Welcome! 4:00 – 4:15 PM: socialize 4:15 – 5:00 PM: Overview of Microsoft Azure cloud platform toolbox 5:00 – 5:30 PM: networking break with snacks & food packs 5:30 – 6:15 PM: Cloud Architecture Patterns & Anti-Patterns 6:15 – 6:30 PM: give aways and wrap up Thanks to Finomial, our host:
Contents © 2015 Bill Wilder Microsoft Azure Overview It’s a toolbox Bill Wilder, Finomial blog.codingoutloud.com linkedin.com/in/billwilder Kolkata Azure 21-Aug-2015
the term “cloud” is nebulous… multiple types of cloud platform
“Bring Your Own” ____ as a Service NIST:
Why Azure?
IaaS According to Gartner Aug 2013
PaaS According to Gartner Jan 2014
Azure is a Toolbox Key Point to remember!
Azure is a Toolbox Code your app Deploy your app Host your app source code Host your app database Manage and Monitor your app User management Integration (hybrid cloud) Dev/Test Automate Operations And much much much much more…
Amount we’ll touch on
Code Your App Visual Studio integration & cross-platform tooling Platform support for PaaS and IaaS Fast-start templates for creating a web site in many languages / toolkits Supports many frameworks and languages – ASP.NET, Node.js, Python, Java, PHP, … DEMO
Deploy Your App Visual Studio Online (VSO) Continuous Deployment (CD) from VSO, github, others DEMO
Monitor Your App: App Insights Monitoring support Alerting support Services for gathering logs – “pets vs. cattle” Application Insights DEMO
Automating Automation: RunBooks I have stuff to automate … … with PowerShell On a schedule or ad hoc Might have sensitive credentials Might require auditing DEMO
A Tale of Two Portals
Where’s Azure? A global map: ows.net/apps/bingmap- geojson-display.html
Azure “Geo” Coming to India “Microsoft Announces Commercial Cloud Services from Local Datacenters by End 2015” “Microsoft's private preview of cloud services from India in July”
What’s Next? There’s a lot MORE to Azure! Free Trial: MSDN credits Free ebook: Microsoft Azure Essentials Fundamentals of Azure
Questions?
Take a Break 5:00 – 5:30 PM: networking break with snacks & food packs 5:35 – 6:20 PM: Cloud Architecture Patterns & Anti-Patterns 6:20 – 6:30 PM: give aways and wrap up
Content © 2015 Bill Wilder Cloud Architecture Patterns & Anti-Patterns Some bad ideas and some better ones Bill Wilder, Finomial blog.codingoutloud.com linkedin.com/in/billwilder Kolkata Azure 21-Aug-2015
Contents © 2015 Bill Wilder Cloud Architecture Patterns & Anti-Patterns Some bad ideas and some better ones Bill Wilder, Finomial blog.codingoutloud.com linkedin.com/in/billwilder Kolkata Azure 21-Aug-2015 Find this slide deck here
My name is Bill Wilder Bill blog.codingoutloud.com
Lots of ♥ to all the clouds etc…
26
Architect Skills Technical Business Decisions
28 Famous Architect: Aristotle On Properties: Essential property = must have Accidental property = happens to have but could lack For effective software architect, all are Essential Properties Technology Skills Ability to Communicate Business Awareness
29 Business Awareness
30 Top 10 “Blunders” by Enterprise Architects #3. Not engaging the business partners #2. Insufficient understanding and support from stakeholders #1. The Wrong Lead Architect (for non- technical reasons) #7. Not … Communicating the Impact #10. Not Spending Enough Time on Communications Source The top 10 enterprise architecture blunders By Alex Handy, September 25, 2009http:// Handy
To cloud or not to cloud? control vs. cost
Ctrl € $¥
Ctrl € $¥ Technology Skills Ability to Communicate Business Awareness
Cloud Services … in the Cloud “who would’ve thought” Cloud is a business innovation technology services + flexible rental model new types and combinations of services
1/9 th above water Services: TTM & Sleeping well SOA
Treating your ops team as equivalent to the cloud vendor’s ops team (They are not. Let cloud vendor handle service operations. Use services. You focus on your app.) Anti-Pattern #1
What is an Anti-Pattern Wikipedia says: ( “A common response to a recurring problem that is usually ineffective and risks being highly counterproductive.” Bill’s amplification: “An anti-pattern approach may seem reasonable, or actually be reasonable in other contexts. There may be problems that are not yet be apparent.” Often depends on the situation. This talk will span: Architecture and Architects
N-tier, SOA, μSvcs Multi-data center Horizontal scaling Expects failure Eventual consist Traditional Cloud-Native 2-tier Single data center Vertical scaling Ignores failure Transactional consist Less flexible More manual/attention Less reliable (SPoF) Maintenance window Less scalable, more $$ Agile/faster TTM Auto-scaling Self-healing HA Geo-LB/FO TELLS/CLUES CONSEQUENCES Tells: Traditional vs Cloud-Native Which is “best” architecture? There is no “best” architecture – it is situational, a Technical Business Decision. Cloud-native popularity growing in proportion to the shrinking cost and competitive benefits.
