Monday, January 3, 2011

Taking a Fresh Look at Windows Azure

In this post I'll take you through an updated tour of the Windows Azure platform. It's 2011, and the Windows Azure platform is coming up on the first anniversary of its commercial release. Much has been added in the last year, especially with the end-of-year 1.3 update. This will give you a good overview of what's in the platform now. Note, a few of these services are still awaiting release. This is an excerpt from my upcoming book, The Azure Handbook.

WINDOWS AZURE: CORE SERVICES

The Windows Azure area of the platform includes many core services you will use nearly every time you make use of the cloud, such as application hosting and basic storage. Currently, Windows Azure provides these services:

• Compute Service: application hosting
• Storage Service: non-database storage
• CDN Service: content delivery network
• Windows Azure Connect: virtual network
• DataMarket: marketplace for buying or selling reference data

Windows Azure Compute Service

The Compute service allows you to host your applications in a cloud data center, providing virtual machines on which to execute and a controlled, managed environment. Windows Azure Compute is different from all of the other platform services: your application doesn’t merely consume the service, it runs in the service.



The most common type of applications to host in the cloud are Internet-oriented, such as web sites and web services, but it’s possible to host other kinds of applications such as batch processes. You choose the size of virtual machine and the number of instances, which can be freely changed.

Here’s an example of how you might use the Windows Azure Compute Service. Let’s say you have a public-facing ASP.NET web site that you currently host in your enterprise’s perimeter network (DMZ). You determine that moving the application to the Windows Azure platform has some desirable benefits such as reduced cost. You update your application code to be compatible with the Windows Azure Compute Service, requiring only minor changes. You initially update and test the solution locally using the Windows Azure Simulation Environment. When you are ready for formal testing, you deploy the solution to a staging area of the Windows Azure data center nearest you. When you are satisfied the application is ready, you promote it to a production area of the data center and take it live.

Windows Azure Storage Service

The Storage service provides you with persistent non-database storage. This storage is external to your farm of VM instances (which can come and go). Data you store is safely stored with triple redundancy, and synchronization and failover are completely automatic and not visible to you.



Windows Azure Storage provides you with 3 kinds of storage: blobs, queues, and tables. Each of these has an enterprise counterpart: blobs are similar to files, queues are similar to enterprise queues, and tables are similar to database tables but lack relational database features. In each case however there are important differences to be aware of. All 3 types of storage can scale to a huge level; for example a blob can be as large as a 1 terabyte in size and a table can hold billions of records.


Windows Azure Storage Types
Storage TypeDescriptionExample use
Blob StorageSimilar to file storageStore images for your web site
Queue StorageSimilar to enterprise queuesStore orders in need of fulfillment
Table StorageSimilar to database tablesStore contact records


Blobs can be made accessible as Internet URLs which makes it possible for them to be referenced by web sites or Silverlight applications. This is useful for dynamic content such as images, video, and downloadable files. This use of blobs can be augmented with the Windows Azure CDN service for global high-performance caching based on user locale.

Here’s an example of how you might use the Windows Azure Storage service. You have a cloud-hosted web site that needs to serve up images of real estate properties. You principally keep property information in a database but put property images in Windows Azure blob storage. Your web pages reference the images from blob storage.

Windows Azure CDN Service

The Content Delivery Network (CDN) Service provides high performance distri-bution of content through a global network of edge servers and caching. The CDN currently has about 24 edge servers worldwide currently and is being regularly expanded.



A scenario for which you might consider using the CDN is a web site that serves up images, audio, or video that is accessed across a large geography. For example, a hotel chain web site could use the CDN for images and videos of its properties and amenities.

As of this writing, the CDN service currently serves up blob storage only but additional capabilities are on the way. At the PDC 2010 conference, Microsoft announced new CDN features planned for 2011 including dynamic content caching, secure SSL/TLS channels, and expansion of the edge server network. Dynamic content caching in particular is of interest because it will allow your application to create content on the fly that can be distributed through the CDN, a feature found in many other CDN services.

Windows Azure Connect

Windows Azure Connect provides virtual networking capability, allowing you to link your cloud and on-premise IT assets with VPN technology. You can also join your virtual machines in the cloud to your domain, making them subject to its policies. Many scenarios that might otherwise be a poor fit for cloud computing become feasible with virtual networking.



Here’s an example of how you might use Windows Azure Connect. Suppose you have a web application that you want to host in the cloud, but the application depends on a database server you cannot move off-premise. Using Windows Azure Connect, the web site in the cloud can still access the database server on-premise, without compromising security.

This service is not yet released commercially but is available for technical preview.

Windows Azure Marketplace DataMarket

The Windows Azure Marketplace is an online marketplace where you can find (or advertise) partners, solutions, and data. In the case of data, the marketplace is also a platform service you can access called DataMarket. You can explore DataMarket interactively at http://datamarket.azure.com.

The DataMarket service allows you to subscribe to reference data. The cost of this data varies and some data is free of charge. There are open-ended subscriptions and subscriptions limited to a certain number of transactions. You can also sell your own reference data through the DataMarket service. You are in control of the data, pricing, and terms.



The data you subscribe to is accessed in a standard way using OData, a standard based on AtomPub, HTTP, and JSON. Because the data is standardized, it is easy to mash up and feed to visualization programs.

Here’s an example of how you might use the DataMarket service. Suppose you generate marketing campaign materials on a regular basis and wish to customize the content for a neighborhood’s predominant income level and language. You subscribe to demographic data from the DataMarket service that lets you retrieve this information based on postal code.

SQL AZURE: RELATIONAL DATA SERVICES

The SQL Azure area of the platform includes services for working with relational data. Currently, SQL Azure provides these services:

• SQL Azure Database: relational database
• SQL Azure Reporting: database reporting
• SQL Azure Data Sync: database synchronization
• SQL Azure OData Service: data access service

SQL Azure Database

The SQL Azure Database provides core database functionality. SQL Azure is very similar to SQL Server to work with and leverages the same skills, tools, and pro-gramming model, including SQL Server Management Studio, T-SQL, and stored procedures.



With SQL Azure, physical management is taken care of for you: you don’t have to configure and manage a cluster of database servers, and your data is protected through replicated copies.

Here’s an example of how you might use SQL Azure Database. You have a locally-hosted web site and SQL Server database and conclude it makes better sense in the cloud. You convert the web site to a Windows Azure Compute service and the database to a SQL Azure database. Now both the application and its database are in the cloud side-by-side.

SQL Azure Reporting

SQL Azure Reporting provides reporting services for SQL Azure databases in the same way that SQL Server Reporting Services does for SQL Server databases. Like SSRS, you create reports in Business Intelligence Development Studio and they can be visualized in web pages.



Here’s an example of how you might use SQL Azure Reporting. You’ve tradition-ally been using SQL Server databases and SQL Server Reporting Services but are now starting to also use SQL Azure databases in the cloud. For reporting against your SQL Azure databases, the SQL Azure Reporting service is the logical choice.

This service is not yet released commercially but is available for technical preview.

SQL Azure Data Sync Service

The SQL Azure Data Sync service synchronizes databases, bi-directionally. One use for this service is to synchronize between an on-premise SQL Server database and an in-cloud SQL Azure database. Another use is to keep multiple SQL Azure databases in sync, even if they are in different data center locations.



Here’s an example of how you might use the SQL Azure Data Sync service. You need to create a data warehouse that consolidates information that is sourced from multiple SQL Server databases belonging to multiple branch offices. You decide SQL Azure is a good neutral place to put the data warehouse. Using SQL Azure Data Sync you keep the data warehouse in sync with its source databases.

This service is not yet released commercially but is available for technical preview.

SQL Azure OData Service

The SQL Azure OData service is a data access service: it allows applications to query and update SQL Azure databases. You can use the OData service instead of developing and hosting your own web service for data access.

OData is an emerging protocol that allows both querying and updating of data over the web; it is highly interoperable because it is based on the HTTP, REST, AtomPub, and JSON standards. OData can be easily consumed by web sites, desktop applications, and mobile devices.



Here’s an example of how you might use the SQL Azure OData service. Let’s say you have data in a SQL Azure database that you wish to access from both a web site and a mobile device. You consider that you could create and host a custom web service in the cloud for data access but realize you can avoid that work by using the SQL Azure OData service instead.

This service is not yet released commercially but is available for technical preview.

WINDOWS AZURE APPFABRIC: ENTERPRISE SERVICES

The AppFabric area of the platform includes services that facilitate enterprise-grade performance caching, communication, and federated security. Currently, AppFabric provides these services:

• AppFabric Cache Service: distributed memory cache
• AppFabric Service Bus: publish-subscribe communication
• AppFabric Access Control Service: federated security

AppFabric Cache Service

The Cache service is a distributed memory cache. Using it, applications can improve performance by keeping session state or application data in memory. This service is a cloud analogue to Windows Server AppFabric Caching for the enterprise (code-named Velocity) and has the same programming model.



Here’s an example of using the AppFabric Cache service. An online store must retrieve product information as it is used by customers, but in practice some products are more popular than others. Using the Cache service to keep frequently-accessed products in memory improves performance significantly.

This service is not yet released commercially but is available for technical preview.

AppFabric Service Bus

The Service Bus uses the cloud as a relay for communication, supporting publish-subscribe conversations that can have multiple senders and receivers. Uses for the service bus range from general communication between programs to connecting up software components that normally have no way of reaching each other. The Service Bus supports traditional client-server style communication as well as multicasting.

The Service Bus is adept at traversing firewalls, NATs, and proxies which makes it particularly useful for business-to-business scenarios. All communication looks like outgoing port 80 browser traffic so IT departments don’t need to perform any special configuration such as opening up a port; it just works. The Service Bus can be secured with the AppFabric Access Control Service.



Here’s an example of how you might use the Service Bus. You and your supply chain partners want to share information about forecasted and actual production activity with each other. Using the Service Bus, each party can publish event notification messages to all of the other parties.

Access Control Service

The Access Control Service is a federated security service. It allows you to support a diverse and expanding number of identity schemes without having to implement them individually in your code. For example, your web site could allow users to sign in with their preferred Google, Yahoo!, Facebook, or Live ID identities. The ACS also supports domain security through federated identity servers such as ADFS, allowing cloud-hosted applications to authenticate enterprise users.



The ACS uses claims-based security and supports modern security protocols and artifacts such as SAML and SWT. Windows applications typically use Windows Identity Foundation to interact with the ACS. The ACS decouples your application code from the implementation of a particular identity system. Instead, your application just talks to the ACS and the ACS in turn talks to one or more identity providers. This approach allows you to change or expand identify providers without having to change your application code. You use rules to normalize the claims from different identity providers into one scheme your application expects.

Here’s an example of how you might use the ACS. Your manufacturing company has corporate clients across the country who need to interact with your online ordering, support, and repair systems—but you don’t want the burden of administering each of their employees as users. With the ACS, each client can authenticate using their preferred, existing identity scheme. One customer authenticates with their Active Directory, another uses IBM Tivoli, another uses Yahoo! identities. Claims from these identity providers are normalized into one scheme which is all your applications have to support.

As you can see, the Windows Azure platform has come a long way in a short time--and there's plenty more innovation ahead.

No comments: