Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft Azure Hybrid Cloud - Getting Started For Techies


Published on

This is my "getting started for techies" presentation on using the Microsoft Azure public cloud to build hybrid cloud solutions in conjunction with Windows Server 2012 R2 Hyper-V and System Center.

Published in: Technology
  • Sex in your area is here: ❶❶❶ ❶❶❶
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ♥♥♥ ♥♥♥
    Are you sure you want to  Yes  No
    Your message goes here
  • HOW TO UNLOCK HER LEGS! (SNEAK PEAK), learn more... ●●●
    Are you sure you want to  Yes  No
    Your message goes here
  • FREE TRAINING: "How to Earn a 6-Figure Side-Income Online" ... ♣♣♣
    Are you sure you want to  Yes  No
    Your message goes here

Microsoft Azure Hybrid Cloud - Getting Started For Techies

  1. 1. Hybrid Cloud with Microsoft Azure Aidan Finn
  2. 2. About Aidan Finn • Technical Sales Lead at MicroWarehouse • Working in IT since 1996 • MVP (Virtual Machine) • Experienced with Windows Server/Desktop, System Center, virtualisation, and IT infrastructure • @joe_elway • • • Published author/contributor of several books
  3. 3. Agenda • What is cloud computing? • Introducing Microsoft Azure • Azure IaaS – Storage – Virtual networking – Virtual machines – Hybrid cloud networking – Azure Site Recovery – Azure RemoteApp • If we have time … System Center & Azure
  4. 4. What is Cloud Computing?
  5. 5. What is a cloud? • According to NIST (USA National Institute of Standards and Technology), a cloud’s characteristics are: – On-demand self-service – Broad network access – Resource pooling – Rapid elasticity – Measured service • In other words: – More than just virtualization – “Self-service” indicates large size
  6. 6. Cloud Models & Deployments Public Cloud Private Cloud Hybrid Cloud SaaS Bing, Office 365,, Google Apps Salesforce Office 365 PaaS Microsoft Azure, Facebook Pivotal CF IaaS Microsoft Azure, Windows Azure Pack, OpenStack, AWS, Google Compute Engine Windows Azure Pack, OpenStack, vCloud Suite Microsoft “Cloud OS”
  7. 7. The Cloud OS Microsoft’s vision of the unified platform for modern business: – Transforms the datacenter – Unlocks insights on any data – Empowers people- centric IT – Enables modern business apps
  8. 8. HYBRID Cloud • Microsoft Corporation is selling hybrid cloud – On-premises servers still required – Extend facilities into Azure and hosting partner clouds • Run: – Hyper-V + System Center on premises – Hosting partner: Hyper-V + System Center + WAP – Microsoft Azure
  9. 9. Introducing Microsoft Azure
  10. 10. Microsoft Azure • Microsoft’s public cloud, offering IaaS and PaaS • Based on … Windows Server 2012 Hyper-V – Rumoured to be 17% of global servers sales – Tell me Hyper-V doesn’t scale!!! – One consistent platform for private, public, and hybrid cloud: Hyper-V virtual machines • Incredibly innovative data centres – Signed NDAs so I’ll leave it there 
  11. 11. Cloud Scalability • Only 2 clouds can rival Azure for scale (AWS and Google) • Take what you need, never let IT limit business growth • Place services close to customers … everywhere • Local regions: – Europe North: Dublin – Europe West: Amsterdam
  12. 12. “Purchasing” Azure • Think of it as a complicated mobile phone/data service – You take what you need and pay for what you use • Three purchasing methods: – Credit card: monthly bill – Enterprise Agreement: pre-paid credit for large enterprises – Open (from August 1st 2014): pre-paid credit for SMEs • Not easy to forecast – Trials and PoCs are important
  13. 13. On To The Fun Stuff … Microsoft Azure IaaS
  14. 14. Managing Azure • One portal to manage all aspects of Azure IaaS – • New portal on the way – – Health and subscription information more visible • PowerShell cmdlets – Scripting always gives more control – Some features require PoSH, e.g. static IP address • Microsoft Azure Automation – Orchestration based on WAP Service Management Automation (SMA) – PowerShell workflows
  15. 15. Management Certificates • Used by tools such as PowerShell to authenticate with Azure • Create certificate public/private pair – Does not need public trust – Use MakeCert • 2 files: – .PFX private file loaded into personal certificate store – .CER public file uploaded to Azure • Install the Azure PowerShell Module – Using the Web Platform Installer – Import-Module Azure
