Hosting Day

Windows Azure Pack Overview

Gang PanMicrosoft

2

Objectives• Windows Azure Pack Overview • Windows Azure Pack Architecture• Windows Azure Pack Views • Provider• Consumer

• Hosting Scenarios• VM Hosting (IaaS)• Websites• Hosted Databases (SQL/MySQL)• Service Bus

• Review decisions and discuss next steps

Windows Azure Pack Overview

R2 w/ Service Provider Foundation

Future Services

Service Bus

SQLVMsWebSites

Service Management API

ServicePlansUsers Provider

PortalConsumer

Self-ServicePortal

Web SitesAppsDatabaseVMs

Service ProviderCustomer

Self Service Portal Moves On-Premises

Common Mgt. Experience

Workload Portability

Cloud-Enabled Services Move On-

Premises

Consistent Dev.

Experience

Other Service

sCDN.

Media,, etc.

Caching

Service Bus

SQLVMRole

WebSites

WorkerRole

Service Management API

Web SitesAppsDatabaseVMs

Subscriber Self-

ServicePortal

Windows Azure

Cloud OS Consistent Experiences

• Simplified infrastructure service delivery

• In-box service templates and runbooks for System Center components

• Integrate existing investments using web-based interfaces to System Center capabilities

• Scale management across multiple System Center instances (or “stamps”)

• Extensible service management automation

• Tenant-level resource metering for capacity planning and usage analytics

Multi-tenant cloud infrastructure

Tenants User roles Stamps

Service mgmt. automation (PowerShell based)

System Center REST web service APIs, incl. usage metering

Service provider systems (e.g., Billing).

System Center (Management

stamps)

Service provider portal

Service Provider Foundation (SPF)

Tenant admin/users

APIs

Virtual machin

e manage

r

Virtual machin

e manage

r

Virtual machin

e manage

r

Orchestrator Operations manager

Windows Azure Pack Architecture

Windows Azure Pack Architecture

Service Provider View for Windows Azure Pack

Service Providers• Integrate into existing systems to orchestrate

& automate end to end processes

• Out of the box runbooks to automate delivery of cloud services

• Import additional integration modules and author PowerShell workflow runbooks within Service Management portal

• Operational dashboard for analysis and troubleshooting

• Authentication using Active Directory

Administration

Subscribes to

Plans define Admin—Tenant relationship

Clouds

CreatesPlans

Tenant

Admin

Services

Provisions

Allocated from

Restricted by

Quota, Add-ons

Incl

ud

e

Creates

Resource Clouds

Connect cloud to VMM instance

Define usage limits

Assign VM templates & networks

Admin: create VM cloud

Review usage statistics• Memory• Storage• Virtual CPUs• Virtual Machines

Admin: monitor VM cloud

Include one or more services

Bind services to clouds

Set quotas and add-ons

Admin: Create plan

Service Providers• Manage shared infra and

services• Virtual Machine Clouds• Web Site Clouds• Service Bus Clouds• 3rd party shared services

• Create offers of select services• Define unique quotas per service• Define offer add-ons for upsell• Include curated gallery applications• Publish public or private offers

Subscriptions

Service Providers• Consistent interface for all

Services• REST, OData & JSON• Enable 3rd party billing providers and ITFM

integration

• Data Warehouse

• Analytics on Tenant Subscription usage

• Enable license compliance through inventory reports

Usage/Billing

Multi-tenant cloud infrastructure: capacity planning and usage analytics• Granular metering of resource

usage by tenant, including CPU, memory & storage

• Enable business/ operational insight with tenant-level analytics

• Data warehousing & reporting, incl. allocation, utilization & license compliance views

• Integration with Cloud Cruiser cost analytics solution for billing capabilities.Usage metering and analytics are delivered by System Center 2012 R2 through Orchestrator as

SPF web-services APIs, usage data is provided by Operations Manager and VMM. Windows Azure Pack surfaces the reports.

Service Providers• Integrate into existing systems to

orchestrate & automate end to end processes

• Out of the box runbooks to automate delivery of cloud services

• Import additional integration modules and author PowerShell workflow runbooks within Service Management portal

• Operational dashboard for analysis and troubleshooting

Automation

Service management automation

• Enable efficient infrastructure delivery and operations

• Web-based runbook authoring

• Scalable, multitenant-aware automation engine built on PowerShell

• Import existing PowerShell scripts and workflows

• Integration with existing/ third-party systems

CMDB

Ticketing

Billing

Management Systems

VIRTUAL MACHINE CLOUDS

12

SQL SERVER

9

PLANS

12

WEBSITE CLOUD

12

MYSQL SERVERS

0

NOTIFICATIONS

0

USER ACCOUNTS

4

AUTOMATION

8

ALLITEMS

Add bulk user accounts

Service ticket for failed resourcesNotify users of plan updatesAdd additional SQL capacity

IntegrationWorkflow automation

Web-based authoring

Delivered by System Center 2012 R2 through the Orchestrator component by exposing the above features as web-service APIs along with SPF integration.

