le cloud microsoft - présentation "fourre-tout" - base
Post on 15-Jan-2015
2.093 Views
Preview:
DESCRIPTION
TRANSCRIPT
©Copyright Exakis 2011– Reproduction et utilisation interdites sans autorisation
Le Cloud façon Microsoft
Forum Grafotech - Rennes, 12 mai 2011
QUI SUIS-JE?
Nicolas Georgeault– MVP2y SharePoint Server– Architecte SP chez Exakis– RP Collab et BI
Consultant & Speaker – nicolasgt@exakis.com– http://nicolasgt.exakis.com (Blog CKS:EBE sur WSS3.0)– http://www.facebook.com/nicolas.georgeault– http://twitter.com/ngeorgeault– http://www.slideshare.com/ngeorgeault
Passionné de Horse-Ball– Webmaster www.fihb-horseball.org
LE CLUB SHAREPOINT
• National ET Régional– 23 mai à Paris– 15 septembre à Nantes– 29 septembre à Rennes
• Groupe d’échange sur les usages et les bonnes pratiques• SharePoint Saturday• SharePoint Conférence Paris (10-13 Avril 2012)• Afterworks des communautés
– 2ième Jeudi du mois à Nantes– Dernier jeudi du mois à Rennes
http://www.club-sharepoint.frhttp://www.ugsf.fr
AGENDA
Rappel sur le concept de Cloud ComputingLe Cloud chez MicrosoftLa plateforme Windows AzureLa plateforme Office 365
10/04/2023 5
LES CHALLENGES
• Manque d’agilité pour parvenir à déployer les applications et services qui créent de la valeur métier
• Equipes informatiques essentiellement focalisées sur l’exploitation des systèmes existants, pas sur les projets stratégiques pour l’entreprise
• Maintenance et sécurité des postes de travail et des applications difficiles et coûteuses
• Coûts informatiques non prédictibles et non maîtrisés
6
Des métiers moins productifs et peu
satisfaits
Des directions générales ne
percevant que des coûts et faible ROI
Mainframe
Client-Server
Web
SOA
Cloud
5ÈME GÉNÉRATION D’ARCHITECTURE
19701980
19902000
2010
QU’EST-CE QUE LE CLOUD COMP.?
Infrastructure As A Service
Anything As A Service ??
Software As A Service
Platform As A Service
5 POINTS ESSENTIELLES
• Notion de Self-service, Service à la demande• Accès réseau ubiquitaire• Mise en commun des ressources
– Indépendance de l’emplacement– Homogénéité
• « Élasticité » rapide• Service mesuré en permanence (SLAs)
3 MODÈLES DE SERVICE
• Software as a Service (SaaS)– Utilisation des applications du fournisseur de services à travers
le réseau
• Platform as a Service (PaaS)– Déploiement d’applications créées par le client dans le Cloud
• Infrastructure as a Service (IaaS)– Location de capacités de traitement, de stockage, de réseau et
autres ressources
Private(On-Premise)
Infrastructure
(as a Service)
Platform(as a
Service)
TYPES DE CLOUDS
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security & Integration
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security & Integration
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security & Integration
You m
anage M
anaged b
y v
endor
Managed b
y v
endor
You m
anage
You m
anage
Private(On-Premise)
TYPES DE CLOUDS
Infrastructure
(as a Service)
Platform(as a
Service)
INCONVÉNIENT ÉCONOMIQUE
Charge actuelle
Capacités fournies par
l’IT
« Gâchis » de
capacités
Sous-capacité
Coût fixe pour les
capacités fournies par
l’IT
Prévision de charge
Barrière pour les
innovations
CAPA
CITE
INFO
RMAT
IQU
E
TEMPS
Charge actuelle
Capacités fournies par
l’IT
Réduction des investissement
s initiaux
Réduction de la
surcapacité
Pas de sous-capacité
Réduction possible des capacités IT en cas de diminution
de la charge
Prévision de
charge
CAPA
CITE
INFO
RMAT
IQU
E
TEMPS
AVANTAGE ÉCONOMIQUE
MICROSOFT ET LE CLOUD ?
