It’s all about the cloud
At first glance, Microsoft’s annual TechEd conference has been all about cloud this year, with the announcements being new features and services on Azure rather than new versions of its server products. But many of the new Azure services are designed for companies who are still using on-premise servers, Azure technical fellow Mark Russinovich told TechRadar.
The new ExpressRoute service where you can connect your servers directly to Azure via an MPLS provider like BT rather than going over the public internet is only useful when you have servers in your company that you want to have connected to Azure over a fast link.
The same is true of the new reserved IP addresses that guarantee that what you’re running on Azure will show up on the same IP address. “When you talk about being able to talk to a site from your own environment and not wanting anyone else to talk to it, that’s one way to do it,” explains Russinovich. “You can reserve an IP address and add it to your routers and set the access controls so the traffic from Azure can only come to you.”
Or take the Azure file storage service, which lets you treat cloud storage as if it was a NAS or a file server you connect to on your local network using familiar SMB. It was the team building the web site services for Azure that originally asked for it, because file shares were the way they distributed website code between servers for failover and setting those up on Azure was a lot of work.
“They told us they needed a file share. ‘Why do we need to create virtual machines, turn on file sharing and figure out failover for them just because we want to share files between the servers?’ They had to either rewrite their infrastructure to not share files that way or pay this management and configuration burden of creating these severs that have file sharing in the traditional server sense. And many of the people writing web sites wanted the same things. Now it’s just file sharing as a service.”
That means if you have applications that use a file share, you can easily move them to the cloud. But it’s also useful if you’re taking advantage of the new developer feature that lets you run a Windows client on Azure for the first time, for building and testing software, because you can build and test apps that will work with a file share when you run them on your own systems. In fact, points out Russinovich, “Anything where we talk about hybrid cloud is actually focused on on-premise customers; Azure site recovery is completely focused on them.”
The way that works is that if your entire site goes down, you can switch over to working on Azure immediately because the site recovery service puts a copy of all your workloads and data up there and keeps it up to date automatically. “Today what I need to do to make a highly available disaster recovery service that’s resilient to failure is I have to go to my boss and say we need to get hosting and we need to buy servers there and we need to configure the network for them and that’s just the first steps for a disaster recovery system which we’re not going to use very often but we will pay the cost of having ready to go constantly. Or I can use Azure where I can spin it up quickly and I’m only paying for storage which is really cheap.”
There are also new features in Azure Active Directory, the service that connects you to Office 365. The premium version can tell you if any of your PCs are showing up as being part of botnets detected by Microsoft’s security team, for example. “We’re able to correlate security events,” Russinovich explains, “so we have Office customers who are being attacked and our telemetry will tell us what’s going on. If they’re getting spear phished, we can divert those messages into junk mail folders so the users don’t even see them.”
Azure Active Directory Premium includes a preview of a new service that Russinovich hopes will “help IT get a handle on this shadow IT thing” by finding out which cloud services users are sending data to. “We’re trying to give them the control without getting in the way of the users because if we get in the way of the users they will just bypass them – and if your users are bypassing you they’re creating problems for you.” The idea isn’t to find cloud storage like Dropbox and turn it off; it’s to find out about it so you can manage it. “IT is in the business of managing credentials and securing them properly but when it comes to cloud services, business managers are storing these things, losing track of them, putting them in spreadsheets… Once IT discovers them, they can say ‘we need to help you manage those credentials, because if you don’t we’re putting the whole business at risk’.
New server software sooner
Although cloud is increasingly the future of Microsoft – a change in direction which Russinovich points out started under Steve Ballmer and has spread through the whole company – it’s also bringing benefits to server products like SQL Server, Office and Windows Server. “We’re working on aligning the cadences because we’re updating the cloud all the time and we want to get that stuff back into the boxed software faster and faster.”
You won’t have to update as often as Azure does if you don’t want to, he promises. “There’s going to be options for people that want to move slowly and people that want to move fast; the Azure Pack you can move fast with, System Centre is more slow. There will be tracks for the fast path and for when I want to stand it up and have it work for ten years and not touch it.”
Something Microsoft has learned from building Azure is that long development and testing cycles aren’t the best way of getting good software. “With the boxed software, the mentality is that once it gets out into the world we’ve lost touch with it, so we have to go through a year-long beta to make sure it’s solid, so that when we give it to you it doesn’t break. But what we found is that instead of making the platform more stable, it has the inverse effect. Because our systems then are designed for this really slow way of pushing things out, when something does break we can’t get around to fixing it because our system don’t support pushing something out quickly. The only way you can get more stable is to release more often. Once you’re getting things out quickly and detecting where health goes awry really quickly, then you don’t have to let things bake for ever.”
Instead Microsoft tests things out first with internal systems “so if we inflict pain it’s on us”. If it works well, the new code goes first to a small section of Azure and then to more and more of the cloud. That’s the same way Windows Update works. “We don’t throw patches out to the whole world at once; we do it to a subset so if there’s a problem we can fix it before we impact everybody.”
- US TechEd 2014 shows Microsoft’s resolute focus on enterprise and cloud