windows azure for it pros kurt claeys (tsp windows azure, microsoft emea)

Windows Azure for IT ProsKurt CLAEYS (TSP Windows Azure, Microsoft EMEA)

“What IT pros need to know about Azure”

Agenda

• Azure overview• Create a hybrid environment with Azure Virtual Network• Federated authentication with AD / ADFSv2 / ACS• Monitoring Azure roles with SCOM• VMRole

4

• infrastructure as a service (hardware)• Servers available in the cloud

• platform as a service (developer) • Delivery of a OS for custom, cloud enabled apps• Support for service hosting and interoperability • Relational data storage in the cloud

• software as a service (end users) = BPOS• Exchange online• Sharepoint online• Dynamics CRM online

PAAS

IAAS

SAAS

PAAS

Virtual NetworkCompute Storage

Data Sync

Database Reporting

CachingService Bus

Access Control

Create a hybrid environment with Azure Virtual Network

• Hybrid = Apps in Azure need to be able to communicate with on premises machines and vice versa.

• Virtual Network = enabling direct IP-based network connectivity between machines, abstracting where the machine are located.

• Scenarios :• Connect to an on-premises SQL Server database • Domain-join Windows Azure services to local Active

Directory

9

Azure Virtual Network

Web/Worker VM Role

On PremiseMachine

Azure Connect Gateway

Azure Connect Gateway Azure Connect Gateway

Network policy managed through

portal :“which machine can access which

machine”

SQL Server

IPV6 address IPV6 address

IPV6 address

opening https outboundon firewall is enough !

Corporate FIREWALL

DEMOAzure Virtual Network

Azure AppFabric Access Control

• Helps you build federated authorization into your applications and services.

• Declarative model of rules and claims.• Supports different identity-management infrastructures.• Bridges• Active Directory identity stores on premises (ADFS v2)• Services using Windows Identity Framework

12

Authentication – Authorization - Rules

Azure ACS

WebApp

Facebook ID

ADFS2

identity providers

Claims

Redirect loginauthorization

rules

authentication

Federation of identities

My WebApp

contoso

AD

fabrikamAD

ADFSv2 ADFSv2

Claimset owned by contoso Claimset owned by fabrikam

My Claimset

Azure ACS

DEMOADFS - ACS

VMROLE

• Ability to upload your own customized WS2008R2 Enterprise images.• Full control over the OS image, install whatever you want on it.• You can remote desktop into the OS.

• Target scenarios :• Need to use apps/libraries with no unattended setup.• Dev/Test on premises ... Production on Azure.

• Scale out !• Instances are behind loadbalancer, one public IP per service.• No durability of OS image on hardware failure.

• With VM Role, the customer creates & maintains the OS.• Paying model = Paying model of current web/workerrole.• Uses differencing disks to upload deltas to image. 16

virtual image

app

Azure

virtual image

app

Azure

app

development environment

Visual Studio

virtual image

app

development environment

Hyper-V

• Web/Worker Role• The virtual image is already there, ... you upload your

app, ... Azure places this app on the image and runs the image.

• VM Role• You upload the complete virtual image with all apps

installed, ... Azure runs the image

+ Install W2008 R2

<?xml version="1.0" encoding="utf-8"?><ServiceDefinition name="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">

<VirtualMachineRole name="VMRole1" vmsize="Medium"> <Imports> <Import moduleName="Diagnostics" /> </Imports> <ConfigurationSettings> <Setting name="ConnString" /> </ConfigurationSettings> <Endpoints> <InputEndpoint name="Endpoint1" protocol="tcp" port="9876" localPort="12345" /> </Endpoints> </VirtualMachineRole></ServiceDefinition>

<?xml version="1.0" encoding="utf-8"?><ServiceConfiguration serviceName="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*"> <Role name="VMRole1"> <Instances count="2" /> <ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" /> <Setting name="ConnString" value="Foo" /> </ConfigurationSettings>

<OsImage href="baseimage.vhd" /> </Role></ServiceConfiguration>

VMRole Lifecycle

• Create a .vhd in Hyper-V manager, install W2008 R2 as OS.• Install whatever roles, features and apps you want on it.• Turn of automatics updates.• Install Windows Azure VM Role Integration Components.• Run sysprep.exe and bring it down.• Upload the .vhd to Azure (needs a certificate).• Deploy a service configuration (Visual Studio, Managament

Portal or Management API PS commandlets).

21

DEMOVMROLE

System Center Operation Manager - Azure

• Management pack enables Operations Manager customers to monitor the availability and performance of applications that are running on Windows Azure.• Discovery of Windows Azure applications. • Status of each role instance. • Collection and monitoring performance information. • Collection and monitoring of Windows events. • Collection and monitoring of the .NET Framework trace

messages from each role instance. • Change the number of role instances.

23

DEMOSCOM + Azure management pack

Q&A

Stay up to date with TechNet Belux

Register for our newsletters and stay up to date:http://www.technet-newsletters.be

• Technical updates• Event announcements and registration• Top downloads

Join us on Facebookhttp://www.facebook.com/technetbehttp://www.facebook.com/technetbelux

LinkedIn: http://linkd.in/technetbelux/

Twitter: @technetbelux

Download MSDN/TechNet Desktop Gadget

http://bit.ly/msdntngadget

TechDays 2011 On-Demand

• Watch this session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/

http://technet.microsoft.com/nl-be/edge/

• Download to your favorite MP3 or video player• Get access to slides and recommended resources by the speakers

THANK YOU