Started in technology 24 years ago as a Mainframe Librarian for AMEX Been working for Microsoft last...
72
Windows Azure Bringing Cloud to Government Agencies Anthony Puca – Datacenter SSP [email protected] m US Public Sector - SLG www.windowsazure.com
-
Upload
stewart-george -
Category
Documents
-
view
213 -
download
0
Transcript of Started in technology 24 years ago as a Mainframe Librarian for AMEX Been working for Microsoft last...
Windows Azure
Bringing Cloud to Government AgenciesAnthony Puca – Datacenter [email protected] US Public Sector - SLGwww.windowsazure.com
A little about me… Started in technology 24 years ago as a Mainframe Librarian for
AMEX Been working for Microsoft last 3 years Prior to MSFT, 7 years @ EMC Prior to EMC, 7 years @ Avanade and Perot Systems Authored books and whitepapers on Microsoft technologies
(2001): MOF Change Quadrant SMFs (2008): “SCCM 2007 R2 Unleashed” (
http://www.amazon.com/System-Center-Configuration-Manager-Unleashed/dp/0672330237) (2011): SCCM 2007 Lab Deployment Guide:
http://download.microsoft.com/download/1/3/A/13A161C1-2481-4E47-9771-86F55AC9F0EC/ConfigurationManager2007 Lab Deployment Guide.docx
(2013): Microsoft Office 365 Administration Inside Out (O’Reilly): (http://www.amazon.com/Microsoft-Office-365-Administration-Inside/dp/0735678235)
2004-2010 Microsoft MVP (WMI (1) & SCOM (6))
$30
$25
$20
$15
$10
$5
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
Mar
ket
Shar
e (in
Bill
ions)
Public Cloud Platform
Why consider the cloud?
EconomicsScaleSpeed
This has happened before
1900 1907 1930 1935
5%
40%
80%
90%
Electrical Grid Adoption
How does that help me?Storage: always running out of diskDR: offsite storage, servers, backup, surveillance Burst: need more capacityMedia: create, store, distribute, to different devices, surveillanceDev/test: validate apps and environmentsResearch: large compute, short window of needDatabase: without the hasslesCollaboration repositoryHIPAA: process and store private data
IT concerns, decision points
You Manage You Manage
Vendor Manages
You Manage
Vendor Manages
Platform(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You Manage
Vendor Manages
Cloud ServicesOn Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Cloud Computing Patterns
tCom
pu
te
Inactivity
Period
On and OffOn & off workloads (e.g. batch job)Over provisioned capacity is wasted Time to market can be cumbersome
t
Unpredictable BurstingUnexpected/unplanned peak in demand Sudden spike impacts performance Can’t over provision for extreme cases C
om
pu
te
t
Predictable BurstingServices with micro seasonality trends Peaks due to periodic increased demandIT complexity and wasted capacity
Com
pu
te
t
Growing FastSuccessful services needs to grow/scale Keeping up w/ growth is big IT challenge Cannot provision hardware fast enoughC
om
pu
te
Cloud Computing Economics
TCO per Server
Cloud Size (# of Servers)
Private
Public
100 1,000 10,000 100,000$0
$2,000
$4,000
$6,000
$8,000
Physical & Virtual
Source: Microsoft
Windows Azure Trust Center
• One location to aggregate content across Security, Privacy, and Compliance
http://www.windowsazure.com/en-us/support/trust-center/
Regulatory & Compliance Domain Windows Azure
ISO 27001 Yes
SAS 70/SSAE/SOC 1 Yes, Type II
SOC 2 Yes, Type II
ISAE 3402 Yes
FERPA N/A
FISMA [ATO] Yes
FedRAMP Yes
HIPAA/BAA Yes
Data Processing Agreement Yes
Section 508 Rehabilitation Act Section 508 VPATs available
PCI Yes
GLBA Yes
IPv6 TBD – CY14 Q4
CJIS TBD – CY14 Q4
Regulations list and status
Key Security and Compliance Features
Network Security
Com
plianc
e
Cert
ifica
tion
Authentic
atio
n &
Authoriz
ation
Data Securit
y
Physica
l
Secu
rity
Federal Risk and Authorization Management Program (FedRAMP) JAB Provisional ATO
ISO/IEC 27001:2005 Audit and Certification
SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations
Cloud Security Alliance Cloud Controls Matrix
PCI Level 1 Compliant UK G-Cloud Impact Level 2
Accreditation HIPAA Business Associate Agreement
(BAA)
Multi-factor authentication for customer and internal operations access
Segregation of duties through role-based group memberships configured as AD security groups
Internal and customer configurable software firewalls/DoS/IP filtering
Virtual Private IP for all customer connections based on Azure subscriptions
All data centers hosting Windows Azure data are managed by Microsoft Global Foundation Services (GFS) which are FedRAMP certified
Geographically distributed locations throughout the U.S.
