Cache-aside Circuit Breaker Compensating Transaction Competing Consumers Compute Resource Consolidation Command and Query Responsibility

Segregation (CQRS)
This poster depicts common problems in designing cloud applications Load data on demand into a cache from a data store. This pattern can improve perfor- Handle faults that may take a variable amount of time to rectify when connecting to a Undo the work performed by a series of steps, which together define an eventually Enable multiple concurrent consumers to process messages received on the same Consolidate multiple tasks or operations into a single computational unit. This pattern Segregate operations that read data from operations that update data by using separate
(below) and patterns that offer guidance (right). The information applies mance and also helps to maintain consistency between data held in the cache and the remote service or resource. This pattern can improve the stability and resiliency of an consistent operation, if one or more of the operations fails. Operations that follow the messaging channel. This pattern enables a system to process multiple messages concur- can increase compute resource utilization, and reduce the costs and management interfaces. This pattern can maximize performance, scalability, and security; support
to Microsoft Azure as well as other cloud platforms. The icons at the top data in the underlying data store. application. eventual consistency model are commonly found in cloud-hosted applications that rently to optimize throughput, to improve scalability and availability, and to balance the overhead associated with performing compute processing in cloud-hosted applications. evolution of the system over time through higher flexibility; and prevent update com-
of each item represent the problem areas that the pattern relates to. implement complex business processes and workflows. workload. mands from causing merge conflicts at the domain level.
Patterns that include code samples are indicated by this icon: Closed
Operation steps to create itinerary Application instances -
entry / reset failure counter generating messages
Visit http://aka.ms/Cloud-Design-Patterns-Sample to download.
do / if operation succeeds Consumer service Role Presentation
return result instance pool -
Problem areas in the cloud Success count
else
increment failure counter Failure threshold Book seat on Book seat on Reserve room
processing messages
return failure
OnStart
threshold reached flight F1 flight F2 at hotel H1
Start OnStart initializes
Run creates tasks Validation
reached exit / Counter operations resources used by
Availability recorded for each event
tasks
and waits for them
step in the long- to complete
Cache Message queue
running transaction
Half-Open Open Fabric Commands
Blob Run Queries
entry / reset success counter Timeout timer Cancel seat on Cancel seat on Cancel room at controller (generate DTOs)
Availability defines the proportion of time that the system is functional do / if operation succeeds expired entry / start timeout timer flight F1 flight F2 hotel H1 Read model
Compensation logic OnStop cleans up Domain logic
and working. It will be affected by system errors, infrastructure problems, increment success counter do / return failure Stop
applies business resources used by
malicious attacks, and system load. It is usually measured as a percentage return result exit / rules to counter- event tasks
of uptime. Cloud applications typically provide users with a service level else operations OnStop
Operation Date persistence
agreement (SLA), which means that applications must be designed and return failure failed
implemented in a way that maximizes availability. exit / Write model
Compensating logic Compensating logic Compensating logic
Data store
http://aka.ms/Availability-Patterns Compensating transaction to cancel itinerary Data store

For more info, see http://aka.ms/Cache-Aside-Pattern For more info, see http://aka.ms/Circuit-Breaker-Pattern For more info, see http://aka.ms/Compensating-Transaction-Pattern For more info, see http://aka.ms/Competing-Consumers-Pattern For more info, see http://aka.ms/Compute-Resource-Consolidation-Pattern For more info, see http://aka.ms/CQRS-Pattern

