// Security NEWS // How Microsoft Wants to Harden its Azure Servers

vijbzabyss (69)in #news • 6 years ago (edited)

Microsoft is working on several fronts to improve the resilience of its Azure data centers.

During his presentation "Inside Azure datacenter architecture" at Build 2019 2 weeks ago, Mark Russinovich, Chief Technical Officer of Azure, detailed the issue of reliability and what the company is doing to move forward on this topic.

One of the efforts described by Russinovitch is known as the "Tardigrade Project". As Russinovich reminded the Build audience, a tardigrade is one of the most resistant creatures ever discovered. It can survive in space and at extreme temperatures. With Tardigrade, Microsoft's goal is to enable a cloud application to survive a platform failure.

"We want our servers to be like tardigrades," Russinovich said. "We don't want to have to reboot the virtual machines (VMs), when things go bad". With Tardigrade, the "VMs get frozen in RAM, with their state preserved."

The operating system resumes on a fresh server. Russinovich did not provide any details as to when this technology will be deployed, but he did demonstrate its operation during his Build presentation.

Tardigrade started as a Microsoft research project. Here is a research document dated May 2015 that details Microsoft's vision for Tardigrade as "leveraging lightweight virtual machines to easily and efficiently construct fault-tolerant services."

A summary of this research paper :

"Tardigrade (is) a system that deploys an existing, unmodified binary as a fault-tolerant service. Tardigrade replicates the service on several machines so that it continues running even when some of them fail. Yet, it keeps the service states synchronized so clients see strongly consistent results."

Tardigrade, as pointed out by Microsoft researchers, uses "a lightweight virtual machine (which) is a process-sandboxed so that its external dependencies are completely encapsulated, enabling it to be migrated across machines. To let unmodified binaries run within such a sandbox, the sandbox also contains a library OS providing the expected API."

A library operating system?

Yes, it seems that Tardigrade has its roots in the work that Microsoft did around "Drawbridge". Drawbridge was a Microsoft research project designed to provide a new form of virtualization for application sandboxing. It was based on picoprocesses (a process-based isolation container with a minimal kernel) and a library operating system, or a redesigned operating system to function as a set of libraries in the context of an application, as described by Microsoft researchers.

Microsoft used Drawbridge concepts to bring SQL Server to Linux and the Windows subsystem for Linux to Windows 10.

"Earlier this year it began rolling those features out across its network of data centers, and they’re now operating nearly everywhere,", Russinovich told Geekwire 2 weeks ago. Availability zones are designed to protect customers from data center failures.

The areas are located within the Azure regions and offer an independent power source, grid and cooling. There are at least three separate zones in the authorized azure regions.

While Microsoft officials often say that Microsoft has more cloud regions in the world than any cloud provider, relatively few Azure regions support availability areas. For its part, AWS defines a "region" as a geographical place where it operates a set of availability areas. AWS currently has 64 availability areas in 21 regions.

Sources : GeekWire and Inside Azure datacenter architecture with Mark Russinovich and Microsoft

Not an ultra fresh news but I really wanted to share it with you!

Stay Informed, Stay Safe