Whether an application runs in the cloud, uses services provided by the cloud, or both, some kind of application platform is required. Viewed broadly, an application platform can be thought of as anything that provides developer-accessible services for creating applications. In the local, on-premises Windows world, for example, this includes technologies such as the .NET Framework, SQL Server, and more. To let applications exploit the cloud, cloud application platforms must also exist. And because there are a variety of ways for applications to use cloud services, different kinds of cloud platforms are useful in different situations. Microsoft’s Windows Azure platform is a group of cloud technologies, each providing a specific set of services to application developers. The Windows Azure platform can be used both by applications running in the cloud and by applications running on local systems. The components of the Windows Azure platform can be used by local applications running on a variety of systems, including various flavors of Windows, mobile devices, and others. Those components include: Windows Azure: Provides a Windows-based environment for running applications and storing data on servers in Microsoft data centers. Microsoft .NET Services: Offers distributed infrastructure services to cloud-based and local applications. Microsoft SQL Azure: Provides data services in the cloud based on SQL Server. Each component of the Windows Azure platform has its own role to play. This overview describes all four, first at a high level, then in a bit more detail. While none of them are yet final—details and more might change before their initial release—it’s not too early to start understanding this new set of platform technologies.
Read the slide
Build and deploy software quickly and easily by capitalizing on the same personnel, development tools investments, and knowledge that already power your IT organization. Use the services platform’s infrastructure to power prototyping environments for experimentation, and then launch to full-scale production as soon as your business needs it. Imagine connecting existing applications with an online database that can be shared with partners, or a service bus that enables secure B2B connectivity across firewalls.Pay as you grow and reduce costs. Pay for the services you use and reduce the capital costs associated with purchasing hardware and infrastructure. Reduce operational costs by running applications on the services platform and decrease the need for maintaining on-premises infrastructure. Increase business efficiency and agility by dynamically adding and subtracting capacity in real time. Envision building an e-commerce Web site that you can scale at the click of a mouse to meet seasonal demands or spikes in traffic based on sales and promotions. Develop a new portfolio of expertise. In these early stages of software development for the cloud, businesses will be seeking the best advice on what this means for their current and future technology investments. Stay ahead of the curve and help your customers understand what cloud computing and development means to their business today and how they can pivot and extend their investments to maximize its value tomorrow. Don’t slow down. Start projects without the hurdles of lengthy training or waiting for new infrastructure to be delivered and installed. With a broad set of services already running on Microsoft global data centers, the services platform is ready to start prototyping and testing solutions.
As the figure shows, Windows Azure runs on machines in Microsoft data centers. Rather than providing software that Microsoft customers can install and run themselves on their own computers, Windows Azure is a service: Customers use it to run applications and store data on Internet-accessible machines owned by Microsoft. Those applications might provide services to businesses, to consumers, or both.
