One of our customers is using Azure exclusively as their main platform for hosting, CDN and video streaming.
Their infrastructure is built upon Azure Web Apps and Storage accounts for storing large files.

The solution works beautifully in Europe and the US. Users from China however have reported that they experience low performance (package drops and timeouts) when trying to use the system. Actions that take 30 seconds to complete from Europe can take up to 20 minutes from inside China.

To solve this issue we looked at a number of solutions. Azure has data centers located all over the world so our first attempt was to install the system in a center closer to China. Unfortunately our tests showed that even if we installed our system in the closest possible center (which is located in Hong Kong) the Great firewall of China still made most of the system very hard to work with.

When this did not work we started investigating Azure China. Azure China is pretty much a clone of Azure but is located inside mainland China i.e. behind the firewall. It is completely separated from regular Azure but is kept fairly up to date with the updates in Azure.

As the information on Azure China is old and/or inadequate when using Google I will try to write down how you can get started and things that are of extra importance.


Register an account

First of you need to register for an account as Azure China is its own entity, separated from Azure.

To register you need a company registered in China and someone who can read Chinese.
Registration is done somewhere on http://www.windowsazure.cn

Payment is done using AliPay, China UnionPay (CUP) or invoice. Invoice is only available if you plan to spend more than 150 000 CNY per year (roughly 22 000 euro).

The AliPay and CUP alternatives are pre-paid, i.e. you buy credits in Azure China which can later be used. Credits are valid for 12 months once bought. The prices are roughly the same as in Europe. Pricing information is available on http://www.windowsazure.cn/pricing/pia/ (click on English to get an English version).


Logging in / setup infrastructure

Once you have your account you will get an unique URI (something like https://manage.windowsazure.cn/<customer id>).
This is the Management portal for Azure China. Credentials should also be included in the confirmation from Azure China.

EDIT: Azure Portal is now available at https://portal.azure.cn/

The management portal is all in English so we got that going for us! :)

Once logged in you can setup things in pretty much the same way as in regular Azure.

Note that Azure China is a few versions behind regular Azure and not all services are supported. A list of supported and not supported services can be found at http://www.windowsazure.cn/documentation/articles/developerdifferences/#readyonwacn
Use Google translate or something to translate it from Chinese.

Deploying sites

Normally one would use the Visual Studio "Publish" function, log in to one's account and download the deploy profile all from within Visual Studio. I haven't gotten this to work for Azure China. This could be that I already have a subscription to regular Azure on my account or something.

Instead log in to the Management portal and navigate to your site.

First thing you need to do is setup deployment credentials.
Just below the header "Publish your app" you should have an option "Setup deployment credentials". Click this link and provide a username and a password.

Note that these credentials are the same for all sites in the same app service plan.

Once finished, click on the "Download the publish profile" link to download the profile used by Visual Studio. The profile must be copied to <site project>\Properties\PublishProfiles and preferably added to the site's csproj file. To deploy the site, right click on the project and click on Publish. The deployment profile should be added to the list of targets.

Note that deploys from Europe to China often times out or have some other error occur during deployment. We solved this by setting up an extra slot called "deploy" which we deploy to and then swap in the management portal. This way we don't risk leaving the site in a broken state.

Kudu services / SCM

Kudu services is a nice tool to use when working with web apps in Azure. It gives you process monitoring and access to logs and the site's files. You can access it by navigating to <site name>.scm.azurewebsites.net or <site name>.scm.chinacloudsites.cn

Kudu services also exist in Azure China but is a few versions behind. The only feature I've missed in Azure China's version is drag and drop support for uploading files which makes it a hassle to add new files.

In Azure you would use your Microsoft account to login to Kudo. In Azure China you use basic authorization using the deployment credentials for the app service plan.


Storage accounts

Connection strings to the storage account differ a bit from regular Azure. You will need to add an EndpointSuffix to the connection string for it to work:
DefaultEndpointsProtocol=https;AccountName=<name>;AccountKey=<key>;EndpointSuffix=core.chinacloudapi.cn;

I haven't found a way to view an Azure China storage account in Visual Studio but Azure Storage Explorer 6 preview 3 does support it. https://azurestorageexplorer.codeplex.com/

Legal

For custom domains an ICP license is required (https://en.wikipedia.org/wiki/ICP_license).
To my understanding this is not needed if using the chinacloudsites.cn domain as Azure already have an ICP license. Verify this with your legal department just to be sure.

Are you planning to use a custom SSL certificate? The certificate must approved by the Chinese government. The certficiate used by *.chinacloudsites.cn is already approved.

Good to know / tips and tricks

  • Azure China seem to use a low TTL on their DNS records. The result is that from time to time you will get an "This address does not exist" error when trying to access your site, Kudo services or the management portal. Just refresh and it usually works right away.
  • Timeouts during deploys are common (at least from Europe). Setup an extra slot on your site where you can deploy and the swap with the live site.
  • Uploading stuff is painfully slow. On a network where I usually get 10-15 MB/s to regular Azure I got roughly 30 KB/s to Azure China (using cURL for a web api).
  • Azure China supports FTP for all its web apps by default using the deployment credentials. Set your client to auto resume failed transfers and you're good to go.
  • Kudo services supports the "unzip" command, i.e. you can FTP a zip and then unzip it on the server. This has saved me hours in waiting for data to transfer.
  • The wild card SSL certificate for *.chinacloudsites.cn uses SHA-1 as hashing function and the CA is not trusted by iOS devices.

 

4 Comments