Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Extend your datacenter with Microsoft Azure Tomáš „Kanty“ Kantůrek [email protected] Modules • Base Modules • Why Care about Microsoft Azure • Getting Started with IaaS • Getting Started with IaaS Workloads • Getting Started with IaaS Networking • Getting Started with Azure Storage • Expansion Modules • Hybrid cloud with Microsoft Azure Resources Aka.ms/Azure-CZ 3 A lap around Microsoft Azure for an Infrastructure Professional Why Microsoft Azure? Cloud Computing Patterns Cloud Computing Cloud innovation presents challenges for IT Think AND not OR Virtualization Identity Development Data Platform DevOps and mgmt Global Presence and Scale Major datacenter CDN node Live sub-region Announced sub-region Partner-operated sub-region Azure Building Blocks Scenarios Store, backup, recover your data Develop, test, run your apps Extend your infrastructure Reach where your datacenter won’t Getting Started with IaaS IaaS Terminology • IaaS – Infrastructure as a service – • You have control over your VMs and the network configuration, but don’t have to worry about hardware. • Cloud Service (in this context) – • A container or management grouping. Every virtual machine is contained within a cloud service. • Microsoft Azure Virtual Machines – IaaS. • You can provision, migrate, and manage VMs. VMs can run Windows, Linux, and enterprise applications. • Microsoft Azure Virtual Network – • The networking overlay that allows you to create and manage virtual networks in Microsoft Azure and securely connect them to your own on-premises network. Virtual Machines Sample Images Available Microsoft Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 SQL Server 2012 SQL Server 2014 BizTalk Server 2013 SharePoint 2013 Visual Studio 2013 Open Source Enterprise or Standard versions of Web Logic Server 12c or 11g Database 12c or 11g OpenSUSE 12.3 CentOS 6.3 Ubuntu 12.04/12.10/13.04 SUSE Linux Enterprise Server 11 SP3 IaaS Management • Windows Azure PowerShell • Set of cmdlets for managing all objects • PowerShell remoting to manage hosted VM’s with local PowerShell • • • • • • or PowerShell ISE. Server Manager (hosted in VM or local) VPN connections to hosted networks RDP to VM desktop Telnet or SSH (Linux) Platform specific tools (SQL Management Studio/Visual Studio) 3rd Party/Community Tools Getting started with Workloads Microsoft Azure Data Management Microsoft SQL Azure Service Provisioning Model • Each account has zero or more servers Account • Azure wide, provisioned in a common portal • Billing instrument • Each server has one or more databases Server • • • • Contains metadata about the databases and usage Unit of authentication Unit of Geo-location Generated DNS based name • Each database has standard SQL objects Database • • • • Unit of consistency Unit of multi-tenancy Contains Users, Tables, Views, Indices, etc. Most granular unit of billing Why use Microsoft Azure web sites Azure web sites – Easily scale Web sites Web sites Web sites RESERVED INSTANCE Web sites auto-scaling What is Azure Active Directory? • A comprehensive identity and access management cloud solution. • It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers • Azure Active Directory Premium is an advanced offering that includes IAM capabilities for on-premises, hybrid and cloud environments Public Identity as the control point Active Directory Azure Active Directory Premium Built on top of the free offering, provides a robust set of capabilities to empower enterprises with demanding needs on identity and access management Additionally, Azure AD premium offers: • An Enterprise SLA of 99.9% • Usage rights to Identity Manager Server and CALs Common Identity with Sync and Federation Synchronization Write back of attributes to support cloud first and co-existence User attributes are synchronized including the password hash, Authentication can be completed against either Azure or Windows Server Active Directory Federation AD FS provides conditional access to resources, Work Place Join for device registration and integrated Multi-Factor Authentication User attributes are synchronized, Authentication is passed back through federation and completed against Windows Server Active Directory Microsoft Azure Virtual Network DIPS and VIPS There are multiple ways to access a VM by IP address VIP – Virtual IP address • • • An internet-facing IP address that is not bound to a specific computer or network interface card. The cloud service that the VM sits within is assigned the VIP. You can have multiple VMs in a cloud service. They share the same VIP. DIP – Dynamic IP address • • • This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You rely on DHCP – Do NOT statically configure your IP address. Even for DCs. The IP address lease directly equates to the lifetime of the VM. If you create a virtual network, the VM will receive its DIP from that range. IP Addresses Port Forwarding Input Endpoints foo.cloudapp.net VIP Input Endpoint Internal Endpoint Connectivity in Azure LB DNS Scenarios SQL Reporting Service SQL Analysis Service SQL Service Active Directory Web Tier UI Process Components Active Directory On-Premises Machine Business Components & Entities Active Directory SQL Service Open User Access (Website) DC SharePoint FrontEnd DNS Domain joined to OnPremises Network Local DNS VM Role VM Role SQL VM Role VM Role Internet Search and Indes SQL Service VM Role SQL VM Role SQL Mirroring VM Role SharePoint FrontEnd On-Premises Machine Virtual Network Scenarios • Enterprise app in Windows Azure requiring connectivity to on-premise resources • Manage identity and access control with on-premise resources (on-premises Active Directory) • Remote monitoring and trouble-shooting of resources running in Windows Azure • Cloud deployments requiring IP addresses and direct connectivity across services The “virtual” branch office Example: Contoso’s Deployment (10.1.0.0/16) (10.0.0.0/16) 10.2.2.0/24 131.57.23.120 10.2.3.0/24 65.52.249.22 10.1.0.4 10.1.1.4 10.0.0.10 10.0.0.11 (10.2.0.0/16) 10.2.2.0/24 10.2.3.0/24 Windows Azure Storage Exposed via RESTful Web Services Microsoft Azure Storage Account Can CDN Enable Account Blobs delivered via 24 global CDN nodes Can co-locate storage account with compute account Explicitly or using affinity groups Accounts have two independent 512 bit shared secret keys 500 TBs per account Storage Security HTTPS endpoint Digitally sign requests for privileged operations Can be regenerated independently More granular security via Shared Access Signatures Windows Azure Storage Abstractions Blob Storage Concepts Microsoft Azure Drives Use existing NTFS APIs to access a network attached durable drive Use System.IO from .NET Move existing apps using NTFS more easily to the cloud Durability and survival of data on instance recycle Drives can be up to 1TB Mounts Page Blob over the network as an NTFS drive Local cache on instance for read operations All flushed and unbuffered writes to drive are made durable to the Page Blob Microsoft Azure Drive Capabilities Can’t remotely mount drive Can upload the VHD to a Page Blob using the blob interface, and then mount it as a Drive Can download the VHD to a local file and mount locally Only one instance at a time for read/write Using read-only snapshots to multiple instances at once Uploading VHD’s • Three steps • Create VHD (Not VHDX) locally, sysprep if OS image. • Add-AzureVHD • Upload VHD file to blob storage • Add-AzureDisk • Register VHD as disk image, available to attach to VM. • Add-AzureVMImage • Adds VHD containing sysprepped image to the image repository Managing Storage • Storage managed through many third party tools • http://blogs.msdn.com/b/windowsazurestorage/archive/2014/03/1 1/windows-azure-storage-explorers-2014.aspx • Storage explorers require the Azure storage key Virtual Network Features • • • “Bring your own IPv4 addresses” Control over placement of Windows Azure Roles within the network Stable IPv4 addresses for VMs • • Automated provisioning & management Support existing on-premises VPN devices • • Enables customers to use their on-premise DNS servers for name resolution Enables VMs running in Windows Azure to be joined to corporate domains running on-premise (use your on-premise Active Directory) Local Network • An IP address range which represents the IP subnets on your local networks, used to build routing tables. VPN Configuration • Azure provides gateway and configuration script • Run configuration script on local device • RRAS, Cisco, or Juniper devices • RRAS as a Powershell script. • Connection uses L2TP with shared secret authentication • Manage shared secret in Microsoft Azure. Example Deployment (10.1.0.0/16) (10.0.0.0/16) 10.2.2.0/24 131.57.23.120 10.2.3.0/24 65.52.249.22 10.1.0.4 10.1.1.4 10.0.0.10 10.0.0.11 (10.2.0.0/16) 10.2.2.0/24 10.2.3.0/24 Multiple VPNs and Hybrid Site to Site http://msdn.microsoft.com/en-us/library/azure/dn690124.aspx Public Identity as the control point Active Directory Introducing Windows Azure Backup Simple and reliable server backup to the cloud • Offsite data protection in Windows Azure storage. • Data is encrypted and secure. • Efficient use of network and storage resources. • Enhances Microsoft backup tools with cloud backup capabilities. Backup and restore database to the cloud SQL Server Management Studio Benefits Reliable off-site data backup for SQL images Easily restore databases using VMs Backup datacenter data to Windows using System Center Data Protection Manager Backup and recover files/folders from Windows Server 2012 SP1 / R2 Your On-Premises Datacenter Benefits Reliable offsite data protection Simple, familiar, integrated Efficient backup and recovery Easy set up How Windows Azure Backup works 1. Sign up 2. Install agent 4. Back up encrypted data Window Server 2012 5. Recover to the same or a different server ` How Windows Azure Backup works 1. Sign up 2. Install agent 4. Back up encrypted data System Center DPM Server 5. Recover to the same or a different server Hybrid Cloud Storage Architecture PUBLIC CLOUD ON PREMISES DATA CENTER Application or File servers SSD StorSimple CiS Block-based storage SAS Object storage Automated tiering Application or File servers Linear Data Deduplicated Data Deduplicated & compressed Data Deduplicated, compressed, & Encrypted Data SSD SAS The oldest block in the tier is the first to move to the next tier Replicate Hyper-V VMs from a Primary to a Replica site Replicate to 3rd Location for Extra Level of Resiliency • Once a VM has been successfully replicated to the replica site, replica can be replicated to a 3rd location • Chained Replication • Extended Replica contents match the original replication contents • Extended Replica replication frequencies can differ from original replica • Useful for scenarios such as SMB -> Service Provider -> Service Provider DR Site Introducing Windows Azure Site Recovery How it works: configure Sign up Site A System Center Virtual Machine Manager Create a recovery plan System Center Virtual Machine Manager Site B AD SQL Exch How it works: create recovery plan Configure Health monitoring Create recovery plan Create a recovery plan Site A System Center Virtual Machine Manager AD SQL Exch Hyper-V Replica replicates virtual machines System Center Virtual Machine Manager Site B How it works: recover from datacenter failure Create a recovery plan Create recovery plan Orchestrates recovery of services in the event of an outage System Center Virtual Machine Manager Microsoft Azure Site B AD SQL Exch Flexible delegation with single sign-on Self-service visibility for application services across on-premises, service provider, and Windows Azure Easy VM and workload portability from on-premises to Windows Azure (including SharePoint and SQL) Deep infrastructure and workload insight VMware vSphere Windows Server 2012 Operations Manager & Azure IaaS Treat as normal server, including using a SCOM agent PaaS Monitoring is agentless, use normal API and diagnostics for monitoring (and uses certificate for authentication) System Center Operations Manager + Management Pack for Windows Azure Azure-integrated insight with Global Service Monitor (GSM) Customer datacenter ! Azure Integration Pack Private Cloud Service Provider Azure automation Integration Integrate into existing systems with PowerShell integration modules Build additional PS modules to enable integrating into other systems Orchestration Accelerate time to value with flexible process workflows Automation Azure Automation Capabilities Runbook Authoring in Azure: Highly Available Engine: Integration into other systems: Create runbooks to automate all aspects of cloud operations, from deployment, monitoring, and optimizations Support requirements for scale and H/A. Built on PowerShell Workflow. Isolation for runbook jobs Import PS modules and create additional modules and runbooks for Azure services or to connect into 3rd party systems Azure Automation Monitoring Systems Change Control Systems Anything Azure Automation Scenarios Change Control & Provisioning Patch Azure IaaS VMs without downtime, leveraging Traffic manager. Enable regeneration of storage account keys while avoiding downtime in the application. SQL Backup on a schedule. Backup and restore IaaS VMs. Deploy a VM on an Azure / OnPremise cloud and enable monitoring for the VM. Deploy a new service to Azure and configure the end points for CPU and Memory alerts. Deploy application from Git, run validation tests, and swap to production if tests pass. Monitor SharePoint online for an approval to update a service and update the service once approved. Alert on a VM then turn on tracing, collect logs, upload to Azure Storage and make available in Visual Studio for troubleshooting. Monitor for when a new service gets created, and configure it for the right tracing / backup policy. Notify users of a subscription who have underutilized VMs and perform remediation. If you think you will do a task twice – automate it! Materiály ke stažení, virtuální laby, zkušební verze http://aka.ms/Azure-CZ Denní zpravodajství a technické informace v češtině http://aka.ms/technetcz (pro IT odborníky) http://aka.ms/msdncz (pro vývojáře) Pravidelný souhrn novinek v češtině 1x měsíčně MSDN newsletter (pro vývojáře) TechNet Flash (pro IT odborníky) Záznamy z akcí, videa, screencasty, návody Channel9 Microsoft Virtual Academy www.mva.ms