Mix-n-Match on Windows Azure
June 11, 2012 Leave a comment
One of the powerful aspects of Windows Azure is that we now have both PaaS and IaaS and that – crucially – the relationship between the two is not that of an ‘or’ but rather one of an ‘and’, meaning – you can mix and match the two (as well as more ‘traditional’, non-cloud, deployments, coming to think of it) within one solution.
IaaS is very powerful, because it is an easier step to the cloud for many scenarios – if you have an existing n-tier solution, it is typically easier and faster to deploy it on Azure over Virtual Machines than it is to migrate it to Cloud Services.
PaaS, on the other hand, delivers much more value to the business, largely in what it takes away (managing VMs).
The following picture, which most have seen, I’m sure, in one shape or form, lays down things clearly –
And so – the ability to run both, within a single deployment if necessary, provides a really useful on-ramp to the cloud; Consider a typical n-tier application with a front end, middle tier and a back end database. The story could be something along these lines -
You take the application as-is and deploy it on Azure using the same tiered approach over VM roles -
Then, when you get the chance, you spend some time and update your front end to a PaaS Web Role –
Next – you upgrade the middle tier to worker roles –
And finally – you migrate the underlying database to a SQL database –
Over this journey you have gradually increased the value you get from your cloud, on your time frames, in your terms.
To enable communication between the tiers over a private network we need to make both the IaaS elements and the PaaS elements part of the same network, here’s how you do it –
Deploying a PaaS instance on a virtual network
With Virtual Network on Azure the first step is always to define network itself, and this can be done via the Management Portal using a wizard or by providing a configuration file –
The wizard guides you through the process which includes providing the IP range you’d like for the network as well as setting up any subnets as required. It is also possible to point at a DNS and link this to a Private Network – a VPN to a local network. for more details see Create a Virtual Network in Windows Azure.
With the network created you can now can deploy both Virtual Machines and Cloud Services to it.
Deploying Virtual Machines onto the network is very straight forward – when you run the Virtual Machine creation wizard you are asked where to deploy it to and you can specify a region, an affinity group or a virtual network –
If you’ve selected a network, you are prompted to select which subnet(s) you’d like to deploy it to –
and you’re done – , the VM will be deployed to the selected subnet in the selected network, and will be assigned the appropriate IP address.
Deploying Cloud Services to a private network was a little less obvious to me – I kept looking at the management portal for ways to supply the network to use when deploying an instance, and completely ignored the most obvious place to look – the deployment configuration file.
Turns out that a network configuration section has been added with the recent SDK (1.7), allowing one to specify the name of the network to deploy to and then, for each role, specify which subnet(s) to connect it to.
For detailed information on this refer to the NetworkConfiguration Schema, but here’s my example –
<ServiceConfiguration serviceName="WindowsAzure1" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*" schemaVersion="2012-05.1.7">
<Instances count="1" />
<VirtualNetworkSite name="mix-n-match" />
<Subnet name="FrontEnd" />
This configuration instructs the platform to place the PaaS instance in the virtual network with the correct subnet, and indeed, when I remote desktop into the instance, I can confirm that it had received a private IP in the correct range for the subnet (10.1.1.4, in my case) and – after disabling the firewall on my IaaS virtual machine – I can ping it successfully using its private IP (10.1.2.4).
It is important to note that the platform places no firewalls between tenants in the private network, but of course VMs may well still have their firewall turned on (the templates we provide do), and so these will have to be configured as appropriate.
And that’s it – I could easily deploy a whole bunch of machines to my little private network – some are provided as VMs, some are provided as code on Cloud Services, as appropriate, and they all play nicely together…