This series focusing on cloud essentials for IT professionals includes:
One very important concept in cloud computing is the notion of fabric which represents an abstraction layer connecting resources to be dynamically allocated on demand. In Windows Azure, this concept is implemented as Fabric Controller (FC) which knows the what, where, when, why, and how of the resources in cloud. As far as a cloud application is concerned, FC is the cloud OS. We use Fabric Controller to shield us from the need to know all the complexities in inventorying, storing, connecting, deploying, configuring, initializing, running, monitoring, scaling, terminating, and releasing resources in cloud. So how does FC do it?
A key technology makes cloud computing a reality is virtualization. An apparent and production example is that Windows Azure abstracts hardware through virtualization and creates a virtual machine (VM) for each Role instance. Here, VMs and the underlying Hypervisor together offers multiple layers of isolations and virtualizing a computing resource further allows it to be moved to any number of physical hosts in a data center. The following schematic illustrates the implementation of Windows Azure computing model discussed in Part 3 of the series. Each instance of either a Web Role or a Worker Role is running in an individual VM. And depending on the configuration of an application, there can be multiple instances of a given Role.
A virtual machines is physically a virtual hard disk (VHD) file which has a number of advantages. For instance, not only it is easier to manage files compared with that of working with physical partitions, disks, and machines, but a VHD file can be maintained while offline, i.e. without the need to boot up the OS image installed in the VHD file. Virtual Machine Servicing Tool (VMST), is a such tool freely available from Microsoft. There have been many and active discussions on server virtualization, desktop virtualization, Application Virtualization (App-V), and Virtual Desktop Infrastructure (VDI). And many IT organizations have already started consolidating servers and introduced various forms of virtualization into their existing computing environments, as reported in many case studies.
Make no mistake nevertheless. Virtualization is not a destination, but a stepping stone for enterprise IT to transform from then a hardware-dependent and infrastructure-focused deployment vehicle into now and going forward a user-centric and cloud-friendly environment. Although virtualization is frequently motivated for cost saving, I believe the long-term and strategic business benefits are however resulted from deployment flexibility. Facing the many challenges and unknowns already in place and ahead brought by Internet, IT needs to make sure new investments are strategic, at the same time transform excising establishments into something flexible and agile. IT needs the ability to manage computing resources, both physical and virtualized, transparently and on a common management platform, while securely deploying applications to authorized users anytime, anywhere and on any devices. Fundamentally, virtualization provides abstractions for manageability and isolations for security to dynamically scale and secure instances of workloads. For enterprise IT, virtualization is imperative, a critical step towards building a cloud-friendly and cloud-ready environment. The takeaway is that virtualization should be in every enterprise IT’s roadmap, if not already. And a common management platform with the ability to manage physical and virtualized resources transparently is essential and should be put in place is as soon as possible.
The concept of fabric in Microsoft’s implementation in production exhibits itself in the so-called Fabric Controller or FC which is an internal subsystem of Windows Azure. FC, also a distribution point in cloud, inventories and stores images in repository, and:
For FC to control a deployed instance inside of a VM and carry out all the above tasks, there are Agents in place. The following schematic depicts the architecture.
When FC is building a node in data center, Fabric Agent (FA) is included in and automatically initialized in the root partition. FA exposes an API letting an instance interact with FC and is then used to manage Guest Agent (GA) running in a guest VM, i.e. child partition. The manageability is logically established with the ability for FC to monitor, interact, trust, and instruct FA which then manages GAs accordingly. Behind the scene, FC also makes itself highly available by replicating itself across groups of machines. In short, FC is the kernel of cloud OS and manages both servers and services in the data center.
This is another term getting overused and confusing. I am as guilty as anyone for using the term frequently without putting it in context. Not all AppFabrics are exactly the same after all. There are, as shown below, Windows Server AppFabric and Windows Azure AppFabric. The former is available as extensions to the Application Server role of Windows Server, while the latter provides cloud-based services to connect users and applications across the Internet. Both are part of Microsoft’s application infrastructure (or middleware) technologies.
Relevant to Windows Azure, many seem assuming Windows Azure AppFabric and FC are the same, similar, or related. This is incorrect, because they are not. Windows Azure AppFabric is a cloud middleware offering a common infrastructure to name, discover, expose, secure, and orchestrate web services on the Windows Azure platform. A number of services Windows Azure AppFabric includes:
The Service Bus service can traverse firewalls and NAT devices without forfeiting the security afforded by these devices to relay messages from clients through Windows Azure to software running on-premises. The Access Control offers a claims-based mechanism federated with Active Directory Federation Services (AD FS) 2.0 accessible by Windows Azure, other cloud, and on-premises applications. For those would like to know more technical details and develop cloud applications based on Windows Azure AppFabric, there are good references including: an overview whitepaper and An Introduction to Windows Azure AppFabric for Developers.
In an over simplified description, FC is the kernel of Windows Azure (a cloud OS) and manages the hardware and services in a data center, while Windows Azure AppFabric is a cloud middleware for developing applications. For IT pros, I consider a must-read overview article of Windows Azure is available elsewhere. And a nicely packaged content, Windows Azure Platform Training Kit, is also a great way to learn more more about the technology.
[To Part 1, 2, 3, 4, 5, 6]
The series focusing on cloud essentials for IT professionals includes:
In Part 2, I basically said cloud is to provide “Business as a Service” i.e. making a targeted business available on demand. In digital commerce, much of a business is enabled by IT. Therefore, cloud is to in essence deliver “IT as a Service” or IT available on demand, i.e. anytime, anywhere, on any device. This is what we want IT to become via cloud. Realize that “on-demand” in the context of cloud computing also implies a set of attributes as describer in Part 1 including: ubiquitous network access, resource pooling, pay per use, and so on.
Nonetheless, IT is not about implementing technologies which is a means and not the end. All the infrastructure, servers, desktops, SaaS/PaaS/IaaS, public cloud, private cloud, etc. is about one thing and one thing only. That is to provide authorized users “applications” so that with which transactions are made and businesses are carried out. Either in the cloud or on-premises, it is about applications. So, how is a cloud application different than a traditional one? If so, in what way as far as IT pros are concerned.
Traditional Computing Model
A typical 3-tier application includes front-end, middle-tier, and beck-end. For a web application, the front-end is a web site which presents an application. Middle-tier holds the business logic while connecting to a back-end where the data are stored. And along the data path, load balancers (LB) are put in place to optimize performance, as well clusters are constructed for high availability. This analytical model is well understood and modeled. And the 3-tier architecture represents a mainstream design pattern for applications recently developed prior to the emerging cloud era. The concept is illustrated below and some may find there are some similarities to the idea applicable to architecting a cloud application.
Cloud Computing Model
Microsoft Windows Azure abstracts hardware through virtualization and provides on-demand, cloud-based computing, where the cloud is a set of interconnected computing resources located in one of more of data centers. Generally speaking, like a 3-tier design there are 3 key architectural components of a cloud application based on Windows Azure: Compute, Storage, and Fabric Controller, as shown below. In this model, Compute is the ability to execute code, i.e. run applications. Storage is where the data resides. In Windows Azure, Compute and Storage are defined with Roles, and offered as system services. A Role has configuration files to specify how a component may run in the execution environment. While Fabric Controller is a subsystem which monitors and makes decisions on what, when, and where to run and optimize a cloud application. I will talk more about Fabric Controller in Part 4 of this series, meanwhile here let’s examine more on Compute and Storage components.
Specifically, in Compute service, there are Web Role, Worker Role, and VM Role. Web Role implemented with IIS running in a virtual machine.is to accept HTTP and HTTPS requests from public endpoints. And in Windows Azure, all public endpoints are automatically load balanced. Worker Role on the other hand does not employ IIS, is an executable for computation and data management, and functions like a background job to accept requests and perform tasks. For example, Worker Role can be used to install a user specified web server or hosting a database as needed.
Roles communicate by passing messages through queues or sockets. The number of instances of an employed Role is determined by an application's configuration and each Role is assigned by Windows Azure to a unique Windows Server virtual machine instance. An employment of Windows Azure computing model for a real-life shopping list application is shown below. The actual development process and considerations are certainly much more, as discussed elsewhere.
On the other hand, VM Role is a virtual machine. A developer can employ VM Role (namely upload an OS image in VHD) to run Windows services, schedule tasks, and customize the run time environment of a Windows Azure application. This VHD is created using an on-premises Windows Server machine, then uploaded to Windows Azure. Once it’s stored in the cloud, the VHD can be loaded on demand into a VM role and executed. Customers can and need to configure and maintain the OS in the VM role. The following outlines the methodology.
Do keep in mind that VM Role is however stateless. Specifically, VM Role is designed to facilitate deploying a Windows Azure application which may require a long, fragile, or non-scriptable (i.e. can-not-be-automated) installation.This role is especially suited for migrating existing on-premises applications to run as hosted services in Windows Azure. There are an overview and step-by-step instructions readily available detailing how to successfully deploy Windows Azure VM Role.
The other component in a cloud application is Windows Azure Storage services with five types of storage including:
And within a Compute node, there are two types:
There are tools to facilitate managing Storage instances. A graphical UI like Azure Storage Explorer can make managing and viewing stored data a productive experience. Notice the above mentioned storage types are however not relational databases which many applications are nowadays built upon. SQL Azure, part of Windows Azure platform, is SQL in the cloud. And for DBAs, either Microsoft SQL server on the ground or SQL Azure in the cloud, you manage it very much the same way.
A example of using Windows Azure storage is presented with the following schematic. This is a hosted digital asset management web application. It uses a Worker Role as the background processor to generate and place images into and later retrieve by Web Role as the front-end from the store implemented with Windows Azure BLOB services.
In summary, much of our architectural concepts of a traditional on-premises 3-tier application is applicable to designing cloud applications using Windows Azure’s computing model. Namely, employ Web Role as front-end to accepting HTTP/HTTPS requests, while Worker Role to perform specific tasks like traditional asp.net services. There are various types of storage Windows Azure provides. There is also SQL Azure, Microsoft SQL Server in the cloud, making it convenient to migrate existing data or integrate on-premises databases with those in the cloud.
In Part 1, I talked about what “service” in the context of cloud computing means. Cloud is all about delivering services, i.e. making resources available on demand based on needs, paid by use, and.with the characteristics of ubiquitous network access, resource pooling, etc. Still we need to clearly define what cloud is. Without a common definition for a subject as broad as cloud computing it is hard to navigate through the overwhelming business and technical complexities. So here’s the six million question.
What Is Cloud
It is important to understand that there are services delivery models and deployment models. And both are needed to fully describe what cloud is. There are 3 ways to deliver services via cloud.
or SaaS is a model where an application is available on demand. It is the most common form of cloud computing delivered today. Microsoft Office 365 including: Exchange Online, SharePoint Online, Lync Online and the latest version of Microsoft Office Professional Plus suite is an SaaS offering to businesses.
or PaaS is a platform available on demand for development, testing, deployment and on-going maintenance of applications without the cost of buying the underlying infrastructure and software environments. Windows Azure Platform is a cloud-computing platform on which Microsoft’s internal IT (MSIT) organization has quickly built and deployed the Social eXperience Platform (SXP) to enable social media capabilities across Microsoft.com as documented.
On deployment, there are two base models. Public cloud is cloud computing made available through Internet to the general public or targeted users and is owned by an organization offering cloud services. An example is Microsoft Windows Live as free public cloud offerings for consumers, and Microsoft Online: Office 365 for businesses. Private cloud, on the other hand, is cloud available solely for an organization regardless if the cloud capabilities are managed by the organization or a third party and exists on premise or off premise. Based on the two models, some derive additional models like hybrid cloud, community cloud, etc. to highlight the implementation or intended audiences. For private cloud, two service delivery models: PaaS and IaaS are applicable since in a private setting, one can not deliver SaaS without having PaaS in place. Noticeis a solution for building private cloud. Hyper-V Cloud is a set of initiatives, guidelines, and offerings to help emperies deliver IaaS in a managed environment. Also the above mentioned delivery models are significant since once a model is selected to fulfill business objectives, responsibilities are implicitly agreed upon and accepted by the party hosting the cloud facility and the other subscribing the services.
Separation of Responsibilities
An important attribute of Cloud Computing is the separation of a subscriber’s responsibilities from those of a service provider’s. And by subscribing a particular service delivery model, a subscriber in essence agrees to relinquish certain level of access to and control over resources managed by the service provider. As I have discussed in Cloud Computing Primer for IT Pros, we must recognize and be pre-occupied with the limitations of each service delivery model when assessing Cloud. When a particular function or capability like security, traceability, or accountability is needed yet not provided with an intended delivery model, a subscriber needs to either negotiate with the service provider and put specifics in a service level agreement, or employ a different delivery model such that a desired function becomes available. Lack of understanding of the separation of responsibilities in my view frequently results in false expectations of what Cloud Computing can or cannot deliver.
Cloud computing, or simply cloud, is changing how IT delivers services and how a user can access computing resources at work, from home, and on the go. Cloud enables IT to respond to business opportunities with on-demand deliveries that are cost-effective and agile in the long run. Much happening in enterprise IT now is a journey to transform existing IT establishment into a cloud-friendly, cloud-ready, cloud-enabled environment. To start off, there are key concepts we, as IT pros, must grasp to fully appreciate the transformation that is going on and forward.
What Is Service
In the context of IT, “service” is a term frequently used to describe a form of delivery or availability. In a Windows machine, for example, core services to authenticate users and process commands automatically start and run behind the scene to provide essential functions for running a desktop session. In the context of cloud computing, I simply explain a service as something delivered “on demand.” Namely, a computing resource delivered as a “service” is available on demand to an authorized user. Specifically in cloud computing, “on-demand” also carries additional connotations.
On-demand in the context of cloud computing suggests that how a resource is made available is transparent and not a concern of a subscriber. It implies computing capacities can be adjusted dynamically according to demands. In other words, a subscriber can increase the capacities as needed and decrease them when no longer required. On-demand also means there is a business model in place to support “pay as you go” and “pay according to how much you have consumed.” In a production environment, there may be administrative as well operational constraints on how much and how fast a subscriber can change the resource allocations. This can and should be negotiated and stated in a service level agreement between a subscriber and a service provider. Conceptually, a service delivered through cloud is a set of computing resources available, scalable, and consumable based upon demands. On-demand essentially conveys the characteristics of Cloud.
Characteristics of Cloud Computing
Cloud similar to many IT terms like: database, networking, security, collaboration, portal, workspace, etc. is something that too often means different things to different people. Accessing your company’s application via Internet, is that Cloud Computing? Employing VPN to authenticate into your private network, is that Private Cloud? Is remote access considered some form of Cloud Computing? These questions may seem trivial, yet they are fundamental to preclude ambiguity, uncertainty, and uneasiness when we are facing changes and transitioning from an infrastructure-focused deployment to a service-centric, i.e. Cloud, deliveries. For technical professionals, Cloud may mean: utility computing, high speed grids, virtualization, automatic configuration and deployment, on-demand and remote processing, and combinations of them. For non-technical users, Cloud is simply the Internet, a cable form a service provider, or just something out there networked with my computer. Either public, private, or in between, the conventional wisdom, as published in The NIST Definition of Cloud Computing, assumes noticeable characteristic regarding how computing resources are made available in Cloud including:
And realize that based upon a delivery model, these characteristics apply to different user experience. For instance, on-demand self-service may imply the ability to: acquire an account and create a user profile as in SaaS, code and publish an application in PaaS, or configure and deploy a virtual machine in IaaS. This may not as apparent without a clear understanding on how services are deployed and delivered in cloud.
YES, the wait is over. SBS 2011 (which is based on Windows Server 2008 R2 technologies) has been released to manufacturing today. And around mid-January, trial will be available for download at the SBS web site. Here’s some additional information:
For all the IT pros out there, this is a great reference to keep. I have downloaded, installed in all my machines, and made it readily available for me either in office or on the road.
Although mainly developer-focused, this nicely packaged content explains Microsoft’s Platform as a Service (PaaS) solution well with labs, samples, presentations, videos, and demos. And there are core scenarios that IT pros should be familiar with in developing and deploying cloud applications to successfully assess the pros and cons of running on-premises IT and in cloud. Make no mistake about it. Cloud is here. And in my view understanding Windows Azure and services is not just about learning a different technology. It is about staying in the game and taking advantage of the opportunity, or becoming obsolete sooner than expected and worrying about losing job. The more you ramp up your skill set with cloud, the clearer and bluer sky you will get. That is what has been happening to me.
On December 2, 2010, Microsoft’s announced its cloud infrastructure (data centers) has received Federal Information Security Management Act of 2002 (FISMA) Authorization to Operate (ATO). This ATO was issued to Microsoft’s Global Foundation Services organization which provides a trustworthy foundation for the company's cloud services, including Exchange Online and SharePoint Online, which are currently in the FISMA certification and accreditation process. This ATO represents the government’s reliance on Microsoft’s security processes in compliance with