December 2013

Volume 28 Number 12

Azure Insider - Meet the Demands of Modern Gaming with Windows Azure

By Bruno Terkaly, Ricardo Villalobos | December 2013

Bruno Terkaly, Ricardo VillalobosThis article describes the Windows Azure Cache Service, which is in preview. Information is subject to change.Online, mobile and social games have taken the world by storm, with staggering numbers relating to concurrent players, time spent playing and downloaded applications. Just recently, Facebook shared that one third of its global users (260 million out of 750 million) actively play games on its desktop and mobile sites. This is just one indicator of the particular challenges game developers and publishing companies have to face—challenges that include users playing the same game on multiple platforms and devices, players expecting to receive instant notifications when the status of their time-based game has changed, games going from startup to viral in a matter of days, and trying to reach audiences in multiple locations around the world.

Thankfully, the public cloud offers a number of alternatives to deal with these situations, allowing you to concentrate on developing your game applications, and not on how to provision the infrastructure to support authentication, computing, data or media requirements. In this article, we’ll explore how to solve these and other common scenarios using the latest Windows Azure services and components.

Figure 1 shows a typical architecture for supporting multiplayer games for mobile clients in the cloud, either for turn-based or real-time scenarios. The different components are assigned to the most common tasks required to build a gaming back end, introducing the concept of an orchestrator or proxy, which acts as the gateway or traffic controller for all the client interactions with multiple services.

Software Architecture for Real-Time, Multiplayer Games for Mobile Clients
Figure 1 Software Architecture for Real-Time, Multiplayer Games for Mobile Clients

In the following paragraphs, we’ll take a closer look at each of these components.

Multiplayer Game Servers (Infrastructure as a Service Virtual Machines)

Multiplayer game servers are usually based on open source or licensed frameworks, acting as the authoritative source of events for the clients connected to them and providing information about other players who have joined the same server via low-latency calls. These frameworks require stateful interactions with clients, as well as access to local storage, making virtual machines (VMs) in Windows Azure the perfect choice for this component. Some examples of these game server frameworks are pomelo (, Marauroa ( and Photon Server (

To deploy any of these frameworks to VMs, you can create instances from the Windows Azure image gallery in the management portal (, or directly create custom VM images as VHD (Hyper-V) files (

Keep in mind that implementing a game server can turn into a complex process requiring you to come up with solutions for network-lag compensation and for properly using communication protocols (such as TCP or UDP) to optimize communication with the clients.

Gaming Orchestrator or Proxy (Platform as a Service Cloud Services)

The heart of the solution is the gaming orchestrator or proxy, which provides multiple services, including the following:

  1. Authentication: Validating credentials sent by the clients before players can connect to the game servers.
  2. Matchmaking: Assigning players with similar preferences to the same game server. The decision could also be driven by location, to minimize latency.
  3. Data proxy: Serving in-game requests from the game servers or the clients; interacting with the external storage; and sending back data such as historical scores, profile information, preferences, or credit balance. 
  4. Provisioning: Increasing or decreasing the number of VMs, using a scale-out approach based on the number of connected players.
  5. Notifications: Interacting with the notification service to inform players of the status of the game when they’re not online. This should support multiple platforms (Windows, Android, iOS) and device types.
  6. Delegation: Orchestrating the interaction with external services, including but not limited to sending e-mail messages, processing payments, and logging game information.

Windows Azure Cloud Services is the perfect candidate for the gaming orchestrator, which must be able to handle stateless requests, as well as easily scale out based on the number of client and game server requests. Moreover, thanks to the benefits offered by virtual networks in Windows Azure, Cloud Services can directly communicate with the game servers hosted in VMs, adding an extra layer of security to the architecture by not having to use external endpoints. Cloud Services can be created and deployed from different IDEs, including Visual Studio for .NET development or Eclipse for Java. More information about creating Cloud Services can be found at If you want to connect VMs and Cloud Services using virtual networks, the tutorial at can help.

The responsibilities just discussed can be handled by a single cluster of Web or worker roles, or split into many Cloud Services, depending on the number of concurrent users and complexity of the online game. One of the benefits Windows Azure provides is multiple deployment models, including Infrastructure as a Service (IaaS) or Platform as a Service (PaaS). The key decision factor is the number of software layers delegated to the cloud vendor—in this case, Microsoft. More information about choosing the right cloud deployment and execution model can be found at

Now we’ll explore how the orchestrator can perform these responsibilities using other components in the Windows Azure platform.

