Live Mesh : Behind Live Mesh

Developers, meet the Live Framework blog

Live Mesh Team — Sat, 22 Nov 2008 01:21:00 GMT

We've been using this blog to share information about both Live Mesh the user experience, and what we formerly referred to as Live Mesh the developer platform. With the news at PDC about Live Services and the Live Framework, it's time to re-focus this blog on just the platform experience of Live Mesh. We'll continue to post news here about changes and updates to www.mesh.com and our client software for PC, Mac and Windows Mobile.

We've created a new team blog, http://blogs.msdn.com/liveframework, as a home for our developer oriented content. This is where we'll share more Behind Live Mesh content, tips and tricks for writing applications using the Live Framework, and other developer-centric news and information. Earlier today, for example, we announced a new build of the Live Framework Developer Sandbox and SDK are available to developers in the Live Framework CTP. We've also got a couple team members Tweeting away about Live Framework topics at http://twitter.com/liveframework .

Techorati: LiveMesh, LiveFramework

Behind Live Mesh: The Pub-Sub System

Live Mesh Team — Thu, 09 Oct 2008 06:33:47 GMT

Hey there! I’m Viraj Mody, a developer on the Live Mesh services team. I bet some of you are curious about how the Live Mesh software running on your devices detects when others add files to your shared Live Folders, quickly changes icon colors when devices go from offline to online, or updates your Live Mesh News Feeds as changes occur. This post will give you some insight into the facilities we’ve built in the Live Mesh back-end that enable client applications to do all of the above and much more.

In order to be responsive and perform well, Live Mesh, like most other software + services systems, requires that the cloud (services) be able to send out-of-band messages to clients (software). Most actions initiated by the client (MOE and Live Desktop) are triggered as a result of these messages sent from the Live Mesh services cloud to that specific client. These could be messages informing the client that items in the cloud have changed, that another client wants to initiate a peer-to-peer connection to this client, and so on. Such out-of-band messages that the cloud sends to clients are called Notifications. In order to keep the overall system performing well and to safeguard the privacy of clients, it is important that a client only receives Notifications for items it is interested in and has permissions to access. Each client has the ability to tell the cloud what items it is interested in monitoring. This expression of a client’s interest in changes to specific information in the cloud is referred to as a Subscription. Together, these Subscriptions and Notifications form the building blocks of Live Mesh’s Pub-Sub System.

In this post, I’ll go over the different back-end services that comprise the Pub-Sub System and provide an overview of how the system works end-to-end. In many ways, the Pub-Sub System can be understood by comparing it with a ‘secure and smart postal service’, where the post office only sends you mail that you’re interested in receiving and that the sender says you have permission to receive. A spam-free postal system – wouldn’t that be awesome!

Establishing a Communication Channel

For the Pub-Sub system to be effective there must be some way for the cloud to identify and communicate with each client. Live Mesh exposes facilities that allow clients to create a Queue which is uniquely associated with that particular client and assigns a unique name that is used to identify this queue. When creating a Subscription to a specific item, the client passes along its unique Queue name which allows Notifications to be delivered to that Queue. Going back to the postal system analogy, this Queue is like the mail box outside your home, and the unique name of the Queue is like your mailing address. Similar to how the postal system ensures that mail addressed to you only ends up in your mail box, Live Mesh services ensure that Notifications for a given client end up only in that client’s Queue.

The client is responsible for retrieving Notifications from its Queue. By separating delivery of Notifications from the act of retrieving them, the architecture enables various transport types to be used to retrieve Notifications from a Queue. Currently, the Live Mesh service cloud exposes two transports for retrieving these Notifications – HTTP and TCP. Given the pervasiveness and ease of use of these two transports, these were the first types we decided to support. As our service offering and scope grows, we can enable more transport types without major changes to the back-end architecture. Using the HTTP resource model exposed by the Live Mesh services, clients can choose to periodically fetch Notifications from their Queue. Using TCP enables clients to establish a long-lived connection to the Live Mesh service cloud so that Notifications can be pushed to clients as soon as they arrive. Different clients have different behavior, requirements and constraints – by providing various transport types we can enable several classes of clients and applications to leverage Live Mesh’s Pub-Sub system. Of course, these communications are encrypted and only the owner of a Queue can retrieve Notifications from it. It’s important to note that as it currently stands, the Queue and related services only support unidirectional messaging. Messages from clients to the Live Mesh service cloud do not flow via the Queue. Also, as of writing this post, the Live Mesh client available for Tech Preview doesn’t yet leverage the TCP transport solution – it will in a future release.

Besides change Notifications, the client’s Queue is also populated with a special type of Notification when another client wishes to initiate a peer-to-peer connection. Only authorized clients are allowed to send such peer-to-peer invites. The purpose of the peer-to-peer connection might be for file exchange and sync, for Live Remote connections, etc. Details about our peer-to-peer design can be found in this Channel 9 video.

All Queues and Queue-related information are managed by the Queue Service. Like other services described later in this post, the Queue service is a transient-state service and is built to scale horizontally. I’ll touch on both these characteristics of the services later.

Creating Subscriptions

Once a client has created its Queue, it can create Subscriptions to items in the Live Mesh cloud that it wants to stay current on by providing its Queue name along with the Subscription. Typically, each Live Mesh device creates Subscriptions for user/device presence, for each Live Folder’s various feeds (Membership, Contents, etc), for the news feed, and so on. In order to create a Subscription for a specific item, the client must provide proof that it has privileges to access the item. Once these Subscriptions have been created, the system ensures that the client will be informed when any of the items it has subscribed to are changed – each Notification that is delivered into the client’s Queue contains information about which specific resources has changed, in addition to other potentially interesting information about the changed resource.

Subscriptions created by clients are held in the PubSub Service. It is responsible for maintaining information about which client is interested in what item and for fanning out Notifications to the right clients when an item changes. You can think of it as the central post office of the ‘secure and smart postal system’ which acts as the one location for collecting all mail and then routing it onwards to the right destination. Just like the Queue Service, the PubSub Service is a transient-state service and is built to scale horizontally.

End-to-end Flow

Once a client has created a Queue and all its Subscriptions, it doesn’t aggressively keep refreshing information from the cloud. If using the HTTP transport to talk to its Queue, the client periodically polls the Queue to check for any Notifications that may have arrived. In cases where it’s using the TCP transport, the client is waiting for a Notification to be pushed down to it over the TCP channel. When an item changes in the cloud (let’s say, a file was added in a folder that the client has expressed interest in knowing about), the service responsible for that item (in this case, the storage service) informs the PubSub Service that the item has changed. The PubSub Service, which has been keeping track of all clients who are interested in that particular item, drops an appropriate change Notification in each interested client’s Queue. As soon as clients retrieve these Notifications (or as soon as the Notification is pushed to them) they can react. In the case of a new file being added, they might choose to begin initiating a peer-to-peer connection in order to sync the new file.

In our ‘secure and smart postal system’ analogy, this is equivalent to a magazine publisher informing the post office that a new edition is available, and the post office dropping a letter in each subscriber’s mail box informing them that a new edition is available. Optimally, the magazine publisher could also deliver one copy of the latest edition to the post office and the post office could be smart enough to create the right number of replicas and deliver a copy to each subscriber’s mail box. Here’s where the ‘smart’ in ‘smart and secure’ could come in!

Pub-Sub System end-to-end flow

Transient State Services and Scale-out

As I mentioned previously, all services that comprise the Live Mesh Pub-Sub System are transient-state services. Queues created by clients, Notifications that are delivered to specific Queues and Subscriptions representing a client’s interest in a particular resource are only ever held in memory and never persisted to any kind of store. As you might probably guess, performance was one of the biggest motivators for this design. Pub-Sub is characterized by short-lived rapidly changing data and data that needs to be readily available. Short-lived and changing because Queues, Subscriptions and Notifications are, by nature, transient – once a Notification is delivered to its intended recipient, it’s of no use; once a client is offline or doesn’t care about receiving Notifications, its Queue is of no use; Subscriptions could come as and go as application state changes. Data must be readily available because subscriber lists can often be huge, so retrieving them from persistent stores can introduce latencies that only increase as the service grows in size. Holding these in memory allows reads and writes to be processed very fast. Since they live in memory, both Queues and Subscriptions have lifetimes associated with them – clients must perform certain actions (some explicit, some implicit) to keep Queues and Subscriptions ‘alive’ and prevent associated resources from being reclaimed by the server. Given the initial wave of Live Mesh experiences and applications, having these be transient-state services definitely helps ensure high throughput and low latency. Of course, the fact we chose to implement the system as a transient state system is an implementation detail – as the product evolves and use cases changes, there might be reasons to prefer some kind of hybrid approach.

The system is also designed to enable horizontal scale-out. As the system needs more space to hold Queues and Subscriptions, we can bring up new instances of these services to increase capacity. Using a scheme based on consistent hashing, the Live Mesh services cloud guarantees that there is ever only one specific server instance that can ‘manage’ a given Queue or Subscription. The system also enables routing of messages for specific Queues and Subscriptions to the correct current manager. As new service instances come online and others go offline, the system automatically re-balances the distribution of Queues and Subscriptions to the currently available servers such that every Queue or Subscription is managed by one and only one server instance.

One of the obvious concerns with the system being implemented in-memory only is data recovery – when servers go down because of hardware/software issues, are re-booted, or otherwise need to be reset, all data resident in memory on those servers is also gone. For Queue Service instances, this implies that Queues belonging to several clients and potentially interesting Notifications in those Queues might be gone. For the PubSub Service, several subscriber lists might be lost when a server loses state. This is a problem we spent a huge amount of time addressing and designing for, and probably deserves a post of its own at some future time. A short summary of the solution is that in cases where one or several Queue and/or PubSub Servers go down, the system is able to detect exactly what happened and take remedial action to restore state in the cloud in cooperation with clients (because clients were the original source for all the transient data that was resident on those servers before they lost state).

Parting Notes

As the future scope of the Live Mesh experience, services and platform evolves (for instance, potentially allowing third-party services to subscribe to items in Live Mesh, enabling aggregators to leverage Live Mesh Pub-Sub, etc), the current Pub-Sub System architecture will hopefully provide a good scalable foundation which we can leverage to rapidly increase capabilities of the service.

We’re working on exposing Pub-Sub capabilities via the Live Mesh SDK when it becomes available so that developers can leverage the system in innovative ways to build responsive applications. Be sure to visit the Live Mesh Developer page and join the developer waiting list for announcements around the Live Mesh SDK when it’s available.

I hope this post gives a little more insight about how things work behind Live Mesh. Be sure to install Live Mesh on all your devices, give us feedback and report any issues you see!

Technorati Tags: LiveMesh

Behind Live Mesh: Authorization and encryption

Live Mesh Team — Thu, 29 May 2008 18:31:48 GMT

Hi, I am Nikolai Smolyanskiy, a developer on the Accounts team. I work on the Account service that takes care of account management, and user/device authentication and authorization in Live Mesh.

There were many questions asked by early adopters about how their data is transmitted and stored in Live Mesh, and how access is controlled. In this post I’ll talk about the security and authorization architecture behind Live Mesh, so that you understand the amount of care we take and feel better about trusting your data to the Mesh. This post can also be found here.

Here is the diagram that illustrates all communications between user devices and Live Mesh cloud services and encryption/security mechanisms used in these communication channels:

Live Mesh security is rooted at the authentication provider (Windows Live ID, aka Microsoft Passport is our provider today) which is used for initial user and device authentication. Once a user or a device is authenticated and a corresponding authentication token is obtained, the Live Mesh client passes this token to the Live Mesh Account service to access the root of the user’s mesh and to get the initial set of Live Mesh tickets. These tickets are used for further Mesh operations on other resources that this root is pointing to. All communications with the Live Mesh cloud services are done via HTTPS / SSL, so 3^rd parties cannot intercept and read client-server communication.

All user (or device) related resources in Live Mesh are organized in a RESTful manner, i.e. they form a graph where each node is identified by a unique URL and represents a given resource. Nodes contain resource metadata and links to other resources. Mesh operations are essentially CRUD operations on the nodes of the user tree or nodes of other user trees if those users shared any data. Live Mesh cloud services check access rights in each operation by inspecting passed tickets and authorizing access only if a correct set of tickets is passed. Tickets can be obtained from the Account service or from responses to previous cloud operations.

Live Mesh authorization tickets are standard SAML tickets. They are digitally signed with the Live Mesh private key to prevent spoofing and they expire after a limited lifetime. Some tickets are used to just authenticate users or devices, other tickets contain authorization information about user/device rights. Cloud services inspect each resource request and authorize access only if it contains valid tickets (correctly signed and not expired) and these tickets specify that the requestor indeed has access to the requested resource. For example, a device X can initiate P2P data synchronization with device Y only if it presents a ticket that is correctly signed by Live Mesh and contains a record saying that both device X and Y are claimed by the same user OR if it contains a record saying that X and Y have the same Live Mesh Folder mapped on them (in the case that the devices are claimed by different users that are members of this Live Mesh Folder). Tickets are passed to the cloud services in the Authorization header using HTTPS to prevent replay attacks.

