Стачка, Ульяновск. Мастер-класс "Инфраструктура в облаке"


Published on

Виртуальные машины и сети. VPN между облаком и рабочем местом. Кластеры и решение задач HPC и Big Data по запросу.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • But as you think about using the public cloud, there are some top of mind issues you have to reckon with. If you’re like most organizations, you have your existing servers and IT infrastructure (either on-premises in your own datacenters or in 3rd part colocation facilities). You also have an IT staff to manage these assets. So as you think about using the public cloud, you’re not thinking of it in a silo – ideally where possible you’d want to integrate the public cloud with existing IT, manage it no differently, and even have applications with parts running on and off-premises. Latest IDC findings show 40% of enterprises are already adopting hybrid clouds today (source - http://www.infosys.com/newsroom/press-releases/Pages/cloud-ecosystem-integrator.aspx).  You’re also probably running a variety of OSs, databases, middleware and toolsets from multiple IT vendors. Your developers are proficient in multiple languages and your apps are written in multiple languages and frameworks. In other words, your IT environment is complex and heterogeneous. And you want to make sure the  cloud you choose is able to handle your heterogeneous needs.  Next you have to abide by a bunch of security and compliance initiatives. The rest of the business trusts your IT org to run apps in a secure and reliable manner. So you want to make sure the public cloud platform and the vendor who provides the service is using is trustworthy, i.e. has the right experience and expertise, and has necessary SLAs, and security controls in place.
  • Let’s see what you as enterprise customers uniquely expect from a public cloud platform. These are “must haves”: Integration – So you can integrate with your existing apps and infrastructure. Heterogeneity - So you can continue to support multiple languages, frameworks, OSsSecurity – So you continue to run your enterprise apps securely and reliablyWindows Azure, our public cloud offering, addresses these needs. Windows Azure is built on three core fundamentals:
  • On-premises AND Cloud: We believe in a world where you’re integrating public cloud with your on-premises infrastructure, and using each where it makes sense, in conjunction with each other. Think and, not or. It’s not an on-premises OR cloud proposition – it’s an AND proposition. And when we say integration, we mean true integration – across infrastructure, apps, identity, and databases. This is what we call hybrid. Microsoft is the only company which has the necessary assets across virtualization, identity, data platform , development and management to provide a consistent experiences across on-premises, our cloud and 3rd party service providers. This vision and strategy - called “Cloud OS” – is what we aim to deliver for our customers. If you choose look at other Cloud vendors that provide public OR private cloud offerings (Amazon, VMware, or Google), you have to cobble together disparate offerings and you will not get a seamless experience.
  • Open, Broad and flexible: We realize that you’ll want to run a variety of workloads in the cloud. In Windows Azure, we will of course provide first and best experience and support for Microsoft workloads, but at the same time we have embraced other open technologies so you get a cloud experience that satisfies your heterogeneous needs. In enterprises, Java and .NET are still most used, but developers are also using PHP, Python and other languages in addition. Windows Azure supports all these languages and more. Windows Azure providesout-of-the box experience for open frameworks likeHadoop, web frameworks like Wordpress, Joomla and Drupal. We also provide first party SDKs for developing apps using Android, IOS or Windows phones.We not only support, but have embraced open technologies. We also provide a broad set of services that provide you a good choice.In addition to the breadth of the platform, it’s important to note that using Windows Azure is not an all or nothing proposition. You can use most services independently of each other. For example, you can just use storage without compute or use DB without using storage. What you want to use and how you want to use is really YOUR choice.
  • We believe in Trust through Transparency. We are transparent in the following ways:We participate in industry standards like ISO 27001, SSAE16 and Cloud Security Alliance.We undertake yearly audits with independent 3rd partiesWe provide a rich set of financially backed monthly SLAs (this differentiates us from other cloud providers like AMZN whose SLAs are fewer and annual). Monthly SLAs are more stringent with less room for error than yealy SLAsAll of our regulatory compliance and privacy policies are clearly explained in the online portal called Trust CenterWe provide real time status of all the services via a Service Dashboard. We provide Root Cause Analyses in case of issues.
  • Lets now take a look at the global scale at which Windows Azure operates.We operate in 8 global regions across different contents. 4 in US, 2 in Europe, and 2 in Asia. These are gigantic in their scale and operations and here are some of the pictures.In addition, we have 24 CDN locations across the globe.We provide support across 109 countries and in 8 languagesWe have our local teams and sales offices across the world.In addition, we have 19 countries with local currency supportKey Talking Points:To support growth in the massive demand for Windows Azure, Microsoft has developed a modular approach to building and expanding physical datacenter capacity quickly – in days, instead of weeks and monthsITPACs are pre-assembled, self-contained datacenter “pods” that contain pre-wired racks of servers, storage and networking equipment along with cooling, venting and power management.Multiple ITPACs can be quickly delivered to a datacenter site and interconnected to build and/or grow datacenter capacityBy leveraging ITPACs as building blocks for modular datacenters, not only can Microsoft quickly expand physical capacity, but existing capacity is delivered very cost-effectively – in our Gen4 datacenters, we’ve demonstrated a 1.05 PUE ( Power Utilization Efficiency) ratio – whereas traditional datacenters often have a PUE as much as 2-3x higher.Direct attendees to the links on the page for more details. If time permits during the event, you may wish to play one or both videos.Additional Resources:aka.ms/itpacaka.ms/msdatacentersUnited Nations ITPAC datacenter technology video - http://www.microsoft.com/en-us/showcase/details.aspx?uuid=0d0d24d6-f637-4b50-b118-5c8a0f5bf614Microsoft Generation 4.0 Data Center Vision -http://www.youtube.com/watch?v=PPnoKb9fTkA
  • Slide Objective:Discuss how IT Pros can easily estimate the cost of leveraging Windows Azure via the Windows Azure Cost CalculatorKey Talking Points:The global scale and power of leveraging the Windows Azure cloud platform is surprisingly cost-effective. When you get started, you pay only for the resources that you need – there’s no upfront costsOf course, you can start out for free with a trial subscription to evaluate Windows Azure for your scenarioTo estimate the costs associated with your organization’s particular scenario on a paid subscription, you can leverage the Windows Azure pricing calculator as a starting point of reference.Note that deeper discounts are available by selecting a 6-or-12 month prepaid option ( minimum $500 monthly commitment ) or purchasing Windows Azure via an existing volume licensing agreement.Two important enhancements were announced in June 2013 that make Windows Azure even more cost effective for on-demand scenarios:VM’s that are Stopped from the management portal are not charged compute costs when in a “Stopped (Deallocated)” stateVM compute charges accumulate per-minute vs per-hour, making scenarios that use partial hours more cost effective than competing platforms.
  • But that is not all that you can do with Azure. Windows Azure also provides infrastructure services which allow for more hands on configuration and management similar the servers you have today. However, they’re hosted in Microsoft datacenters letting you use Azure as if you were operating your own datacenter in the Cloud. For example, you can provision VMs, give them private IP addresses, and connect to them using a VPN from your on-premises environment. Most importantly, this lets Windows Azure mimic your on-premises datacenter and run your current apps with little or no change without the expense of having to own servers of racks, cooling and building costs. Furthermore, you can connect the “datacenter” you build in the Cloud to your on-premises datacenter so the datacenter in the Cloud becomes an extension to your on-premises infrastructure. These “building blocks” lets Windows Azure to be used as an Infrastructure-a- a-service.So, you see Windows Azure offers IaaS +PaaS in one platform. IaaS provides flexibility, PaaS eliminates complexity. Use PaaS where you can, use IaaS where you need. With Azure, you can use both together or independently, and build apps of the future. That uniquely differentiates us. 
  • Slide Objective:Introduce how VMs relate to Cloud ServicesKey Talking Points:All VMs exist inside a container known as a Cloud ServiceWhen a new VM is created, if an existing Cloud Service is not specified, a new Cloud Service is created for that VMCloud Service serves as a boundary. All VMs inside the same Cloud Service share:Same Public IPv4 AddressSame Public DNS name ( *.cloudapp.net )Common Internet Firewall / Load Balancer instanceIn terms of IP Address lifetimes …Public IP Addresses are aligned to the lifetime of a Cloud ServiceInternal IP Addressses are aligned to the lifetime of a VM
  • Slide Objective:Discuss the ability to host multiple VMs in the same Cloud Service.Key Talking Points:Multiple VMs can be configured in the same cloud service so that they can share a common public IPv4 address and be load balanced.If VM’s are configured in same Cloud Service and Availability Set, they can also be configured to “Auto-scale” based on load – VM’s will be turned on during scale-up and turned-off during scale-down.NOTE: The limits per subscription are:Maximum IaaS VMs per Cloud Service: 50Maximum Cloud Services per Subscription: 20Maximum VMs per Virtual Network: 1,024From: http://pointers/Questions/6568/Soft-and-Hard-limits-on-Azure-subscriptions-and-accountsThese limits can be increased simply by an account request in the management portal
  • Slide Objectives:Highlight the Windows Azure Virtual Machines featureSpeaking Points:As you saw you can use both Windows Server or LinuxYou can install any software you want in the virtual machine. It’s your virtual machineYou can also setup a virtual private network to connect VMs to your on-premises infrastructure
  • https://github.com/WindowsAzure-TrainingKit/HOL-ProvisioningAWindowsAzureVMPShttps://github.com/WindowsAzure-TrainingKit/HOL-ProvisioningAWindowsAzureVM
  • Slide Objective: Discuss how to achieve an SLA of 99.95% for VMsKey Talking Points:Configuring at least two VMs performing the same workload in the same availability set provides a 99.95% SLAWithout at least two virtual machines performing the same workload grouped into an availability set, you get a 99.9% SLA. Virtual Network SLA = 99.9%VMs in same availability set are automatically placed in separate upgrade and failure domains ( racks ) within a datacenter.Azure SLA is more granular than competition – mapped to availability of specific infrastructure components that are hosting VMs, instead of generically mapped to edge of a datacenter regionSLA for VM’s based on monthly availability instead of annual availability ( most of competition ).Complete SLA for VMs available at http://www.microsoft.com/en-us/download/details.aspx?id=38427
  • Slide Objectives:Highlight the Windows Azure Virtual Machines featureSpeaking Points:As you saw you can use both Windows Server or LinuxYou can install any software you want in the virtual machine. It’s your virtual machineYou can also setup a virtual private network to connect VMs to your on-premises infrastructure
  • We are now moving on to discuss another main component of infrastructure services – which is Virtual Network. For those customers and partners who want to retain select data and applications on-premises while having layers of applications running in the cloud, Virtual Network is the key to build the desired hybrid architecture.Virtual Network (VNET) allows you to create a logically isolated section of Windows Azure and treat it like your own network. You can customize the network configuration for a VNET - create subnets, assign private IP addresses and bring your own DNS server if you wish.  Within a Virtual Network for example, you can create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access.There are a few other very important benefits of using Virtual Network. Some of the scenarios we will talk about later come to life through Virtual Network. For instance, with Virtual Network:You can persist your IP address for Virtual Machines. That means when you are deploying SharePoint in Windows Azure or enabling Active Directory in Virtual Machines, the persistent IP address you need is there and available. You can build services with common tiers, where all apps – whether in cloud or on-premises - use the same AD , use the same database tier or be managed by the same System Center Operations Manager since they are in the same network and can communicate directly to each other. You can build composite, multi-tier applications that take advantage of Windows Azure web and worker role instances, PaaS model, as well as Virtual Machines instances, IaaS model. Using Virtual Network will enable those instances to talk to each other. You can point all Virtual Machinesto a DNS server on-premises or a DNS server running in a Virtual Network. This capability enables you to use your Domain Controllers in Windows Azure to enable single sign-on for your applications.You can find the list of supported VPN devices in the appendix.
  • There is even more news on the networking front…In addition to Cisco and Juniper, we have new partners that support Windows Azure’s site to site networking capability with their gateway devices. F5, Juniper and WatchGuard gateway devices have recently became available for use with Window Azure Virtual Network. When setting up your cross-premises and cloud connectivity, now you have more options.We also have enhanced the existing ‘Site-to-Site VPN’ connectivity so you also can use Windows Server 2012 RRAS (Routing and Remote Access) as an on-premises VPN server. This gives you the flexibility of using a software based VPN solution, as opposed to a physical gateway device, to connect your on-premises network to Windows Azure. Software based VPN and more physical hardware options. More ways to get started with the power of AND.
  • When we announced general availability of infrastructure services, we have re-iterated our commitment to make the power of AND work for our customers. We have more than one view of the world, it is cloud AND on-premises and we continue to deliver on that theme. Case in point is Point-to-Site VPN.It allows you to setup virtual private network (VPN) connections between individual computers and a virtual network in Windows Azure. We built this capability based on customer requests and learnings from a preview feature called Windows Azure Connect. Point-to-Site VPN greatly simplifies setting up secure connections between Windows Azure and client machines, whether from your office environment or from remote locations. Using Point-to-Site VPN enables some new and exciting ways to connect to Windows Azure that are not possible from other cloud providers. Here are a few examples:You can securely connect to your Windows Azure environment from any location. You can connect your laptop to a Windows Azure test and development environment and continue to code away while sipping coffee at an airport café!Small businesses or departments within an enterprise who don’t have existing VPN devices and/or network expertise to manage VPN devices can rely on the Point-to-Site VPN feature to securely connect to workloads running in Windows Azure virtual machines.You can quickly set up secure connections to Windows Azure even if your computers are behind a corporate proxy or firewall.Independent Software Vendors (ISVs) wanting to provide secure access to their cloud apps can leverage the Point-to-Site VPN feature to offer a seamless application experience.
  • https://github.com/WindowsAzure-TrainingKit/DEMO-DeployingHybrid ORDemomate: Windows Azure IaaS - Virtual Network S2S WS2012
  • For many customers and partners, scripting and automation is the key to efficient operations. Fear not! Microsoft’spopular task automation framework PowerShell is available for use with Windows Azure as well. Whether you want to automate provisioning of lots and lots of Virtual Machines or configure your Virtual Network settings through scripts, PowerShell cmdlets are ready for you. You can download PowerShell cmdlets from http://www.windowsazure.com/en-us/downloads/to get started.You can configure and manage all 3 elements of infrastructure services (IaaS) with PowerShell: Virtual Machines, Virtual Network and Storage. When you want to upload custom VHDs into Windows Azure or bring your images back to on-premises, at scale, use PowerShell. When you are working across many Windows Azure subscriptions and need to copy VHDs in between, use PowerShell. Or when you want to convert images virtualized with VMware (VMDK format) into VHD to run in Virtual Machines, use the Microsoft Virtual Machine Converter (MVMC Toolkit) first and then upload the converted images using PowerShell cmdlets.PowerShell is here to help increase your productivity, and to give you advanced management options.
  • So let’s focus on cloud identity management.We are trying to address 3 main issues:Help IT departments get control of who is access what on the public cloud and provide SSO in a secure and efficient manner. Various departments in enterprises are enthusiastically adopting many different SaaS application, and “Shadow IT” makes its appearance.One way of resolving this problem is adding more federated connections with SaaS application, but that’s a very difficult way to resolve Single Sign On.Password proliferation. I am accessing more than 5 cloud services for personal use at least once per week, how many are you using? How many times do you login each week? For each access and each application we must enter in our user name and password, it can become tedious to say the least.  The most useful link on those services is the "I forgot my password" one and, to be honest, “I forgot my username" is becoming common too. Imagine the scale of this issue in enterprises. [Click] An average user already deals with a bunch of usernames and passwords for his on-premises applications, and [Click] cloud based applications are piling up with an increasing pace. There are already enterprises that have many cloud based applications in their environment. (There are more than 20.000 SaaS apps in the market already according to IDC)  Huge amounts of money have been invested in on premises identity and access management solution without actually having the problem of Single Sign On solved. Help centers and IT departments all over the world can confirm that.[Click] If you add personal cloud applications' identities into the mix [Click] along with the desire to access applications from different devices, you get many frustrated users who voice their unhappiness and place pressure on IT for simpler solutions. The challenge for IT in today’s world of many devices, on premises apps, cloud apps, and hybrid apps is that they are not always aware of all the cloud-based applications their users are accessing. IT has not purchased or deployed these apps and in most cases they have no visibility into how they were purchased or if they are being managed. With the dramatic increase in cloud applications and the ease of sign up and free trials, Management and users are asking from IT departments to provide single sign on from everywhere to everything… A solution to this problem could be a federation with each and every one of those cloud-based applications. But not all of them are using the same protocols or standards when it comes to identity management, which can make federation a very difficult task.Instead, [Click] organizations need a hub that can sync their on-premises Active Directory, [Click] seamlessly connect with many cloud applications, [Click] can integrate with various protocols and can scale around the globe to authenticate users everywhere [Click] from any device in a way that integrates simply with their existing identities. With more than 95% of fortune 1000 organizations using Windows Server Active Directory on premise, they would prefer not to reinvent the wheel or recreate all of their identities. The good news is that they don’t have to. That’s exactly what Windows Azure Active Directory provides. And it does that in a secure and comprehensive manner.
  • Slide Objective:Introduce the key capabilities that Windows Azure Active Directory offers to address common identity issues.Key Talking Points:Single identity repositoryManage identities for cloud applicationsManage identities for enterprise applicationsAllow self-service access to users for authenticating to applications
  • Slide Objective: Describe the two ways in which Windows Azure Active Directory can be integrated with Windows Server Active Directory for a seamless authentication experience.Cloud Authentication – DirSync with Password Hash SyncFederated Authentication – DirSync with ADFS
  • https://github.com/WindowsAzure-TrainingKit/DEMO-DeployingHybrid ORDemomate: Windows Azure IaaS - Virtual Network S2S WS2012
  • Переходя к непосредственной теме этого видео, зададим себе, что же такое большие данные? Практически всегда, когда кто-то говорит об High Performance Computing, речь заходит также и о больших данных, или Big Data. Понятно, что это большое количество данных. Но насколько большое?
  • Настолько большое, что в секунду большой адронный коллайдер получает 1 петабайт данных, которые требуют обработки.
  • Цель же всего этого – это обеспечение масштабирования от нуля до виртуально бесконечности. Разумеется, что для максимальной производительности вычислений необходимо, чтобы ресурсы располагались как можно географически ближе, но бесконечных ресурсов в одном месте не бывает, по этому причине бесконечность можно назвать виртуальной – в любом случае, если даже ресурсы в одном месте кончатся, можно объединить развертывание с другим и расширить доступную емкость ресурсов. Очевидно преимущество облака над локальными инфраструктурами в этом контексте – если мы имеем задачу, для которой необходимо большое количество ресурсов, то мы можем столкнуться в случае локальной инфраструктуры с банальной нехваткой этих вычислительных ресурсов – и мы можем либо дождаться, пока пул расширится (чего может не произойти по ряду причин), либо ограничиться доступными мощностями, что может разительно повлиять на скорость того, с какой будут получены, возможно, очень важные данные. С облаком исследователь не зависит от человеческого и организационного факторов – в любой момент он может добавить вычислительные узлы к своему личному суперкомпьютерному кластеру, и, произведя необходимые вычисления, отказаться от лишних ресурсов и перестать их оплачивать.Но при этом необходимо четко понимать, что Windows Azure – платформа, предоставляющая высокую гранулярность модели оплаты, и нужно учитывать, что пользователи, во-первых, оплачивают часы вычислений для экземпляра почасово, при этом цена зависит от размера экземпляров – от одного до восьми ядер и других характеристик, например, оперативной памяти. При этом, если ресурсы запущены, но на самом деле не используются, они все равно оплачиваются. Для хранилища аналогичная ситуация – данные, хранящиеся в блобах и таблицах Azure, оплачиваются помесячно + оплачивается количество транзакций и исходящий трафик из датацентра Windows Azure (входящий трафик не оплачивается).
  • Но, однако, нельзя говорить о том, что облако – это полная замена локальной инфраструктуры. Например, у нас имеется локальный суперкомпьютерный кластер, у которого просто не хватает небольшого количества ресурсов. В этом случае поднятие аналогичного кластера в облаке ради разницы в один-два вычислительных узла – это неэффективный способ использования уже существующих закупленных и поддерживаемых вычислительных ресурсов. Microsoft в рамках платформы Windows Azure предлагает возможность создания гибридной инфраструктуры, когда вы, на головном узле своего локального кластера, подсоединяете вычислительные узлы, находящиеся в облаке. Разумеется, что здесь могут возникнуть вопросы о производительности подобного рода решений, прежде всего в вопросах сетевого подключения – конечно, есть проблема задержек (latency), которая возникает между географически удаленными решениями. В этом случае можно использовать, например, кэширование либо разделение данных для обработки между локальной и облачной инфраструктурами таким образом, чтобы облачные узлы не обращались к данным, расположенным локально, и наоборот.
  • https://github.com/WindowsAzure-TrainingKit/DEMO-DeployingHybrid ORDemomate: Windows Azure IaaS - Virtual Network S2S WS2012
  • Стачка, Ульяновск. Мастер-класс "Инфраструктура в облаке"

    1. 1. Инфраструктура в облаке albe@Microsoft.com
    2. 2. • Сценарии для инфраструктуры в облаке • Виртуальные машины: как иметь постоянно доступную инфраструктуру • Виртуальные сети: как связать облако и локальные ресурсы • Средства автоматизации и мониторинга • Windows Azure AD • “HPC и BigData”-as-a-service
    3. 3. AuthN Виртуализация Данные Разработка DevOps и управление
    4. 4. ₩ ¥ € руб $ $ £ $ Rp TL chf kr kr $R $ $
    5. 5. http://www.windowsazure.com/en-us/pricing/calculator/
    6. 6. vpn
    7. 7. Cloud Service Cloud Service -…
    8. 8. Внутри одного CS может быть много ВМ Cloud Service
    9. 9. Почасовый подсчет на лицензию Windows Server Application License Mobility (SA) Почасовый подсчет Софт от Microsoft Зависит от вендора и самого софта Другой софт
    10. 10. Gateway
    11. 11. Windows Server 2012 Android Windows Phone 8 Windows RT iOS X86/x64Macs Windows Server 2012 Windows Server 2012 Windows Server 2008 R2 Windows Intune VPN Tunnel AD Windows Server 2008 Windows Server 2003
    12. 12. Microsoft Azure Active Directory
    13. 13. Собственные провайдеры AuthN PC и другие девайсы AD Microsoft Приложения неMS ISV/CSV apps Custom LOB apps
    14. 14. Windows Azure Active Directory
    15. 15. Большие данные?
    16. 16. CERN 1 петабайтданных в секунду получает Большой адронный коллайдер
    17. 17. масштабное распараллеливание и оплата по факту использования
    18. 18. Мой суперкомпьютер Только Windows Azure Начальная стоимость Планирование, Железо, Место, Энергия, Охлаждение, $10000... Зарегистрировать учетную запись Цена владения Обслуживание, Персонал, Энергия, Бэкапы, Интернет, Хранилище, Простои, Отказы дисков, Затраты во время простоя! Платите только за то, что потребляете, ограничено только вашим бюджжтом Сеть между узлами 20 Gbps InfiniBand 10 Gbps для доступа к хранилищу и интернету RDMA + InfiniBand (IB) 40 Gbps для передачи данных между узлами Дружелюбен к офису? ? Тих и невидим CPU & Memory Выделенные 8 узлов с 8 ядрами & 16Gb N+1 nodes 16 cores & 120 Gb RAM Доступ к моим Internet для загрузки
    19. 19. LINPACK TOP500
    20. 20. • Hadoop от Hortonworks • Хранилище - Azure Blob • Аналитика • Поддержка многих языков • Интеграция с MS-средствами аналитики HDInsight
    21. 21. Distributed Storage (HDFS) Distributed Processing (Map Reduce) Экосистема HDInsight