Authentication (Windows Azure Active Directory Access Control Service)

The first step a mobile client takes to access a multiplayer platform is trying to authenticate against the server using a set of credentials. In modern gaming, it’s important to support validation from multiple identity providers, keeping in mind that users have different preferences when it comes to online security. Some might feel more comfortable using social network credentials, such as Facebook, Yahoo! or Twitter. Others might prefer authentication provided by the game itself, based on a framework such as Active Directory.

The Windows Azure access control service (ACS) offers a simple way to perform this authentication. It supports integration with Windows Identity Foundation; provides out-of-the-box compatibility with Windows Live ID (a Microsoft account), Google, Yahoo! and Facebook; enables scenarios based on OAuth 2.0, WS-Trust and WS-Federation protocols; and recognizes JSON Web Token (JWT), SAML 1.1, SAML 2.0 and Simple Web Token (SWT) token formats.

In this case, the game client obtains a security token issued by ACS in order to log on to the game server via the gaming proxy. This token contains a set of claims about the user’s identity. ACS does not issue a token unless the user first proves a valid identity by presenting a security token from another trusted issuer or identity provider that has authenticated the user. This process is illustrated in Figure 2.

The Authentication Process Using Windows Azure Access Control Service
Figure 2 The Authentication Process Using Windows Azure Access Control Service


In multiplayer video games, the process of assigning gamers to the appropriate game server based on their preferences or location is called matchmaking. Once the game client has been authenticated, the gaming proxy will return a list of game servers matching the player’s preferences, based on his IP address, along with additional security credentials in case they’re needed by the game server itself. The logic behind the assignment is usually based on a list of recommended servers in each datacenter that’s stored in some type of caching mechanism. The reason caching is recommended for this is performance: avoiding round-trips to primary storage improves the gamer experience significantly. Windows Azure offers a new cache service (currently in preview) that can be accessed across multiple services and clients. This new service is a distributed, in-memory, scalable solution that enables you to build highly responsive applications by providing super-fast access to data. It’s extremely easy to access from .NET applications using the corresponding SDK. Detailed instructions can be found at The matchmaking process will return the appropriate IP address of the game server to which the game client should connect.

When a game session has been finalized (in the form of a match, combat, or simply by the gamer logging out of the game), players can stay on the same server or be redirected back to the matchmaking process, in order to locate a different server in case their preferences have changed.

Data Proxy (Windows Azure Storage)

For players already connected to the appropriate game server based on their preferences, requests about game configuration, store balance or any other user-related data are routed through the game orchestrator/proxy, which usually exposes an API with the most common operations against a data repository. There are two main decisions to make for this: the storage mechanism for the user and game information, and the framework for exposing services that can be accessed by the game servers.

Windows Azure offers multiple options for storing information, which we’ve described in previous articles. Depending on the number and complexity of the queries, the structure of the data, and the level of customization required, you can choose from traditional relational repositories such as Windows Azure SQL Database or NoSQL approaches such as Windows Azure table storage (

Regardless of the repository selection, services in front of this information should be exposed in a RESTful manner, using frameworks such as Windows Communication Foundation (WCF) or the recently released ASP.NET Web API ( These frameworks can be deployed to cloud services or VMs.

Windows Azure also offers a turnkey service that combines the power of a relational database in the cloud with a robust and flexible REST API. It’s called Windows Azure Mobile Services, and it’s an easy way to accelerate the development of this piece of the gaming architecture, with easy-to-follow wizards and auto-scaling capabilities. More information about this service can be found in our November 2012 column, “Windows Azure Mobile Services: A Robust Back End for Your Device Applications” (, or on the official Windows Azure page (


The game orchestrator/proxy can also act as the provisioning or auto-scaling engine for adding or removing game servers as they’re needed. However, note that Windows Azure now offers auto-scaling capabilities for all of the different deployment models, including VMs, Cloud Services, and Web sites.


Gamers using mobile devices rely on receiving notifications when they’re offline, particularly for turn-based or time-based games that require keeping virtual properties or items up-to-date (a concept that was made extremely common by games such as FarmVille). You face two main problems when sending notifications to mobile gamers: having to reach out to players using different platforms on their mobile devices, and building and maintaining an infrastructure capable of reaching millions of users. Thankfully, Windows Azure offers a service called Notification Hubs, which supplies a common API to send push notifications to a variety of mobile platforms, including Windows Store, Windows Phone, iOS and Android. At the same time, the push notifications are sent to millions of users within minutes, not hours. Figure 3 shows a code snippet in C# that sends a simple notification to both Windows Store and iOS applications using multiple categories.

Figure 3 Sending Notifications to Windows Store and iOS Applications Using Windows Azure Notification Hubs

private static async void SendNotificationAsync()
  NotificationHubClient hub =
      "<connection string with full access>", "<hub name>");
  var categories = new string[] { "World", "Politics", "Business",
     "Technology", "Science", "Sports"};
  foreach (var category in categories) {
    var toast = @"&lt;toast&gt;&lt;visual&gt;&lt;binding template ="
      "ToastText02""&gt;&lt;text id=""1""&gt;" + "Breaking " +
      category + " News!" + 
    await hub.SendWindowsNativeNotificationAsync(toast, category);
    var alert = "{\"aps\":{\"alert\":\"Breaking "+ 
      category +" News!\"}}";
    await hub.SendAppleNativeNotificationAsync(alert, category);

Delegation of Responsibilities to Other Services (SMTP, Commerce)

The game orchestrator/proxy should also act as the gateway for accessing other services, such as engines for sending massive e-mail messages via SMTP, or processing game images in real time. The Windows Azure Store lets you quickly discover, purchase and provision applications from other Microsoft partners. These services can be combined with Windows Azure components to build complex games or add features that are not natively supported by the cloud platform. More information about the Windows Azure Store and a catalog of developer services can be found at

Game Analytics and Big Data

Collecting, analyzing and reporting data gathered from game servers is crucial to finding bottlenecks, improving in-game performance and, for monetization and advertising purposes, determining areas where gamers spend their time. Windows Azure lets you use a MapReduce approach, called HDInsight, as a service, which allows the simple, straightforward installation of Hadoop clusters. Using Hive, or even familiar tools such as Microsoft Office, you can create rich reports and charts. More information about this component can be found in our September 2013 column, “Hadoop and HDInsight: Big Data in Windows Azure” (

Wrapping Up

We’ve only scratched the surface on how to create rich and scalable solutions for the mobile game industry by combining multiple components of the Windows Azure platform, to meet the demands and requirements created by social networks and the massive number of players that are attracted to these applications. The public cloud offers a flexible pay-as-you-go model, which enables companies of all sizes to compete in this space.

Bruno Terkaly is a developer evangelist for Microsoft. His depth of knowledge comes from years of experience in the field, writing code using a multitude of platforms, languages, frameworks, SDKs, libraries and APIs. He spends time writing code, blogging and giving live presentations on building cloud-based applications, specifically using the Windows Azure platform. You can read his blog at

Ricardo Villalobos is a seasoned software architect with more than 15 years of experience designing and creating applications for companies in multiple industries. Holding different technical certifications, as well as a master’s degree in business administration from the University of Dallas, he works as a cloud architect in the DPE Globally Engaged Partners team for Microsoft, helping companies worldwide to implement solutions in Windows Azure. You can read his blog at

Terkaly and Villalobos jointly present at large industry conferences. They encourage readers of Windows Azure Insider to contact them for availability. Terkaly can be reached at and Villalobos can be reached at

Thanks to the following technical expert for reviewing this article: Kevin Ashley (Microsoft)
Kevin Ashley works at Microsoft as an architect and technical evangelist. He is an author of Professional Windows 8 Programming: Application Development with C# and XAML  book and top apps for Windows and Windows Phone. Kevin works with startups and partners, advising on software design, business and technology strategy. Prior to Microsoft, he was a founder of an early-stage cloud and business intelligence software startup. In his role as a senior software developer and architect, Kevin developed grid, data warehousing and real-time trading solutions for Fortune 500 companies and hedge funds worldwide: US, UK, Europe and Asia. Kevin has degrees in Mathematics, Computer Science and MBA in Finance. Kevin’s blog: and Twitter: @kashleytwit