Microsoft Windows Azure Platform

Windows Azure Platform David Chou david.chou@microsoft.com blogs.msdn.com/dachou Types of Clouds Private Infrastructure Applications Applications Runtimes Security & Integration You manage (On-Premise) You manage (as a Service) (as a Service) Applications Runtimes Security & Integration Platform Runtimes Security & Integration Managed by vendor You manage Databases Servers Virtualization Server HW Storage Networking Databases Servers Virtualization Server HW Storage Networking Databases Servers Virtualization Server HW Storage Networking Managed by vendor Types of Clouds Private Infrastructure (as a Service) (On-Premise) (as a Service) Platform A Hybrid World Consistency Share & Reuse Security & Privacy Customizability High Control Public Cloud Private Cloud (on-premise) Economy of Scale Ease of Provisioning High Global Reach Partitioning & Redundancy Scalability & Availability The Microsoft Cloud ~100 Globally Distributed Data Centers Quincy, WA Chicago, IL San Antonio, TX Dublin, Ireland Generation 4 DCs The Microsoft Cloud Categories of Services Application Services Software Services Platform Services Infrastructure Services Windows Azure Platform Web and Clouds Developer Experience Use existing skills and tools. Web applications Third party Cloud Composite applications Onpremises LOB Applications Windows Azure Platform    Internet-scale, highly available cloud fabric Globally distributed Microsoft data centers (ISO/IEC 27001:2005 and SAS 70 Type I and Type II certified) Consumption and usage-based pricing; enterprise-class SLA commitment  Compute – autoprovisioning 64-bit application containers in Windows Server VMs; supports a wide range of application models Storage – highly available distributed table, blob, queue, & cache storage services Languages – .NET 3.5 (C#, VB.NET, etc.), IronRuby, IronPython, PHP, Java, native Win32 code  Data – massively scalable & highly consistent distributed relational database; georeplication and geo-location of data Processing – relational queries, search, reporting, analytics on structured, semi-structured, and unstructured data Integration – synchronization and replication with onpremise databases, other data sources    Service Bus – connectivity to on-premises applications; secure, federated fire-wall friendly Web services messaging intermediary; durable & discoverable queues Access Control – rulesdriven federated identity; AD federation; claims-based authorization Workflows – declarative service orchestrations via REST-based activities     Pricing  Compute • $0.12 / CPU hour  Web Edition (1GB) • $9.99 / month  Service Bus • $0.15 / 100k messages  Storage • $0.15 / GB / month • $0.01 / 10k transactions / month  Business Edition (10GB) • $99.99 / month  Access Control • $0.15 / 100k tokens  Bandwidth • $0.10 in / GB • $0.15 out / GB  Bandwidth • $0.10 in / GB • $0.15 out / GB  Bandwidth • $0.10 in / GB • $0.15 out / GB Virtual Machine instances Host OS Guest OS Hypervisor CPU Memory Network Transient storage Windows Server 2008 x64 Windows Server 2008 Enterprise x64 Hyper-V 1.5 - 1.7 GHz x64 equivalent 1.7GB 100Mbps 250GB Blob Storage Table Storage Multiple replicas Ingress/Egress (to/from internet only) Load balancers, routers, etc. Automated service management - Fabric controller operations (deploy/upgrade/delete/scale) - Load balancer programming Service Guarantee All running roles will be continuously monitored If role is unhealthy, we will detect and initiate corrective state Your service is connected and reachable via web Internet facing roles will have external connectivity Database is connected to the internet gateway Availability monitoring every 5minute interval Storage service will be available/ reachable (connectivity) Your storage requests will be processed successfully .NET Service Bus endpoint will have external connectivity Message operation requests will be processed successfully Automated Systems Management >99.95% >99.9% >99.9% >99.9% Benefits BUSINESS DEMANDS TECHOLOGY DEMANDS WINDOWS AZUZURE PLATFORM OFFERS • • • • Cost-effective solution to manage IT resources Less infrastructure to buy/configure and support Lower TCO Predictable cost Lower costs Efficiency Stay Competitive Innovation • Focus on delivering compelling software not on managing infrastructure • Monetize new offering quickly without investment in billing and other enablement technologies. • • • • • • • • • • Speed of development Interoperability Leverage existing IP Simplified deployment Scale up or down as business needs change Go to market faster Reliable service SLAs Security Global data centers Generate New Revenue Quickly Agility Reduced Risk Reliability Platform of Choice http://www.azure.com Sign up at the Windows Azure