A public cloud is, at its most basic level, a giant shared computing facility that spans a datacenter or multiple datacenters, and as such, it needs a kind of operating system of its own to make the collection of servers, storage, and switches behave as a single machine to both its users and to the company that is operating the cloud.
Given this, it is not at all surprising that after a few years working for its Azure public cloud team that Microsoft last September tapped Mark Russinovich, an operating system expert with deep and broad expertise, to be the chief technology officer in charge of the architecture of its cloud.
Azure has a number of different organizational levels within Microsoft, Russinovich works for the Azure Core Team, which is run by corporate vice president Jason Zander and which builds the infrastructure underpinning all of the services that run on Azure. (Other executives manage the services farther up the Azure stack.) This infrastructure spans millions of cores and exabytes of storage, and consumes many billions of dollars in investment each year to maintain and grow. Russinovich has a hand in designing the whole Azure infrastructure stack, from the custom systems and switches to the management and virtualization layers on top of them to the datacenters that house it all.
Russinovich has a long history of being a gadfly for Microsoft, and his appointment as Technical Fellow, the highest engineering title at the company, is yet another indication, along with Microsoft’s adoption of Linux within its Azure infrastructure and as a first citizen alongside Windows Server on the Azure cloud, that the new Microsoft is keen on being more open as it seeks to transform its business from selling software licenses to providing cloud services. Russinovich took some time to chat with The Next Platform about the Azure platform he is helping to build for Microsoft, how it meshes with the vast installed base of Windows Server users worldwide, and how the company is embracing open source technologies such as Docker and Mesos to create a new abstraction layer for both private clouds and Azure.
Timothy Prickett Morgan: How far ahead, if it all, is the software stack that you use to run the Azure cloud compared to the combination of Windows Server and Azure Pack that Microsoft sells to its enterprise customers to build their private clouds? Does Azure run ahead and test ideas and then they eventually get commercialized with Windows Server?
Mark Russinovich: We co-design and we co-develop, and there are a couple of examples I can tell you about. The most public example is the work we are doing with Windows Server Containers, which is a joint effort between the Azure team and the Windows Server team. But when it comes to the virtualization platform itself, we will drive requirements and that means instead of building our own hypervisor, we leverage the Hyper-V hypervisor team that is part of the Windows Server core term as well as the virtual machine management team to get the functionality that Azure need. We work with them and validate that whatever they do meets cloud scale requirements, and then it goes right into Windows Server and is made available to customers.
Timothy Prickett Morgan: Does Azure get to be first in line, and is there a lag between when a new technology is available on Azure and when it is commercialized within a Windows Server release? For example, Azure could be running Docker containers in production for Microsoft’s own services, like Office365, right now, helping to test it.
Mark Russinovich: So, of course we have very high priority when it comes to requirements, but we don’t get it before the outside world gets it. We do deploy internal releases, and for example, we have deployed Windows Server 2016 builds in test environments to validate it as it comes closer to being released and rolled out across all of Azure.
With Hyper-V Containers, that is a case where Azure drove the requirement to have what we call hot multi-tenant containers, where we can host third party code side by side on the same server or virtual machine with different customers, and the container technology that we have been using internally to do that came from Microsoft Research, but as part of us productizing Hyper-V Containers, we worked very closely with the server team on the Hyper-V Container design and we are in the process of transitioning off that other internal technology to the one that is made public.
Timothy Prickett Morgan: What is the main difference between running Windows at hyperscale as you do on Azure and running it at large scale as many large enterprises do? These are typically customers with thousands of nodes, not hundreds of thousands or more than a million nodes. Microsoft created Autopilot more than ten years ago to provision and manage the servers for its online servers, and a much-upgraded version of Autopilot runs Azure today, but this is not a commercial product and may not be appropriate as one, either. What are the big differences between what Azure does and what enterprises can do with Windows Server plus Azure Pack?
