windows azure bringing cloud to government agencies
DESCRIPTION
Windows Azure Bringing Cloud to Government Agencies. Anthony Puca – Datacenter SSP [email protected] US Public Sector - SLG www.windowsazure.com. A little about me…. Started in technology 24 years ago as a Mainframe Librarian for AMEX Been working for Microsoft last 3 years - PowerPoint PPT PresentationTRANSCRIPT
Windows Azure Bringing Cloud to Government AgenciesAnthony Puca – Datacenter [email protected] US Public Sector - SLGwww.windowsazure.com
A little about me… Started in technology 24 years ago as a Mainframe Librarian for
AMEX Been working for Microsoft last 3 years Prior to MSFT, 7 years @ EMC Prior to EMC, 7 years @ Avanade and Perot Systems Authored books and whitepapers on Microsoft technologies
(2001): MOF Change Quadrant SMFs (2008): “SCCM 2007 R2 Unleashed” (
http://www.amazon.com/System-Center-Configuration-Manager-Unleashed/dp/0672330237) (2011): SCCM 2007 Lab Deployment Guide:
http://download.microsoft.com/download/1/3/A/13A161C1-2481-4E47-9771-86F55AC9F0EC/ConfigurationManager2007 Lab Deployment Guide.docx
(2013): Microsoft Office 365 Administration Inside Out (O’Reilly): (http://www.amazon.com/Microsoft-Office-365-Administration-Inside/dp/0735678235)
2004-2010 Microsoft MVP (WMI (1) & SCOM (6))
$30
$25
$20
$15
$10
$5
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
Mark
et S
hare
(in
Billio
ns)
Public Cloud Platform
Why consider the cloud?
EconomicsScaleSpeed
This has happened before
1900 1907 1930 19355%
40%
80%
90%Electrical Grid Adoption
How does that help me?Storage: always running out of diskDR: offsite storage, servers, backup, surveillance Burst: need more capacityMedia: create, store, distribute, to different devices, surveillanceDev/test: validate apps and environmentsResearch: large compute, short window of needDatabase: without the hasslesCollaboration repositoryHIPAA: process and store private data
IT concerns, decision points
You Manage You Manage
Vendor Manages
You Manage
Vendor Manages
Platform(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Software(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Infrastructure(as a Service)
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
You Manage
Vendor Manages
Cloud ServicesOn Premises
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Cloud Computing Patterns
tCom
pute
InactivityPeriod
On and OffOn & off workloads (e.g. batch job)Over provisioned capacity is wasted Time to market can be cumbersome
t
Unpredictable BurstingUnexpected/unplanned peak in demand Sudden spike impacts performance Can’t over provision for extreme cases Co
mpu
te
t
Predictable BurstingServices with micro seasonality trends Peaks due to periodic increased demandIT complexity and wasted capacity
Com
pute
t
Growing FastSuccessful services needs to grow/scale Keeping up w/ growth is big IT challenge Cannot provision hardware fast enoughCo
mpu
te
Cloud Computing EconomicsTCO per
Server
Cloud Size (# of Servers)
PrivatePublic
100 1,000 10,000 100,000$0
$2,000
$4,000
$6,000
$8,000
Physical & Virtual
Source: Microsoft
Windows Azure Trust Center
• One location to aggregate content across Security, Privacy, and Compliance
http://www.windowsazure.com/en-us/support/trust-center/
Regulatory & Compliance Domain Windows AzureISO 27001 YesSAS 70/SSAE/SOC 1 Yes, Type IISOC 2 Yes, Type IIISAE 3402 YesFERPA N/AFISMA [ATO] YesFedRAMP YesHIPAA/BAA YesData Processing Agreement YesSection 508 Rehabilitation Act Section 508 VPATs availablePCI YesGLBA YesIPv6 TBD – CY14 Q4CJIS TBD – CY14 Q4
Regulations list and status
Key Security and Compliance FeaturesNetwork Security
Com
plia
nce
Cert
ifica
tion
Authenticatio
n &
Authorizatio
n
Data Securit
y
Physical
Security
Federal Risk and Authorization Management Program (FedRAMP) JAB Provisional ATO
ISO/IEC 27001:2005 Audit and Certification
SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations
Cloud Security Alliance Cloud Controls Matrix
PCI Level 1 Compliant UK G-Cloud Impact Level 2
Accreditation HIPAA Business Associate Agreement
(BAA)
Multi-factor authentication for customer and internal operations access
Segregation of duties through role-based group memberships configured as AD security groups
Internal and customer configurable software firewalls/DoS/IP filtering
Virtual Private IP for all customer connections based on Azure subscriptions
All data centers hosting Windows Azure data are managed by Microsoft Global Foundation Services (GFS) which are FedRAMP certified
Geographically distributed locations throughout the U.S.
Highly secured access mechanisms
Custom developed, highly automated management system through the hypervisor
Custom developed monitoring and logging system FIPS 140-2 validated encryption Key and certificate management based on industry
best practices Data replication within each data center as well as
solutions for geo-replication to multiple data centers
Tailored to meet security functionalities in a cloud service environment− Scalability− Virtual machine and customer-to-customer
isolation− Security built into the software and focused on
pre-deployment testing
Understanding Microsoft's Public Cloud Solution
Source: EYP Mission Critical Facilities Inc., New York
Data Center Operational Energy Use
Offline UPS technologies can drive
Electrical losses substantially down
Widening temperature range can remove chillers and drive cooling to zero
Virtualization, active power management increase IT return on
investment
Traditional Modular
PUE=2.0 PUE=1.15
Datacenter evolution
ServerCapacity20 year Technology
2.0+ PUE
Colocation
Generation 1
DensityRack Density & DeploymentMinimized Resource Impact
1.4 – 1.6 PUE
Generation 2
201220091989-2005 2007
Containment
1.2 – 1.5 PUE
Containers, PODsScalability & SustainabilityAir & Water EconomizationDifferentiated SLAs
Generation 3
Modular
1.12 – 1.20 PUE
ITPACs & ColocationsReduced Carbon Right-SizedFaster Time-to-Market Outside Air Cooled
Generation 4
Integrated
1.07 – 1.19 PUE
Integrated System Resilient SoftwareCommon InfrastructureOperational SimplicityFlexible & Scalable
Generation 5
Future
200+ Cloud Services
1+ billion customers, 20+ Million Businesses, 76+ markets worldwide
Innovation at enterprise scale
* IDC Server Workloads Study 2013 ** IDC 2013 WW Server Tracker
93%of the Fortune 1000 use Active Directory
2:3servers worldwide run on Windows Server**
46%worldwide share: SQL Server most widely-deployed database*
66%of enterprise seats covered with System Center
430B+Windows Azure AD authentications
280%year-over-year database growth in Windows Azure
50%of Fortune 500 use Windows Azure
29K+organizations already use Windows Intune
1B+Office users, 1 in 4 enterprise customers now has Office 365
Windows Azure runs on Windows Server 8.5T objects stored in Windows Azure
Bing runs on Windows Server 5.5B+ global queries per month
One consistent experienceAzure Private CloudAzure Private Cloud
Your Datacenter
ServiceProviderMicrosoft
ConsistentPlatform
ONE
Media ServicesYour Choice of Components for Building Custom Media
Workflows in the Cloud
Encoding Analytics
Windows Azure Media Services
LiveStreaming
FormatConversio
n
Content Protection
On-DemandStreaming
Advertising
Ingestion
Anyone watch the Olympics?
2012 London Olympics17 days of broadcast starting July 25thFirst major event broadcast live from the cloudContent Management by deltatre via Windows Azure Media Servicesand CDN delivery by AkamaiMajor platform support: Web and Mobile Silverlight, iOS, Windows Phone 7, Android 28 channels in Dublin, 5 in Chicago, 2 for South America Each channel has backup channel Over 2200 hours of broadcast video with DVR and Video-On-Demand support 500 VMs and 3000 cores Highlight reel and real-time voice-over support
Olympics NBC Sports
Live video encoding and streamingWeb + MobileOver 100 million viewers in 22 countries and 4 continentsMore than 100TB of storageOver 500 Billion Storage TransactionsWorld Record: 2.1 million concurrent HD viewers during the USA vs. Canada hockey match
The Sochi Olympics were powered worldwide by Azure & Hyper-V
Office 365 Authentication Redundancy through Site Resiliency Using ADFS in Azure
VLAN1 - One Read/Write Domain Controller for replicating users and for allowing Active Directory maintenance in Azure in the event of an outage at customer’s site
VLAN2 - One AD FS Server (two for local failover)
VLAN3 - One AD FS Proxy Server in the DMZ portion of customer’s Azure slice (two for local failover)
27
Scenarios to get started with Windows Azure
Extend your infrastructure
Develop, test, run your apps
Store, backup, recover your data
Reach where your datacenter won’t
1
Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
Time
Data grows exponentially(50 – 60% Annually: IDC)
However most I/O happens to the “Working Set” data
SAN storage cost = 4x Cloud storage
(source: Forrester)
CloudStorageOpportunity
Local Storage
Capa
city
Store, backup, recover your data
Store, backup, recover your data
Windows Azure Storage
4 Trillion Objects
“Azure Blob storage has taken a significant step ahead of last year’s leader Amazon S3, to take the top spot”
– Nasuni 2013 Cloud Storage Report
Store, backup, recover your dataWindows Azure StorageHighly durable and scalableMultiple copies of your dataFinancially backed SLAsStorage for objects, tables, drivesSupports REST APIs
Store, backup, recover your data
West DC
East DC
> 400 miles
Windows Azure StorageDefend against regional
disasters.
Geo replication
Store, backup, recover your data
Your Data Center
Simple and fast on-ramp to AzureActive data instantly available locallyArchives less used data to Windows AzureRecover data from any internet connectionReduce Agency storage TCO by 60-80%
Physical or Virtual Servers StorSimple
StorSimple Enterprise Class ApplianceHighly Available - No Single Point of Failure
1. Full MPIO Support2. Dual Controllers with Auto-failover3. Dual Power4. Dual Cooling5. RAID drives6. Hot-spare drives7. Non-disruptive software upgrades8. Certified by Microsoft & VMWare
StorSimple Tiered ArchitectureSSD Performance, Deduplication and Auto-Tiering to Cloud
SSDDeduplicated
SASDeduplicatedCompressed
CloudDeduplicatedCompressedEncrypted
SSDLinear TierA B C A B D E
C D E
D E
E
34
New SS Promo placeholder
SQL Server Management Studio
Reliable off-site data backup
for SQL imagesEasily restore databases using VMs
Benefits
Store, backup, recover
Direct URL backup to Azure Storage
Restore in Azure Virtual Machine
Microsoft SQL ServerBackup and restore database to the cloud
Backup datacenter data to Windows using System Center Data Protection ManagerBackup and recover files/folders from Windows Server 2012 SP1
Windows Azure Backup
Store, backup, recover your data
BenefitsReliable offsite data protectionSimple, familiar, integratedEfficient backup and recoveryEasy set up
Windows Server 2012Windows Server 2012 EssentialsWindows Server 2008 R2 (SP1)
System Center 2012 DPM SP1
Your On-Premises Datacenter
38
Extend your infrastructure
Develop, test, run your apps
Store, backup, recover
Reach where your datacenter can’t
2Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
3
Store, backup, recover your data
Scenarios to get started with Windows Azure
IT Admin
Developers
Your Datacenter
VMs in test/dev environment
Develop, test, run your apps
Provision VMs
Use VMs
Limited hardware budgetLimited software licensingResource contention with VMsCompromised developer agilityRealistic scale tests often challenging
Test and development on-premises
Developers
IT Admin
Develop, test, run your apps
Cost effective (pay for what you use)Improved developer agility with platform servicesReady to use gallery of imagesShip tested in realistic scale scenariosUse existing development tools & languagesAccess on-premise resources if necessary
Test and development using Windows Azure Manage environment
Use VMsProvision VMs
Your Datacenter,or Your Hoster
Develop, test, run your appsStart VMs and app development in Azure
Easy VM portabilityIf it runs on Hyper-V, it runs in Windows Azure
Production environment
Deploy anywhere with no lock-in
Move from SharePoint 2007 to SharePoint 20013 across 18 different business units, spread across 12 countriesQuickly create a large Sharepoint farm for Dev/test within time and cost limits
ChallengesLimitless resources for Dev/TestSpeed: Build a Sharepoint farm in days not weeksLow cost, scale up and down as needed Familiar tools and automation via PowerShellPortability: On-premises or at Hoster as needed
Benefits
“We needed to take a new approach and Windows Azure Virtual Machines provided the right solution for our business.”– Andreas Hogberg, Telenor
43
Extend your infrastructure
Test drive your apps
Store, backup, recover your data
Reach where your datacenter won’t
3Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
4
Store, backup, recover your data
Scenarios to get started with Windows Azure
Extend your infrastructureWindows Azure Infrastructure ServicesVirtual Machines with on-demand scale & computeSpin up and tear down in minutes, no hardware provisioningConnect with on-premises Active Directory and domainsIntegrates Windows Azure Virtual Networks Use what you know, manage with System CenterIntegrates with Azure Platform, Apps, and Storage Services
