Download Cloud Service

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
Document related concepts

Server Message Block wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Lag wikipedia , lookup

Games for Windows – Live wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Hyper-V wikipedia , lookup

Transcript 
Extend your datacenter with
Microsoft Azure
Tomáš „Kanty“ Kantůrek
[email protected]
Modules
• Base Modules
• Why Care about Microsoft Azure
• Getting Started with IaaS
• Getting Started with IaaS Workloads
• Getting Started with IaaS Networking
• Getting Started with Azure Storage
• Expansion Modules
• Hybrid cloud with Microsoft Azure
Resources
Aka.ms/Azure-CZ
3
A lap around Microsoft Azure for an Infrastructure Professional
Why Microsoft Azure?
Cloud Computing Patterns
Cloud Computing
Cloud innovation presents challenges for IT
Think AND not OR
Virtualization
Identity
Development
Data
Platform
DevOps
and mgmt
Global Presence and Scale
Major datacenter
CDN node
Live sub-region
Announced sub-region
Partner-operated sub-region
Azure Building Blocks
Scenarios
Store, backup, recover your data
Develop, test, run your apps
Extend your infrastructure
Reach where your datacenter won’t
Getting Started with IaaS
IaaS Terminology
• IaaS – Infrastructure as a service –
• You have control over your VMs and the network configuration, but don’t have
to worry about hardware.
• Cloud Service (in this context) –
• A container or management grouping. Every virtual machine is contained
within a cloud service.
• Microsoft Azure Virtual Machines – IaaS.
• You can provision, migrate, and manage VMs. VMs can run Windows, Linux,
and enterprise applications.
• Microsoft Azure Virtual Network –
• The networking overlay that allows you to create and manage virtual networks
in Microsoft Azure and securely connect them to your own on-premises
network.
Virtual Machines
Sample Images Available
Microsoft
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
SQL Server 2012
SQL Server 2014
BizTalk Server 2013
SharePoint 2013
Visual Studio 2013
Open Source
Enterprise or Standard versions of
Web Logic Server 12c or 11g
Database 12c or 11g
OpenSUSE 12.3
CentOS 6.3
Ubuntu 12.04/12.10/13.04
SUSE Linux Enterprise Server 11 SP3
IaaS Management
• Windows Azure PowerShell
• Set of cmdlets for managing all objects
• PowerShell remoting to manage hosted VM’s with local PowerShell
•
•
•
•
•
•
or PowerShell ISE.
Server Manager (hosted in VM or local)
VPN connections to hosted networks
RDP to VM desktop
Telnet or SSH (Linux)
Platform specific tools (SQL Management Studio/Visual Studio)
3rd Party/Community Tools
Getting started with Workloads
Microsoft Azure Data Management
Microsoft SQL Azure
Service Provisioning Model
• Each account has zero or more servers
Account
• Azure wide, provisioned in a common portal
• Billing instrument
• Each server has one or more databases
Server
•
•
•
•
Contains metadata about the databases and usage
Unit of authentication
Unit of Geo-location
Generated DNS based name
• Each database has standard SQL objects
Database
•
•
•
•
Unit of consistency
Unit of multi-tenancy
Contains Users, Tables, Views, Indices, etc.
Most granular unit of billing
Why use Microsoft Azure web sites
Azure web sites – Easily scale
Web sites
Web sites
Web sites
RESERVED INSTANCE
Web sites
auto-scaling
What is Azure Active Directory?
• A comprehensive identity and access management cloud
solution.
• It combines directory services, advanced identity governance,
application access management and a rich standards-based
platform for developers
• Azure Active Directory Premium is an advanced offering that
includes IAM capabilities for on-premises, hybrid and cloud
environments
Public Identity as the control point
Active Directory
Azure Active Directory Premium
Built on top of the free offering, provides a
robust set of capabilities to empower
enterprises with demanding needs on identity
and access management
Additionally, Azure AD premium offers:
• An Enterprise SLA of 99.9%
• Usage rights to Identity Manager Server
and CALs
Common Identity with Sync and Federation
Synchronization
Write back of attributes to support cloud first
and co-existence
User attributes are synchronized including the password hash,
Authentication can be completed against either Azure or Windows
Server Active Directory
Federation
AD FS provides conditional access to
resources, Work Place Join for device
registration and integrated Multi-Factor
Authentication
User attributes are synchronized, Authentication is
passed back through federation and completed against
Windows Server Active Directory
Microsoft Azure Virtual Network
DIPS and VIPS
There are multiple ways to access a VM by IP address
VIP – Virtual IP address
•
•
•
An internet-facing IP address that is not bound to a specific computer or network interface card.
The cloud service that the VM sits within is assigned the VIP.
You can have multiple VMs in a cloud service. They share the same VIP.
DIP – Dynamic IP address
•
•
•
This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You
rely on DHCP – Do NOT statically configure your IP address. Even for DCs.
The IP address lease directly equates to the lifetime of the VM.
If you create a virtual network, the VM will receive its DIP from that range.
IP Addresses
Port Forwarding Input Endpoints
foo.cloudapp.net  VIP
Input Endpoint
Internal Endpoint
Connectivity in Azure
LB
DNS Scenarios
SQL
Reporting
Service
SQL
Analysis
Service
SQL
Service
Active Directory
Web Tier
UI Process
Components
Active Directory
On-Premises
Machine
Business Components
& Entities
Active Directory
SQL Service
Open User
Access (Website)
DC
SharePoint
FrontEnd
DNS
Domain joined to OnPremises Network
Local DNS
VM Role
VM Role
SQL
VM Role
VM Role
Internet
Search and
Indes
SQL Service
VM Role
SQL
VM Role
SQL Mirroring
VM Role
SharePoint
FrontEnd
On-Premises Machine
Virtual Network Scenarios
• Enterprise app in Windows Azure requiring connectivity to on-premise resources
• Manage identity and access control with on-premise resources
(on-premises Active Directory)
• Remote monitoring and trouble-shooting of resources
running in Windows Azure
• Cloud deployments requiring IP addresses
and direct connectivity across services
The “virtual” branch office
Example: Contoso’s Deployment
(10.1.0.0/16)
(10.0.0.0/16)
10.2.2.0/24
131.57.23.120
10.2.3.0/24
65.52.249.22 10.1.0.4
10.1.1.4
10.0.0.10
10.0.0.11
(10.2.0.0/16)
10.2.2.0/24
10.2.3.0/24
Windows Azure Storage
Exposed via RESTful Web Services
Microsoft Azure Storage Account
Can CDN Enable Account
Blobs delivered via 24 global CDN nodes
Can co-locate storage account with compute account
Explicitly or using affinity groups
Accounts have two independent 512 bit shared secret keys
500 TBs per account
Storage Security
HTTPS endpoint
Digitally sign requests for privileged operations
Can be regenerated independently
More granular security via Shared Access Signatures
Windows Azure Storage Abstractions
Blob Storage Concepts
Microsoft Azure Drives
Use existing NTFS APIs to access a network attached durable drive
Use System.IO from .NET
Move existing apps using NTFS more easily to the cloud
Durability and survival of data on instance recycle
Drives can be up to 1TB
Mounts Page Blob over the network as an NTFS drive
Local cache on instance for read operations
All flushed and unbuffered writes to drive are made durable to the Page Blob
Microsoft Azure Drive Capabilities
Can’t remotely mount drive
Can upload the VHD to a Page Blob using the blob interface, and
then mount it as a Drive
Can download the VHD to a local file and mount locally
Only one instance at a time for read/write
Using read-only snapshots to multiple instances at once
Uploading VHD’s
• Three steps
• Create VHD (Not VHDX) locally, sysprep if OS image.
• Add-AzureVHD
• Upload VHD file to blob storage
• Add-AzureDisk
• Register VHD as disk image, available to attach to VM.
• Add-AzureVMImage
• Adds VHD containing sysprepped image to the image repository
Managing Storage
• Storage managed through many third party tools
• http://blogs.msdn.com/b/windowsazurestorage/archive/2014/03/1
1/windows-azure-storage-explorers-2014.aspx
• Storage explorers require the Azure storage key
Virtual Network Features
•
•
•
“Bring your own IPv4 addresses”
Control over placement of Windows Azure Roles within the network
Stable IPv4 addresses for VMs
•
•
Automated provisioning & management
Support existing on-premises VPN devices
•
•
Enables customers to use their on-premise DNS servers for name resolution
Enables VMs running in Windows Azure to be joined to corporate domains running
on-premise (use your on-premise Active Directory)
Local Network
• An IP address range which represents the IP subnets on
your local networks, used to build routing tables.
VPN Configuration
• Azure provides gateway and configuration script
• Run configuration script on local device
• RRAS, Cisco, or Juniper devices
• RRAS as a Powershell script.
• Connection uses L2TP with shared secret authentication
• Manage shared secret in Microsoft Azure.
Example Deployment
(10.1.0.0/16)
(10.0.0.0/16)
10.2.2.0/24
131.57.23.120
10.2.3.0/24
65.52.249.22 10.1.0.4
10.1.1.4
10.0.0.10
10.0.0.11
(10.2.0.0/16)
10.2.2.0/24
10.2.3.0/24
Multiple VPNs and Hybrid Site to Site
http://msdn.microsoft.com/en-us/library/azure/dn690124.aspx
Public Identity as the control point
Active Directory
Introducing
Windows Azure Backup
Simple and reliable server backup to the cloud
• Offsite data protection in Windows Azure
storage.
• Data is encrypted and secure.
• Efficient use of network and storage
resources.
• Enhances Microsoft backup tools with cloud
backup capabilities.
Backup and restore database
to the cloud
SQL Server Management Studio
Benefits
Reliable off-site data backup
for SQL images
Easily restore databases
using VMs
Backup datacenter data to Windows using
System Center Data Protection Manager
Backup and recover files/folders from
Windows Server 2012 SP1 / R2
Your On-Premises Datacenter
Benefits
Reliable offsite data protection
Simple, familiar, integrated
Efficient backup and recovery
Easy set up
How Windows Azure Backup works
1. Sign up
2. Install agent
4. Back up encrypted data
Window Server 2012
5. Recover to the same or a different server `
How Windows Azure Backup works
1. Sign up
2. Install agent
4. Back up encrypted data
System Center
DPM Server
5. Recover to the same or a different server
Hybrid Cloud Storage Architecture
PUBLIC
CLOUD
ON PREMISES DATA CENTER
Application or File servers
SSD
StorSimple
CiS
Block-based
storage
SAS
Object
storage
Automated tiering
Application or File
servers
Linear Data
Deduplicated Data
Deduplicated &
compressed Data
Deduplicated,
compressed, &
Encrypted Data
SSD
SAS
The oldest block in the
tier is the first to move
to the next tier
Replicate Hyper-V VMs from
a Primary to a Replica site
Replicate to 3rd Location for
Extra Level of Resiliency
•
Once a VM has been successfully
replicated to the replica site, replica
can be replicated to a 3rd location
•
Chained Replication
•
Extended Replica contents match the
original replication contents
•
Extended Replica replication frequencies
can differ from original replica
•
Useful for scenarios such as SMB ->
Service Provider -> Service Provider DR
Site
Introducing Windows Azure
Site Recovery
How it works: configure
Sign up
Site A
System Center
Virtual Machine
Manager
Create a recovery plan
System Center
Virtual Machine
Manager
Site B
AD
SQL
Exch
How it works: create recovery plan
Configure
Health
monitoring
Create
recovery
plan
Create a recovery plan
Site A
System Center
Virtual Machine
Manager
AD
SQL
Exch
Hyper-V Replica
replicates virtual
machines
System Center
Virtual Machine
Manager
Site B
How it works: recover from datacenter failure
Create a recovery plan
Create
recovery
plan
Orchestrates recovery
of services in the
event of an outage
System Center
Virtual Machine
Manager
Microsoft Azure
Site B
AD
SQL
Exch
Flexible delegation with single sign-on
Self-service visibility for application services
across on-premises, service provider, and
Windows Azure
Easy VM and workload portability from
on-premises to Windows Azure
(including SharePoint and SQL)
Deep infrastructure and workload insight
VMware vSphere
Windows Server 2012
Operations Manager & Azure
IaaS
Treat as normal server,
including using a SCOM
agent
PaaS
Monitoring is agentless,
use normal API and
diagnostics for
monitoring
(and uses certificate for
authentication)
System
Center
Operations
Manager
+ Management
Pack for
Windows Azure
Azure-integrated insight with
Global Service Monitor (GSM)
Customer
datacenter
!
