Cloud Camp: Infrastructure as a service advance workloads
•Download as PPTX, PDF•
1 like•612 views
We will cover the advance workload of Azure IAAS, storage, network, security and management
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Cloud Camp: Infrastructure as a service advance workloads
Similar to Cloud Camp: Infrastructure as a service advance workloads (20)
Recently uploaded
Recently uploaded (20)
Cloud Camp: Infrastructure as a service advance workloads
- 1. Cloud Valley CTO P-TSP Azure Microsoft MVP asaf@cloudvalley.io
- 2. About me 35, Married from Yavne, Israel Cloud Valley CTO P-TSP Azure Microsoft MVP Asaf Nakash asaf@cloudvalley.io https://il.linkedin.com/in/nakash https://www.facebook.com/nakashon https://github.com/nakashon/
- 8. West Europe Germany Northeast** Germany Central** United Kingdom West United Kingdom South North Europe
- 11. "Microsoft’s comprehensive hybrid story, which spans applications and platforms as well as infrastructure, is highly attractive to many companies, drawing them towards the cloud in general.” LYDIA LEONG, GARTNER Industry validation Microsoft a Leader in Gartner Magic Quadrants Public Cloud IaaS (May 2015) Cloud Storage (June 2015) Enterprise Application PaaS (Jan 2014) X86 Server Virtualization (July 2014)
- 12. Azure Compliance Azure has the largest compliance portfolio in the industry United States HIPAA / HITECH FedRAMP JAB P-ATO FIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS21 CFR Part 11 IRS 1075 Section 508 VPAT Industry ISO 27001 PCI DSS Level 1SOC 1 Type 2 SOC 2 Type 2 ISO 27018Cloud Controls Matrix Content Delivery and Security Association Shared Assessments Regional European Union Model Clauses United Kingdom G-Cloud Singapore MTCS Level 3 Australian Signals Directorate Japan Financial Services China Multi Layer Protection Scheme China CCCPPF New Zealand GCIO China GB 18030 ENISA IAF
- 13. >90,000 New Azure customer subscriptions/month 1.5Trillion Messages per month processed by Azure IoT >500Million Users in Azure Active Directory 777Trillion Storage Transactions per day >1.5Million SQL Databases running on Azure >40% Revenue from Start-ups and ISVs Azure momentum
- 14. A cloud you can trust “Businesses and users are going to embrace technology only if they can trust it.” At Microsoft, we never take your trust for granted • We are serious about our commitment to protect customers in a cloud first world. • We live by standards and practices designed to earn your confidence. • We collaborate with industry and governments to build trust in the cloud ecosystem. – Satya Nadella
- 17. Azure Automation Operational Insights Direct DSC and PowerShell Migration and DR Identity
- 20. INTERNET
- 21. Internet IP addresses and load balancing LB
- 22. Reserved IPs can move!
- 23. User Defined Routes (UDR)
- 24. Multiple NICs in Azure VMs
- 26. Connect via an encrypted link over public internet CUSTOMER SITE INTERNET / VPN GATEWAYS MICROSOFT CLOUD PUBLIC INTERNET EXCHANGE PROVIDER PUBLIC INTERNET MICROSOFT CLOUD NETWORK SERVICE PROVIDER WAN MICROSOFT CLOUD
- 27. VPN Gateways for virtual network VIRTUAL NETWORK GATEWAY SKU EXPRESSROUTE GW THROUGHPUT VPN GW EXPRESSROUTE COEXISTENCE VPN GW THROUGHPUT VPN GW MAX IPSEC TUNNELS COST (USD) / HOUR BASIC 500 MBPS NO 100 MBPS 10 $0.04 STANDARD 1000 MBPS YES 100 MBPS 10 $0.19 PERFORMANCE 2000 MBPS YES 200 MBPS 30 $0.49 NOT
- 28. Network Security Groups INTERNET
- 29. VIRTUAL NETWORK VIRTUAL NETWORK VIRTUAL NETWORK
- 31. Blobs Simple named files along with metadata for the file.
- 32. Microsoft Azure Storage Highly durable and scalable Multiple copies of your data Financially backed SLAs Storage for objects, tables, drives Supports REST APIs Availability and DR: Local Redundancy
- 33. West DCEast DC > 400 miles Microsoft Azure Storage Defend against regional disasters. Geo replication Availability and DR: Geo-replication
- 34. Azure storage types Locally Redundant Storage (LRS) Zone Redundant Storage (ZRS) Geographically Redundant Storage (GRS) Read-Access Geographically Redundant Storage (RA-GRS) How it works Makes multiple synchronous copies of your data within a single datacenter Stores three copies of data across multiple datacenters within or across regions. For block blobs only Same as LRS, plus multiple asynchronous copies to a second datacenter hundreds of miles away Same as GRS, plus read access to the secondary datacenter Total copies 3 3 6 6 Why use it For economical local storage or data governance compliance An economical, higher durability option for block blob storage For protection against a major datacenter outage or disaster Provides read access to data during an outage, for maximum data availability and durability Availability SLA 99.9% read/write 99.9% read/write 99.9% read/write 99.9% write 99.99% read https://azure.microsoft.com/en-us/pricing/details/storage/
- 35. Premium storage Virtual machine Disk provisioning Disk provisioning SSD provisioning VM/network provisioning Server SSD Premium storage blobs
- 36. Temporary drive guidance http://blogs.technet.com/b/dataplatforminsider/archive/2014/ 09/25/using-ssds-in-azure-vms-to-store-sql-server-tempdb- and-buffer-pool-extensions.aspx Azure virtual machine C: OS disk E:,F:, etc. data disks D: temporary disk Disk cache
- 37. Oracle CouchDBDB2Postgres MongoDBCassandra RavenDB Azure data management offerings MySQL RedisDocument DB Relational No-SQL MySQL Postgrese SQL DB
- 40. Introducing: Azure Security Center Enable security at cloud speed Gain visibility and control Detect cyber threats Integrate partner solutions
- 41. Provides a unified view of security across all your Azure subscriptions Makes it easy to understand your security posture, including vulnerabilities and threats detected Integrates security event logging and monitoring, including events from partners APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and analyze security information using existing tools Gain visibility and control
- 42. Set security policies for subscriptions and resource groups
- 43. Monitor the security state of resources – quickly identify vulnerabilities
- 44. Gain insight into the security state of subscriptions in Power BI
- 45. Access security data in near real-time from your Security Information and Event Management (SIEM) Public Preview Export Logs Log Analytics/ SIEM Azure Diagnostics Azure Storage Rehydrate: “Forwarded Events” Flat files (IIS Logs) CEF formatted logs Azure Log Integration Standard Log Connector (ArcSigt, Splunk, etc) Azure APIs
- 46. Enable agility with security Tailors security recommendations based on the security policy defined for the subscription or resource group Guides users through the process of remediating security vulnerabilities Enables rapidly deployment of security services and appliances from Microsoft and partners (firewalls, endpoint protection, and more)
- 47. Prioritized recommendations take the guesswork out of security for resource owners
- 48. Integrate partner solutions Recommends and streamlines provisioning of partner solutions Integrates signals for centralized alerting and advanced detection, including fusion Leverages Azure Marketplace for commerce and billing Closes security gaps created by disconnected point solutions
- 49. Easily deploy security solutions from partners and automatically integrate logs
- 50. Continuously analyzes security data from your Azure virtual machines, Azure services (like Azure SQL databases), the network, and connected partner solutions Leverages security intelligence and advanced analytics to detect threats more quickly and reduce false positives Creates prioritized security alerts that provide insight into the attack and recommendations on how to remediate Detect cyber threats
- 51. Prioritized security alerts provide details about the threat detected and suggests steps to remediate
- 52. Alerts that conform to kill chain patterns are fused into a single incident
- 57. In-memory malware and exploit detected using crash analysis
- 59. Outbound SPAM detected using machine learning and threat intelligence
- 62. Resource groups
- 63. What is RBAC •Allows secure access with granular permissions to resources •Assignable to users, groups or service principals •Built-in roles make it easy to get started Role Definitions • Describes the set of permissions (e.g. read actions) • Can be used in multiple assignments Role Assignments • Associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group) • Always inherited – subscription assignments apply to all resources
- 68. MICROSOFT ANALYTICS THIRD PARTY OR ON-PREM TOOLS ANALYZEDOWNLOAD
- 69. VIRTUAL NETWORK
- 71. Thank you! Cloud Valley CTO P-TSP Azure Microsoft MVP Asaf Nakash asaf@cloudvalley.io https://il.linkedin.com/in/nakash https://www.facebook.com/nakashon https://github.com/nakashon/
Editor's Notes
- Technology is omnipresent. It’s shaping how businesses plan for innovation and growth within their markets. The importance of digital transformation is urgent; Since 2000, 52% of Fortune 500 companies are gone due to digital disruption. We see companies responding by creating digital strategies across four core areas: engaging their customers, empowering their employees, optimizing their operations, and transforming their products. Everyone is aware of how important this is. Look at a company like Uber for example. They’ve created a digital model for the taxi industry that has allowed them to surpass every other taxi company by double or more, recently valued at $62.5 Billion. They’ve created a significant shift in an industry that has been largely untouched for decades.
- Why is this transformation important? Let’s take a look at the next few years before us… In 2020, 1 million new devices are expected to come online every hour. The connectivity between people and data is creating billions of new relationships that are driven not only by data but by algorithms that keep customers engaged and buying.* In 2020, the average age of a S&P 500 corporation is expected to be 12 years old. Compare that to the S&P 500 in 1960 when the average age was 60 years old.** By the year 2025, at least 60 percent of computing will be cloud-based, due to “everything-as-a-service” shifting fundamental changes in the IT industry.*** For digital transformation, mobility is the universal catalyst and cloud is the great enabler. How are you planning for digital transformation? Do you have the right people and the right technology in place to build your digital vision? How can you use technology to shape your future? *http://www.gartner.com/newsroom/id/3142917 **http://upstart.bizjournals.com/resources/author/2015/06/04/fortune-500-must-disrupt-or-die-writes-r-ray-wang.html?page=all ***http://www.emersonnetworkpower.com/en-US/Latest-Thinking/Data-Center-2025/Documents/002401_DataCenter2025Report_HR_INTERACTIVE.PDF
- The Azure Security Center will provide unified security and vulnerability management for all your Azure resources.
- Why this Slide: <Insert underlying reason for including this> Key Points: Point 1 Talk Track: Point 1 Transition to NEXT Slide: <Summary/lead-in to next slide>
- – The largest compliance portfolio in the industry, including those that FSI cares about – SOC, PCI and many others. - This means you can do away with auditing your own physical data center and let Microsoft’s do that work for you. - We provide you with our 3rd party certifications and detailed audit reports, letting you focus on the application you build. - Microsoft takes care of our data center security. Microsoft takes care of our data centers’ compliance.
- Trust: reliance on the integrity, strength, ability, surety of a person or thing; confidence. Why is it so challenging? Cybersecurity incidents, data breaches, social hacking, there’s a pervasive threat. Risk versus benefits, might be a lot easier to embrace the status quo Confidence/Trust -> Consumption! In each and every conversation I’ve had about cloud, the conversation has focused on trust. Customers have come to rely upon and trust their environments and get nervous when you suggest that they change. So it’s key that we be able to describe how seriously we take our commitment to trust , at the highest level and throughout our organization.
- There are three major cloud computing patterns in play today—and Microsoft Azure supports all of them. Infrastructure-as-a-Service allows development teams to lift and shift all infrastructure building blocks to the cloud by provisioning, configuring, and managing virtual infrastructure. We will host your infrastructure but you manage it. With Platform-as-a-Service we provide application building blocks and cloud services that allow developers to quickly implement application features without building from scratch. By assembling cloud services, developers can speed up creation and delivery of custom applications and increase efficiency. Visual Studio Online offers innovative cloud services for developers that enable teams to scale quickly and easily by extending ALM workloads to the cloud and enable new scenarios that are not possible with physical infrastructure. Visual Studio Online offers a complete set of developer services, accessible from anywhere—anytime.
- Virtual Machines – select storage, network, OS (or Template), specify the Size and Go! Cloud Services – Package your solution to deploy onto a standardized O/S as highly-available, infinitely-scalable applications and APIs – focus on Apps enabling Autoscale, Deploy 1000s instances in minutes, integrated monitor & loadbalancing, automatic OS and Application patching Web Sites - Deploy and scale modern websites and web apps in seconds (Built-in AutoScale + Loadbalancing) supports Continuous Deployment with Git, TFS, Github, SQL, NoSQL, DocumentDB, Search, MongoDB. CMD Wordpress, Umbraco, Drupal Developer and Operational Efficiency with Automation, Insight, Temaplates, Tools, and thanks Identity – Extend your Active Directory to Azure and provide Role Based Access Control with the same identity you use on-premises. Assign ability to see and modify resources with single identity.
- Azure Virtual Network https://azure.microsoft.com/en-us/services/virtual-network/ Virtual Network Documentation https://azure.microsoft.com/en-us/documentation/services/virtual-network/
- Instance Level Public IP Overview https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/
- Reserved IP addresses for Cloud Services & Virtual Machines https://azure.microsoft.com/en-us/blog/reserved-ip-addresses/ Azure Datacenter IP Address Ranges https://msdn.microsoft.com/en-us/library/azure/dn175718.aspx
- Azure DNS https://azure.microsoft.com/en-us/services/dns/
- User Defined Routes and IP Forwarding https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-udr-overview/
- Multiple VM NICs and Network Virtual Appliances in Azure https://azure.microsoft.com/en-us/blog/multiple-vm-nics-and-network-virtual-appliances-in-azure/ Create a Multi-NIC VM with a Public IP in Azure http://blogs.msdn.com/b/rslaten/archive/2014/11/18/create-a-multi-nic-vm-with-a-public-ip-in-azure.aspx Create a VM with multiple NICs https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-multiple-nics/
- About VPN Devices and Gateways for Virtual Network Connectivity https://msdn.microsoft.com/en-us/library/azure/jj156075.aspx ExpressRoute https://azure.microsoft.com/en-us/services/expressroute/ ExpressRoute Pricing https://azure.microsoft.com/en-us/pricing/details/expressroute/ New Networking features and partnerships for Enterprise scenarios https://azure.microsoft.com/en-us/blog/networking-enterprise/
- Azure Standard VPN Gateway https://azure.microsoft.com/en-us/updates/azure-standard-vpn-gateway/
- Network Security Groups https://azure.microsoft.com/en-us/blog/network-security-groups/ What is a Network Security Group (NSG)? https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
- Key talking points: Virtual networking peering allows direct connectivity between two virtual networks in the same region The mechanism offers significant improvement on Bandwidth and latency since it avoids tunneling or gateways in the path. High bandwidth: (no caps other than the ones that come with VM size), low latency connection between resources in two virtual networks.
- We make 3 copies of data for durability and availability. So if a rack or server goes down, you data is available and accessible. We provide 99.9% SLA for storage. Windows Azure Storage system is the underpinning to everything in Azure that requires storage. The Windows Azure storage system provides a solid robust data platform for different services that make use of it – Blobs, Tables and Drives. Use Blob service for storing large amounts of unstructured data that can be accessed from anywhere in the world via HTTP or HTTPS. A single blob can be hundreds of gigabytes in size, and a single storage account can contain up to 100TB of blobs. Common uses of Blob storage include: Serving images or documents directly to a browser, Storing files for distributed access, Streaming video and audio, Performing secure backup and disaster recovery, Storing data for analysis by an on-premises or Windows Azure-hosted service Tables is a NoSQL datastore which is ideal for storing structured, non-relational data. Common uses of the Table service include: Storing TBs of structured data capable of serving web scale applications, or storing datasets that don’t require a full fledged relational DB. Drives are what are attached to VMs. They automatically provide get the same durability and availability. This differentiates us from other competitive offerings (like AWS) that have less reliable and durable storage systems for their VM instances.
- Additionally, data is asynchronously copied to another datacenter that’s at least 400 miles away. So you can be sure that every piece of data that you store in the Azure Blob is available as well as protected against regional disasters (we call this geo-replication). Geo replication is a unique feature, that differentiates us from competition.
