windows azure for it pros kurt claeys (tsp windows azure, microsoft emea)
TRANSCRIPT
Windows Azure for IT ProsKurt CLAEYS (TSP Windows Azure, Microsoft EMEA)
“What IT pros need to know about Azure”
Agenda
• Azure overview• Create a hybrid environment with Azure Virtual Network• Federated authentication with AD / ADFSv2 / ACS• Monitoring Azure roles with SCOM• VMRole
4
• infrastructure as a service (hardware)• Servers available in the cloud
• platform as a service (developer) • Delivery of a OS for custom, cloud enabled apps• Support for service hosting and interoperability • Relational data storage in the cloud
• software as a service (end users) = BPOS• Exchange online• Sharepoint online• Dynamics CRM online
PAAS
IAAS
SAAS
PAAS
Virtual NetworkCompute Storage
Data Sync
Database Reporting
CachingService Bus
Access Control
Create a hybrid environment with Azure Virtual Network
• Hybrid = Apps in Azure need to be able to communicate with on premises machines and vice versa.
• Virtual Network = enabling direct IP-based network connectivity between machines, abstracting where the machine are located.
• Scenarios :• Connect to an on-premises SQL Server database • Domain-join Windows Azure services to local Active
Directory
9
Azure Virtual Network
Web/Worker VM Role
On PremiseMachine
Azure Connect Gateway
Azure Connect Gateway Azure Connect Gateway
Network policy managed through
portal :“which machine can access which
machine”
SQL Server
IPV6 address IPV6 address
IPV6 address
opening https outboundon firewall is enough !
Corporate FIREWALL
DEMOAzure Virtual Network
Azure AppFabric Access Control
• Helps you build federated authorization into your applications and services.
• Declarative model of rules and claims.• Supports different identity-management infrastructures.• Bridges• Active Directory identity stores on premises (ADFS v2)• Services using Windows Identity Framework
12
Authentication – Authorization - Rules
Azure ACS
WebApp
Facebook ID
ADFS2
identity providers
Claims
Redirect loginauthorization
rules
authentication
Federation of identities
My WebApp
contoso
AD
fabrikamAD
ADFSv2 ADFSv2
Claimset owned by contoso Claimset owned by fabrikam
My Claimset
Azure ACS
DEMOADFS - ACS
VMROLE
• Ability to upload your own customized WS2008R2 Enterprise images.• Full control over the OS image, install whatever you want on it.• You can remote desktop into the OS.
• Target scenarios :• Need to use apps/libraries with no unattended setup.• Dev/Test on premises ... Production on Azure.
• Scale out !• Instances are behind loadbalancer, one public IP per service.• No durability of OS image on hardware failure.
• With VM Role, the customer creates & maintains the OS.• Paying model = Paying model of current web/workerrole.• Uses differencing disks to upload deltas to image. 16
virtual image
app
Azure
virtual image
app
Azure
app
development environment
Visual Studio
virtual image
app
development environment
Hyper-V
• Web/Worker Role• The virtual image is already there, ... you upload your
app, ... Azure places this app on the image and runs the image.
• VM Role• You upload the complete virtual image with all apps
installed, ... Azure runs the image
+ Install W2008 R2
<?xml version="1.0" encoding="utf-8"?><ServiceDefinition name="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
<VirtualMachineRole name="VMRole1" vmsize="Medium"> <Imports> <Import moduleName="Diagnostics" /> </Imports> <ConfigurationSettings> <Setting name="ConnString" /> </ConfigurationSettings> <Endpoints> <InputEndpoint name="Endpoint1" protocol="tcp" port="9876" localPort="12345" /> </Endpoints> </VirtualMachineRole></ServiceDefinition>
<?xml version="1.0" encoding="utf-8"?><ServiceConfiguration serviceName="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*"> <Role name="VMRole1"> <Instances count="2" /> <ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" /> <Setting name="ConnString" value="Foo" /> </ConfigurationSettings>
<OsImage href="baseimage.vhd" /> </Role></ServiceConfiguration>
VMRole Lifecycle
• Create a .vhd in Hyper-V manager, install W2008 R2 as OS.• Install whatever roles, features and apps you want on it.• Turn of automatics updates.• Install Windows Azure VM Role Integration Components.• Run sysprep.exe and bring it down.• Upload the .vhd to Azure (needs a certificate).• Deploy a service configuration (Visual Studio, Managament
Portal or Management API PS commandlets).
21
DEMOVMROLE
System Center Operation Manager - Azure
• Management pack enables Operations Manager customers to monitor the availability and performance of applications that are running on Windows Azure.• Discovery of Windows Azure applications. • Status of each role instance. • Collection and monitoring performance information. • Collection and monitoring of Windows events. • Collection and monitoring of the .NET Framework trace
messages from each role instance. • Change the number of role instances.
23
DEMOSCOM + Azure management pack
Q&A
Stay up to date with TechNet Belux
Register for our newsletters and stay up to date:http://www.technet-newsletters.be
• Technical updates• Event announcements and registration• Top downloads
Join us on Facebookhttp://www.facebook.com/technetbehttp://www.facebook.com/technetbelux
LinkedIn: http://linkd.in/technetbelux/
Twitter: @technetbelux
Download MSDN/TechNet Desktop Gadget
http://bit.ly/msdntngadget
TechDays 2011 On-Demand
• Watch this session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/
http://technet.microsoft.com/nl-be/edge/
• Download to your favorite MP3 or video player• Get access to slides and recommended resources by the speakers
THANK YOU