Guide: A Step-by-Step Guide to Setup Service Fabric Cluster in Azure
As an Azure Computing enthusiast, I am following the Service Fabric since the platform was available for private preview. The Service Fabric is a distributed platform that addresses significant challenges in managing cloud applications. i.e. Microservices, High-Density Web Services or self-host applications. The Azure Service Fabric avoids complex logistical problems around the infrastructure and service management. It mainly focuses on implementing critical, high-volume workload that is scalable, fault-tolerant, self-healing, stateless or stateful, fast deployable, resource balancing, self-optimising and manageable.
There are mainly two ways to provision the Service Fabric clusters,
Create Service Fabric Cluster using the Azure Portal
Creating Service Fabric Cluster using Azure Portal is simple, though there are some tricky steps involved while setting up security and certificates. We would highlight them as we go along. Azure Portal is a useful tool especially if you are configuring for quick proof of concept or early environment. For production use (at Enterprise Scale), I would recommend Azure Resource Manager Templates.
Basic configuration would require Cluster Name, Operating System, Default VM Credentials, Subscription, Resource Group and Data Center Location. It is not a good idea to have the same username and password for all the VMs from a security perspective. However, it is fine for testing or development purposes.
Key configuration elements would be Operating System and Data Center Location.
Cluster Configuration & Node Types
Node Type configuration is one of the key decision points for your Service Fabric Cluster. Service Fabric Provisioning Orchestration would create some the VM Scale Set as equal to node types. At node type configuration, you can specify Node Type Name, Durability Tier, Machine Size, Reliability Tier and Initial VM Scale Set Capacity.
The Durability Tier determines the minimum size of VM. I relate Durability term in this context as Up-Scaling your computing nodes, as well as there is an element of availability, too. Gold durability can be enabled on VM Size like D15_*, G5+ or equivalent, the similar constraint for Silver, too. The use case of the services should be the main driver for deciding durability tier.
The reliability tier configuration is more relevant to the High Availability requirement; the configuration value would run the system services with a count of target replica set. The configuration value would also determine the minimum number of nodes. However, bear in mind that there is no ceiling on numbers of VM (Azure limitation would apply).
I see them, as proper valuation as the minimal system should be in place. However, we can always scale-up or scale-out.
Secondary or Additional Node Types
Node Types provides a physical segmentation within Service Fabric Cluster, you can consider separate node type for various drivers. i.e. Business Domain, Front-End Service Layer, Composite Service Layer, Core Service Layer, Back-End Service Layer, Service Profiling (High Throughput), Stateless Services (with lighter but higher more machines), Stateful (or Actor with High I/O but a smaller number of machines).
In a nutshell, it would provide much-needed flexibility to manage different enterprise services. The configuration parameters are same as Primary Node Type.
Custom Fabric Settings
You can configure runtime configuration values here, for more detail refer Customize Service Fabric cluster settings and Fabric Upgrade policy .
Upgrade and Fabric Version
You can configure automatic Fabric Runtime upgrade or leave it for manual upgrade. A Azure Service Fabric cluster is a shared responsibility (as PaaS), you can choose a preferred update mode using Resource Manager template or the Azure Portal. For more information, please see Upgrade an Azure Service Fabric cluster .
Security is key for any Public Cloud deployment. Service Fabric provides different configuration options i.e. Node-to-Node or Node-to-Client. You can consider some of the following,
- X.509 Certificate Security (using Azure Key Vault) Recommended
- X.509 Certificate Security (uploading .pfx directly and configuring through CD/CI pipeline to individual node)
- Windows Security (Azure Active Directory)
Show advanced setting link to expand other options available to the configuration. i.e. Secondary Certificate, Windows AD configuration. Secondary Certificate is necessary as it would make Key Rotation easier and straightforward. Refer
add a secondary cluster certificate using the portal
for more detail.
$ResouceGroup = "blog.nilayparikh.com" $VName = "XXXX" $SubID = "0000000-0000-0000-0000-000000000000" $locationRegion = "southuk" $newCertName = "npblogdemosfcertificate" $dnsName = "xxxxxxxx.uksouth.cloudapp.azure.com" #The certificate's subject name must match the domain used to access the Service Fabric cluster. $localCertPath = "D:\MyCertificates" # location where you want the .PFX to be stored Invoke-AddCertToKeyVault -SubscriptionId $SubID -ResourceGroupName $ResouceGroup -Location $locationRegion -VaultName $VName -CertificateName $newCertName -CreateSelfSignedCertificate -DnsName $dnsName -OutputPath $localCertPath /* Output */ Name : CertificateThumbprint Value : 7D96DC096AXX98DCXXXXX85178AECD2AXXXX889 Name : SourceVault Value : /subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/blog.nilayparikh.com/providers/Microsoft.KeyVault/vaults/XXXX Name : CertificateURL Value : https://XXXX.vault.azure.net:443/secrets/npblogdemosfcertificate/0000000000000000000000000000000
If you are considering deploying X.509 certificate through the Azure Key Vault then you need to tick Enable access to Azure Virtual Machine for deployment option on Advance Access Policies.
Quick hack for creating self-signed certificate for non-production use,
Review and Create Service Fabric Cluster
Review the summary and click on Create, it may take long to provision a cluster. The Azure Portal will provision following,
- Load Balancer (per Node Type)
- Subnet (per Node Type)
- Public IP
- Virtual Network (optional with Resource Manager Template)
- Virtual Scale Sets (per Node Type)
- Virtual Machines (per Durability, Reliability and Cluster Configuration)
- Storage (per configuration, i.e. Logs)
That is it; it could take several minutes while Microsoft Azure provision you all the artefact that make Service Fabric Cluster.
Provision the Azure Service Fabric Cluster through Resource Manager Template
I have created a minimalistic Service Fabric Azure RM template.
Any views or opinions expressed are solely those of the author and do not represent any other person or organisation. THE ARTICLE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. IN NO EVENT SHALL THE AUTHOR(S) OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY.