Select Page

Azure IaaS – SLAs – Single VMs, Availability Sets and Availability Zones

You have some options in Azure when you want to have a financially backed SLA for your VM deployments. When you can go into a distributed model, you can get 99.95, when you can’t then you have the option of getting 99.9% SLA when you’re using Premium Disks. But what if I want more?

If you want more, then it’s going to cost you more but before we jump into solutions, let’s understand what the numbers mean and why we should care.

You probably heard of the N nines SLA; three nines, four nines, five, six. To explain what that means, down below we have an excellent table which illustrates to us what those numbers mean in actual downtime.

In Azure for IaaS deployment, we have to option of gaining a 99.9% and 99.95% SLA. 99.9% translates into an acceptable downtime of 8.45 hours per year while 99.95% translates in around 4.22 hours per year. Now does this mean that we will have 4 or 8 hours of downtime for all of our IaaS deployments? Of course not but it might happen, that’s why you need to take all the necessary precautions so that your business critical application stays online all the time. We didn’t have the option of receiving a financially backed SLA for single VMs until recently so this is a big plus.

Recently Microsoft announced to ignite the public preview of Availability Zones which boost the SLA number to 99.99%, lowering the downtime to around 52 minutes in a year. But what are they exactly?

Availability Zones are the actual datacenter in a single region. All regions start with three zones but you during this preview, you might not be able to deploy services to all of them. If we’re talking about West Europe, then this region has three data centers that are physically separated in all terms and purposes. In order for Microsoft to financially back you for 99.99% SLA all the datacenters in a region have different power, network, and cooling providers so that if something happens to said provider then you won’t have a full region downtime and they are also 30 KM apart from each other, so they are protected from physical faults as well.

With Availability Zones, they also released Zone aware SKUs for some services like the Standard Load Balancer and Standard Public IP. At the time of writing we have the possibility of deploying VMs, VMSS, Managed Disks and IPs in an Availability Zone and SQL DB, Cosmos DB, Web Apps and Application Gateway already span three zones.

If you want to benefit from the four nine SLA, then you either deploy directly into availability zones or you redeploy your VMs.

Reference Architecture:

As you can see from the above diagram, you need to use services that span zones, and after that, you need to deploy them in pairs just as you would do with Availability Sets. You clone your deployments, implement them in different zones, and you benefit from the 99.99% SLA.

*Preview Service: You have no guaranteed SLA while this service is in a preview. Once it goes GA, you will receive a financially backed SLA.

Achieving the SLA.

We have a couple of SLA numbers in our head, let’s now understand how to obtain them.

99.9% SLA- Single VMs – All your single VM deployments have to be backed by premium storage. That means that both the OS and Data disks have to be SSDs. We cannot mix and match and still qualify for the financially backed SLA. The best candidates for single VMs are the ones running relational databases or systems that cannot run in a distributed model. I wouldn’t recommend running web servers in single VM; you have App Services for that.

99.95% SLA – Availability Sets – All your distributed systems should run in Availability Sets to benefit from the 99.95% SLA and compared to single VM deployments, it doesn’t matter if you’re running Standard or Premium storage on them. AV Sets work nicely for Web Servers or other types of applications that are stateless or keep their state somewhere else. If your application has to keep its state on the actual VM, then your options are limited to the Load Balancer which can be set to have Sticky Sessions, but you will have problems in the long run. For stateful applications, it’s best to keep their state in a Redis Cache, Database or Azure Files Shares. This type of deployment works very well for most apps out there.

99.99% SLA – Availability Zones – This is the strongest SLA you can get at this time for your IaaS VMs. Availability Zones are similar in concept to the Availability Set deployment; you need to be aware of what candidates you’re deploying to the zones from an application standpoint and also from a financial standpoint. I’m saying financial because you need to use zone spanning services like the Standard SKU for the Public Load Balancer and Public IP. The standard Load Balancer is not free as the basic one, you pay for the number of load balancing rules you have, and you also pay for the data processed by it.

Financially backed SLA

Now that we have a basic understanding of SLAs, we have to understand what financially backed means regarding any cloud provider. When they say that the SLAs are financially supported, they mean that if something on the provider’s side causes an SLA breach, they will reimburse the running costs of the VM when the downtime occurred.
The formula looks like this:

Multiple VMs in Availability Sets
Monthly Uptime % = (Maximum Available Minutes-Downtime) / Maximum Available Minutes X 100

Maximum Available Minutes – This is the total number of runtime minutes for two or more VMs in a month.
Downtime – This is the total number of minutes where there was no connectivity on any of the VMs the AV Set.

This means that if the Monthly Uptime percentage is lower than 99.95%, you can ask Microsoft to grant you service credits.

Single VMs with Premium Storage

Monthly Uptime % = (Minutes in the Month – Downtime) / Minutes in the Month X 100

Minutes in a Month – Total number of minutes in a month.
Downtime – Total number of downtime minutes from the Minutes in a Month metric.

This means that if the calculated Monthly Uptime percentage is lower than 99.9%, then you can Microsoft to grant you service credits.

You might ask; How do I know that I had an SLA breach?

Well, you need to measure the uptime of your application. In the end, you might not care if one VM from your Availability set is down for say 10 minutes, but you will care if somebody calls you when the Website is down. You have multiple options out there to measure the availability of your application like UptimeRobot, Monitis, Pingdom, etc. You also have the possibility of doing measurements in Azure with Azure Monitor, but you’re not getting application uptime, so you need the best of both worlds to have an accurate view of the situation. I configure both because I want to know when something happens to a VM, and I also want to know if the application is up and healthy. The reason is that if you’re using say VMs and PaaS services, you need to know which one caused the downtime and if it was a human error. Microsoft will not pay for your mistakes, so you need to have self-healing systems in place to avoid human error. There are a lot of Configuration Management systems out there, systems like DSC / Chef / Puppet which ensure you that your configuration didn’t fail. Azure has Desired State Configuration integrated into it for example which grants you the ability to enforce states on VMs based on a configuration manifest.

That being said, gaining a financially backed SLA in Azure is not rocket science. I hope you obtained some useful information from this post 🙂

Have a good one!

Using Azure App Service for WordPress – What you need to know

What I think is pretty clear that we all know WordPress and have something to love or hate about it. I use for blogging, some friends are using it for small eCommerce, and I’ve seen companies use it for massive operations.

The problem with any website is that it needs to run on a web server for it to be available to the world and that brings up other issues.

When it comes to where to host it, there are a lot of options for hosting/deploying WordPress out there:
1. The possibility of hosting our blog on a shared WHM.
2. The choice of renting a VM and setting up a WHM / Cpanel environment to host it.
3. The option of paying for a “SaaS” like WordPress solution
4. Azure App Services

Today we will apparently talk about Windows / Linux App Services and what you need to know.

When it comes to App Services things might seem pretty clear. I provision an App Service, create a Web Site and deploy my WordPress into it. Simple no? Not really.

You have two flavours of App Services:
1. Windows
2. Linux (I wrote a blog post regarding Linux ones here)

You have to choose one of them because you do not have the possibility of switching between each other without redeploying your solution. The best thing you can do in my opinion is to go with the Linux offering because Apache or Nginx work much better with WordPress than IIS.

You chose an App Service flavour, what now?

Windows

Windows App Services run on IIS with PHP / Python / Java extensions. What you need to know.

When you first create the APP Service, you need to modify the application settings, so you have the best of the best performance out there.

Modify PHP version from 5.6 to 7.2 – You will get a significant performance boost just by modifying the PHP version.
Change the Platform to 64-bit – We are in 2017, let’s run everything on 64 bit shall we? 🙂
Set Always On to On – By default, web applications turn off if there’s no traffic on the website and when you initiate an HTTP connection it will have a cold start, and the first viewer will have to wait until the instance boots up. From a cost management standpoint, you’re not saving any money by having this option off so turning it to on it will maintain the website active even though you don’t have any traffic.
Set ARR Affinity to Off – WordPress is not a distributed application, and it’s quite hard to make it one. The option of turning off ARR will disable the feature in IIS and will speed up the loading time.

If you need to modify the PHP configuration of the Web Application, then you need to go into Kudu and add a “.user.ini” to site/wwwroot folder.

The most common settings for WordPress are the following:

Windows App Services persist local storage by leveraging Azure Files shares over SMB. So be aware of this “limitation” because Azure Files is slow (500 IOPS / 60MB/s)

Linux

Linux App Services are based on containers. You have the option of creating an App Service with pre-built binaries, or you can just bring your container from a container registry (Docker Hub / Azure Container Registry)

The prebuilt containers have the following Runtime stacks:
Node.Js
PHP
.NET Core
Ruby

The ones referenced above a starting point. I prefer creating my container because I have more control over the binaries that are inside the container and I like NGINX more than Apache.

The Azure marketplace has a WordPress image allows you to have a “one-click” deployment from which you can just import your current WordPress instance. This works nicely for migrations because you just need to move the content, database and other settings. For this kind of job, there are multiple plugins in the WordPress marketplace which allow you to do these types of migrations. The plugin that works best for me is: All in One WP Migration

If you create the instance using the one-click deployment, then most of the Application Settings are pre-populated, and you don’t quite need to do anything but if you’re like me and like creating your container with your stack then this is what you need to take into consideration.

Get the modified WP-Config file from here: WP-Config for App Services

Build your container image as you wish and then create the App Service for Linux and set the following Application settings:

Application Settings:

WEBSITES_ENABLE_APP_SERVICE_STORAGE = True
DATABASE_HOST
DATABASE_NAME
DATABASE_PASSWORD
DATABASE_USERNAME

Connection String:
defaultConnection = mysql connection string

WEBSITES_ENABLE_APP_SERVICE_STORAGE command is crucial for WordPress sites (or any other site that requires persistence) because this tells the App Service to mount the /home directory on Azure Files shares for persistence and scalability. Containers being stateless/immutable means that anything that happens inside it will be lost with the first restart.

General optimizations

WordPress works very nicely in VMs but when you’re deploying an instance in an Azure App Service things change a bit, and you need to do some optimisation for it to work great.

The tool that I use for checking and optimizing my WP blog is Google PageSpeed Insights which is great for desktop and mobile websites. It gives you suggestions on how to improve general performance, increase speed and have a lower time to first byte.

Some extensions I use, and I recommend for improving your WP Instance. (TEST BEFORE YOU USE)

Caching is extremly important so the extensions I recommend are:
WP Super Cache – Free
WP Rocket – Paid

If you want to leverage Azure Redis then you can use :
Redis Cache

For Minifying your code you can use:
Merge + Minify + Refresh

For finding issues with your WP instance, I recommend provisioning an Application Insights instance and install the WP extension. App Insights WordPress

Other more advanced ways of optimizing your instance are to use a CDN and Blob storage. Media files are better served by a CDN and not your App instance, this depends on a case by case scenario, and your mileage may vary. If your WP instance is image heavy then just by offloading those images to blob storage will greatly improve performance. Azure Blob Storage WP Plugin is something I used for clients and it works very well.

Have a good one!

Hosting a single container in Azure – Azure Container Instances

You’ve probably heard of containers and what you can do with them in some simple scenarios. Containers brought an exciting concept in application development and infrastructure management. Containerizing an application removes the ping-pong between Dev and Ops and the famous phrase “it works on my machine”. You get a docker file or the actual container image from a public/private repository and just run it. If it worked in the development environment, then it will work correctly in the staging and production environment without any changes.

The problem with containers is that they need to be hosted in a container orchestration system like Docker Swarm, DC/OS or Kubernetes. These systems are not cheap to run and not easy to maintain. If you have a significant application that requires a container orchestration tool then that’s a no-brainer but what if you need to run one single container for one hour because I need something processed and then I’m done? Well, you didn’t have any other possibility other than running it on your machine or in a container orchestrator, but recently Azure introduced a public preview of Azure Container Instances that allow you to run single containers at a per second billing.

Azure Container Instances

An Azure Container Instance is a single container that starts in seconds/minutes (depends if you’re using Linux or Windows) and you are billed by the second. You can pretty much call it a Container as a Service offering or CaaS 🙂

This concept is pretty sweet from multiple standpoints. I for one found some significant use cases for my needs. For example, when I’m doing workshops or training classes, I usually use VSTS to show off the possibilities of deploying applications to Azure. The problem I have is that the hosted agent free time is not enough for my preparation of demos and I usually spend some time setting up Windows and Linux agents. With ACI, I just create a Windows and Linux container with the agents and only deploy them from an Azure Container Registry or Docker Hub.

Another use case I found is web application load testing. I can just spin up a couple of containers and do load tests on my web application, pay for a minute of usage and be done with it.

I just thought of two useful things that you can do with ACI but that’s just the tip of the iceberg and at the moment they are preview which means MS is not done working on them and awesome stuff should appear soon 🙂
If you only have a 150$ Azure MSDN Subscription then you know that you have to do a lot of micro-management to just keep that credit when you’re doing presentations / workshops or training classes.

Getting started

Spinning up a container instance is extremely simple. You can either spin up an ACI by using the Azure Portal, or you can use the Azure CLI via the Cloud Shell to run some simple commands to provision your container.
If you’re using the Azure Portal, you go to new -> Search MarketPlace for Azure Container Instance -> Go through the steps where you reference a public or private registry, specify the amount of CPU and Memory you need and presto, DONE 🙂


The commands for doing it in the Azure CLI are like this:

Billing

This service looks great and sounds like a good idea for load testing, VSTS agents and other types of one-off things that you may need, but the billing is not straightforward. You have a flat fee for when you’re creating the container, and after that, you get billed by the second for the memory and CPU that you’re using.

I won’t reference pricing on this one because prices change but what I can say is that if you leave one running for a day, you will pay around 6 EUR which is not much 🙂

In my opininon ACI is a great Azure service addition and I’m waiting to find out what will Azure bring next 🙂

That being said, have a good one!

Running Linux web apps in Azure App Service

If we look at the statistics of Azure, we will see that most of the Virtual Machines that are deployed are running Linux. There’s a good reason as to why to run Linux applications, and I’m not going to cover that in this blog article. Today I will be talking about running Linux Web Applications in Azure’s App Services offering.

You may or may not know that Azure App Services run on IIS so in a nutshell, when you spin up an App Service and deploy a Web Application, you’re deploying that code using the same worker process with one application pool per website. So you’re not provisioning a single virtual machine to host your Web App instead you’re receiving space on an existing VM to host your application.

The main problem with App Services was that you could only host applications on IIS thus limiting your options. You have the possibility of running PHP or Java applications on IIS, but they wouldn’t be as performant as you would expect. Microsoft solved the problem by introducing Containers for Web Apps. You spin up a Linux App Service, and from there you deploy your application on an Apache solution (prebuilt) or a container built by you.

Why containers you might say?

Containers have been around for a long time, and they allow you to consistently run your application in any environment you want without having to say “It works on my machine”. API that was chosen to create, deploy, run containers is Docker. Most people call those containers as Docker Containers, but in reality, Docker is just the API that allows you to create/manage those containers. The main idea is that if you create a container that runs your web application without problems, then you can just take that container and deploy it anywhere because the code and all your dependencies are held in that image.

So how publish/pushh / push my container in a Linux App Service?

Taking your image and pushing it in a Linux App Service is very simple. You first have to have your container image pushed in a public/private repository like Azure Container Registry or Docker Hub then you just create a Web App for Containers and reference your image.

How do I deploy my code in a consistent manner?

Creating images in a centralized consistent manner is quite different than working alone on your laptop. Web App for Container has integration with most of the thing that you would use to deploy your code in a regular Windows App Service.