Read the slide headlines, answer questions
All Windows Azure applications and all of the data in Windows Azure Storage live in some Microsoft data center. Within that data center, the set of machines dedicated to Windows Azure is organized into a fabric. As the figure shows, the Windows Azure Fabric consists of a (large) group of machines, all of which are managed by software called the fabric controller. The fabric controller is replicated across a group of five to seven machines, and it owns all of the resources in the fabric: computers, switches, load balancers, and more. Because it can communicate with a fabric agent on every computer, it’s also aware of every Windows Azure application in this fabric. (Interestingly, the fabric controller sees Windows Azure Storage as just another application, and so the details of data management and replication aren’t visible to the controller.) 8 This broad knowledge lets the fabric controller do many useful things. It monitors all running applications, for example, giving it an up-to-the-minute picture of what’s happening in the fabric. It manages operating systems, taking care of things like patching the version of Windows Server 2008 that runs in Windows Azure VMs. It also decides where new applications should run, choosing physical servers to optimize hardware utilization. To do this, the fabric controller depends on a configuration file that is uploaded with each Windows Azure application. This file provides an XML-based description of what the application needs: how many Web role instances, how many Worker role instances, and more. When the fabric controller receives this new application, it uses
The Windows Azure Compute service can run many different kinds of applications. A primary goal of this platform, however, is to support applications that have a very large number of simultaneous users. (In fact, Microsoft has said that it will build its own SaaS applications on Windows Azure, which sets the bar high.) Reaching this goal by scaling up—running on bigger and bigger machines—isn’t possible. Instead, Windows Azure is designed to support applications that scale out, running multiple copies of the same code across many commodity servers. To allow this, a Windows Azure application can have multiple instances, each executing in its own virtual machine (VM). These VMs run 64-bit Windows Server 2008, and they’re provided by a hypervisor (based on Hyper-V) that’s been modified for use in Microsoft’s cloud. To run an application, a developer accesses the Windows Azure portal through her Web browser, signing in with a Windows Live ID. She then chooses whether to create a hosting account for running applications, a storage account for storing data, or both. Once the developer has a hosting account, she can upload her application, specifying how many instances the application needs. Windows Azure then creates the necessary VMs and runs the application. It’s important to note that a developer can’t supply her own VM image for Windows Azure to run. Instead, the platform itself provides and maintains its own copy of Windows. Developers focus solely on creating applications that run on Windows Azure. 4 In the initial incarnation of Windows Azure, known as the Community Technology Preview (CTP), two different instance types are available for developers to use: Web role instances and Worker role instances.
Regardless of how it’s stored—in blobs, tables, or queues—all data held in Windows Azure storage is replicated three times. This replication allows fault tolerance, so losing a copy isn’t fatal. The system guarantees consistency, however, so an application that reads data it has just written will get what it expects. Windows Azure storage can be accessed either by a Windows Azure application or by an application running someplace else. In both cases, all three Windows Azure storage styles use the conventions of REST to identify and expose data. Everything is named using URIs and accessed with standard HTTP operations. A .NET client can also use ADO.NET Data Services and LINQ, but access to Windows Azure storage from, say, a Java application can just use standard REST.
SQL Azure Database provides the best aspects of simple, cloud-based storage and a hosted RDBMS.Developers have the flexibility of being able to choose the data access model that best fits the application requirements. They can use the same tools and libraries as with on-premise client applications to build client applications or Web applications hosted in Windows Azure that access data through familiar data access APIs. Alternatively, they can use ADO.NET Data Services and the Entity Framework to expose a REST-based interface that enables rich Internet applications to access data in the cloud.Whichever data access model is used, SQL Azure Database significantly reduces the effort and cost associated with provisioning data storage for an application. You can just use the Web-based interface to create a new database, and then start building your application. As your scalability requirements increase, SQL Azure can grow with you to meet your specific needs.By using SQL Azure Database, you eliminate the need to manage your own data center servers. Maintenance is automated, reducing your administrative overhead.BackgroundThe initial release of SQL Azure was announced at the PDC in 2008. It consisted of a cloud-based data store that provided an HTTP/REST and SOAP based data access interface and a data object model based on authorities, containers, and entities. While this release provided a great way for developers to build rich applications that access data in the cloud, it lacked some of the key capabilities of a traditional, on-premise SQL Server-based database solution.The REST-based interface and ACE data model has been replaced with a TDS interface and a relational, Transact-SQL-based programming model– just like an on-premise SQL Server instance. This means that developers can create client applications for SQL Azure that use the same data access libraries as traditional, on-premise SQL Server solutions. For scenarios where a REST-based interface is desired, developers can use ADO.NET Services (formerly known as Astoria) and the ADO.NET Entity Framework in the Windows Azure platform to expose SQL Azure through a REST-based data access interface.
The SQL Azure storage platform was designed for extreme scale and low cost. To achieve this, it uses a partitioned data architecture where data is physically distributed across multiple servers in order to provide the high scalability and query performance associated with a federated database solution. The partitions are replicated to provide redundancy and failover capabilities. All partitioning, failover, and load-balancing is automatic.Rather than take a “single image” approach in which each customer gets a dedicated database server, customer data is physically spread across multiple servers in order to maximize scalability and read/write performance for common data access patterns. Workflow is used to achieve transactional consistency across partitions.The end result of this architecture is a highly scalable data platform that requires little to no administrative effort on the part of the customer to provision or manage. Operations and maintenance are automated, with built-in intelligence to detect failures and trigger automatic failover.Goal: A storage platform built for extreme scale and low costCommodity hardware to lower CapExLights out operations and self healing to lower OpExOptimize I/O throughput for specific app patternsOptimized for a handful of hardware SKU’s for datacenter operationsAchieved by:Partitioning dataApps are partition aware to exploit data parallelism for HA, scaling and throughputPartitions are replicated to achieve reliabilitySystem is self healing - automatically partitions data, fails over, load-balances, and scales-upTrade off single system image for scale at very low cost and high throughput“Fan out” operations for large scale cross partition query workloadsDistributed transactions enabled through workflowSpecific IO optimizations to reduce random writes and readsOptimized code paths for high throughputEasy to deploy and manageNo DBA required to manage clusterUse automated provisioning, deployment / rollback and monitoringUse distributed fabric for reliable failure detection, primary election, failover and load balancingFramework for deploying and running scheduled and one off tasks
From the customer’s perspective, SQL Azure provides logical databases for application data storage. In reality, each customer’s data is actually stored in multiple SQL Server databases, which are distributed across multiple physical servers. Many customers may share the same physical database, but the data is presented to the customer through a logical database that abstracts the physical storage architecture and uses automatic load balancing and connection routing to access the distributed data. Security and isolation is managed automatically.The key impact of this model for the customer is a move from managing physical servers to focus on logical management of data storage through policies.
In terms of security, SQL Azure uses the same authentication and authorization model as SQL Server. Logins are created at the Server instance level, and mapped to user accounts and roles at the database level. Access to objects and data in the database is based on permissions granted or denied to database-level user accounts.One key difference from SQL Server is that SQL Azure Db supports only SQL Server authentication – integrated Windows authentication is not supported. Authentication is achieved through a username and password transmitted over a secure, encrypted connection. Future released of SQL Azure may support additional authentication models.When a client opens a connection to SQL Azure, the connection context is set to a specific database. If no database is specified in the connection information, the database context is the Master database. Once a connection is established, the client application cannot change the database context by using the USE Transact-SQL keyword or a fully-qualified database name.
Provisioning is handled by a utility service that is exposed through a Web-based portal and an API. The utility service can be used to enumerate the servers associated with a customer account, show server usage statistics, and other common administrative tasks. You can also use the utility service to manage logins and create new databases with the CREATE DATABASE Transact-SQL command.
