Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Architecture Best Practices on Windows Azure
1. W15 - Ar chitectur e Best
Pr actices on W indows Azure
Nuno Godinho
Cloud Solution Architect
Level: Intermediate
2. About Me
Nuno Filipe Godinho
Cloud Solution Architect @ Aditi
Windows Azure MVP
nunog@aditi.com
http://msmvps.com/blogs/nunogodinho
Twitter: @NunoGodinho
5. CapEx
Allocated Load
IT-capacities Forecast
Undercapacity
IT CAPACITY
Overcapacity Fixed cost of
IT-capacities
Investment
Actual Load
TIME
6. OpEx
Allocated Load
IT Forecast
capacities
No undercapacity
IT CAPACITY
Reduction of Possible
overcapacity reduction of
IT-capacities
Reduction in case of
of initial reduced load
investments
Actual Load
TIME
7. THE Challenge!
• Traditional architecture • Cloud architecture
– Overcapacity available – No overcapacity
– Extra layers != extra costs – Extra layers == extra costs
– Costs are hidden – Costs are visible
8. In the Cloud YOU pay for ...
the services used
Windows Azure SQL Azure Block Services
3. 5. Access 6. Service
1. 2. Storage Control Bus
4. DB
Compute Storage Transacti Transactio Connectio
ons ns ns
+ the data transfer consumed
Outside the 7. out DataCenter
datacenter
9. Too Many parameters???
• Typically you only use 4-5:
– Compute hours
– Storage
– Storage Transactions
– SQL Azure database
– Service Bus Connections
– Access Control Service
– Caching
13. Architect for Scale
• Prepare to Scale Up & Scale Out
• Approaches:
– Have more processing power or storage in your app
Scale out to multiple instances, based on performance
metrics
Partition your data
Table Storage : partition keys
SQL Azure : sharding
Asynchronous architectures
– Distribute load to other places
Content Delivery Network
Federated Authentication and Authorization
AppFabric Caching
14. Architect for Scale – Scale Out
Webrole
Instance 1
NLB
Instance 2
Instance 3
15. Architect for Scale – Scale Out
Webrole
Instance 1
NLB
Instance 2
Instance 3
16. Architect for Scale – Scale Out
“round robin” Webrole
no sticky sessions !
Instance 1
NLB
Instance 2
Instance 3
17. Architect for Scale – Scale Out
performance metrics
App
App
App Local
DB
running on
3
2 instances defines on metrics and
polling intervals interpret metrics
Scaling engine
changes the configuration
Configuration
18. Prepare for Dynamic Scaling
• Monitor key performance indicators.
• Dynamically increase or decrease the
number of worker role instances.
• Programmatically expand and trim down
the number of processing threads to adapt
to variable load conditions.
19. Prepare for Dynamic Scaling
• Partition and process fine-grained
workloads concurrently using the
Task Parallel Library in the .NET
Framework 4.
• Maintain a viable capacity in solutions
with highly volatile workload in
anticipation of sudden spikes to be able to
handle them without the overhead of
setting up additional instances.
20. Plan for Disaster Recovery
• Disasters happen, plan for it
• Analyze the impacts of an outage for your
solution/business
21. Secure your Communications
• Service Bus Relay with ACS to improve
service security
• Use SSL whenever possible
• Don’t share your secrets
– Storage Account
– Service Bus
– Access Control Service
– Caching
– ...
22. Pick the right Compute Size
• Remember:
1 role instance == 1 VM running Windows.
1 role instance != one specific task for your code
You’re paying for the entire VM so why not use it?
23. Partition your Data
• Partition Data based on the indexing
needs.
– SQL Azure for highly indexed data
– Storage for the rest.
– Hybrid Partitioning is normally the best approach
• Shard your SQL Azure data across
databases to increase the workload.
27. Instrument your Solution
Cost Savings
Note: Remember to account for
monitoring and diagnostic usage costs!
28. Federate your Identity
• Instead of having another Identity Silo,
Federate your Identity
• Make your solutions available with Claim-
based Identity to increase the security
• Consider having Federation with multiple
IdP
29. Use Asynchronous and reduce
coupling
• Make your architecture work
asynchronously
• Embrace Compensable Transactions
• Use Queues to orchestrate work loads
31. Asynchronous Work Loads
web
Service worker
role
role
Instance 1 busy
Instance 1
Getmessage
Instance 2 free
Instance 2
Instance 3 Instance 3 busy
one (and only one) free
Instance of the worker
role gets the message
32. Architect Workers for
Idempotency
• Workers need to perform the operation
only once even if called several times
• Built failure recovery mechanisms
33. Batch Your Work
• Batch multiple small work items into a
single queue message
• Take several messages at a time
36. Reduce Latency
• Use Affinity Groups to lower the latency
between your service elements
– Compute
– Storage
• Make services closer and in the same Data
Center and close to each other (in the
same Cluster)
37. Make your Internal
Communidation Secure
• Use Internal Endpoints to gain
communication between services
deployed in Windows Azure and increase
security
• Always define Traffic Rules for your
Internal Entpoints
39. Key Takeaways
1. Architect for Scale
2. Plan for Disaster Recovery
3. Secure your Communications
4. Pick the right Compute size
5. Partition your Data
6. Instrument your Solution
7. Federate your Identity
8. Use Asynchronous and Reduce Coupling
9. Reduce Latency
10. Make Internal Communication Secure
40. T hank You
Nuno Godinho
Cloud Solution Architect @ Aditi
nunog@aditi.com
Twitter: @NunoGodinho
http://msmvps.com/blogs/nunogodinho
Slide Objective Get a graphical overview of horizontal partitioning Speaking notes Horizontal partitioning involves taking horizontal slices through a data set Each slice is placed onto a separate node The schema on each node is the same This example is partitioning by the first letter of the last name Worth asking attendees if this is a good approach… It should spark some discussion and allude to some topics to come in the deck Notes
Slide Objective Get a graphical overview of vertical partitioning Speaking notes Vertical partitioning involves taking vertical slices through a data set Each slice is placed onto a separate node The schema on each node is different Nodes will typically be quite different in character and cost This example is partitioning indexed data onto SQL Azure and the larger binary parts of the data set into cheaper Windows Azure storage Notes
Slide Objective Get a graphical overview of vertical partitioning Speaking notes Vertical partitioning involves taking vertical slices through a data set Each slice is placed onto a separate node The schema on each node is different Nodes will typically be quite different in character and cost This example is partitioning indexed data onto SQL Azure and the larger binary parts of the data set into cheaper Windows Azure storage Notes
Instrumentation/measurement is key to saving costs Measuring and monitoring is crucial to saving costs Where does CPU time get spent? How much % CPU do you use? Storage transactions – what parts of your code are calling storage? What partitions are they hitting in storage? Server logs What URLs are getting served? Characteristics of that content (compression, caching, etc) Use monitoring and diagnostics API to see CPU usage Storage Route all storage access through common code Remember to account for monitoring/diagnostic usage Use Fiddler and Development Storage locally to verify storage patterns