Windows Azure
Introducing Virtual Machines (IaaS)
Mario Szpuszta
Platform Strategy Advisor, EMEA Windows Azure Incubation
Microsoft Corporation
�Infrastructure as a Service
The spring release of Windows Azure
Infrastructure as a Service introduces
new functionality that allows full
control and management of virtual
machines along with an extensive
virtual networking offering.
If deploying an application requires a developers involvement, its not IaaS
�Cloud Models
Data
(as a Service)
(as a Service)
Applications
Applications
Data
Data
Runtime
Runtime
Data
Runtime
Middleware
Middleware
O/S
O/S
O/S
Virtualization
Virtualization
Servers
Servers
Storage
Storage
Networking
Networking
Managed by Microsoft
You manage
(as a Service)
Virtualization
Servers
Storage
Networking
Managed by Microsoft
Middleware
Software
Middleware
O/S
Virtualization
Servers
Storage
Networking
Managed by Microsoft
Runtime
Platform
Applications
You manage
Applications
Infrastructure
You manage
On Premises
�A Continuous Offering
From Private to
Public Cloud
Physical
Virtual
IaaS
PaaS
SaaS
�Windows Azure Virtual Machines
Support for key server applications and
workloads
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
Easy Application Migration
If it requires development, its not IaaS
�Images Available at Preview
Windows Server 2008 R2
Windows Server 2008 R2
with
Windows
SQL Server 2012
Evaluation
Windows Server 8 RC
OpenSUSE 12.1
CentOS 6.2
Ubuntu 12.04
SUSE Linux Enterprise
Server SP2
Linux
�Virtual Machine vs VM Role
VM Role
Virtual Machine
Storage
Non-Persistent Storage
Persistent Storage
Easily add additional storage
Deployment
Build VHD offsite and
upload to storage.
Build VHD directly in the cloud or
build the VHD offsite and upload
Networking
Internal and Input
Endpoints configured
through service model.
Internal Endpoints are open by
default.
Access control with firewall on
guest OS. Input endpoints
controlled through portal, service
model or API/Script.
Primary Use
Deploying applications with
long or complex installation
requirements into stateless
PaaS applications
Applications that require
persistent storage to easily run in
Windows Azure.
�Persistent Disks and Highly
Windows Azure
Durable
Storage (Disaster
Recovery)
Windows Azure Storage
Virtual
Machine
�Persistent Disks and Highly
Windows Azure
Durable
Storage (Disaster
Recovery)
Windows Azure Storage
Virtual
Machine
Virtual
Machine
�Disks and Images
OS Images
Microsoft
Partner
User
Disks
OS Disks
Data Disks
Base OS image for new Virtual
Machines
Sys-Prepped/Generalized/Read Only
Created by uploading or by capture
Writable Disks for Virtual
Machines
Created during VM creation or
during upload of existing VHDs.
�Cross-premise Connectivity
ENTERPRISE
CLOUD
Data Synchronization
SQL Azure Data Sync
Application-layer
Connectivity &
Messaging
Service Bus
Secure Machine-toMachine Network
Connectivity
Windows Azure Connect
Secure Site-to-Site
Network Connectivity
Windows Azure Virtual Network
IP-level connectivity
�Windows Azure Virtual Network
Your virtual branch office /
datacenter in the cloud
Enables customers to extend their Enterprise Networks
into Windows Azure
Networking on-ramp for migrating existing apps
and services to Windows Azure
Enables hybrid apps that span cloud and their
premises
Windows Azure
VM 1
Subnet 2
VM 2
ROLE
1
Subnet 1
A protected private virtual
network in the cloud
Enables customers to setup secure private IPv4
networks fully contained within Windows Azure
IP address persistence
Inter-service DIP-to-DIP communication
Corpnet
�Windows Azure Virtual Network
Scenarios
Hybrid Public/Private Cloud
Enterprise app in Windows Azure requiring connectivity to on-premise
resources
Enterprise Identity and Access Control
Manage identity and access control with on-premise resources
(on-premises Active Directory)
Monitoring and Management
Remote monitoring and trouble-shooting of resources
running in Windows Azure
Advanced Connectivity Requirements
Cloud deployments requiring persistent IP addresses
�Bringing Workloads to the Cloud
On Premises
SQL Farm
Production
IIS Servers
S2S VPN tunnels
AD / DNS
S2S VPN
Device
SharePoi
SharePoi
nt
PaaS
PaaS
Roles
File ServersLocal AD SQL VMs
Exchange
�IaaS and PaaS
Better Together
Physical
Virtual
IaaS
PaaS
SaaS
�Why Mix Models?
What Value does this Provide?
Unblocks Development or Migration of new applications that have
dependencies on resources that require virtual machines such as Active
Directory, MongoDB, MySQL, SharePoint, SQL Server, COM+, MSMQ
etc
Migration On-Ramp for Existing
Applications
Administrators can quickly take advantage of Windows Azure by
migrating an existing application as-is using virtual machines. If desired,
connecting different application models such as websites or web and
worker roles provides the capability to take advantage of PaaS roles
alongside IaaS roles.
�Windows Azure Service Model
Example cloud service configuration with a single web role and a single worker
role
Cloud Service
Worker Role
Web Role
VM1
VM2
VM3
VM4
VM1
VM2
VM3
VM5
VM6
VM7
VM8
VM5
VMn
VM9
VMn
VM4
�Mixing Virtual Machines and Stateless
Roles
Multiple Cloud
cloud services
with stateless
and virtualCloud
machines
Service
1
Service
Cloud Service 2
Cloud Service 1
Web Role
Worker Role
VM1
VM2
VM1
VM2
VM5
VM6
VM5
VM6
VMn
VMn
Virtual Machine
Virtual Machine
VM1
VM1
�Connecting Cloud Services via VIPs
Strengths
SQL Data
Simplicity
Access
Tenant Autonomy
Traffic
VIP Swap (stateless roles) Through
Public
Easy Local Dev/Test
Endpoint
Persistent Service is
Easily Accessible
(even from other services!)
80
WA Web
Role
Secure Endpoints
with Windows
Server Firewall
Weaknesses
Higher Latency
Less Secure
Management/Deployment
Overhead
Cloud
Service 1
Load
Balancer
20011433
Load
Balancer
Cloud
Service 2
SQL
Server
�Deployment Steps (VIP Connectivity)
Deploy VMs
Deploy Virtual Machine(s)
Customize
Use RDP to customize the new virtual machine(s) by installing
software, configuring roles etc.
Configure Endpoints
Configure public endpoints to virtual machine services.
ACL with firewall as appropriate.
Local Dev/Test
Build and test locally using the emulator.
Testing live can be achieved by using public endpoints.
Deploy Service
Specify instance count and other configuration details.
Deploy to a separate hosted service.
�Connecting Cloud Services with VNET
Strengths
More Secure
Low Latency
Cloud App Autonomy
VIP Swap (stateless roles)
Advanced Connectivity Requirements
Weaknesses
ContosoVNet (10.0.0.0/8)
80
FrontEndSubne
t
(10.0.0.0/16)
WA Web
Role
Direct
Access
via VNET
Load
Balancer
Cloud
Service1
Cloud
Service 2
SQLSubnet
AD (10.1.0.0/1
6)
VNET Complexity
No iDNS use BYOD
AD
Subnet
(10.2.0.0/
16)
SQL
Mirror
�VNET Connected
Local
Testing
ContosoVNet (10.0.0.0/8) MyAffinityGrou
Cloud
Service1
Manage Multiple Connection
Strings via Multiple
Configurations
80
Load
Balancer
Developer Fabric
WA Developer
Develope
Fabric
r
FrontEndSubne
t
(10.0.0.0/16)
1433
WA Web
Role
Direct
Access
via VNET
Cloud
Service 2
SQLSubnet
AD (10.1.0.0/1
6)
Subnet
(10.2.0.0/
AD
16)
SQL
Mirror
�VNET Connected with VPNOn Premises
ContosoVNet (10.0.0.0/8) MyAffinityGroup
Cloud
Service 1
FrontEndSubne
t
(10.0.0.0/16)
80
Load
Balancer
WA Web
Role
Direct
Access
via VNET
Cloud
Service 2
SQLSubnet
(10.1.0.0/1
6)
AD
SQL
Mirror
WA Developer
Fabric
Developer
VPN Tunnel
AD / DNS
Access on premises resources
Local Testing - allows direct connection
to Virtual Machines in the cloud
�VNET Connected Deployment
Steps
Design VNET
Define virtual networks and subnets for hosted services to
reside in.
Deploy VMs
Deploy Virtual Machine(s). If AD is desired deploy at this stage
so remaining VMs can start domain joined.
Customize
Use RDP to customize the new persistent VM(s) by installing
software, configuring roles etc
Local Dev/Test
Build and test locally using the emulator. Testing live can be
achieved by using public endpoints or VPN connectivity.
Deploy Service
Specify instance count, virtual network settings and other
configuration details. Deploy to a separate hosted service.
Make Production
Ready
If previously opened, close public endpoints to lock down
service.
�Mixed Mode Shared Cloud
Service
Strengths
Weaknesses
Simplicity
Connectivity
iDNS
Cloud
App
Lack of VIP Swap
Available in Fall Release
Virtual
Machine
80
Load
Balance
r
WA Web
Role
�VM to VM Performance
Category
Inter-VM within a
deployment (or
deployment to
deployment with VNET)
Inter-VM crossing a
deployment (same
region)
Latency
(Round-Trip)
Comment
Network
Link Details
0.29 ms
DIP
to DIP
Traffic does not
flow through the
LB
0.88 ms
VIP
to VIP
Traffic flows
through the LB
�Tiered Migrations
Take Advantage of PaaS Where You Can
Many Applications could benefit from migrating to a mixed deployment.
Migrating to web/worker roles or taking advantage of other
Windows Azure services (storage, cache etc..)
Benefits of Web and Worker Roles
Simplified Deployment and Configuration
Health Model
Easy High Availability
Instance Scalability
OS Patching
Automatic Firewall Configuration
Simple Certificate Deployment
Many others
�Horizontal Migration
Use Virtual Machines and VNET for Forklift
Migration
AD
Web
Web Tier
Role
Worker
App TierRoles
SQL
DataAzure
Tier
Convert Web Apps
to Web Roles
(optional)
Convert App Logic
to Worker Roles
(optional)
Convert Data Tier
to Azure SQL DB
(optional)
�Wrap Up
Connecting IaaS and PaaS
Connecting an application hosted in Windows Azure such as Web Sites
or Web/Worker Roles with a Virtual Machine.
Unblocks Building Applications with Dependencies
Dependencies such as Active Directory, SharePoint, SQL Server, Linux,
Mongo DB, COM+, MSMQ etc
Migration On-Ramp for Existing Applications
Migrate application from on-premises take advantage of PaaS
efficiencies without blockers on dependencies.
� 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
