Migrating Business Apps to Windows Azure

Marc MüllerPrincipal Consultant, 4tecture GmbH

www.4tecture.chwww.dotnetacademy.chmmueller@4tecture.ch

Agenda

Agenda

Short Introduction to Windows Azure Overview Differences to On-Premise Development

Migration Strategies Logic / Frontend / Storage

Cloud Computing Topics Scale Out / Scale up Architecture / Cost Oriented Architecture

SecurityRole ManagementCall to ActionQuestions

Windows AzureWhat, Cloud is just computers? – differences to on-premise systems

Demo

Definition of Cloud Computing

Software-as-a-Service

consume

“SaaS”Platform-as-a-Service

build

“PaaS”Infrastructure-as-a-Service

host

“IaaS”

Packaged Software

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

You

manag

eInfrastructure

(as a Service)

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Managed b

y v

endor

You

manag

e

Platform(as a Service)

Manag

ed b

y v

en

dor

You

manage

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Software(as a Service)

Managed b

y v

en

dor

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Image Source: Windows Azure Training Kit

The transition to the cloudWindows Server Single Instance Persistent

File System Network Shares

Windows Security (AD)Windows Azure Multi Instance Stateles OS

Azure Storage SQL Azure

ACS (AD ADFS) Azure Connect / Service Bus

Benefits Automated Updates Multi-Instance-Management Scale-Out High Availability / Failover

Standard Cloud Tiers

Front end: e.g. load-balanced stateless web servers

Middle worker tier: e.g. order processing, encoding

Backend storage: e.g. SQL tables or files Multiple instances of each for scalability and

availability Front-End

Cloud Application

Front-End

HTTP/HTTPSWindows

AzureStorage,

SQL Azure

Load Balancer

Middle-Tier

Image Source: Windows Azure Training Kit

Top migration effort points

Stateful vs Stateless

Scheduled Jobs

Complex Business Logic in Database

File Handling

Migration StrategiesAzure ComputeHow to migrate your processing logic

Windwos Azure Roles

Role is an executableCreate your own web server, host a database, etc.

Inbound onAny TCP PortHTTP/HTTPS

Worker Role Role is hosted on IIS HTTP/HTTPS ASP.NET Fast CGI + PHP

Web Role

“Move” applications to Windows Azure Full control over OS Image VHD Image Designed for long or non-automated installs Image must be Windos Server 2008 R2

Enterprise

VM Role

Azure Package and Endpoints

Configuration Service Definition (*.csdef) Service Configuration (*.cscfg)

Deployment Package Encrypted(Zipped(Code +

*.csdef)) *.cspkg file

Deplyoment (*.cspkg + *.cscfg)

Endpoints Input Internal Windows Azure Connect

Startup Tasks

Enables short, unattended setups on role startup Silent MSIs, COM Components, Registry Keys, Configuring Windows Server, etc.

Configured in the .csdef Task Type

Simple – System waits for the task to exit Background – System does not wait for the task to exit Foreground – Same as background, but blocks role restart until tasks exit

<WebRole name=“FabrikamShipping.App.Web"> <Startup> <Task commandline="relative\path\ToSetupExecutable" executionContext="limited|elevated" taskType=“simple|foreground|background"/> </Startup></WebRole>

Workflow (simplified)

Define your Endpoints Define Roles and Instance Count Create a deployment package (application

binaries) Provide additional Installers and Binaries for

Startup Tasks Deploy!

… but there are some important points to consider!

Migration StrategiesAzure StorageHow to hanlde files in the cloud…

Storage Challange

Don’t think in terms of «file system access» Think RESTful

4 HTTP Verbs for CRUD Ressources

Local file system should be used for «local cache» only Create logical storage storage interfaces / abstractions CreateAzure Storage adapters in your application

Migrate your local file system

Blobs - Simple named files along with metadata for the file Two level hierarchy – container / file Security on container / file – policy or signature Two Types

Block BLOB (streaming workload [“file”], blocks, max 200GB) Page BLOB (random read / write, pages, max 1TB)

Drives - Durable NTFS volumes Page BLOB formatted as a NTFS single volume VHD one instance read/write, read-only snapshot for multiple instances Drive API, not REST Calls – NTFS API for read/write

Access BLOB Files

RESTful URL

Can include ‘/‘ or other delimeter in name

e.g. /<container>/f1/blob1.jpg e.g. /<container>/f1/blob2.jpg http://.../<container>?comp=list&prefix=f1&delimiter=/ f1/blob1.jpg,

f1/blob2.jpg Image Source: Windows Azure Training Kit

BLOB Security

Control the access to your files Fine grain access rights to blobs and containers Sign URL with storage key – permit elevated rights Revocation

Use short time periods and re-issue Use container level policy that can be deleted

Two broad approaches Ad-hoc Policy based

Create Shared Access Keys by Tool API

Web App

Client

Blob Storage

Request Shared Access KeyURL

Signed URL

Demo

Tools

Windows Azure Storage Explorerhttp://azurestorageexplorer.codeplex.com

New Concepts

Azure Table Storage Not a RDBMS! Tables and Entities

CRUD No fixed Schema (except

Partition Key, Row Key, Timestamp) Up to 255 properties per

Entity type (standard .NET Types)

Azure Queue Storage Used for instance synchronization Messages (max. 8kb) Reliable Delivery / Poisonous Message detection

Image Source: Windows Azure Training Kit

Migration StrategiesDatabaseSQL Database in the cloud

SQL Azure

Click icon to add picture

SQL Server EngineShared infrastructure

Request routing, security, isolation

Scalable / high availability Automatic replication and failover

Working with SQL Azure TDS Protocol (Firewall rules!) Use existing clint libraries: ADO.NT, ODBC, PHP, … Cannot switch between DBs (no USE command) Only SSL connections are supported (encrypt = true) Standard SQL Auth Logins (username + password)

Challenge

SQL Azure focusses on logical administration Schema creation and management Query optimization Securiy management

No physical management needed / possible

Restrictions Not supported: Sparse Columns, Filestreams, Partitions, Full-Text-indexes, SQL-CLR Tables require clustered indexes

New features SQL Azure Federations

How do I migrate my database?

