Windows Azure and the Hybrid Cloud

927 views

Published on

Overview of Windows Azure in a Hybrid IT environment.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
927
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
48
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • First let’s talk about the transformation that's actually happening within IT. Goal of this slideFrames the enterprise cloud computing conversation by highlighting the evolution from traditional to cloud computing models. Define industry taxonomy around IaaS and PaaS. Talking Points: If you're in the infrastructure as a service layer (IaaS), you're thinking about your datacenter as a set of pooled virtual resources (including compute, network and storage), not in terms of individual hosts or VMs. That said, you still have to manage the virtual infrastructure, operating system and the full application stack. When you're in the platform as a service layer (PaaS), you're talking about building applications which will then be delivered as a service – the platform providing all the required building blocks for your app. You don’t have to worry about the underlying infrastructure, operating systems or the application platform infrastructure. You can focus all your energies on your applications. With Windows Azure with primarily offer PaaS but are moving towards robust IaaS capabilities (more to come in this presentation with the Roadmap)A couple of data points from internal Microsoft research: 41% of our customers are using services across on premise and public clouds80% of our customers over next 3 to 5 years will use hybrid models
  • Because Windows Azure is based on the same hypervisor technology as Windows Server, we have the ability to move Virtual Machines from on premesis to the cloud and vice-versa. The mode of transport is the VHD file format – which is an open format – published by Microsoft and available under the Microsoft Open Specification Promise.
  • You are not locked in to a single provider – by using this open format, you have the flexibility and power to manage where you run your applications – and can change your mind later without fear of vendor lock-in
  • And with Windows Azure you pay only for what you use – enabling you to avoid upfront costs, and scale as your business grows.
  • NO OTHER company can match Microsoft today in our experience on running and building services. We know what it takes to do this, because we’ve been running services at Internet scale for years – from MSN in 1995, to Hotmail, Windows Live, and Bing, today. For example, we handle:9.9 billion messages a day via Windows Live Messenger600 million unique users every month on Windows Live & MSN1 Petabyte+ of updates served every month by Windows Update to millions of servers and hundreds of millions of PCs worldwide5M LiveMeeting conference minutes per yearForefront for Exchange filters 1B emails per monthTo support this and our business cloud services, we’ve made and continue to make significant investments in our datacenter infrastructure that our cloud services run on – resulting in a number of advantages: financially backed SLAs, a standard cost operating model, industry-leading modular datacenter models, a consumption-based chargeback model, and the ability to achieve global targets like a Power Usage Effectiveness (PUE) of 1.25. This is all alongside our full commitment in the engineering discipline and the operations discipline around delivering the cloud. Deeper Details on Microsoft Global Foundation Services (GFS) Infrastructure Services Operations – Microsoft Global Foundation Services (GFS) manages our global network of data centers and provides 1) Physical and Site Security 2)Critical Environments Support (Power, Water, Redundancy) and 3) Technical Support (Racks, Servers, Switches) with a focus on operational excellence to deliver lowest cost and highest service delivery globally.Data Center Innovation – GFS continues to deliver effective and efficient DC and infrastructure designs that deliver the most value to our internal customers. Today this means our IT Pre-Assembled Components (ITPACs) for our future modular data centers will provide a lower cost CAPEX per Mega Watt,  enhanced speed to market, and reduction in OPEX.  ITPACs are a game changer.Global Capacity – When choosing future datacenter sites, we take into account over 35 weighted criteria, including close proximity to an ample and stable power source and fiber optic networks, affordable pool of skilled labor, affordable energy rates, taxes, and capacity capabilities needed for our local, regional and global customers to determine the long-term viability of each site. Utility pricing – this is how GFS charges its customers by consumptions units and Consumption statementsare issued every 30 days to customers for: Compute (VM / hour), Storage  ($ per GB), Network  (traffic), Incidents (tickets)SOC/NOC – GFS manages the Microsoft Operations Center (MOC) that is a Tier 1 federated Ops center with failover in Redmond, India and California to ensure business continuity 24 x 7 x 365. The MOC is focused on delivering a comprehensive incident management and service support, with world class quality of service for 200 + property groups supporting incident management in a highly cost efficient model. They process more than 150K tickets a month supporting incidents, change management, release management and problem management. They are the first line of operational support for our cloud properties. Turnkey operations take a service from on-boarding to tooling through support. MOC supports non-windows environment. MOC uses MS Change as a primary change management tool (most universally recognized change management tool)Consumption Reporting: New Cost Model focuses on measuring and forecasting capacity utilization, cost driver transparency and accountability, and investment optimization and is aligned with ‘Improve Cost’ strategic theme. Key measurements: $/kW, $/Mbps, $/Incident, $/Server to provide transparent, accurate volume & rate insight by cost pool aligned to native cost. Standard rates by region, where applicable, provide greater predictability for BGs’ online COGSHardware Services – GFS provisions hardware via various standards programs such as containers, ITPACs and the Azure and MACH server programs.
  • NO OTHER company can match Microsoft today in our experience on running and building services. We know what it takes to do this, because we’ve been running services at Internet scale for years – from MSN in 1995, to Hotmail, Windows Live, and Bing, today. For example, we handle:9.9 billion messages a day via Windows Live Messenger600 million unique users every month on Windows Live & MSN1 Petabyte+ of updates served every month by Windows Update to millions of servers and hundreds of millions of PCs worldwide5M LiveMeeting conference minutes per yearForefront for Exchange filters 1B emails per monthTo support this and our business cloud services, we’ve made and continue to make significant investments in our datacenter infrastructure that our cloud services run on – resulting in a number of advantages: financially backed SLAs, a standard cost operating model, industry-leading modular datacenter models, a consumption-based chargeback model, and the ability to achieve global targets like a Power Usage Effectiveness (PUE) of 1.25. This is all alongside our full commitment in the engineering discipline and the operations discipline around delivering the cloud. Deeper Details on Microsoft Global Foundation Services (GFS) Infrastructure Services Operations – Microsoft Global Foundation Services (GFS) manages our global network of data centers and provides 1) Physical and Site Security 2)Critical Environments Support (Power, Water, Redundancy) and 3) Technical Support (Racks, Servers, Switches) with a focus on operational excellence to deliver lowest cost and highest service delivery globally.Data Center Innovation – GFS continues to deliver effective and efficient DC and infrastructure designs that deliver the most value to our internal customers. Today this means our IT Pre-Assembled Components (ITPACs) for our future modular data centers will provide a lower cost CAPEX per Mega Watt,  enhanced speed to market, and reduction in OPEX.  ITPACs are a game changer.Global Capacity – When choosing future datacenter sites, we take into account over 35 weighted criteria, including close proximity to an ample and stable power source and fiber optic networks, affordable pool of skilled labor, affordable energy rates, taxes, and capacity capabilities needed for our local, regional and global customers to determine the long-term viability of each site. Utility pricing – this is how GFS charges its customers by consumptions units and Consumption statementsare issued every 30 days to customers for: Compute (VM / hour), Storage  ($ per GB), Network  (traffic), Incidents (tickets)SOC/NOC – GFS manages the Microsoft Operations Center (MOC) that is a Tier 1 federated Ops center with failover in Redmond, India and California to ensure business continuity 24 x 7 x 365. The MOC is focused on delivering a comprehensive incident management and service support, with world class quality of service for 200 + property groups supporting incident management in a highly cost efficient model. They process more than 150K tickets a month supporting incidents, change management, release management and problem management. They are the first line of operational support for our cloud properties. Turnkey operations take a service from on-boarding to tooling through support. MOC supports non-windows environment. MOC uses MS Change as a primary change management tool (most universally recognized change management tool)Consumption Reporting: New Cost Model focuses on measuring and forecasting capacity utilization, cost driver transparency and accountability, and investment optimization and is aligned with ‘Improve Cost’ strategic theme. Key measurements: $/kW, $/Mbps, $/Incident, $/Server to provide transparent, accurate volume & rate insight by cost pool aligned to native cost. Standard rates by region, where applicable, provide greater predictability for BGs’ online COGSHardware Services – GFS provisions hardware via various standards programs such as containers, ITPACs and the Azure and MACH server programs.
  • Windows Azure runs in datacenters around the world, enabling you to deploy and run your applications and infrastructure near your customers.In addition to our 8 data centers, we have 26 CDN nodes allowing you to cache content in close geographic proximity to your users to minimize latency and improve application performance
  • NO OTHER company can match Microsoft today in our experience on running and building services. We know what it takes to do this, because we’ve been running services at Internet scale for years – from MSN in 1995, to Hotmail, Windows Live, and Bing, today. For example, we handle:9.9 billion messages a day via Windows Live Messenger600 million unique users every month on Windows Live & MSN1 Petabyte+ of updates served every month by Windows Update to millions of servers and hundreds of millions of PCs worldwide5M LiveMeeting conference minutes per yearForefront for Exchange filters 1B emails per monthTo support this and our business cloud services, we’ve made and continue to make significant investments in our datacenter infrastructure that our cloud services run on – resulting in a number of advantages: financially backed SLAs, a standard cost operating model, industry-leading modular datacenter models, a consumption-based chargeback model, and the ability to achieve global targets like a Power Usage Effectiveness (PUE) of 1.25. This is all alongside our full commitment in the engineering discipline and the operations discipline around delivering the cloud. Deeper Details on Microsoft Global Foundation Services (GFS) Infrastructure Services Operations – Microsoft Global Foundation Services (GFS) manages our global network of data centers and provides 1) Physical and Site Security 2)Critical Environments Support (Power, Water, Redundancy) and 3) Technical Support (Racks, Servers, Switches) with a focus on operational excellence to deliver lowest cost and highest service delivery globally.Data Center Innovation – GFS continues to deliver effective and efficient DC and infrastructure designs that deliver the most value to our internal customers. Today this means our IT Pre-Assembled Components (ITPACs) for our future modular data centers will provide a lower cost CAPEX per Mega Watt,  enhanced speed to market, and reduction in OPEX.  ITPACs are a game changer.Global Capacity – When choosing future datacenter sites, we take into account over 35 weighted criteria, including close proximity to an ample and stable power source and fiber optic networks, affordable pool of skilled labor, affordable energy rates, taxes, and capacity capabilities needed for our local, regional and global customers to determine the long-term viability of each site. Utility pricing – this is how GFS charges its customers by consumptions units and Consumption statementsare issued every 30 days to customers for: Compute (VM / hour), Storage  ($ per GB), Network  (traffic), Incidents (tickets)SOC/NOC – GFS manages the Microsoft Operations Center (MOC) that is a Tier 1 federated Ops center with failover in Redmond, India and California to ensure business continuity 24 x 7 x 365. The MOC is focused on delivering a comprehensive incident management and service support, with world class quality of service for 200 + property groups supporting incident management in a highly cost efficient model. They process more than 150K tickets a month supporting incidents, change management, release management and problem management. They are the first line of operational support for our cloud properties. Turnkey operations take a service from on-boarding to tooling through support. MOC supports non-windows environment. MOC uses MS Change as a primary change management tool (most universally recognized change management tool)Consumption Reporting: New Cost Model focuses on measuring and forecasting capacity utilization, cost driver transparency and accountability, and investment optimization and is aligned with ‘Improve Cost’ strategic theme. Key measurements: $/kW, $/Mbps, $/Incident, $/Server to provide transparent, accurate volume & rate insight by cost pool aligned to native cost. Standard rates by region, where applicable, provide greater predictability for BGs’ online COGSHardware Services – GFS provisions hardware via various standards programs such as containers, ITPACs and the Azure and MACH server programs.
  • NO OTHER company can match Microsoft today in our experience on running and building services. We know what it takes to do this, because we’ve been running services at Internet scale for years – from MSN in 1995, to Hotmail, Windows Live, and Bing, today. For example, we handle:9.9 billion messages a day via Windows Live Messenger600 million unique users every month on Windows Live & MSN1 Petabyte+ of updates served every month by Windows Update to millions of servers and hundreds of millions of PCs worldwide5M LiveMeeting conference minutes per yearForefront for Exchange filters 1B emails per monthTo support this and our business cloud services, we’ve made and continue to make significant investments in our datacenter infrastructure that our cloud services run on – resulting in a number of advantages: financially backed SLAs, a standard cost operating model, industry-leading modular datacenter models, a consumption-based chargeback model, and the ability to achieve global targets like a Power Usage Effectiveness (PUE) of 1.25. This is all alongside our full commitment in the engineering discipline and the operations discipline around delivering the cloud. Deeper Details on Microsoft Global Foundation Services (GFS) Infrastructure Services Operations – Microsoft Global Foundation Services (GFS) manages our global network of data centers and provides 1) Physical and Site Security 2)Critical Environments Support (Power, Water, Redundancy) and 3) Technical Support (Racks, Servers, Switches) with a focus on operational excellence to deliver lowest cost and highest service delivery globally.Data Center Innovation – GFS continues to deliver effective and efficient DC and infrastructure designs that deliver the most value to our internal customers. Today this means our IT Pre-Assembled Components (ITPACs) for our future modular data centers will provide a lower cost CAPEX per Mega Watt,  enhanced speed to market, and reduction in OPEX.  ITPACs are a game changer.Global Capacity – When choosing future datacenter sites, we take into account over 35 weighted criteria, including close proximity to an ample and stable power source and fiber optic networks, affordable pool of skilled labor, affordable energy rates, taxes, and capacity capabilities needed for our local, regional and global customers to determine the long-term viability of each site. Utility pricing – this is how GFS charges its customers by consumptions units and Consumption statementsare issued every 30 days to customers for: Compute (VM / hour), Storage  ($ per GB), Network  (traffic), Incidents (tickets)SOC/NOC – GFS manages the Microsoft Operations Center (MOC) that is a Tier 1 federated Ops center with failover in Redmond, India and California to ensure business continuity 24 x 7 x 365. The MOC is focused on delivering a comprehensive incident management and service support, with world class quality of service for 200 + property groups supporting incident management in a highly cost efficient model. They process more than 150K tickets a month supporting incidents, change management, release management and problem management. They are the first line of operational support for our cloud properties. Turnkey operations take a service from on-boarding to tooling through support. MOC supports non-windows environment. MOC uses MS Change as a primary change management tool (most universally recognized change management tool)Consumption Reporting: New Cost Model focuses on measuring and forecasting capacity utilization, cost driver transparency and accountability, and investment optimization and is aligned with ‘Improve Cost’ strategic theme. Key measurements: $/kW, $/Mbps, $/Incident, $/Server to provide transparent, accurate volume & rate insight by cost pool aligned to native cost. Standard rates by region, where applicable, provide greater predictability for BGs’ online COGSHardware Services – GFS provisions hardware via various standards programs such as containers, ITPACs and the Azure and MACH server programs.
  • Windows Azure Core Services:Cloud Services (includes Web, Worker, and VM roles)Storage (includes Blobs, Queues, and Tables)Networking (includes Traffic Manager, Connect, and Virtual Network)Virtual MachinesIncluded in the above are our service management features and the management portal, as well as the information management systems used to monitor, operate, and update these services.The process for requesting SSAE 16 reports has been updated to cover several business groups.  You can learn the process and request that report be sent to your customer from the following page:https://spsites.microsoft.com/sites/sas70distro/SitePages/Home.aspx
  • Live URL: http://www.windowsazure.com/en-us/support/trust-center/
  • Our customers are trying to drive greater IT efficiency and on the other hand balance this with driving greater business value. To add complexity to the challenges is the need to also ensure compliance to industry and corporate regulations. These challenges vary by the application type and the sensitivity of data. An example, if the key pain points for your next application was time to solution and limited budget to get the application up and running, this could lead you to look at the Public Cloud as a delivery model for that application; on the other hand if you added to the pain point list that the application is primarily touching sensitive data that is governed by industry regulations that require that data to stay within your datacenter, it could lead you to look at a on premise Private Cloud deployment option.
  • Given the enterprise challenges we just discussed, the reality is that many of our customers actually see a Hybrid IT environment today and in their near future, where they will choose keep some application in a traditional non-virtualized environment, some applications in a Private Cloud and some in a Public off-premises cloud. If you have virtualized, you have taken the first key step in build a private cloud in your datacenter, but you can do more to drive out OPEX:- build in elasticity, self-service and go to a usage based consumption model within your on-premises data centerA private cloud is simply trying to bring the characteristics that have existed in the Public Cloud for some time into a customer on premises data center to improve IT efficiency and reduce costs.With these on premise and off premise deployment environments, a new application scenario is created called a Hybrid Application. This is an application that has a portion of the application and data living on premises with some functionality and data living off premises in a public cloud. This is often used for applications that may have bursting demand scenarios or in some cases customers looking to share some functionality and data with their suppliers and partners in a cost effective manner. We will take a look at a Hybrid Application case study later in the presentation.
  • Microsoft is unique in that we offer solutions that span both the public and private clouds with Windows Server and Windows Azure – our goal is to provide a common set of infrastructure including identity, virtualization, management, and developer tools and symmetry between public and private clouds IdentityEvery organization needs to manage identity inside their business and wants to enable seamless and secure access across both private and public cloud resources.  Windows Azure Active Directory enables you to easily leverage your existing AD investments and configuration inside Windows Azure for a single sign-on experience.  In addition, Windows Azure AD supports brokering “consumer” identity for your application by simplifying how you work with identity providers like Facebook, LinkedIn and  Windows Live ID.VirtualizationWindows Azure has introduced a complete Infrastructure as a Service (IaaS) solution which enables portability of on-premise virtual machines to the cloud.  Now IT professionals can easily migrate virtualized servers from on-premises to and run it inside Windows Azure.ManagementIT Managers now must deal with an even more complex environment as there applications and VM’s can span across both their datacenters and Windows Azure.  With System Center you can have a “single pane of glass” view that enables the management, operations, and monitoring of your servers AND applications across both the public and private cloud in one familiar interface.DevelopmentIn addition to identity, virtualization and management Microsoft provides a common development experience across the public and private cloud including our flagship Visual Studio and .NET platform but also support for Java with Eclipse, and other open source languages. 
  • To enable cross premises connectivity for Hybrid IT Windows Azure provides Windows Azure Connect: Granular control over connectivity – “machine to machine”.Best for simple, scoped connectivityEasy agent-based installation, set up within minutesWorks through firewallSite to site with Virtual Networks Virtual Network allows enterprises to securely extend their on-premise networks into Windows Azure with complete control over network topology.Provides control, set up and configuration similar to traditional VPNAllows to bring your IP addresses, DNS etc. to the CloudCurrently, the IPSec tunnel is through internetScalable “Site to site” connectivityApplication layer connectivity with ‘Messaging’ complete message based infrastructure supporting multiple messaging patterns to connect applications and systems in real-time between Windows Azure and on-premise systems. Messaging provides out-of-the-box support for various messaging patterns that enable to easily connect applicationsData Synchronization using SQL Data Sync enables easy migration, export and ongoing synchronization of on-premises SQL Server databases with Windows Azure databases.
  • Once you have configured
  • Traffic Manager allows you to load balance incoming traffic across multiple hosted Windows Azure services whether they’re running in the same datacenter or across different datacenters around the world. By effectively managing traffic, you can ensure high performance, availability and resiliency of your applications.- Highly available applicationsTraffic Manager enables you to improve the availability of your critical applications by monitoring your hosted services in Windows Azure and providing automatic failover capabilities when a service goes down.- Responsive applicationsWindows Azure allows you to run services in datacenters located globally. By serving end users with the hosted service that is “closest” to them in terms of network latency, Traffic Manager can help you the responsiveness of your applications and content delivery times.- Set up within minutesOnce your services are hosted in a production environment, Traffic Manager policies can be set up within minutes. This simplifies the task of building highly-reliable and scalable applications.- Load balancing methodsTraffic Manager provides you a choice of three load balancing methods: performance, failover, or round robin. You can decide how you want to optimize your application based on these methods.Windows Azure Traffic Manager is currently in Community Technology Preview (CTP) and available at no charge.
  • Microsoft Online Backup Service Agent is a new feature for Windows Server 2012 that you can download and install to schedule file and folder backups from your server to Microsoft Online Backup Service which is a cloud-based storage service managed by Microsoft. To transfer data between servers running Windows Server 2012 and Microsoft Online Backup Service you can use either the Microsoft Online Backup Service Agent or the Online Backup cmdlets for Windows PowerShell.Key benefitsRecover data in case of disasters (server destroyed/stolen, disk crash)Recover data in case of data loss scenarios such as data accidentally deleted, volume deleted, virusesTarget Segments: Small Business: Low-cost backup & recovery solution for single server backups.Departmental Backups: Low-cost backup alternative for departments in mid to large sized organizationsRemote office backup and recovery consolidation: Consolidate backups of remote offices.Features:Block level incremental backups. The Microsoft Online Backup Agent performs incremental backups by tracking file and block level changes and only transferring the changed blocks, hence reducing the storage and bandwidth utilization. Different point-in-time versions of the backups use storage efficiently by only storing the changes blocks between these versions.Data compression, encryption and throttling. The Microsoft Online Backup Agent ensures that data is compressed and encrypted on the server before being sent to the Microsoft Online Backup Service over the network. As a result, the Microsoft Online Backup Service only stores encrypted data in the cloud storage. The encryption passphrase is not available to the Microsoft Online Backup Service, and as a result the data is never decrypted in the service. Also, users can setup throttling and configure how the Microsoft Online Backup service utilizes the network bandwidth when backing up or restoring information.Data integrity is verified in the cloud. In addition to the secure backups, the backed up data is also automatically checked for integrity once the backup is done. As a result, any corruptions which may arise due to data transfer can be easily identified and they are fixed in next backup automatically.Configurable retention policies for storing data in the cloud. The Microsoft Online Backup Service accepts and implements retention policies to recycle backups that exceed the desired retention range, thereby meeting business policies and managing backup costs.The following tasks make up the major workflows when using Microsoft Online Backup Service. Sign up for the Microsoft Online Backup Service and install the Microsoft Online Backup Service Agent Register servers with the Microsoft Online Backup Service Schedule backups using the Microsoft Online Backup Service Agent Recover files and folders using the Microsoft Online Backup Service Agent Manage the Microsoft Online Backup Service Troubleshoot Microsoft Online Backup Service Administer the Microsoft Online Backup Service with Windows PowerShellIn other words; simply sign up, install, register, schedule backup and you are all done with addressing your backup requirements.The big thing to remember here is that, Online Backup reduces administrative overhead associated with backup and recovery procedures and eliminates the need to maintain a backup infrastructure so Online Backup doesn’t just save you time, it saves money too.(may need to note that Online Backup will begin as an “invitation only” beta at the time of Windows Server 2012 release.)
  • Special note must be made in Columbus and Washington DC that the IT Pro and Developer tracks will end at 4PM in observance of Yom Kippur.
  • Special note must be made in Columbus and Washington DC that the IT Pro and Developer tracks will end at 4PM in observance of Yom Kippur.
  • Goal of the slideEstablish the need for a common application management solution in hybrid environments.Talking points <Click> We constantly hear a lot of youare investing in a mix of traditional,private, and public cloud application deployments.You can quote Microsoft internal customer research data to substantiate:41%* of Microsoft customers use services across on-premises and public clouds80%* of Microsoft customers will use hybrid models over the next 3 to 5 years<Click> We can expect modern or cloud-native applications will get written for private and public cloud. Additionally, existing applications will be refactored or repackaged (for example using SAV) for private and public deployments. Customers are also looking for application portability (with minimal rewriting) across clouds for scenarios like “cloud bursting” or global scale. We’re also seeing the emergence of applications that span across clouds—for example, front end on Windows Azure and back end on-premises to get the twin benefits of cloud scale and security.Through all these scenarios, customers are looking for a common application management experience across their hybrid environments. In practical terms, this means they’re looking for a single toolset that works across physical, virtual, and cloud environments so you can manage your applications consistently irrespective of where they run—think commonality in how you provision, monitor, and ensure compliance.Microsoft is committed to supporting you in your application portfolio optimization journey through our current and roadmap investments in System Center and the Windows Azure platform.We will now look at a couple of compelling capabilities that we’re delivering in System Center 2012 to support your immediate needs.
  • Timing: 3 minutesKey Points:Windows Azure adheres to Microsoft Security Development Life Cycle, has security in place across all layers of defense-in-depth, and provides the key compliance capabilities you need.Talk Track: Defense in DepthAt the physical layer, Windows Azure servers are stored in the datacenters run by Global Foundation Services which utilize best practices and industry standards as we’ve previously discussed in more detail, such as video surveillance and access controlAt the network layer, Microsoft deploys VLANs and packet filters to segregate network access between customers, management systems, and the Internet, ensuring there is no way for traffic to talk to any undesired hosts.At the host layer, the Windows Azure virtual machines run a customized, hardened, and fully patched version of the latest Windows Server.  Machine boundaries are enforced by the hypervisor which doesn’t depend on the operating system security.At the application layer, Windows Azure provides options to run their code with lower-levels of trust and under lower-privilege user accounts.At the data layer, access to data is controlled using strong storage access keys controlled by the customer, communication to the data can be secured using SSL, and the data itself can be encrypted inside of storage.At the user layer, Windows Azure provides robust account management services with training, awareness, and screening. Windows Azure also offers the Access Control Services, an open an interoperable access control service that can be configured to authenticate using existing identity information.ComplianceWindows Azure Safe Harbor and ISO 27001 certifications are complete. SSAE 16 audit will be complete by mid CY2012.  Additional compliance programs are in planning stages, including FISMA, EU Data Privacy Directive, PCI DSS, and HIPAA BAA.ISO 27001Broad international information security standard.Acts as security baseline from which we assess gaps for other compliance programs (e.g., EU Model Clauses, HIPAA BAA, etc.)Gets our compliance team building a rigorous security compliance framework that can then be expanded upon – documentation and process heavy with some relatively easy technical gaps to close.The ISO/IEC 27001:2005 certificate validates that Microsoft has implemented the internationally recognized information security controls defined in this standard.Certification for Windows Azure core services scope covers Compute, Storage, Virtual Network, Virtual Machine services. The rest of the features are not covered, e.g., SQL Azure, Service Bus, Access Control, Caching, CDN. SSAE 16Successor to SAS 70 attestations.This is a US accounting standard for how an audit should be done to prove that we’re doing what we say we’re doing and that it achieves the desired results.US companies tend to ask for this more frequently than others, but there is nothing about it that limits its utility to US companiesIllustrates Microsoft’s willingness to open up internal security programs to outside scrutiny. Need to wait 6 months for controls to be in place, at which point the third party auditor decides on a set of controls to pursue and auditSSAE controls are mapped to ISO but wording is very differentAudit will start in Jan 2012, and it takes 6 weeks to produce the reportEstimated completion is Jul or Aug 2012 
  • Windows Azure Core Services:Compute (includes Web, Worker, and VM roles)Storage (includes Blobs, Queues, and Tables)Virtual Network (includes Traffic Manager and Connect)Included in the above are our service management features and the management portal, as well as the information management systems used to monitor, operate, and update these services.EU-US Safe Harbor FrameworkMicrosoft (including, for this purpose, all of our U.S. subsidiaries) is Safe Harbor certified with the U.S. Department of Commerce.This allows for legal transfer of data to Microsoft for processing from within European Union and countries with aligned data protection laws. Microsoft acts as the data processor and, to the extent of the Service’s capabilities, decisions regarding data usage are made by the data controller.ISO 27001Received ISO/IEC 27001:2005 certificate from BSI on 11/29/2011 for Windows Azure Core ServicesBroad international information security standard. Acts as security baseline.Ability to clearly demonstrate that we have achieved a baseline certification.Gets our compliance team building a rigorous security compliance framework that can then be expanded upon – documentation and process heavy with some technical gaps to close.The ISO/IEC 27001:2005 certificate validates that Microsoft has implemented the internationally recognized information security controls defined in this standard.SSAE 16Successor to SAS 70 attestations.An accounting standard that is relied upon as the authoritative guidance for reporting on service organizations.It illustrates Microsoft’s willingness to open up internal security programs to outside scrutiny.The end result is auditor’s report on the effectiveness and suitability of selected controls to achieve desired control objectives during the period under review. Detailed SSAE 16 report can then be shared with customers under NDA.We are currently working with Deloitte to define a set of controls that will be monitored in H2. We expect to have the audit report available for Windows Azure core services by mid CY2012.EU Data Protection DirectiveLaw that sets a baseline for handling Personally Identifiable Information (PII) in the EUUS standards meet EU requirements through US Safe HarborMicrosoft self-attests compliance under the US Safe Harbor framework, which lets us transfer EU PII outside EU, and even allows the “onward-transfer” from the US to another countryHowever, EU regulators and customers increasingly consider the Safe Harbor to be inadequate and are asking for EU Model Contractual Clauses, which we don’t currently sign. Having completed ISO 27001 for WA Core Services, we expect to be able to sign EU Model Clauses for WA Core Services in Q1 CY2012.Geolocation of Data  Clarifies that we don’t transfer EU data outside of EU data centers except in extraordinary circumstancesCustomers may specify the geographic region(s) of the Microsoft datacenters in which Customer Data will be stored.  For data redundancy or other purposes, Microsoft may move Customer Data within a major geographic region (for example, between West Europe and North Europe), but Microsoft will not move Customer Data outside the major geographic region(s) customer specifies (for example, from Europe to US or from US to Asia) except where the customer configures the account to enable this (for example, through use of the Content Delivery Network feature). Microsoft may, however, access Customer Data from outside such region(s) where necessary for Microsoft to provide customer support, to troubleshoot the service, or to comply with legal requirements.  Such transfers will be done pursuant to EU-US Safe Harbor Framework.Microsoft does not control or limit the regions from which customers or their end users may access Customer Data.Health Insurance Portability and Accountability Act (HIPAA)Specifies privacy, security, and disaster recovery guidelines for electronic storage of health records. No platform can be HIPAA compliant; what is needed, though, is Business Associate Agreement (BAA) that enables third parties to build HIPAA compliant applications on Windows Azure. We need to sign a BAA with the Covered Entity if Protected Health Information (PHI) they are responsible for is to be stored, processed or otherwise accessed by AzureSubstantial overlap with ISO controls, i.e., HIPAA program will benefit substantially from ISO workGap analysis nearly complete, expected to offer BAA in Q2 CY2012Microsoft has significant investments in HealthVault and Amalga – HIPAA is one of the biggest industry-specific opportunities to unblock. Portions of HealthVault run on Azure today (not the entire solution, though).Payment Card Industry Data Security StandardRequires annual review and validation of security controls related to credit card transactions. There is an audited service provider certification that we need to get in order to store, process or otherwise access credit card informationCredit card info cannot be stored or processed on Azure. We can process our customers’ credit cards because that’s done on a separate PCI-compliant back-end separate from Azure.Many third parties can handle payment processing for Azure apps using off platform payment processors. However, this approach complicates the app and typically degrades the end user experience so our customers want on-platform processing.The latest standard (2.0) supports fully virtualization and multi-tenancy.Some work to be completed as part of ISO/SSAE first. Figure out the delta relative to ISO/SSAE first.FISMAFederal Information Security Management Act of 2002 (FISMA) is a U.S. federal law that defines a comprehensive framework to protect government information, operations, and assets against natural and man-made threatsRequired by law for U.S. federal agencies, and looked on favorably by other government agenciesThe law gives National Institute of Standards and Technology (NIST) authority to establish standards that are not product and technology specificVery strong security standardWe are committed to obtaining FISMA Moderate Authorization to Operate (ATO)Sponsoring agency General Services Administration (GSA)Build on top of ISO/SSAE work, and remediate controls where needed to much stricter FISMA standardsEngineering gap analysis completedTimeline to be established once engineering plan is in place
  • I want to drill in a little bit about how we actually do the Windows Azure subscription management with System center. So let’s start. We have on-premise, where we have an App Controller instance and then we have two subscriptions in Windows Azure in this example. Now anyone who’s used Windows Azure knows that each subscription is tied to a Live ID. Which means that you logged into the Live platform in order to manage these applications. So what we do with App Controller is take away the complexity of doing that.And the way we do this is that Windows Azure has the ability to be managed through an API using certificates. And basically what happens is we store a copy of the private key in the App Controller database on-premise, you have the public key, loaded into the Windows Azure subscription and then App Controller can perform all the different tasks on multiple Azure subscriptions through the API model using certificate authentication.What this allows us to do is to have a single view of multiple Windows Azure subscriptions, and it also means we can delegate access to those subscriptions. So, in the picture we have at the bottom of screenshots, we have development and testing, production and staging. And then on the right-hand side we have a group which is delegating out to only access the Azure production subscription.So me as a user if I were under this construct, if I logged onto App Controller, I would only be able to see the applications running in the production subscription and I would not see the Developing and testing or staging subscription. So you can get very granular into which active directory user or group has access to which Windows Azure subscription.
  • <NEED NEW DIAGRAM VIEW GRAPHIC ONLY>let’s take a look at how we do this with Windows Azure applications. We’re going to start with the On-Premise Operations Manager over here which is doing all the performance data, event, logs, and so forth and what happens is you do the certificate connection out to the Windows Azure applications as we did with App Controller. What this does is that it reads all of application worker roles and structures and then writes all of that information out to the table storage inside Windows Azure which is then read by the operations data and grooming. So what we have here is Operations Manager on the left hand side reading all of the structure in a dynamic fashion in the management pack of the Windows Azure application and then getting all of the performance data, events, logs and so forth, back through table storage mechanism. What this means is that we get the Operations Manager console diagram view can now cover both on-premise information as well as the Windows Azure application roles that are out there and what their current performance status is.
  • Let’s look at how we manage application across multiple clouds with system center. This is a conversation that comes up a lot where our customers have some on-premise application and maybe they’re looking at Windows Azure applications and they need to understand, “Well how do I actually do this?” And this is how we do it. We have the two constructs here. We have private cloud on the left hand side, which is a Virtual Machine Manager cloud. And we have multiple hypervisors , we support Hyper-V, VMware and Xen Server. And then we have a service template model that sits on top of that to deliver our applications.On the right hand side we have Windows Azure, which has a package and configuration model, and we want to able to do is deploy, monitor and manage your applications , regardless of where they are running. The way we can do this is with App Controller. And App Controller enables us to manage both on the left hand side, a virtual machine manager service, and on the right hand side either Windows Azure application from within a single console. We can see information on what’s running, we can see how many instances are running, and so forth and we can also see go through and perform actions against these services as well deploy new application on both the private cloud and public cloud.
  • Unique capabilities and expertise. The SAT found that working with Microsoft Services provided the organization with an impressive level of expertise and dedication. “The difference between Microsoft and the rest of the competition was the speed with which the Microsoft Services consultants were able to implement the solution, the cost, the commitment, and their knowledge of our business,” says Villanueva.Strong collaboration. The organization believes that its close relationship with Microsoft Services will result in not just success for the electronic billing project but also for its long-term health. “We’ve been looking for a partner who is as concerned as we are about delivering high-quality services to our taxpayers,” says Villanueva. “That is why we decided to team up with Microsoft Services, whose consultants make us confident that we can overcome future challenges.”Reduced costs. The SAT saved money by choosing Windows Azure and by partnering with Microsoft Services. “Without a doubt, our Windows Azure solution is up to 30 times cheaper than what we’d originally planned,” says Obregon. “Plus, it worked correctly the first time, due to help from Microsoft Services, and it’s cloud-based, so we only pay for what we use, rather than provisioning an entire data center.”Flexibility and scalability. Because of its use of Windows Azure, the SAT now has a stable, supported service that can grow as the organization’s needs change over time. “We avoided implementing an enormous infrastructure, and now we can just focus on managing our on-premises services because Microsoft handles everything else in the cloud,” says YessicaMondragón, Project Manager Director at SAT.
  • Quickly create elastic applications on fully managed platform with existing skills.Key platform capabilities:150GB size and competitive pricing Build, extend or migrate applications across environments using the tools you choose. High level of interoperability and connectivity.Flexible across on-premises and cloud. Built on standard relational principles and practices.Key platform capabilities:Works with .NET, Java, PHP, Ruby on Rails and Node.jsSQL Azure Data Sync SQL Azure spatial data support Key platform capabilities:SQL Azure Federation 99.9% monthly SLA and built-in high availability SQL Azure Reporting
  • Slide ObjectivesUnderstand TablesSpeaker NotesThe Table service provides structured storage in the form of tables. Fault- Tolerance Windows Azure Blobs, Tables and Queues stored on Windows Azure are replicated three times in the same data center for resiliency against hardware failure. Geo RedundantWindows Azure Blobs and Tables are also geo-replicated between two data centers 100s of miles apart from each other on the same continent, to provide additional data durability in the case of a major disaster. For non- critical data, you have a choice of switching off Geo replicationLocally Redundant StorageCustomers can store non critical data at a reduced cost and lower levels of durability by turning off the default settings for Geo Redundancy in their storage accounts. When Geo Redundancy is turned off, Windows Azure storage still provides durability at the same levels as three replicas, providing resiliency against hardware failure. ScalableWindows Azure Storage is a scalable storage service in the cloud which can auto scale to meet massive volume of up to 100 tabService Level AgreementsWindows Azure Storage is a managed service and has a 99.9% monthly SLA.ISO CertificationWindows Azure storage has achieved ISO 27001 certificationSecurityWindows Azure Storage provides simple security for calls to storage service via HTTPS endpoint and digitally sign requests for privileged operations. More granular security is provided via Shared Access Signatures
  • Slide ObjectivesUnderstand the hierarchy of Blob storageSpeaker NotesThe Blob service provides storage for entities, such as binary files and text files. The REST API for the Blob service exposes two resources: Containers Blobs. A container is a set of blobs; every blob must belong to a container. The Blob service defines two types of blobs:Block blobs, which are optimized for streaming. Page blobs, which are optimized for random read/write operations and which provide the ability to write to a range of bytes in a blob. Blobs can be read by calling the Get Blob operation. A client may read the entire blob, or an arbitrary range of bytes. Block blobs less than or equal to 64 MB in size can be uploaded by calling the Put Blob operation. Block blobs larger than 64 MB must be uploaded as a set of blocks, each of which must be less than or equal to 4 MB in size. Page blobs are created and initialized with a maximum size with a call to Put Blob. To write content to a page blob, you call the Put Page operation. The maximum size currently supported for a page blob is 1 TB.Noteshttp://msdn.microsoft.com/en-us/library/dd573356.aspxUsing the REST API for the Blob service, developers can create a hierarchical namespace similar to a file system. Blob names may encode a hierarchy by using a configurable path separator. For example, the blob names MyGroup/MyBlob1 and MyGroup/MyBlob2 imply a virtual level of organization for blobs. The enumeration operation for blobs supports traversing the virtual hierarchy in a manner similar to that of a file system, so that you can return a set of blobs that are organized beneath a group. For example, you can enumerate all blobs organized under MyGroup/.
  • Slide Objectives:Explain the differences and relationship between IaaS, PaaS, and SaaS in more detail.Speaking Points:Here’s another way to look at the cloud services taxonomy and how this taxonomy maps to the components in an IT infrastructure. Packaged SoftwareWith packaged software a customer would be responsible for managing the entire stack – ranging from the network connectivity to the applications. IaaSWith Infrastructure as a Service, the lower levels of the stack are managed by a vendor. Some of these components can be provided by traditional hosters – in fact most of them have moved to having a virtualized offering. Very few actually provide an OSThe customer is still responsible for managing the OS through the Applications. For the developer, an obvious benefit with IaaS is that it frees the developer from many concerns when provisioning physical or virtual machines. This was one of the earliest and primary use cases for Amazon Web Services Elastic Cloud Compute (EC2). Developers were able to readily provision virtual machines (AMIs) on EC2, develop and test solutions and, often, run the results ‘in production’. The only requirement was a credit card to pay for the services.PaaSWith Platform as a Service, everything from the network connectivity through the runtime is provided and managed by the platform vendor. The Windows Azure best fits in this category today. In fact because we don’t provide access to the underlying virtualization or operating system today, we’re often referred to as not providing IaaS.PaaS offerings further reduce the developer burden by additionally supporting the platform runtime and related application services. With PaaS, the developer can, almost immediately, begin creating the business logic for an application. Potentially, the increases in productivity are considerable and, because the hardware and operational aspects of the cloud platform are also managed by the cloud platform provider, applications can quickly be taken from an idea to reality very quickly.SaaSFinally, with SaaS, a vendor provides the application and abstracts you from all of the underlying components.
  • Building a VM in the cloud Instantly run your existing applications in the cloud using Windows Azure Virtual Machines. Virtual Machines allow you to easily move your applications and infrastructure to the cloud without requiring any changes to the existing code. You can bring your own Windows Server or Linux images or select from a gallery. Regardless of your choice, you retain full control to configure and maintain the image. Windows Azure Virtual Machines are great for:Application mobilityVirtual Machines give you application mobility, allowing you to move your virtual hard drives (VHDs) back and forth between on-premises and the cloud.Running popular Microsoft server applicationsVirtual Machines help you run the same on-premises enterprise applications and infrastructure in the cloud, with support for many popular Microsoft server applications such as Microsoft SQL Server, Active Directory and Microsoft SharePoint Server. Future gallery images will support applications such as SQL Server pre-installed on Windows Server for your usage.Integrate with Other Windows Azure ServicesVirtual machines can be used in coordination with all of the services provided by Windows Azure. Common scenarios would be to use Windows Azure Virtual Network to connect Virtual Machines to your on-premises data center or include a Virtual Machine in the design of your application that includes web and worker roles.You have three methods of starting this process: Build a VM from the portal, from the command line OR programmatically calling the REST API. Once your choice of provisioning is made you will need to select the image and instance size to start from. The newly created disk will be stored in blob storage and your machine will boot.
