SlideShare ist ein Scribd-Unternehmen logo

Gab 2018 seguridad y escalado en azure service fabric

Als PPTX, PDF herunterladen
Alberto Diaz Martin
Alberto Diaz Martin

A tener en cuenta para escalar y asegurar un cluster de Azure Service Fabric

Technologie
1 von 45
#GlobalAzure
Alberto Diaz Martin alberto.diaz@encamina.com - @adiazcan Alberto Diaz cuenta con más de 15 años de experiencia en la Industria IT, todos ellos trabajando con tecnologías Microsoft. Actualmente, es Chief Technology Innovation Officer en ENCAMINA, liderando el desarrollo de software con tecnología Microsoft, y miembro del equipo de Dirección. Para la comunidad, trabaja como organizador y speaker de las conferencias más relevantes del mundo Microsoft en España, en las cuales es uno de los referentes en SharePoint, Office 365 y Azure. Autor de diversos libros y artículos en revistas profesionales y blogs, en 2013 empezó a formar parte del equipo de Dirección de CompartiMOSS, una revista digital sobre tecnologías Microsoft. Desde 2011 ha sido nombrado Microsoft MVP, reconocimiento que ha renovado por séptimo año consecutivo. Se define como un geek, amante de los smartphones y desarrollador. Fundador de TenerifeDev (www.tenerifedev.com), un grupo de usuarios de .NET en Tenerife, y coordinador de SUGES (Grupo de Usuarios de SharePoint de España, www.suges.es)
#GlobalAzure Intro to Service Fabric
Thumbnail Service Thumbnail ServicePhoto Share Service Photo Share Service Photo Share Service Photo Share Service Thumbnail Service Photo Share Service node.js Thumbnail Service .NET Photo Share Service V1 Thumbnail Service V1 Thumbnail Service V2
Azure Other CloudsDev Box Azure Service Fabric Any OS, Any Cloud containers and microservices On-Premise Data Centers
Azure Other CloudsOn-Premise Data CentersDev Box Azure Service Fabric Any OS, Any Cloud
Service Fabric cluster
VM #1 Service Fabric Your code, etc. VM #2 Service Fabric Your code, etc. VM #3 Service Fabric Your code, etc. VM #4 Service Fabric Your code, etc. VM #5 Service Fabric Your code, etc. Your code, etc. (Port: 19080) Web Request Port: 80 Service Fabric cluster
#GlobalAzure PowerShell Module Azure CLI, Service Fabric CLI
New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize $numNodes -VmPassword $pwd - CertificateSubjectName $subname -CertificatePassword $pwd -CertificateOutputFolder $pfxfolder
#GlobalAzure Demo Create a secure cluster using PowerShell
#GlobalAzure Securing your cluster
Service Fabric Cluster Key Vault AAD Security LB#3LB#2LB#1 NSG#1 NSG#2 NSG#2 VMSS* ##1 VM VM VM VMSS* #1 VM VM VM VMSS#1 VM VM VM For Diagnostics Azure Storage For SF logs For VHDs For VHDsManaged Disk For VHDs Service Fabric Cluster VNET LB#3LB#2LB#1 VMSS#1 VM VM VM VMSS#2 VM VM VM VMSS#3 VM VM VM NSG#1 NSG#2 NSG#3 Jump Server
ClientConnectionEndpoint (TCP) 19000 HttpGatewayEndpoint (HTTP/TCP) 19080 SMB support for Image Store 445, 134 ClusterConnectionEndpointPort (TCP) 1025 LeaseDriverEndpointPort (TCP) 1026 Ephemeral Port range As needed, min 256 ports App ports As needed
#GlobalAzure Demo Review of a cluster with NSG enabled on Portal
#GlobalAzure Planning your cluster
FD1 FD2 FD3 FD4 FD5 • Number of FDs determines the headroom needed in case of unplanned failures • Examples include a PDU failing or TOR maintenance that can take out all machines in a rack • In terms of capacity – you need to leave enough headroom to accommodate failure of at least one FD • This will result in SF moving/creating new replicas on the available machines in other FDs PDU Burn out Replica
