microsoft azure cloud platform an overview csci e-90 cloud computing zoran b. djordjević harvard...
TRANSCRIPT
![Page 1: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/1.jpg)
Microsoft Azure Cloud Platform
an overview
CSCI E-90 Cloud Computing Zoran B. DjordjevićHarvard University
November 14th, 2014(5:30 – 7:30)
Boston Azure User Grouphttp://www.bostonazure.org@bostonazure
Bill Wilderhttp://blog.codingoutloud.com@codingoutloud
HELLOmy name isBill Wilder
![Page 2: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/2.jpg)
My name is Bill Wilder
HELLO
my name is
Bill Wilder
[email protected]@codingoutloud
www.devpartners.com
![Page 3: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/3.jpg)
Who is Bill Wilder?
www.devpartners.com
www.bostonazure.org
www.cloudarchitecturepatterns.com
![Page 4: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/4.jpg)
@Bill Wilder 4
Reality is Resource-Constrained
“Security is always a tradeoff; it must be balanced with the cost.”
- Bruce Schneier
http://www.schneier.com/essay-207.html
![Page 5: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/5.jpg)
@Bill Wilder 5
Reality is Resource-Constrained
“_______ is always a tradeoff; it must be balanced with the cost.”
- Bruce Schneier
http://www.schneier.com/essay-207.html
![Page 6: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/6.jpg)
@Bill Wilder 6
Members of Microsoft AzureSecurity Team
![Page 7: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/7.jpg)
@Bill Wilder 7
Data
Microsoft Azure Security LayersDefense in Depth Approach
Physical
Application*
Host
Network
Strong storage keys for access control SSL support for data transfers between all parties
Front-end .NET framework code running under partial trust Windows account with least privileges
Hardened version of Windows Server 2008 OS for both VM Host and VM Guest operating systems
Host boundaries enforced by external hypervisor
Host firewall limiting traffic to VMs VLANs and packet filters in routers
World-class physical security ISO 27001 and SAS 70 Type II certifications for datacenter
processes
Layer Defense-in-Depth
![Page 8: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/8.jpg)
@Bill Wilder 8
Defenses Inherited by Azure Applications
Spoofing Tampering/ Disclosure
Elevation of Privilege
Configurable scale-out
Denial of Service
VM switch hardening
Certificate Services
Shared-Access Signatures
HTTPS
Sidechannel protections
VLANs
Top of Rack Switches
Custom packet filtering
Partial Trust Runtime
Hypervisor custom sandboxing
Virtual Service Accounts
Repudiation
Monitoring
Diagnostics Service
![Page 9: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/9.jpg)
@Bill Wilder 9
Developer Resources• www.windowsazure.com/develop/ is LOADED
with Dev Libraries, Training Kits, How To Guides across:– Mobile (iOS, Android, Win Phone, Win 8 SDKs)– .NET, Node.js, Java, PHP, Python, REST– PowerShell, CLI
• Example: Create Node.js web site from Mac CLIhttps://www.windowsazure.com/en-us/develop/nodejs/tutorials/create-a-website-(mac)/
• Example: Create Linux (CentOS) VM from CLI (Node-based CLI – Windows not required) https://www.windowsazure.com/en-us/develop/php/how-to-guides/command-line-tools/ https://www.windowsazure.com/en-us/develop/nodejs/how-to-guides/command-line-tools/
• Example: Install Couchbase + VNet on VMhttp://blogs.msdn.com/b/jimoneil/archive/2012/06/16/couchbase-on-azure-a-tour-of-new-windows-azure-features.aspx
![Page 10: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/10.jpg)
@Bill Wilder 10
PORTAL DEMO
www.windowsazure.commanage.windowsazure.com
![Page 11: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/11.jpg)
Cloud ComputingPackaged Software
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You
man
age
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managed by vendor
You
man
age
Platform(as a Service)
Managed by vendor
You
man
age
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Managed by vendor
Storage
Servers
O/S
Middleware
Virtualization
Applications
Runtime
Data
Networking
![Page 12: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/12.jpg)
___________________ as a Service
Apps, $/user,
Expertise, SLAApp Services as OpEx,
$/VM/Svcs, OS, DBMS, etc. with patching & upgrades,Environment Monitoring,
Expertise, SLA
Virtualized Hardware as OpEx, Networking, Automation, Elasticity,
Price Transparency, Global Data Centers, Expertise, SLA
IaaS
PaaS
SaaSSoftwareInfrastructurePlatform
BYOUsers
BYO Apps
BYO VMs
Publ
ic Clo
ud R
enta
l Mod
els
AppHarbor
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
![Page 13: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/13.jpg)
Microsoft Azure Compute Options
• HDInsight (Hadoop) – specialized: big data• Mobile Services – specialized: devices• Virtual Machines – most flexible• Web Sites – most convenient• Cloud Services – most scalable, most efficient
![Page 14: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/14.jpg)
Cloud Services
• Build highly scalable apps and services
• Multi-tier, multi-instance architectures
• Can be combined with other compute services
• Stateless node, horizontal scaling approach
• Automated management
![Page 15: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/15.jpg)
Cloud Services
Web Roles • 1+ types• Windows
Server • Running IIS
.csdef cscfg
Worker Roles • 1+ types• Windows
Server • Could run
Tomcat, etc.
“Service Model”• Deployment
Package• Config: VM sizes &
instance counts, settings, endpoints, certs…
![Page 16: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/16.jpg)
Cloud Services
Web Role Instances
Load Balancer
Worker Role Instances
![Page 17: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/17.jpg)
Service Bus Queue
• Durable – won’t lose your data• Reliable – backed by SLA and ops team• Scalable – Internet scale• Approachable – REST + SDKs• Feature rich – supports “at least once” and
“at most once” delivery guarantees, pinning, suspend, & more…
• See also: Azure Storage Queue
![Page 18: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/18.jpg)
Scalable Architecture
Service Bus Queue
Web Role Instances
Worker RoleInstances
![Page 19: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/19.jpg)
QCW Example: User Uploads Photo www.pageofphotos.com
Web Server
Compute ServiceReliable Queue
Reliable Storage
![Page 20: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/20.jpg)
QCW [on Azure]
WE NEED:• Compute (VM) resources to run our code
Web Roles (IIS) and Worker Roles (w/o IIS)• Reliable Queue to communicate
Azure Storage Queues• Durable/Persistent Storage
Azure Storage Blobs & Tables; WASD
![Page 21: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/21.jpg)
QCW on Azure: User Uploads a Photo
WebRole(IIS)
WorkerRoleAzure Queue
Azure Blob
UX implications: user does not wait for thumbnail(architecture!)
ww
w.p
ageo
fpho
tos.
com
push pull
![Page 22: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/22.jpg)
QCW enables Responsive UX
• Response to interactive users is as fast as a work request can be persisted
• Time consuming work done asynchronously• Comparable total resource consumption,
arguably better subjective UX• UX challenge – how to express Async to users?
– Communicate Progress– Display Final results– Long Polling/Web Sockets (e.g., SignalR or Node.io)
![Page 23: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/23.jpg)
QCW enables Scalable App
• Decoupled front/back provides insulation– Blocking is Bane of Scalability– Order processing partner doing maintenance– Twitter down– Email server unreachable– Internet connectivity interruption
• Loosely coupled, concern-independent scaling– (see next slide)– Get Scale Units right
–Key to optimizing operational CO$T$
![Page 24: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/24.jpg)
General Case: Many Roles, Many Queues
WebRole(IIS)
WorkerRole
WebRole(IIS)
WebRole
(Public)
WorkerRoleWorker
RoleWorker
Role Type 1
WorkerRoleWorker
RoleWorkerRoleWorker
Role Type 2
Queue Type 1
Queue Type 2
Queue Type 1
Queue Type 2
Queue Type 3
• Scaling best when Investment α Benefit• Optimize for CO$T EFFICIENCY
• Logical vs. Physical Architecture depends on current scale
WorkerRole
Type 2
WorkerRole
Type 2
WorkerRole
Type 2
WebRole
(Admin)
![Page 25: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/25.jpg)
Reliable Queue & 2-step Delete
(IIS)WebRole
WorkerRole
var url = “http://pageofphotos.blob.core.windows.net/up/<guid>.png”;queue.AddMessage( new CloudQueueMessage( url ) );
var invisibilityWindow = TimeSpan.FromSeconds( 10 );CloudQueueMessage msg = queue.GetMessage( invisibilityWindow );
(… do some processing then …)queue.DeleteMessage( msg );
Queue
![Page 26: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/26.jpg)
QCW requires Idempotent
• Perform idempotent operation more than once, end result same as if we did it once
• Example with Thumbnailing (easy case)• App-specific concerns dictate approaches
– Compensating action, Last write wins, etc.• PARTNERSHIP: division of responsibility
between cloud platform & app– Far cry from database transaction
![Page 27: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/27.jpg)
QCW expects Poison Messages
• A Poison Message cannot be processed– Error condition for non-transient reason– Use dequeue count property
• Be proactive– Falling off the queue may kill your system
• Determine a Max Retry policy per queue– Delete, put on “bad” queue, alert human, …
![Page 28: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/28.jpg)
QCW requires “Plan for Failure”
• VM restarts will happen– Hardware failure, O/S patching, crash (bug)
• Bake in handling of restarts into our apps– Restarts are routine: system “just keeps working”– Idempotent support needed important– Event Sourcing (commonly seen with CQRS) may
help• Not an exception case! Expect it!• Consider N+1 Rule
![Page 29: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/29.jpg)
Typical Site Any 1 Role Inst Overall System
Operating System Upgrade
Application Code Update
Scale Up, Down, or In
Hardware Failure
Software Failure (Bug)
Security Patch
What’s Up? Reliability as EMERGENT PROPERTY
![Page 30: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/30.jpg)
What about the DATA?
• You: Azure Web Roles and Azure Worker Roles– Taking user input, dispatching work, doing work– Follow a decoupled queue-in-the-middle pattern– Stateless compute nodes
• Cloud: “Hard Part”: persistent, scalable data– Azure Queue & Blob Services– Three copies of each byte– Geo-replicated to sister data center– Busy Signal Pattern
![Page 31: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/31.jpg)
Azure ServicesComputeVirtual MachinesCloud ServicesWebsitesMobile ServicesBatch
Network ServicesExpressRouteVirtual NetworkTraffic Manager
App ServicesMedia ServicesService BusPush NotificationsSchedulerBizTalk ServicesActive DirectoryMulti-Factor AuthenticationAutomationCDNAPI ManagementRemoteAppApplication Insights
Data ServicesStorageSQL DatabaseHDInsightCacheBackupSite RecoveryMachine LearningStorSimpleDocumentDBAzure SearchData FactoryStream AnalyticsOperational Insights
![Page 32: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/32.jpg)
Cloud Architecture Patterns bookPrimer Chapters
1. Scalability2. Eventual Consistency3. Multitenancy and
Commodity Hardware4. Network Latency
![Page 33: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/33.jpg)
Cloud Architecture Patterns book Pattern Chapters
1. Horizontally Scaling Compute Pattern2. Queue-Centric Workflow Pattern3. Auto-Scaling Pattern4. MapReduce Pattern5. Database Sharding Pattern6. Busy Signal Pattern7. Node Failure Pattern8. Colocate Pattern9. Valet Key Pattern10. CDN Pattern11. Multisite Deployment Pattern
![Page 34: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/34.jpg)
Business Card
![Page 35: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/35.jpg)
BostonAzure.org
• Boston Azure cloud user group• Focused on Microsoft’s Public Cloud Platform
• Monthly, 6:00-8:30 PM in Boston area– Food; wifi; free; great topics; growing community
• Follow on Twitter: @bostonazure • More info or to join our Meetup.com group:
http://www.bostonazure.org
![Page 36: Microsoft Azure Cloud Platform an overview CSCI E-90 Cloud Computing Zoran B. Djordjević Harvard University November 14 th, 2014 (5:30 – 7:30) Boston Azure](https://reader030.vdocuments.mx/reader030/viewer/2022032702/56649cae5503460f94971ce7/html5/thumbnails/36.jpg)