A number of factors have come together to form a guide for Microsoft to the path that has made Azure the key to the company’s future success. That road has been bumpy, but almost always on a good trajectory. Now, as the offerings gel and mature, Microsoft has to maintain its commitments and satisfy those who have bought in while keeping the world excited about Azure.
Cloud is a great name for this market, because just like trying to control the weather, it’s hard for humans to control anything even in the best of conditions. To prove this point, there have been outages and missteps to remind Microsoft, and everyone else, that this stuff is hard, especially at these scales. Thanks to these difficulties, Azure continues to evolve, with new capabilities and features coming fast. Now that the major patterns have emerged, it is easier to help even newcomers find their bearings. Bill Wilder, CTO of Finomial, author of “Cloud Architecture Patterns” and an Azure MVP, calls this the “second generation of Azure services. These new services are rich with enterprise-class features, but also accessible to mere mortals because they hide so much of the complexity.”
The single most common question that people ask about Azure is “How can I use Azure or any cloud for that matter?” which boils down to “What is in it for me?”
These are simple questions with not-so-simple answers. The first thing to understand is that Azure is about providing services that you can leverage to get your work done quickly, easily and cheaply. It is important to remember that, just like no one buys a computer because they want the operating system, you will not choose to use cloud capabilities for their own sake. The offerings of Azure are growing, and it can be bewildering to even understand how to categorize things.
Four ways Azure works
The easiest way to approach this is to understand that there are four major modes or categories where Azure plays that will help with understanding how you can jump into using it and make sense of new announcements going forward. The service categories break down into Virtual Machines, Azure Websites, Cloud Services and Packages.
For most companies with dedicated IT staff, the easiest place to start is to take a computer or virtual machine and host it in Azure, taking advantage of the Infrastructure-as-a-Service (IaaS) aspects of Azure. Through the virtual machine hosting capabilities, Microsoft provides power, ping (Internet access), the Microsoft OS license, and even a wide array of template systems to choose from when creating the VM. The rest is up to you, including ongoing patching, any troubleshooting of the OS and your application, and upgrades, making this offering very similar to what is provided by any number of ISPs, such as Amazon, GoDaddy and Rackspace.
There are two potential advantages to using Microsoft’s IaaS, with the first being the company’s ability to provide the license, rather than having to buy the license and pass that cost on to the consumer, which all the other IaaS providers must do.
The other really big advantage is the ability to move VMs from Azure to your own data center using Microsoft System Center. This is a really big deal because Microsoft can serve as your backup data center, or your on-premises servers can be the backup with Azure holding the primary. This is an excellent option for those that either have trouble letting go or need to keep parts of their systems on premises. Most organizations in the world cannot afford to have a disaster-recovery location, so this is a way to have it without this overhead. Also, while not an exclusive advantage, Microsoft does provide a pay-as-you-go model that only Amazon matches currently with its On-Demand Instances as part of the EC2 offering.
This is usually the best place for an organization to start dipping their toes into using cloud. It starts with picking a server, existing or planned, and deciding to host it on Azure instead of in your own data center. The security blanket of Microsoft System Center letting you pull it back home makes this a very low-risk place to start, provided you picked the server well.
Azure Websites represent the second mode in our list and a different way of leveraging Azure. Azure Websites are often the best way for an individual or smaller organization to get going. Azure Websites are a platform that, as the name indicates, allows you to roll out a website quickly and easily, even if it requires sophisticated packages. If you need a Content Management System or a blog or even an e-commerce site, but do not need the kinds of control and customization offered only by total control of the server as an OS-level admin, then this could be a solution for you.
Azure Websites do not fit nicely into the regular “as-a-Service” definitions. It is a gray area. Cloud Services are clearly Platform-as-a-Service, and some say Azure Websites are PaaS, but I prefer to describe them as more of a hybrid, “light” PaaS.
Finomial’s Wilder described Azure Websites as “scalable, flexible, and super-low friction.” In talking to Michele Bustamante, CIO of Solliance, Microsoft Regional Director and co-author of “Developing Microsoft Azure Solutions,” she said, “Azure Websites makes the cloud approachable by allowing you to focus on building applications and let Azure worry about prepping your virtual machines and load balancers (among other things).”
Azure Websites feel like Software-as-a-Service, but really they are more like a hybrid that takes away the hassles of supporting your own infrastructure, but still allowing for the kinds of deep customizations typically absent from SaaS offerings. Bustamante asserts that “No other cloud provider has an experience to match Azure; in fact, at this point I have seen so many successful migrations to Azure Websites that I rarely recommend a move to VMs unless there is a compelling business limitation. There is simply very little you can’t achieve with Azure Websites today.”
The third category in our explanation is currently called Cloud Services. Originally they were called Web and Worker Roles, and this was Microsoft’s first vision for what Azure would represent. It was, and remains, an ambitious vision because Cloud Services represent PaaS, which means that Microsoft abstracts the operating system and all of its care and feeding away, letting developers worry about their code and nothing else.
It did not work out as expected due to an overestimation of the level of trust Microsoft had achieved with their clients. It was a bridge too far, and as we are seeing now, people and organizations need interim steps such as hosting VMs or websites. Microsoft has been much more successful in growing adoption of Azure in general and Cloud Services in particular since they provided the interim steps and built out the offerings.
Microsoft also has many packages of functionality that do not fit neatly under the categories of hosted VMs, Websites or Cloud Services, and these make up the fourth mode. It is with these packages where the innovations are coming from in Azure. Microsoft’s Hadoop offering, HDInsights and the Machine Learning capabilities fit this category, and they seem to be best described as a way to get Software-as-a-Service from a centralized and experienced cloud vendor. Just in the last year Microsoft has brought out Orleans, which we will cover into more detail later.
Outside these categories there are also critical capabilities that make the rest of it work much better. Many of the network capabilities that do not easily fit into the aforementioned categories are just needed to make the rest of this stuff work. Duane Laflotte, CTO of CriticalSites considers the Virtual Network capabilities that allow you to bridge your on-premises systems with your Azure systems as a key enabler that does not fit neatly into any category.
Not everyone will play
With any new technology trend, there are early adopters and late adopters. Cloud offerings enjoy economies of scale and the ability to let you focus on the things that drive profits or productivity. But they also add the extra element of a perceived loss of control that unnerves many who are usually in the early adopter camp.
There can also be cultural and political factors that can influence adoption. One great example playing out currently is the attitude change in Germany toward all things cloud that are not hosted and owned locally. After talking to a number of business decision-makers in Germany, it appears that the NSA hacking scandal has shaken faith that data stored in the cloud is safe.
Privacy is a different concept in most of Europe than it is in the United States, and that means that it might be a while before Europe sees the kind of cloud adoption (with Microsoft, Amazon or any U.S.-based provider) that is ramping up now. To address this reality on the ground, Core Data Cloud in England has “been very busy helping companies in the U.K. have their cloud and keep it local too.” Core Data specializes in storage services such as backup, but Laflotte says that we can likely expect Europe to see many niche cloud companies like this emerge there while cloud consolidates somewhat in the U.S.
A potential remedy to this problem comes from a bill being proposed by U.S. Senators Orrin Hatch, Chris Coons and Dean Heller. This bill would protect cloud providers like Microsoft so that they don’t need not store data if doing so violates the law of the country where it is stored. (More information is available about the bill here.) If this bill becomes law, it would be the best way to remedy the lack of trust, but I would not expect its effects to be instant in any case.
Some of the Azure capabilities that seem the most out of place could be the ones that make all the difference in the world. Described earlier as packages, they each solve a problem by providing tools and the platform for those tools, along with immense scalability. The most obvious example of this is the HDInsight implementation of Hadoop available on Azure. To get Hadoop capabilities, Microsoft adapted the Hortonworks implementation to run both in Azure as the HDInsight Service and as Microsoft HDInsight Server for Windows.
Machine Learning is another prime example of one of these packages. When this came out, it was a much bigger surprise than seeing a Hadoop solution on Azure, even though it made great sense for Microsoft to enable organizations with this technology.
The reason Machine Learning is so strategic is the direction that the Web is taking as it moves toward what some are calling the Semantic Web. The Semantic Web consists of sites that understand circumstance and can adapt them for the user based on sophisticated analysis. This is where Machine Learning comes into the picture, but until now organizations had to have deep specialization with dedicated scientists to use it.
Microsoft bringing Machine Learning to Azure has gone a long way to democratizing these capabilities, meaning that much smaller organizations can bring much more sophisticated solutions to users. Bustamante pointed out that “Azure also has strong offerings with Service Bus, Media Services, Mobile Services and more.” She added that, “holistically, I view Azure as the approachable cloud: deeply useful features but easier to work with overall.”
Finding these packages needs to be easy, and of course what platform these days would be complete without a marketplace? And so, Microsoft recently debuted the initial batch of partners to provide their wares on the Azure Marketplace. This is not the same thing as the App Store, but close in concept. The Marketplace allows vendors to place their solutions on display with the hope that, since these solutions make use of Azure VMs, Storage or other services, they will help drive Azure adoption and revenue.
As of this writing, there are just over 3,000 products listed in the Marketplace, with some of them being Microsoft offerings, but many more being third-party offerings from companies from Cloudera to Barracuda.
As ISVs think about their own technology and how they can benefit from the scale and the self-service aspect of the Azure Marketplace, we will see more and more innovative implementations. For example, FileBridge’s data tiering technology has won over many customers with its ability to have multiple configurations easily selectable. In this way a customer can configure based on how many terabytes they expect to push up to Azure. To that end, there are options for 10-, 20- and 50-terabyte-capacity virtual machines.
