In this session, Jeff Wilcox highlights the key strategies and tactics that he uses to develop Win Phone 7 apps -- including this blockbuster app 4th & Mayor
Inside Windows Azure:The Cloud Operating System Mark RussinovichTechnical FellowWindows Azure
Presenter's Notes: 1
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 2
What is a Cloud?
What is a Cloud? Cloud: on-demand, scalable, multi-tenant, self-service compute resources
Presenter's Notes: 3
What is a Cloud?
What is a Cloud? Cloud: on-demand, scalable, multi-tenant, self-service compute resources
Presenter's Notes: 4
Types of Clouds
Types of Clouds Infrastructure as a Service (IaaS): basic compute and storage resourcesOn-demand serversAmazon EC2, VMWare vCloudHosted Hyper-VPlatform as a Service (PaaS): cloud application infrastructureOn-demand application-hosting environmentE.g. Google AppEngine, Salesforce.com, Windows AzureSoftware as a Service (SaaS): cloud applicationsOn-demand applicationsE.g. Office 365, gmail, Microsoft Office Web Companions
Presenter's Notes: 5
The Benefits of the Cloud
The Benefits of the Cloud As you move right, you loose control, but gain efficiency Windows Azure
Presenter's Notes: 6
Windows Azure
Windows Azure Windows Azure is an OS for the data centerModel: Treat the data center as a machineHandles resource management, provisioning, and monitoringManages application lifecycleAllows developers to concentrate on business logicProvides shared pool of compute, disk and networkVirtualized storage, compute and networkIllusion of boundless resourcesProvides common building blocks for distributed applicationsReliable queuing, simple structured storage, SQL storageApplication services like access control and connectivity
Presenter's Notes: 7
Windows Azure Application Philosophy: Design for...
Windows Azure Application Philosophy: Design for Failure Scale out for redundancyShort-time outs with retriesIdempotent operationsStateless with persistent external storage
Presenter's Notes: 8
Windows Azure Application Platform
Windows Azure Application Platform
Presenter's Notes: 9
Windows Azure Application Characteristics
Windows Azure Application Characteristics
Presenter's Notes: 10
Windows Azure Application Characteristics
Windows Azure Application Characteristics Windows Azure
Presenter's Notes: 11
Windows Azure Platform Building Blocks
Windows Azure Platform Building Blocks Windows Azure ComputeWindows Azure StorageBLOBsTablesQueuesWindows Azure CDNSQL AzureAppFabric PaaS Middleware ServicesAppFabric CachingAppFabric Service BusAppFabric Access Control Server
Presenter's Notes: 12
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 13
Modeling Cloud Applications
Modeling Cloud Applications A cloud application is typically made up of different tiersFront end: e.g. load-balanced stateless web serversMiddle worker tier: e.g. order processing, encodingBackend storage: e.g. SQL tables or filesMultiple instances of each for scalability and availability Front-End Marks Cloud Application Front-End HTTP/HTTPS WindowsAzureStorage,SQL Azure Load Balancer Middle-Tier
Presenter's Notes: 14
The Windows Azure Service Model
The Windows Azure Service Model A Windows Azure application is called a serviceDefinition informationConfiguration informationAt least one roleRoles are like DLLs in the service processCollection of code with an entry point that runs in its own virtual machineThere are currently three role types:Web Role: IIS7 and ASP.NET in Windows Azure-supplied OSWorker Role: arbitrary code in Windows Azure-supplied OSVM Role: uploaded VHD with customer-supplied OS
Presenter's Notes: 15
VM Role
VM Role VM Role is a Hyper-V VHD that you uploadYou bring the OSThe application is configured and installedLike Web and Worker Roles, it is statelessFor scale-out availability and capacityConfiguration and application state stored locally can be lostSo what good is it?Long installationFragile installationManual configurationDownside: OS maintenance is your responsibility
Presenter's Notes: 16
Role Contents
Role Contents Definition: Role nameRole typeVM size (e.g. small, medium, etc.)Network endpointsCode: Web/Worker Role: Hosted DLL and other executablesVM Role: VHDConfiguration:Number of instancesNumber of update and fault domains
Presenter's Notes: 17
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Front-End-1 Middle Tier-2 Middle Tier-1
Presenter's Notes: 18
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Front-End-1 Middle Tier-2 Middle Tier-1
Presenter's Notes: 19
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Middle Tier-2
Presenter's Notes: 20
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Middle Tier-2
Presenter's Notes: 21
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3
Presenter's Notes: 22
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Update Domain 3 Middle Tier-3
Presenter's Notes: 23
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3
Presenter's Notes: 24
Availability: Fault Domains
Availability: Fault Domains Purpose: Avoid single points of failuresSimilar concept to update domainsBut you dont control the updatesUnit of failure based on data center topologyE.g. top-of-rack switch on a rack of machinesWindows Azure considers fault domains when allocating service roles2 fault domains per serviceWill try and spread roles out across moreE.g. dont put all roles in same rack Front-End-1 Fault Domain 1 Fault Domain 2 Front-End-2 Middle Tier-2 Middle Tier-1 Fault Domain 3 Middle Tier-3
Presenter's Notes: 25
Service Model Files
Service Model Files Service definition is in ServiceDefinition.csdefService configuration is in ServiceConfiguration.cscfgCSPack program Zips service binaries and definition into service package file (service.cscfg)
Presenter's Notes: 26
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portal FC Service
Presenter's Notes: 27
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD version FC Service
Presenter's Notes: 28
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD versionRDFE sends service to Fabric Controller (FC) based on target region FC Service
Presenter's Notes: 29
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD versionRDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service FC Service
Presenter's Notes: 30
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 31
The Fabric Controller (FC)
The Fabric Controller (FC) The kernel of the cloud operating systemManages datacenter hardwareManages Windows Azure servicesFour main responsibilities:Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health managementInputs:Description of the hardware and network resources it will controlService model and binaries for cloud applications
Presenter's Notes: 32
Sidebar: Whats with all these Fabrics?
Sidebar: Whats with all these Fabrics? The Windows Azure Fabric Controller is totally, completely, unrelated to AppFabricAppFabric is a brand that encompasses:Windows Server AppFabric: a set of components for building composite applications based on Windows Communication Foundation and Windows WorkflowWindows Azure AppFabric: Cloud services for connecting cloud and on-premise applications AppFabric Access Control Server AppFabric Service BusAppFabric CacheBuilt as Windows Azure services
Presenter's Notes: 33
Datacenter Architecture
Datacenter Architecture TOR LB LB Agg PDU LB LB Agg LB LB Agg LB LB Agg LB LB Agg LB LB Agg Racks Datacenter Routers Aggregation Routers andLoad Balancers TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU Top of RackSwitches Power Distribution Units Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes
Presenter's Notes: Should there also be boxes below the 2nd from the right LB-Agg-LB unit? 34
Windows Azure Datacenters
Windows Azure Datacenters
Presenter's Notes: 35
High-Level FC Architecture
High-Level FC Architecture FC is a distributed, stateful application running on nodes (blades) spread across fault domains Installed by Utility Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade, and services continue to run even if FC fails entirely Nodes Rack
Presenter's Notes: 36
Provisioning a Node (Blade)
Provisioning a Node (Blade) Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 37
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on node Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 38
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OS Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 39
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OS Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS Maintenance OS
Presenter's Notes: 40
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OSHost OS boots, runs Sysprep /specialize, reboots Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 41
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OSHost OS boots, runs Sysprep /specialize, rebootsFC connects with the Host Agent Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 42
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 43
Service Deployment Steps
Service Deployment Steps Process service model filesDetermine resource requirementsCreate role imagesAllocate compute and network resourcesPrepare nodesPlace role images on nodesCreate virtual machinesStart virtual machines and rolesConfigure networkingDynamic IP addresses (DIPs) assigned to bladesVirtual IP addresses (VIPs) allocated and mapped to sets of DIPsPrograms load balancers to allow trafficRound-robin routing1-minute timeout
Presenter's Notes: 44
Service Resource Allocation
Service Resource Allocation Goal: allocate service components to available resources while satisfying all hard constraints HW requirements: CPU, Memory, Storage, NetFault domainsSecondary goal: Satisfy soft constraints Prefer allocations which will simplify servicing the host OS/hypervisor: pick nodes that already have instances from the same update domainOptimize network proximity: pack nodesService allocation produces the goal state for the resources assigned to the service componentsNode and VM configuration (OS, hosting environment)Images and configuration files to deployProcesses to startService allocation also allocates network resources such as LB and VIPs
Presenter's Notes: 45
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 46
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 47
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 48
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer 10.100.0.36 10.100.0.122 www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 49
Provisioning a Role Instance
Provisioning a Role Instance FC pushes role files and configuration information to target node host agentHost agent creates three VHDs:Differencing VHD for OS image (D:\)Host agent injects FC guest agent into VHD for Web/Worker rolesResource VHD for temporary files (C:\)Role VHD for role files (first available drive letter e.g. E:\, F:\)Host agent creates VM, attaches VHDs, and starts VMGuest agent starts role host, which calls role entry pointStarts health heartbeat to and gets commands from host agentLoad balancer only routes to external endpoint when it responds to simple HTTP GET (LB probe)
Presenter's Notes: 50
Provisioning VM Role Instances
Provisioning VM Role Instances VM Role base and differencing VHD are stored in Windows Azure Storage blobsShadow versions are made when the originals are uploadedVHD reads all go through a VHD caching serviceReads come on-demand from the cacheWrites go to a secondary differencing VHDReimage simply deletes it and reboots Windows Azure Blob Storage Original Base VHD Original Differencing VHD Shadow Base VHD Shadow Differencing VHD RDFE VHD CachingService Base VHD Shadow Differencing VHD Secondary Differencing VHD Node
Presenter's Notes: 51
Inside a Node
Inside a Node Fabric Controller (Primary) FC Host Agent(trusted) Host Partition Guest Partition Guest Agent Guest Partition Guest Agent Guest Partition Guest Agent Guest Partition Guest Agent Physical Node Fabric Controller (Replica) Fabric Controller (Replica) Role Instance Role Instance Role Instance Role Instance Trust boundary 52
Presenter's Notes: 52
Inside a Role VM
Inside a Role VM Guest Agent Role Host Role Entry Point
Presenter's Notes: 53
Fabric Controller Security
Fabric Controller Security The VM is the security boundary upon which Windows Azure security is basedThe host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same serviceAllows access to Internet addressesFC uses certificates and network security to authorize access to datacenter resources
Presenter's Notes: 54
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 55
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old In-Place Update
Presenter's Notes: 56
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 In-Place Update
Presenter's Notes: 57
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 In-Place Update
Presenter's Notes: 58
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 59
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 60
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 61
Update Type Characteristics
Update Type Characteristics
Presenter's Notes: 62
In-Place Update Detail
In-Place Update Detail FC deploys updated role files and configuration to all nodes in parallelPrepares new role instances:FC host agent creates new role VHDAttaches and mounts new role VHDStops old role instance:FC instructs guest agent to stop role instanceDismounts and detaches old role VHDStarts new role instances:Calls new role code entry pointConsiders role instance update successful when role code reports readyNote that resource volume is preserved updates of role instance
Presenter's Notes: 63
Management Protocol
Management Protocol Allows services to coordinate with FC operationsStateful services: Windows Azure Storage, SQL AzureService may not want update to proceed until it verifies its own health and availabilityFabric informs role of update operationsWaits (with timeout) for positive response before proceedingNot available for external use at this time UD 0 UD 1 UD 2 UD 3 UD 4 Start Job Prepare UD Post UD End Job
Presenter's Notes: 64
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 65
Updating the Host OS
Updating the Host OS Initiated by the Windows Azure teamTypically no more than once per month Goal: update all machines as quickly as possibleConstraint: must not violate service SLAService needs at least two update domains and role instances for SLACant allow more than one update domain of any service to be offline at a timeNote: your role instance keeps the same VM and VHDs, preserving cached data in the resource volumeEssentially a graph coloring problemEdges exist between vertices (nodes) if the two nodes host instances of the same service role in different update domainsNodes that dont have edges between them can update in parallel
Presenter's Notes: 66
Example Allocations
Example Allocations Both allocations are valid from the services point of viewAllocation 1 allows for 2 nodes rebooting simultaneouslyAllocation 2 allows only one node to be down at any timeHost OS upgrade rollout is 2x faster with allocation 1 Allocation 1 Allocation 2 Service BRole A-1UD 2 Service BRole A-1UD 1
Presenter's Notes: 67
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 68
Node and Role Health Maintenance
Node and Role Health Maintenance FC maintains service availability by monitoring the software and hardware healthBased primarily on heartbeats Automatically heals affected roles
Presenter's Notes: 69
Node Health Index
Node Health Index Timeouts vary depending on node state and operationBased on heartbeats, which are typically 15 secondsUsed for status and recovery Health state sampler resets the index on successful pollOnce the index falls below zero, FC attempts to heal nodeFor example, host agent timeout is 10 minutesWorst-case reaction time is timeout interval + heartbeat interval NodeHealthIndex MissedHeartbeats Heartbeat Interval MissedHeartbeat RecoveryInitiated Heartbeat Timeout HealthTimeout Healthy
Presenter's Notes: 70
Guest Agent and Role Instance Heartbeats and...