(1996)+ 450 M
util. actifs
Windows Live
Hotmail(1997)550 M
util./mois
(1998)Logiciel + Service450 M util.
Windows
Update
(1999)+ 320 M util. actifs
Windows Live
Messenger
(1999)2 Milliards requêtes/m
ois
(2001)+ 20 M
util. actifs
(2003)5
milliards min
conf /an
(2004)2
milliards emails/jou
r
(2010)Disponible pour 450
millions de consomma
teurs
Web Applications
1 milliard =Nombre d’authentification Windows Live ID chaque jour
Windows Live
LE CLOUD MICROSOFT~100 Data Centers répartis
Quincy, WA Chicago, IL San Antonio, TX Dublin, Ireland Datacenters de 4ième Generation
Platform Services
Software Services
Application Services
Infrastructure Services
THE MICROSOFT CLOUD
RÉELS INVESTISSEMENTS
• Plus de $2 millards investis• Env. 100 Data Centers• Conformité avec les procédures de sécurités (SOX)• Flexibilité entre Cloud Public et Privé• Innovation en terme d’empreinte carbone• 30 000 ingénieurs travaillent sur les services Cloud• 70% de l’ensemble des produits serveurs auront une offre
Cloud d’ici 2012
BUSINESS APPSCOLLABORATION STOCKAGE PLATEFORMEMANAGEMENTPRODUCTIVITE COMMUNICATIONS
Platform As A ServiceSoftware As A Service
Mic
roso
ft g
ére
Vous
gér
ez
Private(On-
Premise)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security
Votr
e v
ale
ur
Dedicated(Managed Hosting)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security
Votr
e v
ale
ur
Platform(as a
Service)
Applications
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Security
Votr
e v
ale
ur
Infrastructure(as a Service)
Storage
Server HW
Networking
Servers
Virtualization
Databases
Runtimes
Applications
Security
Votr
e v
ale
ur
Votr
e v
ale
ur
Innovations
Votr
e v
ale
ur
Innovations
Votr
e v
ale
ur
Innovations
ACTIVITY CENTRIC
IT as a Service
SOFTWAREA S A S E R V I C E
PLATFORMA S A S E R V I C E
INFRASTRUCTUREA S A S E R V I C E
IT as a Service
INFRASTRUCTURE
A S A S E R V I C E
PLATFORMA S A S E R V I C E
SOFTWAREA S A S E R V I C E
CUSTOMER &PARTNER APPS
VOUS AVEZ DIT SAAS ?
WINDOWS AZURE
LA PLATEFORME WINDOWS AZURE
Distribution, stockage et calcul évolutifRéseau privé virtuel (VPN)Gestion des services automatisésLangages, technologies et outils familiers
Stockage relationnel pour le nuageSynchronisation et reportingModèle de développement cohérentGestion automatisée
Cache distribuéCapacité de bus de servicesService de contrôle des accèsService d'intégration et de composition de la demande
LA PLATEFORME WINDOWS AZURE
Platform
Compute Storage ManagementCDN
Database ManagementData Sync Reporting
App Data App Data
App Data App Data
AppFabricService Bus Access Control Caching Virtual Network
BÉNÉFICES DE WINDOWS AZURE
Un système d’exploitation pour le Cloud Qui permet de
Data centers
Services de Stockage
Virtualisation
Services Management
Sécurité et Contrôle
Qui gère à votre place Vous bénéficiez
Réduction des coûts
Agilité / on-demand
Efficacité
Interoperabilité
FocusGérer des
appsStocker
des datas
Héberger des apps
Créer des apps
LE CHOIX
PLATEFORME UNIFIÉE ET OUVERTE
Interopérabilité
Web et Clouds
Third party CloudWeb applications
On-premise
s LOB ApplicationsComposite applications
Compute Storage Management ManagementRelational data Connectivity Access control
Experience DeveloppeursSur la base de compétences existantes et d’outils connus.