Windows Azure Pack Portal Customization

White LabelAdd-On Services Differentiated

Easily skin portal with your theme and brand

Custom login, logos, banner, colors, extensions, etc…

Safe Java allows some additional stable customization

REST API

Onramp for more Azure Services moving to Windows Server

Any number of services can be surfaced in the portal

Portal source code provided

Replace the portal with your own by providing support for the API

Service Consumers View for Windows Azure Pack

Tenant experienceHomepage

Rich self-service experience

Windows Azure consistency

Monitor and provision services

Tenant experienceDashboard

Core service dashboard

Configuration and control

Utilization reporting

Service Consumers• Build highly scalable web

applications• Iterate with integrated source

control• Manage their apps with real-time

telemetry• Use the languages and open

source apps of their choice

Web sites

Service Consumers• Messaging service for cloud

apps• Guaranteed message delivery• Publish-subscribe messaging

patterns• Standard protocols (REST,

AMQP, WS*)• Interoperability (.NET, Java/JMS,

C/C++)• Integrated with management

portal

Service Bus

Service Consumers• Virtual Machine Roles

• Portable

• Elastic

• Gallery

• Windows and Linux Support

• Virtual Networks

• Site to Site connectivity

• Tenant supplied IP addresses

Virtual Machine

Service ConsumersIdentity• ADFS Federation integrates with Consumers own

Active Directory • Co-administrators

Database Services• SQL Server• MySQL

Value add services from gallery

Other shared services from provider

Programmatic access to cloud services• REST APIs

Additional

Services

VM Hosting (IaaS)

DefinitionsVirtual Machine Role Gallery • Catalog of Virtual Machine Role

templates for tenants. Tenants view a curated and role-scoped list of Virtual Machine Role templates in the Tenant Portal, Powershell or APIs.

Virtual Machine Role Gallery Item• A single Virtual Machine Role

template

Virtual Machine Role• Homogenous scalable tier of

Virtual Machines.

Virtual Machine Role View Definition (VIEWDEF)• UI artifact for a gallery item.

The VIEWDEF includes constructs to build the ui wizard in order for the tenant to enter values for deployment.

Virtual Machine Role Resource Definition (RESDEF) • Template artifact for a Virtual

Machine Role. The RESDEF includes hardware, network, OS, and Application configuration.

Virtual Machine Role Resource Extension (RESEXT) • Application template and

installation payload (MSI, scripts, SQL DAC, etc) used to deploy an application into a Virtual Machine Role.

• Import and Manage Gallery Items• Resource Definition Package• Publish / Unpublish Gallery Items to

Tenants• Immediate impact when unpublishing• Add Gallery Items to Plans• Scopes access based on plan and

subscription• Gallery Item authorization from SPF• Resource extension from VMM

Service Admin Gallery

Cloud OS Virtual Machine Role• Scale-out and Scale-In of a Virtual

Machine Role• Update settings• Upgrade to new version• Change networks• Start/Stop/Shutdown VMs• Add/Remove Devices

Support for VM TemplatesActive Directory AuthenticationCo-admins can share subscription

Tenant Virtual Machine Features

• Tenants create their own networks

• Site to Site VPN

• Network Address Translation (NAT)

• Configuration of topology and border gateway protocol (BGP)

• Tenant IP addresses with network virtualization

• Consistent user experience with Azure

Tenant Networks

VMs can be:• On isolated network/no network• Windows/Linux/No OS

Requires• RDP client supporting Remote

Desktop Protocol 8.1• Windows Azure Pack• Service Management Portal

• System Center 2012 R2• Windows Server 2012 R2 • Hyper-V• Remote Desktop Gateway

Remote Console Access for Tenants

Remote Console Flow

Browser

Remote Desktop Client

client supporting Remote Desktop

Protocol 8.1

Windows Azure PackPortal

System Center 2012 R2

Windows Server 2012 R2

Remote Desktop Gateway

RDP File

RDP FileTokens (Host, VM)

Console Request

Trust

Trust

Windows Server 2012 R2 Hyper-V

Validate token signature.Validate token timestamp.Authorize host & port only

Validate token VMID.Authorize only specific VM.

