Users who need computing, servers, storage, and networking purchase hardware and application software and install it in their data centers. This purchase cycle can be lengthy because IT organizations require pricing, purchase orders, and subsequently manpower to install and maintain the hardware and applications. Often this infrastructure is under-utilized because applications are not used every day of the month and servers are often sized for more compute power than required. Virtualization achieves some economies of scale as servers are virtualized and IT organizations achieve optimal hardware utilization. However, end users are still dependent on IT to purchase, configure, and deploy physical or virtual servers.

Public infrastructure cloud computing provides individuals and organizations with raw computing, servers, networking, and storage as a utility. This public cloud service is called Infrastructure as a Service (IaaS). Users of a public cloud computing utility pay only for the service utilized and most importantly end users can self-service their computing needs by creating virtual servers, networks, and storage as required.

There are many public cloud vendors, such as Amazon Web Services, Rackspace, Terremark, and Microsoft Windows Azure. Public cloud IaaS can be compared with internal server deployment in the following table.

Activity

Public Cloud Computing

Internal Data Center

Procure hardware

Self-service; create a virtual server, storage, and networking using a browser

Submit purchase order, IT racks, and install hardware and software

Time to up and running

Several minutes

Several weeks

Cost

"Pay as you go," rental model, operational expense

Capital expense, entire cost borne up-front or amortized over several years

Hardware maintenance

None; responsibility borne by cloud provider who in turn provides an SLA to the end user

Internal IT sys admin cost to maintain hardware and software

This article compares Microsoft's IaaS offering, Windows Azure, to Amazon Web Services (AWS), which is widely recognized as the market leader in public IaaS, and focuses on the basic task of deploying a virtual server, storage, and some of the associated security and identity features.

Windows Azure is an IaaS platform from Microsoft. This service allows users to create virtual machines (VMs) in the cloud, either a raw server image or a customized server with applications, features, even a development platform.

There are three methods for creating a VM:

  1. Using the GUI quick method—There are six boxes to fill out to create a VM, name, type of server, disk, network, login/password; the cloud server takes about 5-6 minutes to boot.
  2. Using the GUI method from the Gallery—There are pre-built images; a vanilla OS example; Windows Server 2012 or Windows Server 2008; Windows with SharePoint; Linux images, such as Ubuntu, CentOS, SUSE; and a variety of sizes, from extra small to extra large.
  3. Using PowerShell scripts to add features, roles, and applications to a virtual server.

I tried the "quick create" for a Windows VM called "jgershater." Once I choose the OS, size, and geographical regions, I'm done.

  • Size: Depending on use of the virtual server, I might need a small server with one CPU and less than 1GB of memory or a larger server with more resources.
  • Geographical region: I select to use a server in a geographical region associated with my administrators and users, to avoid network latency problems.
  • DNS name: I notice that a publicly user-friendly name is associated with my VM.

Creating a Virtual Machine

I can use standard Windows RDP to access a server, although the public port is randomized in WindowsAzure.com and mapped to the standard 3389 RDP port.

Endpoints on a Virtual Machine

Because RDP is automatically exposed, users are advised to use strong passwords.

Creating Storage

Windows Azure storage offers several features:

  1. A "blob" is short for "Binary Large OBject," which is a collection of binary information. Applications access a blob using a URL endpoint http://<StorageAccount>.blob.core.windows.net/<Container>/<BlobName> and emplying one of three methods: a RESTful API, the Windows client library, or a a virtual NTFS drive. For redundancy, blobs are automatically copied to three servers, and there is an option to geo-replicate (i.e., copy blobs to servers in other regions). Blobs are cached for end users using the Azure content delivery network (CDN). Blobs are typically used for audio and video files or other unstructured data.
  2. Tables are not typical relational databases, but rather unstructured NoSQL-type databases—a key/value store, associating a set of data with a particular key. Applications access the data by providing the key. A single table can grow to 100TB, and access is very fast. Applications access a table using a URL endpoint http://<StorageAccount>.table.core.windows.net/<TableName>.

With a few clicks, storage is created and monitored, and endpoints are created and monitored, and I can log storage activity.

Logging Storage Activity


Creating Networks

With a few clicks, a virtual network is created, with address space and DNS servers. Thus I can link my VMs together in a private address space and provide DNS resolution. This is useful to group VMs together that interact with one another or for enhanced security to isolate VMs.

Creating Virtual Networks


Interoperability with a Corporate Network

Corporate data centers are not going away with the advent of public cloud computing. However, companies that need bursts of computing (i.e., computing power for a limited amount of time) can use public cloud computing for the project and then rescind the cloud servers when the project terminates. Some examples include a drug company that needs to conduct a three month clinical trial, a video streaming company that is experiencing high load during holiday weekends, and a financial company that processes many tax returns for a few months of the year. These companies can benefit from temporary "rented" virtual servers in a public cloud. There is often also the need to create a bridge or virtual private network (VPN) betwen a corporate data center and public cloud servers, to securely exchange data or virtual servers between the two environments.