One-size-fits-all architecture Anti-Pattern #2
[Cloud] Anti-Pattern Causes Abstraction misalignment Not reading the fine print Insufficient ongoing attention to cost Insufficient ongoing attention to automation
(PoP)
Move Simple PoP App to Cloud WHAT NOW?
Scalability & Performance & Cost & Automation
Are Cloud Resources Infinite? “We often hear that public cloud platforms offer the illusion of infinite resources. Obviously, resources are not literally infinite (infinite is rather a lot), but you can expect that any time you need more resources, they will be available (though not always instantly). This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.” Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book
Time passes… PoP has lots of photos
One-size-fits-all data storage (perf, scalability, cost) Anti-Pattern #3
Upgrade to scenario-specific storage Some $, Perf, Scale benefits
PoP uses Valet Key Pattern Even more $, Perf, Scale benefits
CDN for public content Many, many other storage options also available: NoSQL varieties, caches, etc.
Always access raw data (regardless of distance, cost) (performance, scalability, cost) Anti-Pattern #4
Scalability != Performance ∞ performance does not imply ∞ scale (but sure would be a good start!) “Performance is what an individual user experiences; scalability is how many users get to experience it.” Page 8, my (Bill Wilder’s) Cloud Architecture Patterns book
PoP web tier goes multi-instance… Users experiencing login issues * *Depending on configuration …
Are Cloud Resources Infinite? “We often hear that public cloud platforms offer the illusion of infinite resources. … This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.” Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book
Running stateful VMs in web / service tiers (Limits horizontal scalability & complicates autoscale – but sometimes is reasonable option) Anti-Pattern #5
I don’t have a slide on this, so won’t mention it, but there’s also … sharding
Reliability
Treating commodity cloud VMs like the super- reliable iron your company buys. (Not internally redundant; failure is routine (not frequent); optimized for value.*) Anti-Pattern #99
PoP Adding Video Support (uh oh!)
Current
Let’s extend PoP with a Service Tier
REQUEST / RESPONSE (http + json) OPTION 1: Request/Response Services Services Tier Web Tier Data Tier Stateless Services web browser
Coupling Between Tiers (reliability, scalability, cost) (Situational: I frequently violate! Also relates to microservices.) Anti-Pattern #6
Cloud Platform Reliable Queues Azure Storage or ServiceBus Queue AWS Simple Queue Service Google Pub/Sub Durable – won’t lose your data Reliable – backed by SLA and ops team Scalable – Internet scale Approachable – REST + many SDKs
Basic Idea Reliable Queue Work Producers Work Consumers
OPTION 2: Async Services Services Tier Web Tier Data Tier Stateless Services web browser push pull
Stateless Services Notice anything “missing” ? There is no transaction Get used to idea of eventual consistency
Enables Responsive UX Response to interactive users is as fast as a work request can be persisted UX challenge due to async processing – Eventual consistency processing – Eventual satisfaction for users
Enables More Reliable Service Decoupled front/back provides insulation Blocking is bane of scalability
Limit yourself to transactionally-friendly operations (reliability, scalability, cost) Anti-Pattern #99
General Case: Many Queue Types Web Role (IIS) Web Role (IIS) Worker Role Worker Role Web Role (IIS) Web Role (IIS) Web Tier (Public) Web Tier (Public) Worker Role Worker Role Worker Role Worker Role Service Tier Type 1 Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Type 2 Worker Role Type 2 Queue Type 1 Queue Type 2 Queue Type 1 Queue Type 2 Queue Type 3 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Service Tier Type 2 Service Tier Type 2 Web Tier (Admin) Web Tier (Admin)
Enables Cost-Efficient Scaling Loosely coupled, concern-independent scaling Get Scale Units right Optimize for CO$T EFFICIENCY GOAL: cost α benefit
How about the queue API?