Platform developers‟ portal Windows Azure access Developer tools White papers Sample applications Plan pilot applications, proofs of concept, and architectural design sessions with Windows Azure partners Windows Azure Architecture BUSINESSES CONSUMERS INTERNET Windows Azure Architecture Fabric Compute Storage Fabric controller The Fabric Controller communicates with every server within the Fabric. It manages Windows Azure, monitors every application, decides where new applications should run – optimizing hardware utilization. Windows Azure Architecture The Fabric Controller automates load balancing and computes resource scaling Computation provides application scalability. Developers can build a combination of web and worker roles. Those roles can be replicated as needed to scale the applications and computational processing power. Storage Services allow customers to scale to store large amounts of data – in any format – for any length of time, only paying for what they use or store. Security and Control Features include storage encryption, access authentication, and over-the-wire encryption using HTTPS. Industry certification is part of the Windows Azure roadmap. Geographically distributed, state-ofthe-art data centers host your applications and data, internetaccessible from everywhere you choose to allow. Windows Azure Architecture Fabric Controller Interacts with a “Fabric Agent” on each machine Monitors every VM, application and instance Performs load balancing, check pointing and recovery Windows Azure Architecture Compute GOAL: SCALABILITY Scale out by replicating worker instances as needed. Allow applications to scale user and compute processing independently. Two instance types: Web Role & Worker Role Windows Azure applications are built with web role instances, worker role instances, or a combination of both. Each instance runs on its own VM (virtual machine), replicated as needed Windows Azure Architecture Storage GOAL: SCALABLE, DURABLE STORAGE Blobs: large, unstructured data (audio, video, etc) Tables: simply structured data, accessed using ADO.NET Data Services Queues: serially accessed messages or requests, allowing webroles and worker-roles to interact Windows Azure storage is an application managed by the Fabric Controller Windows Azure applications can use native storage or SQL Azure Application state is kept in storage services, so worker roles can replicate as needed Windows Azure Architecture Services Management GOAL: AUTOMATED APPLICATION MANAGEMENT AND CONTROL Fabric The Fabric Controller automates service management Data Storage Options Dedicated SQL Server Hosted RDBMS • Hosted SQL Server • Resource governance @ VM • Security @ SQL Server/OS Roll-your-own HA/DR/scale • SQL Server on-premises • Resource governance @ machine • Security @ SQL Server/OS Roll-your-own HA/DR/scale Resources SQL Azure Database (RDBMS) • Virtual DB server • Logical user database (LUDB) • Resource governance @ LUDB • Security @LUDB Shared Low Value Propositions: • Auto HA, Fault-Tolerance • Friction-free scale • Self-provisioning • High compatibility “Friction”/Control Value Propositions : • XSPs, Server Ops • SQL CLR • 100% compatibility High Value Propositions : • Full h/w control – size/scale • 100% compatibility SQL Azure Architecture Flexible access to data in the cloud • Create client applications that access data in the cloud via TDS – just like on-premise SQL Server Create cloud-based Web applications in Azure that use standard SQLClient libraries with ADO.NET Create cloud-based REST data interfaces in Azure with ADO.NET Data Services and the Entity Framework Simple storage and hosted RDBMS Browser Application Application REST Client Application SQL Client* ODBC, OLEDB, ADO.Net PHP, Ruby, … • • Cloud HTTP+REST HTTP • • Web interface for simple, database provisioning Scale seamlessly as needed Data Center Low friction data storage provisioning Windows Azure Web App REST(Astoria) SQL Client* ADO.Net +EF TDS + TSQL Model Self-managing data center • • Automated maintenance Built in high-availability and data recoverability SQL Azure * Client access enabled using TDS for ODBC, ADO.Net, OLEDB, PHP-SQL, Ruby, … TDS Data Platform Design Account Azure wide Billing instrument Has one or more • Goal: A storage platform built for extreme scale and low cost • Architecture: – An Azure account provides access to SQL Azure – Each account can have one or more logical server • Implemented as multiple physical servers within a given geo-location Server Database metadata Unit of authorization Unit of geo-location Has one or more Database Unit of consistency Contains Users, Tables, Views, etc… – Each logical server can contain one or more logical database • Implemented as replicated partitioned