Your SlideShare is downloading. ×
Microsoft Azure Hybrid Cloud - Getting Started For Techies
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Microsoft Azure Hybrid Cloud - Getting Started For Techies


Published on

This is my "getting started for techies" presentation on using the Microsoft Azure public cloud to build hybrid cloud solutions in conjunction with Windows Server 2012 R2 Hyper-V and System Center.

This is my "getting started for techies" presentation on using the Microsoft Azure public cloud to build hybrid cloud solutions in conjunction with Windows Server 2012 R2 Hyper-V and System Center.

Published in: Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Hybrid Cloud with Microsoft Azure Aidan Finn
  • 2. About Aidan Finn • Technical Sales Lead at MicroWarehouse • Working in IT since 1996 • MVP (Virtual Machine) • Experienced with Windows Server/Desktop, System Center, virtualisation, and IT infrastructure • @joe_elway • • • Published author/contributor of several books
  • 3. Agenda • What is cloud computing? • Introducing Microsoft Azure • Azure IaaS – Storage – Virtual networking – Virtual machines – Hybrid cloud networking – Azure Site Recovery – Azure RemoteApp • If we have time … System Center & Azure
  • 4. What is Cloud Computing?
  • 5. What is a cloud? • According to NIST (USA National Institute of Standards and Technology), a cloud’s characteristics are: – On-demand self-service – Broad network access – Resource pooling – Rapid elasticity – Measured service • In other words: – More than just virtualization – “Self-service” indicates large size
  • 6. Cloud Models & Deployments Public Cloud Private Cloud Hybrid Cloud SaaS Bing, Office 365,, Google Apps Salesforce Office 365 PaaS Microsoft Azure, Facebook Pivotal CF IaaS Microsoft Azure, Windows Azure Pack, OpenStack, AWS, Google Compute Engine Windows Azure Pack, OpenStack, vCloud Suite Microsoft “Cloud OS”
  • 7. The Cloud OS Microsoft’s vision of the unified platform for modern business: – Transforms the datacenter – Unlocks insights on any data – Empowers people- centric IT – Enables modern business apps
  • 8. HYBRID Cloud • Microsoft Corporation is selling hybrid cloud – On-premises servers still required – Extend facilities into Azure and hosting partner clouds • Run: – Hyper-V + System Center on premises – Hosting partner: Hyper-V + System Center + WAP – Microsoft Azure
  • 9. Introducing Microsoft Azure
  • 10. Microsoft Azure • Microsoft’s public cloud, offering IaaS and PaaS • Based on … Windows Server 2012 Hyper-V – Rumoured to be 17% of global servers sales – Tell me Hyper-V doesn’t scale!!! – One consistent platform for private, public, and hybrid cloud: Hyper-V virtual machines • Incredibly innovative data centres – Signed NDAs so I’ll leave it there 
  • 11. Cloud Scalability • Only 2 clouds can rival Azure for scale (AWS and Google) • Take what you need, never let IT limit business growth • Place services close to customers … everywhere • Local regions: – Europe North: Dublin – Europe West: Amsterdam
  • 12. “Purchasing” Azure • Think of it as a complicated mobile phone/data service – You take what you need and pay for what you use • Three purchasing methods: – Credit card: monthly bill – Enterprise Agreement: pre-paid credit for large enterprises – Open (from August 1st 2014): pre-paid credit for SMEs • Not easy to forecast – Trials and PoCs are important
  • 13. On To The Fun Stuff … Microsoft Azure IaaS
  • 14. Managing Azure • One portal to manage all aspects of Azure IaaS – • New portal on the way – – Health and subscription information more visible • PowerShell cmdlets – Scripting always gives more control – Some features require PoSH, e.g. static IP address • Microsoft Azure Automation – Orchestration based on WAP Service Management Automation (SMA) – PowerShell workflows
  • 15. Management Certificates • Used by tools such as PowerShell to authenticate with Azure • Create certificate public/private pair – Does not need public trust – Use MakeCert • 2 files: – .PFX private file loaded into personal certificate store – .CER public file uploaded to Azure • Install the Azure PowerShell Module – Using the Web Platform Installer – Import-Module Azure
