Migrating a Business-Critical Application to Windows Azure

Similar documents
Developing Microsoft Azure Solutions (MS 20532)

Developing Microsoft Azure Solutions: Course Agenda

Course Outline. Developing Microsoft Azure Solutions Course 20532C: 4 days Instructor Led

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

Microsoft IT deploys Work Folders as an enterprise client data management solution

Implementing and Supporting Windows Intune

20532D: Developing Microsoft Azure Solutions

Azure Development Course

Developing Microsoft Azure Solutions

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Sentinet for Microsoft Azure SENTINET

Deploy. Your step-by-step guide to successfully deploy an app with FileMaker Platform

Techno Expert Solutions

Active Directory Services with Windows Server

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

Total Cost of Ownership: Benefits of ECM in the OpenText Cloud

Overview SENTINET 3.1

Hosting Provider Migrates from VMware to Hyper-V, Trims Licensing Significantly

Course : Planning and Administering SharePoint 2016

Microsoft IT Leverages its Compute Service to Virtualize SharePoint 2010

DATA CENTRE SOLUTIONS

Microsoft Azure Course Content

Microsoft Office SharePoint Server 2007

20533B: Implementing Microsoft Azure Infrastructure Solutions

Backup & Recovery on AWS

VMware Mirage Getting Started Guide

Licensing & Pricing FAQ

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

McAfee Security Management Center

Six Sigma in the datacenter drives a zero-defects culture

Developing Microsoft Azure and Web Services. Course Code: 20487C; Duration: 5 days; Instructor-led

Active Directory Services with Windows Server

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Course Outline. Cloud & Datacenter Monitoring with System Center Operations Manager Course 10964B: 5 days Instructor Led

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

Deccansoft Software Services

Kunal Mahajan Microsoft Corporation

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Migrating a critical high-performance platform to Azure with zero downtime

VMware Mirage Getting Started Guide

Netwrix Auditor for Active Directory

VMware vsphere 4 and Cisco Nexus 1000V Series: Accelerate Data Center Virtualization

Planning and Administering SharePoint 2016

MigrationWiz Security Overview

Developing Microsoft Azure Solutions

A: Planning and Administering SharePoint 2016

Best practices for OO 10 content structuring

This module provides an overview of multiple Access and Information Protection (AIP) technologies

Accelerate Your Enterprise Private Cloud Initiative

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

ProDeploy Suite. Accelerate enterprise technology adoption with expert deployment designed for you

MyCloud Computing Business computing in the cloud, ready to go in minutes

Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 3.1.3

Protecting Mission-Critical Application Environments The Top 5 Challenges and Solutions for Backup and Recovery

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

ProfileUnity with FlexApp Technology

M20742-Identity with Windows Server 2016

High-performance. Enterprise Scale. Global Mobility.

Introduction to Windows Azure. Managing Windows Azure. Module Manual. Authors: Joey Snow

COURSE OUTLINE MOC 10969: ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER MODULE 1: OVERVIEW OF ACCESS AND INFORMATION PROTECTION

Module 2a. Part 1 Deploying Microsoft Lync Server 2010

Cloud & Datacenter Monitoring with System Center Operations Manager

Windows Server 2012 R2 Licensing Datasheet

Micro Focus Desktop Containers

COURSE 10964: CLOUD & DATACENTER MONITORING WITH SYSTEM CENTER OPERATIONS MANAGER

COURSE OUTLINE: OD10969B Active Directory Services with Windows Server

Active Directory Services with Windows Server

"Charting the Course... MOC B Cloud & Datacenter Monitoring with System Center Operations Manager Course Summary

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

Cloudamize Agents FAQ

ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER

The Project Management Software for Outlook, Web and Smartphone

10969B: Active Directory Services with Windows Server

Microsoft Active Directory Services with Windows Server

White Paper. Backup and Recovery Challenges with SharePoint. By Martin Tuip. October Mimosa Systems, Inc.

