Embed Size (px)
Citation preview
Designing Hybrid Scenarios with Microsoft AzureGanesh SrinivasanNarayan AnnamalaiYu-Shun WangMicrosoft Corporation
CDP-B209
Hybrid Overview and Scenarios
Networking in the Cloud
Hybrid Networking Services
Agenda
38 sessions at TechEd talking about some aspect of “Hybrid”
OPTIMIZED DATA CENTERWell Managed Infrastructure & Applications
CLOUDService OrientedThe
Evolution
Silo-ed EfficiencyHost / Collocate
Legacy Application Cost ReductionRe - platform
Legacy / Silo Application NewRequirements
Re - write
Additional Functionality InnovateExpand
New Functionality ScalabilityBurst out
Cloud Native Application Cloud CapabilityCloud Service
Expanding Legacy Platforms
To Modernizing Workloads
Silo-ed Architectures
App 1
Expansion
Expansion
Expansion
App 2
Expansion
Expansion
App 3
Expansion
Managing Platforms
Managing Services
On PremisesLegacy
App 1
Silo-edArchitectures
On PremisesPrivate Cloud
LeveragedInfrastructure
App 2
LeveragedInfrastructure
Off PremisesIaaS – SaaS -
PaaS
Services
ServiceOriented
App 3
Identity
Application
Data
OS
VirtualizationHW
Storage
Network
Unix Linux
MainframeWindows
X
Owning
compute storage
network
ConsumingApp
Resource silo #1
App Resource
silo #2
App Resource
silo #3
A Unified Cloud Strategy
Azure
Microsoft Azure
Windows Server System Center
On Premises
Compute/storage/network
Windows Server System Center
Service provider
Compute/storage/network
Management Portal/API
Web sites
VM Service
bus
Management Portal/API
Web sites
VM Service
bus
Management Portal/API
Web sites
VM Service
bus
• flexible development
• unified management
• common identity
• integrated virtualization
• complete data platform
* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com
APP SERVICES
NETWORKING & AUTOMATION SERVICES
COMPUTE SERVICES DATA SERVICES
So what is Hybrid …
On Premises Private Cloud
AutomationHealth Monitoring
Site-to-Site VPNPoint-to-Site VPN
Express Route
Azure Web Site
web roles
worker roles
Virtual Machine
s
Azure Mobile
Services
TFS or VS Online
+ GIT
Azure AD
Multi-Factor Auth
Azure Cache
Access Control
BizTalk Services
Media Services
Service Bus
Notification Hub
Scheduler
SANStorage
Spaces/SMB
Server Group #1 Server Group #2
VIRTUALIZATION
COMPUTE,STORAGE &
NETWORKING
Physical Infrastructure (Servers/Storage/Network
ing
DEVICES & FACILITIES
NETWORKING, COMPUTE, STORAGE, APP SERVICES, AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc.… as a SERVICE
StorSimpleCloud Integrated Storage
Azure Site
Recovery
StorSimple
Virtual Appliance
Backup Service
GalleryOS images
VHD VHD data disk
MySQL database
SQLDatabas
e
SQL Data Sync
HDInsight (Hadoop)
storage queue
storage blob
storage table
Virtual network
Automation CDNAvailability Set
Azure load balancer
Auto-scale
Traffic Manager
File ServerExchangeActiveDirectory
My SQL OracleLOB App Commercial App
SQL
APPLICATIONS &
SERVICES JEE App .NET App
System Center 2012 R2
Provisioning
Monitoring
Automation & Self Service
Application Insight
IT Service Management
Cloud OS Consistent Experiences
Self Service Portal Moves On-Premises
Common Mgt. Experience
Workload Portability
Cloud-Enabled Services Move On-
Premises
Consistent Dev.
Experience
R2 w/ Service Provider Foundation
Future Services
Service Bus
SQLVMsWebSites
Service Management API
Service ProviderCustomer
R2
ServicePlansUsers Provider
PortalConsumer
Self-ServicePortal
Web SitesAppsDatabaseVMs
Windows Azure Pack
Other Service
sCDN.
Media,, etc.
Caching
Service Bus
SQLVMRole
WebSites
WorkerRole
Service Management API
Web SitesAppsDatabaseVMs
Subscriber Self-
ServicePortal
Microsoft Azure
Microsoft Azure
Microsoft Azure
Moving Data To The Cloud
Reliable offsite data protection
Simple, & integrated solution
Efficient and flexible backup & recovery
Microsoft Azure BackupExtending Windows Server Backup into the Cloud
Contoso Private Cloud(On Premises)
Microsoft Azure
Encrypted data sent to Microsoft Azure
Windows Servers with the Microsoft Azure Backup Agent installed and
configured
ContosoBackup
Vault
Cu
sto
mer
DC
/ E
xp
ressR
ou
te
Part
ner
Locati
on
Archive: StorSimpleStorSimple connects Windows, Hyper-V and VMware servers to Azure Storage in minutes with no application modificationStorSimple Benefits• Consolidates primary, archive, backup, DR
thru seamless integration with Microsoft Azure
• Integrated data management and protection through tiering, de-dupe/compression, cloud snapshots
• DR testing and revolutionary performance for DR
Application Servers
Inactive Primary Data + Backup + Archive + DR
Speed of SSD/SAS
Warm data on SAS Local Tier
Most Active Data on SSD
StorSimple
Azure Public Storage
Microsoft Azure
LAN connection
ISP or ExpressRoute
ExpressRoute to Microsoft Azure• Predictable network performance (reliability)• High throughput (up to 10G)• Low cost of connectivity
Elastic, On-demand, Cost-effective
3. Import Certificate & Deploy Provider
Microsoft Azure Site Recovery
Primary Site
System Center Virtual MachineManager
System Center Virtual MachineManager
Secondary Site
4. VMM Metadata pushed to Azure Site Recovery, outbound, over HTTPS
Demo: Azure Site Recovery and Backup in Action
Ganesh Srinivasan
WAN Optimizers
CORPORATE DATA CENTER
SCVMM 2012 R2 Cloud
SteelHead CXAzure VM
ReplicationTraffic
LAN
MICROSOFT AZURE
Optimize Azure Site Recovery!
Replication
Traffic
EXPR
ESSR
OUTE
Accessing data On-premises from the Cloud
NetApp Private Storage for Microsoft AzureNetApp private storage resides in an
ExpressRoute edge facility Bidirectional data mobility between on-premise and co-location facilities occurs via NetApp replication Secure, high-performance integration between NetApp storage and Microsoft® Azure Compute via Azure ExpressRoute with Equinix Azure
ExpressRoute
On-premises Data Center
Private Cloud
NetApp Storage
Equinix Co-location Facility
NetAppSnapMirror®
SnapVault®
Azure Compute
NetApp Storage
VM …VM VM
NetApp® Private Storage for Microsoft Azure
VMs for App 1
Azure US West
DR VMs for App 1
Azure US East
Zadara Cloud West
Zadara Cloud East
Secure Remote ReplicationAsynchronous and
CompressedOver the Public Internet
Zadara Storage – Storage as a Service
VMs for App 2 DR VMs for App 2
ExpressRoute
Silicon Valley
10G
10G
Washington,
DC
ExpressRoute
Networking in the Cloud
Elastic and on-demand – Burst to the cloud
Develop and test in the Cloud – Dev/Test
Line of Business Applications
Connect from anywhere
Scenarios to optimize the Cloud
VPN
Remote UsersAdmin
Multi Tier Application
Load Balancer
Internet
Web Proxy
DNS / DC
App Servers
Database
On Premises
VIRTUAL NETWORK
DMZ
S2S, ER
Load Balancer (Internal)
Infrastructure
Virtual Network
<subnet X>
<subnet Y>
<subnet Z>
Virtual network
DNS Server
Your Virtual Private Network in the Cloud
Basic building block
Logical isolation with control over network
Create subnets with your private IP addresses
Stable and persistent private IP addresses
IaaS + PaaS together
Isolated and connected
Microsoft Azure
Virtual Network to regional scopeVirtual Networks expanded to regional scope
Different sized VMs (A8, A9, D series, G series) in the same VNet
NEW Allows Public IP prefixes as Virtual Network Address space
Security in the Cloud Grouping of Network traffic rules as security group
Security groups associated with Virtual machines or virtual subnets
Controlled access between machines in subnets
Controlled access to and from Internet
Network traffic rules updated independent of Virtual machines
Virtual Network
Backend10.3/16
Mid-tier10.2/16
Frontend10.1/16
VPN GW
Internet
On Premises 10.0/16
S2SVPNs
Internet
√ √
√ √
Network Security GroupFull 5 tuple based Access control rules
Prioritized set of rules
CIDR for Source and Destination IP ranges
A single port or port range
Applies to intranet and Internet traffic
Applied at the VM and/or Subnet
Pri Access
Src
Port Dst Port Protocol
Subnet
Pri Access
Src
Port Dst Port Protocol
VM1 VM2
NSG 1
NSG 2
NEW
Front End
Azure Load BalancerAzure Infrastructure load balancer – works on both IaaS and PaaS services
Hash based 5 tuple algorithm
Supports TCP and UDP
Custom health probes
Reserved IPs for Load Balancing
NEW Source IP based Affinity – Media service workloads
NEW Increased Idle connection Timeout – Mobile clients
Azure Load Balancer
VIP
Client 1
Client 2
Server 1
Server 2
Source IP based distribution
Timeout ++
Instance Level Public IPAssign public IPs to VMs
Direct reachability to the VM, no endpoint required
Public IP used as the outgoing IP address
Enables scenarios like FTP services, external monitoring
Quota: 5 Public IPs per subscription
PIP1
Internet
DIP1 DIP2
Cloud service
Reserved VIP
Azure Load
Balancer
Microsoft Azure
Public IP1
Public IP 2
Internet
App and Data Tier
Internal Load balancing (ILB) between VMs without public facing endpoints Enables load balancing among VMs with private IP addresses Load balanced endpoint accessible only by customer’s virtual and on-premises networks or just within the cloud service
Multi-tier applications with internal
facing tiers require load balancingMiddle tier, DB backend not
exposed to InternetLoadbalanced endpoints exposed
only to CorpNet Sharepoint, LOB Apps
External load
balancer
Web frontend tier Logic tier
Customer Virtual Network
Internal load
balancer
Customer on-premises
Back end
Front end
Internet
Internal load balancing
Microsoft Azure
Internal VIP
Public VIP
S2S, P2S or Express Route tunnel
DEMOSQL High Availability“SQL Always ON” in a Hybrid environment
SQL ALWAYS ON
SQL Listener
ALWAYS ON
MICROSOFT AZURE
ON PREMISES
APP SERVER
VIRTUAL NETWORK
Connecting to Azure
Hybrid Networking Offerings
Cloud Customer Segment and workloads
Secure point-to-site connectivity
• Developers• POC Efforts• Small scale
deployments• Connect from
anywhere
Secure site-to-site VPN connectivity
• SMB, Enterprises• Connect to Azure
compute
ExpressRoute private connectivity
• SMB & Enterprises• Mission critical workloads• Backup/DR, media, HPC• Connect to all Azure
services
Forced Tunneling“Force” or redirect customer Internet-bound traffic to an on-premises site
Auditing & inspecting outbound traffic from Azure
Needed by many scenarios for critical security and IT policy requirements
NEW
Virtual Network
Backend10.3/16
Mid-tier10.2/16
Frontend10.1/16
VPN GW
Internet
On Premises
S2SVPNs
Forced Tunneledvia S2S VPN Internet
Gateway EnhancementsHigh Performance Gateway
Better throughputMore S2S tunnelsPricing
$0.49 per gateway hourData transfer & VNet traffic rates unchanged
No Encryption option
Allows better throughput for Vnet-to-Vnet within AzureIntra-/Inter-region Vnet-to-Vnet traffic stays within Microsoft networks, not Internet
PFS Support for IKE
Compliance requirements & better security
Operations Logs
NEW
Gateway SKU
ExpressRoute Throughput
S2S Throughput
MaxTunnels
Default 500 Mbps 100 Mbps 10
Performance 1000 Mbps 200 Mbps 30
* Subject to traffic conditions and application behavior
Virtual Network VPN EcosystemNEW
ExpressRoute PartnersExchange Provider Network Service Provider
ExpressRoutepartner location
Publicinternet
Customer site
Microsoft Azure
Customer site 1
Customer site 2
Customer site 3
WANPublic
internet
Microsoft Azure
Enterprise cloud migration strategies involve hybrid scenarios
Unified strategy across private and public clouds
Backup, DR, Archival,… as a service
Flexible and robust platform to run Enterprise workloads
Enterprise grade connectivity solutions
Summary
Breakout SessionsCDP-B229 Mark Russinovich and Mark Minasi on Cloud Computing CDP-B227 Introduction to Microsoft Azure Networking Technologies and What's New CDP-B333 Extending Your Network to Microsoft Azure Using ExpressRoute CDP-B209 Designing Hybrid Scenarios with Microsoft Azure CDP-B212 Microsoft Azure for Enterprises: What and Why CDP-B226 Introduction to Microsoft Azure Infrastructure-as-a-Service CDP-B356 What's New in Microsoft Azure IaaS and Roadmap CDP-B365 Hybrid Cloud Solutions with Microsoft Azure: For Architects
Hands On LabsCDP-H204 Introduction to Microsoft Azure Virtual MachinesDBI-H308 Exploring Manual and Automatic Database Backup Using Microsoft Azure Storage in Microsoft SQL Server 2014
Additional ResourcesNetwork Security Groups: http://msdn.microsoft.com/en-us/library/azure/dn848316.aspx
Related content
Come visit us in the Microsoft Solutions Experience (MSE)!Look for the Cloud and Datacenter Platform area TechExpo Hall 7
For more informationWindows Server Technical Previewhttp://technet.microsoft.com/library/dn765472.aspx
Windows Server
Microsoft Azure
Microsoft Azurehttp://azure.microsoft.com/en-us/
System Center
System Center Technical Previewhttp://technet.microsoft.com/en-us/library/hh546785.aspx
Azure Pack Azure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Developer Network
http://developer.microsoft.com
Azure
Implementing Microsoft Azure Infrastructure Solutions
Classroomtraining
Exams
+
(Coming soon)Microsoft Azure Fundamentals
Developing Microsoft Azure Solutions
MOC
10979
Implementing Microsoft Azure Infrastructure Solutions
Onlinetraining
(Coming soon)Architecting Microsoft Azure Solutions
(Coming soon)Architecting Microsoft Azure Solutions
Developing Microsoft Azure Solutions
(Coming soon)Microsoft Azure Fundamentals
http://bit.ly/Azure-Cert
http://bit.ly/Azure-MVA
http://bit.ly/Azure-Train
Get certified for 1/2 the price at TechEd Europe 2014!http://bit.ly/TechEd-CertDeal
2 5 5MOC
20532
MOC
20533
EXAM
532EXAM
533EXAM
534
MVA MVA
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
TechEd Mobile appPhone or Tablet
QR code
Evaluate this session
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
