Upload
asaf-nakash
View
246
Download
1
Embed Size (px)
Citation preview
April 4–6, 2016New Orleans, Louisiana
#Env16
Asaf [email protected]
Optimize Your Azure Architecture
Who is Cloud Valley?
About Cloud Valley
Architecture Licensing
Deployment \ Training
Monitoring\ Maintenance\ Support
Low level design document Best practices for every
workload Monthly updates Capacity Planning Architecture Review \
Redesign Flexible R&D Services
Technical Management 24/7 Support Center Automated Services
Hands-On Implementation and configuration
Migration (On Premise, Cloud, Hosting)
Workshops Labs
Cost Estimations Monthly Cost Review Special Offerings Cost Optimization
34Azure regions2X the number of AWS regions
Atlanta
Chicago
Dallas
Silicon Valley Washington DC
AmsterdamDublin*
London
ChennaiHong Kong
Mumbai*
Melbourne*
Osaka
Singapore
Sydney
Tokyo
New York
US DoD West
US DoD East Korea
South
Korea Central
Coming Soon
Azure regions in Europe
5
West Europe
Germany Northeast**
Germany Central**
United Kingdom West
United Kingdom South
North Europe
"Microsoft’s comprehensive hybrid story, which spans applications and platforms as well as infrastructure, is highly attractive to many companies, drawing them towards the cloud in general.”
LYDIA LEONG, GARTNER
Industryvalidation
Microsoft a Leader in Gartner Magic QuadrantsPublic Cloud IaaS (May 2015)
Microsoft
Cloud Storage (June 2015) Enterprise Application PaaS (Jan 2014)
Microsoft
X86 Server Virtualization (July 2014)
MicrosoftMicrosoft
Azure ComplianceAzure has the largest compliance portfolio in the industry
United States
HIPAA / HITECH
FedRAMP JAB P-ATO
FIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS21 CFRPart 11
IRS 1075 Section 508 VPAT
IndustryISO 27001 PCI DSS Level 1SOC 1 Type 2 SOC 2 Type 2 ISO 27018Cloud Controls
MatrixContent Delivery andSecurity Association
SharedAssessments
RegionalEuropean
UnionModel Clauses
United Kingdom G-Cloud
SingaporeMTCS Level 3
Australian Signals
Directorate
JapanFinancial Services
China MultiLayer Protection
Scheme
ChinaCCCPPF
New Zealand
GCIO
ChinaGB
18030
ENISAIAF
Know your Azure Portal
שירותי עם .Azureהיכרות בפורטל והתמצאות השונים
Azure uses both Microsoft identity servicesTwo services:
Azure Active Directory (AAD) system Microsoft Account (MSA) system
Two types of accounts: Work or school account (AAD)
Microsoft account (MSA)
The impact:Two different accounts can exist with the same username
Different passwordsDifferent access
Signup defaults to use MSA
Selecting the right identity
AAD is used for organizational identity managementDirectory admins can apply identity, authentication and authorization policies for appsAzure is modeled as an app that belongs to the directoryThe directory has different roles than the subscription
Applied to Azure subscriptions:Every Azure subscription belongs to a directory (n:1)Even if you sign up with an MSA, you get a directory
A subscription’s directory:Limits the work accounts that may be added as a co-admin or RBAC roleContains policies that impact authentication & authorization for the subscriptionDirectory global admins of the directory have the ability to access subscription
Subscription Management
Contoso’s
DirectoryAzure
Subscription 1Azure
Subscription 2Office Subscription
• Subscriptions• Resource Group• ASM vs ASR• RBAC
Know Your Azure Portal - Demo
Basic Billing & Subscription Management
דרך שלנו ההוצאות אחרי לעקוב מנת על לנו שיש והכלים החודשי החשבון הבנתהפורטל.
For all usage and billing activities, use the accounts portal:
Where to go? For resource management, use the management portal or preview portal:
Billing Invoice
Overview of the Azure Invoice
Understanding the detailed usage CSV file
From Servers to Services
- מ – מעבר איך לשירותים - IaaS משרתים .PaaSל התפעולית היעילות את מגדיל
Platform Services
Security & Manageme
nt
Infrastructure ServicesCompute Storage
Datacenter Infrastructure (24 Regions, 19 Online)
Web and MobileWeb Apps
MobileApps
APIManagement
APIApps
LogicApps
NotificationHubs
Media & CDNContent DeliveryNetwork (CDN)
MediaServices
Analytics & IoT
HDInsight MachineLearning
StreamAnalytics
DataFactory
EventHubs
MobileEngagement
ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
IntegrationBiztalkServices
HybridConnections
ServiceBus
StorageQueues
Store /Marketplace
HybridOperations
Backup
StorSimple
SiteRecovery
Import/Export
Networking
Data
SQLDatabase
DocumentDB
RedisCache Search
Tables
SQL DataWarehouse
Azure AD Connect Health
Virtual Network
ExpressRoute
BLOB Storage
Azure Files
Premium Storage
Virtual Machines
AD PrivilegedIdentity Management
Traffic Manager
Application Gateway
OperationalInsights
ComputeCloudServices
Batch Remote App
ServiceFabric
Developer Services
Visual Studio
ApplicationInsights
Azure SDK
Team Project
Containers
VM Image Gallery& VM Depot
DNS VPN Gateway
Load Balancer
Security Center
Hy
Partner IT
Cloud provider
Responsibility
On-premises
Storage
Servers
Networking
OS
Middleware
Virtualization
Applications
Data
Runtime
Private cloudinfrastructure
as a service (Iaas)
Storage
Servers
Networking
OS
Middleware
Applications
Data
Runtime
Platformas a service(PaaS)
Storage
Servers
OS
Middleware
Virtualization
Data
Runtime
Applications
Softwareas a service(SaaS)
Storage
Servers
OS
Middleware
Virtualization
Data
Runtime
Applications
Networking Networking
Storage
Servers
Networking
OS
Middleware
Virtualization
Applications
Data
Runtime
Public cloudinfrastructure
as a service (IaaS)
Virtualization
Hybrid cloudMoving up the stack
Abstraction
CommoditizedCustomized
Customized Commoditized
Azure Compute Choices
Degree of Customization
Speed of Delivery
Web Apps (PaaS)
VM Scale Sets & Containers (IaaS)
Virtual Machines (IaaS)
Mobile Apps (PaaS)
Goal: Be as “Far Right” as Possible
Infrastructure ServicesStorage
BLOB Storage
Azure Files
Premium Storage
ComputeVirtualMachine
Containers
NetworkingVirtual Network
ExpressRoute
Traffic Manager
Application Gateway
DNS VPN Gateway
Load Balancer
Platform ServicesWeb and mobile
Web Apps
MobileApps
APIManagement
APIApps
LogicApps
NotificationHubs
Media and CDNContent DeliveryNetwork (CDN)
MediaServices
Analytics and IoT
HDInsight MachineLearning
StreamAnalytics
DataFactory
EventHubs
MobileEngagement
IntegrationBizTalkServices
HybridConnections
ServiceBus
StorageQueues
DataSQLDatabase
DocumentDB
RedisCache Search
Tables
SQL DataWarehouse
ComputeCloudServices
Batch Remote App
ServiceFabric
Developer servicesVisual Studio
ApplicationInsights
Azure SDK
Team Project
Security and Management
ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
Store/Marketplace
VM Image Galleryand VM Depot
HybridOperations
Backup
SiteRecovery
Import/Export
AD PrivilegedIdentity Management
OperationalInsights
Azure AD Connect Health
StorSimple
Datacenter Infrastructure (24 regions, 19 online)
IAAS
Infrastructure ServicesStorage
BLOB Storage
Azure Files
Premium Storage
ComputeVirtualMachine
Containers
NetworkingVirtual Network
ExpressRoute
Traffic Manager
Application Gateway
DNS VPN Gateway
Load Balancer
Platform ServicesWeb and mobile
Web Apps
MobileApps
APIManagement
APIApps
LogicApps
NotificationHubs
Media and CDNContent DeliveryNetwork (CDN)
MediaServices
Analytics and IoT
HDInsight MachineLearning
StreamAnalytics
DataFactory
EventHubs
MobileEngagement
IntegrationBizTalkServices
HybridConnections
ServiceBus
StorageQueues
DataSQLDatabase
DocumentDB
RedisCache Search
Tables
SQL DataWarehouse
ComputeCloudServices
Batch Remote App
ServiceFabric
Developer servicesVisual Studio
ApplicationInsights
Azure SDK
Team Project
Security and Management
ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
Store/Marketplace
VM Image Galleryand VM Depot
HybridOperations
Backup
SiteRecovery
Import/Export
AD PrivilegedIdentity Management
OperationalInsights
Azure AD Connect Health
StorSimple
Datacenter Infrastructure (24 regions, 19 online)
PAAS
What we learn from more than 150 azure deployments
- מ מיותר למדנו של 150מה .Azureהטמעות וסטארטאפים גדולים בארגונים
Cloud Valley – what we’ve learned ARM is the default Azure CPP - Compute Pre-Purchase plan Manage your azure spending – Power BI Semi annually architecture verification Azure families – F as an example Don’t throw away your local investments It’s never too late for optimization How we work with our customers
High Availability from the Cost perspective Azure SQL Example , כסף על מדבר לא אחד אף זמינות על מדברים .כולם
Azure SQL Database vs SQL Server on VMs
Existing applications that requires full box product functionality.
Removing CAPEX.
BEST FOR…
TCO BENEFITS
Applications that need elastic scale and/or reduced overhead.
Avoiding CAPEX and OPEX.
SQL Server in a VM Azure SQL Database
Scale up to 20,000 IOPS.SCALABILITY Scale out to thousands of DBs, process TBs of OLTP data.
Customer has ecosystem of IT resources for support and maintenance.
RESOURCESCustomer does not want to add additional IT resources for support and maintenance.
Data platform continuum
Physical
SQL ServerPhysical Machines (raw iron)
Infrastructure as a service
SQL Server in Azure VMVirtualized Machines
Platformas a service
Azure SQL DatabaseVirtualized Databases
Softwareas a service
Virtual
SQL Server Private CloudVirtualized Machines + Appliances
Hybrid CloudOn premisesShared
Lower cost
Dedicated Higher cost
Higher administration Lower administration
Off premises
What shell we use• IaaS Cost for HA:• 2 x VM • Premium Storage for high IOPS.• 2 x SQL Server Enterprise Licence
• PaaS Cost • Per DB from $5 (5 DTU) to $16K (4000 DTU)• Per Elastic Set of DB
• Flexible scenario that combine the two• Select the right solution for this time – let the price decide• Start with single DB• See if you can move to elastic to get better solution• In some point consider going back to IaaS Solution to save
mony• Don’t forget that in IaaS we are responsible for HA, Backup and
SLA
Evolution of SQL Database over the past year Increased from 99.9% to 99.99% uptime SLASLA
Service design enables scale up and out of resources, delivering predictable throughput and performance regardless of demandsPerformance
Point-in-time-restore, geo-restore, and standard and active geo-replication protect against human and environmental-initiated events
Protection
Azure certifications: ISO, HIPAA BAA, EU Model ClauseAuditing on SQL DatabaseCompliance
Hourly billing and broad set of price pointsFlexibility