Can Azure Traffic Manager guarantee requests isolation in deferent Geo regions? - azure

I am trying to understand how to design the distribution of an application.
The plan is to replicate the whole app in different geographic regions(EU,US,Asia) and use Azure Traffic Manager to handle the requests distribution.
The thing is that the app has a special need where the requests should be isolated within a region. The US users should be directed only to US data center, EU users to EU data center and so on.
The requirement is to prevent the traffic randomly going to different data centers, for example: a US user makes few requests to US data center and then few requests to EU data center.
Also it is important to note that this is not about request stickinesses. What I need to achieve is that all users from same city/country always get directed to the same data centers.
Only at a point of data center failure ALL the requests can be directed to another region.
Is it possible to create such configuration?

From my understanding it seems you can do this via the "Performance" Load Balancing Method. This Hands-on-Lab provided by Microsoft gives a step by step process to setting up the Traffic Manager to handle requests based on geography.

Related

What's the Azure bandwidth pricing?

I'm a bit confused by Azure price calculator. In particular it doesn't explain the bandwidth pricing.
I'm considering Azure for a restful api that is going to use blobs for most data storage together with a sql server database for a subset that is easier to manage with a relational approach.
In this application a lot of data will enter the system through the ReST api, but a small fraction will be exposed to the clients (mainly as summary reports). Still the total bandwidth required should be in the order of 50 GiB/mo.
In the Azure's pricing page related to data transfer I see the pricing is only related to outgoing data, but I cannot figure how this relates to a ReST api that will be hosted in Azure App Service.
I mean, it could just mean that I'm going to pay for the bandwidth consumed by HTTPS responses (and not by HTTPS requests), but it seems a bit hard to estimate what this pricing is going to be.
Within a given region, there are no transfer costs at all. You mentioned using App Service, blobs, and SQL Database. As long as those services are within a single region, there are zero bandwidth costs as data flows between them and any other service within that region.
Bandwidth is billed specifically for outbound transfer. So, essentially you're metered for all data leaving a given region.
If you look at the page Data Transfers Pricing Details
Data Transfers refer to data moving in and out of Azure data centres other than those explicitly covered by the Content Delivery Network or ExpressRoute pricing.
Inbound data transfers
(i.e. data going into Azure data centres): Free
Outbound data transfer prices are set at a sliding scale depending on location and bandwidth used.
inbound traffic is free so the data coming in can be removed from the equation. Outbound is not free, and you saw the pricing page.
Data transfer is everything that is going out from every operation you execute.
And it is hard to estimate the traffic pricing - i would recommend to register the Azure trial and test it for a month and see how it is going. Because your data is not only what is returned, there is a lot of payloads coming with that.
But if you estimate 10 GB/month of outbound traffic, then it will start from $0.087 per GB starting from fifth GB (because first 5 are free). There are different regions described at the pricing page as well, so you should apply the pricing according to the region where your website is.

Using Azure For Global Users

I am working on a project whereby the web site (all components are hosted in Azure) will have both US and international users. We are using Blob and Table storage for 99% of the data. What I do not understand is how to setup global instances, including multiple tables, etc, and keep everything in sync. Say a user logs into the site from France, how can I ensure they will always hit the same data center (which implies the same Storage instance)? If they hit a different storage instance, their data will not be there and/or stale.
Both Compute and Storage are affinitized to a specific data center. There's no global compute or global storage deployment concept.
Having said that: You'll typically host your human-facing app (e.g. web app) in a single data center. Usually, latency between browser and server is not much of an issue if only a relatively-small quantity of data is moving between the two. The majority of bandwidth is typically between web server and app servers and/or database instances. And in Azure, data doesn't necessarily need to be colocated in the same data center as the web app (though it's the ideal scenario from latency + egress bandwidth cost perspective).
If you want Compute in multiple data centers, you'd need to have a higher-level mechanism doing some type of load balancing for you (such as Azure's Traffic Manager). However, even with Traffic Manager's "closest" setting, you're not really guaranteed that a user in France will hit the W. Europe vs. N. Europe data center. You'd always have to plan for a visitor hitting any data center. This is why it's much simpler to deal with Compute in a single data center.
Regarding data: If your Compute is in a single data center, there's no need (other than disaster recovery) to write data to multiple data centers. If you do decide to deploy Compute to multiple data centers, you'll need your own method for syncing data. For Azure blobs & table storage, you can consider some type of command pattern (e.g. CQRS) where your operations are queue driven. This allows you to process each queued data operation against multiple storage accounts across different data centers.
Now, you might have data sovereignty issues, where data must reside in a specific data center for specific customers, based on their geo. Again, you'll need to implement this in the app layer. One thought on this is to affinitize a user with a particular data center when they get set up (and just store the data center mapping in a single database along with your web tier). At this point, when a visitor logs in, you can easily look up their correct data center and, within their browsing session, access their data from the specific data center.

Azure Traffic Manager Load Balance Options

I tried to dig on MSDN but could not get concrete statement for which is the best load balancing method.
could someone please share some light on which of the below are best option for given scenario:
Performance
Failover
Round Robin.
Scenario:
x Web Roleshosted on Large VM on single data center.
Requirement:
must be 100% up 24x7.
Thank you.
First: Do you really want to offer a 100% uptime SLA for your customers, when Azure itself doesn't offer 100% in its SLA's?
That said: Traffic Manager only load-balances your compute, not your storage. So if you're trying to increase uptime by having a set of backup compute nodes running in another data center, you need to think about data access speed and cost:
With round robin, you'll now have distributed traffic across multiple data centers, guaranteed, and constantly. And if your data is in a single data center (which is a good idea to have data in a single System of Record, unless you have replication logic all taken care of), some of your users are going to see increased latency as the nodes separated from your data are going to be requesting data across many miles (potentially between continents). Plus, data egress has a $$$ cost to it.
With performance, your users are directed toward the data center which offers them the lowest latency. Again, this now means traffic across multiple data centers, with the same issues as round robin.
With failover, you now have all traffic going to one data center, with another designated as your failover data center (so it's for High Availability). In the event you have an outage in the primary data center, you'd now have a failover data center to rely on. This may help justify the added latency and cost, as you'd only experience this latency+cost when your primary app location becomes unavailable for some reason.
So: If you're going for the high availability route, to help approach the 100% availability mark, I'm guessing you'd be best off with the failover model.
Traffic manager comes into picture only when your application is deployed across multiple cloud services within same data center or in different data centers. If your application is hosted in a single cloud service (with multiple instances of course) , then the instances are load balanced using Round Robin pattern. This is the default load balancing pattern and comes to you without any extra charge.
You can read more about traffic manager here: https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-overview/
As per my guess there can not be comparison which is best load balancing method of Azure Traffic manager. All of them have unique advantages and vary depending on the requirement of application. Most common scenario is to use performance load balancing option with azure traffic manager. But as Gaurav said, you will have to have your cloud service application hosted on more than one cloud services. If you wish to implement performance load balancing then here is the link to get you started - http://sanganakauthority.blogspot.com/2014/06/performance-load-balancing-using-azure.html

How data transfer will cost on my Azure project setup

I have built one utility (startup task) for end user Azure application.
That start-up task is going to post some of data from that webrole application (hosted on any region as per end user choice) to database (Hosted on East Asia) through REST API (Hosted on East Asia).
So if end user has hosted their application on same region (East Asia) then Azure doesn't cost anything for data transfer to me as well as for end user (correct me if I understood wrong).
In another case if end user has hosted their application on another region then it will cost to end user to transfer data to REST API that is on another region.
What I have done to reduce this cost, I have set up REST API in all of regions and in startup task tell user to set path of specific REST API according to region where they are going to deploy their application. Now in this case end user doesn't cost anything for data transfer But My REST API (hosted in different region ) will transfer data to database (hosted on East Asia) so it will cost me for that as well as for to host REST API on all regions to reduce end user cost.
In the case above is there a way to reduce cost using shared database and removing multiple REST API hosted on all region? Also please suggest if a better solution exists to reduce cost to me as well as for end user.
Interesting scenario: You basically have your end-user deploying the app for themselves, to the region of choice? What is the purpose of the database upload via REST API: Backup, or for live data?
One thing I'm not understanding is the question about a shared database. From your description, there's already a shared database, as each user is pushing data through a REST API to a single database in East Asia. Is this not correct?
Based on the information you provided, where all data goes to one datacenter, I see 3 options, two that you already pointed out:
User hosts app in any of 8 datacenters, you host REST API in one datacenter. In this case, user gets best local app performance between on-prem and app, user pays for egress to your API, and user possibly sees latency when transferring data across datacenters.
User hosts app in any of 8 datacenters. You host REST API in all datacenters. User's data transfer is free to local REST API, and very fast. However, you then transfer data to East Asia database, which will cost you egress bandwidth if the user is not hosted in East Asia. Also you now have cost of many additional REST API instances.
User host ONLY in East Asia, along with your REST API and database. All datacenter bandwidth is free and fast. User may see latency connecting from on-prem to app, depending on where they're located.
In each case, you have the user deploying their own hosted service, which then talks to yours. Is it possible to optimize user cost by having them all access the same hosted service, but with different credentials?
For your cost, hosting a REST API in every datacenter seems like a large expense, considering you need at least 2 instances running in each datacenter to obtain Windows Azure's uptime SLA. But... again, I don't exactly understand your app's scenario.
Base on my understanding, it seems the scenario is a bit strange. If you’re providing a package that end users can host using their own Windows Azure account, why let them use their own database as well? Or do you mean the you’re providing end users the source code of your project as a sample? In any case, I think it is better to ask end users to provide their own database account. If you want to design a REST API for yourself, then host it in your own Windows Azure service. Please do not distribute the package to your end users. In addition, for more information about billing, you can also contact our customer support on https://support.microsoft.com/oas/default.aspx?prid=14234&st=1&wfxredirect=1&sd=gn.
Best Regards,
Ming Xu.
I think in this case, it is better to ask the customers to provide their own database. If you need to use your own database, it is hard to save cost on your side. You can use multiple databases hosted in different data centers. But obviously that requires more cost. You can also use a single database, but then it is inevitable that some users will transfer data from another data center. However, you can ask the users to pay for the cost by increasing the price of your product. But looks like better to ask the user to provide their own database (they can even choose on-premises databases if they like). This also helps to increase security, since users' data would not be shared.
Best Regards,
Ming Xu.

