Windows Azure Spring 2012 Release: Four Scenarios in the Hybrid Cloud

In the past, I have written about the benefits of Platform as a Service (PaaS) style of applications. While I continue to believe that PaaS offers the best ROI for hosting custom applications in the cloud, there are a number of scenarios where inserting elements of Infrastructure as a Service (IaaS) to a PaaS solution can help alleviate some of the limitations that have prevented the adoption of PaaS. In this blog post we will look at a few compelling scenarios that are enabled by combining PaaS with the recently announced IaaS features within a Windows Azure Cloud Service.

I am going to assume that you are familiar with the recent Windows Azure announcements related to IaaS. (If not, I highly recommend watching Mark Russinovich’s presentation on the new features.) In a nutshell, the Windows Azure IaaS features include:

Virtual Machines: The ability to bring custom Windows Server and Linux images to the cloud, and
Virtual Network: The ability to provision and manage virtual private networks (VPNs) in Windows Azure as well as link these with on-premises IT infrastructure. Virtual Network offers a site-to-site connectivity between Windows Azure and on-premises (unlike existing Windows Azure Connect feature that was offered as a developer friendly machine-to-machine connectivity solution).

Scenario #1: PaaS-hosted Web Tier combined with IaaS-hosted SQL Server

The scenario: The front-end tier of the application can be hosted within a Windows Azure Web role, thereby taking advantage of all the PaaS benefits including OS management, out-of-band monitoring etc. However, the database tier requires a full-blown SQL Server (as opposed to Windows Azure SQL Database) since it relies on SQLCLR functionality.

The solution: Host Web and Worker Roles in a PaaS-based cloud service instance and host a mirrored SQL Server database in an IaaS-based cloud service. The two services are connected via the Virtual Network. In fact, the two cloud service instances are placed inside two distinct subsets (listed as Front End Subnet and SQL Subnet in the diagram) defined within the virtual network.

Note: Two services are needed because PaaS and IaaS roles cannot be co-located within one Cloud Service instance. This is a current limitation that is likely to go away in the future.

Scenario #2: IaaS-hosted Web Tier combined with PaaS-hosted storage

The scenario: This time, the front-end tier of the application (even though based on ASP.NET) cannot be hosted within Windows Azure Web Roles. This mainly due to the fact that the current version of the application stores data on the local drive (since Web Roles can be recycled at any time any data stored on the local drive is not persisted). However, the storage requirement of the application demands an elastic store where large binary images can be stored.

The solution: Host the ASP.NET-based portion of the application in an IaaS-based cloud service instance, thereby allowing the application to write data to the local disk that is persisted across virtual machine restarts. Large images are stored in Blobs, a PaaS service offered by Windows Azure for data management. Blobs provide a number of benefits including highly-elastic storage, CDN, access control and geo-replication.

Scenario #3: PaaS-hosted application authenticated against an existing Enterprise Identity Store

The scenario: All parts of the application fit nicely within the PaaS model, including Web and Worker Roles and SQL Database. However, it is required that applications rely on an on-premises-based enterprise identity store.

The solution: Host the various parts of the application in a Windows Azure-based cloud service, thereby taking advantage of all the PaaS benefits. At the same time, a read-only replica of the on-premises AD instance is set up within an IaaS-based virtual machine. This will allow the PaaS-based service to authenticate the users without the need to reach out to the on-premises-based AD server. The synchronization between the read-only AD replica with the authoritative on-premises-based AD will take place over a VPN tunnel established using the Virtual Network.

Scenario #4: PaaS-hosted application monitored using existing monitoring tools

The scenario: Again, all parts of the application fit nicely within the PaaS model, including Web and Worker Roles and SQL Database. However, it is required that the PaaS-based application be monitored alongside other on-premises-based applications, using the existing SCOM-based monitoring setup.

The solution: Host the application within a single PaaS-based cloud service. Another cloud service will host an IaaS-based virtual machine with the necessary SCOM agent installed on it. Finally, using the virtual network between Windows Azure and on-premises, SCOM agent will be able to send data to on-premises-based SCOM server.

Note: While is possible to host the SCOM agent on-premises and route traffic to it via Virtual Network based tunnel, the above solution provides for lower latency by co-locating the SCOM agent with the cloud service.

Photo credit: Copyright (c) 123RF Stock Photos, all other images (c) Vishwas Lele

Share this page:

Related Posts

Radius: More Than Containers

Introducing .NET Aspire: Simplified Cloud-Native Development for .NET

Maximizing Security & Management in Azure Virtual Desktop with Intune and Defender for Endpoint