Highly secured access mechanisms
Custom developed, highly automated management system through the hypervisor
Custom developed monitoring and logging system FIPS 140-2 validated encryption Key and certificate management based on industry
best practices Data replication within each data center as well as
solutions for geo-replication to multiple data centers
Tailored to meet security functionalities in a cloud service environment− Scalability− Virtual machine and customer-to-customer
isolation− Security built into the software and focused on
pre-deployment testing
Understanding Microsoft's Public Cloud Solution
Source: EYP Mission Critical Facilities Inc., New York
Data Center Operational Energy Use
Offline UPS technologies can drive
Electrical losses substantially down
Widening temperature range can remove chillers and drive cooling to zero
Virtualization, active power management increase IT return on
investment
TraditionalModular
PUE=2.0 PUE=1.15
Datacenter evolution
ServerCapacity20 year Technology
2.0+ PUE
Colocation
Generation 1
DensityRack Density & DeploymentMinimized Resource Impact
1.4 – 1.6 PUE
Generation 2
201220091989-2005 2007
Containment
1.2 – 1.5 PUE
Containers, PODsScalability & SustainabilityAir & Water EconomizationDifferentiated SLAs
Generation 3
Modular
1.12 – 1.20 PUE
ITPACs & ColocationsReduced Carbon Right-SizedFaster Time-to-Market Outside Air Cooled
Generation 4
Integrated
1.07 – 1.19 PUE
Integrated System Resilient SoftwareCommon InfrastructureOperational SimplicityFlexible & Scalable
Generation 5
Future
200+ Cloud Services
1+ billion customers, 20+ Million Businesses, 76+ markets worldwide
Innovation at enterprise scale
* IDC Server Workloads Study 2013 ** IDC 2013 WW Server Tracker
93%of the Fortune 1000 use Active Directory
2:3servers worldwide run on Windows Server**
46%worldwide share: SQL Server most widely-deployed database*
66%of enterprise seats covered with System Center
430B+Windows Azure AD authentications
280%year-over-year database growth in Windows Azure
50%of Fortune 500 use Windows Azure
29K+organizations already use Windows Intune
1B+Office users, 1 in 4 enterprise customers now has Office 365
Windows Azure runs on Windows Server 8.5T objects stored in Windows Azure
Bing runs on Windows Server 5.5B+ global queries per month
One consistent experience
Azure Private CloudAzure Private Cloud
Your Datacenter
ServiceProviderMicrosoft
ConsistentPlatform
ONE
Media ServicesYour Choice of Components for Building Custom Media
Workflows in the Cloud
Encoding Analytics
Windows Azure Media Services
LiveStreaming
FormatConversio
n
Content Protection
On-DemandStreaming
Advertising
Ingestion
Anyone watch the Olympics?
2012 London Olympics17 days of broadcast starting July 25thFirst major event broadcast live from the cloudContent Management by deltatre via Windows Azure Media Servicesand CDN delivery by AkamaiMajor platform support: Web and Mobile Silverlight, iOS, Windows Phone 7, Android 28 channels in Dublin, 5 in Chicago, 2 for South America Each channel has backup channel
Over 2200 hours of broadcast video with DVR and Video-On-Demand support 500 VMs and 3000 cores Highlight reel and real-time voice-over support
Olympics NBC Sports
Live video encoding and streaming
Web + Mobile
Over 100 million viewers in 22 countries and 4 continents
More than 100TB of storage
Over 500 Billion Storage Transactions
World Record: 2.1 million concurrent HD viewers during the USA vs. Canada hockey match
The Sochi Olympics were powered worldwide by Azure & Hyper-V
Office 365 Authentication Redundancy through Site Resiliency Using ADFS in Azure
VLAN1 - One Read/Write Domain Controller for replicating users and for allowing Active Directory maintenance in Azure in the event of an outage at customer’s site
VLAN2 - One AD FS Server (two for local failover)
VLAN3 - One AD FS Proxy Server in the DMZ portion of customer’s Azure slice (two for local failover)
27
Scenarios to get started with Windows Azure
Extend your infrastructure
Develop, test, run your apps
Store, backup, recover your data
Reach where your datacenter won’t
1
Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
Time
Data grows exponentially(50 – 60% Annually: IDC)
However most I/O happens to the “Working Set” data
SAN storage cost = 4x Cloud storage
(source: Forrester)
CloudStorageOpportunity
Local Storage
Cap
acit
y
Store, backup, recover your data
Store, backup, recover your data
Windows Azure Storage
4 Trillion Objects
“Azure Blob storage has taken a significant step ahead of last year’s leader Amazon S3, to take the top spot”
– Nasuni 2013 Cloud Storage Report
Store, backup, recover your dataWindows Azure StorageHighly durable and scalableMultiple copies of your dataFinancially backed SLAsStorage for objects, tables, drivesSupports REST APIs
Store, backup, recover your data
West DC
East DC
> 400 miles
Windows Azure StorageDefend against regional
disasters.
Geo replication
Store, backup, recover your data
Your Data Center
Simple and fast on-ramp to AzureActive data instantly available locallyArchives less used data to Windows AzureRecover data from any internet connectionReduce Agency storage TCO by 60-80%
Physical or Virtual Servers StorSimple
StorSimple Enterprise Class ApplianceHighly Available - No Single Point of Failure
1. Full MPIO Support2. Dual Controllers with Auto-failover3. Dual Power4. Dual Cooling
5. RAID drives6. Hot-spare drives7. Non-disruptive software upgrades8. Certified by Microsoft & VMWare
StorSimple Tiered ArchitectureSSD Performance, Deduplication and Auto-Tiering to Cloud
SSDDeduplicated
SASDeduplicatedCompressed
CloudDeduplicatedCompressedEncrypted
SSDLinear TierA B C A B D E
C D E
D E
E
34
New SS Promo placeholder
SQL Server Management Studio
Reliable off-site data backup for SQL imagesEasily restore databases using VMs
Benefits
Store, backup, recover
Direct URL backup to Azure Storage
Restore in Azure Virtual Machine
Microsoft SQL ServerBackup and restore database to the cloud
Backup datacenter data to Windows using System Center Data Protection ManagerBackup and recover files/folders from Windows Server 2012 SP1
Windows Azure Backup
Store, backup, recover your data
BenefitsReliable offsite data protectionSimple, familiar, integratedEfficient backup and recoveryEasy set up
Windows Server 2012Windows Server 2012 EssentialsWindows Server 2008 R2 (SP1)
System Center 2012 DPM SP1
Your On-Premises Datacenter
38
Extend your infrastructure
Develop, test, run your apps
Store, backup, recover
Reach where your datacenter can’t
2
Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
3
Store, backup, recover your data
Scenarios to get started with Windows Azure
IT Admin
Developers
Your Datacenter
VMs in test/dev environment
Develop, test, run your apps
Provision VMs
Use VMs
Limited hardware budgetLimited software licensingResource contention with VMsCompromised developer agilityRealistic scale tests often challenging
Test and development on-premises
Developers
IT Admin
Develop, test, run your apps
Cost effective (pay for what you use)Improved developer agility with platform servicesReady to use gallery of imagesShip tested in realistic scale scenariosUse existing development tools & languagesAccess on-premise resources if necessary
Test and development using Windows Azure
Manage environment
Use VMsProvision VMs
Your Datacenter,or Your Hoster
Develop, test, run your appsStart VMs and app development in Azure
Easy VM portabilityIf it runs on Hyper-V, it runs in Windows Azure
Production environment
Deploy anywhere with no lock-in
Move from SharePoint 2007 to SharePoint 20013 across 18 different business units, spread across 12 countries
Quickly create a large Sharepoint farm for Dev/test within time and cost limits
Challenges
Limitless resources for Dev/Test
Speed: Build a Sharepoint farm in days not weeks
Low cost, scale up and down as needed
Familiar tools and automation via PowerShell
Portability: On-premises or at Hoster as needed
Benefits
“We needed to take a new approach and Windows Azure Virtual Machines provided the right solution for our business.”– Andreas Hogberg, Telenor
43
Extend your infrastructure
Test drive your apps
Store, backup, recover your data
Reach where your datacenter won’t
3Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
4
Store, backup, recover your data
Scenarios to get started with Windows Azure
Extend your infrastructure
Windows Azure Infrastructure ServicesVirtual Machines with on-demand scale & compute
Spin up and tear down in minutes, no hardware provisioning
Connect with on-premises Active Directory and domains
Integrates Windows Azure Virtual Networks
Use what you know, manage with System Center
Integrates with Azure Platform, Apps, and Storage Services
Virtual Network
Your Datacenter
Internet
Active Directory
SharePointSQL Server
Windows Azure
45
Extend your infrastructure
Test drive your apps
Store, backup, recover your data
Reach where your datacenter won’t
3Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
4
Store, backup, recover your data
Scenarios to get started with Windows Azure
Reach where your datacenter won’t
Windows Azure Websites
Websites with global reachBuild websites with global scaleBuilt-in support for open web frameworksManaged by Microsoft
Improve performance with Traffic Manager
Get Started
http://WindowsAzure.com
HYBRID CLOUDSAMPLE ARCHITECTURES
High Availability / Disaster RecoveryHybrid StorageIaaS / PaaSIdentity / Access Management Multi Factor AuthenticationSharePoint (Dev/Test, Recovery, Continuity)Database (Dev/Test, Recovery, Continuity)
Windows Azure Backup (<1TB)
File Server
SQL
Exchange
Recovery
Encrypted Backup
VPN
Windows BackupSC Data Protection
Manager
Hyper-V Recovery Manager
System Center Virtual MachineManager
AD
SQLExchangeRecover
yplan
Health Monitor System Center Virtual MachineManager
AD
SQLExchange
Site A Site BHyper-V Replica
Orchestrated Recovery in case of outage
Manage
Hybrid Cloud Scenarios
StoreSimple
Cloud Integarted
Storage100 up to 550
TB
Benefits• Consolidates primary,
archive, backup, DR thru seamless integration with Azure
• Cloud Snapshots • De duplication• Compression • Encryption• Reduces enterprise storage
TCO by 60–80%
Warm data on
SAS Local Tier
Most Active Data
on SSD
Application
Servers
StorSimple – Cloud Storage
Encrypted Backup
Service Cert
Recovery
Policies
Automation
2 up to 20 TB
De duplicated
De duplicated & Compressed
De duplicated, Compressed & Encrypted
VPN
Hybrid Cloud Scenarios
StoreSimple
Archive Data
Benefits• Consolidates primary,
archive, backup, DR thru seamless integration with Azure
• Cloud Snapshots • De duplication• Compression • Encryption• Reduces enterprise storage
TCO by 60–80%
Warm data on
SAS Local Tier
Most Active Data
on SSDEncrypted
Backup
Recovery
De duplicated
De duplicated & Compressed
De duplicated, Compressed & Encrypted
VPN
StorSimple Cloud Storage
File / Application
Servers
Archiving • Live Backups, Archives, and Disaster Recovery
• Dramatic Cost Reduction
• No Changes to Application Environment
File / Application
Servers
File shares • File share with integrated data protection
• All-in-one primary data + backup + live archives + DR with de-duplication & Compression
Policies
AutomatedService Cert
Encrypted
SharePoint
• SharePoint storage on StorSimple + Azure
• StorSimple SharePoint Database Optimizer
• Improved performance & scalability
Currently in use
Sporadic use
Archived for RetentionHyper-V or vSphere
• Control Virtual Sprawl• Cloud-as-a-tier• Offload storage footprint• VMware Storage DRS
Storage pools• Virtual Machine Archive• Regional VM Storage
Virtual Environment
Hybrid Cloud Scenarios
Platform as a Service (Connected Devices)
Connected Devices
Collect / Decode
Load Balancin
g
AutoScalin
g
Worker Roles
INGRESS NODES
Filter / Analyze / Aggregate
ANALYTICS NODE
AutoScalin
g
Worker Roles
AzureStorag
e
Record Reporting / BI
CONSUME
AzureStorage
SQLAzure
Analytics&
Reporting
Infrastructure as a Service (3-Tier highly available example)
Availability Set
Load Balancin
g
AutoScalin
g
Tier 1
Availability Set
Tier 2
AutoScalin
g
SharePoint
Availability Set
Tier 3
AzureStorage
SQLAzure
Analytics&
Reporting
ManagementCert
Service Cert
VPN
VPN
Web Site
MobileServic
e
HDInsight
(Hadoop)
Storage BLOB
StorageTable
StorageQueue
Virtual Machine
s
VHD
Windows Azure Cache
Windows Azure CDN
Windows Azure AD
Notification Hub
Active Directory
Users
Windows Azure SDK
Developers
On Premises
Windows Azure Active Directory
Consumer identity
providersActive Directory
PCs and devices
Microsoft apps
3rd party clouds/hostingAD
ISV/CSV apps
Custom LOB apps
Encrypted Synchronization
Hybrid Cloud Scenarios
User attributes are synchronized using DirSync including the password hash, Authentication is completed against Windows Azure Active Directory
DirSync with password hash
sync
Windows Azure AD - Cloud Authentication
Multi-Factor Authentication can be configured through Windows Azure A
D
Active Directory
Windows Azure AD - Federated Authentication
Multi-Factor Authentication can be configured through the AD FS integration with Windows Azure
User attributes are synchronized using DirSync, Authentication is passed back through federation and completed against Windows Server Active Directory
Active DirectoryAD
DirSync
AD FS
Hybrid Cloud ScenariosWindows Azure Multi-Factor Authentication
Active Directory
ADADFS / SAMLMulti-Factor
AuthenticationServer
Cloud AppsMulti-FactorAuthenticationServer
Corporate devices
On Premises Applications
BYOD / Personal devices
.NET, Java, PHP, …
• Built-in• SDK for integration• Strong multi Factor
Authentication• Real Time Fraud Alert• Reporting, Logging & Auditing• Enables compliance with NIST
800-63 Level 3, HIPAA, PCI DSS, and other regulatory requirements
SharePoint Development / Test
VPN
Remote UsersAdmin
Active Directory
SQL Server Hybrid Cloud Scenarios
SQL Backup/Recovery
SQL Backup tool for legacyManual Console BackupManaged Backups
Management Portal
VPN / Encrypted Data
SQL Backup tool for legacyManual Console BackupManaged Backups
SQL Business ContinuityPrimar
ySecondar
yAsynchronous
Commit
Console 2014 / Scripts 2012
VPN
BackupAvailability GroupsPeriodic SnapshotsGeo Replication
Disaster Recovery
Powering BI Apps
SQL DevelopmentPublishCompareSyncImport / ExportRegister / Unregister
Management Portal
VPN Dispersed Teams
NEXT STEPS
Potential Next StepsExplore potential scenarios - Center of Excellence
Architectural Design Session - Microsoft Technology
CenterDefine and build a proof of concept (At MTC or customer lab)
Setup Quick Test ScenariosDisaster Recovery, Test/Dev or Storage for Azure
Setup High Business Impact Test ScenariosSQL, SharePoint, Web, File share
7 Clicks to Create a VM in Azure
Getting Started with Virtual MachinesMultiple options toget started…
Management Portal
>_Scripting
(Windows, Linux and Mac)
REST API
Azure Demo
59
LoginI have previously set up an Azure Account.
http://manage.windowsazure.com/
Also seehttp://www.windowsazure.com/en-us/
Azure Demo
60
Click #1
Click “+NEW”
Azure Demo
61
Click #2Click VIRTUAL MACHINE
http://manage.windowsazure.com/
Click #3Click FROM GALLERY
Azure Demo
62
Click #4Choose a Server Operating System
Click Windows Server 2012
Azure Demo
63
Click #5Input a desired VM Name
Click Next (right arrow)
Azure Demo
64
No Clicks YetInput a desired DNS Name
Choose the Geo Location of the Microsoft Datacenter where you want your VM(s) to be located
Azure Demo
65
Click #6
I have chosen EAST US as my Geo Location
Click Next (right arrow)
Azure Demo
66
Choose an Availability Set
Click #7 to Provision the New VM
FINISHED
Azure Demo
67
Now the Provisioning Process StartsMy New Virtual Machine, hosted in Windows Azure’s United States-based Datacenter(s) is being provisioned.
Azure Demo
68
My New VM is DoneNow my VM is accessible through RDP
Azure Demo
69
Click Once on Your VM to Monitor it
Azure Demo
70
This is a view of the default Azure-based VM Monitor Dashboard
How it WorksSelect from Image Gallery
Create new VM from image gallery
Virtual Machine booted. Changes direct-write
to blob storage
Log in toWindows Azure
Management Portal
The image is copied toyour blob storage account
How it WorksBring your own custom VHD
Upload image to blob storage
Virtual Machine booted. Changes direct-write to
blob storage
Create your own VHD
Create a Virtual Machine by attaching to disk
