Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Human error root cause of November Microsoft Azure outage

Joab Jackson | Dec. 18, 2014
The company is hoping that recent updates that automate formerly manual processes will help prevent similar outages in the future.

Human error was the culprit for a November outage of the Microsoft Azure cloud storage service. The company is hoping that recent updates that automate formerly manual processes will help prevent similar outages in the future.

"Microsoft Azure had clear operating guidelines but there was a gap in the deployment tooling that relied on human decisions and protocol," wrote Jason Zander, Microsoft vice president for Azure, in a blog post Wednesday detailing the outage. "With the tooling updates the policy is now enforced by the deployment platform itself."

This is not the first time Azure has been bedeviled by human failure.

In February 2013, a lapsed security certificate led to a major Azure outage.

Both cases show how even small errors can have a huge impact in a service as large as Azure, and seem to have reinforced for Microsoft the importance of automating manual processes as thoroughly as possible.

This latest Azure outage happened late in the evening of Nov. 18, Pacific Standard Time (Nov. 19 Coordinated Universal Time), due to intermittent failure from some of the company's storage services.

Other Azure services that relied on the storage service also went offline, most notably the Azure Virtual Machines.

The outage stemmed from a change in the configuration of the storage service, one that was made to improve the performance of the service.

Typically, Microsoft, like most other cloud providers, will test a proposed change to its cloud services on a handful of servers. This way, if there is a problem with the configuration change, engineers can spot it early before a large number of customers are impacted. If the change works as expected, the company will then roll the change out to larger numbers of servers in successive waves, until the entire system is updated.

In the case of this particular change, however, an engineer assumed that the update had already been tested in a number of waves (or "flights" in Microsoft parlance), and so went ahead and applied the change across the rest of the system.

The configuration, however, contained an elusive bug that would cause the storage service software to go into an infinite loop, preventing further communications with other components of the system.

Microsoft engineers quickly pinpointed the problem and issued fixes. By 10:50 a.m. UTC, the storage service was completely back online, though restoring all of the virtual machines, a small number of which were isolated from the network due to the outage, would take another two days.

In the weeks that followed, Microsoft investigated in detail what went wrong, as well as looked into ways to make sure the outage wouldn't happen again. As a result, the company has updated its deployment system so that it now enforces the testing and flighting policies before new code or a change goes live across the entire system.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.