PowerPointova predstavitev

Download Report

Transcript PowerPointova predstavitev

Seminar Windows Azure
Bootcamp za razvijalce
Rok Bermež, Kompas Xnet
Nivo 300
SQL Azure
•
•
•
Nivo 300
Azure…Where’s my stuff?
• Local Storage
• Unstructured
• Blob Storage
• Tables
• Queues
• (NOT relational)
BUT we want RELATIONAL!
Hello SQL Azure…
Nivo 300
History of SQL Server
Departmental
Server
Local Server
Enterprise
Server
Cloud Server
Nivo 300
A Server is not a Machine
Nivo 300
How it Works
Applications
Tools
ODBC
ADO.NET
TDS
SQL Azure Server
Connection Routing
Billing
Provisioning
SQL
Server
SQL
Server
SQL
Server
SQL
Azure
Fabric
SQL
Azure
Fabric
SQL
Azure
Fabric
Server
Server
Server
Nivo 300
Set up a server...
• Browse to http://windows.azure.com
Nivo 300
SQL Azure Firewall
Internet
 IP Address-based
access control for SQL
Azure
• No IP authorized by default
 Configurable using
the SQL Azure Portal
 Option to
disable/enable access
from applications
hosted in Windows
Azure
Nivo 300
Set up a SQL Azure Server
demo
Nivo 300
Management Portal for SQL Azure
• Replaces Database Manager for SQL Azure
• Two Workspaces:
• Database Schema
• Create/Alter/Update tables, views, stored procedures.
• Query Editor for Working with T-SQL Queries
• Database Lifecycle
• Create and Drop databases
• Extract data-tier applications from existing SQL Server
databases
• Deploy DAC packages
Nivo 300
Nivo 300
Connecting with SSMS
Nivo 300
Create SQL Azure database
demo
Nivo 300
Considerations...
Application connectivity
Compatibility
Migration
Administration & Security
Price, Size and Edition
Code Near vs. Code Far vs. Hybrid
Partitioning, Sharding and Federation
Backup and Replication
SQL Server Reporting Services
Nivo 300
Connecting to SQL Azure
• SQL Azure connection strings follow normal SQL syntax
• Applications connect directly to a database
• “Initial Catalog = <db>” in connection string
• No support for context switching (no USE <db>)
• Some commands must be in their own batch
• Create/Alter/Drop Database & Create/Alter/Drop Login, & Create/Alter USER with
FOR/FROM LOGIN
• Encryption security
• Set Encrypt = True, only SSL connections are supported
• TrustServerCertificate = False, avoid Man-In-The-Middle-Attack!
• Format of username for authentication:
• ADO.Net:
Data Source=server.database.windows.net;
User ID=user@server;Password=password;...
• Setup your firewall rules first!
Nivo 300
SQL Azure Compatibility
Currently Supported
Not Currently Supported
Tables, indexes and views
Stored Procedures
Triggers
Constraints
Table variables,
session temp tables (#t)
• Spatial types, HierarchyId
• Data Types
•
•
•
•
•
• Sparse Columns, Filestream
• Partitions
• Full-text indexes
• SQL-CLR
Tables require clustered indexes
Nivo 300
SQL Azure Security
Traditional SQL Server vs SQL Azure
•
•
•
•
•
•
SQL (native) and Windows
Integrated authentication
Authorization based on database
users and roles
Server roles such as serveradmin,
securityadmin and dbcreator
Access via TDS + SSL on port TCP
1433
Firewall and IP blocking using host
firewall
Support for native encryption
(TDE)
•
•
•
•
•
•
SQL (native) authentication
only, no Windows
authentication
Authorization based on
database users and roles
Adds login manager and
dbmanager roles in Master DB
to simulate relevant server
roles
Access via TDS + SSL on port
TCP 1433
Native SQL Azure firewall for IP
blocking
No native encryption support
Nivo 300
SQL Azure Security
Authentication and Authorization Model
Used to authenticate access at the server level
SQL Server
Logins
Database Users
Database Roles
Used to grant access at the database level
Used to group users and grant access at the database
level
Nivo 300
Authorization, Auditing and Encryption
Support
• Database-level permission model in SQL Azure is
same as on-premise SQL Server
• Logins associated to users in databases
• Users may be part of one or more database roles
• Permissions granted to roles or directly to users
• Auditing is not supported in the current version
of SQL Azure
• No native encryption support (TDE) yet
• Azure requires SSL encryption and offers optional
certificate validation connection string
• Encrypt=True;TrustServerCertificate=Fals
Nivo 300
Migration Options
• Generate Script Wizard
• Produce a SQL script compatible with SQL Azure, Schema
and/or data
• SQL Server Migration Assistants (downloadable)
Schema
LOGICAL
Tables, Views,
Constraints, SProcs,
UDFs,
PHYSICAL
Users, Logins,
Indexes
Future - DAC Deployment Profile
Deployment Requirements, Management
Policies, Failover Policies
• Import/Export
• DAC export and import operations to copy databases
between SQL Azure servers, or to migrate databases
between SQL Server an SQL Azure.
Nivo 300
Unit of Deployment
• MySQL, Oracle, Access, SQL Server...
• Data-tier Application Component (DAC)
• New unit of deployment for T-SQL apps.
• Supports Install, Uninstall
• Supports DAC features in SQL Server
2012
More Migration Options
• SSIS
• Migrates data, not schema
• Be careful of SQL Azure throttling
• BCP
• Migrates data, not schema
• Can be slow
• SQLAzureMW
• Useful for catching unsupported features in SQL Azure
• Moves data efficiently
• Unofficially supported
Nivo 300
Migration Demo Using DAC
demo
Nivo 300
Security Model
Uses regular SQL security model
Authenticate logins, map to users and roles
Authorize users and roles to SQL objects
Support for standard SQL Auth logins
Username + password
Security model is compatible with on-premise SQL
Nivo 300
Size Matters
Nivo 300
Pricing
Database Size
Price Per Database Per Month
0 to 100 MB
$4.995
> 100 MB to 1 GB
$9.99
> 1 GB to 10 GB
$9.99 for the first GB, $3.996 for each additional GB
> 10 GB to 50 GB
$45.954 for the first 10 GB; $1.998 for each additional GB
> 50 GB to 150 GB
$125.874 for first 50 GB; $0.999 for each additional GB
Data transfer at standard rates
 North America and Europe: $0.12
 Asia Pacific: $0.19
Nivo 300
Scale-out with SQL Azure Today
Elastic Provisioning of Databases
CREATE DATABASE and go
No VMs, no servers
Pay-as-you-go business model
Don’t need it --- DROP it
Zero Physical Administration
Built-in High Availability, patching, maintenance
Database Copy, SQL Azure Data Sync
Nivo 300
Backups
• Database Copy
• Enzo Backup for SQL Azure
• Red-Gate
Nivo 300
Database Copy
• Makes a transactional copy of your database to a
database with a new name on the same server, or
to another server
• No downtime on the source database
• Transactional equivalent at the END of the copy
• Only works within the same datacenter
• Must have matching credentials on the servers
• Must have db_owner on source and dbmanager
on destination
Nivo 300
Database Copy
CREATE DATABASE destination_database_name AS COPY OF
[source_server_name.]source_database_name
To See progress:
SELECT * FROM sys.dm_database_copies
Nivo 300
Enzo Backup for SQL Azure
•
•
•
•
•
•
•
•
•
Backup SQL Azure
Restore to SQL Azure or on-premise
Schedule backup jobs
Backup single schema
Restore specific tables
Run backup entirely in cloud using cloud agent
Backup are transactionally consistent
Uses Blobs
http://www.bluesyntax.net/backup.aspx
Nivo 300
Red-Gate
• Backup and Copy a SQL Azure database to Azure Blob or SQL Server
• Automate and schedule Azure backups via stand-alone .exe
Nivo 300
Backup Demo
demo
Nivo 300
Connection management
Dead Lock
Lost Connection / timeouts
SQL Azure Throttling Engine
DB Quota – oversize
Idle connections – connection pool
Transaction timeout – 24h
DoS attacks
Failover
Nivo 300
Retry Logic
SELECT null
try {} catch {}
Windows Azure CAT –
Transient Retry Logic
ITransientErrorDetectionStrategy
Code or app/web.config
IEnumerable vs. ICollection
Nivo 300
Summary
SQL Azure IS SQL Server…a TDS endpoint
Create DB’s and manage using what we already know
Data Migration strategies to fit specific needs
Considerations and futures paint exciting picture of what to expect
looking forward
Nivo 300
Windows Azure Services
-
Nivo 300
Motivating Challenges
• How do you integrate with components outside your corporate
network?
• How do you expose your software to users outside of your
organization?
• Can they use their existing identities? Social identities?
• What about smaller, non-enterprise customers?
• How do you reduce latency and increase performance?
• <the list goes on…>
Nivo 300
Windows Azure Services
• Comprehensive building block services for developing, deploying,
and managing applications
• Higher level Platform-as-a-Service (PaaS) capabilities
• Increase developer productivity
• Bridge existing applications to the cloud
Windows Azure Services
Caching
Service Bus
Access Control
Integration
Applications
(WF, WCF)
Nivo 300
Identity in the Cloud is Hard
Outside of identity domains
Too many islands of identity
Current technology hard or not interoperable
Managing 3rd party accounts in your system is risky
Nivo 300
Three geeks walk
into a bar…
Nivo 300
What is Access Control?
• Used to authenticate and authorize users
• Integration Single Sign On and centralized authorization into your
web applications
• Standards-based identity providers
• Enterprise directories (e.g. Active Directory Federation Server
v2.0)
• Web identities (e.g. Windows Live ID, Google, Yahoo!, and
Facebook)
Nivo 300
Access Control Website Sequence
Browser
Identity
Provider
Access
Control
Application
Nivo 300
Access Control Features
• Integrates with Windows Identity Foundation and
tooling
• Claims-based access control
• Support for OAuth WRAP, OAuth 2.0, WS-Trust, and
WS-Federation protocols
• Support for the SAML 1.1, SAML 2.0, and Simple Web
Token formats
• Integrated and customizable Home Realm Discovery
• OData-based Management Service to ACS
configuration
Nivo 300
ACS Demo
demo
Nivo 300
Service Bus
• Interconnect services across networks
• Naming and Discovery
• Connectivity w/ NAT and Firewall Traversal
• Access Control Integrated Authorization
• Cloud-Based Message-Oriented Middleware
• Next Generation Message Queue Technology
• Rich Publish/Subscribe with Filtering
• Transaction Integration
Nivo 300
What is the Caching service?
• A distributed, in-memory cache for applications running in Windows
Azure
• Simple administration; end-user doesn’t bother with configuration,
deployment, or management
• Provides a scalable solution with low latency and high throughput
• Based on Windows Server AppFabric Caching
Nivo 300
Latency Pyramid
Memory
Network
Disk
Nivo 300
Caching Features
• ASP.NET providers for session state and page output caching
• Cache any managed object
• 8MB object size limits
• No serialization costs for local caching
• Easily integrates into existing applications
• Secured by Access Control
Nivo 300
Caching demo
demo
Nivo 300
Diagnostics and Service
Management
-
Nivo 300
How do you do diagnostics today?
How do you manage your applications
and services today?
Nivo 300
Challenges with diagnostics in the cloud
Many instances
They move around
Massive amount of data
Can’t remote desktop in to 10 machines at once without going bezerk
Users move across instances
Try tracing a user session across those...
Nivo 300
The Diag engine brings all of the sources
together for you.
Enable it by adding the diagnostics import
MonAgentHost.exe started on each instance
Listener wired up in app/web.config
Need to define a storage account connection string
Add perf counters, logs, ... in diagnostics.wadcfg
Nivo 300
How does it work (in a nutshell)?





Role Instance
Role Instance Starts
Diagnostic Monitor Starts**
Monitor is configured
 Imperatively at Start time
 Remotely any time
Monitor buffers data locally
 User can set a quota (FIFO)
User initiates transfer to storage
 Scheduled
Role
Diagnostic
Monitor
Local directory storage
Nivo 300
Diagnostics sources
Data Source
Default
Destination
Trace Logs
Enabled
Azure Table
Diagnostic Infrastructure Logs
Enabled
Azure Table
IIS Logs
Enabled
Blob
Performance Counters
Disabled
Azure Table
Windows Event Logs
Disabled
Azure Table
IIS Failed Request Logs
Disabled
Blob
Crash Dumps
Disabled
Blob
Arbitrary Files
Disabled
Blob
Nivo 300
The Escape Hatch
Allows you to collect any file that is in a defined directory
Can be used for:
If you’re using another logging framework
Collecting custom audit files
Any source of data
Usage data for billing
Nivo 300
Loading the Diagnostic Agent
The agent is loaded as an Azure module in the ServiceDefinition.csdef
Nivo 300
Loading the Diagnostic Agent
The module expects a connection string named:
A production connection string must be HTTPS.
Tip: put diagnostics in a separate account to mitigate throttling
Nivo 300
Write to Trace Output
Nivo 300
Common Patterns
Get Config
From default
Current running
Make a change to the config
Start the Diag agent with new config
Nivo 300
Changing Config
Can change from within the instance
Affects only that instance
Then start the agent immediately
Can change from outside for all roles
Change the central file
Agent notices a change and reloads
Affects all instances of that role
Nivo 300
Remote Configuration
Poll Interval
Role Instance
Role
Diagnostic
Monitor
Local directory
storage
Nivo 300
Get the Current Configuration
Nivo 300
Make changes to the config
Nivo 300
Commit the change
Nivo 300
Sample Results
Nivo 300
Log Filters
Does not filter data collected
Only filters what is transferred
transferOptions.LogLevelFilter =
LogLevel.Error;
Nivo 300
Visualizing the data
Nivo 300
Visualizing the data
Nivo 300
Visualizing the data
Nivo 300
Schedule Transfers
Each source is assigned its own schedule
Data is transferred at the right time
Set interval to 0 to disable transfer
Nivo 300
On Demand Transfers
Handy for responding to events
Handled like an external config change
Requests are handled asynchronously
Returns a request id when submitted
Can report success to a queue
Nivo 300
Service Management API
Allows us to do almost anything the portal can do
Nivo 300
API Authentication
All API calls must be signed with a registered administrative
certificate
Nivo 300
Deploying Services
• Delete/Create Deployment
• Visual Studio does this.
• VIP will change
• Service Model Updates don’t matter
• VIP Swap
• Bring up another environment in Staging and swap
• Only Input Endpoints (external ports) matter
• In-Place Upgrade
• Rolling upgrade across roles
• Slightly more restrictive on changes (capacity / availability
limited).
• Web Deploy*
Nivo 300
Deployment Options Summary
Changes Permitted
In-Place Update
VIP Swap
Delete & ReDeploy?
OS Version
Yes
Yes
Yes
.NET trust level
Yes
Yes
Yes
VM Size
Yes
Yes
Yes
Yes
Yes
Warning: Changing VM size will destroy local data.
Requires SDK 1.5 or later.
Local storage settings
Yes
Increase only. Requires SDK 1.5 or later.
Add or remove roles in service
Yes
Yes
Yes
Number of instances of a role
Yes
Yes
Yes
Number or type of endpoints for a
service
Yes
No
Yes
Warning: Availability may be temporarily lost as endpoints are updated.
Requires SDK 1.5 or later.
Names & values of configuration
settings
Yes
Yes
Yes
Values (not names) of
configuration settings
Yes
Yes
Yes
Add new certificates
Yes
Yes
Yes
Change existing certificates
Yes
Yes
Yes
Deploy new code
Yes
Yes
Yes
Nivo 300
Configuring VS2010
Nivo 300
Deployment Environments
• Two Environments to choose from
• Nearly Identical…
• <servicename>.cloudapp.net
• <deploymentID>.cloudapp.net
• VIP Swap between them
Nivo 300
If the cube is
Gray,
You’re OK.
If the cube is
Blue,
a bill is due.
Even when you ‘suspend’ your service, you will still be
charged. Suspend only disables inbound traffic. The
code is actually still running.
Nivo 300
Worried about leaving something
running?
Download the Grey Box Application
GreyBox.CodePlex.com
Open source, originally written by Strategic Data Systems and Mike
Wood
Reminds you if you have apps running, and helps you stop them
Avoids overrun of MSDN allocation
Nivo 300
Grey Box
Nivo 300
MOCP will notify you
MOCP will send an email to the Live ID of the subscriber when
compute reaches:
75%
100%
125%
Only works for committed hours, not for pay as you grow hours
Nivo 300
VIP Swap Upgrades
Swap Virtual IPs between the two slots
Production becomes Staging
Staging becomes Production
Instances are not affected
DNS and LB remains intact
Happens very fast
Can only use when the service model hasn’t changed
Nivo 300
VIP Swap
Worker Role
Load Balancer:
Prod
Stage
Worker Role
VM
VM
VM
VM
Nivo 300
In-Place Upgrades
Rolling upgrades are IT Nirvana
Difficult to do in traditional IT
Leverages Upgrade Domains
Service model must be identical (ie. No new roles, no changes in .csdef, etc.)
For Each Upgrade Domain
Stop instances
Update
Start instances
Nivo 300
In Place Upgrade
Load Balancer:
#1
#2
Worker Role
Worker Role
#1
#2
Nivo 300
Fault and Upgrade Domains
• Fault Domains
• Represent groups of resources anticipated to fail together
• i.e. Same rack, same server
• Fabric spreads instances across fault domains
• Default of 2
• Upgrade Domains
• Represents groups of resources that will be upgraded
together
• Specified by upgradeDomainCount in ServiceDefinition
• Default of 5
• Fabric splits Upgrade Domains across Fault Domains
and Across Roles
Nivo 300
Upgrade Domains
Defined in .csdef
Instances evenly distributed
Isolated
Hardware
Isolated
Hardware
Isolated
Hardware
Upgrade
Domain 1
Role A
Instance 1
Role B
Instance 2
Role C
Instance 3
Upgrade
Domain 2
Role B
Instance 1
Role C
Instance 2
Role A
Instance 3
Upgrade
Domain 3
Role C
Instance 1
Role A
Instance 2
Role B
Instance 3
Fault
Domain 1
Fault
Domain 2
Fault
Domain 3
Nivo 300
How?
Can be done via portal or the management API
Upgrade Mode: Automatic or Manual
Manual waits for human intervention to confirm upgrade is ok
before proceeding
Nivo 300
Changing Configuration
Change any setting in .cscfg
Change the number of instances running
Three approaches:
Edit on portal
Upload new file in portal
Upload new file with management API
By default, changing the number of instances does not affect running
instances. Any other config restarts the instances.
Nivo 300
Deployment and Management Tools
Visual Studio*
CSManage.exe
Windows Azure MMC
Windows Azure Service Management (WASM) cmdlets
SCOM
3rd Party tools
Nivo 300
Windows Azure Service
Set of PowerShell cmdlets
Wraps management REST API and diagnostics API
Enables building of
sophisticated deployment
scripts
Works with the rest of
the .NET CLR
Nivo 300
Windows Azure MMC
MMC Snapin providing graphical view of
services, diagnostics, and storage
Built on top of WASM Cmdlets
Plugin-based, extensible
Remotely configure diagnostics
Download and view diagnostics
Nivo 300
Monitoring
Windows Azure Diagnostics (Cerebrata.com)
System Center Monitoring Pack for Windows Azure Applications
Monitors Health, Scales, and more
http://www.microsoft.com/download/en/details.aspx?displaylang=
en&id=11324
Nivo 300
Autoscaling
Windows Azure does not autoscale
What is ‘busy’ for your app is different than someone else
Windows Azure gives you the tools
Not an easy problem to crack
Define inputs
Define rules to determine busy or stagnant state
Make adjustments
Don’t run amok, put a human in somewhere
Nivo 300
WASABi
Windows Azure Autoscaling Application Block
Part of Enterprise Library
Scales based on a variety of reactive rules
http://blogs.msdn.com/b/agile/archive/2011/09/12/annou
ncing-windows-azure-autoscaling-block-preview.aspx
http://entlib.codeplex.com/wikipage?title=WASABiBetaRel
easeNotes&referringTitle=EntLib5Azure
Nivo 300
VPRAŠANJA?
Po zaključku predavanja, prosimo, izpolnite vprašalnik.
Vprašalniki bodo poslani na vaš e-naslov, dostopni pa bodo tudi
preko profila na spletnem portalu konference www.ntk.si.
Najlepša hvala!
Nivo 300