Virtual Machines Archives

10 Jul 2019
By editor
Categories: Azure, Cloud Strategy, Virtual Machines

CGG speeds geoscience insights on Azure HPC

A leader in geosciences, CGG has been imaging the earth’s subsurface for more than 85 years. Their products and solutions help clients locate natural resources. When a customer asked whether the cloud could speed the creation of the high-resolution reservoir models that they needed, CGG turned to Azure high performance computing (HPC).

CGG is a team of acknowledged imaging experts in the oil and gas industry. Their subsurface imaging centers are internationally acclaimed, and their researchers are regularly recognized with prestigious international awards for their outstanding technical contributions to the industry. CGG was an early innovator in seismic inversion, the technique of converting seismic survey reflection data into a quantitative description of the rock properties in an oil and gas reservoir. From this data, highly detailed models can be made, like the following image showing the classification of rock types in a 3D grid for an unconventional reservoir interval. These images are invaluable in oil and gas exploration. Accurate models help geoscientists reduce risk, drill the best wells, and forecast production better.

The challenge is to get the best possible look beneath the surface. The specialized software is compute-intensive, and complex models can take hours or even days to render.

Figure 1. An advanced seismic model, using CGG’s Jason RockMod.

Azure provides the elasticity of compute that enables our clients to rapidly generate multiple high-resolution rock property realizations with Jason RockMod for detailed reservoir models.”

– Joe Jacquot, Strategic Marketing Manager, CGG GeoSoftware

The challenge: prove it in the cloud

An oil and gas company in Southeast Asia asked CGG to work with them to find the optimum way to deploy reservoir characterization technology for their international team. The customer also wondered if they could take advantage of the cloud to save on hardware costs in their datacenter, where they already ran leading-edge CGG geoscience software solutions. They knew the theory of the cloud’s elasticity and on-demand scalability were familiar with its use in oil exploration, but they didn’t know if their applications would perform as well in the cloud as they did on-premises.

In a rapidly moving industry, performance gains translate to speedier decision making, accelerated exploration, and development timelines, so the company asked CGG to provide a demonstration. As geoscience experts, CGG wanted to show their software in the best possible light. They turned to the customer advisors at AzureCAT (led by Tony Wu) for help creating a proof of concept that demonstrated how the cloud capacity could help the company get insights faster.

Demo 1: CGG Jason RockMod

CGG Jason RockMod overcomes the limitations of conventional reservoir characterization solutions with a geostatistical approach to seismic inversion. The outcome is accurate reservoir models so in depth that geoscientists can use them to predict field reserves, fluid flow patterns, and future production.

The company wanted to better understand the scale of the RockMod simulation in the cloud, and wondered whether the cloud offered any real benefits compared to running the simulations on their own workstations.

Technical teams from CGG and AzureCAT looked at RockMod as a big-compute workload. In this type of architecture, computationally intensive operations such as simulations are split across CPUs in multiple computers (10 to 1,000s). A common pattern is to administer a cluster of virtual machines, then schedule and monitor the HPC jobs. This do-it-yourself approach would enable the company to set up their own cluster environment in Azure virtual machine scale sets. The number of VM instances can automatically scale per demand or on a defined schedule.

RockMod creates a family of multiple equi-probable simulation outputs, called realizations. In the proof of concept tests for their customer, CGG ran RockMod on a Microsoft Windows virtual machine on Azure. It served as the master node for job scheduling and distribution of multiple realizations across several Linux-based HPC nodes in a virtual machine scale set. Scale sets support up to 1,000 VM instances or 300 custom VM images, more than enough scale for multiple realizations.

An HPC task generates the realizations, and the speed depends on the number of CPU cores or non-hyperthreading more than the processor speed. AzureCAT recommended non-hyperthreading cores as the best choice for application performance. From a storage perspective, the realizations are not especially demanding. During testing, the storage IO rate went up to a few hundred megabytes per second (MB/s). Based on these considerations, CGG chose the cost-effective DS14V2 virtual machine with accelerated networking, which has 16 cores and 7 GB per core.

“Azure provided the ideal blend of HPC and storage performance and price, along with technical support that we needed to successfully demonstrate our high-end reservoir characterization technology on the cloud. It was a technical success and paved the way for full-scale commercial deployment.”

– Joe Jacquot, Strategic Marketing Manager, CGG GeoSoftware

Figure 2. Azure architecture of CGG Jason RockMod.

Benchmarks and benefits

A typical project is about 15 GB in size and includes more than three million seismic data traces. Some of the in-house workstations could render a single realization within a day or two, but the goal was to run 30 realizations by taking advantage of the cloud’s scalability. The initial small scale test ran one realization on one HPC node, which took just under 12 hours to complete. That was within the target range, and now the CGG team needed to see what would happen when they ran at scale.

To test the linear scalability of the job, they first ran eight realizations on eight nodes. The results were nearly identical to the small scale test run. The one realization to one node formula seemed to work. For the sake of comparison, they tried running 30 realizations on just eight nodes. That didn’t work so well, the tests were nearly four times slower.

The final test ran 30 realizations on 30 nodes, one realization to one node. The results were similar to the small scale test, and the job was completed in just over 12 hours. This scenario was tested several times to validate the results which were consistent. The test was a success.

Demo 2: CGG InsightEarth

In their exploration and development efforts, the company also used CGG InsightEarth, a software suite that accelerates 3D interpretation and visualization.

The interpretation teams at the company were using several InsightEarth applications to locate hydrocarbon deposits, faults and fractures, and salt bodies all of which can be difficult to interpret. They asked CGG to compare the performance of the InsightEarth suite on Azure to their workstations on premises. Their projects were typically 15 GB in size, with more than three million seismic data traces.

InsightEarth is a powerful, memory-intensive application. To get the best performance, the application must run on a GPU-based computer, and to get the best performance from GPUs, efficient memory access is critical. To meet this requirement on Azure, the team of engineers from CGG and AzureCAT looked at the specialized, GPU-optimized VM sizes that are available. The Azure NV-series virtual machines are powered by NVIDIA Tesla M60 GPUs and the NVIDIA GRID technology with Intel Broadwell CPUs, which are suited for compute-intensive visualizations and simulations.

The GRID license gives the company the flexibility to use an NV instance as a virtual workstation for a single user, or to give 25 users concurrent access to the VM running InsightEarth. The company wanted the collaborative benefits of the second model. Unlike a physical workstation, a cloud-based GPU virtual workstation would allow them all to view the data after running a pre-processing or interpretation step because all the data was in the cloud. This would streamline their workflow, eliminating the need to move the data back on premises for that task.

The initial performance tests ran InsightEarth on an NV24 VM on Azure. The storage IO demand was moderate, with rates around 100 MB/s. However, the VM’s memory size proved to be a bottleneck. The amount of data that could be loaded from the memory was limited, and the performance wasn’t as good as the more powerful GPU setup used on premises.

Next, the team ran a similar test using an ND-series VM. This type is specifically designed to offer excellent performance for AI and deep learning workloads, where huge data volumes are used to train models. They chose an ND24-size VM with double the amount of the memory and the newer NVIDIA Tesla P40 GPUs. This time, the results were considerably better than NV24.

From an infrastructure perspective, storage also matters when deploying high-performance applications on Azure. The team implemented SoftNAS, a type of storage that supports both the Windows and Linux VMs used in the overall solution. SoftNAS also suits the lower to mid-range storage IO demands for these simulation and interpretation workloads.

Figure 3. Azure Architecture for InsightEarth

Summary

GPUs and memory-optimized VMs provided the performance that the company needed for both Jason Rockmod and InsightEarth. Better yet, Azure gave them the scale they needed to run multiple realizations in parallel. In addition, they deployed GPUs to both software solutions, giving the CGG engineers a standard front end to work with. They set up access to the Azure resources through an easy-to-use portal based on Citrix Cloud, which also runs on Azure.

CGG’s customer, the oil and gas company, was delighted with the results. Based on the results of the benchmark tests, the oil and gas company decided to move all of their current CGG application workload to Azure. The cloud’s elasticity and Azure’s pay-per-use model were a compelling combination. Not only did the Azure solution perform, it proved to be more cost-effective compared to the limited scalability they could achieve with their computing power on-premises.

Company:	CGG
Microsoft Azure CAT Technical Lead:	Tony Wu

27 Jun 2019
By editor
Categories: Announcements, Azure, Virtual Machines

Announcing the general availability of Azure premium files

Highly performant, fully managed file service in the cloud!

Today, we are excited to announce the general availability of Azure premium files for customers optimizing their cloud-based file shares on Azure. Premium files offers a higher level of performance built on solid-state drives (SSD) for fully managed file services in Azure.

Premium tier is optimized to deliver consistent performance for IO-intensive workloads that require high-throughput and low latency. Premium file shares store data on the latest SSDs, making them suitable for a wide variety of workloads like databases, persistent volumes for containers, home directories, content and collaboration repositories, media and analytics, high variable and batch workloads, and enterprise applications that are performance sensitive. Our existing standard tier continues to provide reliable performance at a low cost for workloads less sensitive to performance variability, and is well-suited for general purpose file storage, development/test, backups, and applications that do not require low latency.

Through our initial introduction and preview journey, we’ve heard from hundreds of our customers from different industries about their unique experiences. They’ve shared their learnings and success stories with us and have helped make premium file shares even better.

“Working with clients that have large amounts of data that is under FDA or HIPAA regulations, we always struggled in locating a good cloud storage solution that provided SMB access and high bandwidth… until Azure Files premium tier. When it comes to a secure cloud-based storage that offers high upload and download speeds for cloud and on-premises VM clients, Azure premium files definitely stands out.”

– Christian Manasseh, Chief Executive Officer, Mobius Logic

“The speeds are excellent. The I/O intensive actuarial CloudMaster software tasks ran more than 10 times faster in the Azure Batch solution using Azure Files premium tier. Our application has been run by our clients using 1000’s of cores and the Azure premium files has greatly decreased our run times.”

– Scott Bright, Manager Client Data Services, PolySystems

Below are the key benefits of the premium tier. If you’re looking for more technical details, read the previous blog post “Premium files redefine limits for Azure Files.”

Performant, dynamic, and flexible

With premium tier, performance is what you define. Premium file shares’ performance can instantly scale up and down to fit your workload performance characteristics. Premium file shares can massively scale up to 100 TiB capacity and 100K IOPS with a target total throughput of 10 GiB/s. Not only do premium shares include the ability to dynamically tune performance, but also offer bursting capability to meet highly variable workload requirements with short peak periods of intense IOPS.

“We recently migrated our retail POS microservices to Azure Kubernetes Service with premium files. Our experience has been simply amazing – premium files permitted us to securely deploy our 1.2K performant Firebird databases. No problem with size or performance, just adapt the size of the premium file share to instantly scale. It improved our business agility, much needed to serve our rapidly growing customer base across multiple retail chains in France.”

– Arnaud Le Roy, Chief Technology Officer, Menlog

We partnered with our internal Azure SQL and Microsoft Power BI teams to build solutions on premium files. As a result, Azure Database for PostgreSQL and Azure Database for MySQL recently opened a preview of increased scale of 16 TiB databases with 20,000 IOPS powered by premium files. Microsoft Power BI announced a powerful 20 times faster enhanced dataflows compute engine preview built upon Azure Files premium tier.

Global availability with predictable cost

Azure Files premium tier is currently available in 19 Azure regions globally. We are continually expanding regional coverage. You can check the Azure region availability page for the latest information.

Premium tier provides the most cost-effective way to create highly-performant and highly-available file shares in Azure. Pricing is simple and cost is predictable–you only pay a single price per provisioned GiB. Refer to the pricing page for additional details.

Seamless Azure experience

Customers receive all features of Azure Files in this new offering, including snapshot/restore, Azure Kubernetes Service and Azure Backup integration, monitoring, hybrid support via Azure File Sync, Azure portal, PowerShell/CLI/Cloud Shell, AzCopy, Azure Storage Explorer support, and the list goes on. Developers can leverage their existing code and skills to migrate applications using familiar Azure Storage client libraries or Azure Files REST APIs. The opportunities for future integration are limitless. Reach out to us if you would like to see more.

With the availability of premium tier, we’re also enhancing the standard tier. To learn more, visit the onboarding instructions for the standard files 100 TiB preview.

Get started and share your experiences

It is simple and takes two minutes to get started with premium file shares. Please see detailed steps for how to create a premium file share.

Visit Azure Files premium tier documentation to learn more. As always, you can share your feedback and experiences on the Azure Storage forum or email us at [email protected]. Post your ideas and suggestions about Azure Storage on our feedback forum.

20 Jun 2019
By editor
Categories: Azure, DevOps, Management, Monitoring, Virtual Machines

Virtual machine scale set insights from Azure Monitor

In October 2018 we announced the public preview of Azure Monitor for Virtual Machines (VMs). At that time, we included support for monitoring your virtual machine scale sets from the at scale view under Azure Monitor.

Today we are announcing the public preview of monitoring your Windows and Linux VM scale sets from within the scale set resource blade. This update includes several enhancements:

In-blade monitoring for your scale set with “Top N”, aggregate, and list views across the entire scale set.
Drill down experience to identify issues on a particular scale set instance.
Updated mapping UI to display the entire dependency diagram across your scale set while supporting drill down maps for a single instance.
UI based enablement of monitoring from the scale set resource blade.
Updated examples for enabling monitoring using Azure Resource Manager templates.
Use of policy to enable monitoring for your scale set.

Performance

The performance views are powered using log analytics queries, offering “Top N”, aggregate, and list views to quickly find outliers or issues in your scale set based on guest level metrics for CPU, available memory, bytes sent and received, and logical disk space used.

These views will help you quickly determine if a particular instance is having an issue, and provide the means to troubleshoot the issue, specified down to the process that is having a failed connection to a backend service or a particular logical disk running out of space.

Maps

Our dependency maps and network connection data sets are powered by the service map solution and it’s Azure Virtual Machine extension. Maps in this context deliver a view that is specific to your scale set, automatically discovering the processes on the instances that are accepting in bound connections and making out bound connections to backend servers. This allows you to identify surprise dependencies to third party services, monitor failed connections, see live connection counts, monitor bytes sent and received per process, and identify service level latency.

In addition to the map view, you can analyze the network connection data set in our connections overview workbook or directly in log analytics.

Workbooks

We have brought our workbooks from Azure Monitor for Virtual Machines to the scale set view. These workbooks query the monitoring data we collect and allow you to modify them to create custom reports that you can share with colleagues in the portal.

Getting started

If you’re running VM scale sets you can use the performance and map capabilities from the “Insights (preview)” menu on the scale set resource blade to find resource constraints and visualize dependencies.

To get started, go to the resource blade for your VM scale set and click on “Insights (preview)” in the monitoring section. When you click “Try now” you’ll be prompted to choose a log analytics workspace, or we can generate one for you. You can view your resources at scale in Azure Monitor under “Virtual Machines (preview)” and on-board to entire resource groups and subscriptions using Azure Policy or using Powershell.

19 Jun 2019
By editor
Categories: Announcements, Azure, Networking, Security, Virtual Machines

Announcing the preview of Microsoft Azure Bastion

For many customers around the world, securely connecting from the outside to workloads and virtual machines on private networks can be challenging. Exposing virtual machines to the public Internet to enable connectivity through Remote Desktop Protocol (RDP) and Secure Shell (SSH), increases the perimeter, rendering your critical networks and attached virtual machines more open and harder to manage.

RDP and SSH are both a fundamental approach through which customers connect to their Azure workloads. To connect to their virtual machines, most customers either expose their virtual machines to the public Internet or deploy a bastion host, such as jump-server or jump-boxes.

So today, I’m excited to announce the preview of Azure Bastion.

Azure Bastion is a new managed PaaS service that provides seamless RDP and SSH connectivity to your virtual machines over the Secure Sockets Layer (SSL). This is completed without any exposure of the public IPs on your virtual machines. Azure Bastion provisions directly in your Azure Virtual Network, providing bastion host or jump server as-a-service and integrated connectivity to all virtual machines in your virtual networking using RDP/SSH directly from and through your browser and the Azure portal experience. This can be executed with just two clicks and without the need to worry about managing network security policies.

Leading up to the preview, we have worked with hundreds of customers across a wide area of industries. The interest to join the preview has been immense, and similar to other unique Azure services such as Azure Firewall, the feedback has been very consistent: We need an easy and integrated way to deploy, run, and scale jump-servers or bastion hosts within our Azure infrastructure.

For example, what we heard directly from a cloud foundation team manager for a German premium car manufacturer is that they had concerns about exposing cloud virtual machines with RDP/SSH ports directly to the Internet due to the potential of experiencing a number of security and connectivity issues. During the preview of Azure Bastion, they were able to use RDP/SSH over SSL to our virtual machines which allowed them to traverse corporate firewalls effortlessly and at the same time, restrict Azure Virtual Machines to only private IPs.

Deploying a stand-alone dedicated jump-server often entails manually deploying and managing specialized IaaS based solutions and workloads, such as Remote Desktop Services (RDS) gateway, the configuration and managing of authentication, security policies and access control lists (ACLs), as well as managing availability, redundancy, and scalability of the solution. Additionally, monitoring and auditing along with the ongoing requirement to remain compliant with corporate policies can quickly make the setup and management of jump servers an involving, costly, and less desirable task.

Azure Bastion is deployed in your virtual network providing RDP/SSH access for all authorized virtual machines connected to the virtual network.

Key features available with the preview include:

RDP and SSH from the Azure portal: Initiate RDP and SSH sessions directly in the Azure portal with a single-click seamless experience.
Remote session over SSL and firewall traversal for RDP/SSH: HTML5 based web clients are automatically streamed to your local device providing the RDP/SSH session over SSL on port 443. This allows easy and securely traversal of corporate firewalls.
No public IP required on Azure Virtual Machines: Azure Bastion opens the RDP/SSH connection to your Azure virtual machine using a private IP, limiting exposure of your infrastructure to the public Internet.
Simplified secure rules management: Simple one-time configuration of Network Security Groups (NSGs) to allow RDP/SSH from only Azure Bastion.
Increased protection against port scanning: The limited exposure of virtual machines to the public Internet will help protect against threats, such as external port scanning.
Hardening in one place to protect against zero-day exploits: Azure Bastion is a managed service maintained by Microsoft. It’s continuously hardened by automatically patching and keeping up to date against known vulnerabilities.

Azure Bastion–The road ahead

Like with all other Azure networking services, we look forward to building out Azure Bastion and adding more great capabilities as we march towards general availability.

The future brings Azure Active Directory integration, adding seamless single-sign-on capabilities using Azure Active Directory identities and Azure Multi-Factor Authentication, and effectively extending two-factor authentication to your RDP/SSH connections. We are also looking to add support for native RDP/SSH clients so that you can use your favorite client applications to securely connect to your Azure Virtual Machines using Azure Bastion, while at the same time enhance the auditing experience for RDP sessions with full session video recording.

We encourage you all to try out the Azure Bastion and look forward to hearing and incorporating your feedback.

4 Jun 2019
By editor
Categories: Azure, Cloud Strategy, Storage, Backup & Recovery, Virtual Machines

Customize your automatic update settings for Azure Virtual Machine disaster recovery

In today’s cloud-driven world, employees are only allowed access to data that is absolutely necessary for them to effectively perform their job. This limited access is especially important in scenarios where it’s difficult to monitor access behaviors, like if you have many employees and/or engage vendors. Access is usually based on the job responsibility, authority, and capability. As a result, some job profiles will not have access to certain data or rights to perform specific actions if they do not need it to fulfill their responsibilities. The ability to hence control access but still be able to perform job duties aligning to the infrastructure administrator profile is becoming more relevant and frequently requested by customers.

You asked, we listened!

When we released the automatic update of agents used in disaster recovery (DR) of Azure Virtual Machines (VMs), the most frequent feedback we received was related to access control. Customers had DR admins who were given just enough rights to execute operations to enable, failover, or test DR. While they wanted to enable automatic updates and avoid the hassle of having to monitor for monthly updates and manually upgrade the agents, they didn’t want to give the DR admin contributor access to the subscription, which would allow them to create automation accounts. The request we heard from you was to allow customers to provide an existing automation account, approved and created by a person who is entrusted with the right access in the subscription. This automation account could then be used to execute the runbook, which checks for new updates and upgrades the existing agent every time there is a new release.

How to choose an existing automation account?

Choose the virtual machine you want to enable replication for.
In the Advanced Settings blade, under Extension Settings, choose a previously created Automation account.

This automation account can be used to automatically update agents for all Azure virtual machines within the Recovery Services vault. If you change it for one virtual machine, the same will be applied to all virtual machines.

Please note that this capability is only applicable for disaster recovery of Azure virtual machines, and not for Hyper-V/VMware VMs

HB-series Azure Virtual Machines achieve cloud supercomputing milestone

New HPC-targeted cloud virtual machines are first to scale to 10,000 cores

Azure Virtual Machine HB-series are the first on the public cloud to scale a MPI-based high performance computing (HPC) job to 10,000 cores. This level of scaling has long been considered the realm of only the world’s most powerful and exclusive supercomputers, but now is available to anyone using Azure.

HB-series virtual machines (VMs) are optimized for HPC applications requiring high memory bandwidth. For this class of workload, HB-series VMs are the most performant, scalable, and price-performant ever launched on Azure or elsewhere on the public cloud.

With the AMD EPYC processors, the HB-series delivers more than 260 GBs of memory bandwidth, 128 MB L3 cache, and SR-IOV-based 100 Gbs InfiniBand. At scale, a customer can utilize up to 18,000 physical CPU cores and more than 67 terabytes of memory for a single distributed memory computational workload.

For memory-bandwidth bound workloads, the HB-series delivers something many in HPC thought may never happen. Azure-based VMs are now as or more capable as bare-metal, on-premises status quo that dominates the HPC market, and at a highly competitive price point.

World-class HPC technology

HB-series VMs feature the cloud’s first deployment of AMD EPYC 7000-series CPUs explicitly for HPC customers. AMD EPYC features 33 percent more memory bandwidth than any x86 alternative, and even more than leading POWER and ARM server platforms. In context, this 263 GBs of memory bandwidth the HB-series VM delivers 80 percent more than competing cloud offerings in the same memory per core class.

HB-series VMs expose 60 non-hyperthreaded CPU cores and 240 GB of RAM, with a baseclock of 2.0 GHz, and an all-cores boost speed of 2.55 GHz. HB VMs also feature a 700 GB local NVMe SSD, and support up to four Managed Disks including the new Azure P60/P70/P80 Premium Disks.

A flagship feature of HB-series VMs is 100 GBs InfiniBand from Mellanox. HB-series VMs expose the Mellanox ConnectX-5 dedicated back-end NIC via SR-IOV, meaning customers can use the same OFED driver stack that they’re accustomed to in a bare metal context. HB-series VMs deliver MPI latencies as low as 2.1 microseconds, with consistency, bandwidth, and message rates in line with bare-metal InfiniBand deployments.

Cloud HPC scaling achievement

As part of early acceptance testing, the Azure HPC team benchmarked many widely used HPC applications. One common class of applications are those that simulate computational fluid dynamics (CFD). To see how far HB-series VMs could scale, we selected the Le Mans 100 million cell model available to Star-CCM+ customers, with results as follows:

The Le Mans 100 million cell model scaled to 256 VMs across multiple configurations accounting for as many as 11,520 CPU cores. Our testing revealed that maximum scaling efficiency could be had with two MPI ranks per NUMA domain yielding a top-end scaling efficiency of 71.3 percent efficiency. For top-end performance, three MPI ranks per NUMA domain yielded the fastest overall performance. Customers can choose which metric they find most valuable based on a wide variety of factors.

Delighting HPC customers on Azure

The unique capabilities and cost-performance of HB-series VMs are a big win for scientists and engineers who depend on high-performance computing to drive their research and productivity to new heights. Organizations spanning aerospace, automotive, defense, financial services, heavy equipment, manufacturing, oil & gas, public sector academic, and government research have shared feedback on how the HB-series has increased product performance and provided new insights through detailed simulation models.

Rescale partners with Azure to provide HPC resources for computationally complex simulations and analytics. Launching today, Azure Virtual Machine HB-series VM can be consumed through Rescale’s ScaleX® as the new “Amber” compute resource.

“As the only fully managed HPC cloud service in the market, Rescale creates an elegant way to move on-premises HPC workloads to the cloud. We have been waiting with great anticipation for Microsoft to introduce cloud building blocks specifically engineered for HPC,” said Adam McKenzie, CTO of Rescale. “Now, new HB-series VMs on Azure enable MPI workloads to scale to tens of thousands of cores with the kind of cost-performance that rivals on-premises supercomputers”

Available now

Azure Virtual Machine HB-series are currently available in South Central US and Western Europe, with additional regions rolling out soon.

Find out more about high performance computing (HPC) in Azure
Learn about Azure Virtual Machines

7 May 2019
By editor
Categories: Announcements, Azure, Virtual Machines

Introducing new product innovations for SAP HANA, Expanded AI collaboration with SAP and more

For many enterprises modernizing ERP systems is key to achieving their digital transformation goals. At Microsoft we are committed to supporting our customers by offering the single best infrastructure choice that exists for SAP HANA, bar none.

In terms of raw capabilities we not only have the largest number of SAP HANA-certified offerings (25 configurations that span virtual machines and purpose-built bare metal instances from 192GB to 24TB), but also the widest footprint of regions with SAP HANA certified infrastructure (26 with plans to launch 8 more by end of 2019). We also support some of the largest deployments of SAP HANA in the public cloud, such as CONA Services.

We, in partnership with SAP, are very happy to announce multiple enhancements to SAP on Azure at SAPPHIRE NOW. We will offer our customers even more choices in infrastructure giving them greater VM memory, even more options around bare metal instances and business continuity.

In addition to this we are announcing deeper integration between SAP and Azure around AI, data protection and identity integration. These integrations will help our joint customers accelerate their digital transformation with the power of the cloud.

Here’s what’s new:

6 TB and 12 TB VMs for SAP HANA: Azure’s Mv2 VM series will be available on May 13, offering virtual machines with up to 6TB RAM on a single VM. This is by far the largest-memory SAP HANA-certified configuration offered on any virtual machine in the public cloud. 6TB Mv2 VMs will be generally available and production certified in U.S. East and U.S. East 2 regions. U.S. West 2, Europe West, Europe North and Southeast Asia regions will be available in the coming months.
In addition, 12TB Mv2 VMs will become available and production certified for SAP HANA in Q3 2019. With this, customers with large-scale SAP HANA deployments can take advantage of the agility offered by Azure Virtual Machines to speed SAP release cycles by spinning up dev/test systems in minutes and simplify operational processes with Azure’s integrated tools for automated patching, monitoring, backup and disaster recovery.
Largest Bare Metal Instance with Intel Optane for SAP HANA: In Q4 2019 we plan to launch the largest Intel Optane optimized bare metal instances in the cloud with our SAP HANA on Azure Large Instances, including general availability of a 4 socket, 9TB memory instance and a preview of an 8 socket, 18TB memory instance. These instances enable customers to benefit from faster load times for SAP HANA data in case of a restart, offering lower Recovery Time Objective (RTO) and a reduced TCO. To learn more, please get in touch with your Microsoft representative.
Integration of Azure AI in SAP’s digital platform: SAP’s machine learning capabilities will leverage Azure Cognitive Services containers in preview for face recognition and text recognition. By deploying Cognitive Services in containers, SAP will be able to analyze information closer to the physical world where the data resides and deliver real-time insights and immersive experiences that are highly responsive and contextually aware.
“SAP’s Machine Learning team is working with Microsoft Azure Cognitive services team to augment its own portfolio of home grown and partner services by leveraging the containerized Vision and Text Recognition services for solving identity validation and text understanding use cases.” – Dr. Sebastian Wieczorek, VP, Head of SAP Leonardo Machine Learning Foundation
SAP Data Custodian on Microsoft Azure is now available: In September 2018, we announced our intent to make SAP Data Custodian, a SaaS offering, available on Microsoft Azure. We deliver on that promise today. Together, SAP and Microsoft offer unprecedented levels of data governance and compliance for our joint customers. Additionally, Microsoft will be a beta customer for SAP Data Custodian for our implementation of SAP SuccessFactors on Azure. For more information, you can read this blog from SAP.
Managed business continuity with Azure Backup for SAP HANA: Azure Backup support for SAP HANA databases is now in public preview. With this, customers can manage large-scale SAP HANA implementations with no infrastructure for backup. For more information, please refer to the Azure Backup for SAP HANA documentation.
Simplified integrations with Logic Apps connector for SAP: Today, the Logic Apps connector for SAP ECC and SAP S/4HANA is generally available for all customers. Azure Logic Apps is an integration platform-as-a-service offering connectors to 250+ applications and SaaS services. With this, customers can dramatically reduce time to market for integrations between SAP and best-in-class SaaS applications. For more information, check out our Logic Apps SAP connector documentation.
Boosted productivity and enhanced security with Azure Active Directory and SAP Cloud Platform: Today, Standards-based integration between Azure Active Directory and SAP Cloud Platform is in preview, enabling enhanced business security and experience. For example, when using SAP Cloud Platform Identity Provisioning and Identity Authentication Services, customers can integrate SAP SuccessFactors with Azure Active Directory and ensure seamless access to SAP applications such as SAP S/4HANA, improving end-user productivity while meeting enterprise security needs.

Customers benefiting from SAP on Azure

With more than 90% of the Fortune 500 using Microsoft Azure and SAP, our 25-year partnership with SAP has always been about mutual customer success. We are confident the announcements made today will help customers using SAP on Azure grow and innovate even more than they already are: Forrester’s Total Economic Impact Study found that SAP customers on Azure, on average, can realize an ROI of 102% with a payback in under nine months from their cloud investments.

Here are five reasons SAP customers increasingly choose Azure for their digital transformation, and some customers who are benefitting:

Business agility: With Azure’s on-demand SAP certified infrastructure, customers can speed up dev/test processes, shorten SAP release cycles and scale instantaneously on demand to meet peak business usage. Daimler AG sped up procurement processes to deliver months faster than would have been possible in its on-premises environment. It powers 400,000 suppliers worldwide by moving to SAP S/4HANA on Azure’s M-series virtual machines.
Efficient insights: Dairy Farmers of America migrated its fragmented IT application landscape spread across 18 data centers, including mission critical SAP systems over to Azure. It leverages Azure Data Services and PowerBI to enable remote users easily access SAP data in a simplified and secure manner.
Real-time operations with IoT: Coats, a world leader in industrial threads, migrated away from SAP on Oracle to SAP HANA on Azure several years ago, enabling Coats to optimize operations with newer IoT-driven processes. With IoT monitoring, Coats now predicts inventory, manufacturing and sales trends more accurately than ever before.
Transforming with AI: Carlsberg, a world leader in beer brewing, migrated 80% of its enterprise applications to Microsoft Azure, including mission critical SAP apps. By leveraging Azure AI and sensors from research universities in Denmark, Carlsberg’s Beer Fingerprinting Project enabled them to map a flavor fingerprint for each sample and reduce the time it takes to research taste combinations and processes by up to a third, helping the company get more distinct beers to market faster.
Mission-critical infrastructure: CONA Services, the services arm for Coca-Cola bottlers, chose Azure to run its 24 TB mission critical SAP BW on HANA system on Azure’s purpose-built SAP HANA Infrastructure, powering 160,000 orders a day, which represents an annual $21B of net sales value.

Over the past few years, we have seen customers across all industries and geographies running their mission critical SAP workloads on Azure. Whether it’s customers in Retail such as Co-op and Coca-Cola, Accenture and Malaysia Airlines in services or Astellas Pharma and Zeullig Pharma in Pharmaceuticals, Rio Tinto and Devon Energy in Oil & Gas, SAP on Azure helps businesses around the world with their digital transformation.

If you are at SAPPHIRE NOW, drop by the Microsoft booth #729 to learn about these product enhancements and to experience hands-on demos of these scenarios.

2 May 2019
By editor
Categories: Azure, Azure Marketplace, Big Data, Cloud Strategy, Virtual Machines

Azure Stack IaaS – part seven

If you do it often, automate it

In the virtualization days, before cloud and self-service, it took a while to get all the approvals, credentials, virtual LANs (VLANs), logical unit numbers (LUNs), etc. It took so long, that the actual creation part was easy. When cloud came along with self-service, not only was it easier to create a virtual machine (VM) without relying on others, but it changed our thinking about whether VMs were precious or disposable. At the same time developers were moving to a world of continuous delivery to serve their customers who expect apps with a constant stream of new features. This is the reason all real clouds provide automation APIs to quickly create VMs and other resources, including the infrastructure they rely on. This is often called “Infrastructure as code.” Azure’s API is governed by the Azure Resource Manager (ARM). When you set up Azure Stack, you get your own private instance of ARM.

In this blog post I will cover the automation options in your Cloud IaaS toolkit.

Azure portal

The best place to learn this is from first completing a VM deployment through the portal. Azure Stack provides the same portal as Azure. When you get to the last confirmation page, click the Download Template link. This will show you the template that will be used to deploy the VM you just specified on the previous screens.

As you look through the template – which is in JSON format – you can see how the virtual machine, network, and storage is defined. You’ll see an OS profile and hardware profile for your VM. Using this template, you could deploy this same VM over and over. This is perfect if you’re helping your developers with Continuous Integration and Delivery (CI/CD).

One thing about an ARM template is it is not a procedural script like you might get with standard automation tools. This template creates the resources as a single deployment transaction. ARM will either get to the goal state or the deployment will fail. If it fails, you have a chance to fix failure condition and move forward or delete the deployment and start over. This way you don’t get something other than what you specify.

