1.09k likes | 1.12k Views
Cloud Computing. Introduction to Microsoft Azure Matti Juutilainen Mikpoli , MB311 Matti.Juutilainen@xamk.fi. Evolution of Computing. The Beginning of Computing. In the beginning was the expensive mainframe and dummy terminals
E N D
Cloud Computing Introduction to Microsoft Azure MattiJuutilainen Mikpoli, MB311 Matti.Juutilainen@xamk.fi
TheBeginning of Computing • In the beginning was the expensive mainframe and dummy terminals • Mainframes were complex to operate and maintain, and required a special environment (data center) • Users did individual work by connecting to central computer that was shared between the users
Personal Computers • Next camethepersonalcomputers(PCs) • Users did individual work on their own desktops • Then the stand-alone PCs became powerful enough to meet the majority of users’ needs • Thentheyweretaken into useeverywhere
Network • ThencametheInternet & the Web • Local networks were connected to other local networks forming the Internet • Users could to utilize remote applications and resources
What is the Cloud? “I can’t think of anything that isn’t cloud computing with all of these announcements. ... Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop?” –Larry Ellison, chairman, Oracle
Cloud Computing, loosely speaking • As the Internet gets faster and faster, the gap between what’s run on your computer and what’s run on the servers keeps shrinking. • Then, somebody said “why don’t I just use other people’s servers instead?” • Service providers keep all computing resources in centralized datacenters, and provide them as a service to whoever needs it. • This “computing as a service” model can be beneficial. • It’s like a form of electricity • Nobody (well, almost nobody) owns the power grid. • You only pay for what you use. • Now you know “The Cloud”
Cloud Computing, technically speaking • In short: “The provision of computing resources that are delivered as a service over a network” • The National Institute of Standards and Technology's (NIST) definition identifies "five essential characteristics" • On-demand self-service (automatic resource provisioning) • Broad network access (service available over the network) • Resource pooling (multi-tenant model) • Rapid elasticity (quick/automatic scaling of resources) • Measured service (automatic controlling and optimizing resource use)
Things People Say The cloud is just somebody else’s computer! • Well, that only applies to public cloud. • Read our previous definition • Nowhere does it mention who owns the cloud. • You can create and use your own cloud environment. How would you describe it, then? • The cloud is some computers, and you don't know/care • Whereit is, • Howit works, or • Whatit looks like.
(Cloud) Data Center • To work efficiently, a cloud requires huge amount of computing resources (=a large data center) • The idea is that the data center is full of identical hardware that no-one ever touches except to unpack it on day one and throw it away when it fails • In between, every deployment, update, investigation, and management process is automated • The unit of compute and storage in cloud isn't a server or even a cluster; it's a stamp, because you 'stamp' them out as a large bunch of identical units • Deploy the same setup to 100,000 servers and if one of them doesn't work, you throw it away (or the management system just marks it as do-not-use)
Huge Data Centers Are Complex and Expensive • Long lead time to build • Inflexible investment of capital • Need specialized skills (security, automation, failover, load balancing, metering, monitoring, managing, etc.) • Outcome: • Takes time away from core competencies (of most companies) • Hard for all but the largest companies to own/run (requires lots of money and expertise)
Solution: Outsourcethe Data Center • Allows economies of scale • Because of scale, can afford specialized skills and hardware • Developers can concentrate on their core competencies that give them market advantage • Shorter lead times, lower capital requirements • Computing power becomes a commodity, as did electric power in early 20th century • In early 1900s, factories had private generators
Economies of scaleallowsmassivesavings for thecloudproviders • Millions of users doing exactly the same well-defined workload • The profile of the workload is measurable and predictable simply by numbers of users • Bulk/customized hardware in large quantities • Only necessary parts of the service/software is loaded • The service/software itself is written from scratch in a cloud-optimized way • Difficult/impossible to dothesamethingslocallywiththesamecost
Weeks Days Mins Secs Improving IT Responsiveness Problem Solved: Dynamic Resource Allocation IT Responsiveness Planned Workload Change No Virtualization Data Center Virtualization Static Service Orchestration Dynamic Service Orchestration
CloudAutomationReduces the Infrastructure Provisioning Time & Cost
Cloud Service Models You manage Private (On-Premise) Infrastructure (as a Service) Platform (as a Service) Software (as a Service) You manage Applications Applications Applications Applications Runtimes Runtimes Runtimes Runtimes Managed by vendor Managed by vendor Security & Integration Security & Integration Security & Integration Security & Integration You manage Databases Databases Databases Databases Managed by vendor Servers Servers Servers Servers Virtualization Virtualization Virtualization Virtualization Server HW Server HW Server HW Server HW Storage Storage Storage Storage Networking Networking Networking Networking
Cloud Service Models ”CONSUME” ”BUILD ON IT” ”MIGRATE ON IT”
Cloud Service Models: Infrastructure as a Service (IaaS) • Offers the servers(=virtual machines) as the service • Allows renting hardware resources (like CPU cycles, memory amount, network bandwidth, storage space) • Resources can be dynamically scaled up and down based on the needs • Typically the servers come with a ready-deployed operating system • Typically billed based on a utility computing basis (how much resources are consumed) • The vendor manages the server hardware, storage, networking, and virtualization • The customers can use remote connection to manage everything else • When to use IaaS? • You’re migrating a local server’s workload. • You’re ready to manage an operating system. Infrastructure (as a Service) You manage Applications Runtimes Security & Integration Managed by vendor Databases Servers Virtualization Server HW Storage Networking
Cloud Service Models: Platform as a Service (PaaS) • Offers a ready-configured platform for developing services • In addition to IaaS, typically includes also operating system, web server, databases, development tools and APIs • Instead of using time for installing and configuring the platform, customers can directly start developing the services • Typical PaaS services include for example • application design, development, testing, deployment and hosting • team collaboration • web service integration, database integration • Downfall is lack of interoperability and portability among the various PaaS providers • Examples of PaaSplatformsincludeAppHarbor, DotCloud, Engine Yard, Google App Engine, IBM SmartCloud, Jelastic, LongJump, Microsoft Azure, OpenStack, RedHat OpenShift, Rolebase, Force.com, PivotalCloudFoundry, … You manage Platform (as a Service) Applications Runtimes Managed by vendor Security & Integration Databases Servers Virtualization Server HW Storage Networking
Cloud Service Models: Software as a Service (SaaS) • Offers ready-made services for business functionality • Customers can just subscribe to using the service (typically with a web browser) and start doing business with it (some customization is possible) • Currentlythemostwidelyadoptedcloudtype • Boththe software and thehostingplatformaresuppliedbytheprovider and theuserpays just for theservicesprovided • SaaS application needs to be general enough so that lots of customers will be interested • Typical examples include, customer relationship management (CRM), web-based email & officetools, testing, project management, analytics, marketing, etc. • Examples of SaaS platforms include Abiquo, Akamai, AppDirect, Apprenda, Cloud9, Cloudswitch, Concur Technologies, CornerstoneOnDemand, Cumulux, Demandware, Intacct, NetSuite, Oracle On Demand, Pardot, Salesforce.com, Splunk, Workday, … Software (as a Service) Applications Runtimes Managed by vendor Security & Integration Databases Servers Virtualization Server HW Storage Networking
Cloud Service Models: Does it matter? • Service model is just a rough way to classify difference services. • Advantage: • Drawbacks: • It’s like grouping the world’s population by gender. • There are hundreds of different services, obviously a handful of categories won’t cut it. • Also, some services can hardly be classified as IaaS, PaaS or SaaS. • Anyways, these concepts are still commonly used in the literature. • In the next slides, we shall look at an alternative classification approach.
What’s the point of all this? • Buzzword. • It provides a “feel” for the service. • The higher-level something is: • The more the server provider has to maintain • The more complex it is • The less you have to do • The higher the service fee
Additionally: Storage as a Service • Offers the storage space as the service • For backups, business continuity, disasterrecovery, filestorage, fileshares, … • Easy to dynamicallyexpand and scaleup/down • Many companies offer free startup plan (couple of gigabytes) and by paying for it, the cloud offers a nearly infinite space to store data • Especially important with big data as the cloud vendors commonly also provide tools for the data analysis • Examples of Storage as a Service platformsincludeAmazon S3, Dropbox, StorSimple,… Storage (as a Service) Applications Runtimes Security & Integration Managed by vendor Databases Servers You manage Virtualization Server HW Storage Networking
Additionally: Security as a Service • Security concerns are one of the biggest obstacles slowing the migration to cloud computing • Companies want to know where their data is, who has access to it and that it's protected • There are also companies that target the cloud security: security in the cloud, security for the cloud and security from the cloud • Examples include AppRiver, Awareness, Barracuda, CloudPassage, F-Secure Security Cloud, McAfee, Symantec, … Security (as a Service) Managed by vendor Applications You manage Runtimes Security & Integration Databases Servers Virtualization Server HW Storage Networking
Additionally: X (Anything/Everything) as a Service (XaaS) • Basicallyanythingcanbehostedfromthecloud, for example • Billing as a Service (BaaS) • CloudMigration as a Service (C-MaaS) • Communication as a Service (CaaS) • Databases as a Service (DBaaS) • Data as a Service (DaaS) • Desktop as a Service (DaaS) • Disaster Recovery as a Service (DRaaS) • Grocery as a Service (GaaS) • Healthcare as a Service (HaaS) • Identity Management as a Service (IMaaS) • Marketing as a Service (MaaS) • Metal as a Service (MaaS) • Mobility as a service (MaaS) • Monitoring as a Service (MaaS) • Network as a Service (NaaS) • Patching and Maintenance as a Service (PMaaS) • Video as a Service (VaaS) • … X (as a Service) Applications Runtimes Managed by ??? Security & Integration Databases Servers Virtualization Server HW Storage Networking
Discussion on the Previous Slide • Obviously, a database cannot exist out of thin air • There has to be some underlying hardware, an operating system, and network to access it. • So, you’re telling me that we have to manage all those? • No, they are managed by the service provider. • So what’s the deal with “Database as a Service”? Sounds more like Infrastructure as a Service to me! • Sure, you can definitely call it that! • Note, however, that the service provider only provide the hardware, the OS, and the network for the database, not for your application. • The next slide will make this clear.
Example: Database as a Service • Say, your company delivers an application X • Xis installed on your operating system. • That operating system runs on your server hardware. • Traffic to X uses your network. • When a user of application X wants to open their file repository • X makes a request to the vendor’s database • Its request traverses the Internet, through the vendor’s networking equipment, and finally ends up at the vendor’s server • The vendor’s database handles the request, then gives a reply back to you. Your Stuff The Vendor Application X Runtimes Outsourced Security & Integration Database Database Servers Servers Virtualization Virtualization Server HW Server HW Storage Storage Networking Networking
Types of Clouds • A publiccloudprovidesresources, applicationsorstorage to anyone on the Internet • Theservicesmaybefreeorpay-per-usage • Data and otherresourcesarehostedexternally to theuser and thedeliveryvehicle is the Internet • Data ownedbytheuser is stored on theprovider’sinfrastructure • Public cloudsarecommonlyhostedbyverylargeorganizations, like Amazon and Google • When to use public cloud? • Your standardized workload for applications is used by lots of people (email) • You need to test and develop application code • You have SaaS applications from a vendor who has a well-implemented security strategy • You need incremental capacity (to add compute capacity for peak times) • You’re doing collaboration projects • You’re doing an ad-hoc software development project using a PaaS offering
Types of Clouds • A privatecloud is a proprietary data center operating behindthecompanyfirewall • The data and otherresourcesarehostedinternally to theuser’sorganization and thedeliveryvehicle is thecompany’s LAN and WAN network • The main differencefrom ”traditional” virtualizedenvironments is thattheabstractionlevel of theapplicationsfromthe hardware is extensive • Private cloudsaretypicallyemployedbylargeenterpriseswiththeresources and expertise to implementthem • Advances in thetechnology and standardizationarealsomaking adoption bysmallerorganizationsmoreviable • When to use a private cloud? • If already invested in a lot of hardware, software, and space use it but in a more efficient manner • Privacy and security of data • For data that cannot be saved anywhere else • Confidential data (health records, credit cards, customer data, …) • Critical data or performance requirements • Rules of governance and compliance • Large number of customers
Types of Clouds • In thehybridcloudmodelcertainservicesareoutsourcedto publiccloudproviderswhileothersareprovidedbythecompany’sexistinginfrastructure • Allowscompanies to retaincontrol on informationtheyconsidertoosensitive to entrust to a publiccloudprovider • Cloudservicesareoftensourcedfrommultipleproviders • Givesthecompanymaximumflexibility to getwhattheywant at therightprice • Hybridcloudsaretypicallyusedbyenterprises and small to medium businesses • Thisapproach is particularlyvaluable for growingbusinesses • When to use hybrid cloud? • Public SaaS/PaaS application + private data (VPN-connected) • Public online service for everyone + private data
Microsoft Azure • Launched in 2010 • “A cloud computing platform and infrastructure for building, deploying and managing applications and services through a global network of Microsoft-managed datacenters”. • Uses a specialized operating system: Microsoft Azure • A cluster of servers that manages computing and storage resources and provisions the resources (or a subset of them) to applications running on top of Microsoft Azure. • Allows dynamic scaling of resources. • Holds the second-largest market share (behind AWS): 16.8% as of 2018. • Customer case study: Adobe.
Amazon Web Services (AWS) • Launched in 2006. • One of the first (if not the first) global cloud providers in existence. • AWS infrastructure is designed for redundancy and reliability. • Everything is built by Amazon • Custom hardware. • Custom version of the Xenhypervisor (and newly, KVM). • The current market leader: • Largest market share: 32% as of 2018. • Largest infrastructure footprint (claimed by Amazon). • Customer Case Study: Square Enix.
Infrastructure > Azure #1 More details: https://azure.microsoft.com/en-us/global-infrastructure/regions/
Infrastructure > Azure #2 • Geography> Regions > Availability zones > Datacenters > Racks • Region pair: • Each Azure region is paired with another region within the same geography. • Example: the Europe geography consists of North Europe (in Ireland) and West Europe (in Netherlands). • This is done to support business continuity disaster recovery • Region pairs are usually more than 300 miles apart. • Regulation also plays a role. • Azure data centers and services status: https://status.azure.com/en-us/status
Infrastructure> Azure > Inside a Datacenter • Datacenters are divided into “clusters” • Each rack provides a unit of fault isolation Datacenter Routers Aggregation Routers and Load Balancers Agg Agg Agg Cluster 5 Cluster 1 Cluster 2 Cluster 3 Cluster 4 Cluster Network Aggregation Agg Agg Agg Agg Agg Agg Top of Rack Switches TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR TOR Racks … … … … … … Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Servers Power Distribution Units PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU PDU
Infrastructure > Azure> Inside a Physical Server • CPU, memory, disk & networking resources are committed when allocating the service. VM VM VM Physical Server CPU CPU CPU CPU CPU CPU CPU CPU PaaS VM Role Instance IaaS VM Role Unallocated CPUs PaaS VM Role Instance TOR Switch Trust boundary Fabric Controller Guest Agent Guest Agent Host Partition FC Host Agent … To Fabric Controller PDU
Infrastructure > AWS #2 • Regions> Availability zones > Datacenters > Racks • Regions • All regions have at least two availability zones. • Most regions have three availability zones. • N. Virginia (East Coast US) has six availability zones. • Besides the datacenters, there are Points of Presence (PoP) • Together form a worldwide content delivery network (CDN). • Mostly situated near datacenters, but some are very far away. • Really cool interactive site to explore AWS infrastructure • Seriously, go check it out!
Management • User interface • Azure Portal: https://portal.azure.com/ • AWS Management Console: https://aws.amazon.com/console/ • Programmatic interface • PowerShell module: • Azure Az module • AWS Tools for PowerShell • Command-line applications (runs on all shells): • Azure CLI • AWS CLI
Identity and Access • Azure Active Directory (Azure AD) & Amazon Identity and Access Management (IAM). • A resource is an instance of a service (a “cloud thing”). Questions about resources are • Who can create new resources? • Who can manage existing resources? • Who pays for existing resources? • In organizations, many people need access to common resources. • Since resources are widely accessible from the Internet, we need secure authentication. • Not only that, there should be role-based access control. • Sounds familiar? Many organizations already have this system. • For example, Active Directoryrunning on Windows Server. • Maintaining multiple identity management services would be duplicate effort. • → Azure AD and IAM can integrate with Active Directory and other IM systems.
Identity and Access > Azure Active Directory • Every resource is associated with a subscription. • Each subscription is linked to a payment method and an Azure AD for authentication. • Many users can have access to a one subscription. • Authenticate with the AD is necessary to use the subscription. • All this means is that whatever you want to do with Azure: • Your account must belong to a directory. • For user-friendliness, “normal users” are connected to a Default directory on sign-up. • Example: 'Azure for Students' is a subscription offer by Microsoft. • Has $100 credits. • The associated directory is ‘ksamk.onmicrosoft.com’ (our University). • You have to authenticate with XAMK to log in and use the subscription.
Identity and Access > AWS IAM • We start with an AWS account • Contains resources. • Linked to a payment method for those resources. • Multiple accounts can be grouped to create an organization. • Master account • Creates the organization • Pays all the bills. • An account can be a member of only one organization at a time. • IAM users • An account can create multiple IAM users. • It is users, not accounts, who create and manage resources in the account. • Each account initially contains the root user • Has complete access to all services and resources in the account. • Analogous to the rootaccount in Unix.
Identity and Access > AWS IAM #2 • Just like in Unix, the best practice is to never use the root user • Only use the root user to create an admin user. • Use the admin user in your everyday task. • If the admin’s credential is compromised → revoke it with the root user. • IAM users can be provided two access types: • Programmatic access: • Access to development tools, for example AWS PowerShell tools and AWS CLI. • Authenticate with an access key ID and a secret access key. • AWS Management Console access: • That’s the web browser console. • Authenticate with a password. • Note: Lost credentials (secret access key, password…) cannot be recovered.
Deployment • To deploy means “to bring something on-line”. • A cloud solution (application, websites,...) contains many interdependent resources: • For example, an IaaS website might need a VM, an SQL server, a load balancer,... • When you create a web app that relies on a database. • The database needs to be created first, so that the web app can refer to its connection string. • → A headache to delete, update, redeploy… manually. • The solution: Infrastructure as Code • Place related resources in a resource group (or stack). • Declare all resources and their dependencies in a deployment configuration. • Usually in a markup language like JSON or YAML. • → With this, the cloud can automatically figure out the deployment order. • → You also obtain an overview of the components involved. • This is the idea behind Azure Resource Manager and AWS CloudFormation.
Deployment > Azure Resource Manager (ARM) • The main deployment model • Introduced in 2014 to replace the old model (Azure Service Manager). • Resource group • All resources must be deployed to a resource group. • Each resource group has an attached VNet • This VNet facilitates communication between resources. • All services in the group can be updated independently. • The deployment template is called Resource Manager Template • The syntax is primitive and verbose. • Not a good idea to edit by hand. • Remember, you can also use the shell to deploy programmatically.