I wanted to write something about cloud/azure for long, but time was a constraint for me while working on other things.
Today, I finally make the time and I hope you’ll like it. This is my view of the cloud and Microsoft azure and what, again, I think, companies should understand before “moving” to the cloud.
To start, what is cloud? Cloud is a concept, and the concept is simple (for me):
It is a datacenter, owned by a 3rd party provider, that you trust and where you host your data, not knowing where your data is or who has access to it and you only pay for what you “use”.
So let’s transfer this statement to Microsoft Azure.
- It is a datacenter = Microsoft Azure
- Owned by a 3rd party = Microsoft
- You trust and where you host your data = I hope this is yes (well you are hosting your/your company data there)
- Not knowing where your data is = Lets focus on Europe, Dublin. Microsoft has 4 datacenters in Dublin, where is your data there? You never know.
- Who has access to it? = you hope it is only you, but your data is there. And if a disk fail or need to be replaced? Who does that? The person may not destroy the disk…again, you trust the provider to do the right thing
- You only pay for what you use. It is “true” …if you have your VM online for 10min, you’ll only pay for 10min of usage. If you VM uses a 100GB disk, you’ll only pay for 100GB disk, there is no option for use only what you actually are using, if you only used 20GB of a 100GB disk, you’ll pay for 100GB.
So, now that we got the “concept”, let’s look a bit further and compare to a “traditional” datacenter.
In a traditional datacenter, you/your company are responsible for:
- Power and Generators
- Physical Security
- Servers and other hardware
- Internet Access
- People to manage all the above
- Some other physical stuff that I may have forgotten
As you can see, this is not cheap, the building can be a room, maybe your garage.
Power and Generators are simple, what are the SLA for machine uptime? If you don’t care about this (you are a small company), you may not be looking for a generator, if the machine is up, great, otherwise, bad for business, but it is a risk the company wants to take.
Physical Security, who entered the building, where did they go?, who replaced the disk? Was it destroyed?, etc.
Cables: yes, cables, but in this case, not to power, but to have network connectivity with other equipment
Servers and other hardware: what happen when a power unit of a server goes broken? Maybe your NAS? Or worse, the switch that connect everything? You need to look after those
Internet Access: what happen if your main provider goes “offline”? do you have a backup?
And finally, people, you hire a person for £1 a month, what you expect them to do? Or you hire a person for £10,000 per month? The expectation is different, and responsibilities as well.
At the end of the month, this is a massive bill, depending on the size of the organization, this could go to lots and lots of thousands of “money” (read here your currency)
When you go to cloud, you do not care about the physical layer, but someone is paying it, and this someone includes you.
Every provider will have a cost validation, how much costs to have x, y, z. How many customers/VMs/Accounts etc. we can have with the existing infrastructure? So they charge you a percentage of that amount + a small profit. At the end, you will see that the amount you pay per month is nothing if compared to the amount you would be paying to host everything yourself, but after a number of months/years, you will be spending more than with cloud than with on-prem infrastructure (a topic for another post maybe).
But cloud gives us a bit more that you may/may not care about, and it is SLA of uptime, monitoring of the hardware, replication
SLA for uptime: this mean that they do care about the hardware layer. As they use Virtualization, they will provide you a SLA (normally 99.99% of uptime) of the host, if they need to move your VM to another host or maybe another datacenter (located on same city or another city/country), they will. For azure, if a datacenter is down (Dublin for example), your VM will continue to work on Amsterdam datacenter, without you paying extra for it. This may not valid for all providers, but this is for Azure.
Monitoring the hardware: they will make sure you get what you are paying for. If your VM needs to be moved to another server, they will do that automatically, but don’t expect them to give you more than what you’re paying for
Replication: your data will be replicated, but this is for their contingency and not a backup. If you’re paying for a local replication, it will be replicated within the host environment, may the datacenter. If you’re paying for geo-replication, your data will be replicated between datacenters. This replication has some lag (maybe couple of seconds/minutes), so there is a chance you may lose small data in case of failure.
Now, let’s talk about what we normally use and care about, the software layer.
In today’s world, we should only care about the software layer. If the software is installed on a VM or on a Physical server should not be our concern anymore (except if you’re the person that look after hardware or the virtual host, but it’s not the case for this post)
So, what we do care? We care that our software is running fine (performance), it is providing for the end-user what it should, data is secure, we have control over the data.
But cloud provide us lots, lots and lots of choices to achieve what we want. imagine a website that stores data on a sql database.
Cloud we have the options for:
- Infrastructure as a Service (IAAS): It is a server in the cloud, provider will give you a VM and that’s it. You’re responsible for that VM and everything you have time.
- Platform as a Service (PAAS): It will provide with a subset of options, while on the IAAS, you’d be responsible for the whole SQL Server, here you have only a SQL Database
- Software as a Service (SAAS): you are a consumer of the service, i.e. Office 365. You don’t have options where to store the data, the performance, etc. you just accept that it will (or should) always work and be available for you/your company.
With so many options, what should I care about? It is simple, you care about what you care about today.
- Performance: Yes, if the service provided is not enough, increase the resources
- Security: Yes, keep the machine secure, maybe enable bitlocker (and keep the key where you can recover it if need), restrict who can remote access the machine and from where. If this is your public website, everyone should have access, but if it is your SQL Database, only the public website should have access.
- Backup: Of course YES. Imagine that you install or update something (windows or another software) and the VM crashes with bluescreen that cannot be recovered, it is not Microsoft fault. You own the VM, they will only provide you with the basics. You still own the VHD.
- Support: Of course YES, you may not need all the people you had before or you may need a more specialized or less specialized person, depending on what type of cloud you’ll be using
- Configuration: Maybe, depending on the cloud you are using, you may have access to the configuration of the basic software (i.e. SQL Server, IIS, etc.). if you have, you can customize it for your needs, giving you a boost on security and/or performance
- Monitoring: YES. This is a big yes, Microsoft monitor the hardware, but the end-to-end system or maybe the data, it is your responsibility. If you own a IAAS, you need to monitor disk space, the components of the service, and the end-to-end scenario (based on user view of the service, i.e. Can you send an email?!) etc. if you own the PAAS you don’t need to monitor the hardware, disk space, but you still need to monitor the end-to-end scenario (can the user access the website?!?!) you also would like to monitor what you’ve got, the PAAS normally gives you this option. Any exception on the software, the disk space you bought is running out. Those are the things you need to be aware. And on SAAS? If you want to monitor you could, but it is not a big, providers normally will give you a portal where you can check the health of the service. But if anything fails, you’ll notice, remember, you’re a user of the service.
- Automation: This is a big key on the cloud, as we’re going to manage many VM’s, users, etc., we need a way to automate. This may not be true for everyone, small companies will be good with the portal, but imagine that you are migrating 3,000 servers to the cloud, will you use the console to create 3,000 Virtual machines? I think not, same when you need to increase/decrease the usage, you’ll not always be available to do that. If you need to upgrade something, maybe a DLL on 3,000 websites, you can easily use automation. This automation could be with SCCM, PowerShell, etc. name it, you will probably need.
IAAS: will provide you with a VM. This VM will have a number of virtual processor, memory and disk. You pay for it only when you’re using. Performance: Yes, if the users of the growth of the users using VM change, you should be able to increase or decrease. Imagine that you have a software, accountant maybe, that is used only once a month for the payroll. The day they use it, they need 8 cores, 32GB of RAM, but the other days of the month, it does not use more than 2 cores and 4gb of ram. So you should be able to increase and decrease the resources as they fit. Not all providers will give you this options, but this is what cloud is: elastic management
PAAS: We don’t have access to the VM itself, so we cannot configure the IIS or the SQL Database for best performance? Imagine that the PAAS is for the developer, on the IAAS, you have created the Server, Installed the SQL and the IIS and gave the developer a user account to connect to a file share to publish the website files and a username to connect to the database. If they need anything, they will ask you for it. They have full access to the file share and the database, but cannot do much else. But you still have the option to increase/decrease the resources when need, but as you don’t have access to the VM, your software needs to be written as “cloud aware” to take the advantage of this elastic management. This is probably one of the reasons people choose to use IAAS, they don’t need to change the software to get it working on the cloud.
SAAS: you don’t own anything; you are a user of a service. Office 365? You can use the e-mail, skype of business and it will provide what you need. Can you customise the service? Sometimes, but not much. For many, this is the ideal world, you don’t need infrastructure and the service is “always” available. If customization of the service is available (like on sharepoint online where you can create websites based on sharepoint technology, maybe crm online where you can customize the crm infrastructure, etc.), the provider may device to remove or change the feature when they upgrade. Imagine that you have spent a lot of money on a feature and it now does not work or has been removed. You don’t have the control over what and when, you are just a user.
I only talked about some of the concepts, you can have software on the “cloud” only, what we normally say is a public cloud, but you could have a private could, where you apply the concept in your company. but you could have a hybrid could, where part is in the cloud and part is in your organization. Imagine your public website. It could be in the cloud, but the database could be inside your company, hosted on a physical machine. You could have a site-to-site VPN connecting both environments, etc.
As you can see, cloud is not as simple as many imagine, sometimes I go to customers and they want to talk about cloud as they are expecting it is just a 30min talk and when I start talking and explain, they (sometimes) realize this is a big step and big transition for any company.
Same apply when you talk about azure. What is azure? Azure is a “cloud” environment with many services available to be uses, you can have your backup hosted on azure, you can have your site, etc.
The image below is just a small portion of what azure is (and by the time you’re reading this post, it is probably already out-to-date)