1_1How Azure uses Global Foundation Services Datacenters Flashcards
Topics 1.1.
‘1)Learning about Azure’s global footprints, 2) Understanding the design of cloud-scale data centers, 3) Design for cloud
MCIO = GFS
The team that manages and runs Azure infrastructure is called Microsoft Cloud Infrastructure and Operations (MCIO), formerly known as Global Foundation Service (GFS). Also Microsoft datacenters = Azure Datacenters
Azure global footprints
‘+1 M servers, +3M requests per second. 17 datacenters distributed, 10 languages, 19 currencies
17 Regions
‘1) USA 8, Emea 2, Asia 2, Japan 2, Brazil 1, Australia 2
ZRS
Zone Redundant Storage, 3 copies of your data across 2 or 3 facilities in a single region or two regions
Affinity Group
It is a way to group your cloud sevices by proximity to reduce network latency.
STAMPS
Group of server racks (it’s not an official concept)
Regional Differences
Not all Azure regions provide the same set of services.
Multilanguage support
It’s not tied to specific regions. Full globaly. By aware! many Azure objects don�t allow non-English characters in their names or identifi ers.
Cloud-scale datacenters
A single Azure datacenter can be as big as three large cruise ships placed end to end and host ten of thousands of servers.
Embracing errors
Cloud-scale datacenters use commodity servers to reduce cost. The availability of these servers are low than more expensive ones used in traditional datacenters. Think about thousands! Traditional datacenters design focus on increasing Mean Time Between Failures (MTBF). In Cloud-scale datacenters when a server is failing its workloads are redirected to another healty one. So the design key is focus on Mean Time To Recover (MTTR) instead of MTBF because what customer cares is about the availability of their services, not the hardware. To achieve this AUTOMATIZATION IS THE KEY.
Human Factors
Training, policy reinforcements, contuous monitoring, auditing form foundation of an error-resilent team.
Some Polices
1)Just-in-time administrator accesses and just-enough administrator acceses, 2)Msft staff does not have access to customer data, special grant to access and just for a predetermined window, 3)all activities are monotored and logged
Polices suggested for customers
Suggest best practices and tools such as Azure Active Directory (Azure AD), multifactor authentication, uil-in-Role-Based Access Control (RBAC) with Azure Resource Groups and Azure Rights Management
Azure Automation Options
Azure Management API, Azure PowerShell, Azure Cross-Platform Command-Line Interface (xplat-cli). Azure Automatio services. Also third-party solutions such as Puppet and Chef.
Trust-worthy computing
Challenge for cloud industry. Polices: 1) Pysical security and continuous surveillance, 2)Protection against virus, malware, and DdoS attacks., 3)Activity monitoring, tracing and analysis, and abnormality detection, 4)System patching, 5)Customer data isolation and protection
Security Tools for Customers
1)Data encryption for Azure Storage, Key Vault service to manage security keys.
Azure Security Certifications
1)ISO 27001/27002, 2)FISMA, 3)FedRAMP, 4)HIPPA,5) EU Model Clauses. Adicional info: azure.microsoft.com/en-us/support/trust-center/
Sustainable reliability
1)Power redundancy: UPS, massive battery arrays and generators with on-site fuel reserves. 2)All ecosystem is consider as TCO
Efficiency and Ecology
Microsoft Power Usage Effectiveness (PUE) is 1.125 below industry norm 1.8. Also datacenters are environment-friendly
Design for the Cloud
Cloud bring both challenges and opportunities to design your applications. Challenge is the architecture of your application and opportunity is the Quality of Service (QoS) that Cloud offers.
Datacenter maintenance
Two types of maintenances 1)planned and 2)unplanned
Planned Maintenance
Some cases requires that customer VM to be shut down or rebooted. VM could be configured multi-instance or single-instance.Azure give SLA (Service Level Agreement) only for multi-instance Vms
Multi-instance VM
Multi-instance Vms are joined to a same logical group called an Availability Set. When Azure updates Vms, it guarantees that not all machines in the same Availability Set will be shut down at the same time.
Single-instance VM
are stand-alone Vms
Unplanned Maintenance
Are triggered by unexpected physical infrastructure problems such as network failures, rack-level failures and others. When Azure detects it, automatically moves your Vms to a healty host. Azure’s autorecovery mechanism sginificantly reduces MTTR to minutes, but your application needs to be able to restart itself.
Fault Domains
Fault Domains don’t share a common power source or network switch so the probability of simultanteous fault is very low. Multi-instance VMs are located to two different Fault Domain.
Datacenter outages
For natural disasters or human error, it could happen. MSFT transparent policy that shares Root Cause Analysis (RCA) reports to customers. Cross-region redundancy is an effective way to deal with region-wide outages.
Service throttling
Cloud is multitenant environment. Azure throttles service calls according to subscriptions limits. Criteria: stored data, number of transactions, and system throughputs. Build multi-entity support into your architecture so your application can be scaled out as needed! Other way is using cache such as application-level caching and CDN (Content Delivery Networks).
Cache
Caches help not only to reduce the amount of service calls, also improves your application performance.
Service security
Except few read-only operations, Azure requires proper authentication before it grants a service request.
3 Authentication Strategies
1)Secret key, 2)Shared Access Signature (SAS) and 3) Federated authentication via Azure AD. Secret key is responsibility of the user (Msft offers Azure Key Vault). SAS offer detailed level access control over entities, giving grant access to specifi data with explicit rights during given time windows.