I have worked in a consultant company and we have customers who migrate their services to the cloud and to modern applications and services using Microsoft Azure.
Owner with 51-200 employees
Vendor
Jul 21, 2013
Windows Azure Basics (part 2 of n)–networking
In my previous post on Windows Azure Basics, I tried to introduce you the cloud computing concept and explain the Windows Azure Platform with not so technical terms. It is time now to get over the networking. What is happening behind the scenes? What we can or cannot (currently) use?
Lets first take a look at the following picture, which tries to show almost complete Windows Azure hosted service:
Here are the terms/abbreviations you see on the illustration:
Couple of words on protocols. Currently the Windows Azure hosted service only supports the TCP/IP stack of protocols. Meaning that you can only have TCP traffic to/from/within your instances. UDP is not currently supported (thus excluding IPSec also). What about web roles? Well, web roles are using HTTP protocol, which essentially lives over TCP. HTPS is also supported, because it also relies on TCP/IP. I very often see questions on whether sending/receiving mails is supported in Windows Azure, and the answer is yes. Before all, SMTP, POP(3), IMAP protocol families are all stacked over TCP. So we can have everything within the TCP stack, and (yet) nothing on the UDP stack (no SMB, no IPSec, no RTMP, etc).
Now, how can we route the Internet traffic to our instances in Windows Azure. The platform introduces an entity called Endpoint.
Endpoint is a combination of protocol type + port number, which effectively expose your instance to the internet at the given port number. What about protocol types? Well, currently you can only choose from “tcp” and “http/https”. There are two kind of endpoints: Input Endpoint and Internal Endpoint. While the Input Endpoint will expose your instance to the Internet, by routing all Internet traffic on selected port to your instance, the Internal Endpoint will only open communication between instances in a single deployment.
Something more on Windows Azure networking – the LB (Load Balancers) do not use sticky sessions. That means that every single request is routed on its own. So and end user can open a page on your website hitting Instance 0 of Web Role (check the illustration at the top), that page may create several AJAX requests and all AJAX request will go on their own route. Any of the requests may either hit Instance 0, but they may also Instance 1, and so on. That requires us to build a fully stateless applications. The application logic shall be fully operational and aware that some user’s requests may end up in one instance, other in other instances. So we have to always use a common storage (Azure Storage or SQL Azure or AppFabric Caching service) for all the data that needs to be persisted across user’s requests.
Remote Desktop? Yes, it is supported! Remote desktop operates on port 3389 over TCP protocol. Again the catch: Be aware that enabling a Remote Desktop for all your roles in your deployment (which just a checkbox), will automatically create an Input Endpoint for your service. This affects the total number of Endpoints per service (remember, it is 25)!.
What about sending mails, again? As I already wrote, the common mailing protocols are supported (SMTP, POP, IMAP), however Windows Azure does not provide a “Email-as-a-service” service. Luckily enough, a great collaboration was announced, and every Windows Azure subscription receives a complimentary free account on SendGrid with a limit of 10000 e-mails monthly (I think, this you can check). So you can use the SendGrid service to send your application / service e-mails. You get it for free for the first 10k e-mails in the month. If your needs exceed this limit, you can upgrade your account for a very reasonable price!
Lets first take a look at the following picture, which tries to show almost complete Windows Azure hosted service:
Here are the terms/abbreviations you see on the illustration:
- LB – Load Balancer. It is the Windows Azure software Load Balancer, which routes the Internet traffic to and from your hosted service;
- VIP – virtual IP address. This is the internet facing public IPv4 (currently) network address for your hosted service. You have to pay attention to it, as you only have one single internet facing IP address per hosted service;
- DIP – direct IP address. This is an internal subnet IPv4 network address that each single instance of your roles has. You have one of these DIPs for every single instance, and there is only one per instance. This IP address in internal subnet and cannot be used to directly access a specific instance from outside the Windows Azure hosted service. You can, however use this address for internal communication between instances of your roles within the whole Windows Azure deployment (hosted service)t;
- The LB (Load Balancer) will not route any Internet traffic to the instances of your roles;
- The Windows Firewall of all your instances is set to default block everything (Effectively blocking even communication between different instances in a single deployment);
Couple of words on protocols. Currently the Windows Azure hosted service only supports the TCP/IP stack of protocols. Meaning that you can only have TCP traffic to/from/within your instances. UDP is not currently supported (thus excluding IPSec also). What about web roles? Well, web roles are using HTTP protocol, which essentially lives over TCP. HTPS is also supported, because it also relies on TCP/IP. I very often see questions on whether sending/receiving mails is supported in Windows Azure, and the answer is yes. Before all, SMTP, POP(3), IMAP protocol families are all stacked over TCP. So we can have everything within the TCP stack, and (yet) nothing on the UDP stack (no SMB, no IPSec, no RTMP, etc).
Now, how can we route the Internet traffic to our instances in Windows Azure. The platform introduces an entity called Endpoint.
Endpoint is a combination of protocol type + port number, which effectively expose your instance to the internet at the given port number. What about protocol types? Well, currently you can only choose from “tcp” and “http/https”. There are two kind of endpoints: Input Endpoint and Internal Endpoint. While the Input Endpoint will expose your instance to the Internet, by routing all Internet traffic on selected port to your instance, the Internal Endpoint will only open communication between instances in a single deployment.
Side note: you maybe already noticed that I am using “instances” more often then “roles”. I hope that you’ve read my first post and already know the difference. The key difference is that the instance is the actual VM (Virtual Machine) where your code lives, while the Role only defines the “footprint” for what to be instantiated on the Virtual Machine.The catch. There is always a catch, and the current one is on the constraints put on the Endpoints:
- You can have a maximum of 25 Endpoints per hosted service (Input + Internal);
- You define your endpoints by a Role! Meaning that two different roles cannot share a single Endpoint;
- All your Endpoints within a Hosted Service must be unique. Meaning that you cannot have an Input Endpoint (i.e. “EndpointWeb") serving HTTP protocol on port 80 for one Role and have another Input Endpoint (i.e. EndpointWebMVC) serving again HTTP protocol on port 80 for another Role. Here I stress that we define Endpoints at Role level, so every instance of this role will have the endpoints defined;
Something more on Windows Azure networking – the LB (Load Balancers) do not use sticky sessions. That means that every single request is routed on its own. So and end user can open a page on your website hitting Instance 0 of Web Role (check the illustration at the top), that page may create several AJAX requests and all AJAX request will go on their own route. Any of the requests may either hit Instance 0, but they may also Instance 1, and so on. That requires us to build a fully stateless applications. The application logic shall be fully operational and aware that some user’s requests may end up in one instance, other in other instances. So we have to always use a common storage (Azure Storage or SQL Azure or AppFabric Caching service) for all the data that needs to be persisted across user’s requests.
Remote Desktop? Yes, it is supported! Remote desktop operates on port 3389 over TCP protocol. Again the catch: Be aware that enabling a Remote Desktop for all your roles in your deployment (which just a checkbox), will automatically create an Input Endpoint for your service. This affects the total number of Endpoints per service (remember, it is 25)!.
What about sending mails, again? As I already wrote, the common mailing protocols are supported (SMTP, POP, IMAP), however Windows Azure does not provide a “Email-as-a-service” service. Luckily enough, a great collaboration was announced, and every Windows Azure subscription receives a complimentary free account on SendGrid with a limit of 10000 e-mails monthly (I think, this you can check
). So you can use the SendGrid service to send your application / service e-mails. You get it for free for the first 10k e-mails in the month. If your needs exceed this limit, you can upgrade your account for a very reasonable price!Disclosure: I am a real user, and this review is based on my own experience and opinions.
Owner with 51-200 employees
Vendor
Jul 17, 2013
Windows Azure Basics–Compute Emulator
Following the first two posts of the series “Windows Azure Basics” (general terms, networking) here comes another one. Interestingly enough, I find that a lot of people are confused what exactly is the compute emulator and what are these strange IP Addresses and port numbers that we see in the browser when launching a local deployment.
If you haven’t read the Windows Azure Basics – part 2 Networking, I strongly advise you to do so, as rest of current post assumes you are well familiar with real Azure deployment networking components.
A real world Windows Azure deployment has following important components:
- Public facing IP Address (VIP)
- Load Balancer (LB) with Round Robin routing algorithm
- Number of Virtual Machines (VM) representing each instance of each role, each with its own internal IP address (DIP – Direct IP Address)
- Open ports on the VIP
- Open ports on each VM
In order to provide developers with as close to real world as possible, a compute emulator needs to simulate all of these components. So let's take a look what happens when we launch locally a Cloud Service (a.k.a. Hosted Service).
VIP Address
The VIP address for our cloud service will be 127.0.0.1. That is the public IP Address (VIP) of the service, via which all requests to the service shall be routed.
Load Balancer
Next thing to simulate is the Azure Load Balancer. There is a small software emulated Load Balancer, part of the Compute Emulator. You will not see it, you are not able to configure it, but you must be aware of its presence. It binds to the VIP (127.0.0.1). Now the trickiest thing is to find the appropriate ports to bind. You can configure different Endpoint for each of your roles. Only the Input Endpoints are exposed to the world, so only these will be bound to the local VIP (127.0.0.1). If you have a web role, the default web port is 80. However, very often this socket (127.0.0.1:80) is already occupied on a typical web development machine. So, the compute emulator tries to bind to the next available port, which is 81. In most of the cases port 81 will be free, so the "public" address for viewing/debugging will be https://127.0.0.1:81/. If port 81 is also occupied, compute emulator will try the next one – 82, and so on, until it successfully binds to the socket (127.0.0.1:XX). So when we launch a cloud service project with a web role we will very often see browser opening this wired address (https://127.0.0.1:81). The process is same for all Input Endpoints of the cloud service. Remember, the Input endpoints are unique per service, so an Input Endpoint cannot be shared by more than one Role within the same cloud service.
Now that we have the load balancer launched and bound to the correct sockets, let's see how the Compute Emulator emulated multiple instances of a Role.
Web Role
Web Roles are web applications that run within IIS. For the web roles, compute emulator uses IIS Express (and can be configured to use full IIS if it is installed on the developer machine). Compute Emulator will create a dedicated virtual IP Address on the local machine for each instance of a role. These are the DIPs of the web role. A local DIP looks something like 127.255.0.0. Each local "instance" then gets the next IP address (i.e. 127.255.0.0, 127.255.0.1, 127.255.0.2 and so on). It is interesting that the IP Addresses begin at 0 (127.255.0.0). Then it will create a separate web site in IIS Express (local IIS) binding it to the created Virtual IP Address and port 82. The emulated load balancer will then use round robin to route all requests coming to 127.0.0.1:81 to these virtual IP Addresses.
Note: You will not see the DIP virtual address when you run ipconfig command.
Here is how does my IIS Express look like when I have my cloud service launched locally:
Worker role
This one is easier. The DIP Addressing is the same, however the compute emulator does not need IIS (neither IIS Express). It just launches the worker role code in separate processes, one for each instance of the worker role.
The emulator UI
When you launch a local deployment, Compute Emulator and Storage Emulator are launched. You can bring the Compute Emulator UI by right clicking on the small azure colored windows icon in the tray area:
For purpose of this post I've created a sample Cloud Service with a Web Role (2 instances) and a Worker Role (3 instances). Here is the Compute Emulator UI for my service. And if I click on "Service Details" I will see the "public" addresses for my service:
Known issues
One very common issue is the so-called port walking. As I already described, the compute emulator tries to bind to the requested port. If that port isn't available, it tries next one and so on. This behavior is known as "port walking". Under certain conditions we may see port walking even between consequent runs of same service – i.e. the first run compute emulator binds to 127.0.0.1:81, the next run it binds to 127.0.0.1:82. The reasons vary, but the obvious one is "port is busy by another process". Sometimes the Windows OS does not free up the port fast enough, so port 81 seems busy to the compute emulator. It then goes for the next port. So, don't be surprised, if you see different ports when debugging your cloud service. It is normal.
Another issue is that sometimes browser launches the DIP Address (https://127.255.0.X:82/) instead the VIP one (https://127.0.0.1:81/). I haven't been able to find a pattern for that behavior, but if you see a DIP when you debug your web roles, switch manually to the VIP. It is important to always use our service via the VIP address, because this way we also test out application cloud readiness (distributing calls amongst all instances, instead of just one). If the problem persists, try restarting Visual Studio, Compute Emulator or the computer itself. If issue still persists, open a question at StackOverflow or the MSDN Forum describing the exact configuration you have, ideally providing a Visual Studio solution that constantly reproduces the problem. I will also be interested to see the constant repeatable issue.
Tip for the post: If you want to change the development VIP address ranges (so that it does not use 127.0.0.1) you can check out the following file:
%ProgramFiles%\Microsoft SDKs\Windows Azure\Emulator\devfabric\DevFC.exe.config
DevFC stands for "Development Fabric Controller". But, please be careful with what you do with this file. Always make a backup of the original configuration before you change any setting!
Happy Azure coding!
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Microsoft Azure
December 2024
Learn what your peers think about Microsoft Azure. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
844,944 professionals have used our research since 2012.
Consultant at SoftwareONE
Useful services, highly scalable, and easy to implement
Pros and Cons
- "Microsoft Azure has a lot of useful features. They have databases, application services, PaaS solutions, such as platform and infrastructure services. The virtual machines' functions and services are good."
- "Microsoft Azure can improve by adding more features for virtual machines, such as tier virtual machines."
Systems Architect at a educational organization with 1,001-5,000 employees
Good for managing and configuring infrastructures
Pros and Cons
- "In terms of managing and configuring infrastructures, Azure is fairly good."
- "Azure could be improved with better security. The world is changing and their security could be better. Compared to five years ago, many of these cloud systems are a lot better, especially since you can set up a private cloud and configure your services to make it more secure."
Easy to use administrator interface, stable, and straightforward installation
Pros and Cons
- "The user interface is very good for administrators."
- "Microsoft should have one package for all their solutions in one place to be found."
IT Systems Administrator at a transportation company with 51-200 employees
Stable, knowledgeable support, but the support subscription model needs improvement
Pros and Cons
- "Being cloud-based saves the provisioning aspect of an on-premises solution."
- "The support subscription models need improvement."
Highly stable, scalable, and good technical support
Pros and Cons
- "The technical support has been good."
Buyer's Guide
Download our free Microsoft Azure Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Amazon AWS
Oracle Cloud Infrastructure (OCI)
Akamai Connected Cloud (Linode)
Google Cloud
Alibaba Cloud
Google Firebase
VMware Cloud Foundation
SAP S4HANA on AWS
Nutanix Cloud Clusters (NC2)
DigitalOcean
SAP HANA Enterprise Cloud
Equinix Metal
Google Compute Engine
Tencent Cloud
NTT Cloud
Buyer's Guide
Download our free Microsoft Azure Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Gartner's Magic Quadrant for IaaS maintains Amazon Web Service at the top of the Leaders quadrant. Do you agree?
- PaaS solutions: Areas for improvement?
- Rackspace, Dimension Data, and others that were in last year's Challenger quadrant became Niche Players: Agree/ Disagree
- What Is The Biggest Difference Between Microsoft Azure and Oracle Cloud Platform?
- Which backup and recovery solution can backup Azure machines to its own (dedicated) cloud?
- Which is better - SAP Cloud Platform or Microsoft Azure?
- Which solution do you prefer: Alibaba Cloud or Microsoft Azure?
- How does Microsoft MDS (vs Informatica MDM) fit with Azure architecture?
- SAP HANA Enterprise Cloud (HEC): how to migrate to Microsoft Azure?
- Does F5 Advanced WAF work with Azure App Service?