  16. 16. Demo – Managing Azure
  17. 17. Azure IaaS
  18. 18. Microsoft Azure IaaS • Infrastructure services based on: – Web sites > skipping this today due to time and “easy factor” – Storage – Networking – Virtual machines • Solutions based on one or more of those components
  19. 19. Fault Domains • Azure is built to cloud scalability • The focus is on service uptime, not server uptime • Imagine a rack that has single: – Power supply – Network connection • Racks are deployed in groups of 3 – One rack can fail/maintenance, others stay online • These are fault domains • A service that lives entirely in a single fault domain will suffer downtime: – Planned maintenance – Unplanned outages (during failover) • Service instances should span multiple fault domains
  20. 20. Load-Balanced Sets • Typically deployed when creating multiple instances of an identical web application • For example, the public IP is load balanced on TCP 80 and TCP 443 across multiple web servers • Two objectives: – Increase scalability – Fault tolerance • Internal load balancing (non public tiers) is available now – Only via PowerShell
  21. 21. Availability Sets • Virtual machines in the same availability set will reside in different fault domains • Place tiers of a service into availability sets – Example: 3 load balanced VMs – Each VM added to availability set – Each VM is automatically placed in a different fault domain – Host outage/maintenance leaves the service online • Might have availability sets for: – Web tier – Application tier – Data tier • Availability sets required for 99.95% uptime – VM external access
  22. 22. Load-Balanced & Availability Sets Rack 1 Rack 2 Rack 3 Public IP Address Availability Set Load-Balanced Set
  23. 23. Azure Storage
  24. 24. Blobs • Azure stores stuff in blobs – A blob is a multipurpose storage system • We can create blobs to store: – VMs (VHD files only!) – Big data – Templates – Online backup and more • Replicated storage: – Locally redundant (cheapest): 3 copies stored in one region – Geo redundant (default): 3 copies in region + 3 more in neighbouring region – Read-access geo redundant: 3 copies in region + 3 READ ONLY copies in neighbouring region – Zone Redundant Storage (future): 3 copies in one or two regions
  25. 25. Demo – Create a Blob
  26. 26. Browsing Blobs • Can be done in the portal • Can also use 3rd-party tools to remotely connect to/browse a blob – Similar to an FTP tool – Comparisons: ve/2014/03/11/windows-azure-storage-explorers- 2014.aspx • Requires: – Storage account name – Primary access key
  27. 27. Importing LOTS Of Data To Azure
  28. 28. Online Backup • Use Azure blobs for backup – Primary backup: Windows Server Backup (W2008 R2 SP1 and later) – Off-site secondary backup: DPM, Commvault, CA • Create a new Recovery Services > Backup Vault • Install PFX/Private certificate on the server that will be backed up • Upload the paired public CER/public cert to the backup vault • Follow vendor specific instructions to enable backup
  29. 29. Demo – Azure Online Backup
  30. 30. StorSimple • Tired Storage: – Hot: Local SSD – Warm: Local SAS – Cold: Azure blob • 1 GbE iSCSI appliance – Xyratex (Mexico) • NOT A SAN REPLACEMENT – Use for specific roles – Small working set of data
  31. 31. Virtual Networking
  32. 32. Cloud Service • A high level concept • Has a single public IP address that you can NAT – Known as Virtual IP Address (VIP) – Ports of the VIP are NATed to VMs or load-balancer rules • Think of it this way: – Each isolated service/network should require a cloud service
  33. 33. Cloud Service Reserved IP • The VIP is not reserved by default for the cloud service • A VIP remains with a cloud service as long as the cloud service remains operational – Running out of credit will offline a cloud service • You can reserve a VIP – #Reserve a IP New-AzureReservedIP -ReservedIPName EastUSVIP -Label "Reserved VIP in EastUS" -Location "East US" – #Use the Reserved IP during deployment New-AzureVM -ServiceName "MyApp" -VMs $web1 - Location "East US" -VNetName VNetUSEast - ReservedIPName EastUSVIP • Portal management to come in a future release
  34. 34. Virtual Networks • Software-defined networking (SDN) – Same concept as Hyper-V Network Virtualization • Carve out your own network and subnets – No need to wait for Azure administrators • Must be in: – – – • Define your own subnet mask and subnets • Example: – Virtual network: – Subnet-1: – Subnet-2: – Subnet-3:
  35. 35. Demo – Creating Virtual Networks
  36. 36. Virtual Network IP Addresses • First IP address available is .4 • Default gateway is .1 • Azure VMs can have a single NIC • IP addresses are automatically assigned to VMs – Guest OS will think it has a DHCP address – Not actually DHCP – Not static either • IP remains with a VM while it remains operational – Not guaranteed to return to a VM after being offline – Can cause issues with name/IP relationship • Can use PowerShell to statically assign an IP address
  37. 37. Persistent Azure VM IP Addresses Requires some PowerShell: 1. Stop-AzureVM -ServiceName “DemoService” -Name “VM01“ 2. Get-AzureVM -ServiceName “DemoService” - Name “VM01” | Set-AzureStaticVNetIP - IPAddress "" | Update-AzureVM 3. Start-AzureVM -ServiceName “DemoService" -Name “VM01"
  38. 38. Network Isolation • A virtual network is isolated • You choose what, if any, external ports are opened • Virtual subnets inside of a virtual network are able to route to each other • Isolation inside of a virtual network: – Windows Firewall – IPsec • VNet to VNet connectivity – Enable isolated VNets to route to each other – px
  39. 39. Hybrid Cloud Networking
  40. 40. Connecting Networks • For all but a few services, disconnected services are useless • Extend your on-premises network into Azure • Have private connection to Azure • Extend on-premises management into Azure • Two options: – Site-to-site VPN – ExpressRoute
  41. 41. Site-to-Site VPN • Create encrypted tunnel into an Azure virtual network • Routing between sites • Extend your network into Azure • A number of supporting devices, including Watchguard Watchguard XTM Microsoft Azure On-Premise Internet
  42. 42. Site-to-Site VPN Endpoints
  43. 43. Create a Site-to-Site VPN • WatchGuard instructions: /Configure-a-VPN-connection-to-a-Windows- Azure-virtual-network/ • Record: – Local Gateway ID: Your public VPN IP – Remote Gateway ID: Azure public VPN IP – Shared Key: The Azure secret VPN key – Local Network IP Address: The local address space – Remote Network IP Address: The Azure address space
  44. 44. Site-to-Site VPN Solution • Can take a little while to come online on the Azure end • You have simultaneous: – Direct Internet access – Site-to-Site VPN routing to Azure Virtual Network • Can extend services into Azure – Active Directory – SQL Always On – And much more
  45. 45. Pros/Cons of Site-to-Site VPN • Pros: – Quick to deploy – Very affordable – You are in control • Cons: – Local VPN site is bottleneck – That site is also a point of failure – Can’t implement SLA on VPN because it uses public Internet for the tunnel – It routes only virtual network traffic. What about other Azure services?
  46. 46. ExpressRoute • Site-to-Site VPN extends your network into an Azure virtual network • Azure data center services are added to your WAN using ExpressRoute partner – Not just virtual networks – Everything: virtual networks, StorSimple, RDS, backup, replication, … • Two flavours of ExpressRoute that use MPLS WANs • Local service providers: – BT: Network service provider – Telecity: Exchange provider
  47. 47. ExpressRoute Flavours Public internet Microsoft Azure Public internet Microsoft Azure
  48. 48. Pros/Cons of Site-to-Site VPN • Pros: – Includes all Azure services – No single point of network failure – No site is a bottleneck for other sites – Is subject to service provider SLA • Cons: – Requires MPLS contract – More expensive than site-to-site VPN – Slower to deploy
  49. 49. Azure VMs
  50. 50. What Are Azure VMs? • Pretty much like Generation 1 Hyper-V virtual machines – Single virtual NIC – VHD only • Files stored in a blob • Uses a D: drive for non-persistent data – Do not delete or use this drive • Add additional drives for data – Examples: SQL database, AD database files • Can store application data on SMB 2.01 shared folders – Example: IIS shared content • More supported versions of Linux than Windows!!!
  51. 51. Deploying Azure VMs? Multiple options: • Deploy VMs from Azure gallery • Create a template in Azure machines-capture-image-windows-server/ • Upload a custom template into Azure machines-create-upload-vhd-windows-server/ • From vSphere to Azure using MVMC 2.0 migrate-a-vmware-vm-to-azure-iaas/ • Upload a Hyper-V virtual machine machine-to-windows-azure-with-powershell/
  52. 52. Antivirus
  53. 53. Demo - Deploying an Azure VM
  54. 54. • Myth: “Why would I put my applications in the cloud where anyone can get at them?!” – You decide what services are publicly visible – No different to what you do now • We configure Endpoints to NAT ports through the cloud service VIP (public IP address) • Examples: – VIP:TCP80 -> – VIP:TCP21 -> – VIP:TCP443 -> • You can close everything for complete privacy • By default, VMs created in the portal will have these open: – TCP 5986 (PowerShell remote administration) – TCP 3389 (Remote Desktop) Endpoints
  55. 55. Demo – Endpoints & Load Balanced Sets
  56. 56. • Advanced configuration options: – Change a virtual machine’s specification • Tier: Basic/Standard • Size • Availability set – Monitoring (Preview) • Test a cloud service’s web app from multiple global locations • Monitoring VMs – High level metrics utilization – Between 1 hour and 7 days of data Configuring & Monitoring VMs
  57. 57. Demo – Configure & Monitor VMs
  58. 58. • Services can have increases/drops in demand • Cloud is elastic – Quickly grow/shrink – Very affordable compared to on-premise capital + operational expenditure • Autoscaling enables you to: – Deploy & configure lots of virtual machines – Add them to an availability set – Turn on/off VMs based on demand – Note: powered off VMs only have a storage cost Autoscaling VMs
  59. 59. • Normally VMs use cloud service VIPs and Endpoints to be publicly accessible • Not all services work well with NAT • In preview today, you can reserve a public IP address for a VM – No longer using NAT behind the cloud service VIP – Maybe publish FTP – Monitor publicly accessible VMs via public IP • Only available via PowerShell – Requires new VMs and new virtual networks Instance-Level Public IP Address
  60. 60. Azure Site Recovery
  61. 61. • Problem: DR/BC is expensive • Partial solution: Hyper-V Replica – Async VM replication built-into all versions of 2012 and later Hyper-V • Problem: DR sites are expensive – Solution: Use Azure Site Recovery (ASR) • Preview starting June 2014 DR-as-a-Service (DRaaS)
  62. 62. • ASR is built on Hyper-V Recovery Manager (HRM) • HRM offers orchestration of Hyper-V Replica between two sites – Even two privately owned sites • Problems: – HRM is expensive: €11.92/protected VM/month – Requires SCVMM to be deployed on premises • Licensing too expensive for most SMEs • Consultants failing to deploy/configure SCVMM properly for those who can afford it DR Orchestration
  63. 63. Azure Automation
  64. 64. • Very similar to WAP Service Management Automation (SMA) • Create runbooks – PowerShell workflows – PowerShell is in everything Microsoft – Tip: Learn PowerShell or hit your career ceiling now • Automate actions in the cloud and on-premises via hybrid cloud • Doing something twice? – Automate it – Time investment up front will pay dividends – The more you do it, the easier it gets Orchestration in the Cloud
  65. 65. Azure Remote App
  66. 66. • Client/Server programs will eventually become web services driven mobile apps • Until then, we need to support traditional desktop apps – For cloud-based services – On cross-platform devices • You can deploy RDS in Azure VMs – Requires RDS SALs through SPLA licensing • Or you can deploy “Mohoro” aka Azure Remote App – A multi-tenant RDS farm in the cloud run by Microsoft – Currently in preview – Clients include Windows, Android, iOS, and Mac OS X RDS In The Cloud
  67. 67. One Piece Of Advice
  68. 68. • Forget releases every 3 years – Windows Server & System Center out every 12-18 months – vNext expected in April 2015 • With Azure it’s more like every few weeks • Microsoft now doing “sprint development” • Features announced on Azure & ScottGu blogs • Learning has never been as important – Forget traditional learning sources – If you work for a MSFT partner, then watch for news from MicroWarehouse Learning
  69. 69. And If We Have Time … System Center
  70. 70. • Orchestrator – Add a subscription to the portal – Enable end users to deploy VMs under IT management • Operations Manager – Azure Management Pack: Monitor your Azure subscription – Global Service Monitoring: Monitor web services from Microsoft data centers – System Center Advisor: Additional monitoring from the cloud • Data Protection Manager – Azure Online Backup: Using blobs for secondary storage • Windows Azure Pack – Azure AD authentication via ADFS: Scale-out identity • Configuration Manager – Windows Intune: Cloud-based mobile device/app management – Cloud-based distribution point: Internet-based clients System Center & Microsoft Azure
  71. 71. Thank you! Aidan Finn, Hyper-V MVP Technical Sales Lead, MicroWarehouse Ltd. Twitter: @joe_elway Blog: Petri IT Knowledgebase: