Have you played with Azure IaaS yet? Microsoft has made it very easy to learn this new technology. In recent years, many CIO’s cloud strategy included moving their email to the cloud. I predict that once CIO’s investigate the new Azure IaaS (Launched April 16th) they will include this as the next step of their cloud roadmap. Based on my exposure to Azure IaaS, it is ready for prime time. Having said that, there are still scenarios where it will make sense to maintain a private cloud. See the feature request section in the bottom of this blog post for more information.
Here are two ways you can get started with evaluating Azure IaaS.
If you have an MSDN account, you can activate an Azure IaaS subscription and get free hosting for Virtual Machines in the Public Cloud among many other things including Mobile Services, Web Sites, Storage, Content Delivery Network, SQL Database, SQL Reporting, Service Bus, Backup, Media Services Encoding and Caching each month at no charge. MSDN customers can use these Windows Azure subscriptions for commercial use. (Applies to Visual Studio Professional, Premium or Ultimate MSDN subscribers). This amounts to $4,200 in Annual Savings.
Click here for more information:
The Azure Account Portal provides detailed analysis of how much consumption you are using versus what is included in the MSDN benefits. Handy!
What’s even nicer is the spending limit feature. This prevents you from ever getting charged (if this is what you want). You can always remove the spending limit and pay for any usage over the 750 hours.
Microsoft is offering Azure IaaS FREE for 90 days. Try it out!
There is a wealth of information about Azure if you just look for it. Some of the videos I have found helpful are the Channel 9 videos here:
Why Azure IaaS?
If you missed my last blog post, it is now 40% less expensive to host your Virtual Machines in Microsoft’s public cloud than it is in your own Co-location facility.
So why wouldn’t you start considering Azure IaaS for Development and/or Disaster Recovery environments? That is a great way to get started with Azure IaaS.
It’s FUN. Learning new technology is a blast. Microsoft has created a very slick HTML5 web site to manage the whole thing and if nothing else you should check out how the latest web technologies are being used to manage a massively large multi-tenant public cloud. Very cool.
One cool thing I like about the new Azure IaaS is that you can create a Hybrid topology, connecting your private and public clouds with a Site to Site VPN, or a point to Site VPN. Officially, Cisco and Juniper firewalls are required but I was able to configure my Watchguard XTM520 Firewall to connect with little effort. You can also use Windows Server 2012 RRAS to create a software-based VPN tunnel per this blog post:
You can do fairly robust remote management with PowerShell as well.
1) The first improvement I would recommend would be to allow the purchase of additional IPv4 addresses on the Cloud Service. Currently, you get one IPv4 Public IP per Cloud Service. If you have more than one VM in the same cloud service, and they both need to listen on port 80, you need to move the 2nd VM to its own separate cloud service. I assume that as the world embraces IPv6, this limitation will erode away as IPv6 addresses will be in abundant supply. A valid work-around is to put both VM’s onto the same Virtual Net, and that allows them to communicate with one another without having to be in the same cloud service, thus allowing each VM to have its own dedicated public IP.
2) The other request is for Role Based Access Control (RBAC). Larger IT organizations will want VM’s to communicate with each other on the same VLAN for network performance reasons while at the same time limiting who can have console access to particular virtual machines. Currently, if you are granted access to an Azure subscription, you have console access to all VM’s. Granted, you would need the username/password to actually logon, but it would still be possible for an administrator to shut down VM’s owned by someone else unless RBAC was added to Azure IaaS or you work-around this issue by creating a separate IaaS subscription for each unique department or group that needs isolation. Having splintered subscriptions can be a challenge in a hybrid scenario because that would add more overhead and administration for the firewall/security team as they would need to design a separate routable IP space and VPN tunnel for each separate subscription. For smaller shops, this is not a problem, but for companies with more than a few hundred servers this could pose a real challenge to manage.