Data Management
Event Sourcing External Configuration Store Federated Identity Gatekeeper Health Endpoint Monitoring Index Table
Data management is the key element of cloud applications, and influenc-
Use an append-only store to record actions taken on data, rather than the current state, Move configuration information out of the application deployment package to a Delegate authentication to an external identity provider. This pattern can simplify Protect applications and services by using a dedicated host instance that acts as a broker Implement functional checks within an application that external tools can access Create indexes over the fields in data stores that are frequently referenced by query
es most of the quality attributes. Data is typically hosted in different
and use the store to materialize the domain objects. In complex domains this can avoid centralized location. This pattern can provide opportunities for easier management and development, minimize the requirement for user administration, and improve the user between clients and the application or service, validates and sanitizes requests, and through exposed endpoints at regular intervals. This pattern can help to verify that criteria. This pattern can improve query performance by allowing applications to more
locations and across multiple servers for reasons such as performance, synchronizing the data model and the business domain; improve performance, scalabili- control of configuration data, and for sharing configuration data across applications and experience of the application. passes requests and data between them. This pattern can provide an additional layer of applications and services are performing correctly. quickly locate the data to retrieve from a data store.
scalability or availability, and this can present a range of challenges. For ty, and responsiveness; provide consistency; and provide audit history to enable com- application instances. security, and limit the attack surface of the system. Index Table
example, data consistency must be maintained, and data will typically pensating actions. Secondary Key Customer
need to be synchronized across different locations. (Town) Reference (ID)
Identity Fact Table Chicago ID: 5
provider (IdP) Client Gatekeeper CDN SSL certificates
Primary Key Chicago ID: 9
http://aka.ms/DataManagement-Patterns Presentation Some options for (Customer ID) Customer Data
consuming events Application or security token exposes endpoints
... ...
1 LastName: Smith, Town: Redmond,... Portland ID: 3
Cart created service (STS) to clients Application 2 LastName: Jones, Town: Seattle, ... Portland ID: 7
Cart 2. Consumer 3 LastName: Robinson, Town: Portland, ... Redmond ID: 1
Item 1 added Cart ID Cart Item authenticates and Agent Health checks 4 LastName: Brown, Town: Redmond, ... Redmond ID: 4
Date Cart ID requests token 5 LastName: Smith, Town: Chicago, ... Redmond ID: 6
Design and Implementation Item 2 added
Item key External 1. Service trusts
Gatekeeper Gatekeeper CDN Storage 6 LastName: Clarke, Town: Portland, ... Redmond ID: 8
Customer
Item name Application configuration IdP or STS may be decoupled 7 LastName: Smith, Town, Redmond, ... Seattle ID: 2
Item 1 removed Address Application Database
store 3. STS returns from trusted host(s) Storage 8 LastName: Smith, Town: Redmond, ... ... ...
... Quantity token Gatekeeper 9 LastName: Jones, Town: Chicago, ...
SSL Service A
Shipping ... validates and ... ... Index Table
Good design encompasses factors such as consistency and coherence in information added Cloud storage ... 200 (OK) Service B
Materialized View sanitizes requests 1000 LastName: Clarke, Town: Chicago, ... Secondary Key Customer
component design and deployment, maintainability to simplify adminis- Trusted host ... ... (LastName) Reference (ID)
External systems Service ...
tration and development, and reusability to allow components and Consumer or Response time: 50 ms Brown ID: 4
subsystems to be used in other applications and in other scenarios. and applications Application Storage: 5 ms Clarke ID: 7
Event Persisted Alternative 4. Consumer Data Keymaster Port 80 (HTTPS)
Published events Green ID: 6
Decisions made during the design and implementation phase have a store events Query for current option presents token to Trusted host
Database: 20 ms or 443 (HTTPS)
... endpoint Database Jones ID: 2
huge impact on the quality and the total cost of ownership of cloud Replayed events state of entities service accesses Jones ID: 9
hosted applications and services. Database service and ... ...
Local cache
storage Robinson ID: 3
http://aka.ms/Design-and-Implementation-Patterns Services Smith ID: 1
Smith ID: 8
For more info, see http://aka.ms/Event-Sourcing-Pattern For more info, see http://aka.ms/External-Configuration-Store-Pattern For more info, see http://aka.ms/Federated-Identity-Pattern For more info, see http://aka.ms/Gatekeeper-Pattern For more info, see http://aka.ms/Health-Endpoint-Monitoring-Pattern For more info, see http://aka.ms/Index-Table-Pattern ... ...

Messaging
Leader Election Materialized View Pipes and Filters Priority Queue Queue-Based Load Leveling Retry
The distributed nature of cloud applications requires a messaging infra-
structure that connects the components and services, ideally in a loosely Coordinate the actions performed by a collection of collaborating task instances in a Generate pre-populated views over the data in one or more data stores when the data is Decompose a task that performs complex processing into a series of discrete elements Prioritize requests sent to services so that requests with a higher priority are received Use a queue that acts as a buffer between a task and a service that it invokes in order to Enable an application to handle anticipated, temporary failures when it attempts to
distributed application by electing one instance as the leader that assumes responsibility formatted in a way that does not favor the required query operations. This pattern can that can be reused. This pattern can improve performance, scalability, and reusability and processed more quickly than those of a lower priority. This pattern is useful in smooth intermittent heavy loads that may otherwise cause the service to fail or the task connect to a service or network resource by transparently retrying an operation that has
coupled manner in order to maximize scalability. Asynchronous messag-
for managing the other instances. This pattern can help to ensure that task instances do help to support efficient querying and data extraction, and improve performance. by allowing task elements that perform the processing to be deployed and scaled applications that offer different service level guarantees to individual clients. to time out. This pattern can help to minimize the impact of peaks in demand on avail- previously failed in the expectation that the cause of the failure is transient. This pattern
ing is widely used, and provides many benefits, but also brings challenges not conflict with each other, cause contention for shared resources, or inadvertently independently. ability and responsiveness for both the task and the service. can improve the stability of the application.
such as the ordering of messages, poison message management, idem- interfere with the work that other task instances are performing.
potency, and more. Data from Application sends messages to All messages in a queue have
Source 1 the queue that handles messsages Tasks Application Hosted service
the same priority
http://aka.ms/Messaging-Patterns Leader role instance Application of the designated priority Consumer 1
Application data Message queue for priority 1 messages
4 is the source 500
1 Materialized view Task A Task B Task C
of truth Application 1 1 1 Message queue Services
is read-only Consumer
2
3 OrderId Account Transformed data
BlobDistributedMutext Blob 500
Management and Monitoring 1 A
Consumer
2 2 B Components
reused in Business 3
Subordinate role instance Materialized View
different logic
OrderId ItemId Qty ItemId Name Stock pipelines 200
1 30 2 Message queue for priority 2 messages Requests received at Messages processed at a
Cloud applications run in a remote datacenter where you do not have full 30 Shirts 120 Consumer
a variable rate more consistent rate 1 Application invokes operation on hosted service. The request fails, and the
1 31 3 31 Pants 143 Transformed data 2 2
control of the infrastructure or, in some cases, the operating system. This Data from service host responds with HTTP response code 500 (internal server error).
2 30 2
can make management and monitoring more difficult than an on-prem- BlobDistributedMutext Source 2 2 Application waits for a short interval and tries again. The request still fails with
Consumer
ises deployment. Applications must expose runtime information that ItemId Name Stock Message queue for priority 3 messages HTTP response code 500.
administrators and operators can use to manage and monitor the system, 30 Shirts 120 3 3 Application waits for a longer interval and tries again. The request succeeds
as well as supporting changing business requirements without requiring 31 Pants 143 Task A Task B Task E 3 3 Consumer
with HTTP response code 200 (OK).
the application to be stopped or redeployed. BlobDistributedMutext

http://aka.ms/Management-and-Monitoring-Patterns For more info, see http://aka.ms/Leader-Election-Pattern For more info, see http://aka.ms/Materialized-View-Pattern For more info, see http://aka.ms/Pipes-and-Filters-Pattern For more info, see http://aka.ms/Priority-Queue-Pattern For more info, see http://aka.ms/Queue-Based-Load-Leveling-Pattern For more info, see http://aka.ms/Retry-Pattern

Performance and Scalability

Runtime Reconfiguration Scheduler Agent Supervisor Sharding Static Content Hosting Throttling Valet Key
Performance is an indication of the responsiveness of a system, while
Design an application so that it can be reconfigured without requiring redeployment or Coordinate a set of actions across a distributed set of services and other remote resourc- Divide a data store into a set of horizontal partitions or shards. This pattern can improve Deploy static content to a cloud-based storage service that can deliver these directly to Control the consumption of resources used by an instance of an application, an individu- Use a token or key that provides clients with restricted direct access to a specific resource
scalability is the ability to gracefully handle increases in load, perhaps
restarting the application. This helps to maintain availability and minimize downtime. es, attempt to transparently handle faults if any of these actions fail, or undo the effects scalability when storing and accessing large volumes of data. the client. This pattern can reduce the requirement for potentially expensive compute al tenant, or an entire service. This pattern can allow the system to continue to function or service in order to offload data transfer operations from the application code. This
through an increase in available resources. Cloud applications, especially
of the work performed if the system cannot recover from a fault. This pattern can add instances. and meet service level agreements, even when an increase in demand places an extreme pattern is particularly useful in applications that use cloud-hosted storage systems or
in multi-tenant scenarios, typically encounter variable workloads and resiliency to a distributed system by enabling it to recover and retry actions that fail due load on resources. queues, and can minimize cost and maximize scalability and performance.
unpredictable activity peaks and should be able to scale out within limits to transient exceptions, long-lasting faults, and process failures. Sharding logic:
to meet demand, and scale in when demand decreases. Scalability Route requests for tenant 1 to shard ...
... Container myresources Resource utilization
concerns not just compute instances, but other items such as data stor- Route requests for tenant 55 to shard A User
age, messaging infrastructure, and more. Application A step in the workflow can send a request to an Agent accesses remote resource or styles.ccs image1.png Maximum 1 Request resource
agent to access a remote resource or invoke a service. The agent should include ... Check validity of 2
code Route requests for tenant 227 to shard C sitecode.js image2.png capacity
Configuration Change cancelled
remote service. Requests and responses are error handling and retry logic request and
typically sent asynchronously Agent ...
Application download.doc image3.png Application
http://aka.ms/Performance-and-Scalability-Patterns updated because it cannot be Scheduler Route requests for tenant N to shard ...
samples.zip ...
generate key
applied at runtime organizes and Remote Soft limit of token
Application Application ...
runs the steps that resource Feature C resource 3 Return token
instance instance
Resiliency Change applied comprise the task
as a workflow
Deliver pages utilization
at runtime Agent containing links to
Query: Find information Query: Find information
Scheduler Remote for tenant 55 for tenant 227 files in storage Feature B
Request files Access resource
Scheduler
service service using token
from storage
Resiliency is the ability of a system to gracefully handle and recover from maintains the status of
service
Component each step in the State
failures. The nature of cloud hosting, where applications are often Store Supervisor requests that a failed step Feature A 4
or service is reattempted by the Scheduler
multi-tenant, use shared platform services, compete for resources and as it is started
and completed Supervisor Client
bandwidth, communicate over the Internet, and run on commodity Configuration file Restart
hardware means there is an increased likelihood that both transient and application Supervisor monitors the status of Shard A Shard B Shard C Shard N Time
State store steps in the State Store and may T1 T2
more permanent faults will arise. Detecting failures, and recovering update the status of a step
quickly and efficiently, is necessary to maintain resiliency. Feature B is suspended to allow sufficient
resources for applications to use
Feature A and Feature C Target
http://aka.ms/Resiliency-Patterns resource
For more info, see http://aka.ms/Runtime-Reconfiguration-Pattern For more info, see http://aka.ms/Scheduler-Agent-Supervisor-Pattern For more info, see http://aka.ms/Sharding-Pattern For more info, see http://aka.ms/Static-Content-Hosting-Pattern For more info, see http://aka.ms/Throttling-Pattern For more info, see http://aka.ms/Valet-Key-Pattern

Cloud Design Patterns: Prescriptive Architecture Guidance for Cloud Applications

Security

Security is the capability of a system to prevent malicious or accidental

actions outside of the designed usage, and to prevent disclosure or loss
of information. Cloud applications are exposed on the Internet outside
trusted on-premises boundaries, are often open to the public, and may
serve untrusted users. Applications must be designed and deployed in a
way that protects them from malicious attacks, restricts access to only
approved users, and protects sensitive data.

http://aka.ms/Security-Patterns Like it? Get it. http://aka.ms/Cloud-Design-Patterns 2015 Microsoft Corporation. All rights reserved. pagdoc@microsoft.com