  • 16. Demo – Managing Azure
  • 17. Azure IaaS
  • 18. Microsoft Azure IaaS • Infrastructure services based on: – Web sites > skipping this today due to time and “easy factor” – Storage – Networking – Virtual machines • Solutions based on one or more of those components
  • 19. Fault Domains • Azure is built to cloud scalability • The focus is on service uptime, not server uptime • Imagine a rack that has single: – Power supply – Network connection • Racks are deployed in groups of 3 – One rack can fail/maintenance, others stay online • These are fault domains • A service that lives entirely in a single fault domain will suffer downtime: – Planned maintenance – Unplanned outages (during failover) • Service instances should span multiple fault domains
  • 20. Load-Balanced Sets • Typically deployed when creating multiple instances of an identical web application • For example, the public IP is load balanced on TCP 80 and TCP 443 across multiple web servers • Two objectives: – Increase scalability – Fault tolerance • Internal load balancing (non public tiers) is available now – Only via PowerShell
  • 21. Availability Sets • Virtual machines in the same availability set will reside in different fault domains • Place tiers of a service into availability sets – Example: 3 load balanced VMs – Each VM added to availability set – Each VM is automatically placed in a different fault domain – Host outage/maintenance leaves the service online • Might have availability sets for: – Web tier – Application tier – Data tier • Availability sets required for 99.95% uptime – VM external access
  • 22. Load-Balanced & Availability Sets Rack 1 Rack 2 Rack 3 Public IP Address Availability Set Load-Balanced Set
  • 23. Azure Storage
  • 24. Blobs • Azure stores stuff in blobs – A blob is a multipurpose storage system • We can create blobs to store: – VMs (VHD files only!) – Big data – Templates – Online backup and more • Replicated storage: – Locally redundant (cheapest): 3 copies stored in one region – Geo redundant (default): 3 copies in region + 3 more in neighbouring region – Read-access geo redundant: 3 copies in region + 3 READ ONLY copies in neighbouring region – Zone Redundant Storage (future): 3 copies in one or two regions
  • 25. Demo – Create a Blob
  • 26. Browsing Blobs • Can be done in the portal • Can also use 3rd-party tools to remotely connect to/browse a blob – Similar to an FTP tool – Comparisons: ve/2014/03/11/windows-azure-storage-explorers- 2014.aspx • Requires: – Storage account name – Primary access key
  • 27. Importing LOTS Of Data To Azure
  • 28. Online Backup • Use Azure blobs for backup – Primary backup: Windows Server Backup (W2008 R2 SP1 and later) – Off-site secondary backup: DPM, Commvault, CA • Create a new Recovery Services > Backup Vault • Install PFX/Private certificate on the server that will be backed up • Upload the paired public CER/public cert to the backup vault • Follow vendor specific instructions to enable backup
  • 29. Demo – Azure Online Backup
  • 30. StorSimple • Tired Storage: – Hot: Local SSD – Warm: Local SAS – Cold: Azure blob • 1 GbE iSCSI appliance – Xyratex (Mexico) • NOT A SAN REPLACEMENT – Use for specific roles – Small working set of data
  • 31. Virtual Networking
  • 32. Cloud Service • A high level concept • Has a single public IP address that you can NAT – Known as Virtual IP Address (VIP) – Ports of the VIP are NATed to VMs or load-balancer rules • Think of it this way: – Each isolated service/network should require a cloud service
  • 33. Cloud Service Reserved IP • The VIP is not reserved by default for the cloud service • A VIP remains with a cloud service as long as the cloud service remains operational – Running out of credit will offline a cloud service • You can reserve a VIP – #Reserve a IP New-AzureReservedIP -ReservedIPName EastUSVIP -Label "Reserved VIP in EastUS" -Location "East US" – #Use the Reserved IP during deployment New-AzureVM -ServiceName "MyApp" -VMs $web1 - Location "East US" -VNetName VNetUSEast - ReservedIPName EastUSVIP • Portal management to come in a future release
  • 34. Virtual Networks • Software-defined networking (SDN) – Same concept as Hyper-V Network Virtualization • Carve out your own network and subnets – No need to wait for Azure administrators • Must be in: – – – • Define your own subnet mask and subnets • Example: – Virtual network: – Subnet-1: – Subnet-2: – Subnet-3:
  • 35. Demo – Creating Virtual Networks
  • 36. Virtual Network IP Addresses • First IP address available is .4 • Default gateway is .1 • Azure VMs can have a single NIC • IP addresses are automatically assigned to VMs – Guest OS will think it has a DHCP address – Not actually DHCP – Not static either • IP remains with a VM while it remains operational – Not guaranteed to return to a VM after being offline – Can cause issues with name/IP relationship • Can use PowerShell to statically assign an IP address
  • 37. Persistent Azure VM IP Addresses Requires some PowerShell: 1. Stop-AzureVM -ServiceName “DemoService” -Name “VM01“ 2. Get-AzureVM -ServiceName “DemoService” - Name “VM01” | Set-AzureStaticVNetIP - IPAddress "" | Update-AzureVM 3. Start-AzureVM -ServiceName “DemoService" -Name “VM01"
  • 38. Network Isolation • A virtual network is isolated • You choose what, if any, external ports are opened • Virtual subnets inside of a virtual network are able to route to each other • Isolation inside of a virtual network: – Windows Firewall – IPsec • VNet to VNet connectivity – Enable isolated VNets to route to each other – px
  • 39. Hybrid Cloud Networking
  • 40. Connecting Networks • For all but a few services, disconnected services are useless • Extend your on-premises network into Azure • Have private connection to Azure • Extend on-premises management into Azure • Two options: – Site-to-site VPN – ExpressRoute
  • 41. Site-to-Site VPN • Create encrypted tunnel into an Azure virtual network • Routing between sites • Extend your network into Azure • A number of supporting devices, including Watchguard Watchguard XTM Microsoft Azure On-Premise Internet
  • 42. Site-to-Site VPN Endpoints
  • 43. Create a Site-to-Site VPN • WatchGuard instructions: /Configure-a-VPN-connection-to-a-Windows- Azure-virtual-network/ • Record: – Local Gateway ID: Your public VPN IP – Remote Gateway ID: Azure public VPN IP – Shared Key: The Azure secret VPN key – Local Network IP Address: The local address space – Remote Network IP Address: The Azure address space
  • 44. Site-to-Site VPN Solution • Can take a little while to come online on the Azure end • You have simultaneous: – Direct Internet access – Site-to-Site VPN routing to Azure Virtual Network • Can extend services into Azure – Active Directory – SQL Always On – And much more
  • 45. Pros/Cons of Site-to-Site VPN • Pros: – Quick to deploy – Very affordable – You are in control • Cons: – Local VPN site is bottleneck – That site is also a point of failure – Can’t implement SLA on VPN because it uses public Internet for the tunnel – It routes only virtual network traffic. What about other Azure services?
  • 46. ExpressRoute • Site-to-Site VPN extends your network into an Azure virtual network • Azure data center services are added to your WAN using ExpressRoute partner – Not just virtual networks – Everything: virtual networks, StorSimple, RDS, backup, replication, … • Two flavours of ExpressRoute that use MPLS WANs • Local service providers: – BT: Network service provider – Telecity: Exchange provider
  • 47. ExpressRoute Flavours Public internet Microsoft Azure Public internet Microsoft Azure
  • 48. Pros/Cons of Site-to-Site VPN • Pros: – Includes all Azure services – No single point of network failure – No site is a bottleneck for other sites – Is subject to service provider SLA • Cons: – Requires MPLS contract – More expensive than site-to-site VPN – Slower to deploy
  • 49. Azure VMs
  • 50. What Are Azure VMs? • Pretty much like Generation 1 Hyper-V virtual machines – Single virtual NIC – VHD only • Files stored in a blob • Uses a D: drive for non-persistent data – Do not delete or use this drive • Add additional drives for data – Examples: SQL database, AD database files • Can store application data on SMB 2.01 shared folders – Example: IIS shared content • More supported versions of Linux than Windows!!!
  • 51. Deploying Azure VMs? Multiple options: • Deploy VMs from Azure gallery • Create a template in Azure machines-capture-image-windows-server/ • Upload a custom template into Azure machines-create-upload-vhd-windows-server/ • From vSphere to Azure using MVMC 2.0 migrate-a-vmware-vm-to-azure-iaas/ • Upload a Hyper-V virtual machine machine-to-windows-azure-with-powershell/
  • 52. Antivirus
  • 53. Demo - Deploying an Azure VM
  • 54. • Myth: “Why would I put my applications in the cloud where anyone can get at them?!” – You decide what services are publicly visible – No different to what you do now • We configure Endpoints to NAT ports through the cloud service VIP (public IP address) • Examples: – VIP:TCP80 -> – VIP:TCP21 -> – VIP:TCP443 -> • You can close everything for complete privacy • By default, VMs created in the portal will have these open: – TCP 5986 (PowerShell remote administration) – TCP 3389 (Remote Desktop) Endpoints
  • 55. Demo – Endpoints & Load Balanced Sets
  • 56. • Advanced configuration options: – Change a virtual machine’s specification • Tier: Basic/Standard • Size • Availability set – Monitoring (Preview) • Test a cloud service’s web app from multiple global locations • Monitoring VMs – High level metrics utilization – Between 1 hour and 7 days of data Configuring & Monitoring VMs
  • 57. Demo – Configure & Monitor VMs
  • 58. • Services can have increases/drops in demand • Cloud is elastic – Quickly grow/shrink – Very affordable compared to on-premise capital + operational expenditure • Autoscaling enables you to: – Deploy & configure lots of virtual machines – Add them to an availability set – Turn on/off VMs based on demand – Note: powered off VMs only have a storage cost Autoscaling VMs
  • 59. • Normally VMs use cloud service VIPs and Endpoints to be publicly accessible • Not all services work well with NAT • In preview today, you can reserve a public IP address for a VM – No longer using NAT behind the cloud service VIP – Maybe publish FTP – Monitor publicly accessible VMs via public IP • Only available via PowerShell – Requires new VMs and new virtual networks Instance-Level Public IP Address
  • 60. Azure Site Recovery
  • 61. • Problem: DR/BC is expensive • Partial solution: Hyper-V Replica – Async VM replication built-into all versions of 2012 and later Hyper-V • Problem: DR sites are expensive – Solution: Use Azure Site Recovery (ASR) • Preview starting June 2014 DR-as-a-Service (DRaaS)
  • 62. • ASR is built on Hyper-V Recovery Manager (HRM) • HRM offers orchestration of Hyper-V Replica between two sites – Even two privately owned sites • Problems: – HRM is expensive: €11.92/protected VM/month – Requires SCVMM to be deployed on premises • Licensing too expensive for most SMEs • Consultants failing to deploy/configure SCVMM properly for those who can afford it DR Orchestration
  • 63. Azure Automation
  • 64. • Very similar to WAP Service Management Automation (SMA) • Create runbooks – PowerShell workflows – PowerShell is in everything Microsoft – Tip: Learn PowerShell or hit your career ceiling now • Automate actions in the cloud and on-premises via hybrid cloud • Doing something twice? – Automate it – Time investment up front will pay dividends – The more you do it, the easier it gets Orchestration in the Cloud
  • 65. Azure Remote App
  • 66. • Client/Server programs will eventually become web services driven mobile apps • Until then, we need to support traditional desktop apps – For cloud-based services – On cross-platform devices • You can deploy RDS in Azure VMs – Requires RDS SALs through SPLA licensing • Or you can deploy “Mohoro” aka Azure Remote App – A multi-tenant RDS farm in the cloud run by Microsoft – Currently in preview – Clients include Windows, Android, iOS, and Mac OS X RDS In The Cloud
  • 67. One Piece Of Advice
  • 68. • Forget releases every 3 years – Windows Server & System Center out every 12-18 months – vNext expected in April 2015 • With Azure it’s more like every few weeks • Microsoft now doing “sprint development” • Features announced on Azure & ScottGu blogs • Learning has never been as important – Forget traditional learning sources – If you work for a MSFT partner, then watch for news from MicroWarehouse Learning
  • 69. And If We Have Time … System Center
  • 70. • Orchestrator – Add a subscription to the portal – Enable end users to deploy VMs under IT management • Operations Manager – Azure Management Pack: Monitor your Azure subscription – Global Service Monitoring: Monitor web services from Microsoft data centers – System Center Advisor: Additional monitoring from the cloud • Data Protection Manager – Azure Online Backup: Using blobs for secondary storage • Windows Azure Pack – Azure AD authentication via ADFS: Scale-out identity • Configuration Manager – Windows Intune: Cloud-based mobile device/app management – Cloud-based distribution point: Internet-based clients System Center & Microsoft Azure
  • 71. Thank you! Aidan Finn, Hyper-V MVP Technical Sales Lead, MicroWarehouse Ltd. Twitter: @joe_elway Blog: Petri IT Knowledgebase: