arquitectura dos serviços da plataforma windows azure
DESCRIPTION
Apresentação do Vitor Tomaz sobre a Arquitectura dos Serviços da plataforma Windows Azure na 4a Reunião Presencial da Comunidade NetPonto em Coimbra (http://netponto.org).TRANSCRIPT
Arquitectura dos Serviços da plataforma Windows Azure
Vítor Tomaz
http://netponto.org4ª Reunião Coimbra - 11/02/2012
Vítor TomazISEL – LEICConsultor Independente
NetPontoAzurePTRevista ProgramarPortugal@ProgramarSQLPort
Agenda
• Introdução• Arquitectura do Datacenter e Windows Azure• Arquitectura do Windows Azure Storage• Arquitectura do SQL Azure
• Resource allocation– Machines must be chosen to host roles of the service– Procure additional hardware if necessary– IP addresses must be acquired
• Provisioning– Machines must be setup– Virtual machines created– Applications configured– DNS setup– Load balancers must be programmed
• Upgrades– Locate appropriate machines– Update the software/settings as necessary– Only bring down a subset of the service at a time
• Maintaining service health– Software faults must be handled– Hardware failures will occur– Logging infrastructure is provided to diagnose issues
Deploying A Service Manually
This is ongoing work…you’re never done
TEMPO
CAPA
CIDA
DE
Capacidade Real
Recusos disponíveis
Demasiadosrecursos
Poucos recursos
Capacidade Prevista
Cloud Computing
Capacidade Real
Capacidade on Demand
Baixo Investimento
Não há recursos desperdiçados
Escalabilidade
Elasticidade
TEMPO
CAPA
CIDA
DE
Capacidade Prevista
Cloud Computing
Cloud Computing
• Escalabilidade• Elasticidade• Baixo Investimento Inicial• Pago o que Uso• Não há (demasiados) recursos desperdiçados
Escalabilidade
Custos
Types of CloudPackaged Software
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You m
anage
Infrastructure
(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Managed b
y v
endor
You m
anage
Platform(as a
Service)
Managed b
y v
endor
You m
anage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a
Service)
Managed b
y v
endor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Windows Azure Automation“What” is needed
Agent
Switches
Load-balancers
Fabric Controller
Agent
Agent
Make it happen
Windows Azure• Windows Azure is an OS for the data center• Model: Treat the data center as a machine• Handles resource management, provisioning, and
monitoring• Manages application lifecycle• Allows developers to concentrate on business logic
• Provides common building blocks for distributed applications• Reliable queuing, simple structured storage, SQL storage• Application services like access control and connectivity
Windows Azure Platform
Reporting Data SyncDatabase
Virtual NetworkCompute Storage CDN
CachingService BusAccess Control
Windows Azure Data Center
Windows Azure Datacenter Architecture
Datacenter
Fabric Controller
Service
RDFEService
Publicar um serviço na Cloud
Datacenter
Fabric Controller
Windows Azure PortalSystem Center AppManager
Datacenter
Fabric Controller
RDFE (Red Dog Front End)
• RDFE é o front end para todos os serviços Windows Azure• Gestão de subscrições• Billing • Acesso dos utilizadores• Gestão dos Serviços
• O RDFE é responsável pela escolha de clusters para publicação de serviços e contas de storage• Região do datacenter• Grupo de afinidade • Utilização do cluster
Datacenter Clusters
Cluster1
Cluster2
Clustern…
Datacenter network
FC FC FC
• Cada cluster tem aproximadamente 1000 servidores em rack (400 a 2,500)
• Cada cluster é gerido por um Fabric Controller (FC)
Cluster 1
Inside a Cluster
TOR TOR TOR TOR TOR
LB
LBAGG
LBLB
LB
Nodes
Rack
Aggregation Routers and
Load Balancers
Power Distribution
Units
Top of Rack
Switches
PDU
…
PDU…
PDU
…
PDU
…
PDU
…
Rack Rack Rack Rack
FC1 FC2 FC3 FC4 FC5
Datacenter network
Datacenter Clusters
Cluster 1
Datacenter network
TOR
LB LBAgg
PDU
Aggregation Routers and
Load Balancers
TOR
PDU
TOR
PDU
…
Power Distribution
Units
Nodes
Nodes
Nodes
TOR
PDU
…Top of Rack
Switches
Fabric Controller (FC)
• É o “kernel” do sistema operativo na cloud • Gere o hardware do datacenter• Gere os serviços Windows Azure
• Quatro responsabilidades principais:• Reserva de recursos no datacenter• Preparação dos recursos • Gestão do ciclo de vida dos serviços• Gestão da “saúde” dos serviços
• Inputs:• Descrição do hardware e recursos de rede que vai gerir• Descrição do serviço e código das aplicações que vai correr
ServerKernelProcess
DatacenterFabric ControllerService
Windows Kernel
Server
Word SQL Server
Fabric Controller
Datacenter
ExchangeOnline
SQL Azure
Cluster Resource Description
• The Fabric Controller is bootstrapped with a Utility Fabric Controller (UFC)• Single-instance FC • Used for bootstrap and FC updates
• UFC feeds FC a description of the cluster physical and logical resources in Datacenter.xml• Server IP addresses• Pool of network IP addresses to assign services• Network hardware and Power Distribution Unit
addresses
Cluster Resource Description
Preparação de um Nó
TOR
PDU
…
Preparação de um Nó• Liga o nó• Carrega um sistema
operativo de manutenção• Formata o disco e
carrega o sistema operativo Windows Azure
• Arranca o Windows Azure
• Liga o “FC Host Agent” ao Fabric Controller
Fabric ControllerRole
ImagesRole
ImagesRole
ImagesRole
Images
Image Repository
Maintenance OS
Parent OS
Node
PXEServer
Maintenance OS
Windows AzureOS
Windows Azure
OS
FC Host
Agent
Windows Azure Hypervisor
Windows Deployment
Server
DeploymentRole B
Worker RoleCount: 2Update
Domains: 2Size: Medium
Role A Web Role (Front End)Count: 3Update
Domains: 3Size: Large
LoadBalancer
10.100.0.36
10.100.0.122
10.100.0.185
www.mycloudapp.net
www.mycloudapp.net
The Windows Azure Service Model• A Windows Azure application is called a “service”
• Definition information (Role name, Role type, VM size, etc.)• Configuration information (# of instances, # of update domains, etc.)• At least one “role”• Your codes
• Roles are like DLLs in the service “process”• Collection of code with an entry point that runs in its own virtual machine• There are currently three role types:
• Web Role: IIS7 and ASP.NET in Windows Azure-supplied OS• Worker Role: arbitrary code in Windows Azure-supplied OS• VM Role: uploaded VHD with customer-supplied OS
My Service
ConfigurationInstances: 3Update Domains: 3Fault Domains: 3
Role: Front-End
DefinitionType: WebVM Size: LargeEndpoints: External-1
ConfigurationInstances: 2Update Domains: 2Fault Domains: 2
Role: Middle-Tier
DefinitionType: WorkerVM Size: MediumEndpoints: Internal-1
Service Model Files
• Service definition is in ServiceDefinition.csdef
• Service configuration is in ServiceConfiguration.cscfg
• CSPack program Zips service binaries and definition into service package file (service.cspkg)
Service Resource Allocation• Goal: allocate service components to available resources while
satisfying all hard constraints • HW requirements: CPU, Memory, Storage, Network• Fault domains
• Secondary goal: Satisfy soft constraints • Prefer allocations which will simplify servicing the host OS/hypervisor• Optimize network proximity: pack nodes
• Service allocation produces the goal state for the resources assigned to the service components• Node and VM configuration (OS, hosting environment)• Images and configuration files to deploy• Processes to start• Assign and configure network resources such as LB and VIPs
Guest Partition
Guest Agent
Role Instance
Guest Partition
Guest Agent
Role Instance
Guest Partition
Guest Agent
Role Instance
Dentro de um nó
Fabric Controller (Primary)
FC Host Agent
Host Partition
Nó físico
Fabric Controller (Replica)
Fabric Controller (Replica)…
Trust boundary
Image Repository (OS VHDs, role ZIP files)
Deploying a Role Instance• FC pushes role files and configuration information to target
node host agent• Host agent creates three VHDs:
• Differencing VHD for OS image (D:\)• Host agent injects FC guest agent into VHD for Web/Worker roles
• Resource VHD for temporary files (C:\)• Role VHD for role files (first available drive letter e.g. E:\, F:\)
• Host agent creates VM, attaches VHDs, and starts VM• Guest agent starts role host, which calls role entry point
• Starts health heartbeat to and gets commands from host agent• Load balancer only routes to external endpoint when it
responds to simple HTTP GET (LB probe)
Role Instance VHDs
Role Virtual Machine
C:\Resource Disk
D:\Windows
Differencing Disk
E:\ or F:\Role Image
Differencing Disk
Windows VHD Role VHD
Inside a Role VM
Resource Volume
OS Volume
Role Volume
Guest Agent
Role Host
Role Entry Point
Service HealingRole B
Worker RoleCount: 2Update
Domains: 2Size: Medium
Role AWebRole (Front End)Count: 3Update
Domains: 3Size: Large
LoadBalancer
10.100.0.36
10.100.0.122
10.100.0.185
www.mycloudapp.net
www.mycloudapp.net
10.100.0.191
Node and Role Health Maintenance• FC maintains service availability by monitoring the
software and hardware health• Based primarily on heartbeats • Automatically “heals” affected roles
Problem How Detected Fabric Response
Role instance crashes FC guest agent monitors role termination
FC restarts role
Guest VM or agent crashes
FC host agent notices missing guest agent heartbeats
FC restarts VM and hosted role
Host OS or agent crashes
FC notices missing host agent heartbeat
Tries to recover nodeFC reallocates roles to other nodes
Detected node hardware issue
Host agent informs FC FC migrates roles to other nodesMarks node “out for repair”
Fault and Upgrade Domains
Rack
Web Role
VM
VM
Worker Role
VM
VM
Fault Domain
Rack
Web Role
VM
VM
Worker Role
VM
VM
Fault Domain
U/G Domain #1
U/G Domain #2
U/G Domain #1
U/G Domain #2
Updates• Existem 2 tipos de updates:• In-place: actualizar um serviço que está a correr• VIP swap: troca entre staging e produção
In-Place Update• O serviço mantêm-se activo
enquanto as actualizações são realizadas
• São actualizados um update domain de cada vez• Por omissão são 5• No máximo são 20• Configurável na definição do serviço
• O SLA do Windows Azure é baseado em pelo menos 2 update domains e 2 instâncias para cada role
Front-End-1
Front-End-2
Update Domain 1
Update Domain 2
Middle Tier-1
Middle Tier-2
Middle Tier-3
Update Domain 3
Middle Tier-3
Front-End-2Front-End-1
Middle Tier-2
Middle Tier-1
VIP Swap• Troca entre o ambiente de staging e produção• Apenas existe troca a nível de Load Balancer• O ambiente de staging continua a consumir
recursosProduction VIP – VIP1
<dnsname>.cloudapp.netStaging VIP – VIP2
<guid>.cloudapp.net
Role A Role B
Port 80
Port 3389
Port 3390
Deployment A
Role A’ Role B’
Port 80
Port 3389
Port 3390
Deployment A’
Production VIP – VIP1<dnsname>.cloudapp.net
