Post on 19-Jun-2015
description
transcript
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Jason ClarkeAzure Product managerMicrosoft Corporation
The Basics of Getting Started with Microsoft Azure: Storage, Networking, and Compute
Disruptive Force ENABLES IT AS A SERVICE
Insights and availability
Application Management
Infrastructure management
Infrastructure foundation
Agreement
Consumer - Business
Producer -IT
PRIV
SPH
PUBLIC
IO +
Implemented by WS 2012, SC 2012, Azure
Microsoft’s Private and Public CloudPrivate PublicCommon
TechnologiesService
ProvidersCommon
Technologies
IdentityVirtualizatio
n Managemen
t Developmen
t
Virtualization Virtualization Virtualization
IdentityVirtualizatio
n Managemen
t Developmen
t
Windows Server 2012 –CLOUD OS
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
How Did We Get Here?
2007 Project Red Dog Launched
PDC’08Windows Azure CTPWeb/Worker RolesPartial Trust .NET Only
11-’09Full trust/Native PHP & Java Support
2-’10Windows Azure RTM
11-’10VM Role, ConnectAdmin ModeStartup TasksFull IISRemote Desktop
11-’11Cross Language SDKsJava, Node.JSEclipse Plugin
4-’13Virtual MachinesVirtual Networks
Windows Azure Services - Compute• Virtual Machines
• Use Virtual Machines to provision on-demand, scalable compute infrastructure when you need flexible resources. You can create VMs that run Windows, Linux, and enterprise applications. Or, capture your own images to create custom VMs.
• Mobile Services• Windows Azure Mobile Services provides a scalable cloud backend for building Windows Store,
Windows Phone, Apple iOS, Android, and HTML/JavaScript applications. Store data in the cloud, authenticate users, and send push notifications to your application within minutes.
• Web Sites• Host web apps in a scalable, reliable environment. Use frameworks and templates to create web
sites in seconds. Choose from source control options like TFS, GitHub, and BitBucket. Use any tool or OS to develop your site with .NET, PHP, Node.js or Python.
• Cloud Services• Deploy and manage powerful applications and services with Cloud Services. Upload your
application and Windows Azure handles the deployment details - from provisioning and load balancing to health monitoring for continuous availability.
Windows Azure Services - Data• Storage
• Store and access data with Windows Azure Storage services. Use blobs to store unstructured binary and text data. Use queues to store messages that a client can access. Store non-relational structured data in tables.
• HDIsight• Process, analyze, and gain new insights from big data using the power of Apache Hadoop• Gain actionable insights by analyzing unstructured data, and drive decisions with Windows
Azure HDInsight, a big data solution powered by Apache Hadoop. Build a Hadoop cluster in minutes when you need it, and tear it down once you run your MapReduce jobs. Choose the right cluster size to optimize for computation speed or cost. Analyze unstructured data in Excel and with PowerPivot and Power View. Choose your language, including Java and .NET. Query and transform data through Hive.
• SQL Database• Use SQL Database for business applications, sophisticated cloud-based services, or
hybrid solutions. Share data between SQL databases or between an on-premise instance of SQL Server and a Windows Azure SQL database.
Windows Azure Services - Data• Cache
• High throughput, low-latency data access to build fast, scalable applications• Build highly responsive applications using a distributed cache that scales independently
from your application. Use the Cache Service with Web Sites, Cloud Services, or applications hosted on Virtual Machines
• Recovery Services
• Configure automated server backups; orchestrate recovery of private clouds• Use the services in the Recovery Services category to protect your data and clouds.
Hyper-V Recovery Manager helps you automate protection and orchestrate recovery for your private clouds. Backup lets you move your backups into the cloud and automate them.
Windows Azure Services – APPS• Media Services
• Create, manage and distribute content• Target any device or media format• Ingest, Encode, Protect, Stream
• Service Bus• Keep your apps connected across private and public cloud environments• Service Bus is a messaging solution for applications. It sits between components of your
cloud app or between your cloud and on-premises applications and enables them to exchange messages in a loosely coupled way for improved scale and resiliency.
• Notification Hubs• Keep your apps connected across private and public cloud environments• Service Bus is a messaging solution for applications. It sits between components of your
cloud app or between your cloud and on-premises applications and enables them to exchange messages in a loosely coupled way for improved scale and resiliency.
Windows Azure Services – APPS• Bitalk Services
• Seamlessly integrate the enterprise and the cloud with BizTalk Services• Use the integration capabilities of BizTalk Services to extend on-premises applications to
the cloud. Process and transform messages, use business-to-business messaging, and integrate with applications in the cloud and on-premises.
• Active Directory• Manage identity and access of services and applications• Active Directory enables developers to implement single sign-on for enterprise and
software-as-a-service applications and to integrate with on-premises Active Directory. Administrators can use the cloud-based store for directory data and core identity services.
• MFA• Enable added authentication for cloud and on-premises applications• Multi-Factor Authentication helps safeguard access to your data and applications. Users
must also authenticate by using a mobile app or by responding to an automated text message or phone call before access is granted.
Windows Azure Services – Networking • Virtual networks
• Configure and monitor virtual networks in Windows Azure• Use Virtual Network to connect your cloud infrastructure to your on-premises
datacenter, to connect cloud applications hosted in a hybrid environment, and to connect development computers and virtual machines in Windows Azure.
• Traffic manager• Distribute user traffic to similar hosted services within the same data center or in
different data centers.• Use Traffic Manager as part of your overall networking solution - Traffic Manager applies
an intelligent policy engine to the DNS queries on your domain names so that you can send traffic to the best data center for performance, business continuity, price, compliance, legal, or tax purposes.
• CDN• Configure and monitor virtual networks in Windows Azure• Use Virtual Network to connect your cloud infrastructure to your on-premises
datacenter, to connect cloud applications hosted in a hybrid environment, and to connect development computers and virtual machines in Windows Azure.
Windows Azure Roadmap
Click to launch
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Windows Azure IaaSIT Pro experience
Support for key server applications
Easy storage manageability
High availability features
Advanced networking
Integration with compute PaaS
If it requires a developer, it’s not IaaS
Integration Heterogeneity Security
On-premises and Cloud
Broad and flexible
Secure and reliable
Enterprise ready by design.
delivers.
On-premises AND cloud
Trustworthy
Open, Broad, Flexible
data
servicestableHDInsight
blob storage
SQL database
app
services
media
hpcintegratio
n analytics
caching identityservice
bus
web sitesmobile
services
cloud services
infrastructure
servicescdn
virtual machines
virtual network vpn
traffic manager
Apps
virtual network
tablecloud services
caching identitydata
servicestableHDInsight
blob storage
SQL database
app
services
media
hpcintegratio
n analytics
caching identityservice
bus
web sitesmobile
services
cloud services
infrastructure
servicescdn
virtual machines
virtual network vpn
traffic manager
virtual network
data
servicestableHDInsight
blob storage
SQL database
app
services
media
hpcintegratio
n analytics
caching identityservice
bus
web sitesmobile
services
cloud services
infrastructure
servicescdn
virtual machines
virtual network vpn
traffic manager
Azure datacenters,your datacenters.
vpn
virtual network
virtual machine
s
vpn
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
How Did We Get Here?
2007 Project Red Dog Launched
PDC’08Windows Azure CTPWeb/Worker RolesPartial Trust .NET Only
11-’09Full trust/Native PHP & Java Support
2-’10Windows Azure RTM
11-’10VM Role, ConnectAdmin ModeStartup TasksFull IISRemote Desktop
11-’11Cross Language SDKsJava, Node.JSEclipse Plugin
4-’13Virtual MachinesVirtual Networks
Worker Role (PaaS) Virtual Machine (IaaS)
Storage Non-Persistent Storage Persistent StorageEasily add additional storage
Deployment
Stock VHDs Build VHD directly in the cloud or build the VHD offsite and upload
Networking
Internal and Input Endpoints configured through service model.
Internal Endpoints are open by default.Access control with firewall on guest OS. Input endpoints controlled through portal, service model or API/Script.
Primary Use
Stateless scale-out applications Applications that require persistent storage to easily run in Windows Azure.
Virtual Machines: IaaS vs PaaS
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Windows Azure Virtual Machines key requirements
IT Pro experience
Support for key server applications
Easy storage manageability (hybrid cloud)
High availability features
Advanced networking
Integration with compute PaaS
If it requires a developer, it’s not IaaS
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Demo create VM
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Images AvailableWindows Server (2008+)
SQL Server
BizTalk Server
SharePoint
Ubuntu
OpenSUSE
CentOS
SUSE Linux Enterprise Server
VM Depot
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
End-to-End Support Status – Server Applications
http://support.microsoft.com/kb/2721672
Product StatusSharePoint (2010 and 2013) Supported
SQL Server (2008 and later) Supported
BizTalk (2013) Supported
Project Server Supported
Dynamics NAV Supported
System Center (2012 SP1)AppController, OM, Orchestrator, App-V, Service Manager
Supported
Dynamics GP Supported
Team Foundation Server Supported
Exchange Server In validation
Dynamics CRM In validation
Dynamics AX In validation
22
Virtual Machines and Cloud Services
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Cloud Services, Roles and InstancesCloud Service is a management, configuration, security, networking and service model boundary
VM1 VM2 VM3
VM4 VM5 VM…
INS
TA
NC
ES
RO
LES
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Virtual Machines“Standalone” Virtual Machines are Cloud Services roles with exactly one instance
VM
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Connected Virtual MachinesMultiple Virtual Machines can be hosted within the same cloud service
VM VM
Virtual Machine Images, Disks and Storage
Base OS image for new Virtual Machines
Sys-Prepped/Generalized/Read Only
Created by uploading or by capture
Writable Disks for Virtual Machines
Created during VM creation or during upload of existing VHDs.
Images and DisksOS Images
MicrosoftPartner User
Disks
OS Disks Data Disks
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Virtual Machine Sizes
Each Persistent Data Disk Can be up to 1 TB
VM Size CPU Cores Memory# Data Disks
IOPs
Extra Small Shared 768 MB 1 500
Small 1 1.75 GB 2 2x500
Medium 2 3.5 GB 4 4x500
Large 4 7 GB 8 8x500
Extra Large 8 14 GB 16 16x500
A5 2 16 GB 8 8x500
A6 4 28 GB 16
A7 8 56 GB 16 16x500
New
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Disk Caching
Disk Type Default Supported
OS Disk ReadWrite ReadOnly and ReadWrite
Data Disk None None, ReadOnly and ReadWrite
Modify using Set-AzureOSDisk or Set-AzureDataDisk
Windows Azure Storage
Disk Storage• Images and disks are stored as Windows Azure Storage Blobs• Data is triplicated • All existing storage tools just work
4. Back up encrypted data
2. Install agent
1. Sign up
Window Server 2012
3. Register a
nd
configure
5. Recover to the same or a different server ` Small business or branch office
How Windows Azure Backup works
4. Back up encrypted data
2. Install agent
1. Sign up
3. Register a
nd
configure
5. Recover to the same or a different server
How Windows Azure Backup works
Enterprises with System CenterSystem Center
DPM Server
Security
• Only you have your key.• Data cannot be recovered without your key.• Microsoft does not have your key.
…encrypted on the network…
… and remains encrypted while stored.
Data is encrypted on-premises…
Virtual Machine Availability
Service Level Agreements
99.9% for single role instances8.75 hours of downtime per year
What’s includedCompute Hardware failure (disk, cpu, memory)Datacenter failures - Network failure, power failureHardware upgrades, Software maintenance – Host OS Updates
What is not includedVM Container crashes, Guest OS Updates
99.95% for multiple role instances4.38 hours of downtime per year
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
How Does this Relate to SLA in IaaS
SLA 99.95
SQL Server
Primary
SQL Server
Secondary
Availability set
Fault and Update Domains
Fault DomainsRepresent groups of resources anticipated to fail togetheri.e. Same rack, same serverFabric spreads instances across fault at least 2 fault domains
Update DomainsRepresents groups of resources that will be updated togetherHost OS updates honour service update domainsSpecified in service definitionDefault of 5 (up to 20)
Fabric spreads role instances across Update Domains and Fault Domains
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
High availability features
Physical Machines
Power UnitRack Switch
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
High availability features
Physical Machines
Power UnitRack Switch
Availability Set
VM1
VM1 VM2 VM2
Availability SLA: 99.95%
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Rack
Fault and Update Domains
RackUD #1
UD #1
UD #2
UD #2
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Virtual Machine Availability SetsUpdate Domains are honored by host OS updates
RackRack
Windows Azure Networking
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Virtual Machine Names and DNS
Bring your own DNS serverUse your on-premise DNS serversDeploy a DNS server in Windows AzureUse public DNS services
Windows Azure provided DNS Resolves VMs by name within the same cloud serviceMachine names are modeled explicitly and registered in the DNS service
Full control over machine names
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Protocols and Endpoints
Port Forwarded EndpointsDirect communication to multiple VMs in the same cloud app
Support for All IP-Based Protocols (VM to VM)Instance-to-instance communicationTCP, UDP and ICMP, dynamic ports (RPC’s)
UDP Traffic Supported in WALoad-balanced incoming traffic and allows outbound traffic
Custom Load Balancer Health ProbesHealth check with probe timeoutsHTTP based probing, allowing granular control of health checks
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
EndpointPublic PortLocal PortProtocol (TCP/UDP)NameACL
Port Forwarding Input EndpointsCloud App/Hosted Service
Single Public IP Per Cloud Service
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Load Balanced SetsEndpoint SetPublic PortLocal PortProtocol (TCP/UDP)NameACL
Cloud App
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
High availability features
Physical Machines
Power UnitRack Switch
Availability Set
VM1
VM1 VM2 VM2
Load-Balanced Set
Load Balanc
er
Availability SLA: 99.95%
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Load Balancer Custom ProbesLoad Balancer ProbeSet NameProtocol (TCP)Probe PortProbe Path(/healthcheck.aspx)
Looks for HTTP 200
Cloud App
MICROSOFT CONF IDENTIAL – INTERNAL ONLY
Cross-premise ConnectivityCLOUD ENTERPRISE
Data SynchronizationSQL Azure Data Sync
Application-layer Connectivity &
Messaging Service Bus
Secure Point-to-Site Network Connectivity
Windows Azure Virtual Network
Secure Site-to-Site Network Connectivity
Windows Azure Virtual Network
Windows Azure Virtual Network
Your “virtual” branch office/datacenter in the cloudEnables customers to extend their Enterprise Networks into AzureNetworking on-ramp for migrating existing apps and services to Windows AzureEnables “hybrid” apps that span cloud and their premises
A protected private virtual network in the cloud
Enables customers to setup secure private IPv4 networks fully contained within Windows AzureIP address persistenceInter-service DIP-to-DIP communication
Windows Azure
VM 1 VM 2
ROLE 1Subnet 2
Subnet 1
Connecting Cloud Services with VNET
Protect virtual machines from the open Internet
Note: Windows Azure provided DNS does not span cloud services
Direct Access
via VNET
SQLSubnet (10.1.0.0/16)
Load Balancer
80
IIS Virtual Machines
Cloud Service1
Cloud Service 2
SQL Mirror
ContosoVNet (10.0.0.0/8)
FrontEndSubnet (10.0.0.0/16)
Events Manager – VNET Joined
VNET Provides Direct Network Access
FrontEndSubnet (10.3.1.0/24)
BackEndSubnet(10.3.3.0/24)
IIS Servers
Fabrikam-CloudSvc
Fabrikam-CloudApps
SQL Mirror
DNSSubnet(10.3.2.0/24)
APPVNET – Virtual Network (10.3.0.0/16)
S2S VPN Device
AD / DNSS2S VPN Tunnel
Virtual Network Gateway
Corp-OnPrem(192.168.1.0/24)
192.168.1.6 (Local AD)
Fabrikam-CloudDC
ADData
Acce
ss
Auth
Connecting Cloud Services with VNETStrengths
More Secure
Low Latency
Cloud Service Autonomy
VIP Swap (stateless roles)
Advanced Connectivity Requirements
WeaknessesVNET Complexity
No Windows Azure provided DNS
Direct Access
via VNET
FrontEndSubnet (10.0.0.0/16)
SQLSubnet (10.1.0.0/16)
Load Balancer
80
WA Web Role
Cloud Service1
Cloud Service 2
AD
SQL Mirror
AD Subnet
(10.2.0.0/16)
ContosoVNet (10.0.0.0/8)
Events Manager – VNET Joined
VNET Provides Direct Network Access
FrontEndSubnet (10.3.1.0/24)
BackEndSubnet(10.3.3.0/24)
Fabrikam-CloudSvc
Fabrikam-CloudApps
SQL Mirror
DNSSubnet(10.3.2.0/24)
APPVNET – Virtual Network (10.3.0.0/16)
S2S VPN Device
AD / DNSS2S VPN Tunnel
Virtual Network Gateway
Corp-OnPrem(192.168.1.0/24)
192.168.1.6 (Local AD)
Fabrikam-CloudDC
AD
WA Web Roles Auth
Data
Acce
ss