DigitalOcean becomes the second largest hosting company in the world
1st May, 2015
DigitalOcean has grown to become the second-largest hosting company in the world in terms of web-facing computers, and shows no signs of slowing down.
The virtual private server provider has shown phenomenal growth over the past two-and-a-half years. First seen in our December 2012 survey, DigitalOcean today hosts more than 163,000 web-facing computers, according to Netcraft's May 2015 Hosting Provider Server Count. This gives it a small lead over French company OVH, which has been pushed down into third place.
Amazing growth at DigitalOcean
DigitalOcean's only remaining challenge will be to usurp Amazon Web Services, which has been the largest hosting company since September 2012. However, it could be quite some time until we see DigitalOcean threatening to gain this ultimate victory: Although DigitalOcean started growing at a faster rate than Amazon towards the end of 2013, Amazon still has more than twice as many web-facing computers than DigitalOcean today.
Nonetheless, DigitalOcean seems committed to growing as fast as it can. Since October 2014, when we reported that DigitalOcean had become the fourth largest hosting company, DigitalOcean has introduced several new features to attract developers to its platform. Its metadata service enables Droplets (virtual private servers) to query information about themselves and bootstrap new servers, and a new DigitalOcean DNS service brought more scalability and reliability to creating and resolving DNS entries, allowing near-instantaneous propagation of domain names.
Other companies are also helping to fuel growth at DigitalOcean. Mesosphere created an automated provisioning tool which lets customers use DigitalOcean's resources to create self-healing environments that offer fault tolerance and scalability with minimal configuration. Mesosphere's API makes it possible to manage thousands of Droplets as if they were a single computer, and with DigitalOcean's low pricing models and SSD-only storage, it's understandable how this arrangement can appeal to particularly power-hungry developers.
In January, DigitalOcean introduced its first non-Linux operating system, FreeBSD. Although less commonly used these days, FreeBSD has garnered a reputation for reliability and it was not unusual to see web-facing FreeBSD servers with literally years of uptime in the past. In April, DigitalOcean launched the second version of its API, which lets developers programmatically control their Droplets and resources within the DigitalOcean cloud by sending simple HTTP requests.
DigitalOcean added a new Frankfurt region in April 2015.
More recently, DigitalOcean introduced a new European hosting region in Frankfurt, Germany. This is placed on the German Commercial Internet Exchange (DE-CIX), which is the largest internet exchange point worldwide by peak traffic, allowing Droplets hosted in this region to offer good connectivity to neighbouring countries. (An earlier announcement of an underwater Atlantis datacenter sadly turned out to be an April Fool's joke, despite the obvious benefits of free cooling).
Even so, Amazon still clearly dwarfs DigitalOcean in terms of variety of features and value-added services. Notably, Amazon offers a larger variety of operating systems on its EC2 cloud instances (including Microsoft Windows), and its global infrastructure is spread much wider. For example, EC2 instances can be hosted in America, Ireland, Germany, Singapore, Japan, Australia, Brazil, China or even within an isolated GloudGov US region, which allows US government agencies to move sensitive workloads into the cloud whilst fulfilling specific regulatory and compliance requirements. As well as these EC2 regions, Amazon also offers additional AWS Edge Locations to be used by its CloudFront content delivery network and its Route 53 DNS service.
Yet, as well as its low pricing, part of the appeal of using DigitalOcean could lie within its relative simplicity compared with Amazon's bewilderingly vast array of AWS services (AppStream, CloudFormation, ElastiCache, Glacier, Kinesis, Cognito, Simple Workflow Service, SimpleDB, SQS and Data Pipeline to name but a few). Signing up and provisioning a new Droplet on DigitalOcean is remarkably quick and easy, and likely fulfils the needs of many users. DigitalOcean's consistent and strong growth serves as testament to this, and will make the next year very interesting for the two at the top.
North Korean websites still barely reachable since Christmas
10th February, 2015
North Korea's presence on the internet has remained extremely patchy for more than a month, with little improvement since a suspected DDoS attack that took place just before Christmas.
The state-run Korean Central News Agency website at www.kcna.kp has been barely reachable since Christmas day. Only 13% of requests to the site succeeded during the past month, with the worst period being around the end of January when the site became completely unavailable for several days in a row from our network of performance monitors.
Although the articles on www.kcna.kp are written in multiple languages, the KCNA clearly acknowledges that North Korea has never been an ideal location to host material that is intended for global consumption — for greater dissemination, the agency continues to publish articles to a secondary site at www.kcna.co.jp, which is hosted at a much more reliable location in Japan.
Even so, both of these sites remain deliberately inaccessible from some parts of the world. Access to both has been blocked in South Korea, and addresses in New Zealand were blocked after scraping content to be used on the KCNA Watch website, which tracks North Korean media.
When they do succeed, most requests to www.kcna.kp are met with an HTTP 1.0 response, which renders as a blank page. These responses can take a few minutes to be received:
$ curl -i http://www.kcna.kp HTTP/1.0 200 OK Connection: Close Pragma: no-cache cache-control: no-cache Refresh: 0.1 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd"> <!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> --> <HTML> <HEAD> <META HTTP-EQUIV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML>
Occasionally, www.kcna.kp will return its proper content in a HTTP 1.1 response which uses JavaScript to redirect the browser to http://www.kcna.kp/kcna.user.home.retrieveHomeInfoList.kcmsf, but this page — as well as all of the images and scripts it uses — suffers from similar performance issues, making the site practically unusable from many locations outside of North Korea.
When it is accessible, this is what kcna.kp looks like.
Roughly half of the small number of websites hosted in North Korea, including www.kcna.kp, use Apache 2.2.15 running on the Linux-based Red Star 3.0 operating system. The Korea Computer Center (which also administers the .kp top-level domain) released this version of Red Star in 2013, but it was not until the end of last year that the rest of the world gained hands-on experience with it after an ISO image of the installation disk was distributed via bittorrent.
One of the sites using Apache 2.2.15 and Red Star 3.0 is the Korea Elderly Care Fund website at www.korelcfund.org.kp, which seemed to disappear completely for a few weeks after Christmas.
The rest of North Korea's websites are served by Apache running on CentOS, which is a free operating system derived from the sources of Red Hat Enterprise Linux. Websites using this platform in North Korea include the Korea National Insurance Corp site at www.knic.com.kp and the Committee for Cultural Relations with Foreign Countries at www.friend.com.kp, which ironically failed to respond to 84% of requests from our network of performance monitors.
Two years ago, Netcraft noted that kcna.kp used to run on Apache 2.2.3 with Red Hat Enterprise Linux 5. As this Linux distribution is owned, distributed and supported by an American multinational company, it is subject to U.S. export controls, which specifically prohibit its use in North Korea. As a result, this installation was likely unlicensed and so may not have received security updates, and would certainly not have received any official support.
North Korea normally has a very small presence on the internet, even when everything is working properly. Before the alleged attacks, Netcraft's Web Server Survey found 916 million websites around the globe, but only 24 of these sites were hosted in North Korea. To put that in perspective, you would have more chance of winning the UK's National Lottery jackpot than you would of randomly picking a North Korean website out of our survey.
Despite having an estimated population of 25 million people, North Korea has relatively few IP addresses of its own - just 1,024 in total. A third of the websites hosted in North Korea are served from a single IP address within this block, so a successful DDoS attack against this address is likely to take out several sites at once.
Hosted on an IP address assigned to North Korea, cqztjx.com is plastered with adverts for online gambling services.
In addition to North Korea's 1,024 native IP addresses, a block of 256 IP addresses in the range 5.132.126.0 – 5.132.126.255 has also been assigned to an End User in North Korea. These addresses appear to be used solely for hosting online gambling websites on virtual private servers. This block is marked as ASSIGNED PA, which means it is not permanently allocated to North Korea; the range will be lost if the local issuing internet registry, Outside Heaven, terminates its services.
inetnum: 5.132.126.0 - 5.132.126.255 netname: OUTSIDEHEAVEN_MUTI-IP_VPS descr: OUTSIDEHEAVEN_MUTI-IP_VPS infrastructure country: KP admin-c: OHS18-RIPE tech-c: OHS18-RIPE status: ASSIGNED PA
North Korea's other additional assigned network block at 77.94.35.0 – 77.94.35.255 does not currently appear to be used for hosting websites.
DigitalOcean: 4th largest hosting company in under 2 years
31st October, 2014
The number of web-facing computers hosted by DigitalOcean has grown by nearly 400% over the past year, making it the fourth largest hosting company in the world.
Even more remarkable is that this position has been achieved completely from scratch in less than two years — DigitalOcean first appeared in our survey in December 2012, when it had only 138 web-facing computers. Now it has more than 100,000 computers, and has recently overtaken well-established hosting companies such as Rackspace and Hetzner, despite their considerable head starts over DigitalOcean.
Growth at DigitalOcean
| Dec 2012 | Apr 2013 | Oct 2013 | Apr 2014 | Oct 2014 | |
|---|---|---|---|---|---|
| Computers | 138 | 2,821 | 22,491 | 63,436 | 108,489 |
| Active Sites | 237 | 5,547 | 66,230 | 161,994 | 286,342 |
| Hostnames | 328 | 73,827 | 336,615 | 1,522,539 | 2,044,827 |
DigitalOcean provides SSD-backed virtual computers (called "droplets") which are available at relatively low hourly rates, making it an attractive hosting location for hobbyists and large companies alike. Coupled with promotional voucher codes which offer free credit to new users, these low costs have likely played a big part in DigitalOcean's rapid growth. If current growth rates persist, DigitalOcean is likely to become the third largest hosting company within the next few months, and could well be biting at the heels of second-place OVH early next year.
Only Amazon has grown faster over the past 12 months, putting its lead well out of DigitalOcean's reach — at least for the time being. DigitalOcean's attractive pricing has no doubt been putting pressure on Amazon, who introduced a new general purpose instance type for Amazon Elastic Compute Cloud (EC2) before announcing lower-than-expected Q2 results. The new "t2.micro" instances are the lowest-cost option at Amazon, costing $0.013 per hour, but do not include persistent storage by default.
These changes have brought the virtual hardware costs of Amazon EC2 almost on par with DigitalOcean, where a droplet with 1GB RAM and 30 GB of SSD storage currently costs $10 per month. A comparable t2.micro instance on Amazon EC2 would cost around $12 per month. However, the biggest difference is likely to manifest itself in the cost of bandwidth: The $10 DigitalOcean droplet includes 2TB of data transfer, whereas Amazon charges up to $0.12 per GB of outbound data transfer beyond the first GB. If both were used to serve 2TB of data to the internet, DigitalOcean's droplet cost would still only be $10, whereas Amazon's would skyrocket to more than $250.
With price wars in full swing, it will be interesting to see how other hosting companies try to compete in this rapidly growing market. DigitalOcean already offers a cheaper, less powerful droplet at $5/month, but even lower spec virtual machines can be found for significantly less – Atlantic.net, for example, offers instances with 256MB RAM and 10GB of storage from only $0.99/month, and Amazon's AWS Free Tier provides up to 12 months of free, hands-on experience with several AWS services, including up to 750 hours per month of t2.micro usage.
Website growth
The number of websites hosted at DigitalOcean has followed a similar trend to its computer growth since mid-2013. More than two million websites are now hosted at DigitalOcean — a gain of more than 500% over the past 12 months. Around 14% of these sites are active, giving a surprisingly low ratio of active sites to computers (2.6:1).
In comparison, Amazon hosts an average of 8 active sites per computer, while Rackspace has 12. Just over half of DigitalOcean's web facing computers host only one website each.
