We have third-party software hosted in Azure Virtual Machines. This software hosts a service which is consumed by one of our Cloud Service Web Roles.
The issue is that the network latency between the VM and the Web Role is significantly affecting the performance of our application.
A solution would be to publish this third-party software in the same Cloud Service (in a Worker Role).
VM Role sounds like a good implementation for the above problem. Unfortunately this is a deprecated service!
One idea would be to package the relevant installation scripts and files into a Visual Studio project and configure the ServiceDefinition to set up the software accordingly. The concern here is that the installation files are over 1Gb.
Is there currently any Azure service that can support my problem? Is there a replacement to the VM Role?
Though a bit old, but you may want to take a look at Azure Bootstraper on CodePlex. From the project description page:
The Windows Azure Bootstrapper is a command line tool meant to be used
by your running Web and Worker roles in Windows Azure. This tool
allows you to easily download resources (either public resources or
ones in your blob storage), extract them if necessary, and launch
them. Since you don't want to always download and run during
restarts, it will also help track those dependencies and only launch
an installer one time! In addition, there are some very useful
features that make it a great tool to package with your roles.
Yet another idea (though I have not tried it) would be to make use of Azure File Service. What you could do is upload the installers in an Azure File Service share and then mount the share in your Cloud Service VMs and use it as a drive on your VM. You should be able to install software that way.
You're right that bundling 3rd-party software inside the cspkg can be problematic, size-wise.
It's common practice to download needed software from either a startup command file (.cmd) or from OnStart(). These downloads can be sourced from anywhere that you have access to: Azure blob storage, the actual vendors themselves (e.g. download from their public download link), etc. In your startup script, you'd need to handle the downloading (and potential unzipping) into a local folder, then installing as necessary.
Related
Sometimes in our website which is deployed on Azure web roles, issue comes related to small bugs in javascript and HTML. We go to all instances of webroles and fix these JS and HTML file on machines.
But I was looking into some automated way of doing this, downloading the files to patch from some central location and replace the files in all azure web roles. I am using ASP .net MVC for website.
It is possible to redeploy the website with the patch in the package but we don't want to wait for long deployment time. Please let me know if it is possible via some internal WEB API which replaces the content on all azure web roles.
There are 2 ways to deploy a new webrole:
redeploy
inplace update
The first one is the slowest, meaning new VM's are booted.
With inplace upgrade (https://azure.microsoft.com/en-us/documentation/articles/cloud-services-update-azure-service/)
The new application package is mounted on a new drive (usually F: instead of E:) and the IIS website is swapped to the new drive.
You can try this by going to the old portal and upload a new application package. In just a few seconds/minutes the update is done.
After digging many things on stackoverflow, I crafted my own solution which is creating a topic and subscribing to the topic in code when website starts. When I want to patch the web app then I send a message to Topic to start patching then each machine in the web roles will get notification from topic and start patching themselves. Patching itself is very easy, which is going to a web storage and downloading files from there and replacing files in approot.
When azure maintenance happens this patching may go away, so for this situation I made patching work started at start up of website too.
Cloud service deployment packages tend to be slow since they are basically a recipe on how to build and configure your deployment. The deployment not only puts the recipe out in Azure (so it can be used again if it needs to move your machine), but also follows the recipe to build out a VM for your Cloud Service (WebRoles/WorkerRoles are platform as a service so you don't have to worry about the OS and infrastructure level like you would if you were using the Virtual Machine Azure product but they do still run in VMs on physical hardware).
What you are looking to do is something that will update the recipe (your cloud service package) and your deployment after it is out and running already ... there is no simple way to do that in Cloud Services.
However, yes you could create a startup script that could pull the site files from blob storage or some other centralized location - this would compare to how applications (fiddler for example) look for updates then know how to update and replace themselves. For that sort of feature you will likely need to run code as an elevated user - one nice thing about startup scripts are they can run as an elevated user - so they can do about anything you need done on a machine (but will require you to restart the instance for them to run). Basically you would need to write some code that will allow your site to update itself. This link may help: https://azure.microsoft.com/en-us/documentation/articles/cloud-services-startup-tasks/
If you have the ability to migrate to WebApps and WebJobs, I would recommend looking into that since that compute product solves your problem really well.
Here is a useful answer of the differences between WebApps and Cloud Services: What is the difference between an Azure Web Site and an Azure Web Role
Is there a way to enable Anti-malware monitoring of cloud service. With the latest release for enabling cloud service, should we still need to have power shell has start up for cloud Services and Power-shell will invoke XML template of anti malware.
I could not be proper documentation of how to enable from Cloud Services solution perspective
Here are the Some of the questions:
Should i still need to have Power shell has startup and configure it
for CSDEF file
Where should i place xml template in cloud project, in the power shell, we need to give location of xml file, should xml file and power shell script should be # same level i.e in the same directory
If we enable Monitoring of Anti malware services for cloud services, we need to give storage account, is there a way where storage account pickup dynamically based on envrionment we are deploying. End of the day,I'm looking for automated way of setting Monitoring in Production and UAT envrionments
Use the PowerShell cmdlet, Set-AzureServiceAntimalwareExtension to enable antimalware in your cloud service. Here's some more info:
Set-AzureServiceAntimalwareExtension
For installing any software in a cloud service, the approach I've found to be best is to implement the OnStart() method in the WebRole.cs class of a project that you've deployed. (http://msdn.microsoft.com/en-us/library/microsoft.windowsazure.serviceruntime.roleentrypoint.onstart.aspx)
You can do something like:
Download the software you need, or reference a file you've bundled with the code.
Install it.
Configure it.
Run it.
For the big picture - monitoring environments - I wouldn't spend too much time on anti-virus/malware software. No one is installing that if they can't get access to your machine.
