Windows SQL Azure

Microsoft® SQL Azure™ (formerly SQL Server Data Services and later SQL Services) Database is a cloud-based relational databaseservice built on Microsoft SQL Server® technologies. It provides a highly available, scalable, multi-tenant database service hosted by Microsoft in the cloud. SQL Azure Database helps to ease provisioning and deployment of multiple databases. Developers do not have to install, setup, patch or manage any software. High availability and fault tolerance is built-in and no physical administration is required. SQL Azure Database supports Transact-SQL (T-SQL). Customers can use existing knowledge in T-SQL development and a familiar relational data model for symmetry with existing on-premises databases. The maximum size of SQL Azure database currently is 50 GB.

Top features:
Relational Database Management Services (RDBMS)
• Create, access, and manipulate tables, views, indexes, roles, stored procedures, triggers, and functions
• Execute complex queries and joins across multiple tables
• Insert, Update, and Delete
• Constraints
• Transactions
• Temp tables
• Basic functions (aggregates, math, string, date/time)
• A subset of the existing SQL Server built-in stored procedures and system views
• Support for tracking billable metrics in real time and for historical analysis

Programmability
• Managed ADO.NET data access
• Native ODBC
• Support for PHP

Tools
• Provision logical servers and databases through the SQL Azure Database account portal
• SQL Server Management Studio: an integrated environment with graphics tools for accessing and configuring SQL Server and SQL
Azure databases: 32-bit | 64 bit • Project Houston web-based database management.
• Deployment Support for running SQL configuration scripts via SQLCMD

AppFabric Access Control Basic Components

Management Portal

The AppFabric portal provides a user interface that you can use to create a service namespace and manage AppFabric Access Control resources for that service namespace. You can perform management operations through the portal such as retrieving your management keys and viewing the URIs associated with your service namespace. While you can accomplish these management tasks programmatically, the portal is useful for your initial service service namespace set-up and configuration activities.

Management Service

The AppFabric Access Control management service is a set of REST API that enables service consumers to programmatically interact with AppFabric Access Control resources. The management service uses the well-known REST protocol (HTTPS), methods (GET, PUT, POST, and DELETE), and their behaviors.

Token-Exchange Endpoint

AppFabric Access Control exposes a single endpoint that issues tokens. It accepts plain text token requests, signed token requests, and SAML token requests and always returns a signed SWT.

SDK

AppFabric Access Control code samples and a management sample are included in the AppFabric SDK.

Key Features of AppFabric Access Control

For this release, AppFabric Access Control focuses on authorization for REST Web services and the AppFabric Service Bus. The following is a summary of AppFabric Access Control features:

• Cross-platform support. AppFabric Access Control can be accessed from applications that run on on almost any operating system or platform that can perform HTTPS operations.
  
• Active Directory Federation Services (ADFS) version 2.0 integration. This includes the ability to parse and publish WS-Federation metadata.
  
• Lightweight authentication and authorization using symmetric keys and HMACSHA256 signatures.
  
• Configurable rules that enable mapping input claims to output claims.
  
• Web Resource Authorization Protocol (WRAP) and Simple Web Token (SWT) support.

Overview of AppFabric Access Control

The Windows Azure AppFabric Access Control service simplifies access control for Web service providers by reducing the cost and complexity of integrating with various customer identity technologies. Instead of having to address different customer identity technologies, Web services can easily integrate with AppFabric Access Control. Web services can also integrate with all identity models and technologies that AppFabric Access Control supports through a simple provisioning process and through a REST-based management API. Subsequently, Web services can allow AppFabric Access Control to serve as the point of integration for service consumers.

All application scenarios that involve AppFabric Access Control consist of three service components:

• Service provider: The REST Web service.
  
• Service consumer: The client application that accesses the Web service.
  
• Token issuer: The AppFabric Access Control service itself.

AppFabric Access Control

The Windows Azure AppFabric Access Control (AC) service is a hosted service that provides federated authentication and rules-driven, claims-based authorization for REST Web services. REST Web services can rely on AC for simple username/password scenarios, in addition to enterprise integration scenarios that use Active Directory Federation Services (ADFS) v2.

AppFabric Service Bus

The Windows Azure AppFabric Service Bus provides a hosted, secure, and widely available infrastructure for widespread communication, large-scale event distribution, naming, and service publishing. AppFabric Service Bus provides connectivity options for Windows Communication Foundation (WCF) and other service endpoints – including REST endpoints -- that would otherwise be difficult or impossible to reach. Endpoints can be located behind network address translation (NAT) boundaries, or bound to frequently-changing, dynamically-assigned IP addresses, or both.

The Windows Azure AppFabric Service Bus and Access Control Overview

The AppFabric Service Bus connects local, firewalled applications and data with applications in the cloud, rich desktop applications, and smart, Web-enabled devices anywhere in the world.

AppFabric Access Control is a claims-based access control service that can be used on most Web-enabled devices to build interoperable, federated authentication and authorization into any connected application.

Service Bus Features

• Securely exposes to external callers Windows Communication Foundation (WCF)-based Web services that are running behind firewalls and NAT routers -- without requiring you to open any inbound ports or otherwise change firewall and router configurations.
  
• Enables secure inbound communication from devices outside the firewall.
  
• Provides a global namespace system that is location-independent: the name of a service in the AppFabric Service Bus provides no information about the final destination of the communication.
  
• Provides a service registry for publishing and discovering service endpoint references in a service namespace.
  
• Builds and hosts service endpoints that support:
  
  
  • Exposing a Web service to remote users. Expose and secure a local Web service in the cloud without managing any firewall or NAT settings.
    
  • Eventing behavior. Listen for notifications on any device, anywhere in the world.
    
  • Tunneling between any two endpoints to enable bidirectional streams.
    

The following diagram illustrates the capabilities of the Service Bus.

Access Control Features

The AppFabric Access Control service provides claims-based authentication and authorization for REST Web services.

• Usable from any platform.
  
• Low friction way to onboard new clients.
  
• Integrates with AD FS v2.
  
• Implements OAuth Web Resource Authorization Protocol (WRAP)and Simple Web Tokens (SWT).
  
• Enables simple delegation.
  
• Trusted as an identity provider by the AppFabric Service Bus.
  
• Extensible to provide integration with any identity provider.

Windows Azure AppFabric

          

         Windows Azure AppFabric provides a comprehensive cloud middleware platform for developing, deploying and managing applications on the Windows Azure Platform.


          The Windows Azure AppFabric Service Bus and Windows Azure AppFabric Access Control together make hybrid, connected applications—applications that communicate from behind firewalls, across the Internet, from hosted cloud servers, between rich desktops and smart devices—easier to build, secure, and manage. Although you can build hybrid, connected applications today, doing this often means you have to build important infrastructure components before you can build the applications themselves. AppFabric Service Bus and AppFabric Access Control provide several important infrastructure elements so that you can more easily begin making your connected applications work now.

• The AppFabric Service Bus securely relays messages to and from any Web service regardless of the device or computer on which they are hosted, or whether that device is behind a firewall or NAT router.
  
• The AppFabric Access Control is an interoperable, claims-based service that provides federated authentication and authorization solutions for any resource, whether in the cloud, behind a firewall, or on a smart device. 

Competitors of The Windows Azure Platform

• Amazon Web Services
• Engine Yard
• Google App Engine
• Heroku
• Force.com

Implementation of Windows Azure Platform

The Windows Azure platform uses a specialized operating system, called Windows Azure, to run its "fabric layer" — a cluster hosted at Microsoft's datacenters that manages computing and storage resources of the computers and provisions the resources (or a subset of them) to applications running on top of Windows Azure. Windows Azure has been described as a "cloud layer" on top of a number of Windows Server systems, which use Windows Server 2008 and a customized version of Hyper-V, known as the Windows Azure Hypervisor to provide virtualization of services.

The platform includes five services — Live Services, SQL Azure (formerly SQL Services), AppFabric (formerly .NET Services), SharePoint Services and Dynamics CRM Services — which the developers can use to build the applications that will run in the cloud. A client library, in managed code, and associated tools are also provided for developing cloud applications in Visual Studio. Scaling and reliability are controlled by the Windows Azure Fabric Controller so the services and environment don't crash if one of the servers crashes within the Microsoft datacenter and provides the management of the user's web application like memory resources and load balancing.

The Azure Services Platform can currently run .NET Framework applications compiled for the CLR, while supporting the ASP.NET application framework and associated deployment methods to deploy the applications onto the cloud platform. It can also support PHP websites. Two SDKs have been made available for interoperability with the Azure Services Platform: The Java SDK for AppFabric and the Ruby SDK for AppFabric. These enable Java and Ruby developers to integrate with AppFabric Internet services.

Overview for the Windows Azure Platform

            

Azure Services Platform is an application platform in the cloud that allows applications to be hosted and run at Microsoft datacenters. It provides a cloud operating system called Windows Azure that serves as a runtime for the applications and provides a set of services that allows development, management and hosting of applications off-premises. All Azure Services and applications built using them run on top of Windows Azure.

Windows Azure has three core components: Compute, Storage and Fabric. As the names suggest, Compute provides computation environment with Web Role and Worker Role while Storage focuses on providing scalable storage (Blobs, Tables, Queue, Drives) for large scale needs.

Fabric (Windows Azure Fabric) makes up the physical underpinnings of the Windows Azure platform as the network of interconnected nodes consisting of servers, high-speed connections, and switches. Conceptually, the repetitive pattern of nodes and connections suggests a woven or fabric-like nature. Compute and Storage components are part of the Fabric.

Fabric resources and applications and services running on those resources are managed by the Windows Azure Fabric Controller service. It acts as the kernel of the Windows Azure distributed cloud operating system, providing scheduling, resource allocation, device management, and fault tolerance for the nodes in the Fabric. It also provides high-level application models for intelligently managing the complete application lifecycle, including deployment, health monitoring, upgrades, and de-activation.

Azure Services Platform provides an API built on REST, HTTP and XML that allows a developer to interact with the services provided by Windows Azure. A client-side managed class library is also provided that encapsulates the functions of interacting with the services. It also integrates with Microsoft Visual Studio so that it can be used as the IDE to develop and publish Azure-hosted applications. Windows Azure is commercially available as of 1st Feb 2010. Users can purchase Windows Azure service time from the http://www.microsoft.com/azurewebsite.

Azure also offers Content Delivery (CDN) services as an option. Currently in no-cost "Community Technology Preview" the Azure CDN enables worldwide low-latency delivery of static content from Azure Storage to end users from 18 data centers worldwide.

Windows Azure Platform

Microsoft's Windows Azure Platform is a cloud platform offering that "provides a wide range of Internet services that can be consumed from both on-premises environments or the Internet". Initial reports cast doubt on the availability of on-premises deployment but recently the platform has been made available to early adopters. It is Microsoft's first step into cloud computing following the launch of the Microsoft Online Services offering. In short, it's Microsoft's platform as a service.

Issues of Cloud Computing

Privacy

The Cloud model has been criticized by privacy advocates for the greater ease in which the companies hosting the Cloud services control, and thus, can monitor at will, lawfully or unlawfully, the communication and data stored between the user and the host company. Instances such as the secret NSA program, working with AT&T, and Verizon, which recorded over 10 million phone calls between American citizens, causes uncertainty among privacy advocates, and the greater powers it gives to telecommunication companies to monitor user activity.While there have been efforts (such as US-EU Safe Harbor) to "harmonize" the legal environment, providers such as Amazon still cater to major markets (typically the United States and the European Union) by deploying local infrastructure and allowing customers to select "availability zones."