Mark Russinovich: When it comes to Windows Server and Azure Pack versus Azure, a lot of the same technology is in both places. As much as we can, we give customers the same bits that we are running in Azure. I think the big difference is the automation at the scale that we operate at and how we do updates to The Next Platform, which is something that enterprises would do differently. Similarly with the way that we monitor the servers and keep track of repairs, and the way that we deploy updates to our fleet around the world are also different. With thousands of servers, you can use people to take care of repairing servers, but when you are doing it across millions of servers, you need to have automated processes to handle that.
When it comes to core technologies, just to give you one concrete example in software defined networking, the software load balancer that we have in Azure we are making available in Azure Pack and as part of Windows Server 2016.
Timothy Prickett Morgan: Does Microsoft IT run on Azure at this point?
Mark Russinovich: Microsoft IT has been on a migration to Azure over the past few years, and it has been an ongoing migration and at this point the company bet is on Azure. Any department or project that wants to run something on infrastructure other than Azure has to get an exception up at a very high level within the company. It is all roads lead to Azure, and we are migrating existing stuff.
Timothy Prickett Morgan: For the past several years, it has been pretty obvious that Azure is not just about Windows, and that other technologies like the Linux operating system and Docker containers are key components of Azure. How important are these technologies and how much usage do they drive?
Mark Russinovich: When we launched Azure infrastructure as a service in preview, we went out the door with Windows as well as Linux. We have seen tremendous growth in Linux usage on Azure. Starting as a Windows-only cloud, it had a perception to overcome and we had to convince people that we could support Linux as a first class citizen. Last fall, one out of every five virtual machines deployed on Azure was running Linux, and today it is one out of every four. And when it comes to our new virtual machine APIs, basically one out of every two or three is a Linux virtual machine.
And when it comes to Docker, we have been partnering very closely with Docker to bring Docker APIs and technologies to Windows Server, and that has been a year and a half collaboration. We work so closely with Docker that one of our engineers was the top contributor into the Docker GitHub repository from January through August of this year.
Timothy Prickett Morgan: You have recently announced that you would be partnering with Mesosphere to use Mesos as a container manager for Docker on top of Azure. Do you have your own container manager in the works as well?
Mark Russinovich: Customers can use Docker on top of Azure in a bunch of different ways. One of the first things we did with them was helping customers deploy an Azure virtual machines with a Docker Engine built in and then they could deploy Docker containers directly to the virtual machine. At AzureCon, we announced a collaboration with Mesosphere to create the Azure Container Service, which lets customers to deploy in a few clicks a Mesos managed cluster and then either deploy Mesos applications or Docker Swarm on top of it.
We made the decision to go with Mesos because when we go out and talk to customers about containers and orchestration, the ones we see actually doing it in production are doing it on Mesos.
Timothy Prickett Morgan: Did you look at Kubernetes as a possibility, and does this adoption of Mesos mean that you won’t deploy Kubernetes?
Mark Russinovich: We evaluated all of the offerings out there, and the ones doing it in production are using Mesos, and of course there are high profile customers like Twitter and Apple are using Mesos.
Another aspect of this was that our customers were telling us they wanted to get into containers, and further that they wanted to do this on premises and in the cloud, and Mesos is focused on those hybrid scenarios just like we are. We are taking Mesos, which is open and which is proven, and betting on that to bring it to Windows Server 2016. It is an ongoing project to get Mesos supported.
Timothy Prickett Morgan: Can we talk a bit about the iron underneath Azure? You put out your second generation of Open Cloud Server machines at the Open Compute Summit in March, based on Intel “Haswell” Xeon E5 processors. What do you have cooking now? Are you looking at silicon photonics and future “Broadwell” and “Skylake” Xeons?
Mark Russinovich: We are working on the next generation now and once that is ready, we will contribute that to the Open Compute Project. Silicon photonics and those other technologies are not ready yet, but we are obviously looking and working with those companies very closely and the second that they are viable there is no lag and we can bring that to Azure instantly. The servers that we have got in design now do not have silicon photonics in them. We just announced our DV2 Azure instances, which are on Haswell.
Timothy Prickett Morgan: Windows client software runs on ARM processors, specifically with the Surface tablets, and if anyone knows how to flip a few bits to get a client operating system to load server applications, it is you. What are the prospects for ARM in the Azure cloud? Obviously, as is the case with all hyperscalers, you control your own code base and it is easier for you to deploy new architectures in the cloud than it is for enterprises do to inside their own datacenters.
Mark Russinovich: Just like we look at silicon photonics, we are looking at all technologies and seeing where they might be viable, and that is all I can say about it. We are definitely looking at ARM technologies and watching the evolution of them in the server space.
Timothy Prickett Morgan: Way back in the mid-1990s, Windows used to run on Power processors for a brief time. What does the opening up of the Power chip from IBM through the OpenPower Foundation possibly mean as an alternative to Xeon processors for Azure?
Mark Russinovich: I don’t have anything definitive to say other than, that in general, we are looking at everything.
Timothy Prickett Morgan: I used to joke that the last thing to leave the datacenter before they turned out the lights would be the Active Director or LDAP server, because companies would want to control the system that controls access to applications and data that is distributed across public clouds. Azure kind of turns this joke on its head, and moreover, it seems that Azure is the natural choice for cloud for the hundreds of thousands of enterprise customers that have millions of Windows servers as their core platforms, much as Windows Server was the natural choice for a serving platform for customers with experience of Windows on their desktop machines. This is something that perhaps Google and Amazon don’t have when it comes to their respective clouds.
Mark Russinovich: We see Active Directory and LDAP servers leave the datacenter as one of the early steps to the cloud, not the last one, thanks to our Azure Active Directory and the synchronization capabilities that it has, the hub is moving up into the cloud. Just last week, in fact, we announced Azure Active Directory support for Directory Services, where you can have a domain controller stood up in Azure. So customers who have applications that are born in the cloud can do that really easily now.
Timothy Prickett Morgan: I think that people sometimes forget that there are a lot of SMBs that have Windows Server and applications and databases running on The Next Platform, and many of the backup and archiving services for files and databases, as well as the remote Active Directory authentication, are a natural fit for these customers – particularly if the hooks between the datacenter and the Azure cloud make it all easy and seamless – and an easy first moves towards using the public cloud. Is that how you see it?
Mark Russinovich: That is pretty much straight from my talking points, and with those Azure Directory services, we integrate with over 2,400 SaaS applications that allow single sign-on with corporate credentials. But it also goes the other way, too. You can go from on-premises to cloud with SQL Server backup, but we go the other way with Operations Management Suite, which allows customers to monitor their on-premises infrastructure from the Azure cloud portal.
Timothy Prickett Morgan: Do you think that most of the Windows Server installed base will have at least some services running on Azure?
Mark Russinovich: I think we see that most of these customers already do. The interesting thing that I am seeing is that the transformation that is undergoing in the industry is at a pace that is faster than a lot of people imagine. When I started at Azure five years ago, nobody knew what IaaS, PaaS, or SaaS was. They knew about cloud, and they thought it was for other people and while they could see many of the benefits, they were only thinking they might move at some point in the future.
Today, it is “cloud first” at many companies, and ones that you would not expect it from, where there are mandates from the CEOs and CIOs to move to the public cloud as fast as possible. We are talking about initiatives over one or two years to migrate all of their applications. They want to cut costs, and this is especially true among financial firms, which are constrained by growth at this point. Of course, these companies are going to be in hybrid mode for a long time, because they have lots of applications to move or data they think is too sensitive to move. This is why we have such a big effort in Microsoft to support the hybrid mode.
We are seeing massive growth on all fronts: IaaS, PaaS, and SaaS. With infrastructure services, a lot of that is driven by lift and shift and by movements of applications where the customers want to support hybrid. But more and more, we see them taking advantage of platform services, because this is where the true value of the cloud comes. This instant, highly managed functionality would take a long while and a lot of money to manage if you were doing it yourself, such as database or event ingestion as a services. And we take it to even higher levels, with business verticals and machine learning applied to data analytics. And we of course have Dynamics and Office365, which is driving a huge amount of SaaS onto the Azure platform. SaaS is definitely an easy entry point. We see a lot of customers coming to the cloud first for Office365, and that makes them use Azure Active Directory, and then it is natural to use Azure for other cloud services from there.