Simplify hybrid data integration at an enterprise scale. Integrate all your data with Azure Data Factory, a fully managed, serverless data integration service.
Similar to Simplify hybrid data integration at an enterprise scale. Integrate all your data with Azure Data Factory, a fully managed, serverless data integration service.
Similar to Simplify hybrid data integration at an enterprise scale. Integrate all your data with Azure Data Factory, a fully managed, serverless data integration service. (20)
Simplify hybrid data integration at an enterprise scale. Integrate all your data with Azure Data Factory, a fully managed, serverless data integration service.
1. Extend your datacenter with
Microsoft Azure
Tomáš „Kanty“ Kantůrek
tomaskan@microsoft.com
2. Modules
•Base Modules
• Why Care about Microsoft Azure
• Getting Started with IaaS
• Getting Started with IaaS Workloads
• Getting Started with IaaS Networking
• Getting Started with Azure Storage
•Expansion Modules
• Hybrid cloud with Microsoft Azure
14. IaaS Terminology
• IaaS – Infrastructure as a service –
• You have control over your VMs and the network configuration, but don’t have
to worry about hardware.
• Cloud Service (in this context) –
• A container or management grouping. Every virtual machine is contained
within a cloud service.
• Microsoft Azure Virtual Machines – IaaS.
• You can provision, migrate, and manage VMs. VMs can run Windows, Linux,
and enterprise applications.
• Microsoft Azure Virtual Network –
• The networking overlay that allows you to create and manage virtual networks
in Microsoft Azure and securely connect them to your own on-premises
network.
16. Sample Images Available
Microsoft
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
SQL Server 2012
SQL Server 2014
BizTalk Server 2013
SharePoint 2013
Visual Studio 2013
Open Source
OpenSUSE 12.3
CentOS 6.3
Ubuntu 12.04/12.10/13.04
SUSE Linux Enterprise Server 11 SP3
Enterprise or Standard versions of
Web Logic Server 12c or 11g
Database 12c or 11g
17. IaaS Management
• Windows Azure PowerShell
• Set of cmdlets for managing all objects
• PowerShell remoting to manage hosted VM’s with local PowerShell
or PowerShell ISE.
• Server Manager (hosted in VM or local)
• VPN connections to hosted networks
• RDP to VM desktop
• Telnet or SSH (Linux)
• Platform specific tools (SQL Management Studio/Visual Studio)
• 3rd Party/Community Tools
21. Service Provisioning Model
• Each account has zero or more servers
• Azure wide, provisioned in a common portal
• Billing instrument
• Each server has one or more databases
• Contains metadata about the databases and usage
• Unit of authentication
• Unit of Geo-location
• Generated DNS based name
• Each database has standard SQL objects
• Unit of consistency
• Unit of multi-tenancy
• Contains Users, Tables, Views, Indices, etc.
• Most granular unit of billing
Account
Server
Database
29. What is Azure Active Directory?
• A comprehensive identity and access management cloud
solution.
• It combines directory services, advanced identity governance,
application access management and a rich standards-based
platform for developers
• Azure Active Directory Premium is an advanced offering that
includes IAM capabilities for on-premises, hybrid and cloud
environments
31. Built on top of the free offering, provides a
robust set of capabilities to empower
enterprises with demanding needs on identity
and access management
Additionally, Azure AD premium offers:
• An Enterprise SLA of 99.9%
• Usage rights to Identity Manager Server
and CALs
Azure Active Directory Premium
32. Common Identity with Sync and Federation
User attributes are synchronized including the password hash,
Authentication can be completed against eitherAzure or Windows
ServerActive Directory
User attributes are synchronized, Authentication is
passed back through federation and completed against
Windows ServerActive Directory
Synchronization
Federation
AD FS provides conditional access to
resources, Work Place Join for device
registration and integrated Multi-Factor
Authentication
Write back of attributes to support cloud first
and co-existence
35. DIPS and VIPS
There are multiple ways to access a VM by IP address
VIP – Virtual IP address
• An internet-facing IP address that is not bound to a specific computer or network interface card.
• The cloud service that the VM sits within is assigned the VIP.
• You can have multiple VMs in a cloud service. They share the same VIP.
DIP – Dynamic IP address
• This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You
rely on DHCP – Do NOT statically configure your IP address. Even for DCs.
• The IP address lease directly equates to the lifetime of the VM.
• If you create a virtual network, the VM will receive its DIP from that range.
40. DNS Scenarios
SQL
Reporting
Service
SQL
Analysis
Service
SQL
Service
Active Directory
Active Directory
SQL Service
Domain joined to On-
Premises Network
On-Premises Machine
Business Components
& Entities
On-Premises
Machine
UI Process
Components
Web Tier
Active Directory
Internet
VM Role
SharePoint
FrontEnd
VM Role
SharePoint
FrontEnd
VM Role
Search and
Indes
SQL Service
VM Role
DC DNS
VM Role
VM Role
SQL
VM Role
SQL
Local DNS
SQL
Mirroring
Open User
Access (Website)
41. Virtual Network Scenarios
• Enterprise app in Windows Azure requiring connectivity to on-premise resources
• Manage identity and access control with on-premise resources
(on-premises Active Directory)
• Remote monitoring and trouble-shooting of resources
running in Windows Azure
• Cloud deployments requiring IP addresses
and direct connectivity across services
46. Microsoft Azure Storage Account
Can CDN Enable Account
Blobs delivered via 24 global CDN nodes
Can co-locate storage account with compute account
Explicitly or using affinity groups
Accounts have two independent 512 bit shared secret keys
500 TBs per account
47. Storage Security
HTTPS endpoint
Digitally sign requests for privileged operations
Can be regenerated independently
More granular security via Shared Access Signatures
50. Microsoft Azure Drives
Use existing NTFS APIs to access a network attached durable drive
Use System.IO from .NET
Move existing apps using NTFS more easily to the cloud
Durability and survival of data on instance recycle
Drives can be up to 1TB
Mounts Page Blob over the network as an NTFS drive
Local cache on instance for read operations
All flushed and unbuffered writes to drive are made durable to the Page Blob
51. Microsoft Azure Drive Capabilities
Can’t remotely mount drive
Can upload the VHD to a Page Blob using the blob interface, and
then mount it as a Drive
Can download the VHD to a local file and mount locally
Only one instance at a time for read/write
Using read-only snapshots to multiple instances at once
52. Uploading VHD’s
• Three steps
• Create VHD (Not VHDX) locally, sysprep if OS image.
• Add-AzureVHD
• Upload VHD file to blob storage
• Add-AzureDisk
• Register VHD as disk image, available to attach to VM.
• Add-AzureVMImage
• Adds VHD containing sysprepped image to the image repository
53. Managing Storage
• Storage managed through many third party tools
• http://blogs.msdn.com/b/windowsazurestorage/archive/2014/03/1
1/windows-azure-storage-explorers-2014.aspx
• Storage explorers require the Azure storage key
54.
55. Virtual Network Features
• “Bring your own IPv4 addresses”
• Control over placement of Windows Azure Roles within the network
• Stable IPv4 addresses for VMs
• Automated provisioning & management
• Support existing on-premises VPN devices
• Enables customers to use their on-premise DNS servers for name resolution
• Enables VMs running in Windows Azure to be joined to corporate domains running
on-premise (use your on-premise Active Directory)
56. Local Network
• An IP address range which represents the IP subnets on
your local networks, used to build routing tables.
57. VPN Configuration
• Azure provides gateway and configuration script
• Run configuration script on local device
• RRAS, Cisco, or Juniper devices
• RRAS as a Powershell script.
• Connection uses L2TP with shared secret authentication
• Manage shared secret in Microsoft Azure.
61. Introducing
Windows Azure Backup
Simple and reliable server backup to the cloud
• Offsite data protection in Windows Azure
storage.
• Data is encrypted and secure.
• Efficient use of network and storage
resources.
• Enhances Microsoft backup tools with cloud
backup capabilities.
62. SQL Server Management Studio
Reliable off-site data backup
for SQL images
Easily restore databases
using VMs
Benefits
Backup and restore database
to the cloud
63. Backup datacenter data to Windows using
System Center Data Protection Manager
Backup and recover files/folders from
Windows Server 2012 SP1 / R2
Benefits
Reliable offsite data protection
Simple, familiar, integrated
Efficient backup and recovery
Easy set up
Your On-Premises Datacenter
64. 4. Back up encrypted data
2. Install agent
1. Sign up
Window Server 2012 5. Recover to the same or a different server `
How Windows Azure Backup works
65. 4. Back up encrypted data
2. Install agent
1. Sign up
5. Recover to the same or a different server
How Windows Azure Backup works
System Center
DPM Server
68. Automated tiering
SSD
Application or File
servers
SAS
Linear Data
Deduplicated Data
Deduplicated &
compressed Data
Deduplicated,
compressed, &
Encrypted Data
The oldest block in the
tier is the first to move
to the next tier
70. • Once a VM has been successfully
replicated to the replica site, replica
can be replicated to a 3rd location
• Chained Replication
• Extended Replica contents match the
original replication contents
• Extended Replica replication frequencies
can differ from original replica
• Useful for scenarios such as SMB ->
Service Provider -> Service Provider DR
Site
Replicate to 3rd Location for
Extra Level of Resiliency
72. How it works: configure
Sign up
Create a recovery plan
Site A
System Center
Virtual Machine
Manager
AD
SQL
Exch
System Center
Virtual Machine
Manager
Site B
73. How it works: create recovery plan
Hyper-V Replica
replicates virtual
machines
Health
monitoring
Create a recovery plan
Create
recovery
plan
Site A
System Center
Virtual Machine
Manager
AD
SQL
Exch
Configure
System Center
Virtual Machine
Manager
Site B
74. How it works: recover from datacenter failure
Create a recovery plan
System Center
Virtual Machine
Manager
Site B
Create
recovery
plan
Orchestrates recovery
of services in the
event of an outage
AD
SQL
Exch
Microsoft Azure
75.
76. Flexible delegation with single sign-on
Self-service visibility for application services
across on-premises, service provider, and
Windows Azure
Easy VM and workload portability from
on-premises to Windows Azure
(including SharePoint and SQL)
78. Operations Manager & Azure
System
Center
Operations
Manager
+ Management
Pack for
Windows Azure
PaaS
Monitoring is agentless,
use normal API and
diagnostics for
monitoring
(and uses certificate for
authentication)
IaaS
Treat as normal server,
including using a SCOM
agent
82. Automation
Azure automation
Integration
Integrate into existing systems
with PowerShell integration
modules
Build additional PS modules to
enable integrating into other
systems
Orchestration
Accelerate time to value
with flexible process
workflows
83. Azure Automation Capabilities
Azure
Monitoring
Systems
Change
Control
Systems
Anything
Runbook Authoring in Azure:
Create runbooks to automate all aspects of
cloud operations, from deployment, monitoring,
and optimizations
Highly Available Engine:
Support requirements for scale and H/A.
Built on PowerShell Workflow. Isolation for
runbook jobs
Integration into other systems:
Import PS modules and create additional
modules and runbooks for Azure services or to
connect into 3rd party systems
Automation
84. Azure Automation Scenarios
Patch Azure IaaS VMs without
downtime, leveraging Traffic
manager.
Enable regeneration of storage
account keys while avoiding
downtime in the application.
SQL Backup on a schedule.
Backup and restore IaaS VMs.
Deploy a VM on an Azure / On-
Premise cloud and enable
monitoring for the VM.
Deploy a new service to Azure and
configure the end points for CPU
and Memory alerts.
Deploy application from Git, run
validation tests, and swap to
production if tests pass.
Monitor SharePoint online for an
approval to update a service and
update the service once approved.
Alert on a VM then turn on
tracing, collect logs, upload to
Azure Storage and make available
in Visual Studio for
troubleshooting.
Monitor for when a new service
gets created, and configure it for
the right tracing / backup policy.
Notify users of a subscription who
have underutilized VMs and
perform remediation.
Change Control &
Provisioning
85. If you think you will do a
task twice – automate it!
86. Materiály ke stažení, virtuální laby,
zkušební verze
http://aka.ms/Azure-CZ
Denní zpravodajství a technické
informace v češtině
http://aka.ms/technetcz (pro IT odborníky)
http://aka.ms/msdncz (pro vývojáře)
Pravidelný souhrn novinek v češtině 1x
měsíčně
MSDN newsletter (pro vývojáře)
TechNet Flash (pro IT odborníky)
Záznamy z akcí, videa, screencasty,
návody
Channel9