Compliance

In order to obtain compliance with regulations including FISMA, HIPAA and SOX in the United States, the Data Protection Directive in the EUand the credit card industry's PCI DSS, users may have to adopt community or hybrid deployment modes which are typically more expensive and may offer restricted benefits. This is how Google is able to "manage and meet additional government policy requirements beyond FISMA" and Rackspace Cloud are able to claim PCI compliance. Customers in the EU contracting with Cloud Providers established outside the EU/EEA have to adhere to the EU regulations on export of personal data.

Many providers also obtain SAS 70 Type II certification (e.g. Amazon, Salesforce.com, Google and Microsoft), but this has been criticised on the grounds that the hand-picked set of goals and standards determined by the auditor and the auditee are often not disclosed and can vary widely. Providers typically make this information available on request, under non-disclosure agreement.

Legal

In March 2007, Dell applied to trademark the term "cloud computing"  in the United States. The "Notice of Allowance" the company received in July 2008 was canceled in August, resulting in a formal rejection of the trademark application less than a week later.

Since 2007, the number of trademark filings covering cloud computing brands, goods and services has increased at an almost exponential rate. As companies sought to better position themselves for cloud computing branding and marketing efforts, cloud computing trademark filings increased by 483% between 2008 and 2009. In 2009, 116 cloud computing trademarks were filed, and trademark analysts predict that over 500 such marks could be filed during 2010.

Open source

Open source software has provided the foundation for many cloud computing implementations. In November 2007, the Free Software Foundation released the Affero General Public License, a version of GPLv3 intended to close a perceived legal loophole associated with free software designed to be run over a network.

Open standards

Most cloud providers expose APIs which are typically well-documented (often under a Creative Commons license) but also unique to their implementation and thus not interoperable. Some vendors have adopted others' APIs and there are a number of open standards under development, including the OGF's Open Cloud Computing Interface. The Open Cloud Consortium (OCC)  is working to develop consensus on early cloud computing standards and practices.

Security

The relative security of cloud computing services is a contentious issue which may be delaying its adoption. Some argue that customer data is more secure when managed internally, while others argue that cloud providers have a strong incentive to maintain trust and as such employ a higher level of security.

The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing.

Availability and performance

In addition to concerns about security, businesses are also worried about acceptable levels of availability and performance of applications hosted in the cloud.

There are also concerns about a cloud provider shutting down for financial or legal reasons, which has happened in a number of cases.

Sustainability and siting

Although cloud computing is often assumed to be a form of "green computing", there is as of yet no published study to substantiate this assumption. Siting the servers affects the environmental effects of cloud computing. In areas where climate favors natural cooling and renewable electricity is readily available, the environmental effects will be more moderate. Thus countries with favorable conditions, such as Finland, Sweden and Switzerland, are trying to attract cloud computing data centers.

The InterCloud

The Intercloud is an interconnected global "cloud of clouds" and an extension of the Internet "network of networks" on which it is based. The term was first used in the context of cloud computing in 2007 when Kevin Kelly stated that "eventually we'll have the intercloud, the cloud of clouds. This Intercloud will have the dimensions of one machine comprising all servers and attendant cloudbooks on the planet.". It became popular in 2009 and has also been used to describe the datacenter of the future.

The Intercloud scenario is based on the key concept that each single cloud does not have infinite physical resources. If a cloud saturates the computational and storage resources of its virtualization infrastructure, it could not be able to satisfy further requests for service allocations sent from its clients. The Intercloud scenario aims to address such situation, and in theory, each cloud can use the computational and storage resources of the virtualization infrastructures of other clouds. Such form of pay-for-use may introduce new business opportunities among cloud providers if they manage to go beyond theoretical framework. Nevertheless, the Intercloud raises many more challenges than solutions concerning cloud federation, security, interoperability, QoS, vendor's lock-ins, trust, legal issues, monitoring and billing.

The concept of a competitive utility computing market which combined many computer utilities together was originally described by Douglas Parkhill in his 1966 book, the "Challenge of the Computer Utility". This concept has been subsequently used many times over the last 40 years and is identical to the Intercloud.

