Lift, shift, and modernize using containers on Azure Service Fabric

Publisert på 4 desember, 2017

Principal Program Manager

Azure Service Fabric is a distributed systems platform that is the foundational technology powering core Azure infrastructure, as well as other Microsoft services such as Skype for Business, Azure Cosmos DB, Azure SQL Database, Dynamics 365, Cortana, and many more. It makes building and managing scalable microservices and container applications for Windows and Linux easy. Service Fabric has supported container orchestration for production scenarios for several months now with the general availability announcement for Windows Server 2016 at Microsoft Build and Ubuntu Linux 16.04 at the Ignite conference. At Ignite, we demonstrated the scheduling, placement of a million containers on a cluster spanning 3500 nodes in under two minutes, which meant that you never have to worry about performance and scale with Service Fabric. We’ll have a more detailed post on this coming soon.

In this post, we’ll call out some of the container orchestration capabilities in Service Fabric along with a peek at what’s coming soon. Many customers are looking at lift-and-shift followed by modernization of their applications, and Service Fabric provides first-class support for either scenario.

Lift, shift, and modernize

Many customers such as Alaska Airlines and ABBYY are using Windows Server containers to lift-and-shift their workloads to the cloud using Service Fabric. With lift-and-shift, minimal changes to the code are desired. Service Fabric provides a built-in DNS service to support communication between containers using DNS names requiring no code changes. This enables you to easily deploy multi-container applications and communicate between them.

Service Fabric natively supports Docker Compose manifests to describe container services in addition to its own application and service manifests. Lift-and-shift commonly entails moving existing services into containers from VMs. It is likely that all services, for example websites, are listening to the same port which can cause conflicts. Service Fabric supports those scenarios by offering multiple networking modes, including an “open” networking mode, where each container gets its own IP address so port conflicts are avoided.

Lift-and-shift exercises are undertaken not just for operational efficiency, but also cost savings. Service Fabric is an orchestrator built around dynamic resource balancing for efficient use of cluster resources. Thus, Service Fabric always balances the container services across the number of nodes available, and you can programmatically scale the cluster. The high density of containers that Service Fabric offers results in considerable cost savings upon migrating to the cloud.

A major consideration during lift-and-shift is enforcing security in the cloud. For securing your containers, Service Fabric supports Windows Hyper-V containers. Customers are recommended to use the Hyper-V isolation mode when they are running third-party code inside containers to obtain better isolation than the process isolation mode. To further support lift-and-shift, Service Fabric also supports gMSA (group Managed Service Accounts) for Windows containers. Additionally, Service Fabric has built-in certificate management to provide/limit access for containers to specific certificates. 

A good diagnostics experience is key for a seamless migration to the cloud. While any log driver can be used, Service Fabric also integrates with OMS Log Analytics for container logs on Windows and Linux.

Get started

While Service Fabric supports all the core orchestration functions such as rapid deployment of container services, resource governance, zero downtime upgrades, as well as volume and log drivers, it also includes several utility features such as the ability to prune container images to recover disk space and configure graceful shutdown for containers.

When you are modernizing your application by adding new cloud native services, you need additional tools in your kit. Service Fabric has you well covered for such scenarios. Service Fabric provides you with a broad range of features such as IDE support across platforms (Windows, Linux, and OSX) that help you develop and debug your containers to features optimized for container communication, such as the built-in naming service.

We’re continuously innovating

Now, about what’s coming in upcoming releases. We’re expanding the Service Fabric Explorer UI to show container logs and container specific views. For scenarios depending on stickiness of container addresses, Service Fabric will soon provide support for a stable IP per container, even when containers move from one VM to another. You can soon use the network isolation feature to create dedicated vNETs per application. To make Azure and Service Fabric a great choice for lift-and-shift, more features such as the support for container groups and built-in volume drivers for Azure Files are coming soon.

To help lift-and-shift even your state stores and scale them out as needed, as a data-aware container orchestrator, we’ll soon provide a built-in HA volume driver using the Service Fabric state store and pair it with intelligent routing. A simple programming model to access the state store within containers is also planned so that you can extract maximum performance. 

We love to hear from folks using Service Fabric. Let us know what’s working well and what’s not. Read our docs, learn from customers using Service Fabric, and try it out on a free Azure cluster. For more information, tune into our monthly community calls