TechEd NA 2014 – Building Highly Available and Scalable Applications in Microsoft Azure

TechEd North America 2014, Houston
Building Highly Available and Scalable Applications in Microsoft Azure – Stephen Malone, Narayan Annamalai

Day 1, 12 May 2014, 1:15PM-2:30PM (DEV-B311)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Azure Traffic Manager
    • Routes to appropriate region, depending on where user is located
    • Automatic failover, if region goes down
    • Configure things using Powershell
    • Can now include non-Azure endpoints in policy
  • Use PaaS when you can, IaaS when you have to
  • Lots of flexibility when creating/configuring virtual networks

Full video

Stephen Malone – Program Manager, Microsoft

Why Microsoft / Azure

  • Global footprint

Azure Network Stack

  • Network is glue that binds everything together for scale
  • Main building blocks that allow you to build scalable, secure services
  • Layers: Network services, Core SDN etc.


Azure Traffic Manager

  • Intelligent customer routing
  • Load balancing policies (profile types)
    • Performance – Direct user to closest service (based on latency)
    • Round-robin – Distribute equally
    • Failover – Direct to backup service if primary fails (also happens with other policies)

Automated failure detection and re-direction

  • Users hit servers in their own region
  • Service health monitoring
    • If something stops responding
    • Azure Traffic Manager automatically detects and re-routes user to “next best” service


How Azure Traffic Manager work?

  • DNS based global traffic management
  • Traffic Manager profile created with name, routing policy, and health monitoring configuration
  • Your domain name
  • CNAME to
  • Load-balancing, endpoint monitoring
  • Service instances (endpoints) added to Traffic Manager …


How it works

  • DNS look for web site you need
  • Name server for your name indicates that it’s CNAME
  • Hits DNS Server for traffic manager, with Policy Engine
  • Then to Traffic Manager

E.g. If there are three sites

  • Traffic Manager makes use of your particular policy (e.g. pick nearest service)
  • Then site picked and IP returned to client


New support for External Endpoints

  • Now support for non-Azure endpoints for all traffic manager policies
  • Full support for
    • Automated monitoring
    • Failure detection
    • End-user re-direction
  • Include endpoints from different Azure subscriptions in the same policy
  • Add redundancy for your on-premises service using Azure Traffic Manager
    • Great way to try out Azure – as backup
  • Include on-premises endpoints as scale units to achieve greater scale
    • Or as additional geo locations to improve performance for your end users
  • Enables burst to cloud scenarios transparently to end-user
    • Also can auto scale up within a region

Demo – External Endpoints

  • Create a new profile in Powershell
  • Then add endpoint to profile (e.g. U.S.)
  • Different domain name (e.g. or
  • Then show adding an external endpoint

Narayan Annamalai – Senior Program Manager, Azure

  • Will talk about how we can help you to scale

Build to scale

  • Regional Virtual Networks
    • Really picking up now

Virtual Network

  • Logical isolation with control over network
  • Create subnets with your private IP addresses
  • Stable and persistent private IP addresses
  • Bring your own DNS
  • Use Azure-provided DNS
    • VMs can register themselves with this DNS
  • Secure VMs with input endpoint ACLs

Typical multi-tier services

  • Composed of various services
  • They are interconnected, certain services having to talk to certain others


How you use

  • You can pick IP addresses for your VMs, within a virtual subnet that you create

Isolated and connected

  • Internet portal into one public IP
  • Then customer virtual network that acts as a private network
  • “Isolated private channel”
  • Use PaaS when you can; use IaaS when you have to
  • PaaS gives you some additional services (like auto-scaling)
  • All of these services can be part of the same virtual network
    • Brings IaaS and PaaS together

Regional scope

  • VNET spans to an entire region
  • Fully connected private and isolated network across datacenters
  • New services requiring specific SKUs A8, A9 can be added to same VNet –
    • Seamless expansion
  • Previously, VNet had to be within a single scale unit
  • Now, VNet can include multiple SKUs (in terms of scale)

Inter connected VNets

  • VNets can be connected thru secure Azure gateways
  • VNets can be in different subscriptions
  • VNets in same or across regions can be connected

Connecting to Multiple Sites

  • Multiple site-to-site connections
  • Multiple on-premises sites connect to same VNet
  • Sites may be geographically dispersed

Public facing Services

  • Every cloud service given public IP address (VIP) from Azure’s pool of address
  • Virtual machines, Web/Worker roles in cloud service can be accessed thru VIP using endpoints
  • Azure provides load balancing at no charge

Create endpoints

  • E.g. open port 80, run two instances behind it

Public Endpoint Access Control Lists

  • Can whitelist IPs, subnets, etc.
  • Can allow or deny various IPs

Internal load balancing (preview)

  • Load balancing between VMs w/o public facing endpoints
  • Two flavors
    • Private load balancing within cloud service
    • Or within VNet
  • Multi-tier applications with internal facing tiers require load balancing
    • Middle tier, DB backend not exposed to Internet
    • Load-balanced endpoints exposed only to CorpNet
    • Sharepoint, LOB Apps

Scenario – LOB Apps

  • Private, Sharepoint accessible from other VNets

IP reservation

  • Today, you get VIP assigned by Azure
  • When you re-deploy, you get different IP
  • Now, IP reservation
    • Reserve public IP addresses
    • Customers can own IP addresses and assign them to cloud services
    • Reserved IP can be used on any cloud service on the region
    • Current IP address on existing service can be reserved as well
    • Reserved IPs are customers to keep
  • Why do you need it?
    • Your service might talk to an external service that needs to be configured to whitelist your service
    • So your IP needs to remain static so that whitelist still works

Instance level public IPs (Preview)

  • Today, every cloud service gets VIP assigned by Azure
  • You must map from public VIP to port on VM for internal server
  • Now – Instance-level Public IPs
    • Assign public IPs to VMs
    • Direct reachability to VM, no endpoint required
    • Public IP used as the outgoing IP address
    • Enables scenarios like FTP services, external monitoring, etc.

Demo – Create VNet, etc.

  • Powershell very powerful when doing things on Azure
  • Some functions not available yet on portal, must use Powershell
  • Start with: Get-AzurePublishSettingsFile
  • Set-AzureVNetConfig
  • Reserve IP
    • New-AzureReservedIP, define by name
    • Then Get-AzureReservedIP – by name
  • Creating specific web sites (VMs)
  • Create VM on a specific Vmnet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s