Staging VIP – VIP2<guid>.cloudapp.net
Windows Azure Storage
Account
Container Blobs
Table Entities
Queue Messages
Windows Azure Data Storage Concepts
http://<account>.blob.core.windows.net/<container>
http://<account>.table.core.windows.net/<table>
http://<account>.queue.core.windows.net/<queue>
www.buildwindows.com
Windows Azure Storage Data Abstractions
• Blobs – File system in the cloud• Tables – Massively scalable structured storage• Queues – Reliable storage and delivery of messages• Drives – Durable NTFS volumes for Windows Azure
applications
Design Goals• Highly Available with Strong Consistency• Provide access to data in face of failures/partitioning
• Durability• Replicate data several times within and across data
centers• Scalability• Need to scale to exabytes and beyond• Provide a global namespace to access data around the
world• Automatically load balance data to meet peak traffic
demands
Windows Azure Storage Stamps
Storage Stamp
LB
StorageLocation Service
Access blob storage via the URL: http://<account>.blob.core.windows.net/
Data access
Partition Layer
Front-Ends
Stream Layer
Intra-stamp replication
Storage Stamp
LB
Partition Layer
Front-Ends
Stream Layer
Intra-stamp replication
Inter-stamp (Geo) replication
Windows Azure Storage Stamps
• Cada Storage Stamp têm• Entre 10 a 20 racks• Cada rack tem 18 nós• Storage Stamps de 1º Geração guardam 2PB de dados• Storage Stamps de 2º Geração guardam até 30PB
Storage Stamp Architecture
Extent Nodes (EN)
Front End Layer
FE
Incoming Write Request
Partition
Server
Partition
Server
Partition
Server
Partition
Server
Partition
Master
FE FE FE FE
Lock Service
Ack
Partition Layer
Stream Layer
Windows Azure Storage - Architecture
• Front End Layer• Servidores stateless• Autenticação e autorização do pedido• Usando a partition key do pedido obtêm do Partition Map
qual o partition server que têm os dados• Envia o pedido para o partition server• Obtêm a resposta do partition server e devolve ao cliente
FE FE FE FE FE
Windows Azure Storage - Architecture
• Partition Layer• GET • Verifica se os dados estão na memória cache do partition server• Se estiver retorna os dados em cache• Se não estiver envia o pedido para um dos Extent Nodes que
contêm uma réplica dos dados• PUT/POST/DELETE• Envia o pedido para o Extent Node primário
Partition
Server
Partition
Server
Partition
Server
Partition
Server
Partition
Master
Windows Azure Storage - Architecture
• Stream Layer• Sistema de ficheiros distibuido e “append-only”• Os dados são armazenados em ficheiros (extents) • Todos os extent estão replicados 3 vezes em diferentes fault
e upgrade domains• Todos os dados passam por Checksum• Novamente replicado se houver falha de disco/nó/rack ou
checksum
Extent Nodes (EN)
Partition Layer
Scalable Object Index via Partitioning• Partition Layer maintains an internal Object Index Table for
each data abstraction• Blob Index: contains all blob objects for all accounts in a stamp • Table Entity Index: contains all entities for all accounts in a stamp• Queue Message Index: contains all messages for all accounts in a
stamp
• Scalability is provided for each Object Index• Monitor load to each part of the index to determine hot spots• Index is dynamically split into thousands of Index RangePartitions
based on load• Index RangePartitions are automatically load balanced across servers
to quickly adapt to changes in load
AccountName
ContainerName
BlobName
aaaa aaaa aaaaa
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
…….. …….. ……..
zzzz zzzz zzzzz
AccountName
ContainerName
BlobName
aaaa aaaa aaaaa
……… ……… ………
……… ……… ………
harry pictures sunrise
• Split index into RangePartitions based on load
• Split at PartitionKey boundaries
• PartitionMap tracks Index RangePartition assignment to partition servers
• Front-End caches the PartitionMap to route user requests
• Each part of the index is assigned to only one Partition Server at a time
Storage Stamp
Partition
Server
Partition
Server
AccountName
ContainerName
BlobName
richard videos tennis
……… ……… ………
……… ……… ………
zzzz zzzz zzzzz
AccountName
ContainerName
BlobName
harry pictures sunset
……… ……… ………
……… ……… ………
richard videos soccer
Partition
Server
Partition
Master
Partition Layer – Index Range Partitioning
Front-EndServer
PS 2 PS 3
PS 1
A-H: PS1H’-R: PS2R’-Z: PS3
A-H: PS1H’-R: PS2R’-Z: PS3
PartitionMap
Blob Index
Partition
MapA-H
R’-Z
H’-R
Stream Layer
www.buildwindows.com
Stream Layer
• Append-Only Distributed File System• Streams are very large files• Has file system like directory namespace
• Stream Operations• Open, Close, Delete Streams• Rename Streams• Concatenate Streams together• Append for writing• Random reads
www.buildwindows.com
Extent E2 Extent E3
Bloc
kBl
ock
Bloc
kBl
ock
Bloc
kBl
ock
Bloc
kBl
ock
Stream Layer Concepts
Block• Min unit of write/read• Checksum• Up to N bytes (e.g.
4MB)
Extent• Unit of replication• Sequence of blocks• Size limit (e.g. 1GB)• Sealed/unsealed
Stream• Hierarchical
namespace• Ordered list of
pointers to extents• Append/Concatenate
Bloc
kBl
ock
Bloc
kBl
ock
Bloc
kBl
ock
Bloc
k
Extent E4
Stream //foo/myfile.dataPtr E1
Ptr E2
Ptr E3
Ptr E4
sealed unsealedsealed unsealedsealed unsealedExtent E1
www.buildwindows.com
Creating an Extent
SMSMStrea
m Maste
r
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN
Create Stream/Extent
Allocate Extent replica set
Primary Secondary A Secondary B
EN1 PrimaryEN2, EN3 Secondary
www.buildwindows.com
Replication Flow
SMSMStrea
m Maste
r
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN
Append
Primary Secondary A Secondary B
Ack
EN1 PrimaryEN2, EN3 Secondary
www.buildwindows.com
?
Dealing with Write FailuresFailure during append1. Ack from primary lost when going back to partition layer
• Retry from partition layer can cause multiple blocks to be appended (duplicate records)
2. Unresponsive/Unreachable Extent Node (EN)• Append will not be acked back to partition layer• Seal the failed extent• Allocate a new extent and append immediately
Stream //foo/myfile.datPtr E1
Ptr E2
Ptr E3
Ptr E4
Extent E5
Ptr E5
Extent E1 Extent E2 Extent E3 Extent E4
www.buildwindows.com
Extent Sealing (Scenario 1)
SMSMStrea
m Maste
r
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN 4
Append
Primary Secondary A Secondary B
Ask for current length120120
Sealed at 120
Seal ExtentSeal Extent
www.buildwindows.com
Extent Sealing (Scenario 1)
SMSMStrea
m Maste
r
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN 4
Primary Secondary A Secondary B
Sync with SM120
Sealed at 120
Seal Extent
www.buildwindows.com
Extent Sealing (Scenario 2)
SMSMSM
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN 4
Append
Primary Secondary ASecondary B
Ask for current length120
Sealed at 100
Seal Extent
100
Seal Extent
www.buildwindows.com
Extent Sealing (Scenario 2)
SMSMSM
Paxos
Partition Layer
EN 1 EN 2 EN 3 EN 4
Primary Secondary A Secondary B
Sync with SM
Sealed at 100
Seal Extent
100
SQL Azure
Service Provisioning Model• Cada conta tem 0 ou mais servidores
lógicos• Criada através do portal
• Cada servidor lógico tem uma ou mais bases de dados• Contém informações aceca das base de dados e
consumos• Unidade de autenticação, geo-localização,
billing, e reporting• Nome gerado automáticamente
• Uma base de dados tem objectos SQL• Utilizadores, Tabelas, Views, Indices, etc• Unidade de consistência
Account
Server
Database
SQL Azure Database
• Baseado em SQL Server 2008 • Usa as mesmas tools e frameworks• Redundante e de Alta Disponíbilidade
• Leituras são feitas no primário• Escritas são replicadas pela maioria dos
secundários
Primary
Secondary 1
Secondary 2
DB
Uma Base de Dados
Lógica
TrêsBase de Dados
Físicas
Behind the Scenes of SQL AzureApplicatio
n
Internet
LBTDS (tcp)
TDS (tcp)
TDS (tcp)
Apps use standard SQL client libraries: ODBC, ADO.Net, PHP, …
Load balancer forwards ‘sticky’ sessions to TDS protocol tier
Security Boundary
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Scalability and Availability: Fabric, Failover, Replication, and Load balancing
SQL SQL SQL SQL SQLSQL
SQL Azure Architecture
Client Layer
Services Layer
Platform Layer
Infrastructure Layer
Client Layer
SQL Azure Architecture
PHP
ADO.NET
Tabular Data Stream (TDS)
ASP.NET WCF Data Services
OBDC
Services Layer
SQL Azure Architecture
Gateway
• Verifica os comandos (parser)• Handshake SSL• “Denial of Service” guard• Valida credenciais de acesso• Valida regras da Firewall• Mapeia o nome da base de dados
usado pelo cliente ao nome interno• Cria a sessão entre a base de dados
física e o cliente• Fica a fazer de proxy da sessãoPlatform Layer
Sessão TDS
TDS
Platform Layer
SQL Azure Architecture
Node 14SQL Instance
SQL DB UserDB1
UserDB2
UserDB3
UserDB4
SQL Azure Fabric
Node 15SQL Instance
SQL DB UserDB1
UserDB2
UserDB3
UserDB4
SQL Azure Fabric
• Cada nó contêm • Uma única instância de SQL Server• Com uma única instância de base de
dados• Com várias partições (até 650)• Cada partição é uma base de dados SQLAzure
• Que pode ser primária ou secundária
• Uma instância de SQL Azure Fabric• Failure detection• Reconfiguration Agent• Engine Throttling• Ring Topology• Partition Manager Location Resolution
SQL Azure Fabric• Failure detection• Detecta falhas num réplica primária ou secundária de
modo a accionar o Reconfiguration Agent• Reconfiguration Agent• Gere o re-estabelecimento de réplicas após falha de um nó
• Engine Throttling• Gere a utilização dos recursos
• Ring Topology• Mecanismo de ajuda à detecção de falhas
• Partition Manager Location Resolution• Gere as comunicações com o Partition Manager
SQL Azure Architecture• Detecção de falhas• Topologia lógica em anel lógico faz com que cada
máquina tenha duas máquinas vizinhas que podem detectar falhas nessa máquina.
• Cada transacção tem que ser commited pela primária e pelo menos por uma secundária
• Reconfiguração• Falha de hardware, crash do sistema operativo,
problemas na instância de SQL Server, actualizações (SO, SQL Server, SQL Azure)
SQL Azure Architecture• Falha da réplica primária• Réplica secundária com menos carga passa a primária• O cliente recebe uma disconnection• Pode demorar 30 segundos a propagar a mudança aos
gateways
• Falha de uma réplica secundária• Se a falha for permanente cria uma nova réplica
secundária e copia os dados da primária.• Esta cópia é uma das principais razões para a limitação
do tamanho das bases de dados em SQL Azure
Resource Throttling in SQL Azure• Throttling Service
• Protege a máquina de utilizações muito exigentes em termos de recursos
• Avalia a utilização actual vs. utilização segura em tempo real• Faz estrangulamento das base de dados mais exigentes primeiro (soft
throttle)• Faz estrangulamento a todas se necessário (hard throttle)
• Throttling aparece como connection error 40501• “The service is currently busy. Retry the request after 10 seconds.
Code: %d.”
• Devemos descodificar o throttling code para mais informação
Decoding Throttling Code
Throttling Impact = Code % 4If remainder is 0: No throttling1: Reject Update/Insert2: Reject All Writes3: Reject all
Step 1: Reasons = Code/256 = 512
Step 2: Convert Reasons to binary512 => 1000000000(2)
Step 3: Group in sets of 2 digits from right to left: 10|00|00|00|00(2)
Resource Code0: Physical Database
Space1: Physical Log Space2: LogWriteIODelay3: DataReadIODelay4: CPU5: Database Size6: Internal7: SQL Worker Threads8: Internal
Throttling Type 1000000000
Resource Code 8 7 6 5 4 3 2 1 0
Throttling Type – Hard vs. Soft
00: not throttled on this resource
01: soft throttled on this resource
10: hard throttled on this resource
Example:Resource Code: (4) - CPU
throttlingThrottling Type: (10)- Hard
throttlingConclusion: CPU Hard throttling
Why am I throttled? How bad is it?
Code =
131075
Check Transient Fault Handling Framework
Throttling• Customer A using 30% CPU on a machine• Customer B kicks of load of 70% additional CPU on the same
machine• Customer B gets throttled
• Customer A using 70% CPU on a machine• Customer B kicks of load to 30% additional CPU on the same
machine• Customer A gets throttled
• Machine has no active workload• Customer A kicks of load to 100% CPU and gets throttled
repeatedly• Customer A gets throttled
DMV Example: Find Total DB Storage Used
select sum(reserved_page_count)*8.0/1024 AS
[Storage_in_MB] fromsys.dm_db_partition_stats
DMV Example: Find CPU Intensive Queries
select highest_cpu_queries.total_worker_time, q.text AS [Query_Text], highest_cpu_queries.plan_handlefrom (select top 50 qs.plan_handle, qs.total_worker_time from sys.dm_exec_query_stats qs order by qs.total_worker_time desc) as highest_cpu_queries cross apply sys.dm_exec_sql_text(plan_handle) as q order by highest_cpu_queries.total_worker_time desc
DMV Example: Find IO Intensive Queries
select top 25 (total_logical_reads/execution_count) as avg_logical_reads, (total_logical_writes/execution_count) as avg_logical_writes, (total_physical_reads/execution_count) as avg_phys_reads, Execution_count, sql_handle, plan_handle from sys.dm_exec_query_stats order by (total_logical_reads + total_logical_writes) Desc
Load Balancer
• Se uma máquina estiver com muita carga o Load Balancer pode mover réplicas primárias para outra máquina.
• A forma mais rápida e eficiente é promover uma réplica secundária como primária porque todas as leituras e escritas correm sobre a réplica primária.
SQL Azure Security
• SQL Azure Roles• dbmanager – The SQL Azure dbmanager role is similar
to the dbcreator role for an on-premises instance of SQL Server. It is required in order to create databases.
• loginmanager - Like the securityadmin role for an on-premises instance of SQL Server, the loginmanager role in SQL Azure is required in order to create logins.
SQL Azure Security• Todos os login têm que ser criados
explicitamente• Os login ‘sa’, ‘admin’, ‘administrator’, ‘root’, and
‘guest’ não são permitidos• As password têm que ser fortes• Por omissão, não existem endereços IP abertos na
firewall• Todas as comunicações entre clientes e SQL têm
que ocorrer sobre SSL• Existe um DoSGuard que monitoriza tentativas de
autenticação falhadas/IP
Questões?
Próximas reuniões presenciais
• 11/02/2012 – Fevereiro (Coimbra)• 24/03/2012 – Março (Lisboa)• 21/04/2012 – Abril (Lisboa)• 12/05/2012 – Maio (Coimbra)
Reserva estes dias na agenda! :)
Obrigado!
Vítor Tomazvitorbstomaz AT gmail.comhttp://twitter.com/vitortomaz