View
0
Download
0
Category
Preview:
Citation preview
♡ ♡
•
•
•
•
•
• Sasha Kranjac
• Azure and Security Expert @ Kranjac - IT Training
& Consulting
• @SasaKranjac
• Microsoft Azure MVP
• MCSE, MCP, MCSA, MCITP, Microsoft Certified
Trainer (MCT), MCT Regional Lead, Certified
Ethical Hacker (CEH), Certified EC-Council
Instructor (CEI)
AM COFFEE LUNCH PM COFFEE
10:45 - 11:15 12:15 - 13:15 14:35 - 15:15
PaaSA platform of
services for
hosting a
custom
solution
IaaSA way to run
virtual servers
in the cloud
with full
control
SaaSA complete
software
solution
Who manages what?
Infrastructureas a Service
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Manag
ed
by M
icroso
ft
Yo
u s
cale
, make
resi
lient
& m
anag
e
Platformas a Service
Sca
le, R
esilie
nce
and
manag
em
ent b
y Micro
soft
Yo
u m
anag
e
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
On PremisesPhysical / Virtual
Yo
u s
cale
, make
resi
lient
and
manag
e
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Softwareas a Service
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
Sca
le, R
esilie
nce
and
manag
em
ent b
y Micro
soft
Windows Azure
Virtual Machines
Windows Azure
Cloud Services
•Azure portal
• PowerShell
•Azure Automation
•Azure CLI
•Visual Studio
•Azure Resource Manager provides a method for
grouping and managing Azure resources
• The advantages include:
• Manage resources as a group
• Reuse solutions and consistently deploy resources
• Quickly deploy and re-deploy large solutions
• Define dependencies and resource deployment order
• Use role-based access control for permissions
• Logically organize resources by using tags
•Resource groups enable logical groupings of
resources
•Resources are assigned to a resource group when
created
• Some resources can be moved between resource
groups
• Virtual networks and subnets
• Network interfaces
• IP addresses (private and public)
• Virtual network-based DNS and Azure DNS
• Azure Load Balancer
• Application Gateway
• Traffic Manager
• Network security groups
• User-defined routes
• Forced tunneling
• Virtual network connectivity
• Virtual network gateways
• An IP address space with one or more subnets:
• Private:
• 10.x.x.x
• 172.16.x.x – 172.31.x.x
• 192.168.x.x
• Public (supported, but rarely used)
• IP addresses:• Private – allocated to VM NICs or internal load balancers
• Public – assigned to VM NICs or load balancers
• DNS name resolution:• Default – Internet names and names within the virtual network
• Custom – cross-premises, cross-virtual networks, custom domains
Customer 2
Isolated Virtual
Networks
Customer 1
Subnet 1 Deployment X Deployment Y
VLAN-to-VLAN
Subnet 2 Subnet 3
DNS Server
Microsoft Azure
Azure virtual machines support:
• Windows Server:
• All currently supported versions (CSA required for older ones)
• All roles and features, except:
• DHCP, Direct Access, RMS, Windows DS
• iSNS, MPIO, NLB, PNRP, SNMP, Storage Manager for SANs, WINS,
Wireless LAN Service
• Linux:
• CentOS, CoreOS, Debian, Oracle Linux, Red Hat, SUSE,
openSUSE, and Ubuntu
• Windows Server software:
• FIM, MIM, SharePoint Server, SQL Server, System Center, and
more
• General purpose:
• Balanced CPU-to-memory ratio
• A0-A7, Av2, D, Dv2, Dv3, DS, DSv2, Dsv3 series
• Compute optimized:
• High CPU-to-memory ratio
• Fs and F series
• Memory optimized:
• High memory-to-CPU ratio
• D, Dv2, DS, DSv2, Ev3, Esv3, Ms, G, and GS series
• Storage optimized:
• High-performance disk I/O
• Ls series
• GPU:
• Graphic Processing Unit support
• NV and NC series
• High performance compute:
• Fastest CPUs and optional high-throughput RDMA
• H series and A8-A11
•Azure VMs in an availability set:
• Logical grouping of two or more Azure VMs
• Must be assigned during Azure VM deployment
• Up to 3 fault domains
• Up to 20 update domains
• 99.95% availability SLA
• Considerations:
• Add multiple virtual machines to the same availability set
• Place application tiers in separate availability sets
• Combine availability sets with load balancing
• Standalone VMs:
• 99.9% availability SLA if using Premium storage disks
• Web Apps:
• Near instant deployment
• SSL and Custom Domain Names available in some tiers
• WebJobs provide background processing for independent scaling
• Can Scale to larger machines without redeploying applications
• SQL-as-a-Service Offering:
• Fully managed
• Automatically replicated
• Compatible with existing TDS-capable software:
• Visual Studio
• SQL Server Management Studio
• Entity Framework
• Managed using existing tools, the CLI, PowerShell or
the Portal
• Performance measured in a predictable manner:
• Database Throughput Units (DTUs)
•Azure provides money-backed SLAs for IaaS
services:
• Two Instances or more in an Availability Set = 99.95%
• Single Instance VM using Premium Storage = 99.9%
•Decisions should based on cost and availability
requirements
• Single instance VM would gain 99.9% SLA if it
complies with:
• Premium Storage for all Operating System Disks and
Data Disks
•Any single instance VM without Premium storage
receives no SLA
•Availability Sets provide assurance that any
multiple instance VM will be available 99.95%
of the time
Availability Sets cater for planned and unplanned maintenance using Update Domains and Fault Domains
When planning multiple tier applications use
multiple Availability sets, one per tier
•Azure Load Balancer:
• Internal load balancer
• Internet-facing load balancer
• To configure:
• Assign a front-end IP
• Public for an Internet-facing load balancer
• Private for an internal load balancer
• Assign back-end address pool
• Create load-balancing rules
• Create inbound NAT rules (optional)
• Create health probes
•Application Gateway
• Traffic Manager
•Azure Functions:
• Build on WebJobs Technology
• Available in Consumption and App Service Plan billing
modes
• Can be deployed using Scripts or Pre-Compiled
• Managed and Edited directly in the portal:
• Supports CI from GitHub or VSO if preferred
•Azure Functions features no-code triggers that
can invoke a function based on changes in the
following services:
• Azure:
• Storage Blobs
• Cosmos DB
• Storage Tables
• Mobile Apps
• Office 365 Files
• Third-Party:
• Twilio
• SendGrid
•Automation workflow solution:
• No-code designer for rapid creation of integration
solutions
• Pre-built templates to simplify getting started
• Out-of-box support for popular SaaS and on-premises
integrations
• BizTalk APIs available to advanced integration solutions
• JSON-based workflow definition:
• Can be deployed using ARM templates
Plan1 Monitor + Learn
ReleaseDevelop +
Test2
Development Production
4
3
DevOps
✓ Centrally manage users and access to
Azure, O365, and hundreds of pre-
integrated cloud applications
✓ Build Azure AD into your web and
mobile applications
✓ Can extend on-premises directories to
Azure AD through synchronizationEnd Users
Active Directory
Azure Active Directory Cloud Apps
✓ Protect sensitive data and applications
both on-premises and in the cloud with
Multi Factor Authentication
✓ Can use Active Directory (on-premises)
with Azure Active Directory (in cloud) to
enable single sign-on, a single directory,
and centralized identity management
✓ Multi Factor Authentication can be
implemented with Phone Factor or with
AD on-premises
Active Directory
Microsoft AzureActive Directory
Virtual Machines:
✓ Data drives – full disk encryption through BitLocker
✓ Boot drives – partner solutions
✓ SQL Server – Transparent Data Encryption
✓ Files & folders - EFS in Windows Server
Storage:✓ Bitlocker encryption of drives for import/export of
data
✓ Server-side encryption of Blob Storage using AES-256
✓ Client-side encryption w/.NET and Java support
✓ StorSimple with AES-256 encryption
Applications:✓ Client Side encryption through .NET Crypto API
✓ RMS SDK for file encryption by your applications
Recommended