A reliable queue works just like any other queue, right? (beware the abstraction mismatch) Anti-Pattern #7
Reliable Queue & 2-step Delete Web Tier Web Tier Service Tier var url = “ queue.AddMessage( new CloudQueueMessage( url ) ); var invisibilityWindow = TimeSpan.FromSeconds( 10 ); CloudQueueMessage msg = queue.GetMessage( invisibilityWindow ); (… do some processing then …) Queue queue.DeleteMessage( msg );
Idempotent Processing An idempotent operation can be performed more than once without changing the end result. Key technique in lieue of distributed transactions
Poison Message Detection A poison message is a flawed message that can never be successfully processed.
QCW requires “Plan for Failure” VM restarts will happen – Hardware failure, O/S patching, crash (bug) Bake in handling of restarts into our apps – Restarts are routine: system “just keeps working” – Idempotent support needed important – Event Sourcing (commonly seen with CQRS) may help Not an exception case! Expect it! Consider N+1 Rule
Typical SiteAny 1 Role InstOverall System Operating System Upgrade Application Code Update Scale Up, Down, or In Hardware Failure Software Failure (Bug) Security Patch What’s Up? Reliability as EMERGENT PROPERTY
What about the DATA? You: Azure Web Roles and Azure Worker Roles – Taking user input, dispatching work, doing work – Follow a decoupled queue-in-the-middle pattern – Stateless compute nodes Cloud: “Hard Part”: persistent, scalable data – Azure Queue & Blob Services – Three copies of each byte – Geo-replicated to sister data center – Busy Signal Pattern
Tiers of Cloud Failure Transient API/DB connection failures Temporary/Ephemeral drive loss DC outage (or smoking hole) Zone/Region outage (or smoking hole) Global outage
“Failure is not an option” (Failure is routine, at least at lower tiers.) Anti-Pattern #8
Programming against Cloud Services as though they were reliable (Transient Failures handled using Busy Signal Pattern) Anti-Pattern #9
Security
A1-Injection A2-Broken Authentication and Session Management A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards
unicorn cloud security for apps Copyright © 2013 Elizabeth B. O’Connor used with permission SQL INJECTION SESSION HIJACKING CSRF XSS
Belief in cloud app security unicorns Reality: your app’s vulnerabilities will port very cleanly to your favorite cloud platform Anti-Pattern #10
Little Bobby Tables (still a problem)
Conflating App & Platform security secure compliant Anti-Pattern #11
Cloud News from June A cautionary tale… – DDoS – Security Breach – Ransom / Extortion – Fighting Back – Malicious Destruction of Assets – Business Failure ELAPSED TIME 12 HOURS
1FA single-factor auth (2FA/MFA is widely available) Anti-Pattern #12
Service Level Agreements (SLA)
PoP (pageofphotos.com) adds paid plans to corporate partners – wants to offer an SLA
What is “the SLA” for storage?
SLA Responsibilities From Google Storage ( : "Back-off Requirements" means, when an error occurs, the Application is responsible for waiting for a period of time before issuing another request. This means that after the first error, there is a minimum back-off interval of 1 second and for each consecutive error, the back-off interval increases exponentially up to 32 seconds.”
SLA Math All required: = All required: x x = Period of time over which an SLA applies matters
SLA Penalties Limited to the service costs – Service costs != your business losses Multiple instances might be needed to be eligible
Passing along the SLA The cloud SLA becomes my service’s SLA Anti-Pattern #13
Compose to boost reliability
Affordability
Maximizing value from public cloud platforms Key Concept Turn off or delete unused resources Leverage very aggressive pricing for non- production workloads Enhance agility & productivity ASIDE: Will your test team be ahead of – or behind – the curve when your company moves production apps to public cloud?
The term “cloud” is nebulous… Public cloud platforms are global (and getting “globalier”)
Automation
– – – – – –
105 What is Architecture? "Architecture is the fundamental organization of a system embodied in its components, their relationships to each other, and to the environment, and the principals guiding its design and evolution." [IEEE 1471]
The architecture of a cloud-native application is aligned with the architecture of the underlying cloud platform.
Hiring! HIRING at Finomial Corporation Are you a talented senior engineer/architect interested in financial services space? Technology stack is ASP.NET on Azure + SPA
Except where noted, slide deck is © 2014 Development Partners Software Corporation And…. Bill blog.codingoutloud.com linkedin.com/in/billwilder Find this slide deck here
des questions?