Using Microsoft System Center 2012 SP1's App Controller, I can create a secure connection to WindowsAzure.com to establish a hybrid cloud. I can upload a Windows virtual hard disk (VHD) from my on-premises Hyper-V to WindowsAzure.com or download a VHD from WindowsAzure.com to my internal Hyper-V.

Using App Controller to Establish a Hybrid Cloud


Performance

It is important to know the resources a virtual server is using so that end users receive an optimal experience. Windows Azure provides a monitor tab to view performance information of a virtual server: CPU, disk I/O, and network I/O; if required, I can resize a virtual server.

Monitoring Performance on a Virtual Server


Reconfiguring a Virtual Server

Once a virtual server is running, it might need to be resized to accommodate more load. A virtual server can be resized (modify memory/CPU) after it is created. (However, the virtual server might need to be rebooted in case the new resource configuration exceeds the host resources available.)

Here I just click Configure and resize from the drop-down.

Resizing a Virtual Server


Identity/Access Management and Federated Identity

When applications are deployed to the Internet, one irritant for users is the requirement to create a new username and password for every application. It would certainly be convenient to use an existing username and password to authenticate to other applications. For example, consider that the United States is a federation of independent states; each state has its own laws but generally trusts other states. I can rent a car in Arizona by presenting my California driver's license; Arizona trusts the California DMV. In the realm of authentication over the Internet, this nirvana of trust is called Federated Identity. The entity that provides authentication credentials is called the identity provider (in my analogy, the California DMV is the identity provider). Windows Azure has done an excellent job of accepting credentials from identity providers such as Google, Yahoo, Facebook apps, and (obviously) Windows Live, to authenticate to applications you deploy on Azure. My applications on Windows Azure consume identity tokens issued by the Windows Azure Access Control Service.

Windows Azure Access Control Service


Command-Line Interface

For power users who want to automate the deployment of VMs, servers, networks, and storage, a command-line interface is available to interact with Azure. The Windows Azure Downloads page offers SDKs for Linux, Windows, and OS X. Really neat!

So, I can create a new VM like this using Windows Powershell:

PS C:\> New-AzureQuickVM -Windows -name "MyWinVM" -ImageName $images[4].imagename -ServiceName $mySvc -Location $locations[0] -Password $myPwd


Comparison: Windows Azure and Amazon Web Services

Amazon Web Services is the present gorilla in the public cloud infrastructure market. However, Windows Azure is by no means insignificant. The following table describes some key functions and how they differ between the two providers.

Activity

Windows Azure

Amazon Web Services

Create a virtual machine

Quick create

Create from gallery (pre-configured instance with services and features)

Create from command line

Quick create

Create from gallery (pre-configured instance with services and features)

Create from command line

Pre-configured virtual servers

Third-party marketplace of Linux and Windows VMs with pre-installed applications

AWS Marketplace of Linux and Windows VMs with pre-installed applications

Reconfigure a running virtual server

Yes—can add CPU/memory; might require a reboot

No—cannot reconfigure a running AWS instance

Single sign-on

Can enable Yahoo, Google, Facebook, and other identity providers to sign in to applications created on Azure

No federated identity available to applications hosted on AWS

Firewall security

Enable endpoints and expose TCP/UDP ports

Security groups

Command-line tools

SDK download for Linux, Windows, OS X

AWS offers a command-line tools GitHub project

Hybrid cloud

Create from Windows Server 2012 (Microsoft only)

Create VPC to internal network


Sample Price Comparison

A complete price comparison would be exhaustive when one considers the plethora of services: storage, content delivery network (CDN) bandwidth costs, networking, virtual servers, databases. The following table provies a simple overview of the cost of a basic virtual server, probably the most common item deployed in an IaaS.

Virtual Machine Cost Per Hour

Item

Windows Azure

Amazon Web Services

Micro Windows VM

$0.02

$0.091

Medium Windows VM

$0.23

$0.182

Extra Large Windows VM

$0.92

$0.728

Micro Linux VM

$0.02

$0.06

Medium Linux VM

$0.17

$0.12

Extra Large Linux VM

$0.68

$0.48


Conclusion

Microsoft is helping pave the road for enterprise adoption. Microsoft balances the comfort and familiarity for customers who have used other IaaS platforms and are familiar with Microsoft from their own data centers.

Windows Azure is a powerful cloud service for compute and development. A user can self-serve a variety of VMs, both pre-built and unconfigured, with a SQL Server back end for development. There is high availability and redundancy, an easy-to-use interface, and command-line tools for all operating systems. Virtual networks and storage can be easily deployed. Other services, such as Active Directory, mobile services, a service bus, SQL Server and reporting, websites, etc., can be easily deployed for a robust IaaS. Windows Azure pricing is very competitive with Amazon Web Services.

Available Services