014/04/24/automating-vm-customization-tasks-using-custom-script-extension.aspx

Built-In Extensions by Microsoft (Demo Summary) How to enable/ disable BGInfo/VMAccess extensions? How to reset a VM password? How to fix RDP settings?...by using the VMAccess extension…. http://blogs.msdn.com/b/windowsazure/archive/2014/04/11/vm-agent-and- extensions-part-1.aspx How to add the VM Agent on existing VMs? http://blogs.msdn.com/b/windowsazure/archive/2014/04/15/vm-agent-and- extensions-part-2.aspx

EndPoint (Demo Summary) All VM within the same cloud service or VNET can automatically communicate to each other using a private network channel! All other inbound communication (such as traffic initiated from Internet hosts) requires an endpoint. Default Endpoints are created in order to remotely administer your machine Remote Desktop Protocol (RDP) Endpoint  Windows OS PowerShell Endpoint  Windows OS Secure Shell (SSH) Endpoint Linux OS Tip: it is possible to define ACL (Access Control List) at the Endpoint level (see http://msdn.microsoft.com/library/azure/dn376541.aspx) Deny or permit traffic to the endpoint based on remote subnet IPv4 address range Blacklist IP addresses, …

Load Balanced Set (Demo Summary) mycloudservicednsname EndPoint Public Port (80) Local/Private Port (80) Protocol (TCP/UDP) Name Cloud Service VM1 Port 80 LB Public Port 80 VM2 http://mycloudservicednsname.cloudapp.net:80 Port 80 Port 80 VM3 Port 80 Single Public IP Per Cloud Service (VIP)

Load Balancer Probes (Demo Summary) Load Balancer Probe (default) Set Name Protocol (TCP/HTTP) Probe Port Probe Interval Cloud Service VM1 Port 80 Public Port 80 LB TCP Probe VM2 VM2 Port 80 Port 80 VM3 Port 80

Load Balancer Custom Probes (Demo Summary) Load Balancer Probe (custom) Set Name Protocol (TCP/HTTP) Probe Port Probe Interval Cloud Service VM1 Port 80 /healthcheck.aspx Public Port 80 LB VM2 Port 80 Port 80 /healthcheck.aspx VM3 Port 80 /healthcheck.aspx

Port Forwarding Input Endpoints Public Port Local Port Protocol (TCP/UDP) Name mycloudservicednsname.cloudapp.net PORT 5586 PORT 3389 VM1 LB/IP PORT 5587 PORT 3389 VM2 Default created endpoints for Remote Desktop (3339) and PowerShell communication Single Public IP Per Cloud Service (VIP) http://mycloudservicednsname.cloudapp.net:5586  PORT 3389 VM1 http://mycloudservicednsname.cloudapp.net:5587  PORT 3389 VM2

What’s new in Networking? How does a private IP address get allocated to a VM? - One of the available IP address is allocated as the VM is allocated - The IP address remains the same as long as the VM is allocated. New: - You can statically set a private IP address to a VM (today only via PowerShell) - How? Configure a Static Internal IP Address (DIP) for a VM Public IP Reservations (http://msdn.microsoft.com/en-us/library/dn690120.aspx) - you can have static public IP addresses - up to 5 for free Instance-Level Public IP Addresses (http://msdn.microsoft.com/en-us/library/dn690118.aspx) - Public address that can be assigned directly to the VM (rather than to the cloud service that your VM resides within) - i.e. (Outbound traffic originating from the VM goes out with PIP as the source and this uniquely identifies the VM to external entities) Internal Load Balancing support between VMs that don’t have public facing endpoints (enables to load-balance VM with a private IP address) Accessible to VM within the same VNET or Cloud Service How ?  Internal Load balancing / Configure an internal load-balanced set

Persistent Disks and Highly Durable Windows Azure Storage (Disaster Recovery) Secondary region Windows Azure Storage Primary region Virtual Machine

Persistent Disks and Highly Durable Windows Azure Storage (Disaster Recovery) Secondary region Windows Azure Storage Primary region Virtual Machine Virtual Machine

VM disk layout OS Disk Persistent SATA Drive C: Temporary Storage Disk Local (Not Persistent) SATA Drive D: Data Disk(s) Persistent SCSI Customer Defined Letter

Virtual Machine Sizes and Storage VM Size CPU Cores Memory Bandwidth # (1TB) Data Disks Extra Small (A0) Shared 768 MB 5 (Mbps) 1 Small (A1) 1.75 GB 100 (Mbps) 2 Medium (A2) 3.5 GB 200 (Mbps) 4 Large (A3) 7 GB 400 (Mbps) 8 Extra Large (A4) 14 GB 800 (Mbps) 16 A5 A6 28 GB 1000 (Mbps) A7 56 GB 2000 (Mbps) A8 40 Gbit/s InfiniBand A9 112 GB For an up to date view see Virtual Machine and Cloud Service Sizes for Azure

Bring Your Own Server/VHD On-Premises Cloud Blog Storage Upload VHD MyApp.vhd Create Disk or Image Provision VM from Image or Disk using portal, script or API On Premises Virtual Server Use Case Forklift Migration of VMs Sys Prepped Images VHD Must Be Fixed Disk * CSUpload Can Convert on Upload

Imaging VMs in the Cloud Boot VM Base.VHD Identical/similar deployment instances using common OS image as start Capture VM Saves Customized Image to Your Image Library Blog Storage Capture VM Blog Storage Customize VHD Generalize VHD

Web Sites Build with popular web framework (ASP.NET, PHP, Java, Python or Node.js) With a SQL DB or MySQL database Deploy in seconds with  WebDeploy, FTP  Source Control Deployment (ex. Git/TFS ) Start for free, scale up as your traffic grows

Demo Web sites

Cloud Services (PaaS) Automated application management Support rich multi-tier architectures Web Role / Worker Role Build stateless highly scalable apps and services

A collection of related service roles What is a Cloud Service? A collection of related service roles Web Role Worker Role

What Can It Run? General Rule Choice of Language Choice of Frameworks If it runs in Windows it can run as a Cloud Service C#, VB, C++, Java, PHP, Node.js, Phython, etc. .NET, ExpressJS, Rails, Zend, etc.

Role Lifecycle All roles may extend RoleEntryPoint Roles report status via RoleEnvironment Methods Events Status Fabric Calls OnStart StatusCheck Busy Requests Routed Run StatusCheck Ready Role Lifetime Slide Objective: Understand the lifecycle of a Windows Azure role Understand the methods that can be overridden in RoleEntryPoint Understand the events that are raised by role instances when their status is changing Speaker Notes: Roles will typically extend RoleEntryPoint The fabric calls RoleEntryPoint methods as it starts and stops a role WaWorkerHost process is started. Worker Role assembly is loaded and surfed for a class that derives from RoleEntryPoint. This class is instantiated. RoleEntryPoint.OnStart() is called. RoleEntryPoint.Run() is called. If the RoleEntryPoint.Run() method exits, the RoleEntryPoint.OnStop() method is called . WaWorkerHost process is stopped. The role will recycle and startup again. As a role changes state it will raise the StatusCheck event. A status of Busy will mean the load balancer will not route requests to the instance. Notes: http://blogs.msdn.com/b/jnak/archive/2010/02/11/windows-azure-roleentrypoint-method-call-order.aspx http://msdn.microsoft.com/en-us/library/ee848065.aspx OnStop StatusCheck Busy Stopping

The High Scale Application Archetype

Deploying a cloud service

Windows Azure Fabric Controller Packaging and Deployment (Paas) Upload to Windows Azure Storage Microsoft Visual Studio Web Role Worker Role Package *.cspkg Service Package Windows Azure Fabric Controller Config *.cscfg Network Load Balancer

Windows Azure Fabric Controller Monitoring (Paas) Windows Azure Fabric Controller Network Load Balancer Package

A collection of related service roles What is a Cloud Service? A collection of related service roles Web Role Worker Role

Application building blocks Big data Database Storage Traffic Caching Messaging Identity Application building blocks Media CDN Networking

DB Azure SQL Database Relational SQL Server Engine in the Cloud Fully Managed Service Enteprise-Ready with automatic support for HA Designed to scale out elastically with demand Azure SQL Database != SQL Server SQL Server Feature Limitations (Azure SQL Database) DB

Cache Low latency, in-memory distributed cache 3 Types of Cache: Azure Redis Cache (preview) Managed Cache Service In-Role Cache (only for Cloud Services app) We recommend all new developments use the Azure Redis Cache!!! Learn more here: http://azure.microsoft.com/en-us/documentation/services/cache/#redis Azure Redis Cache (Preview)

Redis Cache Service Full Functionality Redis Cache Cluster Master/Slave Configuration Up to 26GB SSL Supported

distributed cache In-Role Cache (co-located) 300MB Web Roles 300MB 1.2GB Distributed Cache

2 In-Role Cache (dedicated) 24GB Distributed Cache Web Roles 12GB Cache Worker Role 12GB Cache Worker Role 24GB Distributed Cache 2

4 In-Role Cache (dedicated) 48GB Distributed Cache Web Roles 12GB Cache Worker Role 12GB Cache Worker Role 12GB Cache Worker Role 12GB Cache Worker Role 48GB Distributed Cache 24GB Distributed Cache 4

Cache Resources Integrating Cache within your app Redis Cache http://azure.microsoft.com/en-us/documentation/services/cache/#redis Cache Service http://www.windowsazure.com/en-us/documentation/articles/cache-dotnet-how-to-use-service/ In-Role Cache How to Use In-Role Cache for Windows Azure Cache Cache Capacity Planning Considerations: Capacity Planning for Windows Azure Cache Service In-Role Cache Capacity Planning Considerations

Traffic Traffic Manager

Windows Azure Traffic Manager Intelligently directs requests from users across instances of an app deployed in different Azure datacenter Policy options: Performance: all requests sent to the closest datacenter Failover: all requests sent to specified datacenter, unless datacenter is not available Round Robin: all requests equally spread across all datacenters Support for external Endpoints (outside Azure)!!!!

Media Media Services

What Do We Mean by Media Services? Your Choice of Components for Building Custom Media Workflows in the Cloud (you only pay for what you use) Windows Azure Media Services “The Media Services team is working on a long list of upcoming blog updates for the week of the International Broadcasters Convention in Amsterdam starting on September 10th, so stay tuned for more details on our Live Streaming and Content protection services” …from John Deutscher is currently the Principal Program Manager Lead for Azure Media Services…. Ingestion Encoding Content Protection Live Streaming On-Demand Streaming Analytics Advertising Format Conversion Live Streaming: currently in private preview Analytics: will be rolled out as they become available

Mobile Services Easily build cloud back-ends Data, identity, push notifications, and scheduled scripts Windows Store, Windows Phone, iOS, and Android, Xamarin, …

Break 

Cloud application Service bus relay App behind firewall Internet Windows Azure Service bus relay Cloud application Internet Enterprise App behind firewall

Service Bus as primary option Service bus relay Request/response and web service based Leverage existing know-how & implementation Dependent on availability/stability of network Service bus messaging, events, topics Lose way of integration More reliable – not dependent on network availability Higher implementation and coordiation efforts

Service Bus Messaging R S R R Queue Load Balancing Multiple receivers compete for messages on the same queue (or subscription). Provides automatic load balancing of work to receivers volunteering for jobs. Observing the queue length allows to determine whether more receivers are required.

Service Bus Messaging S R Topic Message Distribution Sub Service Bus Messaging Message Distribution Each receiver gets its own copy of each message. Subscriptions are independent. Allows for many independent ‘taps’ into a message stream. Subscriber can filter down by interest. Constrained Message Distribution (Partitioning) Receiver get mutually exclusive slices of the message stream by creating appropriate filter expressions.

Demo Service bus relay

Meaning of 9’s Service Availability(%) System Type Annualized Down Minutes Quarterly Down Minutes Monthly Down Minutes Practical Meaning FAA rating 90 Unmanaged 52,596.00 13,149.00 4,383.00 Down 5 weeks per year 99 Managed 5,259.60 1,314.90 438.30 Down 4 days per year ROUTINE 99.9 Well managed 525.96 131.49 43.83 Down 9 hours per year ESSENTIAL 99.99 Fault tolerant 52.60 13.15 4.38 Down 1 hour per year 99.999 High availability 5.26 1.31 0.44 Down 5 minutes per year CRITICAL 99.9999 Very high availability 0.53 0.13 0.04 Down 30 seconds per year 99.99999 Ultra availability 0.05 0.01 - Down 3 seconds per year SAFETY CRITICAL From Generic Requirements for Operation Systems Platform Reliability, Telcordia Technologies System Documentation,GR-2841-CORE and Federation Aviation Administration Handbook: Reliability, Maintainability, and Availability (RMA) Handbook, FAA-HDBK-006A, Jan 7, 2008. Service Level Agreemtents: http://azure.microsoft.com/en-us/support/legal/sla/