Post on 22-Dec-2015
transcript
Kako uklopiti oblak u svoju postojeću infrastrukturu?Tomica Kaniški
CITUS d.o.o.tomica@kaniski.info
Agenda• Windows Azure Networking
• Windows Azure Virtual Machines
• Windows Azure Backup
• Windows Azure Hyper-V Recovery Manager
Windows Azure Pricing Calculator• http://www.windowsazure.com/en-us/pricing/calculator/
Windows Azure Networking
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Windows Azure Hybrid and Connectivity Options
Windows Azure ENTERPRISE
Data Synchronization
SQL Data Sync
Application-Layer Connectivity &
Messaging Service Bus
Secure Machine-to-Machine Network
ConnectivityWindows Azure Connect
http://msdn.microsoft.com/en-us/library/windowsazure/jj156007.aspx
Corpnet
Windows Azure Virtual Network• Your “virtual” branch office /
datacenter in the cloud• Enables customers to extend their
Enterprise Networks into Windows Azure
• Networking on-ramp for migrating existing apps and services to Windows Azure
• Enables “hybrid” apps that span cloud/premises
• A protected private virtual network in the cloud
• Enables customers to setup secure private IPv4 networks fully contained within Windows Azure
• IP address persistence
Subnet 2
Subnet 1
Virtual Network Features• Customer-managed private virtual networks within Windows
Azure• “Bring your own IPv4 addresses”• Control over placement of Windows Azure Roles within the network• Stable IPv4 addresses for VMs
• Hosted VPN Gateway enables site-to-site connectivity• Automated provisioning & management• Support existing on-premises VPN devices
• Use on-premise DNS servers for name resolution• Enables customers to use their on-premise DNS servers for name
resolution• Enables VMs running in Windows Azure to be joined to corporate
domains running on-premise (use your on-premise Active Directory)
The Branch Office
The Corp. HQ
IIS Servers
AD / DNS
SQL Servers
Exchange
The „virtual” branch office
The Virtual Network
in Windows AzureS2S VPN Device
S2S VPN Device
S2S VPN tunnel
Gateway
S2S VPN tunnel
Example: Contoso’s Deployment
The Corp. HQ (10.0.0.0/16)
Contoso Test in Windows Azure
(10.2.0.0/16)
Contoso Production VNet in Windows Azure (10.1.0.0/16)
S2S VPN Device
IIS Servers
AD / DNS
SQL Farm
ExchangeBRK Gateway
S2S VPN tunnels10.0.0.1010.0.0.11
131.57.23.120
10.2.2.0/24
10.2.3.0/24
10.2.2.0/24
10.2.3.0/24
65.52.249.2210.1.0.4 10.1.1.4
Supported VPN Device List
Platform OS Family Examples
SRX Series Routers JunOS 10.2+ 210, 650
J Series Routers JunOS 9.4+ 4350
ISG Series Routers ScreenOS 6.2+ SX2
SSG Series Routers ScreenOS 6.2+ 550
Cisco JuniperPlatform OS Family Examples
ASA 5500 Series (Adaptive Security Appliances)
ASA Software 8.4+
5505, 5550
ASR 1000 Series Aggregation Services Routers
IOS XE 2.1+ 1002
ISR Series Integrated Services Routers
IOS 12.2+ 2801, 2901, 2911
Generic VPN devices must support:• IKE v1
• AES 128, 256• SHA1, SHA2
http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx
Gateway redundancy and availability• Only single IPsec tunnel supported per Virtual Network• Gateway tenant on Azure side has 2 instances (active-passive
mode)• Only one public IP(v4) address for tunnel establishment• A pair of VPN devices can be a redundant pair using industry
standard protocols• HSRP• VRRP
DEMOWindows Azure Networking (Site-to-Site VPN)
Site-to-Site VPN with MikroTik… (yes, it works )
Windows Azure Virtual Machines
New Disk Persisted in
Storage
Cloud
Cloud First ProvisioningSelect Image and VM SizeGetting Started
Management Portal
>_Scripting
(Windows, Linux and Mac)
REST API
Boot VM from New DiskWindows Server
Linux
Extra SmallSmallMediumLarge X-Large
Supported Windows Server Applications
http://support.microsoft.com/kb/2721672
Virtual Machine Sizes
Compute Instance Name CPU Cores Memory Price per hour
Extra Small (A0) Shared 768 MB $0.02 (~$15/month)
Small (A1) 1 1.75 GB $0.09 (~$67/month)
Medium (A2) 2 3.5 GB $0.18 (~$134/month)
Large (A3) 4 7 GB $0.36 (~$268/month)
Extra Large (A4) 8 14 GB $0.72 (~$536/month)
A5 2 14 GB $0.40 (~$298/month)
A6 4 28 GB $0.80 (~$596/month)
A7 8 56 GB $1.60 (~$1,192/month)
VM disk layout (1)OS Disk• Persistent• SATA• Drive C:
VM disk layout (2)Temporary Storage Disk• Local (Not Persistent)• SATA• Drive D:
VM disk layout (3)Data Disk(s)• Persistent• SCSI• Customer Defined
Letter
Some tips on BYO Images• Sysprep and “Generalize” is expected• Do NOT put unattend.xml on the disk• Do NOT install the Windows Azure Integration Components!
DEMOWindows Azure Virtual Machines (Portal + App Controller)
Active Directory (on a VM) in Azure? (1)• AD is Supported in Windows Azure Virtual Machines• Capture/Imaging is not supported with DCs• To make a new DC provision a VM and run promote it to be a DC
• Consider cost and deploy according to requirements• Inbound traffic is free, outbound traffic is not• Standard Azure outbound traffic costs apply
• Nominal fee per hour for the gateway itself• Can be started and stopped as you see fit (if stopped, VMs are isolated
from corporate network )• RODCs will likely prove more cost effective
Active Directory (on a VM) in Azure? (1)
The Virtual Networkin Windows Azure
Gateway
SQL ServersIIS Servers
Load BalancerPublic IP
Site to Site VPN Tunnel
On Premises Resources
Contoso Corp Network
IIS Servers
AD / DNS
SQL Servers
Exchange
S2S VPN Device
Contoso.com Active Directory
AD / DNS
AD Auth
Extranet Active Directory
Windows Azure Backup
Windows Azure Backup• Peace of mind – your server is backing up to the cloud!
• Simple to manage• familiar backup tools in Windows Server 2012 R2, Windows Server
2012 R2 Essentials, and the System Center 2012 R2 Data Protection Manager
• Efficient and flexible• incremental backups – only changes to files are transferred to the
cloud• efficient use of storage, reduced bandwidth usage, offers point-in-time
recovery of multiple versions of data• configurable data retention policies, data compression and data
transfer throttling
• How-to („a bit out-of-date” )• http://
blogs.msdn.com/b/mvpawardprogram/archive/2012/11/12/configuring-online-backup-for-windows-server-2012.aspx?wa=wsignin1.0
DEMOWindows Azure Backup
Windows Azure Hyper-V Recovery Manager
Windows Azure Hyper-V Recovery Manager• SaaS application• Hybrid service that allows you to automate and orchestrate
your DR solution
DEMOWindows Azure Hyper-V Recovery Manager
Agenda• Windows Azure Networking
• Windows Azure Virtual Machines
• Windows Azure Backup
• Windows Azure Hyper-V Recovery Manager
Thank you!
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.