Minimize downtime in Azure

We are experiencing a very serious unscheduled downtime of our Azure application today for what is now coming up to 9 hours. We reported to Azure support and the ops team is actively trying to fix the problem and I do not doubt that. We managed to get our application running on another "test" hosted service that we have and redirected our CNAME to point at the instance so our customers are happy, but the "main" hosted service is still unavailable.
My own "finger in the air" instinct is that the issue is network related within our data center (west europe), and indeed, later on in the day the service dash board has gone red for that region with a message to that effect. (Our application is showing as "Healthy" in the portal, but is unreachable via our cloudapp.net URL. Additionally threads within our application are logging sql connection exceptions into our storage account as it cannot contact the DB)
What is very strange, though, is that the "test" instance I referred to above is also in the same data centre and has no issues contacting the DB and it's external endpoint is fully available.
I would like to ask the community if there is anything that I could have done better to avoid this downtime? I obeyed the guidance with respect to having at least 2 roles instances per role, yet I still got burned. Should I move to a more reliable data centre? Should I deploy my application to multiple data centres? How would I manage the fact that my SQL-Azure DB is in the same datacentre?
Any constructive guidance would be appreciated - being a techie, I've never had a more frustrating day being able to do nothing to help fix the issue.
There was an outage in the European data center today with respect to SQL Azure. Some of our clients got hit and had to move to another data center.
If you are running mission critical applications that cannot be down, I would deploy the application into multiple regions. DNS resolution is obviously a weak link right now in Azure, but can be worked around (if you only run a website it can be done very simply using Response.Redirects or similar)
Now, there is a data synchronization service from Microsoft that will sync up multiple SQL Azure databases. Check here. This way, you can have mirror sites up in different regions and have them be in sync with SQL Azure perspective
Also, be a good idea to employ a 3rd party monitoring service that would detect problems with your deployed instances externally. AzureWatch can notify or even deploy new nodes if you choose to, when some of the instances turn "Unresponsive"
Hope this helps
I can offer some guidance based on our experience:
Host your application in multiple data centers, complete with Sql Azure databases. You can connect each application to its data center specific Sql Server. You can also cache any external assets (images/JS/CSS) on the data center specific Windows Azure machine or leverage Azure Blog Storage. Note: Extra costs will be incurred.
Setup one-way SQL replication between your primary Sql Azure DB and the instance in the other data center. If you want to do bi-rectional replication, take a look at the MSDN site for guidance.
Leverage Azure Traffic Manager to route traffic to the data center closest to the user. It has geo-detection capabilities which will also improve the latency of your application. So you can redirect map http://myapp.com to the internal url of your data center and a user in Europe should automatically get redirected to the European data center and vice versa for USA. Note: At the time of writing this post, there is not a way to automatically detect and failover to a data center. Manual steps will be involved, once a failover is detected and failover is a complete set (i.e. you will failover both the Windows Azure AND Sql Azure instances). If you want micro-level failover, then I suggest putting all your config the in the service config file and encrypt the values so you can edit the connection string to connect instance X to DB Y.
You are all set now. I would create or install a local application to detect the availability of the site. A better solution would be to create a page to check for the availability of application specific components by writing a diagnostic page or web service and then poll it from a local computer.
HTH
As you're deploying to Azure you don't have much control about how SQL server is setup. MS have already set it up so that it is highly available.
Having said that, it seems that MS has been having some issues with SQL Azure over the last few days. We've been told that it only affected "a small number of users". At one point the service dashboard had 5 data centres affected by a problem. I had 3 databases in one of those data centres down twice for about an hour each time, but one database in another affected data centre that had no interruption.
If having a database connection is critical to your app, then the only way in the Azure environment to ensure against problems that MS haven't prepared against (this latest technical problem, earthquakes, meteor strikes) would be to co-locate your sql data in another data centre. At the moment the most practical way to do this is to use the synch framework. There is an ability to copy SQL Azure databases, but this only works within a data centre. With your data located elsewhere you could then point your app at the new database if the main one becomes unavailable.
While this looks good on paper though, this may not have helped you with the latest problem as it did affect multiple data centres. If you'd just been making database copies on a regular basis, that might have been enough to get you through. Or not.
(I would have posted this answer on server fault, but I couldn't find the question)
This is just about a programming/architecture issue, but you amy also want to ask the question on webmasters.stackexchange.com
You need to find out the root cause before drawing any conclusions.
However. my guess one of two things was the problem
The ISP connectivity differs for the test system and your production system. Either they use different ISPs, or different lines from the same ISP. When I worked in a hosting company we made sure that ou IP connectivity went through at least two different ISPS who did not share fibre to our premises (and where we could, they had different physical routes to the building - the homing ability of backhoes when there's a critical piece of fibre to dig up is well proven
Your datacentre had an issue with some shared production infrastructure. These might be edge routers, firewalls, load balancers, intrusion detection systems, traffic shapers etc. These typically are also often only installed on production systems. Defences here involve understanding the architecture and making sure the provider has a (tested!) DR plan for restoring SOME service when things go pair shaped. Neatest hack I saw here was persuading an IPS (intrusion prevention system) that its own management servers were malicious. And so you couldn't reconfigure it at all.
Just a thought - your DC doesn't host any of the Wikileaks mirrors, or Paypal/Mastercard/Amazon (who are getting DDOS'd by wikileaks supporters at the moment)?

Resources