2012 idc. cloud fundamentals infrastructure as a service (iaas): basic compute and storage resources...
TRANSCRIPT
2012 华东架构师大会
演讲主题:云计算与下一代 IDC 的架构与运维
演讲嘉宾:李志霄
Cloud Fundamentals
Infrastructure as a Service (IaaS): basic compute and storage resourcesOn-demand serversAmazon EC2, VMWare vCloud
Platform as a Service (PaaS): cloud application infrastructureOn-demand application-hosting environmentE.g. Google AppEngine, Salesforce.com, Windows Azure, Amazon
Software as a Service (SaaS): cloud applicationsOn-demand applicationsE.g. GMail, Microsoft Office Web Companions
今天的 IT 部署方式与时俱进了吗?
• 基于运算与知识的服务将成为社会化的服务( utility- 水电气)
今天许多 CIO , CFO仍然在——• 投资昂贵的设备 - 服务
器,路由器。磁盘( CAPEX ) ;
• 等待一两年的项目实施的周期 ;
• 承担项目开发和上线的风险 ;
• 为维护系统,灾备而烦恼 ;
• 缺乏弹性 - 业务需求变化造成设备,带宽闲置(被投资人骂翻)或不足(被用户骂翻)。
• 把大规模、分散的计算资源整合为可以按须提供服务的计算资源,提高了IT 设施的利用率,降低了成本和用户使用门槛
The Benefits of the Cloud
The Cloud is about cheap, on-demand capacity
= Managed for You StandaloneServers
IaaS PaaS SaaS
Applications
Runtimes
Database
Operating System
Virtualization
Server
Storage
Networking
Eg Windows Azure
Your options increase with the Cloud
Extend application
to the Cloud
Store data in the Cloud
Move application
to the Cloud
Create new Cloud service
Combine Cloud services to create new
sol’n.
生态系统鸟瞰图 –认识自己( Ecosystem )
信息电网
信息电器
信息电厂
Connected Device
• 3G/4G LTE• ADSL/WiFi/
Femtocell/FTTX• 高速卫星宽带
• 数据中心 /IaaS• SaaS/PaaS
• XaaS
TIME
云端产业
elecom
T
edia
ntertainment
数据中心也在向增值服务与时俱进Migration to Value Added Services
Colocation Model
Managed Services Model
ManagedHosting Model
CloudModel
CustomerServer,Mgmt
IP BW
Colo,Power
CustomerServer
Install,test,Monitor,RH
IP BW
Colo,Power
Server,Storage
Consulting
Ops,Mgmt,Monitor
IP BW,IP VPN
Colo,Power
Utility HostingServer,Storage
Consulting
Ops,Mgmt,Monitor
IP BW,IP VPN
Colo,Power
21
V
Man
ag
ed
21
V
Man
ag
ed
A Paradigm Shift 思维转换
今天的 IT 竞争已经不是企业的竞争,也不是产品的竞争,而是进入了一场产业链竞争 ( Wintel-8/2开放 / 封闭式,苹果 -99.9/0.1 封闭 / 开放式)
云计算产业正从传统 IT产业和互联网产业中脱胎换骨,以全新的形态呈现在人们眼前
云计算就是把廉价
硬件( COTS )软件化软件服务
化
服务运营化
运营规模化的一套技术和业务模式
因此我们有必要及早定位云计算产业链、布局关键环节
You Manage You Manage
Vendor Manages
You Manage
Vendor Manages
Platform(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Customer Manages
Vendor Manages
Cloud Services
On Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Most of Today’s Cloud IDCTrue Cloud IDC
Example: Windows Azure Components
Windows Azure PaaS
Applications Windows Azure Service Model
Runtimes .NET 3.5/4, ASP .NET, PHP
Operating System Windows Server 2008/R2-Compatible OS
Virtualization Windows Azure Hypervisor
Server Microsoft Blades
Database SQL Azure
Storage Windows Azure Storage (Blob, Queue, Table)
Networking Windows Azure-Configured Networking
What a “Cloud OS” should be:
• Cloud OS= OS for the data center• Model: Treat the data center as a machine• Handles resource management, provisioning, and monitoring• Manages application lifecycle• Allows developers to concentrate on business logic
• Provides shared pool of compute, disk and network• Virtualized storage, compute and network• Illusion of boundless resources
• Provides common building blocks for distributed applications• Reliable queuing, simple structured storage, RDBS storage• Application services like access control and connectivity
The “Heart and Soul” of Cloud OS--Fabric Controller (FC)• The “kernel” of the cloud operating system
• Manages datacenter hardware• Manages Windows Azure services
• Four main responsibilities:• Datacenter resource allocation• Datacenter resource
provisioning• Service lifecycle management• Service health(fault, performance) management
• Inputs:• Description of the hardware and network resources it will control• Service model and binaries for cloud applications
ServerKernelProcess
DatacenterFabric ControllerService
Windows Kernel
Server
WordSQL
Server
Fabric Controller
Datacenter
Exchange
Online
SQL Azure
Windows Azure Fabric Controller I
Server Hardware
Windows Server
WindowsApp
SQLServer
DataCenter
Windows Azure
AzureApp
SQLAzure
Windows Kernel
FabricController
Windows Azure Fabric Controller
Login
Azure Portal
RDFE
Aggregators and Load Balancers
Fabric Controller
Node
Modeling Cloud Applications• A cloud application is typically made up of different
components• Front end: e.g. load-balanced stateless web servers• Middle worker tier: e.g. order processing, encoding• Backend storage: e.g. SQL tables or files• Multiple instances of each for scalability and availability
CDN cachingidentity
& securitybusiness analytics commercemedia
integration HPC
compute data management networking
SQL database
noSQL databasewebsites
cloud services blob connect
virtual network
traffic managerVMs
Global Physical Infrastructureservers/network/datacenters
automated
elastic
managed resources
usage based
compute data management networking
SQL database
noSQL databasewebsites
cloud services blob connect
virtual network
traffic managerVMs
There Are Three Ways to Get Started Using Windows
Azure Compute:Web Sites – Quickly and easily deploy sites to the cloud with support for multiple frameworks and popular open source applications including WordPress, Drupal, Joomla! and Umbraco.
Virtual Machines – Instantly run your existing applications and infrastructure in a VHD image.
You retain full control to configure and maintain the image.
Capture some benefits of the
cloud including load balancing and failover.
Cloud Services – Capture the full benefits of the cloud that quickly scale up or down.
Infrastructure management is all done by Microsoft, so you can focus your resources on building the best app.
Windows Azure Cloud Services
Web Role Worker Role
Cloud Services come in two Flavors:
A place for your application code to run…Web role is pre-configured with IIS
Worker role is for backend, async code
You package your code/artifacts and Windows Azure deploys and manages it for you automatically
compute data management networking
SQL database
noSQL databasewebsites blob connect
virtual network
traffic managerVMs
cloud services
Windows Azure Virtual Machines
Management Portal
Scripting (Windows, Linux and Mac)
compute data management networking
SQL database
noSQL databasewebsites blob connect
virtual network
traffic manager
cloud services
REST API(for service mgmt)
Getting Started Select Image and VM Size New Disk Persisted in Storage
Boot VM from New Disk
VMs
The Windows Azure SDK provides several APIs for programming in the Windows Azure environment
The Windows Azure Service Management API is a REST API for managing your storage accounts and service deployments . 服务管理 API 是一个 REST API, 可以管理 Windows Azure 存储账户和托管部署服务。 It provides programmatic access to much of the functionality available through the Management Portal.
All API operations are performed over SSL and mutually authenticated using X.509 v3 certificates. 所有 API 操作均需要进行基于 SSL 的身份验证和使用 X.509 v3 的证书 .The management service may be accessed from within a service running in Windows Azure, or directly over the Internet from any application that can send an HTTPS request and receive an HTTPS response.。REST API 在 Azure 两种服务类型的应用
Storage Accounts: 提供访问 Windows Azure Blob, Queue, and Table 的服务 . 可以实现管理现有的 Storage Account ,实现在订阅清单包含存储账户信息;返回存储账户属性;重新生成密钥。
Hosted Services: 提供在 Azure 环境中部署 Web Role; Work Role ;VM Role 。 可以创建、删除部署;返回一个托管服务的属性;更新升级,重启,和管理已经部署的服务。
REST API
Windows Azure Storage Service: eg Create Storage Account POSThttps://management.core.windows.net/<subscription-id>/services/storageservices
RESTAPI(POST, GET , P
UT 或DELETE)
Load Balance
Blob
Queue
Table
REST(Representational State Transfer)
Windows Azure Web SitesQuickly and easily deploy sites to a highly scalable cloud environment with the frameworks and open source apps of your choice using Windows Azure Web Sites
Supports multiple frameworks (ASP.NET, Classic ASP, PHP, Node.js)
Pick from popular Open Source apps
Pick your DB (SQL Database, MySQL)
Choose your tools (Visual Studio, Git( 一个开源的分布式版本控制系统 ), FTP, WebMatrix)
Build on any platform (Windows, Mac, Linux)
compute data management networking
SQL database
noSQL database blob connect
virtual network
traffic manager
cloud services VMs
GIT : FTP
GIT : FTP
GIT : FTP Web Deploy : TFS Deploy
Supported Deployment Protocols
websites
filename.cspkg + filename.cscfg
Application Deployed
VHD XML
Storage(URL)
Fabric Controller HostOS Agent
GuestOS Agent
Setting Load balance & DNS
在 Windows Azure 上建一个免费的网站• 在 Windows Azure 上建一个免费的网站时间 :2012-07-16 19:46 来源 : 风信网 作者 : 末信 点击 :257 次 我要评论
-
• 如果你想建立一个低成本的网站但是又具有极好的扩展能力能满足业务和流量增长的需求, 或者 你想快速的建一个免费的网站,同时又有保障网站能稳定安全的运行,那么微软的 Widnows Azure 的 websites 新功能就能满足要求。如果我是一个刚起步不久的公司,或者我想做一个个人网站,我觉得 Websites 无疑是一个最佳的选择。
• Window Azure 在今年六月的 IaaS预览版本里公布了 Websites 的新功能,用户可以在 Windows Azure 上建十个免费 12 个月的网站(是不是对现在的一些网站托管很有压力?),主要的优点:
• 快速便捷 - 用户可以容易地轻点几下鼠标,就能建立一个网站,免去网站托管和域名申请等繁琐的步骤
• 多种开发语言和平台的支持 – websites支持 ASP.NET, 传统的 ASP, PHP, Node.js ,支持Windows, Mac, Linux ,支持 SQL Server ,SQL Azure, MySQL 的数据库
• 优秀的可扩展性 - 在 Azure 上建网站可以充分利用到 Azure 的可扩展性的能力,随着网站流量的增加,可以随时增加资源来支持网站
• 原文出自【风信网】,转载请保留原文链接: http://www.ithov.com/server/118212.shtml
The Windows Azure Service Model• A Windows Azure application is called a “service”
• Definition information• Configuration information• At least one “role”
• Roles are like DLLs in the service “process”• Collection of code with an entry point that runs in its own
virtual machine• There are currently three role types:
• Web Role: IIS7 and ASP.NET in Windows Azure-supplied OS• Worker Role: arbitrary code in Windows Azure-supplied OS• VM Role: uploaded VHD with customer-supplied OS
compute data management networking
SQL database
noSQL database blob connect
virtual network
traffic manager
cloud services VMs websites
Windows Azure offers multiple ways to manage your data in the cloud. SQL Database, formerly known as SQL Azure Database, enables you to rapidly create, scale and extend applications in the cloud using familiar tools and skills.
Data Management are a set of managed services having a 99.9% monthly SLA
SQL Database also includes features that enable easy migration, export and ongoing synchronization through SQL Data Sync of on-premises SQL Server databases with Windows Azure databases.
Tables offer manual, key-based access to un-schematized data at a low cost for applications with simple data access needs. Blobs provide inexpensive storage of video, audio and images.
SQL Database
Cloud relational database based on SQL Server engine
Use same tools, data access frameworks, T-SQL based language
Global datacenters
High Availability & Redundancy
Reads are completed at the primary
Writes are replicated to a quorum of secondaries
Single LogicalDatabase
Multiple PhysicalReplicas
Single Primary
Mult
iple
Seco
ndari
es
Replic
a 1
Replic
a 2
Replic
a 3
compute data management networking
noSQL database blob connect
virtual network
traffic manager
cloud services VMs websites
SQL database
On-Premises Cloud
• Scale-out via multiple copies of data
• E.g. Separate reporting & OLTP workloads; multiple Web sites
• Geo-located web applications
• Use with Windows Azure Traffic Manager
• Hybrid applications; one-way publish or two-way sharing
• Multiple locations (e.g. branch office, retail offices); share data between locations and/or aggregate data in cloud
SQL Server
Application
SQL Server
Application
SQL Databa
se
Application
SQL Databa
se
Application
SQL Databa
se
Application
SQL Databa
se
Application
SQL Data Sync (easier to access,security, compliance, DR, etc.)
compute data management networking
noSQL database blob connect
virtual network
traffic manager
cloud services VMs websites
SQL database
SQLAzure
SQL Azure DB
DBMS Azure Sync
Data Sync
Data Sync
TDS(Tabular Data Stream) protocol
Reporting
Two kinds of data sync
Extend your network into the cloudTreat your Windows Azure services as if they are on your own corporate network.
Enables services in Azure (e.g. SQL Database) to use services on-premise (e.g. Active Directory) directly.
Increase performance and availability of servicesRedirect user to best/closest deployment.
Redirect traffic to another deployment based on availability.
Traffic is distributed equally to all cloud services.
compute data management networking
noSQL database connect
virtual network
traffic manager
cloud services VMs websites
SQL database blob
Windows Azure Networking
Windows Azure Roles
On premise machines
ConnectFor developers
Designed for developers so it is simple to setup, easy to manage and can be rapidly provisioned
compute data management networking
noSQL database
virtual network
traffic manager
cloud services VMs websites
SQL database blob connect
Subnets in Windows Azure
On-premise subnets
Virtual NetworkFor network administrators
Provides network admins the control to setup subnets in the Cloud and manage them as extensions of on-premise datacenters
Windows Azure Networking
compute data management networking
noSQL database connect
traffic manager
cloud services VMs websites
SQL database blob
virtual network
Windows Azure Traffic ManagerLoad balance user traffic across cloud services running in same or different datacenters to build globally available, high performing apps
CloudService
CloudService
Cloud Service
• Load-balancing• Endpoint
monitoring
www.foo.com
foo.trafficmgr.cloudapp.net
CNAME
Policies
DNS based traffic management based
on policies: Performance, Round- robin,
Failover
Improve app performance by serving
user requests with services ‘closest’ to
them
Improve app availability by
automatically failing over when a
service goes down
compute data management networking
noSQL database connect
virtual network
cloud services VMs websites
SQL database blob
traffic manager
Windows Azure Active Directory is a modern cloud service providing identity management and access control capabilities to cloud applications, whether those are Windows Azure applications, Microsoft Office 365, Dynamics CRM Online, Windows Intune or other 3rd party cloud services.
Easily integrate Live ID, Facebook, Yahoo, Google,
& Active Directory for application single sign-on.
Support for industry standards and existing .NET APIs.
CDN cachingidentity
& securitybusiness analytics commercemedia
integration HPC
A modern cloud service providing identity management and access control capabilities to cloud applications
Windows Azure Active Directory (Identity & Security)
On-PremisesActive
Directory
ADFS 2.0
3rd Party Apps
Windows AzureActive Directory
Microsoft Apps
Your Apps
A modern cloud service providing identity management and access control capabilities to cloud applications (通过对诸如 WRAP 和 SAML之类的标准协议的支持 ,ACS will perform sign-in with any OpenID 2.0 identity provider-Google, Facebook, Yahoo)
CDN cachingidentity
& securitybusiness analytics commercemedia
integration HPC
Federation Trust
AC
S V2
Media Services provide a scalable and reliable infrastructure allowing you to focus on your core business and the valuable features that differentiate your products.
Windows Azure Media Services are easy to use, flexible, and provide cost-effective and fully customized solutions that can create, manage, and distribute content for all the devices and platforms you care about.
CDN cachingidentity
& securitybusiness analytics commercemedia
integration HPC
Media Services enable Content Companies and Solution Providers to build end-to-end media workflows on Windows Azure.
Windows Azure Media Services
BroadcastersNetwork OperatorsContent OwnersEnterprises
Encoding FormatConversion
Content Protection
On-DemandStreaming
LiveStreaming
Analytics
Windows Azure Media Services
Rental | Subscription | Purchase | Free
Windows Azure CDN
3rd Party CDN
CDN cachingidentity
& securitybusiness analytics commercemedia
integration HPC
Media Services enable Content Companies and Solution Providers to build end-to-end media workflows on Windows Azure.
What PaaS IDC is:
• Provides Platform as a Service
• Application Platform in the Cloud
• Provides:
• Compute
• Web, Worker & VM Role
• Storage
• Blob, Table, Queue & RDBS Server
• Application Fabric
• Service Bus, Access Control, Cache, Integration
Global Physical Infrastructureservers/network/datacenters
automated
elastic
managed resources
usage based
CDN cachingidentity
& securitybusiness analytics commercemedia HPC
integration
compute data management networking
SQL database blob connect
virtual network
traffic manager
noSQL databasewebsites
cloud services VMs
Datacenter Architecture
Nodes
TOR
LB LBAgg
PDU
LB LBAgg
LB LBAgg
LB LBAgg
LB LBAgg
LB LBAgg
Racks
Datacenter Routers
Aggregation Routers andLoad Balancers
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
Nodes
TOR
PDU
…… …… … …
Top of RackSwitches
Power Distribution Units
Fault Domain
Hardware & Network Topology
High Availability: Fault Domains
• Purpose: Avoid single points of failures
• Unit of failure based on data center topology
• E.g. top-of-rack switch on a rack of machines
• Windows Azure considers fault domains when
allocating service roles
• E.g. don’t put all roles in same rack
OSS(Equipment(network, server, storage) and SW health monitoring and control)-necessary
for any kind of cloud
BSS(online/offline sales, billing/finance, marketing BI, CC, ICP Compliance, etc.)-
necessary for public cloud
Challenges-Security and Interoperability• Security
• Confidentiality• Free from attacks
• Service Level Agreement• SLA must assure QoS
(quality-of-service), e.g., service response time
• Interoperability• Ensure a cloud service
user can move from one cloud service to another
45Source:Lin, G., Fu, D., Zhu, J. and Dasmalchi, G., “Cloud Computing: IT as a Service,” IT Pro March/April 2009
IT 部署边界的演变 :基础设施虚拟化 / 服务管理标准化、自动化 -四大板块虽会有消长,但都会继续存在,尤其是核心应用 - 可定制性, 合规要求,业务流程引擎,业务规则引擎(通用云平台面向企业应用的短板)
企业内共享应用 - 不同应用可以共享资源
企业内核心应用 - 不同应用所需的资源均保持独立
增值型云托管Cloud Hosting-不同客户的不同应用可以共享资源
传统托管 / 租赁托管,多用户数据中心Colocation ,Managed Hosting-资源为客户拥有或专用
Video ConferencingEmailIM开发测试存储
ERPSCMCRMEmail
SearchIdentity/Security
存储
FinanceHR
企业机密政务内网
存储
eMailSearchERPCRMSCM存储
互操作性
共享的面向服务体系结构(如 http, XML, SOAP, WSDL, UDDI )
文档
使用标准化技术统一业界标准 从数据获取可重用性信息 连接人,数据,与
异构系统 在文档、应用程序和系统间实现数据互操作
建立智能应用程序以提高数据质量
Service Bus
What is it ?
Extension to the familiar WCF binding model
⃝� SOAP/HTTP
⃝� SOAP/TCP
⃝� HTTP
Simple HTTP APIs for service Management
⃝� Service Registry (Atom Publishing Protocol)
⃝� Message Buffer(REST)
Fully integrated with Access Control Service
Service Bus
Exchange messages between loosely coupled applications
Network send/receive from any internet connected device
Traverse NAT /Firewall
Message buffering for loosely connected applications
Facilitate direct peer-to-peer connection
Service Bus
App 1 App 2
Send
Receive
Send
Receive
Service Bus Service Bus 可以用于将本地的服务暴露给 Internet 。大多数企业都拥有自己的局域网,为了解决 IP地址不足的问题通常都设置了 NAT ,因此每台server对外都没有一个确定的地址。处于安全性考虑,防火墙往往都限制了大多数的端口。这就使得要在 Internet 上访问部署在本地的服务变得相当困难。
Service Bus
Service Bus 正是为了解决这一问题而产生的。 Service Bus 作为一个中间人,你的服务和客户端全都作为 Service Bus 的客户端与之进行交流。因为 Service Bus 不存在 NAT 问题,所以你的服务和客户端都很方便地能与之通信。 Service Bus 在最极端的场合下只需要你的服务器暴露 out
bound 的 80 或 443 端口,换句话说,也就是你的服务器能够以 HTTP
( S )协议访问 Internet 。只要这样,你的服务器就能连上 Service
Bus 。因此,它对防火墙的要求可以说是相当低的。
Windows Azure
Service bus relayCloud application
Internet
Enterprise
App behindfirewall
Access Control Services
Access Control
• 安全永远都是程序需要考虑的第一要素,在云中,权限管理往往要比在企业内部来的困难。这是因为你无法直接使用诸如活动目录( Active Directory )之类的产品来统一管理你的程序的访问控制。 Access Control 正是为了解决这一问题而产生的
Why Access Control Service?
• Federated Identity
• Leveraging multiple identity providers per application
• ADFS v2, Live ID, Facebook, Yahoo, Google,…
• Identity abstraction
• Evolve past username/password
• Leverage claims-based identity
Access Control• Access Control支持 Federated Authentication 和
Authorization 。例如,你可以要求你的用户通过企业内部的 Active
Directory Federation Server ( ADFS )进行身份验证,使用他们的域账号登录,将验证后的 claim 传给 Access Control ,然后根据预先在 Access Control 中设定的规则来给与或者否认他们访问你的服务和资源的权限。当然, Access Control 也支持各种其他的身份验证方式。通过对诸如 WRAP 和 SAML之类的标准协议的支持, Access Control 可以体现出良好的跨平台特性。
智能终端
端到云、云到云、云到非云的总体应用蓝图
智能手机 智能车载终端PC平板电脑智能网络电视
政务云 Amazon , IBM ,Oracle ,。。。
医疗云教育云Legacy System遗留系统主机(非云系统)
WEB 服务
Service Bus (+Access control) 服务总线 (+ 访问控制)
云服务网关云服务生成器
A Hybrid Cloud-connecting data, apps, people, and machines
Private Cloud Public Cloud
Data Service
Serivce Bus
ACS
Windows Azure Connect
Mixed-Cloud
华东架构师大会的组委会添加信息
GTI And Virident
世纪互联 AdMaster 的创始人洪倍 联想员工李鹏程 中国(上海)创业者公共实训基地
2012 华东架构师大会感谢的协办单位和捐助个人:
预告信息: 2013 年 5月 18日,将于上海举办 2013 华东数据库技术大会 人数规模: 500 人 会务合作,联系人:金官丁,联系电话: 136 6166 8096 , 邮箱地址: [email protected],新浪微博: @mysqlops
谢谢!!!