Tag Archives: IaaS

Azure IaaS Guidance, the basics…

The importance of planning and designing in Azure IaaS is just as important as in the days you designed your own on premises infrastructure. Azure has many capabilities which all rely on dependent resource models when you design your application infrastructure to support your projects. With any platform, private or public cloud, you need to ensure that you follow the appropriate guidance around the principles which are focused on best practices for successful implementations of cloud projects. As you would do with any infrastructure design project, there are common components which are key to how you design your applications to achieve operational excellence and performance. Some of the key basic elements have been outlined below.

Data Center Azure IaaS
Physical Machine/Virtual Machine Azure Virtual Machine
SAN Available through Storage Accounts (Tables, Queues, Blobs)
LAN Multiple Virtual Networks with Subnets
WAN/VPN enablement ExpressRoute/VPN Gateway
Network Security Polices Network Security Groups


Ingredient 1: VM Sizing

With all the current VM sizes in Azure it can be complicated to start with sizing your requirements up front. It’s important to review your application requirements and how you intend to deploy your overall architecture and instances to support your needs throughout the project and application lifecycle. If you don’t need load balancing and you have some simple VM requirements you can start with A series VMs. If you need something more powerful with additional features like load balancing, you’ll need to move to the standard tier VMs. For intensive compute applications like SQL Server, especially if you are expecting high transactional loads, you should move up to at least the D or DS series VMs. The G series and GS series offer most performance, more disks, larger temporary disks and RAM with the most powerful processors today. Each tiered VM has different capabilities with the number of CPU cores and speed, disk bandwidth and maximum number of attached data disks and virtual network interface adapters. You also need to be aware of the disk limits and I/O limits of each VM size, the number of data disks that you could attach and the max number of IOPS each VM can support with the appropriate storage account type.

It’s important to note that premium storage is only available for use with the DS and GS series VMs. They also use solid state drives for improved I/O, the same as premium storage.

For further information, see https://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-size-specs/.

Ingredient 2: Storage

Once you’ve sized your VMs, storage is key to application performance and based upon IOPS requirements. If you have an idea of IOPS requirements for your applications, then life is much simpler in designing your storage requirements. Azure storage comes with different capabilities, tables, queues and blobs. For VMs, you will use storage accounts with blob storage. Each Virtual Hard Disk (VHD) is stored as a page blob. With Azure storage you have the choice of choosing Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), Geographically Redundant Storage (GRS) and Read Access Geographically Redundant Storage (RA-GRS). All these redundancy options need to be taken into consideration when you design your storage strategy in Azure for your VMs.

You also need to be aware of the max number of supported VHDs for your VMs in the storage accounts. Not to say that with a standard storage account you can have up to 500TB of space which could hold many VHDs, but you need to determine how many storage accounts you need as part of your design. For example, if you have multiple VMs and data disks and you use one storage account, each VM based on tier has max IOPS to each disk. If you had all your VHDs in one storage account you would end up with throttling your throughput because standard storage account can only support a number of highly utilised disks before throttling occurs. Premium storage with the DS and GS series VMs considerably improves your latency, but your storage space is currently reduced to 35TB per storage account.

With standard tier storage you pay for the data written to the VHD, regardless of the VHD size, each up to 1023GB. With premium storage, you have to create the data disks and you are charged for the whole size up front, unlike standard storage.

For further information, see https://azure.microsoft.com/en-gb/documentation/articles/storage-scalability-targets/ and https://azure.microsoft.com/en-gb/documentation/articles/storage-introduction/.

Ingredient 3: Network

How you design your Virtual Networks and Subnets is important from a number of aspects. You need to think about isolating your resources and how they will be accessed and by whom. The most common theme I have utilized is to ensure that you group your resources into Subnets which take more sense from an application perspective and tie these with security policies. For example, you wouldn’t have VMs exposed in a Subnet to a public IP address which don’t need to be part of a traditional DMZ in your data center. You would do exactly the same in Azure Virtual Networks and segment your virtual network design around your applications and accessibility requirements for your applications. Another way to think about segmentation around applications is to have front end, middle tier and backend Subnets for each set of groups of resources.

For further information, see https://azure.microsoft.com/en-gb/documentation/articles/virtual-networks-overview/.

For on premises connectivity you should consider ExpressRoute or VPN options with VPN Gateways. Each solution offers it’s own benefits.

For further information, see https://azure.microsoft.com/en-gb/documentation/articles/vpn-gateway-about-vpngateways/

Ingredient 4: Security

Security can be managed in different ways in Azure, with virtual appliances available through the VM depot, network security groups, endpoints, load balancers, firewalls, group policies etc. This is a very large area to consider and is of highest importance in any environment. As part of your blueprint and building our logical design, ensure that you take deep consideration into network security groups which can be applied to VMs, Network Interfaces and Subnets. A series of Access Control Lists (ACL’s) can be applied to the resources I mentioned earlier as part of a defence-in-depth strategy. Cloud security should be layered from the VMs, VM firewall, network isolation, access control lists and any protection that can be provided by virtual appliances. You can also force tunnel connections through your on premises environment if you are extending to Azure from your data center and mange traffic to the internet from on premise network security appliances..

For further information, see https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/.

Ingredient 5: Deployment

The deployment aspects of the cloud can be achieved in different ways. You can use the Azure Portal, Azure PowerShell Cmdlets, Azure Command Line Interface (CLI) and a combination of the highly recommended deployment method with Azure Resource Manager (ARM) templates. In Azure IaaS V1, we focused on Cloud Services as a container for resources. In ARM (IaaS v2), you focus on the whole application, or pieces of the deployment which makes up your footprint for your application architecture. There are a number of ARM templates available on GitHub to get you started. I would recommend building your own ARM templates to understand how the templates glue together before using ARM templates which might be complex. ARM allows you to define your blueprint and deploy this in a repeatable consistent manner, which is perfect for testing your deployments through the application lifecycle. There are certain elements you need to be aware of when you use ARM, for example your storage account deployment will fail if you don’t use lowercase alphanumeric characters from 3-24 characters. Something which isn’t debugged by Visual Studio when you develop the template, so be aware of some of the rulesets you need to follow.

For more information, see https://azure.microsoft.com/en-gb/documentation/articles/resource-group-overview/.

For Quickstart ARM templates to get you up and running, see https://azure.microsoft.com/en-gb/documentation/templates/.

That’s the end of the IaaS basics starter post for today, I hope you found it informative.

Cloud Computing, The Basics

When it comes to ‘ Cloud Computing’ there are a few acronyms which are referenced in most articles which I will explain in my first official blog about cloud computing basics. The main acronyms are described below.

SaaS (Software as a Service): A Service provided by a vendor which is typcially provided as a packaged solution to multiple customers. The service is usually provided, but not limited to, through a web browser. The vendor provides the service over the internet and is managed and maintained by the vendor. The customer does not need to worry about upgrades, patching and the security architecture of the service. Examples of SaaS include Facebook, Microsoft Online and Google Apps. SaaS has been around for a number of years.

IaaS (Infrastructure as a Service): Infrastructure as a Service is a service model where a company would outsource the servers, network and storage to a service provider. All the hardware is owned and managed by the service provider and the resources are provided over the internet. The service provider can also provide the operating system, messaging and databases. The company obtaining the services would usually pay on a transaction or per use basis. Examples of IaaS include Amazon Web Services AWS), Microsoft Hyper-V Private Cloud, Apples iWork.com and IBM’s Blue cloud services. Utilizing IaaS effectively allows the architecture of a dynamic datacenter which can be flexible to a organizations requirements.

PaaS (Platform as a Service): Platform as a Service is a architecture framwork that allows a complete development platform to build and assemble solutions, similar to SaaS, but with development tools for customization. The underlying Operating System and Hardware is still provided by the service provider. PaaS offers the ability to run full rich applications over the internet offered as a utility computing. The model is still usually provided on a pay per use or on a subscription basis. Rich internet applications can be developed by businesses utilizing a rhobust platform with faster application delivery times. PaaS includes modules which can be integrated to build the applications necessary for the business. Examples of PaaS include Microsoft Azure, Salesforce.com, Rollbase, Google App Engine and BungeeConnect.

Cloudstream An integration template which provides the required nuts and bolts to secure, provide governance and manage the communication between two services at the Application Programming Interface (API). The integration can be enterprise to cloud and cloud to cloud. The cloudstream captures configuration information for cloud brokers and packages the configuration information to connect the endpoints together. CloudStream will become the standard for integration across the cloud and enterprise. For on premise systems, appliances/software solutions can help with cloud integration such as the  Vordel Cloud Service Broker, Forum Sentry SOA Security Gateway .Layer 7 CloudSpan Products, Ping Federate Connectors and Microsoft Active Directory Federation Services 2.0.