- How Azure pricing works https://azure.microsoft.com/en-us/pricing/details/storage/
- Premium Storage: High-Performance Storage for Azure Virtual Machine Workloads% https://azure.microsoft.com/en-us/documentation/articles/storage-premium-storage-preview-portal/ You can use Premium Storage for Disks in one of two ways: Create a new premium storage account first and then use it when creating the VM Create a new DS-series or GS-series VM While creating the VM, you can select a previously created Premium Storage account, create a new one, or let the Azure Portal to create a default premium account Tip: To leverage the benefit of Premium Storage, create a Premium Storage account using an account type of Premium_LRS first. To do this, you can use the Microsoft Azure Preview Portal, Azure PowerShell, or the Service Management REST API Azure uses the storage account as a container for your operating system (OS) and data disks If you create an Azure DS-series or GS-series VM and select an Azure Premium Storage account, your operating system and data disks are stored in that storage account
- Virtual Machines Documentation https://azure.microsoft.com/en-us/documentation/services/virtual-machines/
- Key talking points: Managed disks is a new feature that is cross cutting. You will see different aspects of it when we discuss security and flexibility improvements later in the presentation. Managed disks simplifies scale by taking away the need for the administrator to know about service limits of storage accounts and ensure that IOPS and throughput capabilities are easy to understand. Managed disks also integrate directly with virtual machine scale sets to automatically scale the front end compute and the backend storage.
- Gain visibility and control Get a central view of the security state of all your Azure resources. At a glance, you could verify that the appropriate security controls are in place. And, you could quickly identify any resources that require attention. Enable secure DevOps Say ‘Yes’ to agility by enabling DevOps with policy-driven recommendations that guide resource owners through the process of implementing required controls – taking the guesswork out of cloud security. Stay ahead of threats Stay ahead of current and emerging threats with an integrated and analytics-driven approach. Detect actual threats earlier and reduce false alarms.
- Key talking points: Today disk management is a fairly complex process. Users must understand service limits of storage accounts and directly manage page blobs in one or more storage accounts to ensure they have enough storage capacity and IOPs. Availability is also an issue as a storage account could potentially be a single point of failure. Managed disks solves the availability problem by ensuring the disks are created on physically separate stamps of storage when provisioned with VMs in an availability set.
- Key talking points: Improved diagnostics and the Network Watcher service will enable monitoring and diagnostics at the network level for virtual machines. These capabilities spread across the spectrum of resource health monitoring, metrics and alerting, diagnostic APIs, a new network monitoring service. Everything geared towards providing you the ability to monitor and diagnose your network infrastructure in Azure. VPN Gateway and Tunnel Health We are announcing the addition of Virtual Private Network (VPN) Gateway and VPN Tunnel resource health, this will provide you real time health information about these resources to gain actionable information on health and outages related to your resource. Application Gateway Metrics We are announcing server performance metrics for Application Gateway, this metric will provide you an aggregated view of the health of your gateway hosts. Enabling you to get a single unified view with total request count, average latency, total failed request count, total throughput, min of unhealthy and healthy host count. NSG and UDR Diagnostics We are also glad to announce improvements to Network Security Group (NSG) and User-Defined Routes (UDR) diagnostics, to troubleshoot network traffic flows on your Virtual Machine (VM)/Network Interface Card (NIC). You can now view all the effective security rules impacting a given VM/NIC, irrespective of whether the NSGs are applied at NIC and/or Subnet. You can also view the full list of effective routes, including system routes, impacting given NIC traffic. All of these APIs will be available in Azure Resource Manager (ARM) and can be managed via REST APIs, .NET SDK, PowerShell cmdlets, command-line interface and Azure portal. Learn more about NSG and UDR diagnostics. Learn more about NSG and UDR Diagnostics . Network Watcher We are also pleased to announce Network Watcher, a service that will enable you to monitor and diagnose conditions at a network scenario level, besides the above mentioned resource level monitoring and diagnostics capabilities. Network diagnostic and visualization tools available with Network Watcher will enable you to take packet captures on a Virtual Machine (VM), help you understand if an IP flow is allowed or denied on your VM, find where your packet will be routed from a VM and gain insights to your network topology. Packet capture capability available to you in Network Watcher will help you diagnose network fault conditions, to monitor your network for security and compliance needs. You will be able fine tune your packet captures by specifying the protocol (TCP, UDP or both), IP address and port ranges, size of capture and storage location to save the capture. Packet captures are stored in a standard PCAP file format to facilitate usage of third party tools to analyze the output. You can store these captures either on the attached VM disk or specify your own blob storage location. Network watcher comes with a tight integration with existing Azure services like OMS. You can now configure OMS hub as one of the destination for storing metric and logs, this will enable you to utilize the existing capabilities of OMS to do analyze and present your metrics and logs.
- Key talking points: Today for all Internet facing Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have external connectivity at least 99.9% of the time. Azure will offer a service level agreement for a single virtual machine when the virtual machine is deployed with SSD backed premium storage.