Guest Agent and Role Instance Heartbeats and Timeouts 25 min GuestAgentConnectTimeout Guest Agent Heartbeat 5s RoleInstanceLaunch Indefinite RoleInstanceStart RoleInstanceReady(for updates only) 15 min Role Instance Heartbeat 15s Guest Agent Heartbeat Timeout 10 min Role Instance Unresponsive Timeout30s Load Balancer Heartbeat 15s Load BalancerTimeout30s Guest Agent Role Instance
Presenter's Notes: 71
Moving a Role Instance (Service Healing)
Moving a Role Instance (Service Healing) Moving a role instance is similar to a service updateOn source node:Role instances stoppedVMs stoppedNode reprovisioned On destination node:Same steps as initial role instance deploymentWarning: Resource VHD is not moved
Presenter's Notes: 72
Conclusion:
Conclusion: Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azures PaaSProvisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healingThe Fabric Controller continues to evolve
Presenter's Notes: 73
Zero Day A Novel
Zero Day A Novel A novel about cyber-terrorism aimed at the WestSt. Martins Presswww.zerodaythebook.com
Presenter's Notes: 74
About This Presentation
In this session Mark Russinovich explains the architecture of Windows Azure and the magic that helps .NET developers scale in the cloud.
AZGroups has become the single place that makes it easy for you to get in touch with the technologies you're interested in.
If you're a user group leader, or have an event that you'd like posted on our Calendar of Events, please contact, Scott [dot] Cate [at] myKB [dot] com.
AZGroups.org is a centralized calendar for all Technology User Groups in Arizona. If you run a User Group, and would like you publish you meeting dates on the Calendar, please contact Scott at the address above.
Inside Windows Azure (Mark Russinovich)
In this session Mark Russinovich explains the architecture of Windows Azure and the magic that helps .NET developers scale in the cloud.
More From This Author
See More
In this session, Jeff Wilcox highlights the key strategies and tactics that he uses to develop Win Phone 7 apps -- including this blockbuster app 4th & Mayor
In this session, Scott Guthrie shares some insights about MVC 3 including newly released and upcoming features.
In this session, Scott Guthrie provides an overview of new and upcoming changes to the .NET ecosystem
Transcript
Inside Windows Azure:The Cloud Operating System
Inside Windows Azure:The Cloud Operating System Mark RussinovichTechnical FellowWindows Azure
Presenter's Notes: 1
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 2
What is a Cloud?
What is a Cloud? Cloud: on-demand, scalable, multi-tenant, self-service compute resources
Presenter's Notes: 3
What is a Cloud?
What is a Cloud? Cloud: on-demand, scalable, multi-tenant, self-service compute resources
Presenter's Notes: 4
Types of Clouds
Types of Clouds Infrastructure as a Service (IaaS): basic compute and storage resourcesOn-demand serversAmazon EC2, VMWare vCloudHosted Hyper-VPlatform as a Service (PaaS): cloud application infrastructureOn-demand application-hosting environmentE.g. Google AppEngine, Salesforce.com, Windows AzureSoftware as a Service (SaaS): cloud applicationsOn-demand applicationsE.g. Office 365, gmail, Microsoft Office Web Companions
Presenter's Notes: 5
The Benefits of the Cloud
The Benefits of the Cloud As you move right, you loose control, but gain efficiency Windows Azure
Presenter's Notes: 6
Windows Azure
Windows Azure Windows Azure is an OS for the data centerModel: Treat the data center as a machineHandles resource management, provisioning, and monitoringManages application lifecycleAllows developers to concentrate on business logicProvides shared pool of compute, disk and networkVirtualized storage, compute and networkIllusion of boundless resourcesProvides common building blocks for distributed applicationsReliable queuing, simple structured storage, SQL storageApplication services like access control and connectivity
Presenter's Notes: 7
Windows Azure Application Philosophy: Design for...
Windows Azure Application Philosophy: Design for Failure Scale out for redundancyShort-time outs with retriesIdempotent operationsStateless with persistent external storage
Presenter's Notes: 8
Windows Azure Application Platform
Windows Azure Application Platform
Presenter's Notes: 9
Windows Azure Application Characteristics
Windows Azure Application Characteristics
Presenter's Notes: 10
Windows Azure Application Characteristics
Windows Azure Application Characteristics Windows Azure
Presenter's Notes: 11
Windows Azure Platform Building Blocks
Windows Azure Platform Building Blocks Windows Azure ComputeWindows Azure StorageBLOBsTablesQueuesWindows Azure CDNSQL AzureAppFabric PaaS Middleware ServicesAppFabric CachingAppFabric Service BusAppFabric Access Control Server
Presenter's Notes: 12
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 13
Modeling Cloud Applications
Modeling Cloud Applications A cloud application is typically made up of different tiersFront end: e.g. load-balanced stateless web serversMiddle worker tier: e.g. order processing, encodingBackend storage: e.g. SQL tables or filesMultiple instances of each for scalability and availability Front-End Marks Cloud Application Front-End HTTP/HTTPS WindowsAzureStorage,SQL Azure Load Balancer Middle-Tier
Presenter's Notes: 14
The Windows Azure Service Model
The Windows Azure Service Model A Windows Azure application is called a serviceDefinition informationConfiguration informationAt least one roleRoles are like DLLs in the service processCollection of code with an entry point that runs in its own virtual machineThere are currently three role types:Web Role: IIS7 and ASP.NET in Windows Azure-supplied OSWorker Role: arbitrary code in Windows Azure-supplied OSVM Role: uploaded VHD with customer-supplied OS
Presenter's Notes: 15
VM Role
VM Role VM Role is a Hyper-V VHD that you uploadYou bring the OSThe application is configured and installedLike Web and Worker Roles, it is statelessFor scale-out availability and capacityConfiguration and application state stored locally can be lostSo what good is it?Long installationFragile installationManual configurationDownside: OS maintenance is your responsibility
Presenter's Notes: 16
Role Contents
Role Contents Definition: Role nameRole typeVM size (e.g. small, medium, etc.)Network endpointsCode: Web/Worker Role: Hosted DLL and other executablesVM Role: VHDConfiguration:Number of instancesNumber of update and fault domains
Presenter's Notes: 17
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Front-End-1 Middle Tier-2 Middle Tier-1
Presenter's Notes: 18
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Front-End-1 Middle Tier-2 Middle Tier-1
Presenter's Notes: 19
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Middle Tier-2
Presenter's Notes: 20
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-3 Update Domain 3 Middle Tier-3 Front-End-2 Middle Tier-2
Presenter's Notes: 21
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3 Middle Tier-3
Presenter's Notes: 22
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Update Domain 3 Middle Tier-3
Presenter's Notes: 23
Availability: Update Domains
Availability: Update Domains Purpose: Ensure service stays up while updating and Windows Azure OS updatesSystem considers update domains when upgrading a service1/Update domains = percent of service that will be offlineDefault and max is 5, but you can override with upgradeDomainCount service definition propertyThe Windows Azure SLA is based on at least two update domains and two role instances in each role Front-End-1 Front-End-2 Update Domain 1 Update Domain 2 Middle Tier-1 Middle Tier-2 Middle Tier-3 Update Domain 3
Presenter's Notes: 24
Availability: Fault Domains
Availability: Fault Domains Purpose: Avoid single points of failuresSimilar concept to update domainsBut you dont control the updatesUnit of failure based on data center topologyE.g. top-of-rack switch on a rack of machinesWindows Azure considers fault domains when allocating service roles2 fault domains per serviceWill try and spread roles out across moreE.g. dont put all roles in same rack Front-End-1 Fault Domain 1 Fault Domain 2 Front-End-2 Middle Tier-2 Middle Tier-1 Fault Domain 3 Middle Tier-3
Presenter's Notes: 25
Service Model Files
Service Model Files Service definition is in ServiceDefinition.csdefService configuration is in ServiceConfiguration.cscfgCSPack program Zips service binaries and definition into service package file (service.cscfg)
Presenter's Notes: 26
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portal FC Service
Presenter's Notes: 27
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD version FC Service
Presenter's Notes: 28
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD versionRDFE sends service to Fabric Controller (FC) based on target region FC Service
Presenter's Notes: 29
Deploying a Service to the Cloud:The 10,000 foot...
RDFEService Portal Service US-North Central Datacenter Deploying a Service to the Cloud:The 10,000 foot view Service package uploaded to portalWindows Azure Portal Service passes service package to Red Dog Front End (RDFE) Azure serviceRDFE converts service package to native RD versionRDFE sends service to Fabric Controller (FC) based on target regionFC stores image in repository and deploys and activates service FC Service
Presenter's Notes: 30
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 31
The Fabric Controller (FC)
The Fabric Controller (FC) The kernel of the cloud operating systemManages datacenter hardwareManages Windows Azure servicesFour main responsibilities:Datacenter resource allocationDatacenter resource provisioningService lifecycle managementService health managementInputs:Description of the hardware and network resources it will controlService model and binaries for cloud applications
Presenter's Notes: 32
Sidebar: Whats with all these Fabrics?
Sidebar: Whats with all these Fabrics? The Windows Azure Fabric Controller is totally, completely, unrelated to AppFabricAppFabric is a brand that encompasses:Windows Server AppFabric: a set of components for building composite applications based on Windows Communication Foundation and Windows WorkflowWindows Azure AppFabric: Cloud services for connecting cloud and on-premise applications AppFabric Access Control Server AppFabric Service BusAppFabric CacheBuilt as Windows Azure services
Presenter's Notes: 33
Datacenter Architecture
Datacenter Architecture TOR LB LB Agg PDU LB LB Agg LB LB Agg LB LB Agg LB LB Agg LB LB Agg Racks Datacenter Routers Aggregation Routers andLoad Balancers TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU TOR PDU Top of RackSwitches Power Distribution Units Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes Nodes
Presenter's Notes: Should there also be boxes below the 2nd from the right LB-Agg-LB unit? 34
Windows Azure Datacenters
Windows Azure Datacenters
Presenter's Notes: 35
High-Level FC Architecture
High-Level FC Architecture FC is a distributed, stateful application running on nodes (blades) spread across fault domains Installed by Utility Fabric ControllerOne acts as the primary and all others keep view of world in syncSupports rolling upgrade, and services continue to run even if FC fails entirely Nodes Rack
Presenter's Notes: 36
Provisioning a Node (Blade)
Provisioning a Node (Blade) Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 37
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on node Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 38
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OS Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 39
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OS Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS Maintenance OS
Presenter's Notes: 40
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OSHost OS boots, runs Sysprep /specialize, reboots Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 41
Provisioning a Node (Blade)
Provisioning a Node (Blade) Power on nodePXE-boot Maintenance OSAgent formats disk and downloads Host OSHost OS boots, runs Sysprep /specialize, rebootsFC connects with the Host Agent Fabric Controller RoleImages RoleImages RoleImages RoleImages Image Repository Maintenance OS Parent OS Node PXEServer Maintenance OS Windows AzureOS
Presenter's Notes: 42
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 43
Service Deployment Steps
Service Deployment Steps Process service model filesDetermine resource requirementsCreate role imagesAllocate compute and network resourcesPrepare nodesPlace role images on nodesCreate virtual machinesStart virtual machines and rolesConfigure networkingDynamic IP addresses (DIPs) assigned to bladesVirtual IP addresses (VIPs) allocated and mapped to sets of DIPsPrograms load balancers to allow trafficRound-robin routing1-minute timeout
Presenter's Notes: 44
Service Resource Allocation
Service Resource Allocation Goal: allocate service components to available resources while satisfying all hard constraints HW requirements: CPU, Memory, Storage, NetFault domainsSecondary goal: Satisfy soft constraints Prefer allocations which will simplify servicing the host OS/hypervisor: pick nodes that already have instances from the same update domainOptimize network proximity: pack nodesService allocation produces the goal state for the resources assigned to the service componentsNode and VM configuration (OS, hosting environment)Images and configuration files to deployProcesses to startService allocation also allocates network resources such as LB and VIPs
Presenter's Notes: 45
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 46
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 47
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 48
Example Service Allocation
Example Service Allocation Role BCount: 2Update Domains: 2Fault Domains: 2Size: Medium Role ACount: 3Update Domains: 2Fault Domains: 2Size: Large Fault Domain 1 Fault Domain 2 Fault Domain 3 LoadBalancer 10.100.0.36 10.100.0.122 www.mycloudapp.net www.mycloudapp.net
Presenter's Notes: 49
Provisioning a Role Instance
Provisioning a Role Instance FC pushes role files and configuration information to target node host agentHost agent creates three VHDs:Differencing VHD for OS image (D:\)Host agent injects FC guest agent into VHD for Web/Worker rolesResource VHD for temporary files (C:\)Role VHD for role files (first available drive letter e.g. E:\, F:\)Host agent creates VM, attaches VHDs, and starts VMGuest agent starts role host, which calls role entry pointStarts health heartbeat to and gets commands from host agentLoad balancer only routes to external endpoint when it responds to simple HTTP GET (LB probe)
Presenter's Notes: 50
Provisioning VM Role Instances
Provisioning VM Role Instances VM Role base and differencing VHD are stored in Windows Azure Storage blobsShadow versions are made when the originals are uploadedVHD reads all go through a VHD caching serviceReads come on-demand from the cacheWrites go to a secondary differencing VHDReimage simply deletes it and reboots Windows Azure Blob Storage Original Base VHD Original Differencing VHD Shadow Base VHD Shadow Differencing VHD RDFE VHD CachingService Base VHD Shadow Differencing VHD Secondary Differencing VHD Node
Presenter's Notes: 51
Inside a Node
Inside a Node Fabric Controller (Primary) FC Host Agent(trusted) Host Partition Guest Partition Guest Agent Guest Partition Guest Agent Guest Partition Guest Agent Guest Partition Guest Agent Physical Node Fabric Controller (Replica) Fabric Controller (Replica) Role Instance Role Instance Role Instance Role Instance Trust boundary 52
Presenter's Notes: 52
Inside a Role VM
Inside a Role VM Guest Agent Role Host Role Entry Point
Presenter's Notes: 53
Fabric Controller Security
Fabric Controller Security The VM is the security boundary upon which Windows Azure security is basedThe host OS and FC host agent are trustedThe guest agent is untrustedThe FC host agent ensures that the VM can only access IP addresses assigned to VMs of the same serviceAllows access to Internet addressesFC uses certificates and network security to authorize access to datacenter resources
Presenter's Notes: 54
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 55
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old In-Place Update
Presenter's Notes: 56
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 In-Place Update
Presenter's Notes: 57
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 In-Place Update
Presenter's Notes: 58
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 59
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 60
Update Types
Update Types There are two update types:In-placeVIP swapIn-place update:Role instances upgraded one update domain at a timeYou can update a single roleTwo modes: automatic and manualVIP swap update:New version of service deployed, external VIP/DIP mapping swapped with old Role AUD 1 Role BUD 1 Role AUD 2 Role BUD 2 LB In-Place Update VIP Swap Update
Presenter's Notes: 61
Update Type Characteristics
Update Type Characteristics
Presenter's Notes: 62
In-Place Update Detail
In-Place Update Detail FC deploys updated role files and configuration to all nodes in parallelPrepares new role instances:FC host agent creates new role VHDAttaches and mounts new role VHDStops old role instance:FC instructs guest agent to stop role instanceDismounts and detaches old role VHDStarts new role instances:Calls new role code entry pointConsiders role instance update successful when role code reports readyNote that resource volume is preserved updates of role instance
Presenter's Notes: 63
Management Protocol
Management Protocol Allows services to coordinate with FC operationsStateful services: Windows Azure Storage, SQL AzureService may not want update to proceed until it verifies its own health and availabilityFabric informs role of update operationsWaits (with timeout) for positive response before proceedingNot available for external use at this time UD 0 UD 1 UD 2 UD 3 UD 4 Start Job Prepare UD Post UD End Job
Presenter's Notes: 64
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 65
Updating the Host OS
Updating the Host OS Initiated by the Windows Azure teamTypically no more than once per month Goal: update all machines as quickly as possibleConstraint: must not violate service SLAService needs at least two update domains and role instances for SLACant allow more than one update domain of any service to be offline at a timeNote: your role instance keeps the same VM and VHDs, preserving cached data in the resource volumeEssentially a graph coloring problemEdges exist between vertices (nodes) if the two nodes host instances of the same service role in different update domainsNodes that dont have edges between them can update in parallel
Presenter's Notes: 66
Example Allocations
Example Allocations Both allocations are valid from the services point of viewAllocation 1 allows for 2 nodes rebooting simultaneouslyAllocation 2 allows only one node to be down at any timeHost OS upgrade rollout is 2x faster with allocation 1 Allocation 1 Allocation 2 Service BRole A-1UD 2 Service BRole A-1UD 1
Presenter's Notes: 67
Agenda
Agenda Introduction to the CloudWindows Azure FundamentalsFabric Controller InternalsDeploying a ServiceUpdating a ServiceHost OS UpgradesService Healing
Presenter's Notes: 68
Node and Role Health Maintenance
Node and Role Health Maintenance FC maintains service availability by monitoring the software and hardware healthBased primarily on heartbeats Automatically heals affected roles
Presenter's Notes: 69
Node Health Index
Node Health Index Timeouts vary depending on node state and operationBased on heartbeats, which are typically 15 secondsUsed for status and recovery Health state sampler resets the index on successful pollOnce the index falls below zero, FC attempts to heal nodeFor example, host agent timeout is 10 minutesWorst-case reaction time is timeout interval + heartbeat interval NodeHealthIndex MissedHeartbeats Heartbeat Interval MissedHeartbeat RecoveryInitiated Heartbeat Timeout HealthTimeout Healthy
Presenter's Notes: 70
Guest Agent and Role Instance Heartbeats and...
Guest Agent and Role Instance Heartbeats and Timeouts 25 min GuestAgentConnectTimeout Guest Agent Heartbeat 5s RoleInstanceLaunch Indefinite RoleInstanceStart RoleInstanceReady(for updates only) 15 min Role Instance Heartbeat 15s Guest Agent Heartbeat Timeout 10 min Role Instance Unresponsive Timeout30s Load Balancer Heartbeat 15s Load BalancerTimeout30s Guest Agent Role Instance
Presenter's Notes: 71
Moving a Role Instance (Service Healing)
Moving a Role Instance (Service Healing) Moving a role instance is similar to a service updateOn source node:Role instances stoppedVMs stoppedNode reprovisioned On destination node:Same steps as initial role instance deploymentWarning: Resource VHD is not moved
Presenter's Notes: 72
Conclusion:
Conclusion: Platform as a Service is all about reducing management and operations overheadThe Windows Azure Fabric Controller is the foundation for Windows Azures PaaSProvisions machinesDeploys servicesConfigures hardware for servicesMonitors service and hardware healthPerforms service healingThe Fabric Controller continues to evolve
Presenter's Notes: 73
Zero Day A Novel
Zero Day A Novel A novel about cyber-terrorism aimed at the WestSt. Martins Presswww.zerodaythebook.com
Presenter's Notes: 74