Verify user accessGenerate and sign tokens

Generate RDP file and embed tokens

Cloud Service 1

Virtual Machine Role 1

Virtual Machine Role

VM1.1

Virtual Machine Role Resource Definition (RESDEF)

VM Container SpecificationExtension (RESEXT)Application

Configuration

Application, Network, VM Settings

VM1.2

UI Wizard (VIEWDEF)

• Templates• Definition - RESDEF• Extension - RESEXT

• UI Wizard

• View - VIEWDEF• Configuration

• ResConfig• Instances

• Cloud Service• Virtual Machine Role

• VM(s)

Cloud Service Model: Virtual Machine Role

Application (RESEXT)

• Roles and Features• Payload and

scripts• OS Image

requirements• Network IP and

Load balancer• RESEXT

Parameters

Virtual Machine Role (RESDEF)

• VM settings (size)• OS Settings• OS Image

Reference• RESEXT Reference• RESEXT Parameter

bindings• RESDEF

Parameters

UI Wizard (VIEWDEF)

• UI for RESDEF Parameters

• Grouping• Ordering• Validation• Localization

Deployment Configuration (RESCONFIG)

• RESDEF Parameter Values

• Single deployment• Versioned

Application Extension (RESEXT)

{ "Name": "IIS_Demo_2", "Publisher": "Microsoft, "Version": "1.0.0.0", "ExtensionHostingContract": "MicrosoftCompute/VMRole/1.0.0.0", ", "SchemaVersion": "1.0.0.0", "DataPackage" : { "Location" : "IISWS2012", "Version" : "1.0.0.0" }, "ResourceExtensionParameters": [ { "Name" : "IISPort", “Type" : "String", "Description" : "IIS Port" } ], "ResourceRequirements": { "OSVirtualHardDiskRequirements": ["WindowsServer2012", "Datacenter" ] }, "ExtensionSettings": { "SchemaVersion": "1.0.0.0", "WindowsServerRolesAndFeatures": [ "Web-Server", "Web-WebServer", "Web-Common-Http", "Web-Default-Doc", "Web-Dir-Browsing", "Web-Http-Errors“ ]"ApplicationProfile": { "ApplicationPayload": [ { "ID" : "123dbce1-8ccd-4fb1-af39-a2a3b69b4123", "RelativePath" : "IISConfiguration.cr" } ], "Name": "389cb52d-a950-46d3-b021-48b7fe67267e", "WindowsApplicationProfile": { "ProvisioningScripts": [ { "AlwaysReboot" : faalse, "ApplicationPayloadId" : "123dbce1-8ccd-4fb1-af39-a2a3b69b4123", "DeploymentOrder" : 1, "ErrorPolicy" : "FailOnMatch", "ExecutableAndParams" : {"Executable" : "cmd.exe", "Parameters" : "/q /c iisconfig.cmd [Param.IISPort]" }, "ExitCodeRegex" : "[[1-9][[0-9]*", "RebootExitCodeRegex" : null, "RestartOnRetry" : false, "ScriptBlock" : null, "ScriptCredential" : null, "ScriptType" : "PreInstall", "StandardErrorPath" : "C:\\iisconfig-gceerr.txt", "StandardErrorRegex" : null, "StandardInput" : null, "StandardOutputPath" : "C:\\iisconfig-gceout.txt", "StandardOutputRegex" : null, "TimeoutInSeconds" : 1200, "WorkingDirectory" : null

• Identifiers• Name, Publisher, Version

• Parameters – “IISPort”• OS Image Requirements

• Tags - “Windows Server 2012”, “Datacenter”

• Operating System Roles / Features• Web-Server, Web-WebServer, Web-

Common-Http• Script Application Deployment (Powershell DSC,

Puppet, Chef, MSI, script)• “Cmd.exe /q /c iisconfig.cmd

[Param.IISPort]"• Other profile types available

• SQL Profile• SQL Dac Applications• WebDeploy

• Run Scripts• Payload – bits and scripts• Parameterization with Basic Expressions • Import into VMM prior to Use• Packaged using Open Packaging Convention (

OPC)

Virtual Machine Role Resource (RESDEF)

{"Name": "IIS_Demo", "Publisher": "Microsoft", "Version": "1.0.0.0", "Type": "MicrosoftCompute/VMRole", "SchemaVersion": "1.0.0.0", "ResourceParameters": [ { "Name": "RoleVMSize", "Type": "String", "Description": "Platform-specific VM size (for Blue: XS | S | M | L | XL)" }, { "Name": "IISPort", "Type": "String", "Description": "IISPort desc." }], "ResourceExtensionReferences": [ { "ReferenceName": "IIS_Demo_2", "Name": "IIS_Demo_2", "Publisher": Microsoft", "Version": "1.0.0.0", "ResourceExtensionParameterValues" : '{

"IISPort" : "[Param.IISPort]"}' } ], "IntrinsicSettings": { "SchemaVersion": "1.0.0.0", "HardwareProfile": { "VMSize": "[Param.RoleVMSize]" }, "ScaleOutSettings": { "InitialInstanceCount": "[Param.RoleInitialInstanceCount]",

• Properties• Identity

• Name, Publisher, Version• Parameters

• RoleVMSize• IISPort

• Extension References • Name, Publisher, Version

• Parameter binding• IISPort

• Size Profile (XS, S, M, L, XL)• Storage Profile (Data / OS Disk)• OS specialization

• ComputerName, Timezone, other unattend

• Network profile (LB Config, Network)• Scale settings

• Parameterization with Expressions• Served from SPF Feed (Gallery)

Presentation UI Wizard (VIEWDEF)

{ "Label": "{{IISWS2012Label}}", "PublisherLabel": "Microsoft", "Description": "{{WS2012IISDescription}}", "DefaultLanguageCode": "en-US", "Sections": [ { "Title": "{{WS2012IISVMSettings}}", "Categories": [ { "CategoryName": "{{ScaleOutSettingGroup}}", "Parameters": [ { "Name": "RoleVMSize", "Label": "VM Size", "Type": "VMSize", "DefaultValue": "ExtraSmall", "Description": "{{RoleSizeDesc}}", "Validation": { "Required": true, "Messages": { "Required": {{RoleSizeRequiredMessage}}“ } } }, { "Name": "RoleOSVHDImageNameVersion", "Label": "OS Virtual Hard disk", "Type": "OSVirtualHardDisk", "Description": "{{OSDisk}}", "ImageTags": [ "WindowsServer2012", "Datacenter“ ], "Validation": {"Required": true,

"Messages": {"Required": "OS Disk is Required" } } }, { "Name": "RoleInitialInstanceCount", "Label": "Initial Instance Count", "Type": "Number", "DefaultValue": "1", "Description": "{{RoleInitialInstanceCountDescription}}", "Validation": { "Required": true, "MinRange": 1, "MaxRange": 5, }

• Grouping• Sections - Title• Categories - CategoryName

• Ordering• Follows the order in the viewdef

• Labels, Descriptions• Type

• Boolean, Number, String, SecureString, Credential, ComputerNamePattern, Option, VMSize, OSVirtualHardDisk, Network, OSTimezone

• Default Value• Validation• Localization

• Double-curly bracket notation• {{WS2012IISVMSettings}}

• Package resource file per language• "WS2012IISVMSettings": "Virtual Machine

Settings"

Deployment Configuration (ResConfig)

{ "Version": "1.0.0.0",

“ParameterValues” : ‘ { “IISPort": “80", “RoleVMSize” : “Small”, “ComputerNamePattern” : null, "NetworkName" : "corp" }’}•Generated by Portal

•Not persisted as a file• Versioned to enable updates • Parameter binding to user input

Gallery Item Resource Packages

.ResdefPkg

• Resdef file• Viewdef file• Icon• Language

directories and files

.ResextPkg

• Resext file• Script Payload• Application

Payload

Service Provider Foundation (SPF)

Virtual Machines

Virtual MachineManager

VM networksVirtual Machine

Manager

Service Templates

Virtual MachineManager

AutomationOrchestrator

Enables Hosted IaaSFeatures• VM management

• Service management

• Self-service VM networks

• Multi-tenancy / Multi-stamp

• Self-service tenant administration

• Enterprise identity for SPF

• Extensibility for hosted cloud API

• Usage Metering via SCOM

REST-based Odata API

2012 R2

R2

SPF architecture

REST API - OData

Claims-based AuthN and AuthZ

Aggregation

PowerShell web service

StampsManagement servers

TenantsUser roles

PowerShell scripts Orchestrator Runbooks

Management stamps

Service Mgmt Portal

IaaS Recommended Infrastructure

Website Hosting

1Shared

Shared instances

:-)

Shared & reserved instances

• When a website is first created it runs in shared mode.

• It shares available compute resources with other subscribers that are also running websites in shared mode.

Deploy web sites into a shared/multi-tenant hosting environment running on a shared set of server resources.

Shared instances

:-)

Reserved instance

:-)

Shared and reserved instances

1Reserved

• Websites can be upgraded optionally to run in reserved mode. This isolates them to run within a dedicated virtual machine.

• When you change the mode from shared to reserved, the website is scaled up.

Reserved instance

:-)

Reserved instance

:-):-)

:-) :-)

:-)

:-) :-)

Shared and reserved instances

2Reserved • Elastically scale the resources sites use to increase reserved instance capacity as traffic increases.

• Increasing the value for Reserved Instance Count will provide fault tolerance and improved performance through scale out.

• A website in Reserved mode will provide more consistent performance than a website in Shared mode because it is not sharing resources with other tenants.

• If Reserved Instance size is changed from Small to Medium or Large, the website will run in a compute instance of corresponding size with access to associated resources for each size.

Customizable self-service gallery

Popular web apps

Database integration

Web app gallery

Source code and developer tools

Use familiar developer tools.

Upload to production folders.

Synchronize IDE with popular source code control systems.

Visual Studio Team Foundation Server

FTP/HTTP

WebDeployNode.js, PHP,

ASP.NET,

Websites Recommended Infrastructure

SQL Database Hosting (DBaaS)

SQL Server/MySQL

• SQL Databases per subscription

• SQL Groups

• SQL Add-Ons

• Manage Database: View Info, Change Password, Resize and Delete

• SQL AlwaysOn Support

• Create Website with SQL Database

• Management Tasks: APIs and PowerShell Support

• SQL Usage reporting

SQL Server Hosting (SQL/MySQL) Features

Administrative Features

Server View• Add and maintain SQL Hosting Servers & AlwaysOn

Availability Group Listeners(AGL)• Dashboard: View Total Space Utilization per Hosting Server • List of all databases in a Server

SQL Group View• Add and maintain Logical Groups for better maintainability • Move Servers or AGLs between SQL Groups• Type: Standalone Vs AlwaysOn enabled

Tenant Features

Database View• Create and maintain databases as part of the subscription

• Create database against a SQL Database Edition available to subscription

• Manage Database: View Info, Change Password, Resize and Delete

• Subscribe to AddOns: Increase Database count and Size• Usage summary per subscription : no. of databases and

additional storage

SQL Database Hosting Recommended Infrastructure

Service Bus Hosting

Service Bus QueuesOne way asynchronous messaging.

Example: ServiceBus Queues

myqueue

Publisher

Publisher

Consumer

Service Bus topics and subscriptionsPublish-subscribe one-to-many messaging.

Example : Service Bus Topics

Consumer 1

Consumer 2

Consumer 3

Publisher

Publisher myTopic

A

A

B

B

C

CA

A

B

DE

E

B

C

E

E

SubscriptionRule

Color=BLUE

myFirstSubscription

mySecondSubscription

A

Service Bus Recommended Infrastructure

Acquiring and Authoring Gallery Resources

Importing a Gallery Item

Download or author resource and

extension packages

Import .ResextPkg into VMM

Verify Deployment dependencies•VHD meets requirements•Network•Load Balancer

Import .ResdefPkg into Portal

Publish Gallery item to Plans

OSImage handling• OSImage should be parameterized for maximum reuse across

environments• Parameter allows user to select image (see Tags below)

• Tags• Viewdef – filters by Tags according to resext• Resext – Tags are application requirement• Guidance on “standard” tags – “WindowsServer2012”, “Datacenter”,

“.NET4.5”• Deployment will be blocked if referenced image is not tagged to match

RESEXT requirements• Reference is “Name:Version”

• “WindowsServer2012DatacenterENU:1.0.0.0”• Name and Version map to VMM VHD FamilyName and Release properties• Version must by n.n.n.n – vmm Release is a string• If OSImage is not parameterized, set FamilyName and Release accordingly

Configuring Virtual Machine Manager

• Cloud• Library share containing VHD is accessible to cloud

• Userrole• Tenant userrole has access to cloud

• Virtual Hard Disks• Configure Virtual Hard Disk FamilyName, Release and Tags accordingly – see OSImage slide

• Test in VMM using RESDEF• Powershell only• Read RESDEF, construct RESCONFIG• Submit resdef and resconfig via powershell to create a virtual machine role

Deploying a Gallery Item

Portal reads Gallery Item VIEWDEF to build wizard and gather user input

Portal produces a Resource Configuration (RESCONFIG)•Parameter Bindings for a single deployment

Portal creates a new Cloud Service or chooses existing

Portal calls SPF layer to deploy gallery item into Cloud Service using settings in the

RESCONFIG

SPF reads RESDEF and calls VMM with

RESDEF, RESCONFIG and Cloud Service

VMM combines RESCONFIG and

RESDEF with referenced RESEXT

to assemble deployment

configuration

VMM deploys Virtual Machine Role

instances into Cloud Services using

RESCONFIG settings.