Virtual Network
Your Datacenter
Internet
Active Directory
SharePoint SQL Server
Windows Azure
45
Extend your infrastructure
Test drive your apps
Store, backup, recover your data
Reach where your datacenter won’t
3Extend your infrastructure
Develop, test, run your apps
Reach where your datacenter won’t
4
Store, backup, recover your data
Scenarios to get started with Windows Azure
Reach where your datacenter won’t
Windows Azure Websites
Websites with global reachBuild websites with global scaleBuilt-in support for open web frameworksManaged by Microsoft Improve performance with Traffic Manager
Get Startedhttp://WindowsAzure.com
HYBRID CLOUDSAMPLE ARCHITECTURES
High Availability / Disaster RecoveryHybrid StorageIaaS / PaaSIdentity / Access Management Multi Factor AuthenticationSharePoint (Dev/Test, Recovery, Continuity)Database (Dev/Test, Recovery, Continuity)
Windows Azure Backup (<1TB)
File Server
SQL
Exchange
Recovery
Encrypted Backup
VPNWindows Backup
SC Data Protection Manager
Hyper-V Recovery ManagerSystem Center Virtual MachineManager
ADSQLExchangeRecover
yplan
Health Monitor System Center Virtual MachineManager
ADSQLExchange
Site A Site BHyper-V Replica
Orchestrated Recovery in case of outage
Manage
Hybrid Cloud Scenarios
StoreSimple
Cloud Integarted
Storage100 up to 550
TB
Benefits• Consolidates primary,
archive, backup, DR thru seamless integration with Azure
• Cloud Snapshots • De duplication• Compression • Encryption• Reduces enterprise storage
TCO by 60–80%
Warm data on
SAS Local Tier
Most Active Data
on SSD
Application
Servers
StorSimple – Cloud Storage
Encrypted Backup
Service Cert
Recovery
Policies
Automation
2 up to 20 TB
De duplicated
De duplicated & Compressed
De duplicated, Compressed & Encrypted
VPN
Hybrid Cloud Scenarios
StoreSimple
Archive Data
Benefits• Consolidates primary,
archive, backup, DR thru seamless integration with Azure
• Cloud Snapshots • De duplication• Compression • Encryption• Reduces enterprise storage
TCO by 60–80%
Warm data on
SAS Local Tier
Most Active Data
on SSD Encrypted Backup
Recovery
De duplicated
De duplicated & Compressed
De duplicated, Compressed & Encrypted
VPN
StorSimple Cloud Storage
File / Application
Servers
Archiving • Live Backups, Archives, and Disaster Recovery
• Dramatic Cost Reduction
• No Changes to Application Environment
File / Application
Servers
File shares • File share with integrated data protection
• All-in-one primary data + backup + live archives + DR with de-duplication & Compression
Policies
AutomatedService Cert
Encrypted
SharePoint
• SharePoint storage on StorSimple + Azure
• StorSimple SharePoint Database Optimizer
• Improved performance & scalability
Currently in useSporadic use
Archived for RetentionHyper-V or vSphere
• Control Virtual Sprawl• Cloud-as-a-tier• Offload storage footprint• VMware Storage DRS
Storage pools• Virtual Machine Archive• Regional VM Storage
Virtual Environment
Hybrid Cloud Scenarios
Platform as a Service (Connected Devices)
Connected Devices
Collect / Decode
Load Balancin
g
AutoScalin
g
Worker Roles
INGRESS NODESFilter / Analyze / AggregateANALYTICS NODE
AutoScalin
g
Worker Roles
AzureStorag
e
Record Reporting / BICONSUME
AzureStorage
SQLAzure
Analytics&
Reporting
Infrastructure as a Service (3-Tier highly available example)
Availability Set
Load Balancin
g
AutoScalin
g
Tier 1Availability SetTier 2
AutoScalin
g
SharePoint
Availability SetTier 3
AzureStorage
SQLAzure
Analytics&
Reporting
ManagementCert
Service Cert
VPN
VPN
Web Site
MobileServic
e
HDInsight
(Hadoop)Storage
BLOBStorageTable
StorageQueue
Virtual Machine
s
VHD
Windows Azure Cache
Windows Azure CDN
Windows Azure AD
Notification Hub
Active Directory
Users
Windows Azure SDK
Developers
On Premises
Windows Azure Active Directory
Consumer identity
providersActive Directory
PCs and devices
Microsoft apps
3rd party clouds/hostingAD
ISV/CSV apps
Custom LOB apps
Encrypted Synchronization
Hybrid Cloud Scenarios
User attributes are synchronized using DirSync including the password hash, Authentication is completed against Windows Azure Active DirectoryDirSync with
password hash sync
Windows Azure AD - Cloud AuthenticationMulti-Factor Authentication can be configured through Windows Azure A
DActive Directory
Windows Azure AD - Federated Authentication
Multi-Factor Authentication can be configured through the AD FS integration with Windows Azure
User attributes are synchronized using DirSync, Authentication is passed back through federation and completed against Windows Server Active Directory
Active DirectoryAD
DirSync
AD FS
Hybrid Cloud ScenariosWindows Azure Multi-Factor Authentication
Active Directory
ADADFS / SAMLMulti-Factor
AuthenticationServer
Cloud AppsMulti-FactorAuthenticationServer
Corporate devices
On Premises Applications
BYOD / Personal devices
.NET, Java, PHP, …
• Built-in• SDK for integration• Strong multi Factor
Authentication• Real Time Fraud Alert• Reporting, Logging & Auditing• Enables compliance with NIST
800-63 Level 3, HIPAA, PCI DSS, and other regulatory requirements
SharePoint Development / Test
VPN
Remote UsersAdmin
Active Directory
SQL Server Hybrid Cloud Scenarios
SQL Backup/RecoverySQL Backup tool for legacyManual Console BackupManaged Backups
Management Portal
VPN / Encrypted Data
SQL Backup tool for legacyManual Console BackupManaged Backups
SQL Business ContinuityPrimar
ySecondar
yAsynchronous
Commit
Console 2014 / Scripts 2012
VPN BackupAvailability GroupsPeriodic SnapshotsGeo Replication
Disaster Recovery
Powering BI Apps
SQL DevelopmentPublishCompareSyncImport / ExportRegister / Unregister
Management Portal
VPN Dispersed Teams
NEXT STEPS
Potential Next StepsExplore potential scenarios - Center of Excellence
Architectural Design Session - Microsoft Technology Center
Define and build a proof of concept (At MTC or customer lab)
Setup Quick Test ScenariosDisaster Recovery, Test/Dev or Storage for Azure
Setup High Business Impact Test ScenariosSQL, SharePoint, Web, File share
7 Clicks to Create a VM in Azure
Getting Started with Virtual MachinesMultiple options toget started…
Management Portal
>_Scripting
(Windows, Linux and Mac)
REST API
Azure Demo
59
LoginI have previously set up an Azure Account.
http://manage.windowsazure.com/
Also seehttp://www.windowsazure.com/en-us/
Azure Demo
60
Click #1 Click “+NEW”
Azure Demo
61
Click #2Click VIRTUAL MACHINE
http://manage.windowsazure.com/
Click #3Click FROM GALLERY
Azure Demo
62
Click #4Choose a Server Operating System
Click Windows Server 2012
Azure Demo
63
Click #5Input a desired VM Name
Click Next (right arrow)
Azure Demo
64
No Clicks YetInput a desired DNS Name
Choose the Geo Location of the Microsoft Datacenter where you want your VM(s) to be located
Azure Demo
65
Click #6
I have chosen EAST US as my Geo Location
Click Next (right arrow)
Azure Demo
66
Choose an Availability Set
Click #7 to Provision the New VM
FINISHED
Azure Demo
67
Now the Provisioning Process StartsMy New Virtual Machine, hosted in Windows Azure’s United States-based Datacenter(s) is being provisioned.
Azure Demo
68
My New VM is DoneNow my VM is accessible through RDP
Azure Demo
69
Click Once on Your VM to Monitor it
Azure Demo
70
This is a view of the default Azure-based VM Monitor Dashboard
How it WorksSelect from Image Gallery
Create new VM from image gallery
Virtual Machine booted. Changes direct-write
to blob storageLog in to
Windows AzureManagement Portal
The image is copied toyour blob storage account
How it WorksBring your own custom VHD
Upload image to blob storage
Virtual Machine booted. Changes direct-write to
blob storageCreate your
own VHDCreate a Virtual Machine
by attaching to disk