Total Cost of Ownership: Benefits of the OpenText Cloud

Sentinet for BizTalk Server SENTINET

COURSE 20487B: DEVELOPING WINDOWS AZURE AND WEB SERVICES

Exam : Implementing Microsoft Azure Infrastructure Solutions

Symantec System Recovery 2013 Management Solution FAQ

Developing Microsoft Azure Solutions (70-532) Syllabus

Managing Your IP Telephony Environment

Course Outline. Introduction to Azure for Developers Course 10978A: 5 days Instructor Led

Citrix CloudBridge Product Overview

Dynamics 365. for Finance and Operations, Enterprise edition (onpremises) system requirements

Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 3.1.2

Security and Compliance

Understanding Cloud Migration. Ruth Wilson, Data Center Services Executive

VMware vcloud Architecture Toolkit Hybrid VMware vcloud Use Case

Configuring a Virtual Desktop

Five9 Plus Adapter for Agent Desktop Toolkit

Designing Data Protection Strategies for Lotus Domino

10969: Active Directory Services with Windows Server

Stellar performance for a virtualized world

Example Azure Implementation for Government Agencies. Indirect tax-filing system. By Alok Jain Azure Customer Advisory Team (AzureCAT)

HySecure Quick Start Guide. HySecure 5.0

Planning and Administering SharePoint 2016

Transcription:

Situation Microsoft IT wanted to replace TS Licensing Manager, an application responsible for critical business processes. TS Licensing Manager was hosted entirely in Microsoft corporate data centers, on hardware that was approaching the end of its life cycle. TS Licensing Manager also had several business-use gaps and performance issues that needed to be addressed. Solution Microsoft IT replaced TS Licensing Manager with Remote Desktop Licensing Manager, a Windows Azure based application. The project team used Windows Azure to provide a more scalable, extensible, reliable, and costeffective solution. Benefits Increased performance and scalability An improved user experience Increased security and data protection Support for new and upcoming licensed products A more extensible and manageable application environment Significant cost savings Products & Technologies Windows Azure Windows Azure SQL Database Microsoft System Center Operations Manager Microsoft System Center AVIcode Microsoft.NET Framework 4.0 Microsoft Silverlight 4.0 Active Directory Federation Services Migrating a Business-Critical Application to Windows Azure Published: August 2012 Microsoft Information Technology (Microsoft IT) used the Windows Azure operating system to create a cloud computing based replacement for a 10-year-old, business-critical licensing application. The new solution uses Remote Desktop Licensing Manager (RD Licensing Manager) to take advantage of the scalability and extensibility benefits of Windows Azure, and to provide increased speed, business continuity capabilities, and cost-effectiveness. Introduction RD Licensing Manager is used to manage licensing for the Remote Desktop Services server role in a Windows Server infrastructure. It enables customers to activate their Remote Desktop license servers and manage the Remote Desktop Services client access licenses (RDS CALs) that are required for each device or user to remotely access Windows Server and virtual-desktop infrastructures. RD Licensing Manager is a customer-facing application. It communicates directly with customer infrastructures to help ensure Remote Desktop Licensing (RD Licensing) compliance and functionality throughout Windows environments on a global scale. RD Licensing Manager has thousands of users, and it processes an average of 1,000 requests per hour. Situation Microsoft implemented the predecessor to RD Licensing Manager, TS Licensing Manager, more than 10 years ago to manage Terminal Server Licensing in Windows operating systems. (The Terminal Services server role was renamed to Remote Desktop Services in Windows Server 2008 R2.) TS Licensing Manager Architecture TS Licensing Manager was based on a data-center-oriented architecture, and it consisted of several different components that combined to provide overall TS Licensing Manager functionality: An ActiveX and Internet Information Services (IIS) based web front end, accessed by Microsoft customer service representatives, the Terminal Services Licensing Activation Site, and the Terminal Services Licensing Request (LR) wizard A certification authority (CA) server, responsible for issuing certificates that helped secure data throughout the application

A Hardware Security Module (HSM) service, responsible for cryptography throughout the solution A Microsoft SQL Server database that stored application data The solution also communicated with Commercial Web Services (CWS), an on-premises application service used to validate volume agreement details through Volume Licensing (VL) servers hosted by the E-Commerce IT (ECIT) division of Microsoft IT. Figure 1 illustrates the architecture of the TS Licensing Manager solution. Figure 1. TS Licensing Manager architecture The architecture was built on several older and end-of-life products. It posed issues related to performance, maintenance, and feasibility that MSIT needed to resolve: The solution was based on, and dependent on, Microsoft Windows 2000 as the core infrastructure operating system. This resulted in the following problems: The process of supporting an end-of-life operating system required significant overhead and management. Server resources were used inefficiently. Servers that supported TS Licensing Manager needed to be deployed to dedicated servers running Windows 2000, preventing these resources from being shared with other applications. The application contained a large C++ code base, which was difficult and timeconsuming to manage and maintain. The application used Product Identification Keys 3.0 and earlier. However, the upcoming versions of the Windows operating system would be using a new product ID format. The cryptographic design was tightly coupled with an HSM crypto-processor, which introduced the following issues: Migrating a Business-Critical Application to Windows Azure Page 2

The cryptography process was tied to a hardware component that was a single point of failure. The tight coupling made it difficult to scale out the application. The application used an encryption algorithm that did not use industry best-practice standards. The user interface was developed through ActiveX technology, which caused the following issues: To install the ActiveX components, the Internet Explorer browser needed to run in low-security mode. Managing and maintaining the ActiveX components required a significant investment by the engineering team. Every time that the ActiveX component changed, the end user had to download and install it. This process required elevated credentials and caused the involvement of additional IT resources. TS Licensing Manager was designed with limited capability for scalability and extensibility, which made it difficult to respond to changes in application demand or requirements. Suitability of TS Licensing Manager for Windows Azure As part of a continuing commitment to cloud-based computing, Microsoft IT identified TS Licensing Manager as a suitable candidate for migration to Windows Azure. Several parts of the TS Licensing Manager functionality and architecture made it an excellent fit for Windows Azure: It needed to be removed from an end-of-life platform (Windows 2000). It required scalability, but current capability was insufficient. It required a better and more extensible maintenance process than was currently available. It had a web-based front end hosted in IIS. The project team realized that the key application components for TS Licensing Manager all translated well to Windows Azure, and it investigated a complete migration of the application to Windows Azure. Solution The project team elected to migrate TS Licensing Manager to a new solution based on RD Licensing Manager on Windows Azure. The initial design of RD Licensing Manager addressed several key changes that were required for the application. Design Goals Early on, the project team established goals for the design of RD Licensing Manager on Windows Azure that would overcome the shortcomings of the earlier solution and provide a better solution overall. The project team established the following design goals for RD Licensing Manager on Windows Azure: Migrating a Business-Critical Application to Windows Azure Page 3

Host the whole RD Licensing Manager application on Windows Azure. Hosting the whole solution on Windows Azure meant that interaction between application components would occur within the same platform, decreasing latency and points of failure, while increasing performance and manageability. Enable support for new products. The team needed to integrate support for the new product ID keys being used with the upcoming release of Windows Server 2012. Enable the new solution to scale up or down in order to meet spikes in application demand. The launch of new products would significantly increase usage of RD Licensing Manager. The team wanted RD Licensing Manager to be able to scale up available resources to handle high demand, and then to scale back down when demand is lower. Decrease maintenance and support investment. The team recognized that the move to Windows Azure should decrease the overall requirement for application maintenance and support, as well as increase availability during application upgrades and changes. Reduce costs. Maintaining the previous solution was costly. The team believed that it could significantly reduce ongoing costs by implementing the Windows Azure based solution. Design Implementation After the project team established goals, it added RD Licensing Manager into a high-level architecture design. The team used the following Windows Azure roles and services in the design: Windows Azure Compute web and worker roles The team used Windows Azure Compute roles for most components of the RD Licensing Manager architecture, including: The web-based front-end (web role). CA components (web role). Middle-tier components, including Windows Communication Foundation (WCF), data-caching services, cryptography management, and other components that provide the link between front-end and back-end components (web role). Database backup and archival processes (worker role). Windows Azure storage The team used Windows Azure storage to store operational application information, such as diagnostic and backup-related information. Windows Azure SQL Database All the databases previously hosted on-premises in SQL Server with the TS Licensing Manager solution were migrated to SQL Database. The project team also identified specific design details that would help achieve the initial design goals for RD Licensing Manager. Designing for Scalability The demand for RD Licensing Manager services increases when a new version of Windows that supports Remote Desktop Services is released. The capability to increase application resources to meet user demand was not possible with TS Licensing Manager, but the team was able to take advantage of the multiple-instance capability of the Windows Azure roles. Roles can scale up to several instances of the same role that perform the same function, in Migrating a Business-Critical Application to Windows Azure Page 4

order to distribute traffic and avoid poor performance or lost data. Because Windows Azure is natively scalable, this change was not complex to implement. Designing for Extensibility and Ease of Development The project team made changes and implemented features to make the new solution easier to update and maintain: The team removed ActiveX from the solution and replaced it with Microsoft Silverlight 4.0 on the user interface. This simplified the user experience and removed the maintenance overhead required to maintain the ActiveX-based front-end components. The native capability of the Microsoft.NET Framework 4.0 enabled the team to avoid maintaining a large code base to manage the application. The team based the whole application on a modular design approach. In this approach, somewhat self-contained components (like the web front end or the database backup component) work together to provide the overall capability of the application, but they can be added, modified, or replaced without detrimentally affecting the whole application. Designing for Security and Protection of Information The project team targeted several security features of TS Licensing Manager for modification or removal because of changes in corporate security standards, advances in technology, or dependencies on older technologies or to improve the overall application experience and performance. The team made the following changes for security: Removed the dependency on the HSM from the application Configured CAs in Windows Azure web roles to provide digital certificates for the whole solution Implemented Active Directory Federation Services (AD FS) to interact with the application and Active Directory Domain Services (AD DS) information from the Microsoft corporate network Windows Azure offers two roles for administration: admin and co-admin. Both roles have full access to the Windows Azure subscription. Microsoft IT works with multiple external vendor teams to manage their infrastructure. These teams are aligned in multiple tiers that sometimes contain more than 100 members. Giving every member full access to the Windows Azure portal did not meet Microsoft IT's security design. To address this issue, the project team created a hosted service (known as Windows Azure Toolkit Service) that provides the flexibility to give role-based access based on a user's credentials. This service enabled the team to abstract all the secret keys, subscription IDs, and certificates from external partners and to log the activities for troubleshooting. In addition, when users leave the team, the access can be removed to prevent misuse. Designing for Resiliency Application availability and resiliency was an important aspect of the solution design, because of the critical nature of RD Licensing Manager and the impact that its unavailability would have on its customer base. The built-in multiple-instance capability instantly provided real-time resiliency for any of the components hosted in web or worker roles. Additionally, application databases that were moved to SQL Database bore the same resiliency as the web and worker roles. However, to ensure the availability of data at all times, the project team established and implemented a process to back up SQL Database. Migrating a Business-Critical Application to Windows Azure Page 5

By using a worker role, the project team implemented an automated database backup process that transferred data in SQL Database to a blob file in Windows Azure storage. For high availability, the team used SQL Database Datasync to synchronize the information that is stored in SQL Database to another instance. If either of the SQL Database instances is unavailable, the application can maintain its functionality. Solution Challenges and Design Refactoring The project team encountered challenges that it needed to overcome during the development process. Integrating with On-Premises Components Commercial Web Services is an on-premises application service that is used to validate volume agreement details with Microsoft Volume Licensing. The project team decided to use direct Internet routing to create the connection from RD Licensing Manager to CWS in order to provide the most efficient communication between the components. Another connection to external services was required for email services. In TS Licensing Manager, email was sent thorough an on-premises Simple Mail Transfer Protocol (SMTP) server. Because SMTP functionality is not part of the feature set of the Windows Azure web role, the project team devised another solution. The team used Microsoft Exchange web services to connect to RD Licensing Manager and used an internal, dedicated corporate email account for facilitating email delivery of beta license keys. Migrating Data from the Earlier Solution to the New Solution Application migration from operating platform to operating platform was a workable process because much of the code in TS Licensing Manager can be reused or refactored for use in RD Licensing Manager, if necessary. The project team significantly refactored many components for increased performance. One of the most significant refactoring tasks was for the databases. The database redesign enabled the team to reduce the size of the databases from 280 gigabytes (GB) to 18 GB. One of the main contributions to this decrease was the storage of certificate thumbprints in the database, instead of the whole certificate blob. For the initial data migration, the team performed a large part of the data processing and transformations offline on a recent backup of the database while application was live. The team created tools to detect and process just the delta during application downtime for the initial migration to Windows Azure. All utilities and packages that the team implemented were designed to restart exactly from where it stopped to withstand failures without increasing the downtime. Providing End-to-End Solution Monitoring To monitor the new application in Windows Azure, the project team turned to the comprehensive capabilities of Microsoft System Center 2010. By using Microsoft System Center AVIcode for.net and the Windows Azure Management Pack, in tandem with custom-designed monitoring components, the team provided a monitoring solution that assessed functionality and performance for the whole application. Migrating a Business-Critical Application to Windows Azure Page 6

New Solution Architecture The RD Licensing Manager architecture hosts its application infrastructure on Windows Azure, as follows: Front-end components are housed in two Windows Azure web roles: The LR wizard, CSR site, and Activate site are housed in one web role. The LIC Code site is housed in another web role. All middle-tier components are housed in one Web role. The middle tier consists of: WCF endpoints. Enables communication between different web roles. Business access layer (BAL). Holds business rules and logic. Data access layer (DAL). Enables connectivity to SQL Database. Cache management. Improves performance by caching master user data to validate a user. Cryptography manager. Manages token and CA exchange. Key Check Tool (KCT). Contains native Component Object Model (COM) components and is used to open product keys to check validity. CA-related components are housed in two web roles. Database backup components are hosted in a worker role. This role uses Import/Export Service for SQL Database to perform daily database backup. A direct Internet connection is established between the on-premises CWS service and the middle-tier components. Figure 2 illustrates this architecture. Figure 2. RD Licensing Manager application architecture on Windows Azure Migrating a Business-Critical Application to Windows Azure Page 7

With the new solution in place, Microsoft IT now has RD Licensing Manager functioning as a 100 percent Windows Azure application and operating as part of the corporate infrastructure. Benefits Microsoft IT realized many important benefits from the migration of RD Licensing Manager to Windows Azure, including: Increased performance and scalability. RD Licensing Manager on Windows Azure can now scale to meet peaks in application demand and overall performance. An improved user experience. The migration of the user interface from ActiveX based components to Silverlight has provided an improved and streamlined user interface, with less maintenance required. Increased security and data protection. By implementing CA components in RD Licensing Manager, Microsoft IT was able to replace outdated algorithms and HSM dependencies. Support for new and upcoming licensed products. The inclusion of PID 6.0 in RD Licensing Manager means that Microsoft IT's licensing solutions are now prepared for future products. A more extensible and manageable application environment. Using the development capabilities of Windows Azure and implementing a modular application platform greatly decreased work required for updates and maintenance to RD Licensing. Optimized application and database design. Migrating to Windows Azure enabled the project team to optimize the application and database design in RD Licensing Manager to provide a solution that was more efficient and easier to maintain. Cost savings. RD Licensing Manager cost less to develop than TS Licensing Manager did, and it has reduced ongoing operations costs by 40 percent. Lessons Learned Because this was the first complete migration to Windows Azure for Microsoft IT, several challenges that the project team experienced have become valuable lessons learned: Using host headers enables an organization to combine multiple websites on a single web role. An organization must supply email functionality in Windows Azure externally. There is no native SMTP support. The performance of connections to on-premises components can vary from solution to solution, even when an organization uses the same connection tool (such as Windows Azure Service Bus). An organization should build retry logic into connection code, to enable the solution to recover from potential transient faults. An organization can use Microsoft System Center Operations Manager to provide comprehensive monitoring capabilities, but custom code will likely be necessary. Connections to on-premises components are prone to connection-related bandwidth bottlenecks, especially through proxy servers. Performance testing before putting an application in the production environment is very important. Migrating a Business-Critical Application to Windows Azure Page 8

Best Practices Based on lessons learned, Microsoft IT has adopted the following best practices that an organization should consider when it develops applications in Windows Azure: Involve security and support teams early in the project to ensure that these aspects are addressed early in the design and development process. Design and develop for Windows Azure from the beginning, instead of building Windows Azure into a pre-existing solution. Take advantage of cloud-based functionality as much as possible. In migrating code and data to Windows Azure and SQL Database, take the time to optimize code and data structures. In designing custom code, make it reusable for future implementations. Perform application testing in a live Windows Azure environment. Cover various deployment scenarios (for example, role sizes, number of roles, and location of roles) during performance testing. If the user base is global, use a performance test environment built in Windows Azure virtual machine or worker roles. Use System Center Operations Manager together with the Windows Azure Management Pack for monitoring. Evaluate database requirements against SQL Database capabilities before establishing a migration scenario. Be aware of network bottlenecks through proxies or firewalls. Route traffic directly to the Internet from SQL Database for enough throughput, if necessary. Conclusion RD Licensing Manager was Microsoft IT's first complete migration of a business-critical application to Windows Azure. By refactoring the application for Windows Azure and designing for a cloud-based platform, Microsoft IT developed a less expensive solution that provided more scalability, performance, extensibility, and reliability. Microsoft IT also learned valuable lessons about the Windows Azure development process and developed best practices to apply to future migrations. For More Information For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Order Centre at (800) 933-4750. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information on the World Wide Web, go to: http://www.microsoft.com http://www.microsoft.com/technet/itshowcase 2012 Microsoft Corporation. All rights reserved. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, ActiveX, Internet Explorer, Silverlight, SQL Server, Windows, Windows Azure, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Migrating a Business-Critical Application to Windows Azure Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback