Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mastering the move

198 views

Published on

Next Generation Databases Event by Trivadis

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mastering the move

  1. 1. Next generation databases Mastering the move Grüezi | Willkommen | Bonjour | Welcome | Velkomst Konrad Brunner Senior Consultant
  2. 2. About me 2 7.11.2018 • Working for Trivadis since 3 years • 30 years IT experience • from Unix to Windows • from Token Ring to Ethernet • from Java to C# • from host to client-server • from local to global • from on-premises to the cloud Next generation databases
  3. 3. Next generation databases3 Keys to master the move are … 7.11.2018
  4. 4. ARM Templates are key for ... Next generation databases4 7.11.2018 … software defined data centers (SDDC) and infrastructure as code (IAC) ■ Allows you to define complete data centers as code ■ Allows you to manage the state of your data centers in source control tools ■ Allows you to manage infrastructure together with the applications ■ Enables you to revise your state ■ Allows collaboration with partners ■ Allows you to achieve IT as a service
  5. 5. Automation is key to ... Next generation databases5 7.11.2018 … separate security in your datacenter ■ Allows you to streamline authorities along test, integration and production environments ■ Scripted deployments already starting when you move from test to integration ■ Allows you to work certificate based ■ Allows you to easily scale ■ Allows you to switch between regions ■ Allows you to securely integrate new resources into your existing secure infrastructure
  6. 6. Automation is key to ... Next generation databases6 7.11.2018 … save money ■ … by streamlining the lifetime of resources ■ Some resources in Azure you can’t just stop • SQL Database ■ The automation of the deployment and undeployment allows you to stop also these once ■ …by automating and making the deployment processes faster
  7. 7. Automation and ARM templates are key for ... Next generation databases7 7.11.2018 … DevOps with integrated security ■ Allows you to automate tasks in the Continuous Integration and Continuous Delivery pipelines ■ Together with Azure DevOps Services you have a fully secure and agile platform over the entire DevOps Process ■ Everything running under one single secure identity
  8. 8. Identities are key to ... Next generation databases8 7.11.2018 … expand your existing security to the cloud ■ Seamless integration of all resources into your existing secure infrastructure ■ Azure B2B is your friend for partner identities ■ Azure B2C is your friend for customer identities
  9. 9. Network is key for ... Next generation databases9 7.11.2018 … performance and stability ■ The right bandwidth ■ VPN up to 1.2 Gbps ■ Express route up to 10 Gbps ■ The best latency ■ West Europe <25ms ■ Switzerland North <5ms ■ Secure connections to your database ■ VLANs ■ Firewalls
  10. 10. Application Management is key for... Next generation databases10 7.11.2018 … security and governance ■ Secure the access to applications ■ Supports on- and off-boarding of users ■ Single Sign On into the entire world ■ Manage application access over the company boundaries
  11. 11. KeyVault is key to … Next generation databases11 7.11.2018 … enter next level of security ■ Secure store for keys, credentials and certificates ■ BYOK ■ Allows a centralized management ■ Allow the process identity access to the key vault to get secure information at runtime ■ No need to store connection strings in code or config files any more
  12. 12. Next generation databases12 Demo 7.11.2018
  13. 13. Automation Demo Next generation databases13 7.11.2018 ■ Subscription ■ AD Application ■ Azure Active Directory ■ Certificate based service principal ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook POST https://github.com/TVDKoni/ARM-Base-Templates
  14. 14. Next generation databases14 Resource Manager and ARM templates 7.11.2018
  15. 15. Resource Manager Next generation databases7.11.201815 15
  16. 16. Azure Resource Manager provides Integration Component Application Lifecycle Containment – Deployment, update, delete and status Declarative solution for Deployment – “Config as Code” Grouping – Metering, billing, quote: applied and rolled up to the group Consistent Management Layer Access Control – Scope for RBAC permissions Next generation databases7.11.201816
  17. 17. ARM Templates can: • Ensure Idempotency • Simplify Orchestration • Simplify Roll-back • Provide Cross-Resource Configuration and Update Support ARM Templates are: • Source file, checked-in • Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets) • Parametrized input/output Instantiation of repeatable config. Configuration  Resource Group Power of Repeatability SQL - A Website Virtual Machines SQL-A Website [SQL CONFIG] VM (2x) DEPENDS ON SQLDEPENDS ON SQL SQL CONFIG 17
  18. 18. Next generation databases18 Azure Automation 7.11.2018
  19. 19. Automation key services Next generation databases19 7.11.2018 ■ Azure Active Directory ■ AD Application ■ Subscription ■ Certificate ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook ■ LogicApps ■ Desired State Configuration POST
  20. 20. Automation Account Next generation databases20 7.11.2018 Automation Account LogicApps
  21. 21. LogicApps Next generation databases21 7.11.2018
  22. 22. Security 7.11.2018 Next generation databases22
  23. 23. One Identity, on-premises and in the cloud Next generation databases23 7.11.201823
  24. 24. Microsoft Azure Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 20+ Data Centers Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 24
  25. 25. Transparency Next generation databases25 7.11.2018 ■ Security & Compliance Center ■ Service compliance reports like Azure - ISO 27001 and ISO 27018 Audit Assessment Report ■ Trust documents provided by Microsoft ■ Shared GDPR and ISO Assessments ■ Law Enforcement Requests Report → 25
  26. 26. Next generation databases26 7.11.2018 Network
  27. 27. Microsoft Azure External Connectivity Options 7.11.2018 Next generation databases27
  28. 28. Connectivity pricing 7.11.2018 Next generation databases28
  29. 29. VPN GW S2S and ExpressRoute coexistence VPN gateway allows you to have Site-to-Site (S2S) VPN connectivity to a Virtual Network that also has a gateway connected to an ExpressRoute circuit. This enables new connectivity scenarios: You can now use S2S VPN tunnel as a backup for your ExpressRoute connection. You can connect branch offices that aren’t part of your WAN to your Azure virtual networks that are also connected via ExpressRoute. You can have Point-to-Site connections to the same Virtual Network that is also connected via ExpressRoute enabling dev/test and mobile worker scenarios. 7.11.2018 Next generation databases29
  30. 30. Next generation databases30 7.11.2018 Other keys
  31. 31. Naming Convention Next generation databases31 7.11.2018 Max length hostname Max length Storage Account name Character 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Name Area D Main resources Production Environment Subscription t v d 2 0 a b a tvd20aba Resource Group t v d 2 0 a b a p r s g 0 0 1 tvd20abaprsg001 Virtual Network t v d 2 0 a b a p n g w 0 0 1 tvd20abapngw001 Virtual Machine t v d 2 0 a b a p s r v 0 0 1 tvd20abapsrv001 Storage Account t v d 2 0 a b a p s t g 0 0 1 tvd20abapstg001 Test Environment Subscription t v d 2 0 a b a t tvd20abat Resource Group t v d 2 0 a b a t r s g 0 0 1 tvd20abatrsg001 Virtual Network t v d 2 0 a b a t n g w 0 0 1 tvd20abatngw001 Virtual Machine t v d 2 0 a b a t s r v 0 0 1 tvd20abatsrv001 Dependent resources VM Public IP t v d 2 0 a b a p s r v 0 0 1 p i p tvd20abapsrv001pip VM Disk t v d 2 0 a b a p s r v 0 0 1 v h d tvd20abapsrv001vhd Vm Network Interface t v d 2 0 a b a p s r v 0 0 1 n i c tvd20abapsrv001nic VM Public IP 1 t v d 2 0 a b a p s r v 0 0 1 p i p 0 1 tvd20abapsrv001pip01 VM Public IP 2 t v d 2 0 a b a p s r v 0 0 1 p i p 0 2 tvd20abapsrv001pip02 I JHA B C E F G
  32. 32. Central Registries Keys, Certificates, Passwords and other stuff can have an expiry date Start manage these changes from the beginning – Information about – Expiry date – Change procedure Use KeyVault where ever possible 7.11.201832 Next generation databases
  33. 33. Costs 7.11.201833 Next generation databases
  34. 34. Fun is key for ... Next generation databases34 7.11.2018 … the future ■ Fun promotes innovation ■ Fun promotes productivity ■ Fun finds and holds talents ■ Why it makes fun? ■ It’s easy ■ It’s stable ■ It’s modern ■ It works from everywhere
  35. 35. Thank you Konrad Brunner Senior Consultant Tel. +41 79 960 61 49 7.11.2018 Next generation databases35

×