Expired Certificate Hoses Microsoft’s Cloud Service

Yesterday, at around 3:45 PM EST, users of Microsoft’s Azure cloud computing platform began to experience problems world-wide.   The    problem apparently stemmed from an SSL certificate that had expired.  The certificate was used by Azure storage service, and the problem had knock-on effects on other Azure services as well.   The following message was posted on the Windows Azure Service Dashboard:

On Friday, February 22 at 12:44 PM PST, Storage experienced a worldwide outage impacting HTTPS traffic due to an expired SSL certificate. This did not impact HTTP traffic.

At the time I’m writing this, about 14:25 EST on Saturday, February 23, the Dashboard is still showing “Storage service degradation” across all regions.   The most recent status update says:

We have executed repair steps to update SSL certificate on the impacted clusters and have recovered to over 99% availability across all sub-regions. We will continue monitoring the health of the Storage service and SSL traffic for the next 24 hrs. Customers may experience intermittent failures during this period.

Although there are many systems that have enviable records of reliability, occasional service outages are still something to be expected and planned for.  In some cases, such as a natural disaster, it is possible to have considerable sympathy for the systems’ operators; forecasting rare events is difficult almost by definition (we assume the future will be like the past, because in the past, the future has been like the past).

It’s difficult for me to work up a lot of sympathy in this case, however.  SSL cryptographic certificates have a well-defined expiration date.  In addition, the certificate in question appears to have been issued by “Microsoft Secure Server Authority”; in other words, Microsoft was unable to get a timely renewal of the certificate from itself.  If I were a customer of the Azure service, I would not be too happy right now.

Azure Welcomes Linux

I’ve noted here before that Microsoft, a company that has traditionally been dismissive of the open-source software movement (CEO Steve Ballmer once described Linux as “a cancer”), seems to have undergone something of a change of heart.  It moved customers of its discontinued “Live Spaces” blogging platform to the open-source WordPress, and announced that it would use the Apache Foundation’s Hadoop project for “big data” applications.  It has even become a significant contributor to Linux kernel development.

In a recent announcement, reported in an article at Ars Technica, Microsoft has now said that Linux will be a first-class OS citizen in its new Azure “cloud” service, along with Windows server systems.

OpenSUSE 12.1, CentOS 6.2, Ubuntu 12.04, and SUSE Linux Enterprise Server 11 SP1 join Windows Server 2008 R2 and Windows Server 2012 Release Candidate in the list of compatible operating systems that can be used in Azure’s new infrastructure-as-a-service virtual machine role.

Although it was possible to use Linux on Azure in a limited way before, this announcement means that, like Windows virtual machines [VMs], Linux VMs will be persistent, making them much easier to integrate with an enterprise’s overall IT environment.  Another aspect of the new capabilities is Azure Virtual Network, which will allow Azure VMs to be securely linked to traditional on-premises infrastructure over a virtual private network [VPN].

In conjunction with the Microsoft announcement, there were also announcements of commercial support services for Linux on Azure.  Wired reports, in a post on the “Cloudline” blog, that OpenLogic, a commercial support provider for open-source software, will provide Service Level Agreement [SLA] support for the CentOS Linux distribution on Azure.   According to an article at Ars Technica, Canonical Ltd, the sponsor of the Ubuntu Linux distribution, is working with Microsoft to provide similar support for Ubuntu on Azure.   Mark Shuttleworth, the founder of the Ubuntu project, anticipating that there may be some reluctance on the part of some open-source stalwarts to partner with Microsoft, writes in a blog post:

There is nothing proprietary in Ubuntu-for-Azure, and no about-turn from us on long-held values. This is us making sure our audience, and especially the enterprise audience, can benefit from the work our community and Canonical do no matter where they want to do it.

I’m sure that some free software folks will feel like participating only while holding their noses, if that; but actually, it seem to me that this is a significant victory.  Microsoft is doing this, at least in part, because their customers are demanding it. As the line sometimes attributed to Gandhi has it, “First they ignore you, then they laugh at you, then they fight you, then you win. “