Once you save your template, you can redeploy it in the portal, using the Template deployment item in the marketplace:

Learn more:
Azure Resource Manager overview
Quickstart: Create templates using the Azure Portal
Deploy resources in the portal using a custom template

Visual Studio and Visual Studio Code

Visual Studio can be scary for an infrastructure person, but if you can master some simple things, you can really help your team down the road of automation. The biggest thing that Visual Studio provides is the real-time feedback that you’re authoring the ARM JSON template correctly in terms of syntax. You don’t get this in Notepad. Get started by creating a new Azure Resource Group project:

A great way to start authoring a template is to use Quickstart templates. Azure Stack has a number of Quickstart templates you can use. When you start your new project in Select Azure Template, pick Azure Stack Quickstart from the drop-down list.

Visual Studio not only helps you author the template, it allows you to deploy the template directly to Azure Stack. When you sign into Visual Studio, all of your subscriptions in both Azure and Azure Stack show up as deployment targets. Since I use a number of Azure Stack environments, I have lots of deployment options:

Another way to create these templates is in Visual Studio Code. The ARM template is a JSON file, so you need a good lightweight authoring tool to work on the JSON file. Visual Studio Code (VS Code) is a great option.

After installing VS Code, you need to add the Azure Resource Manager Tools extension. This extension adds many features that simplify template authoring that help you manage variables, parameters, and resource blocks with features like including formatting and color coding. Check it out in the image below:

Learn more:
Install Visual Studio and Connect to Azure Stack
Deploy templates to Azure Stack using Visual Studio
Create a template in Visual Studio
Create a template in Visual Studio Code

PowerShell and Azure command-line interface

The Portal and Visual Studio are both deployment options for your template. PowerShell and the Azure command-line interface (CLI) are two other options. Since Azure Stack is your own private instance of the Azure Resource Manager, you need to connect to your unique instance.

To connect to Azure Stack with PowerShell, use the Add-AzureRMEnvironment cmdlet, specifying the ARM endpoint for your environment. Depending on how your Azure Stack environment has been set up, you will either authenticate using your Azure Active Directory credentials or your organization’s Azure Directory (referred to in the documentation as ADFS).

Azure CLI is Microsoft’s cross-platform command-line experience for managing Azure resources. It works on Mac, Linux, and Windows. In Azure you can run the CLI in Cloud Shell. You can use Azure CLI to connect to Azure Stack and deploy IaaS templates. Just like PowerShell, you need to first connect to your Azure Stack’s unique ARM endpoint. For CLI you use the az cloud register command. To deploy your ARM template you use the az group deployment create command.

Please note: We have not implemented Cloud Shell on Azure Stack yet. Cloud Shell allows you to run the Azure CLI directly inside your browser. If you would like to see this, make sure you put in a vote on Azure Cloud Shell UserVoice.

Learn more:
Install PowerShell for Azure Stack
Connect to Azure Stack with PowerShell
Deploy in Azure Stack with PowerShell
Use Azure CLI on Azure Stack
Deploy Azure Resource Manager Templates with Azure CLI

The cloud is for automation

The more people use clouds like Azure and Azure Stack, the less they use the portal and the more they use automation. There is an automation option in Azure and Azure Stack for all your needs. Say goodbye to virtualization and say hello to Cloud IaaS with your automation toolkit.

In this blog series

We hope you come back to read future posts in this blog series. Here are some of our past and upcoming topics:

Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform
Start with what you already have
Fundamentals of IaaS
Protect your stuff
Do it yourself
Pay for what you use
Build on the success of others
Journey to PaaS

3 Apr 2019
By editor
Categories: Azure, Database, Virtual Machines

Self-service exchange and refund for Azure Reservations

Azure Reservations provide flexibility to help meet your evolving needs. You can exchange a reservation for another reservation of the same type, and you can refund a reservation if you no longer need it.

Exchange an existing reserved instance

You start the exchange in the Azure portal with Azure Reservations.

1. Select the reservations that you want to refund and choose Exchange.

2. Select the SKU you want to purchase and provide quantity. Make sure that the new purchase total is more than the return total. Determine the right size before you purchase.

3. Review and complete the transaction.

For refunding a reservation, go to reservation details and select Refund.

How the return and exchange transactions are processed

First, Microsoft cancels the existing reservation and refunds the pro-rated amount for that reservation. If there is an exchange, the new purchase is processed. Microsoft processes refunds using one of the following methods, depending on your account type and payment method:

Refund processing for enterprise agreement customers

If the original purchase was made using a monetary commitment, then the money is added back to the monetary commitment for both exchange and refunds. Any overage invoices since the original purchase are re-opened and re-rated to make sure that the monetary commitment is used. If the monetary commitment term using the reservation was purchased and is no longer active, then credit will be added to your current enterprise agreement monetary commitment term.

If the original purchase was made as overage, we issue a credit memo.

Refund processing for pay-as-you-go customers with invoice payment method and Cloud solution provider program

The original reservation purchase invoice is cancelled and then a new invoice is created for the refund. For exchange the new invoice has both the refund and the new purchase. The refund amount is adjusted against the purchase. If you only refunded a reservation, then the prorated amount stays with Microsoft and it is adjusted against a future reservation purchase.

Refund processing for pay-as-you-go customers who use credit card payment method

The original invoice is cancelled and a new invoice is created. The money is refunded to the credit card that was used for the original purchase. If you’ve since changed your card, please contact support.

Exchange policies

You can return multiple existing reservations to purchase a new reservation of the same type. You can’t exchange reservations of one type for another. For example, you can’t return a virtual machine (VM) reservation to purchase a SQL reservation.
Only reservation order owners can process an exchange. Learn how to add or change users who can manage a reservation.
An exchange is processed as a refund and repurchased, different transactions are created for the cancellation and the new purchase. The pro-rated reservation amount is refunded for the reservations that you trade-in. You are charged fully for the new purchase. The pro-rated reservation amount is the daily pro-rated residual value of the reservation being returned.
Reservations can be exchanged or refunded even if the enterprise agreement using which the reservation was purchased has expired and has since renewed into a new enterprise agreement.
You can change any reservation property such as size, region, quantity, and term with the exchange.
The new purchase total should equal or be greater than the returned amount.
The new reservation purchased as part of exchange has a new term starting from the time of exchange.
There is no penalty or annual limits for exchanges.

Refund policies

Your total refund is subject to a maximum amount within a 12-month rolling window. To learn more, refer to our refund policies.
Only reservation order owners can process a refund. Learn how to add or change users who can manage a reservation.
Microsoft reserves the right to charge a 12 percent penalty for any returns, although the penalty is not currently charged.

Exchanging a reservation purchased for a VM size that doesn’t support premium storage for VM size that supports premium storage

In order to exchange reservations purchased from VM sizes that don’t support premium storage, to corresponding VM sizes that do support premium storage, go to the reservation details and select Exchange. Such an exchange doesn’t reset the term of the reserved instance or lead to a new transaction.

21 Mar 2019
By editor
Categories: Azure, Management, Updates, Virtual Machines

Windows Virtual Desktop now in public preview on Azure

We recently shared the public preview of the Windows Virtual Desktop service on Azure. Now customers can access the only service that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes, while enjoying built-in security and compliance.

This means customers can now virtualize using multi-session Windows 10, Windows 7, and Windows Server desktops and apps (RDS) to Windows Virtual Desktop for a simplified management and deployment experience with Azure. We also built Windows Virtual Desktop as an extensible solution for our partners, including Citrix, Samsung, and Microsoft Cloud Solution Providers (CSP).

Access to Windows Virtual Desktop is available through applicable RDS and Windows Enterprise licenses. With the appropriate license, you just need to set up an Azure subscription to get started today. You can choose the type of virtual machines and storage you want to suit your environment. You can optimize costs by taking advantage of Reserved Instances with up to a 72 percent discount and using multi-session Windows 10.

You can read more detail about Windows Virtual Desktop in the Microsoft 365 blog published today by Julia White and Brad Anderson.

Get started with the public preview today.

21 Mar 2019
By editor
Categories: Azure, Azure Marketplace, Cloud Strategy, IT Pro, Virtual Machines

Azure Stack IaaS – part five

Self-service is core to Infrastructure-as-a-Service (IaaS). Back in the virtualization days, you had to wait for someone to create a VLAN for you, carve out a LUN, and find space on a host. If Microsoft Azure ran that way, we would have needed to hire more and more admins as our cloud business grew.

Do it yourself

A different approach was required, which is why IaaS is important. Azure’s IaaS gives the owner of the subscription everything they need to create virtual machines (VMs) and other resources on their own, without involving an administrator. To learn more visit our documentation, “Introduction to Azure Virtual Machines” and “Introduction to Azure Stack virtual machines.”

Let me give you a few examples that show Azure and Azure Stack self-service management of VMs.

Deployment

Creating a VM is as simple as going through a wizard. You can create the VM by specifying everything needed for the VM in the “Create virtual machine” blade. You can include the operating system image or marketplace template, the size (memory, CPUs, number of disks, and NICs), high availability, storage, networking, monitoring, and even in guest configuration.

Learn more by visiting the following resources:

Daily operations

That’s great for deployment, but what about later down the road when you need to quickly change the VM? Azure and Azure Stack have you covered there too. The settings section of the VM allows you to make changes to networking, disks, size CPUs, memory, and more, in-guest configuration extensions and high availability.

One thing that was always a pain in the virtualization days was getting the right firewall ports open. Now you can manage this on your own without waiting on the networking team. In Azure and Azure Stack firewall rules are called network security groups. This can all be configured in a self-service manner as shown below.

Learn more about managing Azure VMs firewall ports by visiting our documentation, “How to open ports to a virtual machine with the Azure portal.”

Disks and image self-service is important too. In the virtualization days this was also a big pain point. I had to give these to my admin to get them into the system for usage. Fortunately, storage is self-service in Azure and Azure Stack. Your IaaS subscription includes access to both storage accounts and managed disks from where you can upload and download your disks and images.

You can learn more by visiting our documentation, “Upload a generalized VHD an use it to create new VMs in Azure” and “Download a Linux VHD from Azure.”

Managed disks also give you the option to create and export snapshots.

Find more information by visiting the following resources:

Other resources a VM owner can manage include load balancer configuration, DNS, VPN gateways, subnets, attach/detach disks, scale up/down, scale in/out, and so many other things it is astounding.

Support and troubleshooting

When there is a problem, no one wants to wait for someone else to help. The more tools you have to correct the situation the better. While operating one of the largest public clouds, the Azure IaaS team has learned what the top issues are facing customers and their support needs. To empower VM owners to solve these issues themselves, they have created a number of self-service support and troubleshooting features. Perhaps the most widely used is the Reset Password feature. Why wasn’t this feature around in the virtualization days?

Learn more by visiting our documentation, for re-setting access on an Azure Windows VM and re-setting access on an Azure Linux VM.

I need to mention a setting that has prevented me from creating a support problem because of my absentmindedness. It is the Lock feature. A lock can prevent any change or deletion on a VM or any other resource.

Learn more about locking VMs and other Azure resources by visiting our documentation, “Locking resources tp prevent unexpected changes.”

Other useful troubleshooting and support features include re-deploying your VM to another host if you suspect your VM is having problems on the host it is currently on, checking boot diagnostics to see the state of the VM before it fully boots and is ready for connections, and reviewing performance diagnostics. As we learn and build these features in Azure, they eventually find their way to Azure Stack so that your admins don’t have to work so hard to support you.

Learn more by visit our documentation, “Troubleshooting Azure Virtual Machines.”

Happy infrastructure admins

When you can take care of yourself, your admins can manage the underlying infrastructure without being interrupted by you. This means they can work on the things important to them and you can focus on what is important to you.

In this blog series

We hope you come back to read future posts in this series. Here are some of our planned upcoming topics:

Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform
Start with what you already have
Foundation of Azure Stack IaaS
Protect your stuff
Pay for what you use
It takes a team
If you do it often, automate it
Build on the success of others
Journey to PaaS

12 Mar 2019
By editor
Categories: Azure, Azure Marketplace, Hybrid, Storage, Backup & Recovery, Virtual Machines

Azure Stack IaaS – part four

Protect your stuff

In this post, we’ll cover the concepts and best practices to protect your IaaS virtual machines (VMs) on Azure Stack. This post is part of the Azure Stack Considerations for Business Continuity and Disaster Recovery white paper.

Protecting your IaaS virtual machine based applications

Azure Stack is an extension of Azure that lets you deliver IaaS Azure services from your organization’s datacenter. Consuming IaaS services from Azure Stack requires a modern approach to business continuity and disaster recovery (BC/DR). If you’re just starting your journey with Azure and Azure Stack, make sure to work through a comprehensive BC/DR strategy so your organization understands the immediate and long-term impact of modernizing applications in the context of cloud. If you already have Azure Stack, keep in mind that each application must have a well-articulated BC/DR plan calling out the resiliency, reliability, and availability requirements that meet the business needs of your organization.

What Azure Stack is and what it isn’t

Since launching Azure Stack at Ignite 2017, we’ve received feedback from many customers on the challenges they face within their organization evangelizing Azure Stack to their end customers. The main concerns are the stark differences from traditional virtualization. In the context of modernizing BC/DR practices, three misconceptions stand out:

Azure Stack is just another virtualization platform

Azure Stack is delivered as an appliance on prescriptive hardware co-engineered with our integrated system partners. Your focus must be on the services delivered by Azure Stack and the applications your customers will deploy on the system. You are responsible for working with your applications teams to define how they will achieve high availability, backup recovery, disaster recovery, and monitoring in the context of modern IaaS, separate from infrastructure running the services.

I should be able to use the same virtualization protection schemes with Azure Stack

Azure Stack is delivered as a sealed system with multiple layers of security to protect the infrastructure. Constraints include:

Azure Stack operators only have constrained administrative access to the system. Elevated access to the system is only possible through Microsoft support.
Scale unit nodes and infrastructure services have code integrity enabled.
At the networking layer, the traffic flow defined in the switches is locked down at deployment time using access control lists.

Given these constraints, there is no opportunity to install backup/replication agents on the scale-unit nodes, grant access to the nodes from an external device for replication and snapshotting, or physically attach external storage devices for storage level replication to another site.

Another ask from customers is the possibility of deploying one Azure Stack scale-unit across multiple datacenters or sites. Azure Stack doesn’t support a stretched or multi-site topology for scale-units. In a stretched deployment, the expectation is that nodes in one site can go offline with the remaining nodes in the secondary site available to continue running applications. From an availability perspective, Azure Stack only supports N-1 fault tolerance, so losing half of the node count will take the system offline. In addition, based on how scale-units are configured, Azure Stack only supports fault domains at a node level. There is no concept of a site within the scale-unit.

I am not deploying modern applications in Azure, none of this applies to me

Azure Stack is designed to offer cloud services in your datacenter. There is a clear separation between the operation of the infrastructure and how IaaS VM-based applications are delivered. Even if you’re not planning to deploy any applications to Azure, deploying to Azure Stack is not “business as usual” and will require thinking through the BC/DR implications throughout the entire lifecycle of your application.

Define your level of risk tolerance

With the understanding that Azure Stack requires a different approach to BC/DR for your IaaS VM-based applications, let’s look at the implications of having one or more Azure Stack systems, the physical and logical constructs in Azure Stack, and the recovery objectives you and your application owners need to focus on.

How far apart will you deploy Azure Stack systems

Let’s start by defining the impact radius you want to protect against in the event of a disaster. This can be as small as a rack in a co-location facility or an entire region of a country or continent. Within the impact radius, you can choose to deploy one or more Azure Stack systems. If the region is large enough you may even have multiple datacenters close together, each with Azure Stack systems. The key takeaway is that if the site goes offline due to a disaster or catastrophic event, there is no amount of redundancy that will keep the Azure systems online. If your intent is to survive the loss of an entire site as the diagram below shows, then you must consider deploying Azure Stack systems into multiple geographic locations separated by enough distance so a disaster in one location does not impact any other locations.

Help your application owners understand the physical and logical layers of Azure Stack

Next it’s important to understand the physical and logical layers that come together in an Azure Stack environment. The Azure Stack system running all the foundational services and your applications physically reside within a rack in a datacenter. Each deployment of Azure Stack is a separate instance or cloud with its own portal. The diagram below shows the physical and logical layering that’s common for all Azure Stack systems deployed today and for the foreseeable future.

Define the recovery time objectives for each application with your application owners

Now that you have a clear understanding of your risk tolerance if a system goes offline, you need to decide the protection schemes for your applications. You need to make sure you can quickly recover applications and data on a healthy system. We’re talking about making sure your applications are designed to be highly available within a scale-unit using availability sets to protect against hardware failures. In addition, you should also consider the possibility of an application going offline due to corruption or accidental deletion. Recovery can be as simple as scaling-out an application or restoring from a backup.

To survive an outage of the entire system, you’ll need to identify the availability requirements of each application, where the application can run in the event of an outage, and what tools you need to introduce to enable recovery. If your application can run temporarily in Azure, you can use services like Azure Site Recovery and Azure Backup to protect your application. Another option is to have additional Azure Stack systems fully deployed, operational, and ready to run applications. The time required to get the application running on a secondary system is the recovery time objective (RTO). This objective is established between you and the application owners. Some application owners will only tolerate minimal downtime while others are ok with multiple days of downtime if the data is protected in a separate location. Achieving this RTO will differ from one application to another. The diagram below summarizes the common protection schemes used at the VM or application level.

In the event of a disaster, there will be no time to request an on-demand deployment of Azure Stack to a secondary location. If you don’t have a deployed system in a secondary location, you will need to order one from your hardware partner. The time required to deliver, install, and deploy the system is measured in weeks.

Establish the offerings for application and data protection

Now that you know what you need to protect on Azure Stack and your risk tolerance for each application, let’s review some specific patterns used with IaaS VMs.

Data protection

Applications deployed into IaaS VMs can be protected at the guest OS level using backup agents. Data can be restored to the same IaaS VM, to a new VM on the same system, or a different system in the event of a disaster. Backup agents support multiple data sources in an IaaS VM such as:

Disk: This requires block-level backup of one, some, or all disks exposed to the guest OS. It protects the entire disk and captures any changes at the block level.
File or folder: This requires file system-level backup of specific files and folders on one, some, or all volumes attached to the guest OS.
OS state: This requires backup targeted at the OS state.
Application: This requires a backup coordinated with the application installed in the guest OS. Application-aware backups typically include quiescing input and output in the guest for application consistency (for example, Volume Shadow Copy Service (VSS) in the Windows OS).

Application data replication

Another option is to use replication at the guest OS level or at the application level to make data available in a different system. The replication isn’t offloaded to the underlying infrastructure, it’s handled at the guest OS or above. One example is applications like SQL support asynchronous replication in a distributed availability group.

High availability

For high availability, you need to start by understanding the data persistence model of your applications:

Stateful workloads write data to one or more repositories. It’s necessary to understand which parts of the architecture need point-in-time data protection and high availability to recover from a catastrophic event.
Stateless workloads on the other hand don’t contain data that needs to be protected. These workloads typically support on-demand scale-up and scale-down and can be deployed in multiple locations in a scale-out topology behind a load balancer.

To support application level high availability within an Azure Stack system, multiple virtual machines are grouped into an availability set. Applications deployed in an availability set sit behind a load balancer that distributes incoming traffic randomly among multiple virtual machines.

Across Azure Stack systems, a similar approach is possible with the following differences; The load balancer must be external to both systems or in Azure (i.e. Traffic Manager). Availability sets do not span across independent Azure Stack systems.

Conclusion

Deploying your IaaS VM-based applications to Azure and Azure Stack requires a comprehensive evaluation of your BC/DR strategy. “Business as usual” is not enough in the context of cloud. For Azure Stack, you need to evaluate the resiliency, availability, and recoverability requirements of the applications separate from the protection schemes for the underlying infrastructure.

You must also reset end user expectations starting with the agreed upon SLAs. Customers onboarding their VMs to Azure Stack will need to agree to the SLAs that are possible on Azure Stack. For example, Azure Stack will not meet the stringent zero data loss requirements required by some mission critical applications that rely on storage level synchronous replication between sites. Take the time to identify these requirements early on and build a successful track record of onboarding new applications to Azure Stack with the appropriate level of protection and disaster recovery.

Learn more

In this blog series

We hope you come back to read future posts in this series. Here are some of our planned upcoming topics:

Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform
Start with what you already have
Foundation of Azure Stack IaaS
Do it yourself
Pay for what you use
It takes a team
If you do it often, automate it
Build on the success of others
Journey to PaaS