Azure
Integration
Pack
Private Cloud
Service
Provider
Azure automation
Integration
Integrate into existing systems
with PowerShell integration
modules
Build additional PS modules to
enable integrating into other
systems
Orchestration
Accelerate time to value
with flexible process
workflows
Automation
Azure Automation Capabilities
Runbook Authoring in Azure:
Highly Available Engine:
Integration into other systems:
Create runbooks to automate all aspects of
cloud operations, from deployment, monitoring,
and optimizations
Support requirements for scale and H/A.
Built on PowerShell Workflow. Isolation for
runbook jobs
Import PS modules and create additional
modules and runbooks for Azure services or to
connect into 3rd party systems
Azure
Automation
Monitoring
Systems
Change
Control
Systems
Anything 
Azure Automation Scenarios
Change Control &
Provisioning
Patch Azure IaaS VMs without
downtime, leveraging Traffic
manager.
Enable regeneration of storage
account keys while avoiding
downtime in the application.
SQL Backup on a schedule.
Backup and restore IaaS VMs.
Deploy a VM on an Azure / OnPremise cloud and enable
monitoring for the VM.
Deploy a new service to Azure and
configure the end points for CPU
and Memory alerts.
Deploy application from Git, run
validation tests, and swap to
production if tests pass.
Monitor SharePoint online for an
approval to update a service and
update the service once approved.
Alert on a VM then turn on
tracing, collect logs, upload to
Azure Storage and make available
in Visual Studio for
troubleshooting.
Monitor for when a new service
gets created, and configure it for
the right tracing / backup policy.
Notify users of a subscription who
have underutilized VMs and
perform remediation.
If you think you will do a
task twice – automate it!
Materiály ke stažení, virtuální laby,
zkušební verze
http://aka.ms/Azure-CZ
Denní zpravodajství a technické
informace v češtině
http://aka.ms/technetcz (pro IT odborníky)
http://aka.ms/msdncz (pro vývojáře)
Pravidelný souhrn novinek v češtině 1x
měsíčně
MSDN newsletter (pro vývojáře)
TechNet Flash (pro IT odborníky)
Záznamy z akcí, videa, screencasty,
návody
Channel9
Microsoft Virtual
Academy
www.mva.ms
Related documents
Microsoft Azure Overview - Purdue University :: Computer Science
Microsoft Azure Overview - Purdue University :: Computer Science
Windows Azure Pack Overview
Windows Azure Pack Overview
NAV-17 Dynamics NAV 2016 on Azure SQL
NAV-17 Dynamics NAV 2016 on Azure SQL
on Azure - Alfresco
on Azure - Alfresco
Data science conference
Data science conference
Big Data
Big Data
Messaging Framework - Microsoft Center
Messaging Framework - Microsoft Center
Running Java and Oracle Applications on Azure
Running Java and Oracle Applications on Azure
The Microsoft Architecturefor the Internet of Things (IoT)
The Microsoft Architecturefor the Internet of Things (IoT)
Flying Through the Clouds Performance Tuning in Azure
Flying Through the Clouds Performance Tuning in Azure