Post on 21-Jun-2020
transcript
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Your Journey To Azure
Infrastructure In Three
Steps
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Thank you Sponsors #ThriveITconf
Silver
Evening event sponsor
Material
Media
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Today
0. Organizing Subscription Resources
1. Networking
2. Compute
3. Storage
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Organizing SubscriptionResources
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure Networking
* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com
APP SERVICES
NETWORKING & AUTOMATION SERVICES
COMPUTE SERVICES DATA SERVICES
Azure
Web
Site
web
roles
worker
roles
Virtual
Machines
Azure
Mobile
Services
TFS or
VS Online
+ GIT
Azure
AD
Multi-Factor
Auth
Azure
Cache
Access
Control
BizTalk
Services
Media
Services
Service
Bus
Notification
Hub
Scheduler
Virtual
network
Automation CDNAvailability
Set
Azure load
balancer
Auto-
scale
Traffic
ManagerNetworking, compute, storage, app services, automation, disaster recover, dev, test…
On Premises Private Cloud
AutomationHealth Monitoring
Site-to-site VPNPoint-to-site VPN
ExpressRoute
SANStorage
Spaces/SMB
Server Group #1 Server Group #2
VIRTUALIZATION
COMPUTE,
STORAGE &
NETWORKING
Physical Infrastructure
(Servers/Storage/Networking
DEVICES &
FACILITIES
StorSimple
Cloud Integrated Storage
Azure Site
Recovery
StorSimple
Virtual
Appliance
Backup
Service
Gallery
OS images
VHD VHD data
disk
MySQL
database
SQL
Database
SQL
Data
Sync
HDInsight
(Hadoop)
storage
queue
storage
blob
storage
table
File ServerExchangeActiveDirectory
My SQL OracleLOB AppCommercial
AppSQL
APPLICATIONS &
SERVICESJEE App .NET App
Azure
Azurevirtual network
Users
Internet
Front-end access
Dynamic/reserved public IP addresses
Direct VM access, ACLs for security
Load balancing
DNS services: hosting, traffic management
DDoS protection
Virtual network
“Bring your own network”
Segment with subnets and network security groups
Control traffic flow with user defined routes
Backend connectivity
Point-to-site for dev/test
VPN Gateways for securesite-to-site connectivity
ExpressRoute for private enterprise-grade connectivity
Microsoft Azure
External Load Balancer
Internal Load Balancer
Database Servers VMs
Web Servers VMs
Front-end Subnet
Back-end Subnet
Azure Infrastructure
DNS
DC VM
Virtual Network
Enterprise
Router
Firewall
External Load Balancer
Internal Load Balancer
Database Servers
Web Servers
DMZ
Internal
An IP network but – in the cloud
The “same” as its on-premises twin-sister
A protected private virtual network in the cloud
The foundation for connectivity
The foundation for security
Microsoft Azure
Load Balancer
Load Balancer
Virtual Machines
Virtual Machines
Subnet 1
Subnet 2
Azure Infrastructure
VMs
VMs
Virtual Network
Create your own network, tailored to your needs
Logical isolation with control over network
Create subnets with your private or public IP address spaces
Use your own DNS or use Azure-provided DNS
Secure VMs with Network Security Groups
Have highly available services behind load balancer
Two types of IP addresses:Public
Private
Dynamic / Static
Dynamic (default) and Static allocation typeDynamic
• Not allocated when creating a resource
• Changed/released when you stop or delete the resource
• Changes when a resource starts
• From a pool of addresses
Static
• Address assigned when you create a resource
• Stays the same
• Deleting a resource or changing to dynamic releases the allocation
• Using: SSL certificates, IP security, keep DNS A RR’s the same, firewall rules
For internet traffic and Azure public exposed services, e.g. Azure Storage, SQL databases, Redis Cache
Virtual Machines
Exposed Load Balancers
VPN Gateways
Application Gateways
Have their own properties you can manage
DNS resolution for resolving FQDN to public IP of the resource (domainnamelabel.location.cloudapp.azure.com)
(Hint: use CNAME to customize the FQDN)
Assigned to Azure Load Balancer frontend (dynamic only)
Assigned to Application Gateway frontend (dynamic only)
https://www.microsoft.com/en-us/download/details.aspx?id=41653
Private IP address space:Standard IP address ranges (RFC 1918):
10.x.x.x (10.0.0.0/8 or 10.0.0.1-10.255.255.255)
172.16.x.x – 172.31.x.x (172.16.0.0/12 or 172.16.0.1- 172.31.255.255.)
