azure 使用_Cloud Power：如何使用Traffic Manager在全球范围内扩展Azure网站

azure 使用

The "cloud" is one of those things that I totally get and totally intellectualize, but it still consistently blows me away. And I work on a cloud, too, which is a little ironic that I should be impressed.

“云”是我完全了解并完全智能化的事物之一，但仍然让我震惊。而且我也在云上工作，这有点讽刺，应该给我留下深刻的印象。

I guess part of it is historical context. Today's engineers get mad if a deployment takes 10 minutes or if a scale-out operation has them waiting five. I used to have multi-hour builds and a scale out operation involved a drive over to PC Micro Center. Worse yet, having a Cisco engineer fly in to configure a load balancer. Certainly engineers in the generation before mine could lose hours with a single punch card mistake.

我想其中一部分是历史背景。如果部署需要10分钟或横向扩展操作使他们等待5分钟，那么今天的工程师就会发疯。我曾经进行过多个小时的构建，并且横向扩展操作涉及将驱动器移至PC Micro Center。更糟糕的是，让思科工程师介入以配置负载均衡器。当然，我的那一代工程师可能会因为一次打Kong卡错误而浪费数小时。

这就是给我留下深刻印象的力量。 (It's the power that impresses me.)

And I don't mean CPU power, I mean the power to build, to create, to achieve, in minutes, globally. My that's a lot of comma faults.

我的意思不是说CPU能力，而是指在几分钟内在全球范围内构建，创建和实现的能力。我的那是很多逗号错误。

Someone told me once that the average middle class person is more powerful than a 15th century king. You eat on a regular basis, can fly across the country in a few hours, you have antibiotics and probably won't die from a scratch.

曾经有人告诉我，普通的中产阶级人比15世纪的国王更有力量。您定期进食，可以在几个小时内飞遍全国，您拥有抗生素，并且可能不会从零开始死亡。

Cloud power is that. Here's what I did last weekend that blew me away.

云的力量就是这样。这是我上周末做的让我震惊的事情。

I just took a website, bought a wildcard SSL cert, deployed to Asia, Europe, and US, and geo-load-balanced the secure traffic in 45 min. O_O
— Scott Hanselman (@shanselman)
我刚浏览了一个网站，购买了通配符SSL证书，并部署到了亚洲，欧洲和美国，并在45分钟内实现了安全流量的地理负载均衡。 O_O
— Scott Hanselman(@shanselman) May 3, 20142014年5月3日

Here's how I did it.

这是我的方法。

在几分钟内在全球范围内扩展Azure网站，并添加SSL (Scaling an Azure Website globally in minutes, plus adding SSL)

I'm working on a little startup with my friend Greg, and I recently deploy our backend service to a small Azure website in "North Central US." I bought a domain name for $8 and setup a CNAME to point to this new Azure website. Setting up custom DNS takes just minutes of course.

我正在与朋友Greg一起开办一家小型创业公司，最近我将后端服务部署到“美国中北部”的一个小型Azure网站。我以$ 8的价格购买了一个域名，并设置了一个CNAME指向这个新的Azure网站。设置自定义DNS只需几分钟。

将SSL添加到Azure网站 (Adding SSL to Azure Websites)

I want to run my service traffic over SSL, so I headed over to DNSimple where I host my DNS and bought a wildcard SSL for *.mydomain.com for only $100!

我想通过SSL运行我的服务流量，因此我前往DNSimple托管我的DNS，并以100美元的价格为* .mydomain.com购买了通配符SSL ！

Adding the SSL certificate to Azure is easy, you upload it from the Configure tab on Azure Websites, then binding it to your site.

将SSL证书添加到Azure很容易，您可以从Azure网站上的“配置”选项卡上载SSL证书，然后将其绑定到您的站点。

Most SSL certificates are issued as a *.crt file, but Azure and IIS prefer *.pfx. I just downloaded OpenSSL for Windows and ran:

大多数SSL证书以* .crt文件发布，但是Azure和IIS更喜欢* .pfx。我刚刚下载了Windows的OpenSSL并运行：

openssl pkcs12 -export -out mysslcert.pfx -inkey myprivate.key -in myoriginalcert.crt

Then I upload mysslcert.pfx to Azure. If you have intermediaries then you might need to include those as well.

然后，将mysslcert.pfx上传到Azure。如果您有中介，那么您可能还需要包括这些中介。

This gets me a secure connection to my single webserver, but I need multiple ones as my beta testers in Asia and Europe have complained that my service is slow for them.

这使我可以安全地连接到单个Web服务器，但是我需要多个Web服务器，因为我在亚洲和欧洲的Beta测试人员抱怨我的服务对他们而言很慢。

添加多个全球Azure网站位置 (Adding multiple global Azure Website locations)

It's easy to add more websites, so I made two more, spreading them out a bit.

添加更多网站很容易，所以我又创建了两个网站，将它们扩展了一些。

I use Git deployment for my websites, so I added two extra named remotes in Git. That way I can deploy like this:

我将Git部署用于我的网站，因此在Git中添加了两个额外的命名远程对象。这样，我可以像这样部署：

>git push azure-NorthCentral master
>git push azure-SoutheastAsia master
>git push azure-WestEurope master

At this point, I've got three web sites in three locations but they aren't associated together in any way.

至此，我在三个位置拥有三个网站，但它们没有以任何方式关联在一起。

I also added a "Location" configuration name/value pair for each website so I could put the location at the bottom of the site to confirm when global load balancing is working just by pulling it out like this:

我还为每个网站添加了一个“位置”配置名称/值对，因此我可以将位置放在网站的底部以确认全局负载平衡何时起作用，只需将其拉出，如下所示：

location = ConfigurationManager.AppSettings["Location"];

I could also potentially glean my location by exploring the Environment variables like WEBSITE_SITE_NAME for my application name, which I made match my site's location.

我还可以通过浏览环境变量(例如WEBSITE_SITE_NAME)作为我的应用程序名称来潜在地收集我的位置，该变量与我的站点位置相匹配。

Now I bring these all together by setting up a Traffic Manager in Azure.

现在，我通过在Azure中设置流量管理器来将所有这些整合在一起。

I change my DNS CNAME to point to the Traffic Manager, NOT the original website. Then I make sure the traffic manager knows about each of the Azure Website endpoints.

我将DNS CNAME更改为指向流量管理器，而不是原始网站。然后，确保流量管理器了解每个Azure网站终结点。

Then I make sure that my main CNAME is setup in my Azure Website, along with the Traffic Manager domain. Here's my DNSimple record:

然后，请确保在我的Azure网站中设置了我的主要CNAME，以及Traffic Manager域。这是我的DNSimple记录：

And here's my Azure website configuration:

这是我的Azure网站配置：

Important Note: You may be thinking, hang on, I though there was already load balancing built in to Azure Websites? It's important to remember that there's the load balancing that selects which data center, and there's the load balancing that selects an actual web server within a data center. Also, you can choose between straight round-robin, failover (sites between datacenters), or Performance, when you have sites in geographic locations and you want the "closest" one to the user. That's what I chose. It's all automatic, which is nice.

重要说明：您可能会想，等等，尽管Azure网站已经内置了负载平衡功能？重要的是要记住，有一个负载平衡选择了哪个数据中心，有一个负载平衡选择了一个数据中心内的实际Web服务器。另外，如果您在地理位置上有站点并且希望用户找到“最近”站点，则可以在直接循环，故障转移(数据中心之间的站点)或性能之间进行选择。那就是我选择的。都是自动的，很好。

Since the Traffic Manager is just going to resolve to a specific endpoint and all my endpoints already have a wildcard SSL, it all literally just works.

由于流量管理器只是要解析到特定的端点，并且我所有的端点都已经具有通配符SSL，因此从字面上看，所有这些都可以正常使用。

When I run NSLOOKUP myHub I get something like this:

当我运行NSLOOKUP myHub时，我得到如下信息：

>nslookup hub.mystartup.com
Server:  ROUTER
Address:  10.71.1.1

Non-authoritative answer:
Name:    ssl.mystartup-northcentralus.azurewebsites.net
Address:  23.96.211.345
Aliases:  hub.mystartup.com
          mystartup.trafficmanager.net
          mystartup-northcentralus.azurewebsites.net

As I'm in Oregon, I get the closest data center. I asked friends via Skype in Australia, Germany, and Ireland to test and they each got one of the other data centers.

当我在俄勒冈州时，我得到了最近的数据中心。我通过澳大利亚，德国和爱尔兰的Skype要求朋友进行测试，他们每个人都得到了另一个数据中心之一。

I can test for myself by using https://www.whatsmydns.net and seeing the different IPs from different locations.

我可以通过使用https://www.whatsmydns.net并查看来自不同位置的不同IP进行自我测试。