FD1 FD2 FD3 FD4 FD5 • Number of Upgrade Domains determines the headroom needed in case of planned failures/downtimes • An example is when a Service Fabric upgrade going on, and a UD is down, you have to have room for additional replicas if need be Replica UD1 UD2 UD3 UD4 UD5 UD6 UD7 UD8 UD9 UD10 SF upgrade
You should plan your capacity in such a way that your service can at least survive: • A loss of one FD • A UD being down because of an upgrade going on • A additional random node/VM failing FD1 FD2 FD3 FD4 FD5 UD1 UD2 UD3 UD4 UD5 UD6 UD7 UD8 UD9 UD10
New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize 1 -VmPassword $pwd -CertificateSubjectName $subname -CertificatePassword $pwd -OS UbuntuServer1604 New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize 3 -VmPassword $pwd -CertificateSubjectName $subname -CertificatePassword $pwd -OS WindowsServer2016DatacenterwithContainers
#GlobalAzure Deploy Test Clusters through Portal Demo
Add-AzureRmServiceFabricNode -ResourceGroupName $RGname -Name $clusterName -NodeType $nodeType -Number $addNumNodes Remove-AzureRmServiceFabricNode -ResourceGroupName $RGname - Name $clusterName -NodeType $nodeType -Number $addNumNodes
Add-AzureRmServiceFabricNodetype -ResourceGroupName $RGname - Name $clusterName -NodeType $nodeType …… Remove-AzureRmServiceFabricNodeType -ResourceGroupName $RGname -Name $clusterName -NodeType $nodeType …..
#GlobalAzure Scale out a cluster using the PowerShell Module Demo
#GlobalAzure Business continuity planning
The Recovery Point Objective (RPO) determines the amount of data you can afford to lose in a disaster The Recovery Time Objective (RTO) is the maximum tolerable length of time that your service can be down after a disaster occurs
Types of Disasters RPO and RTO = 0, Write latency acceptable RPO and RTO > 0 Data Center Outages Cross-regional SF cluster Stand up a new cluster, restore from backup Cluster down (Very low probability for cross- regional clusters) Stand up a new cluster, restore from backup Stand up a new cluster, restore from backup Machine / Node down Deploy across 5+ FDs, 5+ UDs, Design for write quorum losses Deploy across 5+ FDs, 5+ UDs, Design for write quorum losses Other sources of data loss or “oops” Restore from backup Restore from backup
#GlobalAzure Monitoring and diagnostics
Cluster and Node state Is the cluster healthy? Are all the nodes up? Detect and diagnose hardware and infrastructure issues Application and Service state Upgrade status, number of services and replicas Detect software and app issues, reduce service downtime Resource Usage Do all the nodes need to be up? What is the average CPU usage? Understand resource consumption and drive better business decisions Performance Tracking Is there any unexpected latency? Are the services responsive? Optimize application, service, and infrastructure performance Custom Application Metrics Is your app being used in the way that you expected? Is solution effective? Generate business insights and improvements
#GlobalAzureDemo #5 Setting up monitoring and diagnostics at cluster creation Demo
alberto.diaz@encamina.com @adiazcan
http://azurebootcamp.es
Gab 2018 seguridad y escalado en azure service fabric

Empfohlen

Hacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitHacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profit
Jose Manuel Ortega Candel
 
Metasepi team meeting #8': Haskell apps on Android NDK
Metasepi team meeting #8': Haskell apps on Android NDKMetasepi team meeting #8': Haskell apps on Android NDK
Metasepi team meeting #8': Haskell apps on Android NDK
Kiwamu Okabe
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
MongoDB on Azure
MongoDB on AzureMongoDB on Azure
MongoDB on Azure
Norberto Leite
 
Gapand 2017 - Diseñando Arquitecturas Serverless en Azure
Gapand 2017 - Diseñando Arquitecturas Serverless en AzureGapand 2017 - Diseñando Arquitecturas Serverless en Azure
Gapand 2017 - Diseñando Arquitecturas Serverless en Azure
Alberto Diaz Martin
 
Windows Server 2016 y Azure
Windows Server 2016 y AzureWindows Server 2016 y Azure
Windows Server 2016 y Azure
Juan Fabian
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
Usama Wahab Khan Cloud, Data and AI
 
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
VISEO
 

Empfohlen

Hacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitHacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profit
Jose Manuel Ortega Candel
 
Metasepi team meeting #8': Haskell apps on Android NDK
Metasepi team meeting #8': Haskell apps on Android NDKMetasepi team meeting #8': Haskell apps on Android NDK
Metasepi team meeting #8': Haskell apps on Android NDK
Kiwamu Okabe
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
MongoDB on Azure
MongoDB on AzureMongoDB on Azure
MongoDB on Azure
Norberto Leite
 
Gapand 2017 - Diseñando Arquitecturas Serverless en Azure
Gapand 2017 - Diseñando Arquitecturas Serverless en AzureGapand 2017 - Diseñando Arquitecturas Serverless en Azure
Gapand 2017 - Diseñando Arquitecturas Serverless en Azure
Alberto Diaz Martin
 
Windows Server 2016 y Azure
Windows Server 2016 y AzureWindows Server 2016 y Azure
Windows Server 2016 y Azure
Juan Fabian
 
Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros Windows azure overview for SharePoint Pros
Windows azure overview for SharePoint Pros
Usama Wahab Khan Cloud, Data and AI
 
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
What’s new in Microsoft ALM 2013, hosted in Windows Azure, VISUAL STUDIO ONLI...
VISEO
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
DevOpsGroup
 
Cloud Native Applications on OpenShift
Cloud Native Applications on OpenShiftCloud Native Applications on OpenShift
Cloud Native Applications on OpenShift
Serhat Dirik
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
ITCamp
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
Trivadis
 
Introducing MongoDB Atlas
Introducing MongoDB AtlasIntroducing MongoDB Atlas
Introducing MongoDB Atlas
MongoDB
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti Serverless
Luciano Mammino
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
Dun & Bradstreet Cloud Innovation Center
 
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptxSH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
MongoDB
 
Futur de l'intégration - BizTalk Server
Futur de l'intégration - BizTalk ServerFutur de l'intégration - BizTalk Server
Futur de l'intégration - BizTalk Server
Michel HUBERT
 
MongoDB and Windows Azure
MongoDB and Windows AzureMongoDB and Windows Azure
MongoDB and Windows Azure
Doug Mahugh
 
Nano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas MaurerNano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas Maurer
ITCamp
 
Build Apps Using Dynamic Languages
Build Apps Using Dynamic LanguagesBuild Apps Using Dynamic Languages
Build Apps Using Dynamic Languages
Wes Yanaga
 
MongoDB and Windows Azure
MongoDB and Windows AzureMongoDB and Windows Azure
MongoDB and Windows Azure
MongoDB
 
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCPSimpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Daniel Zivkovic
 
CloudWatch hidden features for debugging serverless application
CloudWatch hidden features for debugging serverless applicationCloudWatch hidden features for debugging serverless application
CloudWatch hidden features for debugging serverless application
Marko (ServerlessLife)
 
Journey to cloud engineering
Journey to cloud engineeringJourney to cloud engineering
Journey to cloud engineering
Md. Sadhan Sarker
 
Aplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprAplicaciones distribuidas con Dapr
Aplicaciones distribuidas con Dapr
César Jesús Angulo Gasco
 
Cloudbursting VDI Scenarios (Tiberiu Radu)
Cloudbursting VDI Scenarios (Tiberiu Radu)Cloudbursting VDI Scenarios (Tiberiu Radu)
Cloudbursting VDI Scenarios (Tiberiu Radu)
ITCamp
 
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search APIMicrosoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Alberto Diaz Martin
 
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
Alberto Diaz Martin
 

Weitere ähnliche Inhalte

Ähnlich wie Gab 2018 seguridad y escalado en azure service fabric

Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti Serverless
Luciano Mammino
 
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptxSH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
MongoDB
 
MongoDB and Windows Azure
MongoDB and Windows AzureMongoDB and Windows Azure
MongoDB and Windows Azure
MongoDB
 
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCPSimpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Daniel Zivkovic
 

Ähnlich wie Gab 2018 seguridad y escalado en azure service fabric (20)

Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
 
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
WinOps meetup April 2016 DevOps lessons from Microsoft \\Build\
 
Cloud Native Applications on OpenShift
Cloud Native Applications on OpenShiftCloud Native Applications on OpenShift
Cloud Native Applications on OpenShift
 
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
Building and Managing your Virtual Datacenter using PowerShell DSC - Florin L...
 
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Introducing MongoDB Atlas
Introducing MongoDB AtlasIntroducing MongoDB Atlas
Introducing MongoDB Atlas
 
Semplificare l'observability per progetti Serverless
Semplificare l'observability per progetti ServerlessSemplificare l'observability per progetti Serverless
Semplificare l'observability per progetti Serverless
 
The Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian CockcroftThe Future of Cloud Innovation, featuring Adrian Cockcroft
The Future of Cloud Innovation, featuring Adrian Cockcroft
 
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptxSH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
SH 1 - SES 4 - Microservices - Andrew Morgan TLV.pptx
 
Futur de l'intégration - BizTalk Server
Futur de l'intégration - BizTalk ServerFutur de l'intégration - BizTalk Server
Futur de l'intégration - BizTalk Server
 
MongoDB and Windows Azure
MongoDB and Windows AzureMongoDB and Windows Azure
MongoDB and Windows Azure
 
Nano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas MaurerNano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas Maurer
 
Build Apps Using Dynamic Languages
Build Apps Using Dynamic LanguagesBuild Apps Using Dynamic Languages
Build Apps Using Dynamic Languages
 
MongoDB and Windows Azure
MongoDB and Windows AzureMongoDB and Windows Azure
MongoDB and Windows Azure
 
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCPSimpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
Simpler, faster, cheaper Enterprise Apps using only Spring Boot on GCP
 
CloudWatch hidden features for debugging serverless application
CloudWatch hidden features for debugging serverless applicationCloudWatch hidden features for debugging serverless application
CloudWatch hidden features for debugging serverless application
 
Journey to cloud engineering
Journey to cloud engineeringJourney to cloud engineering
Journey to cloud engineering
 
Aplicaciones distribuidas con Dapr
Aplicaciones distribuidas con DaprAplicaciones distribuidas con Dapr
Aplicaciones distribuidas con Dapr
 
Cloudbursting VDI Scenarios (Tiberiu Radu)
Cloudbursting VDI Scenarios (Tiberiu Radu)Cloudbursting VDI Scenarios (Tiberiu Radu)
Cloudbursting VDI Scenarios (Tiberiu Radu)
 

Mehr von Alberto Diaz Martin

Mehr von Alberto Diaz Martin (20)

Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search APIMicrosoft 365 Virtual 2020 Spain - Microsoft Graph Search API
Microsoft 365 Virtual 2020 Spain - Microsoft Graph Search API
 
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
DotNet Conf Valencia 2019 - Building cloud native apps with .NRT core 3.0 and...
 
GAB 2019 - Graph as a data store
GAB 2019 - Graph as a data storeGAB 2019 - Graph as a data store
GAB 2019 - Graph as a data store
 
DotNet Conf Madrid 2019 - Whats New in ML.NET
DotNet Conf Madrid 2019 - Whats New in ML.NETDotNet Conf Madrid 2019 - Whats New in ML.NET
DotNet Conf Madrid 2019 - Whats New in ML.NET
 
DotNet Conf Madrid 2019 - ASP.NET Core 3
DotNet Conf Madrid 2019 - ASP.NET Core 3DotNet Conf Madrid 2019 - ASP.NET Core 3
DotNet Conf Madrid 2019 - ASP.NET Core 3
 
SQL Saturday Madrid 2019 - Data model with Azure Cosmos DB
SQL Saturday Madrid 2019 - Data model with Azure Cosmos DBSQL Saturday Madrid 2019 - Data model with Azure Cosmos DB
SQL Saturday Madrid 2019 - Data model with Azure Cosmos DB
 
SharePoint Saturday Madrid 2019 - Productivity based on AI
SharePoint Saturday Madrid 2019 - Productivity based on AISharePoint Saturday Madrid 2019 - Productivity based on AI
SharePoint Saturday Madrid 2019 - Productivity based on AI
 
Dynamics Saturday Madrid 2019 - AI to improve productivity
Dynamics Saturday Madrid 2019 - AI to improve productivityDynamics Saturday Madrid 2019 - AI to improve productivity
Dynamics Saturday Madrid 2019 - AI to improve productivity
 
TenerifeDev - NLPs and how to develop for Alexa and Google Assistant
TenerifeDev - NLPs and how to develop for Alexa and Google AssistantTenerifeDev - NLPs and how to develop for Alexa and Google Assistant
TenerifeDev - NLPs and how to develop for Alexa and Google Assistant
 
NetCoreConf Barcelona 2019 - DotNet Assistants
NetCoreConf Barcelona 2019 - DotNet AssistantsNetCoreConf Barcelona 2019 - DotNet Assistants
NetCoreConf Barcelona 2019 - DotNet Assistants
 
Global Integration Bootcamp 2018 - Gobierno de APIs
Global Integration Bootcamp 2018 - Gobierno de APIsGlobal Integration Bootcamp 2018 - Gobierno de APIs
Global Integration Bootcamp 2018 - Gobierno de APIs
 
CrossDvlpu - REACT para desarrolladores de ASP.NET
CrossDvlpu - REACT para desarrolladores de ASP.NETCrossDvlpu - REACT para desarrolladores de ASP.NET
CrossDvlpu - REACT para desarrolladores de ASP.NET
 
Dynamics 365 Saturday Madrid 2018 - Otro ALM es posible para Dynamics 365
Dynamics 365 Saturday Madrid 2018 - Otro ALM es posible para Dynamics 365Dynamics 365 Saturday Madrid 2018 - Otro ALM es posible para Dynamics 365
Dynamics 365 Saturday Madrid 2018 - Otro ALM es posible para Dynamics 365
 
Azure4Research - Big Data Analytics con Hadoop, Spark y Power BI
Azure4Research - Big Data Analytics con Hadoop, Spark y Power BIAzure4Research - Big Data Analytics con Hadoop, Spark y Power BI
Azure4Research - Big Data Analytics con Hadoop, Spark y Power BI
 
ENCAMINA - El flash de Inteligencia Artificial
ENCAMINA - El flash de Inteligencia ArtificialENCAMINA - El flash de Inteligencia Artificial
ENCAMINA - El flash de Inteligencia Artificial
 
Ai & Data Analytics 2018 - Azure Databricks for data scientist
Ai & Data Analytics 2018 - Azure Databricks for data scientistAi & Data Analytics 2018 - Azure Databricks for data scientist
Ai & Data Analytics 2018 - Azure Databricks for data scientist
 
Global AI Bootcamp Madrid - Azure Databricks
Global AI Bootcamp Madrid - Azure DatabricksGlobal AI Bootcamp Madrid - Azure Databricks
Global AI Bootcamp Madrid - Azure Databricks
 
TenerifeDev - Intro to Microservices
TenerifeDev - Intro to MicroservicesTenerifeDev - Intro to Microservices
TenerifeDev - Intro to Microservices
 
TenerifeDev - Azure Service Fabric
TenerifeDev - Azure Service FabricTenerifeDev - Azure Service Fabric
TenerifeDev - Azure Service Fabric
 
Commit Conf 2018 - Extiende al asistente
Commit Conf 2018 - Extiende al asistenteCommit Conf 2018 - Extiende al asistente
Commit Conf 2018 - Extiende al asistente
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Gab 2018 seguridad y escalado en azure service fabric

  • 2.
  • 3. Alberto Diaz Martin alberto.diaz@encamina.com - @adiazcan Alberto Diaz cuenta con más de 15 años de experiencia en la Industria IT, todos ellos trabajando con tecnologías Microsoft. Actualmente, es Chief Technology Innovation Officer en ENCAMINA, liderando el desarrollo de software con tecnología Microsoft, y miembro del equipo de Dirección. Para la comunidad, trabaja como organizador y speaker de las conferencias más relevantes del mundo Microsoft en España, en las cuales es uno de los referentes en SharePoint, Office 365 y Azure. Autor de diversos libros y artículos en revistas profesionales y blogs, en 2013 empezó a formar parte del equipo de Dirección de CompartiMOSS, una revista digital sobre tecnologías Microsoft. Desde 2011 ha sido nombrado Microsoft MVP, reconocimiento que ha renovado por séptimo año consecutivo. Se define como un geek, amante de los smartphones y desarrollador. Fundador de TenerifeDev (www.tenerifedev.com), un grupo de usuarios de .NET en Tenerife, y coordinador de SUGES (Grupo de Usuarios de SharePoint de España, www.suges.es)
  • 4.
  • 6. Thumbnail Service Thumbnail ServicePhoto Share Service Photo Share Service Photo Share Service Photo Share Service Thumbnail Service Photo Share Service node.js Thumbnail Service .NET Photo Share Service V1 Thumbnail Service V1 Thumbnail Service V2
  • 7. Azure Other CloudsDev Box Azure Service Fabric Any OS, Any Cloud containers and microservices On-Premise Data Centers
  • 8. Azure Other CloudsOn-Premise Data CentersDev Box Azure Service Fabric Any OS, Any Cloud
  • 10. VM #1 Service Fabric Your code, etc. VM #2 Service Fabric Your code, etc. VM #3 Service Fabric Your code, etc. VM #4 Service Fabric Your code, etc. VM #5 Service Fabric Your code, etc. Your code, etc. (Port: 19080) Web Request Port: 80 Service Fabric cluster
  • 12.
  • 13. New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize $numNodes -VmPassword $pwd - CertificateSubjectName $subname -CertificatePassword $pwd -CertificateOutputFolder $pfxfolder
  • 14. #GlobalAzure Demo Create a secure cluster using PowerShell
  • 16.
  • 17.
  • 18. Service Fabric Cluster Key Vault AAD Security LB#3LB#2LB#1 NSG#1 NSG#2 NSG#2 VMSS* ##1 VM VM VM VMSS* #1 VM VM VM VMSS#1 VM VM VM For Diagnostics Azure Storage For SF logs For VHDs For VHDsManaged Disk For VHDs Service Fabric Cluster VNET LB#3LB#2LB#1 VMSS#1 VM VM VM VMSS#2 VM VM VM VMSS#3 VM VM VM NSG#1 NSG#2 NSG#3 Jump Server
  • 19. ClientConnectionEndpoint (TCP) 19000 HttpGatewayEndpoint (HTTP/TCP) 19080 SMB support for Image Store 445, 134 ClusterConnectionEndpointPort (TCP) 1025 LeaseDriverEndpointPort (TCP) 1026 Ephemeral Port range As needed, min 256 ports App ports As needed
  • 20. #GlobalAzure Demo Review of a cluster with NSG enabled on Portal
  • 22.
  • 23.
  • 24.
  • 25. FD1 FD2 FD3 FD4 FD5 • Number of FDs determines the headroom needed in case of unplanned failures • Examples include a PDU failing or TOR maintenance that can take out all machines in a rack • In terms of capacity – you need to leave enough headroom to accommodate failure of at least one FD • This will result in SF moving/creating new replicas on the available machines in other FDs PDU Burn out Replica
  • 26. FD1 FD2 FD3 FD4 FD5 • Number of Upgrade Domains determines the headroom needed in case of planned failures/downtimes • An example is when a Service Fabric upgrade going on, and a UD is down, you have to have room for additional replicas if need be Replica UD1 UD2 UD3 UD4 UD5 UD6 UD7 UD8 UD9 UD10 SF upgrade
  • 27. You should plan your capacity in such a way that your service can at least survive: • A loss of one FD • A UD being down because of an upgrade going on • A additional random node/VM failing FD1 FD2 FD3 FD4 FD5 UD1 UD2 UD3 UD4 UD5 UD6 UD7 UD8 UD9 UD10
  • 28.
  • 29. New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize 1 -VmPassword $pwd -CertificateSubjectName $subname -CertificatePassword $pwd -OS UbuntuServer1604 New-AzureRmServiceFabricCluster -ResourceGroupName $RGname -Location $clusterloc -ClusterSize 3 -VmPassword $pwd -CertificateSubjectName $subname -CertificatePassword $pwd -OS WindowsServer2016DatacenterwithContainers
  • 31. Add-AzureRmServiceFabricNode -ResourceGroupName $RGname -Name $clusterName -NodeType $nodeType -Number $addNumNodes Remove-AzureRmServiceFabricNode -ResourceGroupName $RGname - Name $clusterName -NodeType $nodeType -Number $addNumNodes
  • 32. Add-AzureRmServiceFabricNodetype -ResourceGroupName $RGname - Name $clusterName -NodeType $nodeType …… Remove-AzureRmServiceFabricNodeType -ResourceGroupName $RGname -Name $clusterName -NodeType $nodeType …..
  • 33. #GlobalAzure Scale out a cluster using the PowerShell Module Demo
  • 35. The Recovery Point Objective (RPO) determines the amount of data you can afford to lose in a disaster The Recovery Time Objective (RTO) is the maximum tolerable length of time that your service can be down after a disaster occurs
  • 36. Types of Disasters RPO and RTO = 0, Write latency acceptable RPO and RTO > 0 Data Center Outages Cross-regional SF cluster Stand up a new cluster, restore from backup Cluster down (Very low probability for cross- regional clusters) Stand up a new cluster, restore from backup Stand up a new cluster, restore from backup Machine / Node down Deploy across 5+ FDs, 5+ UDs, Design for write quorum losses Deploy across 5+ FDs, 5+ UDs, Design for write quorum losses Other sources of data loss or “oops” Restore from backup Restore from backup
  • 38. Cluster and Node state Is the cluster healthy? Are all the nodes up? Detect and diagnose hardware and infrastructure issues Application and Service state Upgrade status, number of services and replicas Detect software and app issues, reduce service downtime Resource Usage Do all the nodes need to be up? What is the average CPU usage? Understand resource consumption and drive better business decisions Performance Tracking Is there any unexpected latency? Are the services responsive? Optimize application, service, and infrastructure performance Custom Application Metrics Is your app being used in the way that you expected? Is solution effective? Generate business insights and improvements
  • 39.
  • 40.
  • 41. #GlobalAzureDemo #5 Setting up monitoring and diagnostics at cluster creation Demo
  • 42.