Each device in Live Mesh (computers, PDAs, mobile phones) has a unique private key that is generated during Live Mesh installation and used to authenticate the device in P2P communications with other devices. When a P2P communication is being established between two devices, they first use asymmetric encryption (RSA algorithm) to exchange encryption keys and then use symmetric encryption (AES with 128 bit key) to transfer data/files over TCP/IP. The RSA exchange guards against leaking symmetric encryption keys. AES encryption protects actual data from prying eyes. Live Mesh also uses a keyed message authentication code (HMAC) to verify the integrity of the data exchanged on a P2P channel.

If there is no direct connection between two devices (for example, if one device is behind a firewall), then the cloud communication relay located in the Microsoft data center is used to forward data packets from one device to another. All the traffic is encrypted in the same way as in the case with direct P2P link, i.e. first keys are exchanged with RSA and then traffic is encrypted with AES. The cloud relay cannot decrypt/read user data, since encryption keys are exchanged with the use of asymmetric encryption (RSA).

Live Mesh cloud services help devices find each other and establish communications. They cannot read synchronized user data/files relayed through the cloud, except for the case when user files are synchronized with the cloud storage (i.e. Live Desktop). At the moment, the limited Tech Preview of Live Mesh synchronizes your files not only between your devices, but also with your cloud storage (which you can access via Live Desktop) until you reach your storage quota (5GB as of today). So your files and metadata that describes them are stored in the Microsoft datacenter. They are protected by strong access control mechanisms, but the data is not stored in encrypted form. After the storage quota has been reached, all files are synchronized only P2P and not stored in the cloud (only metadata is stored in the datacenter). In the future, Live Mesh will allow users to selectively choose which files or Live Mesh Folders they want to synchronize with the cloud. If you choose to synchronize your data/files between your devices only, Live Mesh will not store your files in the cloud and will only store metadata that lets the service to operate.

Technorati Tags: LiveMesh

Behind Live Mesh: What is MOE?

Live Mesh Team — Sat, 10 May 2008 01:41:01 GMT

Howdy! This is Richard Chung, a client developer for Live Mesh. You can find me blogging sporadically as DevDuck over on red hot place. I was one of the first developers on the Live Mesh team—I’ve been working on this stuff for over 2 years now and have been itching to talk about it!

By now, you’ve read all about Live Mesh. Hopefully, some of it makes sense to you—you might even be able to envision how it can dramatically change the way you manage data across your devices, share and interact with your friends and family, and collaborate with peers or partners! If not, that’s ok. The whole concept of Live Mesh will become clearer in the months ahead, especially as more applications and experiences are created on top of the platform.

Software + Services

When you were first introduced to Live Mesh, you probably played with the Live Desktop. It’s pretty snazzy. Maybe you even uploaded a few files too. Hey, it’s a cool service! You can store stuff in a cloud somewhere and access it anywhere using a webpage. Great!

As I look at the statistics on the service though, I notice that a significant portion of our users have stopped here. This pains me, as there’s a whole lot more you can do with Live Mesh. Didn’t you hear all the hoopla about Software + Services? Ever wonder, “Where’s the software?”

You might have noticed that on the device ring there’s a big orange button with a white ‘+’ sign. The magic happens when you click that big orange button and opt to “add a device” to your mesh. Click “Install” and you’ll download and install a very small program onto your machine. Once set up, you may notice a process called MOE.exe running on your computer. What exactly is MOE?

MOE: Mesh Operating Environment

MOE is an acronym for the “Mesh Operating Environment.” MOE is a service composition runtime that provides a unified view of all Live Mesh services and a simple way for applications to interact with Live Mesh. MOE is everywhere—it’s on all devices in your mesh (as “client MOE”), and it’s in the cloud (“cloud MOE”). The two are quite similar; they provide a symmetrical and consistent programming model between client and cloud. If you’re a developer, you’ll be able to take advantage of these flexible points of entry to Live Mesh in the way that’s most natural for you.

That’s a lot to digest. I won’t go into the developer story today; you’ll see more of that in the months ahead. For the purposes of this post, I’ll only focus on client MOE. Client MOE is at the heart of every device connected to your mesh, be it your PC or Mac or mobile.

The goals for client MOE are simple. Here are some of them:

· To allow seamless access to a user’s mesh and all the data in it;

· To abstract away common functionality, like synchronization protocols;

· To allow existing applications to participate in a user’s mesh, by optionally leveraging the local file system;

· To provide a seamless online/offline experience (also known as “occasionally connected”) by synchronizing and caching metadata from the cloud;

· To update seamlessly, providing new features and fixes in the platform; and

· To use minimal system resources, running in the background all the time.

You’ll notice that the idea of “seamlessness” really runs through these tenets. Obviously, since what we just released is a “Tech Preview,” we have only just started towards achieving these goals today. Rest assured that we will get better!

Let me elaborate on a couple of these points.

Online vs. Offline

In today’s world, many applications just don’t work if they’re not connected to the Internet. It’s much easier to write programs that assume connectivity to a service, than not. But why should it be so hard? MOE abstracts all this behavior for you. It caches the metadata that’s in your mesh and automatically synchronizes it, so that talking to MOE is essentially like talking to the cloud. And talking to MOE will always work, regardless of whether or not you have Internet connectivity. MOE will do the heavy lifting for you by synchronizing changes you’ve made locally, whether you are online or offline, with your mesh (when you have internet connectivity).

Today’s Applications

As high as our hopes are for Live Mesh, we realize that there isn’t anything today that fully showcases the true power and potential of the mesh yet. This is one of the reasons we’ve built simple file synchronization capability as a rich experience on top of MOE. This way, any existing application that writes files to disk (virtually all applications) will suddenly be able to leverage Live Mesh, without *any* changes to the application.

For example, say you use Windows Live Writer to collaboratively write blog posts, but it often takes several iterations before posting. You can now save your blog drafts into a Live Mesh folder, and suddenly those drafts are everywhere—on each of your devices and those with whom you share the folder. An idea for a post pops into your head on the bus ride to work? Start a post on the bus, add content to it at work, have others read it over and revise it on their own devices, add your final touches, and post at home that very evening! All without even thinking about e-mailing attachments back and forth.

Working on Live Mesh

I’ve been working on Live Mesh for over two years now. Prior to this I was a developer on the Windows Live Messenger service. When I first started on Live Mesh, I thought it would be a piece of cake. After working on huge scalable services that support millions of users, how hard could writing a little lightweight client be? It turns out that it’s quite hard. Synchronization may appear to be an easy problem (and in fact, there are a ton of apps out there that do simple file sync already), but it’s actually really tough to solve it in a *generic* fashion so that other applications can be built on top of it. That’s what we’ve strived for. (We’ll have a future post on how Live Mesh uses FeedSync underneath the covers, and what types of extensibility and other advantages that provides. Stay tuned!)

Here, There, Everywhere

Live Mesh is about to become your new best friend. The one you can’t live without and is always in the background to take care of things for you.

So what are you waiting for? Download and install Live Mesh on all your devices today! You’re missing out if you don’t. And be sure to give us feedback and report any issues you see!

Technorati Tags: LiveMesh

Behind Live Mesh: Live Desktop architecture

Live Mesh Team — Mon, 05 May 2008 20:17:00 GMT

As the unveiling of Live Mesh is a tech preview of the platform, similarly the Live Desktop release is only a glimpse into what will be available via the web portal. The promise is a rich cross-browser web experience that requires no installations, but will offer an enhanced look-and-feel if plugins are installed. I'd like to take a moment to describe the architecture of this Live Mesh platform experience and illustrate how the design will enable it to grow into a much richer experience. Let me warn you that this is intended to be a detailed developer-focused post. The key architectural features are the generic presentation framework; Live Mesh communication layer; Live Desktop windowing system; and C# to JavaScript compilation with Script#.

The generic presentation framework can be easily reused and extended to rapidly create performant data-driven applications. Its design resembles that of Windows Presentation Foundation in that there exist two clearly separated trees, one logical and one visual. In addition to being a natural separation for JavaScript and HTML, this has made code reuse and the addition of new features significantly faster and more seamless as logical controls can be customized with different styles for different UI components. The notable base classes in the logical tree are the UIElement and UIGroup.

The UIElement is the base class and has a one-to-one relationship with a DOM Element, handles input events, supports command routing, and participates in databinding. The UIElement performs memory management by removing its associated visual element from the DOM and detaching its event listeners when disposed. Command routing offers a convenient way of bubbling events through the logical tree to notify parent containers that an event has occurred. Databinding offers a very flexible way to present data as a UIElement may listen for specific property change events and update its associated visual element when these occur. In our framework, Binding objects are reusable and are composed of a source data property, a target UIElement, and a Converter which contains the logic for rendering data.

The UIGroup is a collection of UIElements and is the base class of all elements that participate in the rendering pass by the layout host. For expensive rendering events that involve more than small DOM manipulations, the UI Group will be added to the queue of items to be rendered and then its OnRender method will be called to perform the visual changes. It is worth mentioning the ItemsControl, which derives from UIGroup and represents a collection of data. The ItemsControl is instantiated with a shared visual template that is applied to render each item.

The visual styles are defined in resource dictionaries, which are reusable html string snippets sent down in JavaScript files. DOM elements are instantiated from these strings, keyed by id. This offers performance benefits as each snippet is sent over the wire exactly once and cached by the browser.

Let's look at a short example of how this framework is used to render the Icon View of files within a folder explorer on the Live Desktop. The files are represented by a ListBox, which derives from ItemsControl and extends it by maintaining a selected item. The style for the visual template for each item is defined in the resource dictionary as:

<div id=""$spaceIconItem""> 
    <img id=""iconItemImg"" /> 
    <div id=""folderViewNameCellLabel""></div> 
</div>

The image represents an icon specific to mime type and the label represents the name of that file. When the visual template is executed to render an individual item, it sets up databinding for each of these DOM Elements:

image.SetBinding( 
   "Src",  CommonBindings.MimeTypeToMediumIconOneTimeOneWay); 
label.SetBinding( 
   "Text", CommonBindings.NameOneWay);

The image source databinding will be executed only once, and will set the src property of the img to be that of the appropriate icon url. The label text will be updated whenever the name of the file changes and will modify the InnerText of the div. The ListBox will be added to the rendering queue of the layout host whenever the collection of files changes, for example by navigating into a new folder, and will instantiate each of its DOM children by invoking the above visual template.

For completeness in discussing the presentation framework, it is important to note that each collection of data in memory is stored in an ObservableCollection, which maintains a list of items and fires unique change events when items are added, items are removed, or the entire collection changes. This enables an ItemsControl to intelligently decide whether to render an individual data item or the entire collection.

The Live Mesh communication layer updates the ObservableCollections by performing incremental data requests on corresponding data feeds on a recurring interval. This layer also performs the http operations that result from user actions. It maintains a queue of operations and associated callbacks. It understands the Live Mesh cloud API and provides a layer of abstraction between app-specific transactions and the semantics of the Live Mesh platform.

With all of the above infrastructure in place, it was straightforward to build a windowing system into the Live Desktop. The list of windows is maintained as an ObservableCollection. There are three different templates applied to render each window depending on whether it is in the taskbar, on the desktop, or in the window toggle control (shift+tab to see this view). Activating a window simply means setting the ActiveWindow property true, as the css class of the DOM Element is bound to that property. Opening or closing a window will fire a granular change event from the ObservableCollection that the ItemsControl listens for and will respond to by adding or removing the individual item from view.

The architectural complexity and heavy usage of inheritance described above were greatly facilitated by Script#, a C# to JavaScript compiler developed by Nikhil Kothari. The strong IDE support from Visual Studio and compile-time syntax checking that this offers have been crucial as the Live Desktop codebase has grown.

What all this means is that the foundation has been laid to add many more exciting features to your Live Desktop. When you view it today, you should see a visually appealing view of a desktop that works well cross-browser, performs responsively once loaded (and will soon load faster), and enables you to traverse your cloud. You might also think to yourself "I wish I could upload more than one file at once" or "I wish this SilverLight media view wasn't one-size fits all and only worked on a subset of my data". The good news is that these features and many more are planned and that the Live Desktop architecture will facilitate adding these new components rapidly. While we have a clear set of features that we think will make this offering more compelling, we are eager to hear ideas from you.

- Alex Himel, developer for Live Desktop

Technorati Tags: LiveMesh

Behind Live Mesh: How we run cloud services

Live Mesh Team — Wed, 30 Apr 2008 11:11:00 GMT

A quick self-introduction: I’m Alex Mallet, one of the development leads on the Live Mesh project. I’ve been at Microsoft since ’97, except for an abortive [but instructive] side trip to graduate school in an attempt to get a PhD in computational biology. Just about all of my time has been spent working on distributed systems, of gradually increasing scale – I started out working on IIS, moved to Application Center 2000, worked on our P2P API toolkit and finally ended up on the Live Mesh team about a year and a half ago. On Live Mesh, my team and I are responsible for making sure our datacenter services are easy to deploy and manage, and for providing common functionality needed by our cloud services. So, on the heels of the previous blog posts that have introduced the “big picture” view, I thought I’d give you a bit more insight into some of the details of the “services” part of “Software + Services”, by talking about our services that run in the cloud.

Our general philosophy when building our cloud services was to adhere to the tenets of Recovery-Oriented Computing (ROC): programs will crash, hardware will fail, and they will do so regularly, so your system should be prepared to deal with these failures. While it’s easy to espouse these principles in theory, the obvious next question is how to turn them into practice, and here we were aided by a great “best practices” survey paper written by James Hamilton, namely “On Designing and Deploying Internet-Scale Services”. I won’t claim that we managed to do everything that’s in his paper [we’re only at the Tech Preview stage, after all J], but I think we’ve done a decent job so far, and are heading in the right direction overall.

Enough philosophy, on to some more detail.

From a functionality perspective, our cloud services can be grouped into four buckets: dealing with feed and data synchronization, providing authentication and authorization, maintaining and fanning out the system’s transient state [like the various notifications provided in the Live Mesh Bar], and the connectivity services for synchronization and remote desktop access to work across any network topology. Sliced along the “state” axis, we have stateless front-end services, back-end services that maintain in-memory state, and persistent storage layers that handle both structured and unstructured data. From a scaling perspective, our plan is to scale out, not up. Thus, we’ve invested in making sure that we have as many stateless services as possible, as well as having facilities that allow us to partition our state [both persistent and transient] across multiple machines, and reconfigure these partitions as necessary. Overall, we have close to 20 different services, with each service consisting of multiple, redundant instances of a particular bit of code, striped across several racks of machines in the datacenter – in keeping with the ROC assumptions, our goal is to be resilient to multiple hardware and software failures.

Our front-end services are accessible [only] via HTTPS – all of the traffic that flows in and out of our system is encrypted. Our back-end services use a mixture of HTTPS and custom protocols layered on top of TCP. The vast majority of the services are written in C#, with the only exceptions being services that needed deep integration with Windows functionality that isn’t [easily] accessible to an application written in managed code.

All of our services sit on top of a runtime library that contains facilities commonly needed by each service: process lifetime management, HTTP and TCP listeners, a debug logging facility, a work queue facility, APIs to generate monitoring data like performance counters, etc. This common runtime also contains debugging, testing and monitoring hooks; for example, we have the ability to inject random delays and failures into our HTTP pipeline, which allows us to test our failure monitors and the overall response of the system to slow and failing services.

Building a full-scale datacenter deployment and management system is a huge undertaking, so we chose the ~~lazy~~ smart route and went with an existing, battle-tested system, namely the Autopilot framework, which was developed, and is being used, by the Windows Live Search team to manage their tens of thousands of datacenter machines [we’re not at that scale yet, but we hope to be, with your help J]. We use Autopilot to manage our code and data deployments, for [some of our] failure monitoring and self-healing, and to give us insight into the current state of our datacenter machines and services.

On the monitoring front, we actually monitor the system at several levels – via simple Autopilot-style watchdogs, with more extensive tests called “runners”, by hitting our service from various points outside our datacenter, and also using a variety of tools that scan our logs for error messages, highlight machines that appear to be having problems, look for crashing services etc. Of course, all these monitors are still somewhat untested – I’m sure we’ll be making lots of tweaks, and adding new tools over the coming weeks and months as we start having to troubleshoot and keep a real live system up and running. J

Ok, I think that’s enough for one post. If this is a topic of interest to you, and you’d like more detail on some of the stuff I’ve talked about, please leave suggestions and questions in the comments, and I’ll address them in follow-up posts.

And, of course, don’t forget to sign up for Live Mesh and give us feedback !

Technorati Tags: LiveMesh