Embed Size (px)
Citation preview
Welcome!
• 4:00 – 4:15 PM: socialize• 4:15 – 5:00 PM: Overview of Microsoft Azure
cloud platform toolbox• 5:00 – 5:30 PM: networking break with snacks &
food packs• 5:30 – 6:15 PM: Cloud Architecture Patterns &
Anti-Patterns• 6:15 – 6:30 PM: give aways and wrap up• Thanks to Finomial, our host:
Contents © 2015 Bill Wilder
Microsoft Azure Overview
It’s a toolbox
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
Kolkata Azure21-Aug-2015
the term “cloud” is nebulous…
multiple types of cloud platform
“Bring Your Own” ____ as a Service
BYO UsersBYO
Applications
BYO Virtual Machines
PaaS
IaaS
SaaS
more
less
Expertise&
Flexibility
NIST: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Why Azure?
IaaS
Acc
ordi
ng to
Gar
tner
http:
//
ww
w.g
artn
er.c
om/t
echn
olog
y/re
prin
ts.d
o?id
=1-1
IMD
MZ8
&ct
=130
819&
st=s
b
Aug2013
PaaS
Acc
ordi
ng to
Gar
tner
http:
//w
ww
.gar
tner
.com
/tec
hnol
ogy/
repr
ints
.do?
ct=1
4010
8&id
=1-1
P502
BX&
st=s
b
Jan2014
Azure is a Toolbox
Key Point
to remember!
Azure is a Toolbox
• Code your app• Deploy your app• Host your app source code• Host your app database• Manage and Monitor your app• User management• Integration (hybrid cloud)• Dev/Test• Automate Operations• And much much much much more…
Amount we’ll touch onBreadth of
Azure
Code Your App
• Visual Studio integration & cross-platform tooling• Platform support for PaaS and IaaS• Fast-start templates for creating a web site in many
languages / toolkits• Supports many frameworks and languages
– ASP.NET, Node.js, Python, Java, PHP, …
DEMO
Deploy Your App
• Visual Studio Online (VSO)• Continuous Deployment (CD) from VSO,
github, others
DEMO
Monitor Your App: App Insights
• Monitoring support• Alerting support• Services for gathering logs
– “pets vs. cattle” • Application Insights
DEMO
Automating Automation: RunBooks
• I have stuff to automate …• … with PowerShell • On a schedule or ad hoc• Might have sensitive credentials• Might require auditing
DEMO
A Tale of Two Portals
Where’s Azure?
A global map:
http://azuremap.blob.core.windows.net/apps/bingmap-geojson-display.html
Azure “Geo” Coming to Indiahttp://www.business-standard.com/article/news-ians/microsoft-s-private-preview-of-cloud-services-from-india-in-july-115060401040_1.htmlhttp://news.microsoft.com/en-in/microsoft-announces-commercial-cloud-services-from-local-datacenters-by-end-2015/
“Microsoft Announces Commercial Cloud Services from Local Datacenters by End 2015”“Microsoft's private preview of cloud services from India in July”
What’s Next?
• There’s a lot MORE to Azure!• http://www.meetup.com/KolkataAzure/• Free Trial: • MSDN credits• Free ebook: Microsoft Azure Essentials
Fundamentals of Azure
Questions?
Take a Break
• 5:00 – 5:30 PM: networking break with snacks & food packs
• 5:35 – 6:20 PM: Cloud Architecture Patterns & Anti-Patterns
• 6:20 – 6:30 PM: give aways and wrap up
Content © 2015 Bill Wilder
Cloud Architecture Patterns & Anti-
PatternsSome bad ideas and some better ones
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
Kolkata Azure21-Aug-2015
Contents © 2015 Bill Wilder
Cloud Architecture Patterns & Anti-
PatternsSome bad ideas and some better ones
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
Kolkata Azure21-Aug-2015
Find this slide deck here
26
Technology Skills
Ability to Communicate
Business Awareness
ArchitectSkills
Technical Business Decisions
28
Famous Architect: AristotleOn Properties:• Essential property = must
have • Accidental property =
happens to have but could lack
For effective software architect, all are Essential Properties
Technology Skills
Ability to Communicate
Business Awareness
30
Top 10 “Blunders” by Enterprise Architects
#3. Not engaging the business partners#2. Insufficient understanding and support
from stakeholders#1. The Wrong Lead Architect (for non-
technical reasons)#7. Not … Communicating the Impact#10. Not Spending Enough Time on
Communications Source http://www.sdtimes.com/link/33787 The top 10 enterprise architecture
blunders By Alex Handy, September 25, 2009
To cloud or not to cloud?
control vs. cost
Ctrl
€$¥
Ctrl
€$¥Technology Skills
Ability to Communicate
Business Awareness
Cloud Services … in the Cloud“who would’ve thought”
Cloud is a business innovation technology services + flexible rental model new types and combinations of services
1/9th above w
ater
Services: TTM & Sleeping well
Treating your ops team as equivalent to the cloud
vendor’s ops team
(They are not. Let cloud vendor handle service operations. Use
services. You focus on your app.)
Anti-Pattern #1
What is an Anti-Pattern
Wikipedia says: (http://en.wikipedia.org/wiki/Anti-pattern)
“A common response to a recurring problem that is usually ineffective and risks being highly counterproductive.”
Bill’s amplification:“An anti-pattern approach may seem reasonable, or actually be reasonable in other contexts. There may be problems that are not yet be apparent.” Often depends on the situation.
This talk will span:
Architecture and Architects
• N-tier, SOA, μSvcs• Multi-data center• Horizontal scaling• Expects failure• Eventual consist
Traditional Cloud-Native
• 2-tier• Single data center• Vertical scaling• Ignores failure• Transactional consist
• Less flexible• More manual/attention• Less reliable (SPoF)• Maintenance window• Less scalable, more $$
• Agile/faster TTM• Auto-scaling• Self-healing• HA• Geo-LB/FO
TELL
S/CL
UES
CON
SEQ
UEN
CES
Tells: Traditional vs Cloud-Native
Which is “best” architecture?
There is no “best” architecture – it is situational, a Technical Business Decision.
Cloud-native popularity growing in proportion to the shrinking cost
and competitive benefits.
One-size-fits-all architecture
Anti-Pattern #2
[Cloud] Anti-Pattern Causes
• Abstraction misalignment• Not reading the fine print• Insufficient ongoing attention to cost• Insufficient ongoing attention to
automation
www.pageofphotos.com (PoP)
Move Simple PoP App to Cloud
WHAT NOW?
Scalability &
Performance &
Cost&
Automation
Time passes…
PoP has lots of photos
www.pageofphotos.com
One-size-fits-all data storage
(perf, scalability, cost)
Anti-Pattern #3
Upgrade to scenario-specific storage
Some$, Perf, Scale
benefits
PoP uses Valet Key Pattern
Even more$, Perf, Scale
benefits
CDN for public content
Many, many other storage options also available: NoSQL varieties, caches, etc.
Always access raw data (regardless of distance, cost)
(performance, scalability, cost)
Anti-Pattern #4
PoP web tier goes multi-instance…
Users experiencing login issues*
*Depending on configuration …
Are Cloud Resources Infinite?
“We often hear that public cloud platforms offer the illusion of infinite resources. … This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.”Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book
Running stateful VMs in web / service tiers
(Limits horizontal scalability & complicates autoscale – but
sometimes is reasonable option)
Anti-Pattern #5
I don’t have a slide on this, so won’t mention it, but there’s also …
sharding
Reliability
PoP Adding Video Support
(uh oh!)
Current
Let’s extend PoP with a Service Tier
REQUEST / RESPONSE(http + json)
OPTION 1: Request/Response Services
Serv
ices
Tie
r
Web
Tie
r
Dat
a Ti
er
Stateless StatelessServices
webbrowser
Coupling Between Tiers(reliability, scalability, cost)
(Situational: I frequently violate!Also relates to microservices.)
Anti-Pattern #6
Cloud Platform Reliable Queues
• Azure Storage or ServiceBus Queue• AWS Simple Queue Service• Google Pub/Sub
• Durable – won’t lose your data• Reliable – backed by SLA and ops team• Scalable – Internet scale• Approachable – REST + many SDKs
Basic Idea
ReliableQueue
WorkProducers
WorkConsumers
OPTION 2: Async Services
Serv
ices
Tie
r
Web
Tie
r
Dat
a Ti
er
Stateless StatelessServices
webbrowser
push pull
StatelessServices
Notice anything “missing”
?
There is no transaction
Get used to idea of eventual
consistency
Enables Responsive UX
• Response to interactive users is as fast as a work request can be persisted
• UX challenge due to async processing– Eventual consistency processing – Eventual satisfaction for users
Enables More Reliable Service
• Decoupled front/back provides insulation• Blocking is bane of scalability
General Case: Many Queue Types
WebRole(IIS)
WorkerRole
WebRole(IIS)
WebTier
(Public)
WorkerRoleWorker
RoleService
Tier Type 1
WorkerRoleWorker
RoleWorkerRoleWorker
Role Type 2
Queue Type 1
Queue Type 2
Queue Type 1
Queue Type 2
Queue Type 3 Worker
Role Type 2
WorkerRole
Type 2
Service Tier
Type 2
WebTier
(Admin)
Enables Cost-Efficient Scaling
• Loosely coupled, concern-independent scaling• Get Scale Units right• Optimize for CO$T EFFICIENCY
• GOAL:
cost α benefit
How about the queue API?
A reliable queue works just like any other queue,
right?
(beware the abstraction mismatch)
Anti-Pattern #7
Reliable Queue & 2-step Delete
WebTier
Service Tier
var url = “http://pageofphotos.blob.core.windows.net/up/<guid>.png”;queue.AddMessage( new CloudQueueMessage( url ) );
var invisibilityWindow = TimeSpan.FromSeconds( 10 );CloudQueueMessage msg = queue.GetMessage( invisibilityWindow );
(… do some processing then …)
Queue
queue.DeleteMessage( msg );
Idempotent Processing
An idempotent operation can be performed more than once
without changing the end result.
Key technique in lieue of
distributed transactions
Poison Message Detection
A poison message is a flawed message that can never be
successfully processed.
Tiers of Cloud Failure
• Transient API/DB connection failures• Temporary/Ephemeral drive loss• DC outage (or smoking hole)• Zone/Region outage (or smoking hole)• Global outage
“Failure is not an option”
(Failure is routine, at least at lower tiers.)
Anti-Pattern #8
Programming against Cloud Services as though
they were reliable
(Transient Failures handled using Busy Signal Pattern)
Anti-Pattern #9
Security
• A1-Injection• A2-Broken Authentication and Session Manag
ement• A3-Cross-Site Scripting (XSS)• A4-Insecure Direct Object References• A5-Security Misconfiguration• A6-Sensitive Data Exposure• A7-Missing Function Level Access Control• A8-Cross-Site Request Forgery (CSRF)• A9-Using Components with Known Vulnerabili
ties• A10-Unvalidated Redirects and Forwards
What about…
unicorn cloud security for apps
Copyright © 2013 Elizabeth B. O’Connor • used with permission • www.elizabethboconnor.com
SQL
INJECTIONSESSION
HIJACKINGCSRF
XSS
Belief in cloud app security unicorns
Reality: your app’s vulnerabilities will port very cleanly to your favorite cloud platform
Anti-Pattern #10
Little Bobby Tables (still a problem)
Conflating App & Platform security
secure compliant
Anti-Pattern #11
Cloud News from June 2014
• http://www.codespaces.com/• A cautionary tale…
– DDoS– Security Breach– Ransom / Extortion– Fighting Back– Malicious Destruction of Assets– Business Failure EL
APSE
D T
IME
12 H
OU
RS
1FAsingle-factor auth(2FA/MFA is widely available)
Anti-Pattern #12
The architecture of a cloud-native application is aligned with the
architecture of the underlying cloud platform.
Hiring!
HIRING at Finomial Corporation• Are you a talented senior engineer/architect
interested in financial services space?• Technology stack is ASP.NET on Azure + SPA
• Except where noted, slide deck is © 2014 Development Partners Software Corporation • http://www.devpartners.com •
And….
Bill Wilder@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
Find this slide deck here
des questions?
