Windows Azure – What is it?
Azure is Microsoft’s public cloud offering with a wide variety of services available to consume. I’ve not really looked at Azure in the past as not being a developer by trade (and not working for an organisation that developed its own software) there was very little that caught my attention – until now.
With the release of Infrastructure Services (Iaas) Microsoft has squared up to Amazon and basically said “bring it on!” I’ve been waiting for these services to become available for some time and they’ve not disappointed me. The two main things that they offer are:
- Virtual Networks – create a Virtual Private Network (VPN) tunnel to your office/data centre from Azure
- Virtual Machines – there are several Microsoft operating systems, and non-Microsoft operating systems that you can run (mostly what runs on a local Hyper-V server, but not all)
As I understand it the Azure Virtual Machines (VMs) run on a modified version of Microsoft’s Hyper-V server designed specifically for Azure. This means you can move a Hyper-V based VM to the Azure IaaS platform with very little effort (especially if you’re running System Center 2012 AppController). There are a few caveats but they are quite straight forward to understand (apart from one – guess which one):
- Fixed size Virtual Hard Disk (VHD) files only (at the moment the VHDX – the new Windows Server 2012 VHD file format is not supported). If it’s a VHD that contains Operating System files there is a hard limit of 127GB otherwise it’s 1TB.
- VMs only have 1 virtual network card (IP addresses are DHCP leased to VMs for 150 years – not a typo! Do not mess with the IP address of your VM or it will become totally inaccessible if you do, the exception is changing DNS settings, just BE CAREFUL)
- LICENCING! You need licence mobility if you’re moving your own VMs with server software to Azure (FAQ). Check the latest Product Use Rights (PUR) document. Exchange is not covered – Microsoft’s answer – use Office 365
For me this is great – I’ve created a VPN from an unsupported device (shh! Don’t tell support) to the Europe North (Ireland) data centre. Before anyone criticises the European naming of the Azure data centres – blame the UN’s classification. Apparently Ireland is in Northern Europe and the Netherlands is in Western Europe… OK… Right… Someone should buy the UN an atlas.
So I’ve extended my data centre into Azure now giving me unlimited power – as long as the credit limit on my boss’ credit card is high enough! So what do I want to do with it?
I’m going to move some of what I’ve got in my perimeter network to Azure. There’s nothing stopping me from controlling what goes through the VPN via my firewall, and the Windows host firewall on the VMs, so it’s just as secure as most in house deployments (just need to get the pesky compliance guys to agree).
It is possible to open endpoints into VMs on Azure so publishing applications – for example port 80/443 for http/https applications, port 21 for FTP, etc. It is possible to open any port with the exception of ICMP traffic (basically pings) – ICMP internally within Azure and across a VPN is fine but anything external either incoming or outgoing is blocked by the Azure firewall.
There are some crucial things to understand about endpoints especially in load balanced applications. Load balancing is done by the Azure load balancer not anything you’ve got internally unless you do some massively complex setup and it probably won’t be supported. The Azure load balancer is not a hardware product; it’s a software load balancer that does things slightly different to traditional load balancers. If you have 2 servers in a load balanced configuration you cannot guarantee that requests will go Server 1, Server 2, Server 1, Server 2, etc. It may well go Server 2, Server 1, Server 2, Server 1, Server 1, Server 1. There is method in there – somewhere!
There’s lots of information on the internet saying it uses round-robin but on my VMs it didn’t and on everyone else’s VMs in Steve Plank’s Windows Azure Camp for the IT Pro it didn’t!
You could, for example, run any software on a Windows Azure VM that you could run on a normal Hyper-V VM guest. SharePoint farm anyone (there’s a template for that)? SQL Server Always-On cluster (there’s a template for that)? Some other random LAMP based application? Just remember to check the licencing! If you run Microsoft operating systems you’ll be able to obtain support from the Azure support team (provided you’ve paid for support – not sure how that works with Software Assurance customers and their “free” incidents) however if you’re running a Linux VM don’t bother calling support. It’s not MS they won’t support it – why would they?
I think the biggest application of Azure IaaS, for me, will be proof-of-concepts. The ability to extend my network and spin up a proof of concept, test it, demo it – all without impacting my production Hyper-V cluster will be invaluable to me. With all the template VMs available in Azure it is quite easy to get concepts going in hours rather than days! The best thing is not to having to worry about the underlying hardware resource (and someone else has done most of the hard work with the SQL installer).
So what’s next on Azure?
Obviously there is no public road map for Azure but there are several features in preview (this doesn’t guarantee they’ll make it to production):
- Point to site vpn – think traditional end user VPN connections from laptops/desktops etc.
- Websites – there are wide variety templates available, for example Word Press, Drupal, MODX
- Mobile Services – backend database for mobile apps
- HDInsight – Hadoop Big Data on Apache
- Backup – native Windows backup to Azure and integration with System Center Data Protection Manager (one feature I am very much looking forward to)
- Hyper-V Recovery Manager – protection for your System Center Virtual Machine Manager private clouds – essentially coordinates hyper-v replicas for you in a more complex fashion
Azure has been around for quite a while now, starting life as a Platform as a Service infrastructure slowly, if somewhat reluctantly, moving into Infrastructure as a Service. It’s going to become extremely important for Microsoft in the near future as it strives to take back ground from Amazon on the IaaS side. It will take time for the new services to mature but once they do (and the pricing drops – I hope) it may well, one-day, completely replace the on-premise data centre just as Microsoft’s Software as a Service offerings, Office 365 in particular, are starting to replace traditional on-premise deployments.