Not everything Azure does is findable in the Azure Marketplace search. One of these is Orleans, which Wilder describes as “a really interesting additional PaaS model, which is actor-based, for low latency, highly reliable and scalable services.”
It is difficult to have a serious discussion about cloud systems without addressing DevOps.
DevOps is the comingling of tasks that used to be segregated between developers and network admins thanks to the unification driven by the cloud. It enables powerful automation and empowers those who do not shy away from it and rightly scares those who like the world the way it used to be. PowerShell is the language of DevOps in the Microsoft world, with tasks on Windows that used to be scriptable via VBScript now much better served by PowerShell. Learning how to use PowerShell is becoming a requirement rather than a nice-to-have for network admins as much as for developers.
Finomial’s Wilder pointed out that “the PowerShell tool set has matured over the years.” He went on to explain that “a couple of years ago, Azure added PowerShell cmdlets for management operations, and now we have Runbooks, which provides a hosted, highly available PowerShell scripting environment with built-in affordances to help make interacting with your Azure resources as simple as you could want.”
Virtually every task using a user interface documented by Microsoft is popping up with a PowerShell variant. When summing up Runbooks, Wilder said, “All of this is backed by auditing, a scheduler, credential management, and more. And, of course, Runbooks themselves can be managed with PowerShell.”
PowerShell is not the whole story of DevOps on Azure. There are also powerful tools built into the developer tools. Bustamante pointed out, “You can start really lean with your development process and DevOps story, and move at your own pace to a more automated process. This in particular helps small teams be productive quickly.“
She went on to relate the following story about how the publish and swap feature saved her from a big problem. “I was boarding a plane, had checked in and published a fix, but I forgot something,” she said.
“At that point, I was the only publisher of the production code, so I had to walk my developer through adding the fix and publishing for me. He fixed the issue, published via Visual Studio (so easy) to staging, so we had a rollback option just in case. Then, I walked him through my admin login to get in to the portal to run the swap. The hardest part of the whole process was remembering my password to grant him access. The ability to deploy via developer tools and perform a swap in case something went wrong was what made this all possible in a 15-minute window before the plane took off.”
Due to its nature, customers must control their Azure accounts and set up most services via the Web interface. This is convenient, but less than ideal in many ways, most notably regarding security. Under normal circumstances, if someone gets your Windows Live credentials, then they have complete control of everything you have on Azure. There are examples of big damage being done simply by losing control over these credentials on Web-based systems, including Amazon.
To address this, Microsoft has introduced Azure Multi-Factor Authentication, a core security concept whereby the user is asked to prove their identity by more than simply providing a password. The factors are generally accepted as something you know (like the username and password), something you have (like a smartcard or your phone) or something you are (like biometrics such as fingerprints or retinal scans). Microsoft describes the packages this way: “Azure Multi-Factor Authentication adds an additional layer of security to your Azure administrator account at no additional cost. When turned on, you’ll need to confirm your identity to spin up a virtual machine, manage storage, or use other Azure services.” This is a great way to solve this security problem and can also be leveraged to protect almost anything, including solutions hosted on Azure and anywhere else.
Since Azure first came out, the Web interface has changed to handle the updated offerings and features. Microsoft has been working on a major update to this portal that has in itself proven controversial. The original interface as it has evolved is shown in Figure 1, while the new portal is shown in Figure 2. There are discernable elements from the Windows 8 UI in the new portal, and Windows 8 is not considered among the most beloved of Windows versions. While the tile-based interface of Windows Phone and Windows 8 has many strengths, it also has some weaknesses.
This interface allows you to see things at a glance, but only the surface details. To find the deeper elements you have to drill in, which is fine so long as the details are findable. The interface opens and scrolls horizontally, and this is a common source of criticism. Finding things is also somewhat hit-or-miss. Although it supports search, you have to know what to search for, and some things are not actually present yet. Like the Windows 8 Start Screen, you really have to search for things because there is no concept of a folder structure, and this limits node hierarchies as a way to navigate a huge tree of options. An example of how this can trip you up is that if you install an application that would normally create Web links on the Start Menu of Windows 7, then these links are not automatically added to the start screen of Windows 8, and searching for the application will often result in many results too long to read. (SQL Server is a prime example of this.)
With the new Azure portal, the concept is of blades that open up with each click and reveal more detail after scrolling to the right. It is quite easy to get into a situation where the horizontal scrolling causes the browser to freak out a bit.
Other things do not work in the new interface, such as setting the security on an endpoint for a virtual machine deployed from the Azure Marketplace. It is important to remember that the old portal is still the default interface, and the new portal is opt-in only. With either interface, finding what you owe (monetarily) to Microsoft is easy and that is a must; however, figuring out what you owe to one of its partners is borderline impossible. This will certainly change (and hopefully soon), but these are the kinds of bumps that need to get smoothed out for Microsoft to reap the benefits from their efforts to make Azure the cloud of choice.