data across multiple physical databases Logical User Databases • Uses shared infrastructure at SQL database and below – Each user database is replicated to one or more servers (configurable based on SLA) – Client requests are routed to current “primary server” for read and write operations (based on SQL session) – Security, lockdown and isolation enforced in SQL tier • Highly scalable and state-of-the-art HA technology – Automatic failure detection; client request re-routed to new primary on failure – High SLA guarantee using logical replication (hot standby replicas) – Automatic management, self-healing and load balancing across shared resource pool • SQL Azure Database provides provisioning, metering and billing infrastructure SQL Azure Database Provisioning (databases, accounts, roles, …, Metering, and Billing Machine 4 SQL Instance SQL DB User DB1 User DB2 User DB3 User DB4 User DB1 Machine 5 SQL Instance SQL DB User DB2 User DB3 User DB4 User DB1 Machine 6 SQL Instance SQL DB User DB2 User DB3 User DB4 Scalability and Availability: Fabric, Failover, Replication, and Load balancing DBA role will change to focus on policy/logical management Security and Connection Models Security • Uses regular SQL security model – Authenticate logins, map to users and roles – Authorize users and roles to SQL objects • Supports standard SQL logins – Logins are username + password strings – Service enforces use of SSL to secure credentials – Future support for AD Federation, WLID, etc as alternate authentication protocols Connections • Connect using common client libraries – ADO.NET, OLE DB, ODBC, etc. • Clients connect to a database directly • Cannot hop across DBs • Large surface of SQL supported within the database boundary – Future work will relax many of these constraints Provisioning Model • Account and server provisioning – Portal and API based access – Ex: enumerate my servers, show server usage metrics, etc • Each account has one or more servers – Ex: srv123.data.database.windows.net * * • Each server has a virtual master database – Has subset of SQL Server master DB interface • Each server has one or more SQL logins – System creates sysadmin login on “server creation” • Databases created using “CREATE DATABASE” – Can be called by sysadmin or anyone with create DB permission SQL Server Compatibility • SQL Server has many patterns for accomplishing tasks – SQL Azure Database supports a subset of full SQL Server patterns – Focus on logical and policy based administration – Patterns work in both SQL Azure Database and SQL Server • Enables migration of on-premise application to/from SQL Azure • SQL Azure Database is a multi-tenant service – Throttling and load balancing policies – Examples: limit on DB size, duration of transaction, … In Scope for v1 • • • • • • Create/Alter/Drop on Database/Index/View Stored Procedures (Transact-SQL) Triggers Constraints Table variables, session temp tables (#t) + lots of others Out of Scope for v1 • • • • • • • CLR Service Broker Distributed Transactions Distributed Query Spatial All server level DDL All physical DDL and physical catalog views Application Scenarios Departmental Applications Web Applications Data Hubs ISV/SaaS Offerings Common patterns and problems • How can you use cloud services to connect apps and services across deployment locations? – Bridge cloud, on-premises, and hosted assets – Navigate network and security boundaries, securely and simply – Handle identity and access across organizations and ID providers – Interoperate across languages, platforms, standards – Perform protocol mediation and schema mapping • Customers need a way to: Connect endpoints Service Bus Control & secure access Access Control .NET Services provides solutions for developers facing those problems Connect Endpoints Service Bus Service Bus • Expose RESTful or SOAP services over the internet through firewall and NAT boundaries • Communicate bi-directionally between apps and services in an interoperable manner • Choose relays, queues, routers, and other message patterns and types • Scale out naturally and reliably as apps and services grow Access Control Service • Authorization management and federation infrastructure firewall firewall NAT • Provides internet-scope federated identity integration for distributed applications • Use it to • Secure Service Bus communications • Manage user-level access to apps across organizations and ID providers Your app Customer/partner app .NET Services provides solutions for developers facing those problems Control Access Access Control Service 1. Define access control rules for a customer Service Bus • Network abstraction and virtualization infrastructure • Enables many common shapes of communication in an efficient and interoperable