Windows Azure is Microsoft’s cloud-computing platform, as well as the name of the assemblage of services that make it up. Initially designed to be a Platform-as-a-Service (PaaS), Windows Azure has been updated over the last couple of years (based on feedback as well as competition from Amazon and others) by expanding its options and offerings, and by adding more traditional Web- and server-hosting capabilities.

Basically, if you want to do something that requires systems attached to the Internet, you can get Microsoft to host it for you at a fraction of the cost of putting servers in your own data center. While that is the main promise of the cloud, Microsoft has taken it a great deal further.

Microsoft’s Windows Azure business reportedly passed the billion-dollar mark in annual revenue recently, and as a result, it is hard to argue that it is not onto something with this cloud stuff. Aamir Shah, Microsoft senior cloud manager at En Pointe Technologies, said that “the tide has turned with the concept of cloud. Customers are ready, and they’re eager to find out what the starting point is. While the average person thinks that cost is the paramount factor for seeking a cloud solution, we’ve seen scalability being the most compelling reason.”

This rings true from my own experiences, where projects are often delayed by weeks or months as new servers on physical hardware (and even occasionally on virtual machines too) cannot be acquired and set up quickly. It frustrates everyone in the process, and costs money in wasted time and missed opportunities.

In light of all this, it is clear that now would be a good time to come to grips with some core questions concerning Windows Azure if, like many, you find you have let your grasp of the current state of Microsoft’s PaaS and Infrastructure-as-a-Service (IaaS) offering fall behind. In this article, we will cover the whys and hows that will help you navigate what has become a very comprehensive set of offerings that can be bewildering at first to anyone who did not watch it evolve from the beginning.

Microsoft has had to play catch-up (mostly with Amazon) since it first announced Azure, but now it competes with a wide array of other targeted cloud platforms as well. The initial problems with the offering were that it was an all-or-nothing undertaking. There was no integration story with on-premise systems, and there were no IaaS aspects to the initial offerings at all. If these are your current perspectives, then you should suspend judgment based on all you have heard up until now, because if you did not hear it directly from Microsoft in the last six months, then it is time to revisit what Azure can do for you. There will still be situations where other cloud platforms better fit your needs, but at least now Windows Azure is a contender.

Windows AzureWhy the cloud?
The promises of the cloud are mostly found in the economies of scale that can be had when many organizations share the core costs of data centers along with the efficiencies of virtualizing system loads. Microsoft has pushed aggressively to make its Hyper-V virtualization technology able to drive these cost savings in both the Azure cloud and in on-premise virtualized systems.

En Pointe’s Shah pointed to several major themes that are driving his company’s customers toward using the cloud—specifically Windows Azure—in their solutions. He felt that flexibility, scalability and efficiency were advantages everyone could understand with little trouble. When asked for an example of how flexibility and scalability are attained from using Azure, he said, “Being able to spin up servers at the drop of a dime, rather than spending time architecting an on-premise build.”

His point highlights how easy it has become to generate a server on the IaaS cloud platforms. This is not just true for Azure, but also with the cloud offerings from Amazon, Rackspace, and (later this year) VMware. The advantage Microsoft currently has is the ability to choose from template VMs that do not need to be installed or uploaded for faster deployment.

Flexibility like this is what drove the adoption of the first PC LANs as departments searched for ways to get out from under the thumb of IT. That new trend goes to show that everything is faster in the technology world, including how fast history repeats itself. Asked how he sees efficiency manifested in leveraging Azure, Shah said, “Always up, accessible anywhere, keeping your employees connected whether they are remote or in the office.” The cloud is just the next logical step for those that have already embraced virtualization. The advantages of virtualizing servers are very much the same as the advantages of leveraging cloud infrastructure.
Which cloud?
There are choices when it comes to cloud providers, with Amazon and Windows Azure being the most recognized names competing in the space today. Many of the features of Azure are strongly developer-centric and allow complex systems to be deployed without the need for strong IT support.

To attract developers outside of Microsoft shops, the Azure team has enabled non-Microsoft technologies such as PHP and a whole raft of others on the platform. I talked to Bruce Backa, CEO of NTP Software, about why he prefers Azure to Amazon, and he said, “While Amazon’s EC2 compute model has changed the world, it has one really harsh embedded assumption: that your business started yesterday.” He went on to explain that, “for most of the 27 million businesses in America, that’s not true. Azure provides a platform for businesses with pre-existing applications and data to smoothly integrate the cloud and scale out globally.”

This does not apply to the many startups have begun their systems on Amazon and are very happy with it. Organizations that have a large database or on-premise system that has to be part of the solution can integrate those systems with Azure now. One place where Microsoft has an advantage in on-premise integration is in allowing the organizational Active Directory to federate with Azure, allowing on-premise provisioned accounts to be used seamlessly to authenticate cloud-based systems.

Azure also has the benefit of providing options for migrating systems from the cloud to on-premise and back again, thanks to Hyper-V being the basis for both the Azure platform itself and being available in Windows Server 2012 in your own data center. Microsoft also takes full advantage of including the operating system license costs as part of the offering, so if you need to spin up 12 Windows Server instances for a load test on any other cloud, you need to have the licenses. But on Azure, they are included. If the systems in question are Linux, then this is a non-issue, but a lot of the world does run on Windows and needs to be tested on Windows.

PaaS vs. IaaS
IaaS has been available for a long time in the form of Web hosting and server hosting. Rackspace and Amazon have been leading the charge in innovating this form of cloud platform in ways that make it way easier to use than previous hosting providers.

As mentioned earlier, Microsoft has been adding IaaS options to its initial offerings in realization that neither IaaS nor PaaS fit all needs. PaaS is about removing the IT overhead and chores from the equation entirely, as there is not even a VM to upload, configure or patch. With PaaS, the developer clicks to the environment and then deploys the solution in a way more like a Lego system than enterprise architecture. This is not to trivialize the result or even the skill required to envision and implement, but it does accelerate and streamline maintenance in ways that IaaS does not.

Benjamin Day, owner of Benjamin Day Consulting, has been a technical authority on Azure since it was first announced. He said, “Azure’s PaaS offering has always seemed like a big win for teams because you just worry about your application code, and then the rest of the details are taken care of by Azure. Basically, it’s Web hosting on steroids.”

If Windows Azure is ultimately the winner of the cloud platform wars, it will likely be due to the superiority of PaaS as a model for cloud adoption rather than any astute maneuvering done by Microsoft over Amazon. But it will not hurt at all that Microsoft is playing in the IaaS space as well.
Will it be secure?
Security is important to everyone, and questions about the security provided by Azure were the topic of the very first conversations I had with Microsoft staff when Azure was first announced. There are certifications for various levels of government data and many other factors to consider when thinking about the security of a cloud platform or any -as-a-service provider.

Microsoft’s online properties see an enormous level of assault. Maybe this continuous barrage of attacks causes you to think your data is better off in your own data centers, but the safest places on the Internet tend to be those that get attacked the most, because they have withstood those attacks for so long that they have learned how to stay protected.

Windows Server 2012 is a great example of the arms race that is online security these days. Windows Server 2012 bakes into the OS protections from cyberthreats on the level of the Stuxnet virus, and Windows Server 2012 and its hypervisor capabilities underlie Azure. Microsoft’s Ken Johnson and Matt Miller presented at Black Hat last year on exploit mitigation for Windows 8 (and Windows Server 2012).

Stuxnet represents a serious threat to systems, and Microsoft looked at how it was approaching some of its attacks. Some of the biggest insights had to do with predictability in OS structures such as the heap. Windows 2012 makes it so that things are much less likely to be at the memory address that can be guessed by an attacker. The full slide deck is available online.

Duane Laflotte, CTO of CriticalSites, agreed that there is no real safe harbor on the Internet (except for not being on the Internet). He cautioned organizations looking to use the cloud to “refrain from just throwing solutions up and hoping the walls hold the bad guys out. The truth is that encrypting data at rest—and in motion where practical—will go a long way to upping the security of your most important assets, whether they sit in the cloud or on-premise.”

When asked if he had any data on the cloud, and specifically on Azure, he said yes, adding, “I know that the security people at Microsoft are top-notch and are making the security of the Azure platform a top priority. To be honest, they are likely the most secure data centers you can find anywhere.”

Security can be hard to prove. Thus far there are no major security breaches of Azure of which I am aware, and I am certain they would be widely and loudly publicized if and when they were found. The same is true of Amazon, of course, with regard to security. The winner in the security space will likely be the first one to retain a clean security record after the other has been breached.

Making sense of dollars
As mentioned earlier, one of the biggest advantages of taking operations to the cloud is cost efficiency. In each round of conferences since Windows Azure was first announced, Microsoft has ratcheted down the rates. As Benjamin Day pointed out, “The recent announcements [at June’s TechEd conference] about Azure virtual-machine billing and the announcements from the Visual Studio team about cloud-based load testing should be extremely exciting for development teams.”

The big news is that virtual machines uploaded to Azure but not actively running will no longer incur any costs. Another change is that VMs are billed by the minute instead of by the hour. This sounds like a small change, but it could really add up, especially for testing environments and the like where the virtual machine is stopped and started often. These changes are a departure from the previous policy, and remove a major hurdle to making Azure very affordable in the full-server IaaS role.

When Windows Azure was first announced, the billing was problematic. There was no good way to track what things were costing or would cost. There were many different values that were used to incur costs, and it seemed that you could easily and quickly be nickel-and-dimed to death.

Over time, though, this has gotten much better, including clear billing insight via the Azure portal and now Microsoft removing some of the more onerous items from the virtual machine offering. Removing friction is important to adoption, especially for a new frontier like the cloud. En Pointe’s Shah noted that with Azure, “You can get up and running with just a credit card. And it’s pay as you go.”

This last part is a critical point since traditionally you have to provision systems for the highest level of usage and bear the cost of that level. And if you or your organization is an MSDN subscriber, then you already get monthly credits to use toward Azure services.

The final price for the Web Site offering for the Standard level (formerly called Reserved) showed that Microsoft Azure is not a cure-all. Web Sites can be a great service, but at US$10 per month for simple website hosting, it is not quite competitive with the $4 per month available from GoDaddy and other traditional hosting providers. The question is whether the premium is worth it since the site can be tied to your coding environment for very simple deployment. Microsoft has yet to finalize the pricing on the Web Site Shared level, which allows for most of what Standard offers, but with less scale and no SLA. If that were to come in at $5 or less per month, then it would be in the right range.
Going from here to there
The most common question asked once the decision has been made to start using Azure is where and how to start. For many, the easy way is to pick a website or Web-based application and put it up on Azure as a website.

This will get you accustomed to using the Azure interface, which is available via the portal login at It is very easy to get a new or existing site up and running once you have an Azure account set up (there is always a free trial available too). Figure 1 shows some of the blogging systems that can be rapidly set up via the gallery.

Microsoft has provided choices for getting things done with Azure, including working through the portal wizards and also deploying sites directly from Visual Studio. You can also deploy your Web application from Git repositories such as GitHub or from Team Foundation Services. The advantage of deploying from a source-code repository is that you can get continuous source integration such that as changes are made to the code, they get pushed automatically to the Azure-hosted site. Once the site is deployed, the domain can be set to a vanity domain with a bit of DNS manipulation, and you can even leverage SSL.

The next logical step depends on how your environment is currently configured in terms of virtualization platforms and systems being used. For example, if you need to add a SharePoint server to the mix of an existing solution, but want to avoid provisioning that server, you can set up a virtual machine to play that role, yet still integrate it into your on-premise systems. With Microsoft System Center, servers both onsite and in the cloud can be managed together rather seamlessly.

The technology that allows for the integration between your on-premise systems and Azure is called the Service Bus, formerly called AppFabric for those that did some reading in the past. Service Bus Relay lets you build these hybrid solutions that span Azure and your own data centers. For example, you can use it to provide secure and reliable communications between your systems via Web services. This allows you to surface data to the Azure solution, and to move the parts of the solution that work best for your goals to Azure while keeping others under your own roof.

According to En Pointe’s Shah, “Many of our customers are taking a hybrid approach, which bridges the company’s infrastructure and leverages Azure. We are there to help companies understand what the best implementation approach is for their company.”

The catch, though, is that it is not trivial to make proper use of the Service Bus. It stands out as perhaps the most esoteric of the Azure mechanisms, thanks in no small part to its heavy reliance on WCF. When asked about this aspect, Day said, “If your app is already running in your data center and you’re happy with it, it’s not necessarily simple or risk-free to move it to the PaaS cloud.”

IT vs. the cloud
Development groups and system administrators have always had a strained relationship. In some cases this has been an advantage, since if IT and development colluded, that could streamline deploying backdoors and other bad things. With the advent of major organizations leveraging Azure, however, we are seeing different kinds of conflict between the groups. Many IT organizations see the efficiencies of the cloud as bad for their longevity and have taken obstructionist positions.

Workers of every stripe sometimes make mistakes that can plague their productivity, but system administrators must be held to a higher standard because the ramifications of mistakes on their part usually have a higher price tag. There are times where fear of making mistakes, especially with new technologies, can cause resistance on the part of these system administrators.

Bad habits embedded in standard practices are less common than simple mistakes, but they carry a far greater cost. For example, most organizations will, as a standard practice, format systems that are no longer needed (a good security practice) and then build on a new OS image when and if the server hardware is pressed back into service. The few organizations that ignore this clear best practice cause real headaches for their developers who end up having a hard time predicting behaviors thanks to remnants from a server’s last role.

Virtualization has made this whole conversation go away for many organizations, but there are still some who will not only fail to format the system coming out of service, but will simply uninstall previous applications and install new ones. These are the same IT teams that are typically too lazy to even patch systems, and who treat service packs needed to support server applications to be a special request.

Having worked in countless data centers myself, I can attest that while these horror-show IT teams exist, they are not widespread. What is widespread is a consensus among admin staffs that developers always ask for superfluous requirements, as well as a general lack of understanding of what kinds of resources an enterprise application needs to get things done. The problem is that there is definitely an “Us vs. Them” mentality between IT staff and developers on a grand scale. Rather than viewing developers as customers to be served, they are gremlins to be thwarted.

The PaaS option of Azure advertises that you can eliminate the IT staff from the equation, and that does tend to make IT people less enthusiastic about the prospect of PaaS being the way forward for their company. If you refer to Figure 2 the savings highlighted are mostly at the expense of IT. It would be an oversimplification to say that Azure eliminates the need for an IT department, but not only is it not helping, it is clearly automating away work that is currently done by network administrators.

Getting better all the time
Since he attended TechEd in New Orleans, I asked Day what he thought would be the thing that got organizations over the hurdle of using Azure. His answer was pretty compelling: “It’s all about removing friction in the development process. It’s all about removing distractions from the development process. The new cloud-based load testing from Team Foundation Service does just that.”

He continued, “Organizations often want to load test their application, but can’t mentally get over the hurdle of provisioning the hardware. In order to do load testing internally, you probably will want a minimum of three to five servers that will run the Visual Studio Load Test Controllers and Agents. If you’re part of the development team, convincing your internal IT organization to give you one server is often close to impossible, let alone three to five. Now if something is difficult or feels like it’s going to be a black hole, how likely is it that you’re going to do it? Answer: not likely. But you still know that you should load test your Web applications, right?

“Well, you could do this with Azure IaaS VMs, but the Visual Studio team has just announced their cloud-based load-testing offering. With their load-testing service, you don’t worry about hardware or operating systems, and you don’t worry about configuring the [on-premise] Load Testing services. You just connect to their Load Testing service using Visual Studio and start your load test. Done and done.”