What is the difference between SQL Azure and SQL Server?How do we think about compatibility on/off premises – as necessary to provide a broad platform for customersKey Differences – v1 TimeframeSQL Azure v1 will cover a vast majority of the “feature/function” surface area SQL Server (RDBMS). Exceptions:SQL CLRServer-scoped catalogue (shared environment)Few T-SQL constructs not appropriate in a shared environment (global temp tables, DTC)Longer term, will extend other parts of the data platform to cloudSQL BI platformDWCore RDBMS functionality with necessary restrictions due to:SecurityResource GovernanceDatabase independence
This slide describes four common customer scenarios that AQL Azure supportsDepartmental workgroup applicationsBuilt with SQL Express or AccessSmall in size, 5 GB or lessLess than 10,000 rowsSmall number of concurrent users (tens)Owned by a department, not central IT.Often grows out an excel spreadsheet or Access databaseTypically one of the following types:Tracking app (purchase orders changes)Simple reporting app (CSS tool for tracking issues)Commonly pulls reference data from other systems.Simple security needs (a set of people all get read access, with a small number of people with Admin access)Do not have a dedicated DBA (usually managed by a department level IT helper or a technically savvy IW)Developer often a technically savvy IW. Especially for the Access apps.Web applicationsTypically built by a small development team with no little or administrative capabilitiesNeed to start small, but then be able to scale-up quickly and easily as required.Secure data hubs enable you to consolidate existing data store investments and access them through a single cloud-based hub. The security features provided by the SQL Azure Database platform ensure movement of, and access to your data is secure at all times. This enables you to develop or modify applications to provide geo-dispersed data access and enables the complete mobility of your workforce. You can be certain that if your employees have access to the internet they have access to their data!ISVs and SaaS ProvidersGrowing trend towards cloud-based LOB application offerings.Need global reach and scalability with the ability to quickly provision multiple tenants and manage billing
Windows Azure Platform
Windows Azure Platform<br />David Chou<br />firstname.lastname@example.org<br />blogs.msdn.com/dachou<br />
Storage servicewill be available/ reachable (connectivity)<br />Your storage requests willbe processed successfully<br />.NET Service Bus endpoint willhave external connectivity<br />Message operation requests willbe processed successfully<br />Serviceavailability<br />Storage availability<br />Database availability<br />Role instance monitoring and restart<br />Compute connectivity<br />Your service is connected and reachable via web<br />Internet facing roles will have external connectivity<br />Database is connected to the internet gateway <br />Availability monitoring every 5-minute interval<br />All runningroles will be continuously monitored<br />If role is unhealthy, we will detect and initiate corrective state<br />Automated Systems Management<br />>99.9%<br />>99.95%<br />>99.9%<br />>99.9%<br />Service Guarantee<br />
Benefits<br />BUSINESS<br />DEMANDS<br />TECHOLOGYDEMANDS<br />WINDOWS AZURE PLATFORM OFFERS<br /><ul><li>Cost-effective solution to manage IT resources
Less infrastructure to buy/configure and support
Sign up at the Windows Azure Platform developers’ portal<br />Windows Azure access<br />Developer tools <br />White papers<br />Sample applications<br />Plan pilot applications, proofs of concept, and architectural design sessions with Windows Azure partners<br />http://www.azure.com<br />
Fabric<br />Fabric controller<br />Compute<br />Storage<br />The Fabric Controller communicates with every server within the Fabric. It manages Windows Azure, monitors every application, decides where new applications should run – optimizing hardware utilization.<br />Windows Azure Architecture<br />
The Fabric Controller automates load balancing and computes resource scaling<br />Security and Control Features include storage encryption, access authentication, and over-the-wire encryption using HTTPS. Industry certification is part of the Windows Azure roadmap.<br />Computation provides application scalability. Developers can build a combination of web and worker roles. Those roles can be replicated as needed to scale the applications and computational processing power.<br />Storage Services allow customers to scale to store large amounts of data – in any format – for any length of time, only paying for what they use or store.<br />Geographically distributed, state-of-the-art data centers host your applications and data, internet-accessible from everywhere you choose to allow.<br />Windows Azure Architecture<br />