There are a couple of ways of pushing your code to the Linux App Service:

1. You can create your container image and push it to a repository like Azure Container Registry or Docker Hub.
2. You can use a CI/CD engine like VSTS to create your image and push it to the registry.
3. You just upload your files via FTP and be done with it 🙂

Down below is a demo flow of how you would push an image to the Web App for Containers service

Now if you’re used to App Services running IIS, there are some limitations that you should be aware of.

1. Containers are stateless by nature – If you need persistence you need to leverage blob storage or use another service like Redis Cache or you can leverage a feature to mount the /home directory to an Azure Files share. The latter will downgrade your performance a lot so tread carefully.
2. You only get ports 80/443 so if you need a custom port for your web application then App Services will not allow it.
3. You don’t have Web Jobs
4. You cannot do VNET integration
5. You cannot do Authorization with Azure AD

This is just a number of limitations that you should be aware of. Some features that you get from a regular App Service will eventually pop up in the Linux ones but until then, you need to work with what you have 🙂

That being said, take a look at Web Apps in Containers, play around with them and see what you can come up with.

Speaking at Azure Global Bootcamp in Cluj

For the 5th year in a row, ITCamp Community is organising Global Azure Boot Camp (https://global.azurebootcamp.net/).

This is a global event that takes place in over 159 locations around the world. Like last year, Cluj-Napoca is hosting a GABC and appears on the Azure map.

On April 22nd, you are invited to join this event which will have three 90 minute workshops which will be part theoretical and part practical, so we advise you to bring a laptop 🙂

I will be speaking at the event, and my workshop is about ARM templates 🙂

The event will start at 9:00 AM and will finish at around 2:00 PM.

Here are the event workshops:

Azure Functions (Radu Vunvulea)

What are Azure Functions? AWS Lambda from Azure. This is the fastest way how we can present Azure Functions. During this workshop, we will have a challenge to create a system that can process and analyze data without VMs or other computation units. We will use only Azure Functions for it. Sounds interesting, then let’s meet from 09:30 and find out how you can do this.

Machine learning for mere mortals with Azure ML (Silviu Niculita)

Machine learning has been leveraged to radically change many industry verticals. The problem is the learning curve has always been very steep. Exotic languages, complex tools, little or no documentation.But innovative cloud-based ML platforms are changing that and democratizing access. During this session, you will learn the basics of machine learning, and you will see a demo of how you can build a prediction model using real-world data, evaluate several different algorithms and modeling strategies, then deploy the finished model as a scalable RESTful API within minutes.

ARM Templates, how to create them, and use them in your CD pipeline (Florin Loghiade)

Azure has an excellent API that permits the user to automate the creation of every complex environment, using one single JSON document. Those documents are called ARM Templates, and they can be used to create, manage and even refresh any type of resource available in Azure. Using ARM templates and PowerShell combined with a CI/CD tool like VSTS, TeamCity, Jenkins, you can automate the build and deployment of the most complex application out there. In this hands-on lab, you will learn about the benefits of using Azure Resource Manager templates, when and how to use PowerShell in the CI/CD pipeline, and what it takes to create ARM Templates.

Here is the meetup link and I hope to see you at the next Global Azure BootCamp!

Global Azure Bootcamp 2017 powered by ITCamp

Saturday, Apr 22, 2017, 9:00 AM

Endava Office (ISDC)
Avram Iancu 506-508 407280 | Florești Cluj-Napoca, RO

13 ITCamp-ers Went

Acesta este al cincilea an când ITCamp community organizează Global Azure Boot Camp. Acesta este un eveniment la nivel global care are loc în peste 159 de locații. Ca și anul trecut, Clujul nu se lasă mai prejos și apare pe harta Azure. Pe data de 22 Aprilie vă invităm pe toți la acest eveniment din Cluj-Napoca, care va conține 3 workshop-uri.Part…

Check out this Meetup →

Pin It on Pinterest