Things you can do to lock down your machine/monitor it:
Make sure all your endpoints are locked down. Only expose ports that need to be used, for example, port 80 for HTTP.
Use SSL for HTTP.
Install something like Bosun (http://bosun.org/) or Opserver (https://github.com/opserver/Opserver) to monitor CPU, RAM, network connections etc.
(Note: Tried installing Bosun on a Windows Cloud Service earlier this week and not all the metrics seem to be reporting.)
Just getting used to VS2012 publishing of Cloud Services. At present I have a one instance webrole which contains a MVC3 application. I can publish it to Azure without issue, and it creates the Cloud Service>Web Role>VMs. Fine. Takes a little while.
However when I do a little code change how can I migrate just this code change without replacing all the VMs that implement the WebRole etc.
It seems that Code and infrastructure are inseparable, or have I misunderstood. Is there a way to just update the code bit?
Thanks.
When you roll out an update, you upload an entire package containing not only your code files, but also the configuration for the VM, such as # of instances, ports to open on the firewall, local resources to allocate, etc. These configuration settings are part of the code package - so there is more going on than just updating code files.
However, there are a couple of methods you can use to have more granular control over updates.
Use Web Deploy. One thing to keep in mind, is that any automatic service updates will restore your website to the last fully-deployed package, which may not be as up-to-date. You would only want to use this in staging, then do a full package update for production rollout.
Use an Azure Web Site instead, which allows continuous integration with your source control provider, and direct updates to the code.
Use an Iaas VM instead. These are basically the same as running your own custom server in the Azure cloud, and you have full control over the OS. However, you also have full responsibility for keeping the OS updated and secure.
You can also enable RDP to your Azure Web Role VM's. You will find all your code files there and IIS, but I wouldn't recommend updating your code this way for the same reasons listed in #1.
The code and infrastructure, in a cloud service, are actually separate. All you upload is a deployment package containing just your code and supporting libraries / files. You don't upload a vhd. Azure provides that for you, spinning up a vhd, and then accessing your code on a file folder on that vhd. Same process happens each time you scale out to more instances.
when you make a code change, you build a new deployment package and deploy that. If you do it as an in-place update (vs delete+redeploy), each role is updated on each instance (when you have multiple instances of a role, they're not all updated at the same time). You can even specify that you only want a single role within the deployment to be updated (helpful if, say, you have a worker role in addition to your web role, and want to leave all the worker role instances running).
when the code update happens, the VMs aren't replaced, but they are recycled, and when they start back up, they are running the updated code.
You can use WebDeploy with Cloud Services in production across multiple servers using the AzureWebFarm project (disclaimer: I maintain it).
Alternatively, you can also use the excellent Octopus Deploy deployment technology in conjunction with the AzureWebFarm.OctopusDeploy project (disclaimer: I maintain this one too).
To be honest though, if you just have a simple web app then I wouldn't both with cloud services - I'd just use Web Sites. Feel free to check out my blog post to see the situations which might force you to use cloud services though.
If you enable WebDeploy on the cloud service, you can use web deploy to publish the MVC application.
See http://msdn.microsoft.com/en-us/library/windowsazure/ff683672.aspx for details.
All of the above answers are correct and if you are trying to change your code for a production service you definitely want to do an in place upgrade as described. However, frequently during the dev/test phase or troubleshooting I want to make one small change and test it out quickly. To do this check out http://blogs.msdn.com/b/kwill/archive/2013/09/05/how-to-modify-a-running-azure-service.aspx which describes how to modify the code via RDP to the Azure VM.
Deploying apps to Windows Azure Websites feels incredibly more convenient compared to the initial WebRole option. Being able to push through Git, and get the app restarted in ~20s is a massive improvement over the 15min role redeploy.
Thus, I am considering using this option for what used to be hosted in WorkerRole as well. Indeed, it's possible to allocate a full VM to run WA website.
Are there any gotcha to be aware of when attempting this? Obviously, as the name suggests, WA websites are not intended for backoffice processing.
In an upcoming feature for Windows Azure Websites, the scenario you're referring to will be supported:
http://github.com/projectkudu/kudu/wiki/Web-jobs
The following will allow you to have 2 types of processes to run aside your website:
Triggered - Start your process on a scheduled (or manual) basis.
Continuous - Your process will always be on (if it goes, it brings it back up).
Regarding the differences between Azure Webrole and Azure Website, there's a different question:
What is the difference between an Azure Web Site and an Azure Web Role
Cloud Services gives you two different environments: staging and production. You can also use Continous deployment with Git, Tfs, Codeplex, Dropbox too. But if you don't need this two environments, you can go with websites.
Using a Virtual Machine, you'll be responsible for the operating system, runtime, data and also your app (obviously). Just be aware that you'll have to apply the service packs / security packs by yourself. If your app doesn't use 3rd party components I don't see a reason to use a VM for that.
This might not be so much of a programming question..but still..
I have the need of getting a site the currently is hosted in azure down to a local development environment.. is there anyway to do that?, any tools or such?..
Thanks in advance!
Not currently. Once the cloud service deployment package has been handed over to the Azure Fabric controller, there is no way to reclaim it, even if you submit a support ticket. The closest you can get to this is either upload packages to Windows Azure Blob Storage first, then deploy from there, or enable remote desktop and copy the files from inside the VM to an external storage account.
My suggestion would be to do one of the following:
If you have RDP enabled, you can remote in and grab the files
Otherwise, I would suggest creating a support case and having Microsoft help you get out the files: https://support.microsoft.com/oas/default.aspx?&c1=501&gprid=14928&&st=1&wfxredirect=1&sd=gn