manner 6. Check claims • Use it to • Connect applications across any network topology, including firewalls and NAT boundaries 5. Msg w/token • Exchange data between loosely coupled applications Your app Customer/partner users & apps 3. Map input claims to output claims Access Control Service • Integrate authorization into apps to control “what users are allowed to do” • Federate with multiple identity systems across organizations and ID providers • Easily apply fine-grained access control rules • Secure Service Bus communications • Scale out naturally and reliably as apps and services grow Service Bus: Core Capabilities • Internet-scoped overlay-network bridging across IP NATs and Firewalls with federated access control – Network Listen/Send from any Internet-Connected Device – Internet-scoped, per-endpoint Naming and Discovery – NAT/FW Traversal via TCP, TCP/Direct, and HTTP Web Streams Private Network Space ACS B ACS A ACS Internet Space ACS D ACS C Service Bus: Core Capabilities • Transfer raw and structured data allowing for any common shape of communication – Raw Data, Text, XML, JSON, … – Datagrams, Sessions, Correlated Messages – Unicast, Multicast A B Octet-Streams Text XML A B SOAP JSON A B XMLRPC … … … Service Bus: Core Capabilities • Built-In messaging primitives for temporally decoupled communication, routing, and message processing – Push/Pull translation for occasionally connected receivers – Publish/subscribe and message processing (after V1) A Push Pull B Push A Push B C D E Pattern: Notification Fan-Out (Sessionless Unicast or Multicast Datagrams) Windows Azure, Datacenter, Hosting, Amazon EC2, Google App Engine App Instance “Worker Role” App Instance ACS ACS ACS ACS unicast unicast ACS ACS ACS multicast NATs ACS ACS Client Client Client Client Client Client Pattern: REST Resource Management (Request/Response HTTP/HTTPS w/ arbitrary payloads) Windows Azure, Datacenter, Hosting, Amazon EC2, Google App Engine Storage App Instance ACS Storage App Instance Storage App Instance ACS POST, PUT, DELETE POST, PUT, DELETE POST, PUT, DELETE ACS ACS GET ACS POST PUT DELETE On-Demand „Pull‟ Sync Continuous „Push‟ Sync Cache On-Premise App(s) Pattern: Document Exchange Hosted ACS (session-bound, app-level ack‟d document transfers + notifications) In-House Storage Ordering System Outsourced Storage Inventory / Shipping System Storage E-Commerce Front PO ACK ACS SO ACK ACS ACS Ready Shipped Delivered ACS Web Client Experience Order Accepted Order Processed Hi-Fi Client Experience Pattern: External DMZ (any communication style, secure NAT traversal for TCP & HTTP/S) Home Storage Storage Internal Datacenter Storage Enterprise App Instance Enterprise App Instance Devices Enterprise App Instance Home Automation or Home Media Server Balance / Filter Reverse Proxy http(s) / net.tcp Web or Hi-Fi Client Experience net.tcp/direct ACS ACS ACS Web or Hi-Fi Client Experience Pattern: Integrate “Anything” (session-bound, raw-binary transport tunneling) Windows Azure, Datacenter, Hosting, Amazon EC2 (Windows) Socket Agent NP Agent App Instance ASP.NET ADO.NET J2EE, JDBC, JMS Socket Passthrough ACS HTTP/HTTPS Passthrough w/ URI Rewriting TDS Passthrough ACS Socket Bridge Exchange/Mail (SMTP/IMAP) Active Directory (LDAP) System Center (SNMP) … HTTP Bridge ERP, CRM, Custom Apps .NET, J2EE, ROR, PHP … NP Bridge SQL Server On-Premise Infra Apps & Services On-Premise Data Application Patterns Application Patterns Cloud Web Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Application Patterns Composite Services Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Application Patterns Cloud Agent Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Application Patterns B2B Integration Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Application Patterns Grid / Parallel Computing Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Application Patterns Hybrid Enterprise Application Web Browser Mobile Browser Silverlight Application WPF Application User Enterprise Web Svc Enterprise Data Private Cloud (OnPremise) Enterprise Application ASP.NET ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) Table Storage Service Web Svc ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) ASP.NET Jobs (Worker ASP.NET ASP.NET Role) (Web Role) ASP.NET (Web Role) ASP.NET (Web Role) (Web Role) (Web Role) (Web Role) Blob Storage Service Cache Service Queue Service Application Service Storage Service Identity Service Application Data SQL Data Services Application Data BI Services Reference Data Conn. Bindings Identities & Roles Access Control Service Service Orch. Workflow Service Service Bus Public Services Thank you david.chou@microsoft.com blogs.msdn.com/dachou © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.