  • a place for your application code to run…Web role is simply a Virtual Machine with IIS pre-configuredWorker role is for non-web based processing code, back-end business processesYou can actually connect to your web/worker roles – they are just VM’sYou package your code/artifacts and Windows Azure bootstraps a VM, installs the code and starts up the VM for you. Load balances multiple instancesVM Role is a blank template – you install any software you needAll these roles are stateless (VM Role will become state full in next release)
  • NO OTHER company can match Microsoft today in our experience on running and building services. We know what it takes to do this, because we’ve been running services at Internet scale for years – from MSN in 1995, to Hotmail, Windows Live, and Bing, today. For example, we handle:9.9 billion messages a day via Windows Live Messenger600 million unique users every month on Windows Live & MSN1 Petabyte+ of updates served every month by Windows Update to millions of servers and hundreds of millions of PCs worldwide5M LiveMeeting conference minutes per yearForefront for Exchange filters 1B emails per monthTo support this and our business cloud services, we’ve made and continue to make significant investments in our datacenter infrastructure that our cloud services run on – resulting in a number of advantages: financially backed SLAs, a standard cost operating model, industry-leading modular datacenter models, a consumption-based chargeback model, and the ability to achieve global targets like a Power Usage Effectiveness (PUE) of 1.25. This is all alongside our full commitment in the engineering discipline and the operations discipline around delivering the cloud. Deeper Details on Microsoft Global Foundation Services (GFS) Infrastructure Services Operations – Microsoft Global Foundation Services (GFS) manages our global network of data centers and provides 1) Physical and Site Security 2)Critical Environments Support (Power, Water, Redundancy) and 3) Technical Support (Racks, Servers, Switches) with a focus on operational excellence to deliver lowest cost and highest service delivery globally.Data Center Innovation – GFS continues to deliver effective and efficient DC and infrastructure designs that deliver the most value to our internal customers. Today this means our IT Pre-Assembled Components (ITPACs) for our future modular data centers will provide a lower cost CAPEX per Mega Watt,  enhanced speed to market, and reduction in OPEX.  ITPACs are a game changer.Global Capacity – When choosing future datacenter sites, we take into account over 35 weighted criteria, including close proximity to an ample and stable power source and fiber optic networks, affordable pool of skilled labor, affordable energy rates, taxes, and capacity capabilities needed for our local, regional and global customers to determine the long-term viability of each site. Utility pricing – this is how GFS charges its customers by consumptions units and Consumption statementsare issued every 30 days to customers for: Compute (VM / hour), Storage  ($ per GB), Network  (traffic), Incidents (tickets)SOC/NOC – GFS manages the Microsoft Operations Center (MOC) that is a Tier 1 federated Ops center with failover in Redmond, India and California to ensure business continuity 24 x 7 x 365. The MOC is focused on delivering a comprehensive incident management and service support, with world class quality of service for 200 + property groups supporting incident management in a highly cost efficient model. They process more than 150K tickets a month supporting incidents, change management, release management and problem management. They are the first line of operational support for our cloud properties. Turnkey operations take a service from on-boarding to tooling through support. MOC supports non-windows environment. MOC uses MS Change as a primary change management tool (most universally recognized change management tool)Consumption Reporting: New Cost Model focuses on measuring and forecasting capacity utilization, cost driver transparency and accountability, and investment optimization and is aligned with ‘Improve Cost’ strategic theme. Key measurements: $/kW, $/Mbps, $/Incident, $/Server to provide transparent, accurate volume & rate insight by cost pool aligned to native cost. Standard rates by region, where applicable, provide greater predictability for BGs’ online COGSHardware Services – GFS provisions hardware via various standards programs such as containers, ITPACs and the Azure and MACH server programs.
  • Windows Azure and the Hybrid Cloud

    1. 1. 90 Day Free Trial: http://aka.ms/vs4rdw
    2. 2. cloud services(PaaS) scalable apps and Build infinitely services Support rich multi-tier architectures Automated application management
    3. 3. servicepackageservicepackage
    4. 4.  Provision Role Instances Deploy App Code Configure Network service package virtual machine virtual machine virtual machine virtual machine Server Rack 1 Server Rack 2
    5. 5.  Provision Role Instances Deploy App Code Configure Network service package
    6. 6.  Provision Role Instances Deploy App Code Configure Network service package
    7. 7.  Provision Role Instances Deploy App Code Configure Network  Network load-balancer configured for traffic
    8. 8. virtual machines(IaaS)
    9. 9. virtual machine portability
    10. 10. no lock-in
    11. 11. pay only for what you use
    12. 12. FrameworksServices . . . . . . . . . . . . . . . . . .Fabric virtual machines web sites cloud services SQL database noSQL database blob storage connect virtual network traffic managerInfrastructure Automated Elastic Managed Resources Usage Based N Central US, S Central US, N Europe, W Europe, E Asia, SE Asia + 24 Edge CDN Locations
    13. 13. globalfootprint
    14. 14. Windows Azure feature ISO 27001 SSAE 16 EU Model HIPAA SOC 1 Type Clauses BAA 2Web SitesVirtual Machines    Cloud Services    Storage (Tables, Blobs, Queues)    SQL DatabaseCachingContent Delivery Network (CDN)Networking (Connect, TM, VNet)    Windows Azure Active DirectoryService BusMedia Services
    15. 15. http://www.windowsazure.com/en-us/support/trust-center/•
    16. 16. Reduce timeto solution
    17. 17. PUBLIC
    18. 18. PUBLICIdentity PRIVATE
    19. 19. Website 3rd Party SQL Server Active Directory
    20. 20. Cloud Service Website 3rd Party SQL Server Active Directory
    21. 21. Cloud Service 3rd Party SQL Server Active Directory
    22. 22. ••
    23. 23. Take the Windows Azure 90-day trial at http://aka.ms/vs4rdwNext StepAdditional http://windowsazure.comResourcesAccess the Content
    24. 24. Share Your Before you leave today, complete the event evaluation for a chance to win an Xbox with Kinect. Mobile tag and eval URL are printed on the agenda and signage in Feedback breakout rooms. Experience the Connect 1:1 with Microsoft product teams and Partners and get hands-on with the Lounge new technology in the Experience Lounge.Win an Xbox with Revisit the Experience Lounge at 3:30PM for a chance to win an Xbox 360 Kinect Kinect Star Wars Bundle! Must be present to win. Engage with US Launch partners in the Experience Lounge and during the lunch Hear More session(s). Connect with local Microsoft representatives – visit the registration desk for an introduction.

    ×