WINDOWS AZURE PLATFORM
Créer de nouveaux services Cloud
LES OPPORTUNITÉS DISPONIBLES
Stocker des données dans le Cloud
Migrer des applications dans le Cloud
Créer de nouvelles solutions en créant des services Cloud
Etendre des applications au Cloud
EXEMPLES DE SCÉNARIOS
UsageCom
pute
Time
Average
Inactivity
Period
“On and Off “
Scénarios d’usage temporaireGaspillage de ressources non exploitéesDélais de déploiement parfois importants
Com
pute
Time
“Unpredictable Bursting“
Average Usage
Pics de consommation imprévisiblesImpact négatif sur la performanceTrop coûteux à anticiper ou provisionner
Average UsageCom
pute
Time
“Growing Fast“
Service à succès, réussite commercialeS’adapter à la demande est difficileTemps de déploiements et mise en oeuvre complexe
Com
pute
Time
Average Usage
“Predictable Bursting“
Services répondant à des saisonnalitésPics de consommation périodiquesComplexité du SI et gaspillage de ressources
LES PRIX DE LA PLATEFORME
Gestion automatisée, fédération d’identités,bus de données
Contrôle d’accès
1.41€/100K
Par transaction
Bus de données
2.82€
Par connexion
Bande passantePar Go transféré
0.11€ Go Entrant
0.14€ Go Sortant
Web edition
7.085€ / 1 Go / mois(1-5 Go)
Par database/mois
Haute disponibilité, tolérance aux pannes,à la demande
Business editionPar database/mois
70.91€ / 10 Go / mois(10-50 Go)
Bande passantePar Go transferé
0.11€ Go Entrant
0.14€ Go Sortant
Traitement
0.085€ / heure
(petite)
Par heure de service
Cycle de vie des applications, gestion automatiséedu système d’exploitation
StockagePar Go stocké et
transactions
0.11€ Go / mois
0.007€/10K transactions
Bande passantePar Go transferé
0.11€ Go Entrant
0.14€ Go Sortant
QUALITÉ DE SERVICE
Connectivitéréseau
Service connecté et accessible via le Web
Engagement pour 2+ instances/rôle
>99.95%
Base de données
disponible
Base de données connectée
Disponible et supervisée sur intervalles de 5-minutes
>99.9%
Supervision et redémarrage des instances
Supervision systématique des instances
Détection et action sur les défauts matériels
Automatique
Stockagedisponible
>99.9%
Stockage connecté et accessible
Requêtes complétées en intégralité
Servicesdisponibles
>99.9%
Bus de données accessible
Opérations sur les messages complétées en intégralité
TCO ANALYZER TOOL
http://www.microsoft.com/windowsazure/tco/
Détermine la valeur “quantitative” de Windows Azure
TCO du développement et opérations sur Windows Azure comparé à un hébergement traditionnel
Estimation du coût de fonctionnement sur Windows Azure
TESTEZ VOUS MÊME
Explorez l’infini en 24h au travers de 3 exercices et repartez avec un Pass qui vous permet d’accéder à un vrai compte Windows Azure gratuitement pendant 30 jours.
Les abonnés MSDN bénéficient d’avantages pour tirer profit de la plateforme Windows Azure tels que 750 heures/mois, base de données SQL Azure…
Offre de Découverte “Windows Azure Platform Introductory Special” — Cette offre promotionnelle vous permet d'essayer gratuitement la plateforme Windows Azure. L'abonnement comprend un niveau de base de 25h de calcul/mois, du stockage, du transfert de données...
http://www.windowsazure.fr
OFFICE 365
MICROSOFT OFFICE 365
MICROSOFT OFFICE 365
UNE MEILLEURE EXPÉRIENCE D’EFFICACITÉ
Travailler ensemble dans de meilleures
conditions
ACCÈS EN TOUT LIEU
Résolvez des problèmes de pratiquement
n’importe où
OUTILS FAMILIERS
SÉCURITÉ ET FIABILITÉ
99,9% de temps
garanti
CONTRÔLE INFORMATIQUE ET
EFFICACITÉ
Gardez le contrôle
OFFICE 365 ADAPTÉ À CHACUN
PME
Entreprises
Education
OFFICE 365 POUR LES TPE/PME (P1)
• Email, calendrier, contacts Exchange
• 25 GB de stockage pour la boîte aux lettres
• Support ActiveSync Mobile • SharePoint Team Sites 1
• Office Web Apps• Site web public 2
• Bases de données Access Online• Version riche de Lync • Etc.
