How to deploy enterprise applications in the Windows Azure Public cloud environment

Enterprise Internal application conversion to online service

Windows Azure has become a hot topic for many IT service providers, some of whom argue that only applications that provide an Internet User Service are appropriate to run in a public cloud environment. However, in fact, in the current Windows Azure environment, there are many enterprises that also put the internal applications on the public cloud, they include:

Web/brower architecture. The Web server is directly placed in the Windows Azure environment, facilitating employees in the enterprise to connect to the intranet or Internet access via HTTPS. This can reduce network traffic between offices in different countries, especially in a multinational enterprise environment.

Client/server architecture. Application servers are placed in Windows Azure environments, and user-side applications can be deployed on PCs or mobile devices for easy user access. If you consider network security, you can also add VPN or other security mechanisms.

This article focuses on a case where an enterprise deploys an application that was originally in the Enterprise Data Center to Windows Azure. In the enterprise's data center, the application is to enable enterprises to purchase software to deploy themselves to the physical machine, the enterprise to arrange IT staff to the client to help maintain and update the software. After migrating to Windows Azure to deploy online services, you can save the cost of buying additional server hardware and reduce it's workload on customer service, and later upgrades and maintenance can be scripted directly in Windows All virtual machines and software are configured in an Azure environment. The main contents of this article are: Analysis of the key points of the application architecture before migration, configuration to be adjusted during deployment, possible different deployment methods, etc. The Windows Azure application Deployment principle is designed according to the best environmental requirements for the application's actual operation.

The following is an overview of the architecture environment for the application to migrate, followed by the process of migrating to Windows Azure. Research work mainly from the hardware, network, storage, application and other four aspects, to understand the shortcomings of the existing environment and customer expectations of the improvement. Then explain the benefits of migrating to widnows Azure and what improvements have been achieved.

Original Application Architecture Environment research

Server

For traditional data centers, users use the Internet to access the applications installed on the server, and partners directly develop new plug-ins to upload to the server and integrate with existing applications. The basic configuration for each customer is a Web server and a database server. The traditional data center environment of the Enterprise adopts the way of providing physical machine directly, or the client prepares the physical machine to install the application.

Migrating to the Windows Azure Virtual machine environment can increase the efficiency of the server's hardware resources usage.

Network environment

By default, the network environment should isolate the virtual machine networks of different customers and use VLAN IDs to isolate network channels on the same switch. But because you need to patch all the servers (apply their own patches with Windows Server, SQL Server patches), you must connect to the Management Server, which is easy to implement on physical switches. However, after migrating to the Windows Azure environment, you can only use the virtual network of Azure itself, and the solution will be detailed later.

Store

In the traditional data center, all the virtual machine files are placed in the physical server outside the shared storage, through the cluster to solve the problem without understanding, the fault processing logic can be automatically migrated to other physical machines, restart and continue to run. The service you are using will be interrupted and there may be a small amount of data loss, and the database rollback technology will continue to work correctly. But for customers, the quality of service needs to be further strengthened. Because of cost constraints, data in shared storage is not replicated to other data centers synchronously.

Application

The enterprise is ready to migrate the application belongs to the three-tier architecture, in order to simplify the installation and operation of maintenance requirements, Web sites and applications are installed in the same Web server, only the database installed in a single virtual machine. The application tier already has the capacity to build a Web server resource pool and configure the hardware load balancer, which provides multiple servers to provide services as long as the Web server is added to the site resource pool and the scripts for configuration changes are executed. The backend database server is not designed to be a data-level decentralized architecture, and the database server in the hardware does not have the capability to enlarge.

Research results

This is a typical scenario for transitioning from a physical machine to a virtualized environment and then migrating to Windows Azure. This article focuses on how to use Windows Azure solutions to meet customer expectations. The following are the main and common requirements for four areas:

Increasing utilization rate of physical machine resources and fault tolerance of virtual machines

The network can be isolated, but the network that manages the environment must be connected to each server

High availability promotion of data storage

Application and Database expansion

Migrate to Windows AZURE

Increasing utilization rate of physical machine resources and fault tolerance of virtual machines

There is no need to consider physical hardware in the Windows Azure environment, because the management of the physical machine is fully owned by Azure.

The fault tolerance of virtual machines is the default in Azure environment, as long as the selection is OK.

The network can be isolated, but the management environment network must pass through

The azure environment configures different virtual networks and assigns different client virtual machines to isolated virtual networks to isolate the virtual machines, while the Management Server virtual machines provide the public IP address of each virtual machine by default by Azure to push patches. This approach is relatively simple, direct use of the original function configuration can be. However, the following conditions must be considered:

When the number of customers increases, the number management of virtual networks becomes complex

Actual stress test results, when the number of virtual machines increased, through the public network in all the virtual machine patching will affect the customer use public network to connect Web server performance

Considering the above two points, the best practice in this environment is

Reduce the number of virtual networks, according to the design of a patched virtual cluster to distinguish the virtual network (not isolated). Under the virtual network, the number of subnets is added, and the virtual machines of different customers are placed on different subnets (still not quarantined). Virtual machine server isolation is configured to execute configuration scripts when adding new virtual machines, to use the Windows virtual machine itself's firewall configuration to open servers with the same client, and to manage server connections while blocking other servers

Because the network layer is not isolated, so patching can go to the virtual network to complete the work, will not affect the public network of customer connections

High availability promotion of data storage

This project sets two Windows Azure storage accounts in data centers in different cities and synchronizes customer data in two Azure data centers to meet basic high-availability requirements.

In addition to this practice, there are other practices

The safer approach is to put the data in the corporate network, the Web site and the application server in Azure, the middle through the Azure Connect function to establish a VPN connection to protect data transmission. This approach has high security, but reduces network efficiency.

A copy of the data is stored in Azure, and the database virtual machine deployed into Azure is set to read-only and provide only queries. The data to be written is still directed to the VPN connection to the database server on the corporate network. This method applies more code modifications, and the data is slightly slower to update.

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/cloud-computing/