Hinweis der Redaktion

  1. 10
  2. Let us see this in action.
  3. Although we support the use of certs on standalone, we recommend that you use AD. For any production deployment, always use automated deployment. Use the tool of your choice, or Powershell scripts
  4. In azure, Use Certificates for client access only as a “break glass” scenario. For any production deployment, always use automated deployment. Use the tool of your choice, or powershell scripts
  5. ARM template used: https://github.com/Azure/azure-quickstart-templates/tree/master/service-fabric-secure-nsg-cluster-65-node-3-nodetype
  6. https://azure.microsoft.com/en-us/documentation/articles/service-fabric-cluster-capacity/
  7. In azure you do not get to choose the number of FDs. The VMSS instances are spread across 5 FDs.
  8. In azure you do not get to choose the number of UDs. The VMSS instances are spread across 5 UDs.
  9. The link above points to : https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-resource-manager-cluster-description#cluster-capacity
  10. Now let us shift our focus to the best practices for setting up clusters in Azure…
  11. This matrix represents suggested mitigations. The actual mitigation that you adopt depends on your applicaiton and Business continuity plans.
  12. When it comes to monitoring, think about monitoring not only your cluster, nodes and application. Think about how you an use it to monitor resource usage, application performance and effectiveness of your application. You will need to add custom application metrics to determine, if you service is truly doing what is supposed to do…
  13. https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-diagnostics-overview
  14. Make your E2E operational scenarios easier by using the Azure ServiceFabric RM module Adopt the best practices for planning, deploying and securing your clusters Write down a Business continuity plan, disasaters happen and it is best to be prepared for it Leverage all the out of the box monitoring and diagnostics capabilities.