Cloud Storage

Cloud Storage is a model of networked computer data storage where data is stored on multiple virtual servers, generally hosted by third parties, rather than being hosted on dedicated servers. Hosting companies operate large data centers; and people who require their data to be hosted buy or lease storage capacity from them and use it for their storage needs. The data center operators, in the background, virtualizethe resources according to the requirements of the customer and expose them as virtual servers, which the customers can themselves manage. Physically, the resource may span across multiple servers.

Development Models of Cloud Computing

Public cloud

Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who bills on a fine-grained utility computing basis.

Community cloud

A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing. With the costs spread over fewer users than a public cloud (but more than a single tenant) this option is more expensive but may offer a higher level of privacy, security and/or policy compliance. Examples of community cloud include Google's "Gov Cloud".

Hybrid cloud

A hybrid cloud environment consisting of multiple internal and/or external providers "will be typical for most enterprises". By integrating multiple cloud services users may be able to ease the transition to public cloud services while avoiding issues such as PCI compliance.

Another perspective on deploying a web application in the cloud is using Hybrid Web Hosting, where the hosting infrastructure is a mix between Cloud Hosting for the web server, and Managed dedicated server for the database server.

A hybrid storage cloud uses a combination of public and private storage clouds. Hybrid storage clouds are often useful for archiving and backup functions, allowing local data to be replicated to a public cloud. 

Private cloud

Douglas Parkhill first described the concept of a "Private Computer Utility" in his 1966 book The Challenge of the Computer Utility. The idea was based upon direct comparison with other industries (e.g. the electricity industry) and the extensive use of hybrid supply models to balance and mitigate risks.

Private cloud and internal cloud have been described as neologisms, however the concepts themselves pre-date the term cloud by 40 years. Even within modern utility industries, hybrid models still exist despite the formation of reasonably well-functioning markets and the ability to combine multiple providers.

Some vendors have used the terms to describe offerings that emulate cloud computing on private networks. These (typically virtualizationautomation) products offer the ability to deliver some benefits of cloud computing whilst mitigating some of the pitfalls. These offerings capitalize on data security, corporate governance, and reliability concerns during this time of transition from a product to a functioning service-based industry supported by competitive marketplaces.

Private clouds have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from lower up-front capital costs and less hands-on management, essentially "[lacking] the economic model that makes cloud computing such an intriguing concept".

Layers of Cloud Computing

Client

               A cloud client consists of computer hardware and/or computer software that relies on cloud computing for application delivery, or that is specifically designed for delivery of cloud services and that, in either case, is essentially useless without it. Examples include some computers, phones and other devices, operating systems and browsers.

Application

             Cloud application services or "Software as a Service (SaaS)" deliver software as a service over the Internet, eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support. People tend to use the terms ‘SaaS’ and ‘cloud’ interchangeably, when in fact they are 2 different things. Key characteristics include:

• Network-based access to, and management of, commercially available (i.e., not custom) software
• Activities that are managed from central locations rather than at each customer's site, enabling customers to access applications remotely via the Web
• Application delivery that typically is closer to a one-to-many model (single instance, multi-tenant architecture) than to a one-to-one model, including architecture, pricing, partnering, and management characteristics
• Centralized feature updating, which obviates the need for downloadable patches and upgrades.

Platform

              Cloud platform services or "Platform as a Service (PaaS)" deliver a computing platform and/or solution stack as a service, often consumingcloud infrastructure and sustaining cloud applications. It facilitates deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers.

Infrastructure

            Cloud infrastructure services, also known as "Infrastructure as a Service (IaaS)", delivers computer infrastructure - typically a platform virtualization environment - as a service. Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis and amount of resources consumed (and therefore the cost) will typically reflect the level of activity. IaaS evolved from virtual private server offerings.

Server

           The servers layer consists of computer hardware and/or computer software products that are specifically designed for the delivery of cloud services, including multi-core processors, cloud-specific operating systems and combined offerings.