5. SharePoint Cloud Continuum
CONTROL
COST-EFFICIENCY
SharePoint (On-premises)
• SharePoint
Value Prop:
• Full h/w control – size/scale
• Roll-your-own HA/DR/scale
Value Prop:
• 100% of API surface area
• Easy migration of existing apps
• Roll-your-own HA/DR/scale
SharePoint (IaaS)
• Hosted SharePoint
Value Prop:
• Auto HA, Fault-Tolerance
• Friction-free scale
• Self-provisioning, mgmt. @ scale
• SharePoint Service
Office 365 (SaaS)
6. Internet sites in Azure — Why?
Focus on developing a great site
Rather than building infrastructure
Scale out and in
Size your solution for the demand
Only pay for resources you need
Dynamic machine allocation is not supported (auto scale)
Azure AD
Take advantage of Azure AD for customer accounts
SharePoint functionality not available on Office 365
Add deep reporting an web analytics
9. Example — Hybrid on-premises and Azure
Reference architecture for a Windows Azure-based disaster recovery environment to support
an on-premises SharePoint farm.
Virtual Network
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Cloud Service
Availability Set
Active Directory
& DNS
Cloud Service Cloud Service
Active Directory
Windows Server
2012 RRAS
Availability Set
Front End
Availability Set
Distributed
Cache
Availability Set
Search Front
End
Availability Set
Search
Backend
Availability Set
Backend
On-premises
environment
Availability Set
Database
B
10. Medium Internet Sites farm
Example farm:
~85 Page views per second
100 Queries per second
Corpus of 3,400,000 items
Processes 100-200 documents per second
Web Server
Host
Query processing
Managed metadata
To scale out: add an additional Web
server to allow for an additional 28
page views per second.
WebServers
Paired hosts for fault tolerance
Application Server
Host
Content processing
Crawl
To scale out: add 1 Application server
with a crawl component and a content
processing component to process an
additional 40 documents per second.
Host D
Analytics
Content processing
Crawl
Admin
Application Server
Host E
Content processing
Crawl
Admin
Application Server
Host F
Content processing
Crawl
Application Server
ApplicationServers
Host A
Web Server
Query processing
Managed metadata
Web Server
Host B
Web Server
Host C
Query processing
Managed metadata
Query processing
Managed metadata
DatabaseServers
Host H
All SharePoint Databases
Redundant copies of all
databases using SQL
clustering, mirroring, or
SQL Server 2012
AlwaysOn
Host G
All SharePoint Databases
Crawl DB
Analytics DB
Search admin DB
Link DB
All other SharePoint
Databases
Crawl DB
Index Partion 0 ReplicaReplicaReplica
Distributed cache Distributed cache Distributed cache
Distributed cache
Replica
User Profile User ProfileUser Profile
User Profile
Zoom into the model
Visio version
PDF version
11. Medium farm in Azure
VPN gateway is optional.
Active Directory can stand alone or be configured as hybrid with the VPN connection.
Virtual Network
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Cloud Service
Availability Set
Active Directory
& DNS
Cloud Service Cloud Service
Active Directory
Windows Server
2012 RRAS
Availability Set
Front End
Availability Set
App
server
On-premises
environment
Availability Set
Database
Optional!
12. A container where you define the IP address ranges your virtual machines will use.
Pls. work with customer and get range of IP address for cloud
Virtual network
Virtual Network
Windows Azure
Active Directory
Windows Server
2012 RRAS
On-premises
environment
B
1
16. Virtual Network and ExpressRoute
Public
internet
Public
internet
Public
internet
17. When you setup a VPN connection, the VPN service resides in a separate subnet. Windows Azure manages the
primary and secondary instances of this service for high availability. You will not see the secondary instance. You
do not need to configure high availability for the VPN service.
Site-to-Site VPN gateway and subnet
Virtual Network
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Standby VPN
Not visible.
Automatically
configured and
managed by
Azure.
B
3
http://msdn.microsof
t.com/en-
us/library/windowsaz
ure/jj156075.aspx
Personally tested
following devices
Cisco 1921 ISR
router is part of
1900 family its
support by Azure
Important point to take note of your procurement
process, device delivery and Public IP requirements.
18. Cloud services are typically used to group VMs by role based on functionality that takes place at the cloud
service level
Cloud services
Virtual Network
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Cloud Service Cloud Service Cloud Service
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Active Directory
and DNS
SharePoint Server roles Database
servers
Plan cloud services
before creating VMs!
B
4
19. Cloud services — best practices
Keep it simple
Start the design with one cloud service
Add additional cloud services to the design only if necessary
“The client application must
reside on a different cloud
service than the one that
contains your availability
group VMs. Windows Azure
does not support direct
server return with client and
server in the same cloud
service”
http://msdn.microsoft.com/en-
us/library/windowsazure/dn376546
.aspx
Cloud Service Cloud Service Cloud Service
Active Directory
and DNS
SharePoint Server roles Database
servers
B
20. Cloud services are typically used to group VMs by role based on functionality that takes place at the cloud
service level
Cloud services
B
Virtual Network
Cloud Service Cloud Service Cloud Service
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Optional!
Cloud Service
AD Servers SharePoint
Servers
SharePoint
Servers
Database
Servers
21. Active Directory for SharePoint solutions
The configuration of Active Directory in this example constitutes a hybrid deployment scenario in
which Windows Server AD DS is deployed both on-premises and on Windows Azure Virtual Machines.
MSDN: Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines
B
Virtual Network
Cloud Service Cloud Service Cloud Service
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Optional!
Cloud Service
Availability Set
Active Directory
& DNS
5
22. Active Directory hybrid best practices — Reference
http://msdn.microsoft.com/en-
us/library/windowsazure/jj156090.aspx
Virtual Network
VPN Gateway
Cloud Service
Availability Set
Active Directory
& DNS
Active Directory
On-premises
environment
Hybrid on-premises and cloud
Example settings for two VMs in Azure configured as domain
controllers
B
Item Setting
Size Small
Operating
system
Windows Server 2012
Active Directory
role
Active Directory Domain Services domain controller designated as a
global catalog server.
Reduces egress traffic across the VPN connection.
In multi-domain environment with high rates of change, configure
domain controllers on premises to not sync with the global catalog
servers in Windows Azure.
Data disks Place the Windows Server AD DS database, logs, and SYSVOL on
Windows Azure data disks.
Do not place these on the Operating System disk or the Temporary Disks
provided by Azure!
DNS Install and configure Windows DNS on the domain controllers.
IP addresses Use dynamic addresses
23. Virtual Network
Cloud Service Cloud Service Cloud Service
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Optional!
Cloud Service
Availability Set
Active Directory
& DNS
Availability Set
Front End
Web Front End Tier
Availability Set #1
Front End ServicesDistibuted Cache
Workflow Manager Query Processing
Front End ServicesDistibuted Cache
Workflow Manager Query Processing
Index Partion #0 Index Partion #0Replica
Front End ServicesDistibuted Cache
Workflow Manager Query Processing
ReplicaReplica
XL - 8 cores / 14GB
C: (System) 127GB
D: (Page File, Blob Cache) 604GB
E: (Log) 40GB
F: (Index) 500GB
C: (System) 127GB
D: (Page File, Blob Cache) 604GB
E: (Log) 40GB
F: (Index) 500GB
C: (System) 127GB
D: (Page File, Blob Cache) 604GB
E: (Log) 40GB
F: (Index) 500GB
XL - 8 cores / 14GB XL - 8 cores / 14GB
K
6
24. App Server Tier
Availability Set #2
Content Processing
Admin
Crawl
Analytics Back End Services
Content Processing
Admin
Crawl
Analytics Back End Services
C: (System) 127GB
D: (Page File) 604GB
E: (Log) 40GB
F: (Analytics) 300GB
C: (System) 127GB
D: (Page File) 604GB
E: (Log) 40GB
F: (Analytics) 300GB
XL - 8 cores / 14GB XL - 8 cores / 14GB
K
Virtual Network
Cloud Service Cloud Service Cloud Service
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Optional!
Cloud Service
Availability Set
Active Directory
& DNS
Availability Set
Front End
Availability Set
App server
7
25. Data Server Tier
Availability Set #3
Availability Group #1
Availability Group #2
Availability Group #3
Search
Content
Content
Configuration
Service Applications
C: (System) 127GB
D: (Page File) 604GB
E:, F:, G:, H: (TempDB Files) 500GB
I: (TempDB Logs) 500GB
L: (Transaction Logs) 500GB
J:, K:, M:, N: (Content Data) 1024GB
O: (Search Databases) 1024GB
XL - 8 cores / 14GB XL - 8 cores / 14GB
C: (System) 127GB
D: (Page File) 604GB
E:, F:, G:, H: (TempDB Files) 500GB
I: (TempDB Logs) 500GB
L: (Transaction Logs) 500GB
J:, K:, M:, N: (Content Data) 1024GB
O: (Search Databases) 1024GB
K
Virtual Network
Cloud Service Cloud Service Cloud Service
Windows Azure
VPN Gateway
Gateway
subnet
Active VPN
Active Directory
Windows Server
2012 RRAS
On-premises
environment
Optional!
Cloud Service
Availability Set
Active Directory
& DNS
Availability Set
Front End
Availability Set
App server
Availability Set
Database
8
26. Design app servers for availability sets
2 out of 3 VMs in an availability set can be on the same rack.
Add additional instances of components to ensure availability.
Design topologies first for scale, then fine tune server roles for availability sets.
Host D
Analytics
Content processing
Crawl
Admin
Application Server
Host E
Content processing
Crawl
Admin
Application Server
Host F
Content processing
Crawl
Application ServerBefore
After
Host D
Analytics
Content processing
Crawl
Admin
Application Server
Host E
Application Server
Host F
Application Server
Analytics
Content processing
Crawl
Admin
Analytics
Content processing
Crawl
Admin
28. Extranet and Public-Facing Internet
Cloud Service
Virtual Network
Windows Azure On Premises
Active
Directory
Site developers and
authors
VPN Tunnel
Internet Zone
Anonymous
Extranet Zone Default Zone
WindowsWindows
SAML
FBA
Partners and
Customers
Visitors
29. • Dedicated Active Directory domain in Windows Azure?
• OR, hybrid with an on-premises AD?
• Add accounts to the domain in Windows Azure
• Use ADFS on premises to federate the internal accounts to a separate Active
Directory environment in Windows Azure.
• Or, use the hybrid design.
• Windows Azure Active Directory is a good choice
• Or, any SAML-based provider
Managing identity for Internet sites
30. Internet sites—using Azure AD for customer accounts
Separate User Accounts from Active Directory
Does not replace need for local Active Directory for SharePoint
Sync with on-premises for SSO
DirSync with on-premises Active Directory
K
SAML 1.1,
WS-Fed
Azure Active
Directory
Tenant
SAML 2.0,
WS-Fed
ACS Tenant
35. IaaS and Disaster Recovery
Cloud Service
Virtual Network
Windows Azure
SQL DR1
(A6)
SP DR1
(Large)
AD1
(X-Small)
On Premises
SQL DR2
(A6)
SP DR2
(Large)
SP DR4
(Large)
SP DR5
(Large)
SP DR3
(Large)
VPN Tunel
SQL Server Log Shipping
36. •
•
•
•
• Sends alerts when TM fails over to secondary service
• Can take appropriate actions for based on type of ‘failover’
Enabling Auto-Failover – Azure Traffic Manager
37. BLOB Storage
1.
2.
1. No change in URLs
3.
4.
1. Detects TM has switched the traffic
2. Pauses the restore log to avoid user
disconnection
Temporary Failover
Subnet 1
Subnet 4
Availability Set 1
Availability Set 4
Cloud Service
Subnet 2
Availability
Set 2
Cloud Service
Subnet 3
Availability
Set 3
Cloud Service
Subnet 1
Subnet 4
Availability Set 1
Availability Set 4
...
SQL
Server
AlwaysON
Availability
Group
Cloud Service
Subnet 2
Availability
Set 2
Cloud Service
Subnet 3
Availability
Set 3
Cloud Service
Read
Only
Primary DR
A
38. 1.
1. Permanent Failover is decided (e.g. based on time window)
2. Service Disruption expected (for some time)
2.
1. Tail log backups are taken from Primary farm (if possible)
2. All pending logs are applied (both instances)
3. DBs are brought to RECOVERY (both instances)
4. DBs are added to AlwaysOn Availability Group
3.
1. SQL Aliases are configured to point to AG Listener
2. Site becomes Read Write
3. Search Decision – Backup/Restore or Continue as is
4.
Permanent Failover
BLOB Storage
Subnet 1
Subnet 4
Availability Set 1
Availability Set 4
Cloud Service
Subnet 2
Availability
Set 2
Cloud Service
Subnet 3
Availability
Set 3
Cloud Service
Subnet 1
Subnet 4
Availability Set 1
Availability Set 4
...
SQL
Server
AlwaysON
Availability
Group
Cloud Service
Subnet 2
Availability
Set 2
Cloud Service
Subnet 3
Availability
Set 3
Cloud Service
Read
Only
Primary DR
A
…
39. Highly Available Template
AD/DC/DNSLB WEB SQLAPP
80
20000
Cloud Service
Virtual Network
Windows Azure
AVSET
SPWEB
AVSET
SPAPP
AVSET
SQLHA
AVSET
DCSET
Web Tier
2 x Large
(4 Cores & 7 GB)
App Tier
2 x Large
(4 Cores & 7 GB)
Data Tier
2 x A6
(4 Cores & 28 GB)
1 x Small (Quorum)
(1 Core & 1.75 GB)
Identity Tier
2 Small
(1 Core & 1.75 GB)
K
40. SharePoint 2013 Automation Scripts
• PowerShell Scripts that use Remote PowerShell for
automated deployment of Active Directory, SQL Server and
SharePoint 2013.
•Two Sample Configurations Available
• HighlyAvailable and SingleVMs
• Download from GitHub
• https://github.com/windowsazure/azure-sdk-tools-samples
K
42. Internet Sites — Content
Solution model
copy and modify architecture
diagrams for your solutions
http://technet.microsoft.com/en-us/library/dn635307(v=office.15).aspx
http://technet.microsoft.com/en-us/library/dn635309(v=office.15).aspx
http://technet.microsoft.com/en-us/library/dn635311(v=office.15).aspx
Visio version
PDF version
Visio version
PDF version