The document discusses the challenges small and large businesses face with on-premises IT infrastructure, especially regarding server capacity and licensing issues. It highlights the benefits of using Azure's Infrastructure as a Service (IaaS) to reduce on-premise footprints and improve network resilience. Key components include setting up a virtual private network, managing domain controllers, and ensuring application accessibility during VPN disruptions.

3. THE SMALL BUSINESS IT CLOSET

5. Servers on the
Floor.
Space enough for
one old used rack.

6. Soooo. How old are
you, anyway?

7. Servers ♡ Dust.

8. House fan.
On a box of wine.
Home AC units.
Hand crafted
ventilation system.

9. At least it vents
outside.

10. SMALL BUSINESSES
• No more room in the closet!
• Lease is up – what do we do now?
• SharePoint 2013 needs HOW MUCH
RAM???
• External Collaboration
• Licensing headaches
LARGE BUSINESSES
• Didn’t budget for dev, test, stage, DR farms
• Lots of hardware sitting under-utilized
• IT department is an obstacle
• IT budgets getting slashed
• Licensing headaches

11. WINDOWS AZURE
• Infrastructure as a Service (IaaS).
• Host VMs on someone else’s hardware.
• Pay by the minute, shut them down
when not in use.
• Use pre-made images, or upload your
own VHDs.
• License costs are rolled into the pre-
made images.

12. SOME GOOD CANDIDATES
• ADFS
• IRM / ADRMS
• On-Prem SharePoint
• Source Control Systems (TFS, SVN)
• LOB App Servers that don’t need to be
on the LAN
NOT SO GOOD CANDIDATES
• Lync Server
• Exchange Server
• Servers that need to be on the LAN

13. • Site2Site IPSEC Persistent VPN Tunnel Between On-Prem and Azure
• Can define the address space in Azure (prevent conflicts with on-prem)
• A virtual extension of an office network

14. • Microsoft is adding new devices all the
time as they test them
• Anything that supports modern IPSEC
may work
• Have an open-source firewall like
pfSense, Racoon, FreeBSD? Try it!
• Just announced partnership with AT&T
will provide other VPN opportunities
over private MPLS networks
Vendor Device Family
CISCO ASA/ASR/ISR
Juniper J Series/ISG/SSG
Watchguard All
F5 BIG-IP Series
Citrix CloudBridge MPX/VPX
Microsoft RRAS Windows Server 2012
http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx

15. • Create an Azure Virtual Network
• Setup Azure subnets and IP Addressing
• Setup the VPN
• Configure connection to local network
• Establish the gateway
• Test the connection
• Install R/W Domain Controllers + DNS
• Join to the corporate domain
• Replicate / test replication
• Setup AD Replication Site for Azure
Subnets
• Install Member Servers
• ADFS / ADRMS / SharePoint Etc.
• Join to the Domain
• Ensure IaaS DNS servers are used for name
resolution
• GOAL – Reduce traffic over the VPN
• Ideally only replication traffic
• Test! Test! Test!
• Take the VPN Down. Can users still use
your applications?

16. • Use Availability Sets
• Use SQL Availability Groups
• Configure ProbePorts for EndPoints
• Don’t depend on the VPN connection, it can go down!
• Use Read/Write Domain Controllers

17. • Not a good idea in general
• Lots of things are broken with an RODC:
• Can’t run the configuration wizard
• Can’t create new site collections
• People Picker won’t resolve new users
• User Profile property export
• Problems w/ Managed Service Accounts with automatic password expiration
• Incoming mail services

18. • Prezi Presentation

19. • On-prem footprints present challenges for small and large businesses
• Azure IaaS can reduce on-prem footprints
• Key is the Azure Virtual Private Network
• Plan for resiliency
• Great for labs or real workloads like SharePoint