TSQL Management Studio – Script database as… Size restrictions (data)! use BCP

TSQL with BCP (Bulk Copy Utility) SQL Azure Migration Wizard (http://sqlazuremw.codeplex.com) SQL Azure Federation Data Migration Wizard (http://sqlazurefedmw.codeplex.com)

SQL Server Data-Tier Applications (DAC) DACPAC / BACPAC

Sync Framework 2.1

How do I backup by database?

Import / Export (DAC) Not transactional consistent! create a copy first! CREATE DATABASE destination_database_name AS COPY OF

[source_server_name.]source_database_name No job scheduler!

Sync with on-premise database SQL Azure Datasync Full backup functionality on on-premise database

BCP (bulk copy utility) bcp AdventureWorksLTAZ2008R2.SalesLT.Customer out C:\Users\user\Documents\GetDataFromSQLAzure.txt -c

-U username@servername -S tcp:servername.database.windows.net -P password

SQL Azure Backup Tools Quest Spotlight for SQL Azure, Enzo Backup for SQL Azure, Redgate SQL Azure Backup Tool,

SQLAzureBackup

Restriction Workarounds

Job Scheduler Use an on-premise database (sync) and run the jobs locally On-premise job scheduler with connection to SQL Azure (TSQL) Local SQL Server Integration Services with connection to cloud Use an Azure Worker Role with a scheduler

Full Text Search Lucene.net

Unique identifier Clustered Indexes NEWSEQUANTIALID() ist not supported! Don’t use unique identifiers for clustered indexes or provide custom index generator (App Tier)

Migration StrategiesCloud FeaturesDesign your application for the cloud!

Scale-Out Architecture

StorageTables

LB

Blobs

Worker ServiceWorker Service

Worker Role

Managed Interface

Call

Web Site(ASPX, ASMX,

WCF)

Web Site(ASPX, ASMX,

WCF)Web RoleIIS as Host

Queues

Windows Azure Data Center

LB

LB

The InternetThe Internet via TCP or HTTP

Image Source: Windows Azure Training Kit

Scale-Out ArchitectureIntelligent Network Load Balancer

Async Activation

Network Activation

Blob Storage

Partitioned RDBMS

Key/ValueDatastor

es

State Tier Queues

Stateless Web and/or Application Servers

Stateless ‘Worker’ Machines

Role Patterns

Click icon to add pictureClick icon to add picture

Click icon to add picture

Web Role IIS Web Application / Web Farm

Worker Role Queue Polling Worker

Poll and Pop Messages (i.e. map/reduce pattern) Listening Worker Role

TcpListener / WCF (i.e. run a .NET SMTP) External Process Worker Role

Start process from application or startup task E.g. Run a database server, web server,

distributed cache

Web / Worker Hybrid Role Web Application and Background Worker in

same Instance

Web Role Worker Role

Hybrid Role

Asynchronous Programming

Use queue messages for tasks A message should be small, use BLOB or Table storage for

the payload

Web Role Worker Role

Storage

Queue

LB LB

Worker RoleWorker Role

Web Role Worker Role

Blob Container

Table

30mb JPEG

Map Reduce

Upload Web Role

Map Worker Role

Reduce Worker Role

Image Uploaded

Image Split

SlicesSaved To

Blob Storage

Slices Pulled from Blob Storage

Images Processedin Worker Instances

Processed Slices Pushed Back to Blob Storage

Splits ReducedBack to Full Image

Final ImageSaved as BLOBReady for Use

Queue Best Practices

Ensure that messages are idempotent [f(x) = f(f(x))] and have a

compensation mechanism you implement poison detection

To do so, you have to Check the «dequeue count» of a message Use Transaction with Rollback / Comit Use an Action-Log to recover last state Move poisonous message to a separate queue or delete

them

Data Partitioning

Why should we partition the data? Data volume (too large) Work load (too many transactions) Costs (COA – Cost Oriented Architecture) Elasticity (JIT Partitioning during high load periods)

Horizontal Partitioning: Vertical Partitioning:

Migration StrategiesSecurityHow to authenticate in your cloud application

Authentication & Authorization

Click icon to add picture

Click icon to add pictureClick icon to add picture

We do not want to implement another security system integrate the cloud server into our

domain

We want to integrate into our existing security

system (AD) integrate partners and customers use open an flexible standards

TrustSecurity

Token

Integrate in company’s AD

Migration StrategiesRole ManagementScale Out / Scale Up

Cloud Computing Patterns

Optimize your instance usage Save money Have responsive apps

Manage Instances Manually through management portal Manuelly through management service Automatically

Trac diagnostic information Modify instance count automatically (i.e. EntLib 5 Autoscaling Block)

Click icon to add pictureClick icon to add picture

Click icon to add pictureClick icon to add picture

Let’s get startedMSDN Benefits

MSDN Benefits

http://www.windowsazure.com/en-us/pricing/member-offers/msdn-benefits/

Special Training Offer

http://www.4tecture.ch/Media/Default/Flyer/AzureQuickstartFlyer.pdf

Questions?