PRINCIPALES FONCTIONNALITÉS
Office 365 (Pack P1)
5,25€/mois
• 1-25 utilisateurs(max 50)• Pas de compétences IT requises• Evaluation rapide, achat en quelques minutes• Simple et facile à utiliser• Fonctionne avec Microsoft Office• Niveau de disponibilité 99.9%, garanti financièrement1. One site collection, authenticated external user access enabled for up to 50 unique users/month.
2. Includes ready-to-use templates, option to add custom domain.
LIMITATIONS D’OFFICE 365 PACK P1
Synchro d’annuaire Active Directory1
Archivage2
BlackBerry Enterprise Services3
Croissance au-delà de 50 utilisateurs4
Support téléphonique 24x75
Administration avancée6
Office 365 pour les entreprises
SEGMENTATION PAR PROFILS
Utilisateurs occasionnels
Offre à prix réduit pour des utilisateurs qui ne disposent pas aujourd’hui de messagerie et de
collaboration
Packs K
Utilisateurs avancés
Offre riche qui répond aux besoins de collaboration et de messagerie des utilisateurs
exigeants
Packs E
SEGMENTS UTILISATEURS
Packs “Entreprise”Packs “Kiosk”
Utilisateurs occasionnels
Pack K29 €/m
Pack E19 €/m
Pack E214,25 €/m
Pack E322,75 €/m
Pack E425,50 €/m
Pack K13,57 €/m
1. Stockage suppl. SharePoint Online (1Go) – 2,23 €2. Extranet (accès partenaires) – 1,79€3. Support BlackBerry (BES) – 8,94€
EXCHANGE ONLINE
Co-Existence
LYNC ONLINE
Messagerie de base
Conférence Voix Remplacement PABX
Office 365 IndisponibleDispo avantJuin 2012
SHAREPOINT ONLINE
SITES D'EQUIPE
Communication intra-équipe et
gestion de projets
importants
SITES INTRANET
Communication interne à
l'entreprise
SITES EXTRANET
Partage sécurisé de documents
avec des partenaires et
clients
SITES WEB
Création d'un simple site web
public
MY SITES
Gestion et partage de
documents et contenus
personnels
Création et publication de contenuPartage de documents
RÉFÉRENCES
• Présentations:– Windows Azure Platform par David Chou – Microsoft Corp– Azure Services Platform par David Chou – Microsoft Corp
• Sessions Techdays 2011:– A la découverte de Windows Azure
G.Renard & S.Warin http://www.microsoft.com/france/mstechdays/showcase/player.aspx?uuid=0667e04a-627f-42ee-9475-a289fb36c010
– Office 365: Vue d’ensemble de la solutionC.Lentini, C.Fumey & D.Carohttp://www.microsoft.com/france/mstechdays/showcase/player.aspx?uuid=5c172a2a-ef9d-4880-81a5-48b8e536537e
VOS QUESTIONS?
4810/04/2023
Merci
nicolasgt@exakis.comhttp://nicolasgt.exakis.com
ANNEXES
10/04/2023 50
APPLICATION ARCHITECTURE
APPLICATION MODELS
Web Hosting Massive scale infrastructure Burst & overflow capacity Temporary, ad-hoc sites
Application Hosting On-premise extensions Composite applications Automated agents / jobs
Media Hosting & Processing CGI rendering Content transcoding Media streaming
Distributed Storage External backup and storage
High performance computing Parallel & distributed processing Massive modeling & simulation Advanced analytics
Information Sharing Common data repositories Reference data Knowledge discovery & mgmt
Collaborative Processes Multi-enterprise integration B2B & e-commerce Supply chain management Health & life sciences Domain-specific services
INTERNET-SCALE APPLICATION ARCHITECTURE
Design Horizontal scaling Service-oriented composition Eventual consistency Fault tolerant (expect failures)
Security Claims-based authentication & access
control Federated identity Data encryption & key mgmt.
Management Policy-driven automation Aware of application lifecycles Handle dynamic data schema and
configuration changes
Data & Content De-normalization Logical partitioning Distributed in-memory cache Diverse data storage options (persistent
& transient, relational & unstructured, text & binary, read & write, etc.)
Processes Loosely coupled components Parallel & distributed processing Asynchronous distributed communication Idempotent (handle duplicity) Isolation (separation of concerns)
Storage• Relational & transactional data• Federated databases• Unstructured, de-normalized data• Logical partitioning• Persistent file & blob storage• Encrypted storage
Connectivity• Message queues• Service orchestrations• Identity federation• Claims-based access control• External services connectivity
Presentation• ASP.NET C#, PHP, Java• Distributed in-memory cache
Services• .NET C#, Java, native code• Distributed in-memory cache• Asynchronous processes• Distributed parallel processes• Transient file storage
INTERNET-SCALE APPLICATION ARCHITECTURE
SERVICE BUS
ACCESS CONTRO
L
WORKFLOWS
User
Private Cloud
Public Cloud Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
ApplicationData
Reference Data
Cloud Web Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
User
Private Cloud
Public Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
Application Data
Reference Data
Composite Services Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
User
Private Cloud
Public Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
Application Data
Reference Data
Cloud Agent Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
User
Private Cloud
Public Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
Application Data
Reference Data
B2B Integration Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
User
Private Cloud
Public Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
Application Data
Reference Data
Grid / Parallel Computing Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
User
Private Cloud
Public Services
APPLICATION PATTERNS
Table StorageService
Blob StorageService
QueueService
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Web Svc(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
ASP.NET(Web Role)
Jobs(Worker
Role)
SilverlightApplication
Web Browser
MobileBrowser
WPFApplication
Service Bus
Access Control Service
WorkflowService
UserData
Application Data
Reference Data
Hybrid Enterprise Application
Enterprise Data
Enterprise Web Svc
Enterprise Application
DataService
StorageService
IdentityService
ApplicationService
Enterprise Identity
BUSINESSES CONSUMERS
INTERNET
WINDOWS AZURE ARCHITECTURE
Fabric
Compute Storage
Fabric controller
The Fabric Controller communicates with every server within the Fabric. It manages Windows Azure, monitors every application, decides where new applications should run – optimizing hardware utilization.
WINDOWS AZURE ARCHITECTURE
Computation provides application scalability. Developers can build a combination of web and worker roles. Those roles can be replicated as needed to scale the applications and computational processing power.
Storage Services allow customers to scale to store large amounts of data – in any format – for any length of time, only paying for what they use or store.
The Fabric Controller automates load balancing and computes resource scaling
Security and Control Features include storage encryption, access authentication, and over-the-wire encryption using HTTPS. Industry certification is part of the Windows Azure roadmap.
Geographically distributed, state-of-the-art data centers host your applications and data, internet-accessible from everywhere you choose to allow.
WINDOWS AZURE ARCHITECTURE
Interacts with a “Fabric Agent” on each machine
Monitors every VM, application and instance
Performs load balancing, check pointing and recovery
WINDOWS AZURE ARCHITECTURE
Fabric Controller
GOAL:SCALABILITYScale out by replicating worker instances as needed.
Allow applications to scale user and compute processing independently.
Two instance types: Web Role & Worker RoleWindows Azure applications are built with web role instances, worker role instances, or a combination of both.
Each instance runs on its own VM (virtual machine), replicated as needed
WINDOWS AZURE ARCHITECTURE
Compute
GOAL:SCALABLE, DURABLE STORAGE
Windows Azure storage is an application managed by the Fabric Controller
Windows Azure applications can use native storage or SQL Azure
Application state is kept in storage services, so worker roles can replicate as needed
Blobs: large, unstructured data (audio, video, etc)
Tables: simply structured data, accessed using ADO.NET Data Services
Queues: serially accessed messages or requests, allowing web-roles and worker-roles to interact
WINDOWS AZURE ARCHITECTURE
Storage
GOAL:AUTOMATED APPLICATION MANAGEMENT AND CONTROL
Fabric
The Fabric Controller automates service management
WINDOWS AZURE ARCHITECTURE
Services Management
Value Propositions :• XSPs, Server Ops• SQL CLR• 100% compatibility
Reso
urc
es
Dedicated
Shared
Low High“Friction”/Control
SQL Azure Database (RDBMS)
Hosted RDBMS
SQL Server
Value Propositions:• Auto HA, Fault-Tolerance• Friction-free scale• Self-provisioning• High compatibility
• Virtual DB server• Logical user database
(LUDB)• Resource governance @
LUDB• Security @LUDB
• Hosted SQL Server• Resource governance
@ VM• Security @ SQL
Server/OS
Roll-your-own HA/DR/scale
• SQL Server on-premises• Resource governance @
machine• Security @ SQL
Server/OS
Roll-your-own HA/DR/scale
Value Propositions :• Full h/w control –
size/scale• 100% compatibility
DATA STORAGE OPTIONS
SQL AZURE ARCHITECTURE
SQL Azure
TDS + TSQL Model
Web App
SQL Client*
Windows Azure
BrowserApplicatio
n
Application
REST Client
REST(Astoria)
ADO.Net +EF
Application
SQL Client*
Cloud
HTTP
HTTP+
RES
T
TD
S
* Client access enabled using TDS for ODBC, ADO.Net, OLEDB, PHP-SQL, Ruby, …
Data
Cente
r
ODBC, OLEDB, ADO.Net PHP, Ruby, …
Flexible access to data in the cloud
• Create client applications that access data in the cloud via TDS – just like on-premise SQL Server
• Create cloud-based Web applications in Azure that use standard SQLClient libraries with ADO.NET
• Create cloud-based REST data interfaces in Azure with ADO.NET Data Services and the Entity Framework
Low friction data storage provisioning
• Web interface for simple, database provisioning
• Scale seamlessly as needed
Self-managing data center• Automated maintenance
• Built in high-availability and data recoverability
Simple storage and hosted RDBMS
• Goal: A storage platform built for extreme scale and low cost
• Architecture:– An Azure account provides access
to SQL Azure– Each account can have one or
more logical server• Implemented as multiple physical servers
within a given geo-location
– Each logical server can contain one or more logical database• Implemented as replicated partitioned data
across multiple physical databases
AccountAzure wideBilling instrument
ServerDatabase metadataUnit of authorizationUnit of geo-location
DatabaseUnit of consistencyContains Users, Tables, Views, etc…
Has one or more
Has one or more
DATA PLATFORM DESIGN
Scalability and Availability: Fabric, Failover, Replication, and Load balancing
• Uses shared infrastructure at SQL database and below– Each user database is replicated to one or more servers (configurable based on SLA)– Client requests are routed to current “primary server” for read and write operations (based on SQL session)– Security, lockdown and isolation enforced in SQL tier
• Highly scalable and state-of-the-art HA technology– Automatic failure detection; client request re-routed to new primary on failure – High SLA guarantee using logical replication (hot standby replicas)– Automatic management, self-healing and load balancing across shared resource pool
• SQL Azure Database provides provisioning, metering and billing infrastructure
Machine 5
SQL Instance
SQL DBUserDB1
UserDB2
UserDB3
UserDB4
SQL Azure Database Provisioning (databases, accounts, roles, …, Metering, and Billing
Machine 6
SQL Instance
SQL DBUserDB1
UserDB2
UserDB3
UserDB4
Machine 4
SQL Instance
SQL DBUserDB1
UserDB2
UserDB3
UserDB4
DBA role will change to focus on policy/logical management
LOGICAL USER DATABASES
• Connect using common client libraries– ADO.NET, OLE DB, ODBC, etc.
• Clients connect to a database directly• Cannot hop across DBs• Large surface of SQL supported within the database boundary
– Future work will relax many of these constraints
Security
Connections
SECURITY AND CONNECTION MODELS
• Uses regular SQL security model– Authenticate logins, map to users and roles
– Authorize users and roles to SQL objects
• Supports standard SQL logins– Logins are username + password strings
– Service enforces use of SSL to secure credentials
– Future support for AD Federation, WLID, etc as alternate authentication protocols
• Account and server provisioning– Portal and API based access– Ex: enumerate my servers, show server usage
metrics, etc
• Each account has one or more servers– Ex: srv123.data.database.windows.net
• Each server has a virtual master database– Has subset of SQL Server master DB interface
• Each server has one or more SQL logins– System creates sysadmin login on “server creation”
• Databases created using “CREATE DATABASE”– Can be called by sysadmin or anyone with create DB
permission
* *
PROVISIONING MODEL
• SQL Server has many patterns for accomplishing tasks– SQL Azure Database supports a subset of full SQL Server
patterns– Focus on logical and policy based administration– Patterns work in both SQL Azure Database and SQL Server
• Enables migration of on-premise application to/from SQL Azure
• SQL Azure Database is a multi-tenant service– Throttling and load balancing policies– Examples: limit on DB size, duration of transaction, …
In Scope for v1
• Create/Alter/Drop on Database/Index/View• Stored Procedures (Transact-SQL)• Triggers• Constraints• Table variables, session temp tables (#t)• + lots of others
Out of Scope for v1• CLR• Service Broker• Distributed Transactions• Distributed Query• Spatial• All server level DDL• All physical DDL and physical catalog
views
SQL SERVER COMPATIBILITY
Departmental Applications
Departmental workgroup applications with low concurrency and cyclical usage patterns
Web Applications
Small customers or start ups with Web applications of all scale that have simple RDBMS needs
Data Hubs
Secure data hubs that consolidate multiple data sources and enable access from multiple locations and devices
ISV/SaaS Offerings
Traditional ISVs extending offering or selling software hosted in the cloud (including SaaS ISVs)
APPLICATION SCENARIOS
COMMON PATTERNS AND PROBLEMS
• How can you use cloud services to connect apps and services across deployment locations?– Bridge cloud, on-premises, and hosted assets– Navigate network and security boundaries, securely and simply– Handle identity and access across organizations and ID providers– Interoperate across languages, platforms, standards– Perform protocol mediation and schema mapping
• Customers need a way to:
Connect endpoints Control & secure access
Service Bus Access Control
.NET SERVICES PROVIDES SOLUTIONSFOR DEVELOPERS FACING THOSE PROBLEMS
Service Bus• Expose RESTful or SOAP services over the internet through firewall and NAT boundaries
• Communicate bi-directionally between apps and services in an interoperable manner
• Choose relays, queues, routers, and other message patterns and types
• Scale out naturally and reliably as apps and services grow
Access Control Service• Authorization management and federation infrastructure
• Provides internet-scope federated identity integration for distributed applications
• Use it to• Secure Service Bus communications• Manage user-level access to apps across organizations and ID providers
Connect Endpoints
firewall NATfirewall
01
01
0
11
1
00
11
0
11
1
0101
0111
0011
0111
Your app Customer/partner app
01
01
0
11
1 0
01
1 0
11
1
01
01
0
11
1
00
11
0
11
1
Service Bus
.NET SERVICES PROVIDES SOLUTIONSFOR DEVELOPERS FACING THOSE PROBLEMS
Service Bus• Network abstraction and virtualization infrastructure
• Enables many common shapes of communication in an efficient and interoperable manner
• Use it to• Connect applications across any network topology, including firewalls and NAT boundaries
• Exchange data between loosely coupled applications
Access Control Service• Integrate authorization into apps to control “what users are allowed to do”
• Federate with multiple identity systems across organizations and ID providers
• Easily apply fine-grained access control rules
• Secure Service Bus communications• Scale out naturally and reliably as apps and services grow
Control Access
4. Token
2. Claims
3. Map input claimsto output claims
5. Msg w/token
0. p
erio
dic c
ert e
xcha
nge
1. Define access control rules for a customer
6. Check claims
Your app Customer/partner users & apps
Access Control Service
Private Network Space
SERVICE BUS: CORE CAPABILITIES
• Internet-scoped overlay-network bridging across IP NATs and Firewalls with federated access control – Network Listen/Send from any Internet-Connected Device– Internet-scoped, per-endpoint Naming and Discovery– NAT/FW Traversal via TCP, TCP/Direct, and HTTP Web Streams
Internet Space
B
C
DA
ACS
ACS
ACS
ACS
ACS
SERVICE BUS: CORE CAPABILITIES
• Transfer raw and structured data allowing for any common shape of communication– Raw Data, Text, XML, JSON, …– Datagrams, Sessions, Correlated Messages– Unicast, Multicast
Octet-Streams
Text
JSON …
XML
…
A B
A B
A B
SOAP
XML-RPC
…
SERVICE BUS: CORE CAPABILITIES
• Built-In messaging primitives for temporally decoupled communication, routing, and message processing– Push/Pull translation for occasionally connected receivers– Publish/subscribe and message processing (after V1)
BAPush Pull
B
APush
C
DE
Push
PATTERN: NOTIFICATION FAN-OUT(SESSIONLESS UNICAST OR MULTICAST DATAGRAMS)
Windows Azure, Datacenter, Hosting, Amazon EC2, Google App Engine
“Worker Role” App Instance
AppInstance
Client Client Client Client Client Client
NATs
multicast
unicastunicast
ACS
ACS AC
SACS
ACS
ACS
ACS
ACS
ACS
PATTERN: REST RESOURCE MANAGEMENT(REQUEST/RESPONSE HTTP/HTTPS W/ ARBITRARY PAYLOADS)
Windows Azure, Datacenter, Hosting, Amazon EC2, Google App Engine
AppInstance
Storage
AppInstance
AppInstance
Storage
Storage
On-Premise App(s)
Cache
GET
POSTPUTDELETEPOST, PUT, DELETE
POST, PUT, DELETE POST, PUT, DELETE
On-Demand ‘Pull’ Sync
Continuous ‘Push’ Sync
ACS
ACS
ACSAC
S
ACS
In-House Outsourced
PATTERN: DOCUMENT EXCHANGE(SESSION-BOUND, APP-LEVEL ACK’D DOCUMENT TRANSFERS + NOTIFICATIONS)
Hosted
E-CommerceFront
Storage
Inventory / ShippingSystem
OrderingSystem
Storage
Storage
Hi-Fi Client Experience
PO SO Shipped
Order AcceptedOrder Processed
Ready
Delivered
ACK ACK
Web Client Experience
ACS
ACS
ACS
ACS
ACS
PATTERN: EXTERNAL DMZ(ANY COMMUNICATION STYLE, SECURE NAT TRAVERSAL FOR TCP & HTTP/S)
Home
Home Automation or Home Media Server
Storage
Devices
Web or Hi-Fi Client Experience
Internal Datacenter
Enterprise App Instance
Enterprise App
Instance
Enterprise App
Instance
Storage
Web or Hi-Fi Client Experience
Balance / Filter Reverse Proxy
Storage
net.
tcp/d
irect
htt
p(s
) /
net.
tcp AC
SACS
ACS
PATTERN: INTEGRATE “ANYTHING” (SESSION-BOUND, RAW-BINARY TRANSPORT TUNNELING)
Windows Azure, Datacenter, Hosting, Amazon EC2 (Windows)
AppInstance
On-Premise Data
NP Bridge
SQL Server
TDSPassthrough
ASP.NETADO.NET
NP Agent
ACS
On-Premise Infra
Socket Bridge
Exchange/Mail (SMTP/IMAP)Active Directory (LDAP)System Center (SNMP)
…
Socket Agent
ACS
SocketPassthrough
Apps & Services
HTTP Bridge
ERP, CRM, Custom Apps.NET, J2EE, ROR, PHP
…
J2EE, JDBC, JMS
HTTP/HTTPSPassthrough
w/ URI Rewriting
91
Merci de votre attention Des questions?
10/04/2023
top related