Windows Azure Cloud & Application Services

NameTitleOrganization

ManagementComplexity

Azure ecosystem

Web Sites

Cloud Services Virtual Machines

Control

Gallery

SPA

Social N-Tier

Sharing

LOB

Web APISpecialized

Legacy

Hybrid

Caching Access Control

Service Bus

CDN

TrafficManager

HPC Storage

On-prem

MediaServices

SQL Database

Flexibility

Hello World! .

Cloud Service Overview

Why Cloud Service?

Build infinitely scalable applications and services

Support rich multi-tier architectures

Automated application management

What is a Cloud Service?

A collection of related service roles

Web Role Worker Role

What Can It Run?

Web Role

All features of a worker role + IIS 7 or 7.5ASP.NET 3.5 SP1 or 4.0 – 64bitHostsWebforms or MVCFastCGI applications (e.g. PHP)Multiple Websites

Http(s)Web/Worker HybridCan optionally implement RoleEntryPoint

Worker Role Patterns

Queue Polling WorkerPoll and Pop Messages within while(true) loopE.g. Map/Reduce pattern, background image processing

Listening Worker RoleCreate TcpListener or WCF Service HostE.g. Run a .NET SMTP server or WCF Service

External Process Worker RoleOnStart or Run method executes Process.Start()Startup Task installs or executes background/foreground processCustom Role Entry Point (executable or .Net assembly)E.g. Run a database server, web server, distributed cache

Role Lifecycle

All roles may extend RoleEntryPointRoles report status via RoleEnvironment

StatusCheck

StatusCheck

StatusCheck

Stopping

METHODS EVENTS STATUS

Roles and Instances

At runtime each Role will execute on one or more instances A role instance is a set of code, configuration, and local data, deployed in a dedicated VM

Roles are defined in a Hosted ServiceA role definition specifies:Virtual machine sizeCommunication endpointsLocal storage resourcesetc.

Roles and Instances

Cloud ServiceWeb Roles Worker Roles

Web_instance_0

Web_instance_1

Worker_instance_2

Worker_instance_1

Worker_instance_0

Fault Domains

99.95% Uptime GuaranteeRequires 2 or more instance per role

Role instance are isolated by fault domainFault domains isolate VMsFault domains provide redundancyAt least two fault domains per role

Roles and InstancesExample role with nine virtual machines distributed across three fault domains

ROLE

VM1 VM3

VM5 VM8

VM2 VM4

VM6 VM9

VM6 VM9

Upgrade Domains

Hello WorldDemo

Cloud Service Lifecycle

Understanding Packaging and ConfigWindows Azure Services are described by two artifacts:Service Definition (*.csdef)Service Configuration (*.cscfg)

Your code is zipped and packaged with definition (*.cspkg)Encrypted(Zipped(Code + *.csdef)) == *.cspkg

Windows Azure consumes just (*.cspkg + *.cscfg)

Startup tasksInstall software and featuresConfigure host environmentStart processes

Remote Desktop supportCertificate used to enable remote desktop access

EndpointsPublic endpointsInternal endpointsInstanceInput endpoints

Runtime Settings

Upload to Windows Azure

Packaging & Deployment

Microsoft Visual Studio

Web Role

Worker Role

Application Upgrade Strategies

Staging vs. ProductionDeploy to staging for testing and validation; Promote to production using VIP swap

In-place upgradeReplace an old deployment with a new deployment

Service ManagementDemo

Package

Cloud service lifecycle – Simplistic view

Upload DeployCode©

Cloud service lifecycle - Agile

Product planning

Sprintplanning

Sprint

Shippable increment

Dailyscrum

©

Team Foundation Service• Governance/Guidance over complete software

lifecycle• Integrated with Visual Studio, and now Azure

Management Portal• Support different methodologies and processes• Source repository with gated check-in• Continuous integration with auto-build• Integrated bug tracking

TFS Continuous Integration Demo

Role Instance

Windows Azure DiagnosticsRole Instance StartsDiagnostic Monitor StartsMonitor is configuredImperatively at Start timeRemotely any timeConfiguration is saved in Storage

Monitor buffers data locallyUser can set a quota (FIFO)

User initiates transfer to storage from local bufferScheduled On Demand

Windows Azure Diagnostics Demo

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Messaging

Networking

Traffic

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Messaging

Networking

Traffic

What’s Windows Azure Cache?

• Use spare memory on your VMs as high-performance cache

• Distributed cache cluster co-located with existing roles, or use dedicated roles

• Named caches with high availability option

• Notifications• Support Memcached protocol

Why Windows Azure Cache?

FasterNo external service calls (additional network hops)Co-located in roles

CheaperNo external service calls (additional cost)Use spare memory that you already paid for

More reliableYour service is running = cache is availableNo throttling as in cotenant environment

Windows Azure CacheDemo

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Messaging

Networking

Traffic

Cloud/On-Premise Integration

Cloud-Hosted, reliable asynchronous Messaging Infrastructure with Publish/Subscribe

Cloud-Based Relay enabling NAT/Firewall Traversal for reach into on-premises assets

RelayService Bus Relay solves the challenges of communicating between on-premises applications and the outside world by allowing on-premises web services to project public endpoints. Systems can then access these web services, which continue to run on-premises from anywhere on the planet.

NATFirewall

Dynamic IP

Messaging

QueueAsynchronous communicationOffline processingLoad-balancing

Topic & SubscriptionAsynchronous communicationPublish/Subscription patternMessage routing

Queue Queue

Service Bus: RelayDemo

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Messaging

Networking

Traffic

Security challenge

Your App

Authentication

Authorization

User store

ManagementUI

Forget password?

Customersupport Data

protection

Integrationwith AD

LDAPUser

mapping

Synchronization

IntegrationWith

Facebook

MoreUser

mapping

FacebookAuth API

MoreSynchronizatio

n

Solution: Claim-based architecture

Your App

?“User is Joe”“Role is Administrator”

ACS +

WIF

Mob

ile

ACSACS

ADFS2 . WS-Federation

Your ApplicationIdentity Providers

Bro

wse

r-b

ase

dR

ich

Clie

nt

WS-Federation

SAML

SWT

SAML

SWT

Service Identities

ADFS2 . WS-Trust

WS-Trust

OAuth WRAP/2.0

WIF

Claims

Federated security with ACS

Demo

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.