DigitalOcean's one-click apps may account for many of the computers which host only one website, as these allow customers to rapidly deploy a single application on a single Ubuntu droplet without significant knowledge of system administration. Popular web applications such as WordPress, Magento, Drupal and Django can be deployed, and the uptake appears to be significant — for instance, Netcraft's survey found that more than 23% of the active sites hosted at DigitalOcean are running WordPress, compared with less than 10% of all other active sites around the world.
Cloud hosting locations
Both DigitalOcean and Amazon provide a choice of data centers around the world, but the countries in which these are located do not completely overlap. For example, DigitalOcean droplets can now be provisioned in its London data center (LON1), which was introduced in July 2014 following requests from customers.
Amazon does not provide EC2 hosting in the UK, giving DigitalOcean a distinct advantage in this particular cloud hosting market. Despite being relatively new to the UK, DigitalOcean already ranks 22nd in terms of web-facing computers, and could soon become one of the largest hosting companies in the UK if its growth in Singapore is anything to go by. Its Singapore data center was opened in February 2014, and already has 6,600 web-facing computers, which is second only to Amazon's 12,900 computers — this is no mean feat considering Amazon has had data centers in Singapore since April 2010.
Conversely, Amazon has a distinct advantage in Latin America, where it has the third largest number of web-facing computers. Despite receiving over 2,000 requests to open a Brazilian data center (four times as many requests as there were for a UK one), DigitalOcean does not look set to follow Amazon's footsteps any time soon: Brazilian import taxes would add around 100% to the cost of hardware, visa constraints would hamper the ability to review suitable data centers, and bandwidth not only costs more, but also has limited connectivity.
Netcraft provides information on internet infrastructure, including the hosting industry, and web content technologies. For information on the cloud computing industry visit www.netcraft.com.
Phishers find Microsoft Azure 30-day trial irresistible!
28th April, 2014
Fraudsters have taken to Microsoft Azure to deploy phishing sites, taking advantage of Microsoft's free 30-day trial.
Free hosting!
In order to get a phishing site hosted at Azure, the fraudster has several options: steal the credentials for a Microsoft account, compromise a virtual machine running at Azure, or use Microsoft’s free trial which provides $200 of credit. Given the number of subdomains registered explicitly for phishing, it is unlikely that many fraudsters are exploiting legitimate customers’ virtual machines.
Free subdomains!
Microsoft Azure offers free subdomains to users: azurewebsites.net for its Azure Web Sites service and cloudapp.net for Cloud Apps and virtual machines. Almost twice as many phishing sites used azurewebsites.net rather than cloudapp.net, perhaps reflecting the ease-of-use of Azure Web Sites. The remainder of the phishing sites are accessed using their IP addresses or custom domains.
An Apple phishing site on itune-billing2update-ssl-apple.azurewebsites.net (Site Report).
Many of the subdomains are clearly registered with the intention of phishing; the table below includes some of the most egregious examples targeting well-known institutions.
| Subdomain | Target |
|---|---|
| itune-billing2update-ssl-apple.azurewebsites.net | Apple |
| paypalscurity.azurewebsites.net | PayPal |
| www22online-americanexpress.azurewebsites.net | American Express |
| 3seb-verifiedbyvisa.azurewebsites.net | Visa |
| login-comcastforceauthn.azurewebsites.net | Comcast |
| cielo-2014.cloudapp.net | Cielo |
Free SSL certificate!
Microsoft Azure Web Sites also offers fraudsters the ability to use an SSL certificate. All subdomains of azurewebsites.net are automatically accessible via HTTPS using a *.azurewebsites.net SSL certificate. The Apple phishing site featured below includes mixed content, indicating it was probably not designed with SSL in mind despite its subdomain: itune-billing2update-ssl-apple. Phishing sites that make proper use of the wildcard SSL certificate may be able to instil more trust than those that do not.
An SSL certificate on itune-billing2update-ssl-apple.azurewebsites.net (Site Report).
SSL certificate is irrevocable!
The Baseline Requirements that forms part of Mozilla's CA policy suggests that the SSL certificate must be revoked within 24 hours: "The CA SHALL revoke a Certificate within 24 hours if one or more of the following occurs: [..] [t]he CA is made aware that a Wildcard Certificate has been used to authenticate a fraudulently misleading subordinate Fully-Qualified Domain Name". However, Microsoft itself issued the SSL certificate from its sub-CA of Verizon Business and has chosen not to revoke it. Moreover, the SSL certificate does not include an OCSP responder URL and is not served with a stapled response (which is also in violation of the Baseline Requirements) and consequently the SSL certificate is irrevocable in some major browsers, particularly Firefox.
Free email addresses!
Fraudsters are also using Microsoft-provided free email addresses (at live.com, hotmail.com, and outlook.com) to receive and store stolen phishing credentials. Fraudsters commonly use phishing kits to quickly deploy phishing sites — before deployment, the fraudster configures the phishing kit with his email address. If a victim is tricked by the phishing site into providing his credentials, they are sent back to the fraudster's email address.
Free anonymising proxy!
One fraudster used Azure to proxy his internet traffic when accessing the phishing site, but was exposed when he used the same email address in the phishing kit as he used on his Facebook profile. The fraudster left the log file that records visits to the phishing site accessible to the public. The first two entries in the log, which preceded all other accesses by several hours, were from Microsoft Azure IP addresses. It is likely these correspond to the fraudster checking his phishing site was ready to be sent out to would-be victims.
1 137.117.104.222 - 2014-3-27 @ 02:56:03 2 137.117.104.222 - 2014-3-27 @ 02:57:16 3 109.XXXXXXXXX - 2014-3-27 @ 11:22:26 4 212.XXXXXXXXX - 2014-3-27 @ 11:39:47 5 62.XXXXXXXXXXX - 2014-3-27 @ 11:39:57 6 72.XXXXXXXX - 2014-3-27 @ 11:40:02 7 64.XXXXXXXXXX - 2014-3-27 @ 11:40:04 8 37.XXXXXXXXXX - 2014-3-27 @ 11:40:20 9 194.XXXXXXXXXX - 2014-3-27 @ 11:47:18 10 194.XXXXXXXXXX - 2014-3-27 @ 11:47:20 11 89.XXXXXXXXX - 2014-3-27 @ 11:49:50 12 65.XXXXXXXXXX - 2014-3-27 @ 11:49:54 13 92.XXXXXXXXX - 2014-3-27 @ 11:49:56 14 37.XXXXXXXXXX - 2014-3-27 @ 11:51:20 15 94.XXXXXXXXXX - 2014-3-27 @ 11:51:24 16 62.XXXXXXXXXXX - 2014-3-27 @ 11:51:26
The sting
However, Microsoft may yet have a trick up its sleeve: customers must provide a phone number and credit card details in order to register for the trial. Whilst the credit card details could have been stolen in a previous phishing attack, physical access to a phone is required in order to register an account. This may prove to be the fraudsters' downfall — in serious cases, information gathered from the fraudsters mobile phone could be used as evidence subject to the phone company's cooperation and local police involvement.
Netcraft's Domain Registration Risk service can be used to pre-empt fraud by highlighting domains or subdomains that are deceptively similar to legitimate websites run by banks and other institutions that are commonly targeted by fraudsters.
WordPress hosting: Do not try this at home!
24th March, 2014
Compromised WordPress blogs were used to host nearly 12,000 phishing sites in February. This represents more than 7% of all phishing attacks blocked during that month, and 11% of the unique IP addresses that were involved in phishing.
WordPress blogs were also responsible for distributing a significant amount of web-hosted malware — more than 8% of the malware URLs blocked by Netcraft in February were on WordPress blogs, or 19% of all unique IP addresses hosting malware.
WordPress is the most common blogging platform and content management system in the world: Netcraft's latest survey found nearly 27 million websites running WordPress, spread across 1.4 million different IP addresses and 12 million distinct domain names. Many of these blogs are vulnerable to brute-force password guessing attacks by virtue of the predictable location of the administrative interface and the still widespread use of the default "admin" username.
But remarkably, not a single phishing site was hosted on Automattic's own WordPress.com service in February. WordPress.com hosts millions of blogs powered by the open source WordPress software. Customers can purchase custom domain names to use for their blogs, or choose to register free blogs with hostnames like username.wordpress.com.
Automattic's founder, Matt Mullenweg, was one of the original authors of WordPress when it was released in 2003. Automattic later handed the WordPress trademark to the WordPress Foundation in 2010, but still contributes to the development of WordPress. Such familiarity with the product likely explains why blogs hosted at Automattic are significantly more secure than average.
Bloggers can also go it alone — anybody can download the WordPress software from wordpress.org and deploy it on their own website, and some hosting companies also offer "one-click" installations to simplify the process. Bloggers who install WordPress on their own websites will often also be responsible for keeping the software secure and up-to-date. Unfortunately, in many cases, they do not.
Even well-known security experts can fall victim to security flaws in WordPress if it is not their core activity. For example, in 2007, the Computer Security Group at the University of Cambridge found their own Light Blue Touchpaper blog had been compromised through several WordPress vulnerabilities.
Versions of WordPress after 3.7 are now able to automatically update themselves, provided the WordPress files are writable by the web server process. This has its own security trade-off, however, as an attacker exploiting a new and unreported vulnerability (a zero-day) that has the ability to write files will have free rein over the whole WordPress installation — an attacker could even modify the behaviour of WordPress itself to disable any future automatic security updates.
Insecure plugins
Over its lifetime, WordPress has been plagued by security issues both in its core code and in the numerous third-party plugins and themes that are available. One of the most widespread vulnerabilities this decade was discovered in the TimThumb plugin, which was bundled with many WordPress themes and consequently present on a large number of WordPress blogs. A subtle validation flaw made it possible for remote attackers to make the plugin download remote files and store them on the website. This allowed attackers to install PHP scripts on vulnerable blogs, ultimately facilitating the installation of malware and phishing kits. Similar vulnerabilities are still being exploited today.
Many of the phishing sites blocked in February were still operational this month, including this Apple iTunes phishing site hosted on a marketing company's website.
Dropzones for WordPress phishing content
Note that the above phishing content is stored in the blog's wp-includes directory, which is where the bulk of the WordPress application logic resides. More than a fifth of all phishing content hosted on WordPress blogs can be found within this directory, while another fifth resides in the wp-admin directory. However, the most common location is the wp-content directory, which is used by just over half of the phishing sites.
The wp-content directory is where WordPress stores user-supplied content, so it is almost always writable by the web server process. This makes it an obvious dropzone for malware and phishing content if a hacker is able to find and exploit a suitable vulnerability in WordPress, or indeed in any other web application running on the server. Shared hosting environments are particularly vulnerable if the file system permissions allow malicious users to write files to another user's wp-content directory. Some examples of directory structures used by phishing sites hosted in this directory on WordPress blogs include:
/wp-content/securelogin/webapps/paypal/ /wp-content/plugins/wordpress-importer/languages/image/Google/Google/ /images/.1/Paypal/us/webscr.htm
The wp-includes and wp-admin directories can also be written to by other users or processes if the WordPress installation has not been suitably hardened. Failing to harden a WordPress installation and keep all of its plugins up to date could result in a site being compromised and used to carry out phishing attacks. Enabling automatic background updates is an easy way to ensure that a WordPress blog is kept up-to-date, but a significant trade off is that every WordPress file must be writable by the web server user.
Some other examples of directory structures seen in phishing sites hosted on WordPress blogs include:
/wp-includes/alibaba_online/ /wp-includes/www.paypal.com.fr.cgi.bin.webscr.cmd.login.submit.login/ /wp-includes/js/online.lloydsbank.co.uk/ /wp-admin/js/www.credit-mutuel.fr/ /wp-admin/maint/RBS-Card/index.html /wp-admin/Googledoc/
Interestingly, the wp-admin directory appears to be the favourite location for Apple phishing sites – these make up more than 60% of all phishing sites found in this directory.
Vulnerable WordPress blogs can also be used for other nefarious purposes. A botnet of more than 162,000 WordPress blogs (less than 1% of all WordPress blogs) was recently involved in a distributed denial of service (DDoS) attack against a single website. Attackers exploited the Pingback feature in these WordPress blogs (which is enabled by default) to flood the target site with junk HTTP requests, causing it to be shut down by its hosting company.
A quarter of the phishing sites hosted on WordPress blogs in February targeted PayPal users, followed by 17% which targeted Apple customers.
Please contact us (sales@netcraft.com) for pricing or further details about any of our anti-phishing and web application security testing services.
Microsoft neck and neck with Amazon in Windows hosting
26th February, 2014
Microsoft has edged ahead of Amazon to become the largest hosting company as measured by the number of web-facing Windows computers. The pair have been neck and neck for almost nine months: Microsoft now has 23,400 web-facing Windows computers against Amazon's 22,600. Barring companies with large connectivity aspects to their businesses — including China Telecom, Comcast, Time Warner, and Verizon — Amazon and Microsoft are the largest Windows hosting companies in the world, though the market is still fragmented with each having just over 1% of the market.
Microsoft's growth is predominantly a result of the growth of Windows Azure: Azure now accounts for close to 90% of all web-facing computers at Microsoft. Windows Azure has grown by almost 50% since May 2013, during the February 2014 Web Server survey Netcraft found 27,000 web-facing computers (both Windows and Linux) using the cloud computing platform. Many of Microsoft's own services are powered by Windows Azure including Office 365, Xbox Live, Skype, and OneDrive.
Windows Azure Web Sites service — available to the general public since June 2013 — may be the driving force behind Azure's growth. This Platform as a Service allows existing applications written in ASP, ASP.NET, PHP, Node.js, or Python to be deployed on an automatically scaling platform without managing individual computers. Microsoft also provides pre-configured software packages, such as WordPress, which can be used immediately with the Web Site service.
With over 1% of all Windows web-facing computers in the world hosted at Azure, Microsoft is now defeating the Windows hosting providers which it still partners with, and which four years ago would have been its sole revenue source in the hosting market.
Azure Regions
Azure's data centres are split into regions and geos: there are several regions within each larger geo (formerly major regions).
| GEO | REGIONS |
|---|---|
| United States | US West (California), US East (Virginia), US North Central (Illinois), US South Central (Texas) |
| Europe | Europe West (Netherlands), Europe North (Ireland) |
| Asia Pacific | Asia Pacific East (Hong Kong), Asia Pacific South-East (Singapore) |
| Japan | Japan East (Saitama Prefecture), Japan West (Osaka Prefecture) |
The two new Japanese Azure regions were made available to the general public on 25th February 2014, less than a year after they were first announced. Whilst all other Azure regions all share the same price for virtual machines (from 2¢ per hour), the two new Japanese regions are more expensive: virtual machines start at 2.7¢ (Japan East) and 2.4¢ (Japan West) per hour. Neither Japanese region was detected in the February 2014 web server survey which ran in mid-January.
More than half of all web-facing Azure computers are hosted within the United States. US East is the most populated US region, closely followed by US West. However, Europe West is the most populated Azure region in the world, accounting for 20% of all web-facing Azure computers. In total, 52% of Azure's web-facing computers are in the United States, 36% are in Europe, and only 12% are in Asia Pacific.
Being able to use Windows Azure in China could offer new opportunities to non-Chinese companies who wish to increase their internet presence in China, although Netcraft has previously noted a number of issues which could hold back the growth of cloud computing in China.
For additional performance when serving content to users around the globe, the Windows Azure Content Delivery Network (CDN) can be used. This allows end users to download content from one of more than 20 different CDN node locations, which is likely to be quicker than downloading the non-cached content directly.
Whilst Azure operates across the globe certain features, such as redundancy, can only operate within the same geo. Furthermore, some Azure services are not available in all regions – for example, Azure Web Sites cannot be deployed in US South Central or Asia Pacific South-East, and the Windows Azure Scheduler is only available in one region per geo.
Operating systems
Windows Azure virtual machines exhibit the TCP/IP characteristics of the operating systems installed on them, and thus it is possible to remotely determine which operating systems are being used by Azure customers.
Windows Server 2008 is the most popular operating system installed on Azure instances, although this is not necessarily a choice that is down to the customer — for example, when using the Blob storage service to expose files over HTTP/HTTPS, the user cannot choose which operating system to use.
Windows Server is used by 90% of all web-facing computers at Azure, including three computers which still appear to be running Windows Server 2003. The remaining 10% use Linux, with Ubuntu being the most commonly identified distribution.
Unsurprisingly, Microsoft IIS and Microsoft HTTPAPI are the most common web servers on the Windows Server computers at Azure; however, a few hundred websites use Apache on Windows. As expected, Apache is the most common web server for websites served from Linux machines at Azure (62%) followed by nginx (33%).
Preview services
Several Azure services are currently offered only as preview services, which means they are made available only for evaluation purposes. Some of these preview services have had well-established Amazon equivalents for several years. For example, the Windows Azure Scheduler preview service offers similar functionality to Amazon's Simple Workflow Service (SWF), which has been available for 2 years.
Microsoft's preview services also include the Azure Import/Export Service, which allows users to transfer large amounts of data into Windows Azure Blob storage. Customers can send an encrypted hard disk to Microsoft and the data on the hard disk will be uploaded directly into the Blob storage account. Microsoft currently only accepts hard disk deliveries from the United States (although the service can be used to send data to and from European and Asian cloud regions). Amazon's own Import/Export service has been available since 2010.
Blob Storage
Windows Azure Blob (Binary Large Object) Storage is Microsoft's answer to Amazon's Simple Storage Service (S3). Both allow large files such as video, audio and images to be stored, although while Amazon has no storage limits, individual blobs on Azure have a storage limit of 200TB. Blobs can be mounted as drives and accessed from a web application as if they were ordinary NTFS volumes. If this is the only way a Blob is used, then the frontend computer responsible for that Blob will not be directly measurable over the internet: Netcraft measures only publicly visible computers with corresponding DNS entries and which respond to HTTP requests.
Microsoft offers both locally redundant storage (replicas are held within a single region) and geo-redundant storage (replicas are held in multiple regions within a single geo). Read-Access Geo Redundant Storage is currently available as a preview service. This allows customers to have read access to a secondary storage replica so that it may still be accessed in the event of a failure in the primary storage location.
Users of Windows Azure
Some well known users of Windows Azure include the Sochi 2014 Olympic Games, luxury sports car manufacturer Aston Martin, Taiwanese electronics brand BenQ, McDonald's Happy Studio, and the Have I been pwned? website, which allows users to see whether their email addresses or usernames have been affected by any publicly released website security breaches.
Troy Hunt, the developer of haveibeenpwned.com, uses Windows Azure Table Storage to store more than 160 million records much more cheaply than a comparable relational database. In fact, one of his complaints about Windows Azure is that it is too damn fast: "The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch". Hunt also described how he used SQL Server on Windows Azure to analyse last year's Adobe data breach, which with 153 million records. After downloading the breach data to a low-spec Azure virtual machine, he then upgraded the virtual machine to an 8-processor system with 56 gigabytes of RAM and completed his on-demand analysis at an estimated cost of $12.