192.168.x.x (192.168.0.0/16 or 192.168.0.1-192.168.255.255)
Avoid overlap with on-premises and other VNets
IP Subnets:The smallest supported size is /29
Use them to separate groups of virtual machines:
Security (Network Security Groups)
Name resolution:Azure DNS
Custom DNS
Dynamic (default) and Static allocation typeDynamic
• Change when you stop or delete the resource
• Using DHCP
Static
• Address assigned when you create a resource
• Stays the same
• Deleting a resource or changing to dynamic releases the allocation
• Using: SSL certificates, IP security, keep DNS A RR’s the same, firewall rules
For internal traffic, within Virtual Networks
Internal Load Balancers
Application Gateways
Using VPN Gateway for on-premises connectivity
ExpressRoute connectivity
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure Compute
VM Type Sizes Description
General Purpose B, Dsv3,
Dv3, DSv2,
Dv2, Av2
Balanced CPU-to-memory ratio. Ideal for testing and development, small to
medium databases, and low to medium traffic web servers.
Compute
Optimized
Fsv2, Fs, F High CPU-to-memory ratio. Good for medium traffic web servers, network
appliances, batch processes, and application servers.
Memory
Optimized
Esv3, Ev3,
M, GS, G,
DSv2, Dv2
High memory-to-CPU ratio. Great for relational database servers, medium to
large caches, and in-memory analytics.
Storage Optimized Ls High disk throughput and IO. Ideal for Big Data, SQL, and NoSQL databases.
GPU NV, NC,
NCv2, NCv3,
ND
Specialized virtual machines targeted for heavy graphic rendering and video
editing, as well as model training and inferencing (ND) with deep learning.
Available with single or multiple GPUs.
High Performance
Compute
H Our fastest and most powerful CPU virtual machines with optional high-
throughput network interfaces (RDMA).
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure Storage
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Storage Services
• Offer four primary types of storage:• Blobs: VM disk files (VHDs) and unstructured data (images, media files, backups)
• Are available as block, page (VHDs), and append blobs.
• Tables: a semi-structured, NoSQL data store• Store massive amounts of row formatted data, facilitating lookups based on the partition and row
keys
• Queues: temporary message store• Facilitate decoupling components of distributed systems
• Files: managed file shares providing access via SMB 3.0
• An Azure Storage account:• serves as a logical boundary for storing different types of storage content
• can be configured as:• General purpose v1 – supports all four storage types but not storage tiers
• General purpose v2 – supports all four storage types and storage tiers (hot, cool, and archive)
• Blob storage – supports only block and append blobs and storage tiers (hot, cool, and archive)
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Azure Storage Accounts
Storage (general purpose v1):• Can contain blobs (including Azure VM disks), tables, queues, files• Supports performance tiers: Standard and Premium
Blob storage:• Can contain blobs only• Supports access tiers: hot, cool, archive
Storage V2 (general purpose v2):• Can contain blobs (including Azure VM disks), tables, queues, files• Supports performance tiers: Standard and Premium • Supports access tiers: hot, cool, archive• Support upgrade from:
• Blob storage
• Storage (general purpose v1)
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Standard and Premium Storage Accounts
Performance tiers:• Standard:
• Best for workloads that do not require high performance I/O
• Offer the lowest cost per GB
• Backed by magnetic drives (HDD)
• Premium (available exclusively for provisioning Azure VM disks):• Best for I/O-intensive workloads, such as databases.
• Offer consistent low-latency, high throughput/IOPS
• Backed by solid state drives (SSD)
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Blob Storage
• Azure Storage types accessible directly from Azure VMs include:• Files
• Blobs
• Disks
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Replication Options
• Locally-redundant storage (LRS):• The only replication option when using Premium performance tier
• Zone-redundant storage (LRS):
• Geo-redundant storage (GRS)
• Read-access geo-redundant storage (RA-RGS)
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Locally Redundant Storage
Copies:• 3 in the same Azure facility
Strategy:• Data replicated synchronously across 3 replicas in the same Azure facility
Protection:• Localized hardware failures
Additional considerations:• LRS is an economical option if your data can be easily reconstructed
• LRS is the only available option if you use the Premium performance tier
• When using LRS, you should plan for an alternative recovery strategy
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Geo-Redundant Storage
Copies:• Total of 6, with 3 per Azure region.
Strategy:• Data replicated synchronously across 3 replicas in the same Azure facility
• Data replicated synchronously within each region and asynchronously across regions.
Protection:• Localized hardware failures and region-wide disasters
Additional considerations:• With GRS, data in the secondary region becomes available for reads and writes
(via the primary endpoint) only after Microsoft initiates a failover from the primary region.
• With RA-GRS, data in the secondary region is always available for reads (via the secondary endpoint). It becomes available for writes (via the primary endpoint) only after Microsoft initiates a failover from the primary region.
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
Zone Redundant Storage
Copies:• 3 across different Azure facilities in separate zones in the same region.
Strategy:• Data replicated synchronously across 3 replicas in separate zones in the same
region.
Protection:• Localized hardware failures and failures of individual facilities
Additional considerations:• ZRS is not yet available in all regions.
• ZRS may not protect your data against a regional disaster where multiple zones are permanently affected.
• ZRS does not support Azure VM disk files
10TH ANNUAL CONFERENCE ABOUT MODERN IT TECHNOLOGIES
THANK YOU