Windows Azure

Introducing Virtual Machines (IaaS)

Mario Szpuszta
Platform Strategy Advisor, EMEA Windows Azure Incubation
Microsoft Corporation
Infrastructure as a Service

The spring release of Windows Azure

Infrastructure as a Service introduces
new functionality that allows full
control and management of virtual
machines along with an extensive
virtual networking offering.

If deploying an application requires a developer’s involvement, it’s not IaaS

 Cloud Models
On Premises Infrastructure Platform Software
(as a Service) (as a Service) (as a Service)

You manage
Applications Applications Applications Applications

You manage
Data Data Data Data

Runtime Runtime Runtime Runtime

Managed by Microsoft
You manage

Middleware Middleware Middleware Middleware

Managed by Microsoft
O/S O/S O/S O/S

Managed by Microsoft
Virtualization Virtualization Virtualization Virtualization

Servers Servers Servers Servers

Storage Storage Storage Storage

Networking Networking Networking Networking

A Continuous Offering
From Private to
Public Cloud

Physical Virtual IaaS PaaS SaaS

Windows Azure Virtual Machines
Support for key server applications and
workloads
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
Easy Application Migration

If it requires development, it’s not IaaS

Images Available at Preview
Windows Server 2008 R2 OpenSUSE 12.1
Windows Server 2008 R2 CentOS 6.2
with Ubuntu 12.04
Windows
• SQL Server 2012 SUSE Linux Enterprise Linux
Evaluation Server SP2
Windows Server 8 RC
Virtual Machine vs VM Role
VM Role Virtual Machine
Storage Non-Persistent Storage Persistent Storage
Easily add additional storage

Deployment Build VHD offsite and Build VHD directly in the cloud or
upload to storage. build the VHD offsite and upload

Networking Internal and Input Internal Endpoints are open by

Endpoints configured default.
through service model. Access control with firewall on
guest OS. Input endpoints
controlled through portal, service
model or API/Script.
Primary Use Deploying applications with Applications that require
long or complex installation persistent storage to easily run in
requirements into stateless Windows Azure.
PaaS applications
Persistent Disks and Highly
Durable
Windows Azure
Storage (Disaster
Recovery)

Windows Azure Storage

Virtual
Machine
Persistent Disks and Highly
Durable
Windows Azure
Storage (Disaster
Recovery)

Windows Azure Storage

Virtual Virtual
Machine Machine
Disks and Images
OS Images
• Microsoft Base OS image for new Virtual
• Partner Machines
• User
Sys-Prepped/Generalized/Read Only
Created by uploading or by capture

Disks
• OS Disks Writable Disks for Virtual
• Data Disks Machines
Created during VM creation or
during upload of existing VHDs.
Cross-premise Connectivity
CLOUD ENTERPRISE

Data Synchronization
SQL Azure Data Sync

Application-layer
Connectivity &
Messaging
Service Bus

Secure Machine-to-
Machine Network
Connectivity
Windows Azure Connect

Secure Site-to-Site
Network Connectivity
Windows Azure Virtual Network

IP-level connectivity
Windows Azure Virtual Network
Your “virtual” branch office /
datacenter in the cloud
Enables customers to extend their Enterprise Networks Subnet 1
into Windows Azure Subnet 2
Networking on-ramp for migrating existing apps
and services to Windows Azure
Enables “hybrid” apps that span cloud and their
premises

A protected private virtual

network in the cloud
Enables customers to setup secure private IPv4
networks fully contained within Windows Azure
IP address persistence Corpnet
Inter-service DIP-to-DIP communication
Windows Azure Virtual Network
Scenarios
Hybrid Public/Private Cloud
Enterprise app in Windows Azure requiring connectivity to on-premise
resources

Enterprise Identity and Access Control

Manage identity and access control with on-premise resources
(on-premises Active Directory)
Monitoring and Management
Remote monitoring and trouble-shooting of resources
running in Windows Azure

Advanced Connectivity Requirements

Cloud deployments requiring persistent IP addresses
and direct connectivity across services
Bringing Workloads to the Cloud

On Premises

Production
SQL Farm IIS Servers

S2S VPN tunnels SharePoi PaaS

nt Roles
AD / DNS S2S VPN
Device

File ServersLocal AD SQL VMs

Exchange
IaaS and PaaS
– Better Together

Physical Virtual IaaS PaaS SaaS

Why Mix Models?
What Value does this Provide?
Unblocks Development or Migration of new applications that have
dependencies on resources that require virtual machines such as Active
Directory, MongoDB, MySQL, SharePoint, SQL Server, COM+, MSMQ
etc…

Migration On-Ramp for Existing

Applications
Administrators can quickly take advantage of Windows Azure by
migrating an existing application as-is using virtual machines. If desired,
connecting different application models such as websites or web and
worker roles provides the capability to take advantage of PaaS roles
alongside IaaS roles.
Windows Azure Service Model
Example cloud service configuration with a single web role and a single worker
role
Cloud Service

VM1 VM2 VM3 VM4 VM1 VM2 VM3 VM4

VM5 VM6 VM7 VM8 VM5 VMn

VM9 VMn
Mixing Virtual Machines and Stateless
Roles
Multiple cloud services with stateless and virtual machines
Cloud Service 1 Cloud Service 2

VM1 VM2 VM1 VM2

VM5 VM6 VM5 VM6 VM1 VM1

VMn VMn
Connecting Cloud Services via VIPs
Strengths Cloud
Load
SQL Data Service 1
Simplicity Balancer
Access
Tenant Autonomy Traffic
VIP Swap (stateless roles) Through 80
Easy Local Dev/Test Public
Persistent Service is Endpoint WA Web
Easily Accessible Role

(even from other services!)

Secure Endpoints
Weaknesses with Windows
Server Firewall
Cloud
Service 2

Higher Latency
Less Secure 2001- SQL
Management/Deployment 1433 Server
Overhead Load
Balancer
Deployment Steps (VIP Connectivity)

Deploy Virtual Machine(s)

Use RDP to customize the new virtual machine(s) by installing

software, configuring roles etc.

Configure public endpoints to virtual machine services.

ACL with firewall as appropriate.

Build and test locally using the emulator.

Testing live can be achieved by using public endpoints.

Specify instance count and other configuration details.

Deploy to a separate hosted service.
Connecting Cloud Services with VNET
Strengths ContosoVNet (10.0.0.0/8)
Cloud
Service1
More Secure
Low Latency FrontEndSubne
t
Cloud App Autonomy 80 (10.0.0.0/16)

VIP Swap (stateless roles)

Advanced Connectivity Requirements Load WA Web
Balancer Role

Weaknesses Direct
Access
via VNET
VNET Complexity Cloud
Service 2
No iDNS – use BYOD SQLSubnet
AD (10.1.0.0/1
6)
AD
Subnet SQL
(10.2.0.0/ Mirror
16)
VNET Connected – Local Testing
ContosoVNet (10.0.0.0/8)  MyAffinityGroup
Cloud
Service1
FrontEndSubne
t
Manage Multiple Connection 80 (10.0.0.0/16)

Strings via Multiple

WA Web
Configurations Load
Balancer Role
Direct
Access
Developer Fabric via VNET
Cloud
Service 2
SQLSubnet
AD (10.1.0.0/1
Subnet 6)
1433 (10.2.0.0/
16)
AD
WA Developer
Fabric Develope SQL
r Mirror
VNET Connected with VPN
ContosoVNet (10.0.0.0/8)  MyAffinityGroup On Premises
Cloud
Service 1
FrontEndSubne
t
80 (10.0.0.0/16)
WA Developer
Fabric
Developer

Load WA Web
Balancer Role
Direct VPN Tunnel
Access
via VNET
Cloud AD / DNS
Service 2
SQLSubnet
(10.1.0.0/1
6) • Access on premises resources
AD • Local Testing - allows direct connection
SQL to Virtual Machines in the cloud
Mirror
VNET Connected Deployment
Steps Define virtual networks and subnets for hosted services to
reside in.

Deploy Virtual Machine(s). If AD is desired deploy at this stage

so remaining VMs can start domain joined.

Use RDP to customize the new persistent VM(s) by installing

software, configuring roles etc…

Build and test locally using the emulator. Testing live can be
achieved by using public endpoints or VPN connectivity.

Specify instance count, virtual network settings and other

configuration details. Deploy to a separate hosted service.

If previously opened, close public endpoints to lock down

service.
 Mixed Mode – Shared Cloud
Service
Strengths Weaknesses
Simplicity
Connectivity
Lack of VIP Swap Cloud
iDNS App
Available in Fall Release
Virtual
Machine
80
WA Web
Load Role
Balance
r
VM to VM Performance
Category Latency Comment Network
(Round-Trip) Link Details

Inter-VM within a
Traffic does not
deployment (or DIP
0.29 ms flow through the
deployment to to DIP
LB
deployment with VNET)
Inter-VM crossing a
VIP Traffic flows
deployment (same 0.88 ms
to VIP through the LB
region)
Tiered Migrations
Take Advantage of PaaS Where You Can
Many Applications could benefit from migrating to a mixed deployment.
Migrating to web/worker roles or taking advantage of other
Windows Azure services (storage, cache etc..)
Benefits of Web and Worker Roles
Simplified Deployment and Configuration
Health Model
Easy High Availability
Instance Scalability
OS Patching
Automatic Firewall Configuration
Simple Certificate Deployment
Many others
Horizontal Migration
Use Virtual Machines and VNET for Forklift
Migration

Convert Web Apps

to Web Roles
(optional)
AD Web
Web Tier
Role
Convert App Logic
to Worker Roles
Worker
App TierRoles (optional)
Convert Data Tier
SQL
DataAzure
Tier to Azure SQL DB
(optional)
Wrap Up
Connecting IaaS and PaaS
Connecting an application hosted in Windows Azure such as Web Sites
or Web/Worker Roles with a Virtual Machine.

Unblocks Building Applications with Dependencies

Dependencies such as Active Directory, SharePoint, SQL Server, Linux,
Mongo DB, COM+, MSMQ etc…

Migration On-Ramp for Existing Applications

Migrate application from on-premises take advantage of PaaS
efficiencies without blockers on dependencies.
 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.