Interacts with a “Fabric Agent” on each machine<br />Monitors every VM, application and instance<br />Performs load balancing, check pointing and recovery<br />Windows Azure Architecture<br />Fabric Controller<br />
Compute<br />GOAL:<br />SCALABILITY<br />Two instance types: Web Role & Worker Role<br />Windows Azure applications are built with <br />web role instances, worker role instances, <br />or a combination of both.<br />Scale out by replicating worker instances as needed.<br />Allow applications to scale <br />user and compute processing independently.<br />Each instance runs on its own VM (virtual machine), replicated as needed<br />Windows Azure Architecture<br />
Storage<br />GOAL:<br />SCALABLE, DURABLE STORAGE<br />Tables: simply structured data, accessed using ADO.NET Data Services<br />Queues: serially accessed messages or requests, allowing web-roles and worker-roles to interact<br />Blobs: large, unstructured data (audio, video, etc)<br />Windows Azure storage is an application managed by the Fabric Controller<br />Windows Azure applications can use native storage or SQL Azure<br />Application state is kept in storage services, so worker roles can replicate as needed<br />Windows Azure Architecture<br />
Services Management<br />GOAL:<br />AUTOMATED APPLICATION MANAGEMENT AND CONTROL<br />Fabric<br />The Fabric Controller automates service management<br />Windows Azure Architecture<br />
SQL Azure Architecture<br />Simple storage and hosted RDBMS<br />Flexible access to data in the cloud<br /><ul><li>Create client applications that access data in the cloud via TDS – just like on-premise SQL Server
Create cloud-based Web applications in Azure that use standard SQLClient libraries with ADO.NET
Create cloud-based REST data interfaces in Azure with ADO.NET Data Services and the Entity Framework</li></ul>Low friction data storage provisioning<br /><ul><li>Web interface for simple, database provisioning
Scale seamlessly as needed </li></ul>Self-managing data center<br /><ul><li>Automated maintenance
Built in high-availability and data recoverability</li></ul>ODBC, OLEDB, ADO.Net PHP, Ruby, …<br />BrowserApplication<br />Application<br />Application<br />REST Client<br />SQL Client*<br />Cloud<br />REST(Astoria)<br />ADO.Net +EF<br />HTTP+REST<br />HTTP<br />TDS<br />Windows Azure<br />Web App<br />SQL Client*<br />Data Center<br />TDS + TSQL Model<br />SQL Azure<br />* Client access enabled using TDS for ODBC, ADO.Net, OLEDB, PHP-SQL, Ruby, …<br />
Goal: A storage platform built for extreme scale and low cost<br />Architecture:<br />An Azure account provides access to SQL Azure<br />Each account can have one or more logical server<br />Implemented as multiple physical servers within a given geo-location<br />Each logical server can contain one or more logical database<br />Implemented as replicated partitioned data across multiple physical databases<br />Account<br />Azure wide<br />Billing instrument<br />Has one or more<br />Server<br />Database metadata<br />Unit of authorization<br />Unit of geo-location<br />Has one or more<br />Database<br />Unit of consistency<br />Contains Users, Tables, Views, etc…<br />Data Platform Design<br />
Uses shared infrastructure at SQL database and below<br />Each user database is replicated to one or more servers (configurable based on SLA)<br />Client requests are routed to current “primary server” for read and write operations (based on SQL session)<br />Security, lockdown and isolation enforced in SQL tier<br />Highly scalable and state-of-the-art HA technology<br />Automatic failure detection; client request re-routed to new primary on failure <br />High SLA guarantee using logical replication (hot standby replicas)<br />Automatic management, self-healing and load balancing across shared resource pool<br />SQL Azure Database provides provisioning, metering and billing infrastructure<br />Machine 5<br />Machine 6<br />Machine 4<br />SQL Instance<br />SQL Instance<br />SQL Instance<br />SQL DB<br />SQL DB<br />SQL DB<br />UserDB1<br />UserDB2<br />UserDB3<br />UserDB4<br />UserDB1<br />UserDB2<br />UserDB3<br />UserDB4<br />UserDB1<br />UserDB2<br />UserDB3<br />UserDB4<br />Scalability and Availability: Fabric, Failover, Replication, and Load balancing<br />SQL Azure Database Provisioning (databases, accounts, roles, …, Metering, and Billing<br />DBA role will change to focus on policy/logical management<br />Logical User Databases<br />
Security<br />Uses regular SQL security model<br />Authenticate logins, map to users and roles<br />Authorize users and roles to SQL objects<br />Supports standard SQL logins<br />Logins are username + password strings<br />Service enforces use of SSL to secure credentials<br />Future support for AD Federation, WLID, etc as alternate authentication protocols<br />Connections<br />Connect using common client libraries<br />ADO.NET, OLE DB, ODBC, etc.<br />Clients connect to a database directly<br />Cannot hop across DBs<br />Large surface of SQL supported within the database boundary<br />Future work will relax many of these constraints<br />Security and Connection Models<br />
Account and server provisioning<br />Portal and API based access<br />Ex: enumerate my servers, show server usage metrics, etc<br />Each account has one or more servers<br />Ex: srv123.data.database.windows.net<br />Each server has a virtual master database<br />Has subset of SQL Server master DB interface<br />Each server has one or more SQL logins<br />System creates sysadmin login on “server creation”<br />Databases created using “CREATE DATABASE”<br />Can be called by sysadmin or anyone with create DB permission<br />*<br />*<br />Provisioning Model<br />
SQL Server has many patterns for accomplishing tasks<br />SQL Azure Database supports a subset of full SQL Server patterns<br />Focus on logical and policy based administration<br />Patterns work in both SQL Azure Database and SQL Server<br />Enables migration of on-premise application to/from SQL Azure<br />SQL Azure Database is a multi-tenant service<br />Throttling and load balancing policies<br />Examples: limit on DB size, duration of transaction, …<br />In Scope for v1<br />Out of Scope for v1<br /><ul><li>CLR
+ lots of others</li></ul>SQL Server Compatibility<br />
Departmental Applications<br />Web Applications<br />Departmental workgroup applications with low concurrency and cyclical usage patterns<br />Small customers or start ups with Web applications of all scale that have simple RDBMS needs<br />Data Hubs<br />ISV/SaaS Offerings<br />Secure data hubs that consolidate multiple data sources and enable access from multiple locations and devices<br />Traditional ISVs extending offering or selling software hosted in the cloud (including SaaS ISVs)<br />Application Scenarios<br />
Common patterns and problems<br />Service Bus<br />Access Control<br />How can you use cloud services to connect apps and services across deployment locations?<br />Bridge cloud, on-premises, and hosted assets<br />Navigate network and security boundaries, securely and simply<br />Handle identity and access across organizations and ID providers<br />Interoperate across languages, platforms, standards<br />Perform protocol mediation and schema mapping<br />Customers need a way to:<br />
.NET Services provides solutionsfor developers facing those problems<br />Control Access<br />Access Control Service<br />3. Map input claims<br />to output claims<br />1. Define access control rules for a customer<br />4. Token<br />0. periodic cert exchange<br />2. Claims<br />6. Check claims<br />5. Msg w/token<br />Your app<br />Customer/partner users & apps<br />
Private Network Space<br />Service Bus: Core Capabilities<br />Internet-scoped overlay-network bridging across IP NATs and Firewalls with federated access control <br />Network Listen/Send from any Internet-Connected Device<br />Internet-scoped, per-endpoint Naming and Discovery<br />NAT/FW Traversal via TCP, TCP/Direct, and HTTP Web Streams<br />Internet Space<br />B<br />C<br />D<br />A<br />ACS<br />ACS<br />ACS<br />ACS<br />ACS<br />
Service Bus: Core Capabilities<br />Transfer raw and structured data allowing for any common shape of communication<br />Raw Data, Text, XML, JSON, …<br />Datagrams, Sessions, Correlated Messages<br />Unicast, Multicast<br />A<br />B<br />Octet-Streams<br />Text<br />…<br />JSON<br />XML<br />…<br />A<br />B<br />SOAP<br />XML-RPC<br />…<br />A<br />B<br />
Service Bus: Core Capabilities<br />Built-In messaging primitives for temporally decoupled communication, routing, and message processing<br />Push/Pull translation for occasionally connected receivers<br />Publish/subscribe and message processing (after V1)<br />Push<br />Pull<br />B<br />A<br />B<br />A<br />C<br />D<br />E<br />Push<br />Push<br />