Your Journey To Azure Infrastructure In Three Steps · Dynamic (default) and Static allocation type...

10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES

Your Journey To Azure

Infrastructure In Three

Steps


Thank you Sponsors #ThriveITconf

Silver

Evening event sponsor

Material

Media

http://www.racunalniske-novice.com/


Today

0. Organizing Subscription Resources

1. Networking

2. Compute

3. Storage


Organizing SubscriptionResources


Azure Networking

* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com

APP SERVICES

NETWORKING & AUTOMATION SERVICES

COMPUTE SERVICES DATA SERVICES

Azure

Web

Site

web

roles

worker

roles

Virtual

Machines

Azure

Mobile

Services

TFS or

VS Online

+ GIT

Azure

AD

Multi-Factor

Auth

Azure

Cache

Access

Control

BizTalk

Services

Media

Services

Service

Bus

Notification

Hub

Scheduler

Virtual

network

Automation CDNAvailability

Set

Azure load

balancer

Auto-

scale

Traffic

ManagerNetworking, compute, storage, app services, automation, disaster recover, dev, test…

On Premises Private Cloud

AutomationHealth Monitoring

Site-to-site VPNPoint-to-site VPN

ExpressRoute

SANStorage

Spaces/SMB

Server Group #1 Server Group #2

VIRTUALIZATION

COMPUTE,

STORAGE &

NETWORKING

Physical Infrastructure

(Servers/Storage/Networking

DEVICES &

FACILITIES

StorSimple

Cloud Integrated Storage

Azure Site

Recovery

StorSimple

Virtual

Appliance

Backup

Service

Gallery

OS images

VHD VHD data

disk

MySQL

database

SQL

Database

SQL

Data

Sync

HDInsight

(Hadoop)

storage

queue

storage

blob

storage

table

File ServerExchangeActiveDirectory

My SQL OracleLOB AppCommercial

AppSQL

APPLICATIONS &

SERVICESJEE App .NET App

Azure

Azurevirtual network

Users

Internet

Front-end access

Dynamic/reserved public IP addresses

Direct VM access, ACLs for security

Load balancing

DNS services: hosting, traffic management

DDoS protection

Virtual network

“Bring your own network”

Segment with subnets and network security groups

Control traffic flow with user defined routes

Backend connectivity

Point-to-site for dev/test

VPN Gateways for securesite-to-site connectivity

ExpressRoute for private enterprise-grade connectivity

Microsoft Azure

External Load Balancer

Internal Load Balancer

Database Servers VMs

Web Servers VMs

Front-end Subnet

Back-end Subnet

Azure Infrastructure

DNS

DC VM

Virtual Network

Enterprise

Router

Firewall

External Load Balancer

Internal Load Balancer

Database Servers

Web Servers

DMZ

Internal

An IP network but – in the cloud

The “same” as its on-premises twin-sister

A protected private virtual network in the cloud

The foundation for connectivity

The foundation for security

Microsoft Azure

Load Balancer

Load Balancer

Virtual Machines

Virtual Machines

Subnet 1

Subnet 2

Azure Infrastructure

VMs

VMs

Virtual Network

Create your own network, tailored to your needs

Logical isolation with control over network

Create subnets with your private or public IP address spaces

Use your own DNS or use Azure-provided DNS

Secure VMs with Network Security Groups

Have highly available services behind load balancer

Two types of IP addresses:Public

Private

Dynamic / Static

Dynamic (default) and Static allocation typeDynamic

• Not allocated when creating a resource

• Changed/released when you stop or delete the resource

• Changes when a resource starts

• From a pool of addresses

Static

• Address assigned when you create a resource

• Stays the same

• Deleting a resource or changing to dynamic releases the allocation

• Using: SSL certificates, IP security, keep DNS A RR’s the same, firewall rules

For internet traffic and Azure public exposed services, e.g. Azure Storage, SQL databases, Redis Cache

Virtual Machines

Exposed Load Balancers

VPN Gateways

Application Gateways

Have their own properties you can manage

DNS resolution for resolving FQDN to public IP of the resource (domainnamelabel.location.cloudapp.azure.com)

(Hint: use CNAME to customize the FQDN)

Assigned to Azure Load Balancer frontend (dynamic only)

Assigned to Application Gateway frontend (dynamic only)

https://www.microsoft.com/en-us/download/details.aspx?id=41653

Private IP address space:Standard IP address ranges (RFC 1918):

10.x.x.x (10.0.0.0/8 or 10.0.0.1-10.255.255.255)

172.16.x.x – 172.31.x.x (172.16.0.0/12 or 172.16.0.1- 172.31.255.255.)

192.168.x.x (192.168.0.0/16 or 192.168.0.1-192.168.255.255)

Avoid overlap with on-premises and other VNets

IP Subnets:The smallest supported size is /29

Use them to separate groups of virtual machines:

Security (Network Security Groups)

Name resolution:Azure DNS

Custom DNS

Dynamic (default) and Static allocation typeDynamic

• Change when you stop or delete the resource

• Using DHCP

Static

• Address assigned when you create a resource

• Stays the same

• Deleting a resource or changing to dynamic releases the allocation

• Using: SSL certificates, IP security, keep DNS A RR’s the same, firewall rules

For internal traffic, within Virtual Networks

Internal Load Balancers

Application Gateways

Using VPN Gateway for on-premises connectivity

ExpressRoute connectivity


Azure Compute

VM Type Sizes Description

General Purpose B, Dsv3,

Dv3, DSv2,

Dv2, Av2

Balanced CPU-to-memory ratio. Ideal for testing and development, small to

medium databases, and low to medium traffic web servers.

Compute

Optimized

Fsv2, Fs, F High CPU-to-memory ratio. Good for medium traffic web servers, network

appliances, batch processes, and application servers.

Memory

Optimized

Esv3, Ev3,

M, GS, G,

DSv2, Dv2

High memory-to-CPU ratio. Great for relational database servers, medium to

large caches, and in-memory analytics.

Storage Optimized Ls High disk throughput and IO. Ideal for Big Data, SQL, and NoSQL databases.

GPU NV, NC,

NCv2, NCv3,

ND

Specialized virtual machines targeted for heavy graphic rendering and video

editing, as well as model training and inferencing (ND) with deep learning.

Available with single or multiple GPUs.

High Performance

Compute

H Our fastest and most powerful CPU virtual machines with optional high-

throughput network interfaces (RDMA).

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-general

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-compute

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-compute

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-storage

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-gpu

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc


Azure Storage


Storage Services

• Offer four primary types of storage:• Blobs: VM disk files (VHDs) and unstructured data (images, media files, backups)

• Are available as block, page (VHDs), and append blobs.

• Tables: a semi-structured, NoSQL data store• Store massive amounts of row formatted data, facilitating lookups based on the partition and row

keys

• Queues: temporary message store• Facilitate decoupling components of distributed systems

• Files: managed file shares providing access via SMB 3.0

• An Azure Storage account:• serves as a logical boundary for storing different types of storage content

• can be configured as:• General purpose v1 – supports all four storage types but not storage tiers

• General purpose v2 – supports all four storage types and storage tiers (hot, cool, and archive)

• Blob storage – supports only block and append blobs and storage tiers (hot, cool, and archive)


Azure Storage Accounts

Storage (general purpose v1):• Can contain blobs (including Azure VM disks), tables, queues, files• Supports performance tiers: Standard and Premium

Blob storage:• Can contain blobs only• Supports access tiers: hot, cool, archive

Storage V2 (general purpose v2):• Can contain blobs (including Azure VM disks), tables, queues, files• Supports performance tiers: Standard and Premium • Supports access tiers: hot, cool, archive• Support upgrade from:

• Blob storage

• Storage (general purpose v1)


Standard and Premium Storage Accounts

Performance tiers:• Standard:

• Best for workloads that do not require high performance I/O

• Offer the lowest cost per GB

• Backed by magnetic drives (HDD)

• Premium (available exclusively for provisioning Azure VM disks):• Best for I/O-intensive workloads, such as databases.

• Offer consistent low-latency, high throughput/IOPS

• Backed by solid state drives (SSD)


Blob Storage

• Azure Storage types accessible directly from Azure VMs include:• Files

• Blobs

• Disks


Replication Options

• Locally-redundant storage (LRS):• The only replication option when using Premium performance tier

• Zone-redundant storage (LRS):

• Geo-redundant storage (GRS)

• Read-access geo-redundant storage (RA-RGS)


Locally Redundant Storage

Copies:• 3 in the same Azure facility

Strategy:• Data replicated synchronously across 3 replicas in the same Azure facility

Protection:• Localized hardware failures

Additional considerations:• LRS is an economical option if your data can be easily reconstructed

• LRS is the only available option if you use the Premium performance tier

• When using LRS, you should plan for an alternative recovery strategy


Geo-Redundant Storage

Copies:• Total of 6, with 3 per Azure region.

Strategy:• Data replicated synchronously across 3 replicas in the same Azure facility

• Data replicated synchronously within each region and asynchronously across regions.

Protection:• Localized hardware failures and region-wide disasters

Additional considerations:• With GRS, data in the secondary region becomes available for reads and writes

(via the primary endpoint) only after Microsoft initiates a failover from the primary region.

• With RA-GRS, data in the secondary region is always available for reads (via the secondary endpoint). It becomes available for writes (via the primary endpoint) only after Microsoft initiates a failover from the primary region.


Zone Redundant Storage

Copies:• 3 across different Azure facilities in separate zones in the same region.

Strategy:• Data replicated synchronously across 3 replicas in separate zones in the same

region.

Protection:• Localized hardware failures and failures of individual facilities

Additional considerations:• ZRS is not yet available in all regions.

• ZRS may not protect your data against a regional disaster where multiple zones are permanently affected.

• ZRS does not support Azure VM disk files


THANK YOU

Your Journey To Azure Infrastructure In Three Steps · Dynamic (default) and Static allocation type...

Documents

Transcript of Your Journey To Azure Infrastructure In Three Steps · Dynamic (default) and Static allocation type...