A previous post introduced some of the best practices using Azure Data Platform. It covered various options about structured and unstructured storage. This article covers some of the considerations regarding data in transit.

Azure Data Factory is frequently used to extract-transform-load data to the cloud. Even if there are on-premises SSIS data tasks to perform, Azure Data Factory can help to migrate the data from on-premises to the cloud. There are different components within the Azure Data Factory that help to meet this goal. The Linked Services provide connections to external resources that contain datasets to work with. The Pipeline has one or more activities that can be triggered to control/transform the data. The Integration Runtime provides the compute environment for data integration execution that involves flow, transform and movement. This can be Azure-based, self-hosted and an integration of Azure-SSIS that can lift and shift existing SSIS workloads. The pipeline and activities define actions to perform on the data. For example, a pipeline could contain a set of activities that ingest and clean log data and then kick off a mapping data flow to analyze the log data. When the pipeline is deployed and scheduled, all the activities can be managed as a set instead of each one individually. Activities can be grouped into data movement activities, data transformation activities, and control activities. Each activity can take zero or more input and output datasets. Azure Data Factory enables us to author workflows that orchestrate complex ETL, ELT and data integration tasks in a flexible way that involves graphical and code-based data pipelines with Continuous Integration / Continuous Deployment support.

Let us take a scenario for a company that has a variety of data from a variety of sources and requires automations for data ingestion and analysis in the cloud. It has a variety of data available, from a variety of sources and requires expertise in business analysis, data engineering, and data science to define an analytics solution. For this purpose, it leverages the new data analytics platform in Azure that has been discussed so far. The current practice in this company captures a variety of data about manufacturing and marketing and stores it in a centralized repository. The size of this repository limits the data capture to about one week’s worth of data and supports data formats in the form of json, csv, and text. Additionally, data also exists in another cloud in a publicly available object storage. The company is expecting to meet the following objectives with regard to data storage, data movement, and data analytics and insights. The data storage must be such that months of data to the tune of petabytes can be stored and support access control at the file level. Data must be regularly ingested from both the on-premises and AWS. The existing connectivity and accessibility to data cannot be changed. The analytics platform must support Spark and be available to the other cloud. Security demands the workspace used for analytics must be made available only to the head office.

A possible solution for the above scenario is one that could store the data in the Azure Data Lake Storage Gen2 because it scales to petabytes of data and comes with hierarchical namespace and POSIX-like access control list. The data can be copied or moved with Azure Data Factory that has a self-hosted integration runtime that is running on-premises and can access the on-premises storage privately. Even when certain data might be in the other cloud, Azure Data Factory can leverage the built-in Azure Integration runtime to access it. There are many services to choose from for the analytics solution, but Databricks provides the analytics because it could potentially work in both public clouds. The premium plan for Databricks can restrict the workspace use only to the head office. It also supports Azure AD credential pass-through when it is to be used for securing data lake storage.

 

Some best practices using Azure Data Platform: 

Structured and Unstructured data required different storage and processing. Structured data is a fixed format data with schema, types, and relationships. It requires a lot of upfront planning and is equally difficult to modify afterwards. It is frequently used to store application data for online transaction processing. The semi-structured data is very flexible format with various models such as key/value, document, etc. The emphasis is on long-term flexibility and modifications and is best suited to dynamic applications such as social media. Media files, text files and office documents are most frequently used unstructured data. 

Azure storage accounts can store blobs, queues, files and blocks. The kind of storage account determines the supported storage services, performance tier, and pricing. Data can be replicated in the primary region to a secondary region. The access tier influences the pricing and access latency. The hot, cool or archive access tiering suits data ageing and supports lifecycle management. The Gen2 storage supports hierarchical namespace. Object data can be streamed globally, and at scale. Lower latency and higher throughput come with performance tiers. Replication and accessibility must be part of the design decisions. 

Companies that require relational databases have a variety of products and offerings from Azure. They can choose to directly host a database on Azure using a fully managed offering that supports common SQL Server features. Otherwise, they could choose to deploy a managed SQL Server instance. If they want even more parity and control with a traditional on-premises database, then they could create Azure SQL Server virtual machines which provide full control and access. Those three options are ordered in terms of trade-offs between cloud native and full control and access. Cloud native resources come with built-in backup, patching, and recovery and provide 99.995% availability guarantee. They also integrate with Azure Active Directory. Azure SQL managed instances are deployed on a managed virtual cluster that Microsoft manages. It provides a private IP address and support for most migrations to the cloud. The SQL purchasing models can be DTU-based for predictive and linear increase between compute and storage or vCore based for scattered and independent compute versus storage. vCore also supports Azure Hybrid Benefits which supports porting on-premises SQL Server licensing. The General Purpose Service Tier uses blob storage at about 5-10 ms latency, the Business Critical uses SSD at about 1-2 ms latency and 16TB database, and Hyperscale supports up to 100TB databases. Azure SQL virtual machines provide full control and access with relaxed limits. 

The Data Lake storage is ideal to store huge amounts of varied or unstructured data and is built on top of block blobs. It enables common analytical features and access and is especially useful to store large volumes of text with support for hierarchical namespaces. It is accessible by Hadoop services and supports a superset of POSIX for finer-grained access controls. Synapse Analytics combines data warehousing and big data analytics. It has tools for data integration from diverse sources and powers analytics with massively parallel processing. The resource pools can be SQL pool, Spark pool and Synapse supports pipelines for data movement and transformation using Azure Data Factory workflows and supports connectivity to CosmosDB for near real-time analytics. The models served by Synapse can be rich. Databricks are favored for Apache Spark-based big data and machine learning. Environments with Databricks can run SQL queries on a data lake, provide a collaborative workspace for working on big data pipelines and analytics and end-to-end integrations for ML experiments, model training and serving. The premium tier can help with management, security and monitoring with audit logs, notebooks, cluster, job RBAC, Azure AD passthrough and IP access lists. 

The right choices for cloud engineering can bring tremendous value to data engineering professionals. 

Linux kernel extensions continued

 

Application development frequently encounters the need for background tasks or scheduled jobs. Long running tasks are often delegated to background workers. In fact, some models require a state reconciliation control loop that is best met by background workers. This idea is frequently encountered with infrastructure providers. For example, Kubernetes has a language that articulates state so that its control loop can reconcile these resources. The resources can be generated and infused with specific configuration and secret using a configMap generator and a secret generator respectively. It can take an existing application.properties file and generate a configMap that can be applied to new resources.

FUSE can also be used with remote folders. Mounting a remote folder is a great way to access information on a remote server. Mounting the folder into the filesystem will allow us to drag and drop files into the required folder and the information will then be transferred to the remote location. For example, the following commands can be used to set this up:

yum install epel-release -y

yum install fuse sshfs -y

modprobe fuse

lsmod | grep fuse

echo “modprobe fuse” >> /etc/rc.local

ssh root@198.162.2.9:/home/mount /home/remote

Linux Kernel Continued...

 

Linux also supports FUSE which is a user-space file-system framework. It consists of a kernel module (fuse.ko), a userspace library(libfuse.*) and a mount utility (fusermount). One of the most important features of FUSE is allowing secure non-privileged mounts. One example of this is the sshfs which is a secure network filesystem using the sftp protocol.

One of the common applications for FUSE filesystem is the use of a Watchdog to continuously monitor a folder to check for any new files or when an existing file is modified or deleted. As an example, if the size of the folder exceeds a limit, then it can be pruned. Watchdog is an open-source cross-platform python API library that can be used to monitor file systems. The Watchdog observer keeps monitoring the folder for any changes like file creation and when an event occurs, the event handler executes the event’s specified action.

Such usage is very common when there are a lot of files being uploaded to a file directory, let us say a hot folder and those files may never be used once they are processed. It helps to keep the file contents of the hot folder under a certain size limit for performance reasons. Therefore, another folder is created to roll over the contents from the hot folder. Let us call this folder the cold folder. It might so happen that processing might not have caught up with a file in the hot folder  and it is moved to the cold folder. The application then needs to check the hot folder first and then the cold folder and with the help of an attribute or a modification to the file name or the presence of an output file, detect if the file has been processed. The hot and cold folder are interchangeable for reading from and writing to the file. Since FUSE provides a bridge to the actual kernel interfaces, the library providing event handling interfaces can extend it to pass through the file operations without requiring the application to know whether the hot or cold folder is used. The only overrides to the operating system file system operations would be to resolve the appropriate folder.

Linux kernel continued

 

Linux supports several file systems. The Virtual File System Interface allows Linux to support many file systems via a common interface. It is designed to allow access to files as fast and efficiently as possible.

Ex2fs was the original file system, and it became widely popular allowing typical file operations such as to create, update, and delete files, directories, hard links, soft links, device special files, sockets, and pipes. It suffered from one limitation that if the system crashed, the entire file system would be validated and corrected for inconsistencies before it is remounted. This was improved with journaling where every file system operation is logged before the operation is executed and the log is replayed to bring the file system to consistency.

Linux Volume Managers and Redundant Array of Inexpensive Disks (RAID) provide a logical abstraction of a computer’s physical storage devices and can combine several disks into a single logical unit to provide increased total storage space as well as data redundancy. Even on a single disk, they can divide the space into multiple logical units, each for a different purpose.

Linux provides four different RAID levels. RAID-Linear which is a simple concatenation of disks that comprise the volume. Raid-0 is a simple striping where the data that is written is interleaved in equal-sized “chunks” across all disks in the volume. RAID-1 is mirroring where  all data is replicated on all disks in the volume. A RAID-1 volume created from n disks can survive the failure of n-1 of those disks. RAID-5 is striping with parity which is similar to RAID-0 but with one chunk in each stripe containing parity information instead of data. RAID-5 can survive the failure of any single disk in the volume.

A Volume-Group could be used to form a collection of disks also called Physical-Volumes. The storage space provided by these disks is then used to create Logical-Volumes. It is also resizable.  New volumes are easy to add as extents and the Logical Volumes can be expanded or shrinked and the data on the LVs can be moved around within the same Volume-Group.

Beyond the hard disk, keyboard and console that a Linux system supports by default, a user-level application can create device special files to access other hardware devices. They are mounted as device nodes in the /dev directory. Usually, these are of two types: a block device and a character device. Block devices allow block-level access to the data residing on a device and the character devices allow character-level access to the devices. The ls -l command will show a ‘b’ for block device and a ‘c’ for character device in the permission string. The virtual file system devfs is an alternative to these special devices. It reduces the system administrative task of creating device node for each device.  A system administrator can mount the devfs file system many times at different mount points but changes to a device node is reflected on all the mount points. The devfs namespace exists in the kernel even before it is mounted which makes the device node, to become available independently of the root file system.

Linux Kernel continued...

 

Interprocess communications aka IPC occurs with the help of signals and pipes. Linux also supports System V IPC mechanisms. Signals notify events to one or more processes and can be used as a primitive way of communication and synchronization between user processes. Signals can also be used for job control.  Processes can choose to ignore most of the signals except for the well-known SIGSTOP and SIGKILL. The first causes a process to halt its execution. The second causes a process to exit. Defaults actions are associated with signals that the kernel completes. Signals are not delivered to the process until it enters running state from ready state. When a process exits a system call, the signals are then delivered. Linux is POSIX compatible so the process can specify which signals are blocked when a particular signal handling routine is called.

A pipe is a unidirectional, ordered and unstructured stream of data. Writers add data at one end and readers get it from the other end. An example is the command “ls | less” which paginates the results of the directory listing.

UNIX System V introduced IPC mechanisms in 1983 which included message queues, semaphores, and shared memory. The mechanisms all share common authentication methods and Linux supports all three. Processes access these resources by passing a unique resource identifier to the kernel via system calls.

Message queues allow one or more processes to write messages, which will be read by one or more processes. They are more versatile than pipes because the unit is a message rather than an unformatted stream of bytes and messages can be prioritized based on a type association.

Semaphores are objects that support atomic operations such as set and test. They are counters for controlled access to shared resources by multiple processes. Semaphores are most often used as locking mechanisms but must be used carefully to avoid deadlocking such as when a thread holds on to a lock and never releases it.

Shared memory is a way to communicate when that memory appears in the virtual address spaces of the participating processes. Each process that wishes to share the memory must attach to virtual memory via a system call and similarly must detach from the memory when it no longer needs the memory.

Linux has a symmetrical multiprocessing model. A multiprocessing system consists of a number of processors communicating via a bus or a network. There are two types of multiprocessing systems: loosely coupled or tightly coupled. Loosely coupled systems consists of processors that operate standalone. Each processor has its own bus, memory, and I/O subsystem, and communicates with other processes through the network medium. Tightly coupled systems consists of processors that share memory, bus, devices and sometimes cache. These can be symmetric and asymmetric. Asymmetric systems have a single master processor that controls the others. Symmetric systems are subdivided into further classes consisting of dedicated and shared cache systems.

Ideally, an SMP System with n processors would perform n times better than a uniprocessor system but in reality, no SMP is 100% scalable.

SMP systems use locks where multiple processors execute multiple threads at the same time. Locking must be limited to the smallest time possible. Another common technique is to use finer grain locking so that instead of locking a table, only a few rows are locked at a time. Linux 2.6 removes most of the global locks and locking primitives are optimized for low overheads.

Multiprocessors demonstrate cache coherency problem because each processor has an individual cache, and multiple copies of certain data exist in the system which can get out of sync.

Processor affinity improves system performance because the data and the resources accessed by the code will stay local to the processor’s cache due to warmth. Affinity helps to use these rather than fetch repeatedly. Use of processor affinity is accentuated in Non-uniform Memory Access architectures where some resources can be closer to a processor than others.

Linux Kernel

 

The kernel has two major responsibilities:

-          To interact with and control the system’s hardware components.

-          To provide an environment in which the application can run.

All the low-level hardware interactions are hidden from the user mode applications. The operating system evaluates each request and interacts with the hardware component on behalf of the application.

Contrary to the expectations around subsystems, the Linux kernel is monolithic. All of the subsystems are tightly integrated to form the whole kernel. This differs from microkernel architecture where the kernel provides bare minimal functionality, and the operating system layers are performed on top of microkernels as processes. Microkernels are generally slower due to message passing between various layers. But Linux kernels support modules which allow it to be extended. A module is an object that can be linked to the kernel at runtime.

System calls are what an application uses to interact with kernel resources. They are designed to ensure security and stability. An API provides a wrapper over the system calls so that the two can vary independently. There is no relation between the two and they are provided as libraries to applications.

The /proc file system provides the user with a view of the internal kernel data structures. It is a virtual file system used to fine tune the kernel’s performance as well as the overall system.

The various aspects of memory management in Linux includes address space, physical memory, memory mapping, paging and swapping.

One of the advantages of virtual memory is that each process thinks it has all the address space it needs. The isolation enables processes to run independently of one another. The virtual memory can be much larger than physical memory in the system. The application views the address space as a flat linear address space. It is divided into two parts: the user address space and the kernel address space. The range between the two depends on the system architecture. For 32 bit, the user space is 3GB and the kernel space is 1GB. The location of the split is determined by the PAGE_OFFSET kernel configuration variable.

The physical memory is architecture-independent and can be arranged into banks, with each bank being a particular distance from the processor. Linux VM represents this arrangement as a node. Each node is divided into blocks called zones that represent ranges within memory. There are three different zones: ZONE_DMA, ZONE_NORMAL, and ZONE_HIGHMEM. Each zone has its own use with the one named normal for kernel and the one named highmem for user data.

When memory mapping occurs, the kernel has one GB address space. The DMA and NORMAL ranges are directly mapped to this address space. This leaves only 128 MB of virtual address space and used for vmalloc and kmap. With systems that allow Physical Address Extension, handling physical memories in tens of gigabytes can be hard for Linux. The kernel handles high memory on a page-by-page basis.  It maps the page into a small virtual address space (kmap) window, operates on that page and unmaps the page. The 64 bit architecture do not have this problem because their address space is huge.

The virtual memory is implemented depending on the hardware. It is divided into fixed size chunks called pages. Virtual memory references are translated into addresses in physical memory using page tables. Different architectures and page sizes are accommodated using three-level paging mechanism involving Page Global Directory, Page Middle Directory, and Page Table. This address translation provides a way to separate the virtual address space of a process from the physical address space. If an address is not in virtual memory, it generates a page fault, which is handled by the kernel.  The kernel handles the fault and brings the page into main memory even if it involves replacement.

Swapping is the moving of an entire process to and from the secondary storage when the main memory is low but is generally not preferred because context switches are expensive. Instead, paging is preferred. Linux performs swapping at page level rather than at the process level and is used to expand the process address space and to circulate pages by discarding some of the less frequently used or unused pages and bringing in new pages. Since it writes to disk, the disk I/O is slow.