Welcome to Cloud Era

CONNECT YOUR HOME LAB TO MICROSOFT AZURE

MOHAMED FAIZAL AND MATT HITCHCOCK

DATA CENTER

ABOUT US

PowerShell MVP

Community Leader for Community Leader for

Microsoft Azure MVP

Mohamed Faizal Matt Hitchcock

Thank you to our sponsors

TODAY SCHEDULE

HYBRID SCENARIOS

Extend Infrastructure to the cloud

Data Processing in

the cloud

Access data & apps in your data center

Integrate services from On-Premises

Processing across cloud

& On-Premise

WHY HYBRID CLOUD?

Your IT can benefit from public cloud

• Pay-per-use, scalability, elasticity

You cannot move all to a public cloud

• Existing investments, legal constraints etc.

Hybrid = best of both

• Run in public cloud and your own data center

A Unified Cloud Strategy

Compute/storage/network Compute/storage/network

Management Portal/APIManagement Portal/APIManagement Portal/API

• flexible development

• unified management

• common identity

• integrated virtualization

• complete data platform

* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com

APP SERVICES

NETWORKING & AUTOMATION SERVICES

COMPUTE SERVICES DATA SERVICES

SO WHAT IS HYBRID …

On Premises Private Cloud

AutomationHealth Monitoring

Site-to-Site VPNPoint-to-Site VPN

Express Route

Azure

Web

Site

web

roles

worker

roles

Virtual

Machines

Azure

Mobile

Services

TFS or

VS Online +

GIT

Azure

AD

Multi-Factor

Auth

Azure

Cache

Access

Control

BizTalk

Services

Media

Services

Service

Bus

Notification

Hub

Scheduler

SANStorage Spaces/SMB

Server Group #1 Server Group #2

VIRTUALIZATIONCOMPUTE,STORAGE &

NETWORKING

Physical Infrastructure (Servers/Storage/Networking

DEVICES & FACILITIES

NETWORKING, COMPUTE, STORAGE, APP SERVICES,

AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc.

… as a SERVICE

StorSimpleCloud Integrated Storage

Azure Site

Recovery

StorSimple

Virtual

Appliance

Backup

Service

Gallery

OS images

VHD VHD data

disk

MySQL

database

SQL

Database

SQL

Data

Sync

HDInsight

(Hadoop)

storage

queue

storage

blob

storage

table

Virtual

network

Automation CDNAvailability

Set

Azure load

balancer

Auto-

scale

Traffic

Manager

File ServerExchangeActiveDirectory

My SQL OracleLOB AppCommercial

AppSQL

APPLICATIONS &SERVICES

JEE App .NET App

System Center 2012 R2

Provisioning

Monitoring

Automation & Self Service

Application Insight

IT Service Management

HYBRID NETWORKING OFFERINGS

Secure point-to-site connectivity

• Developers• POC Efforts• Small scale deployments• Connect from anywhere

Secure site-to-site VPN connectivity

• SMB, Enterprises• Connect to Azure compute

ExpressRoute private connectivity

• SMB & Enterprises• Mission critical workloads• Backup/DR, media, HPC• Connect to all Azure services

HYBRID CLOUD SCENARIOS

Infrastructure as a Service (3-Tier highly available example)

Availability Set

Load Balancing

AutoScaling

Tier 1

Availability Set

Tier 2

AutoScaling

SharePoint

Availability Set

Tier 3

AzureStorage

SQLAzure

Analytics& Reporting

VPN

VPN

Web Site

MobileService

HDInsight(Hadoop)

Storage BLOB

StorageTable

StorageQueue

Virtual Machines

VHD

Windows Azure Cache

Windows Azure CDN

MicrosoftAzure AD

Notification Hub

Users

MicrosoftAzure SDK

Developers

On Premises

Microsoft Azure

HYBRID CLOUD SCENARIOS

Platform as a Service (Connected Devices)

Connected Devices

Collect / Decode

Load Balancing

AutoScaling

Worker Roles

INGRESS NODES

Filter / Analyze / Aggregate

ANALYTICS NODE

AutoScaling

Worker Roles

AzureStorage

Record Reporting / BI

CONSUME

AzureStorage

SQLAzure

Analytics& Reporting

Microsoft Azure

HYBRID CLOUD SCENARIOS

Development / Test (SharePoint)

VPN

Remote UsersAdmin

HYBRID CLOUD SCENARIOS

Azure Backup File Server

SQL

Exchange

Recovery

Encrypted BackupVPN

Windows BackupSC Data Protection Manager

Microsoft Azure

Azure Site Recovery

System Center

Virtual Machine

ManagerRecoveryplan

Health Monitor

System Center

Virtual Machine

Manager

Site A Site BHyper-V Replica

Orchestrated Recovery in case of outage

Manage

Site B

System Center

Virtual Machine

Manager

Site AReplication

Recovery

Microsoft Azure

Microsoft Azure

HYBRID CLOUD SCENARIOSEnterprise Mobility Suite

• Hybrid Identity Management

• Mobile Device Security& Management

• Mobile Application Management

• Strong Authentication & Access based Information

ProtectionMicrosoft Azure Active Directory

Consumer identity providers

PCs and devices

Microsoft apps

3rd party clouds/hosting

ISV/CSV appsCustom LOB apps

Encrypted Synchronization

Microsoft Azure AD

Microsoft Azure Multi-Factor Authentication

ADFS / SAMLMulti-Factor

AuthenticationServer

Cloud AppsMulti-Factor

AuthenticationServer

Corporate devices

On Premises

Applications

BYOD / Personal devices

.NET, Java, PHP, …

• Built-in• SDK for integration• Strong multi Factor Authentication• Real Time Fraud Alert• Reporting, Logging & Auditing• Enables compliance with NIST 800-63

Level 3, HIPAA, PCI DSS, and other regulatory requirements

Microsoft Azure AD

SQL SERVER HYBRID CLOUD SCENARIOS

SQL DevelopmentPublishCompareSyncImport / ExportRegister / Unregister

Management Portal

VPNDispersed Teams

Microsoft Azure

SQL Backup/Recovery

SQL Backup tool for legacyManual Console BackupManaged Backups

Management Portal

VPN / Encrypted Data

Microsoft Azure

SQL Business ContinuityPrimary SecondaryAsynchronous Commit

Console 2014 / Scripts 2012

VPN

BackupAvailability GroupsPeriodic SnapshotsGeo Replication

Disaster Recovery

Powering BI Apps

Microsoft Azure

SAP on Microsoft Azure

On-PremisesVPN Device

SAP (Dev / Test / UAT)Windows Server & SAP (C:)

Shared Pool (D:)

Windows Server (C:)

Shared Pool (D:)

SQL Server (E:)

.vhd file

.vhd file

.vhd file

.vhd file

.vhd file

SQL Server

Virtual Network

Blob Storage

On-Premises

On-PremisesServers

SAP certificationsMicrosoft Azure is certified for the following SAP products, with full support from Microsoft and SAP. http://azure.microsoft.com/en-us/campaigns/sap/

SAP ProductGuest

Operating System

RDBMSVirtual

Machine Types

SAP Business Suite Software WindowsSQL

ServerA5

SAP Business All-in-One WindowsSQL

ServerA5

SAP NetWeaver Application Server ABAP 1 Windows

SQL Server

A5

SAP HANA Developer Edition (including the HANA Client software

comprised of SQLDBC, ODBO (Windows only), ODBC, AND JDBC drivers), HANA Studio, and HANA

Database) 2

SUSE, Linux N/A A7, A8

Azure VPNGateway

1 Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported for deployment in Azure. 2 Customers can try SAP HANA Developer Edition on Azure using the SAP Cloud Appliance Library.

THE BIG (NETWORK) PICTURE

Internet Clients

On premises Datacenter

AzureVirtual Network

Frontend Connectivity

Load-balanced and direct IPs

ACLs & DDoS protection

Traffic Manager & Azure DNS

Virtual Networks

Flexible multi-tier topologies

Backend Connectivity

Secure Internet cross premises VPN connectivity

ExpressRoute – direct connectivity

FORCED TUNNELING

“Force” or redirect customer Internet-bound traffic to an on-premises site

Auditing & inspecting outbound traffic from Azure

Needed by many scenarios for critical security and IT policy requirements

Virtual Network

Backend10.3/16

Mid-tier10.2/16

Frontend10.1/16

VPN GW

Internet

On Premises

S2SVPNs

Forced Tunneledvia S2S VPN Internet

GATEWAY ENHANCEMENTS

High Performance Gateway• Better throughput

• More S2S tunnels

• Pricing

• $0.49 per gateway hour

• Data transfer & VNet traffic rates unchanged

No Encryption option• Better throughput for Vnet-to-Vnet

within Azure

• Intra-/Inter-region Vnet-to-Vnet traffic stays within Microsoft networks, not Internet

PFS Support for IKE• Compliance requirements & better

security

Operations Logs• Visibility into critical gateway events

Gateway SKU ExpressRouteThroughput*

S2S Throughput*

MaxTunnels

Default 500 Mbps 100 Mbps 10

Performance 1000 Mbps 200 Mbps 30

NETWORK SECURITY GROUPS (NSG)Enables network segmentation & DMZ scenarios

Access Control List• Filter conditions with allow/deny

• Individual addresses, address prefixes, wildcards

Associate with VMs or subnets

ACLs can be updated independent of VMs

Virtual Network

Backend10.3/16

Mid-tier10.2/16

Frontend10.1/16

VPN GW

Internet

On Premises 10.0/16

S2SVPNs

Internet

MULTIPLE NICS IN AZURE VMS

Multiple NICs enable virtual appliances in Azure

MAC/IP addresses persist through VM life cycle

Separate frontend-backend traffic, and management-data planes

Up to 4 NICs per VM

Azure Virtual Machine

NIC2 NIC1 Default

Internet

10.2.2.2210.2.3.33 10.2.1.11

VIP: 133.44.55.66

WAN

CUSTOMERS WANT AZURE ON THEIR NETWORK

WAN

EXPRESSROUTE PARTNERS

Publicinternet

Microsoft Azure

Publicinternet

Microsoft Azure

FOR MORE INFORMATION

• Introduction to Microsoft Azure Networking Technologies and What's New

• Designing Hybrid Scenarios with Microsoft Azure

• Architecting Effective Cloud Adoption Strategies

• How to Develop a Successful Hybrid Cloud Strategy

EVALUATE THIS SESSION

There will be other prizes including Bluetooth devices,

Office 365 subscriptions, Xbox Live subscriptions and more!

Win…