Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
What's new and changing in Azure
Eliot Mansfield Prac%ce Director -‐ Cloud
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Cloud is changing how IT works • Constant innova0on and updates
• Azure releases new services almost every month • Exis0ng services are improved constantly • New regions coming online
• Need to learn new skills and adapt to change
• Provide staff access to sandpit areas to develop skills • Pay aAen0on to MicrosoB newsleAers for updates
• Last years best prac0ce could be this years legacy design
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Looking towards Azure
• It’s evolving very rapidly • Significant ac0vity in central and local government • Support for specialist workloads such as SAP • Constant wave of releases and enhancements • Solu0ons such as “Azure stack” eliminate governance issues for on-‐prem
• A cloud first strategy isn’t a cloud only strategy • Use cloud to innovate rather than duplicate • Does it reduce complexity, improve service or reduce cost? • You can’t sweat an asset in the cloud
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Code isn’t a dirty word • Infrastructure as code (IaC)
• Standardised reusable assets • Visual Studio to develop templates • Source Control (VS-‐TS or GITHUB)
• Developers and Opera0onal staff must work together • Devs no longer beholden to techies to build servers for them J • However, devs s0ll don’t care much about the overall picture L
• Infrastructure people need to “learn up” into developer mindset • Visual studio has replaced Virtual centre on my start menu!
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Azure covers 69 compliance offerings
US
G
ov
Glo
bal
Reg
iona
l In
dust
ry
þ ISO 27001:2013 þ ISO 27017:2015 þ ISO 27018:2014
þ ISO 22301:2012 þ ISO 9001:2015 þ ISO 20000-‐1:2011
þ SOC 1 Type 2 þ SOC 2 Type 2 þ SOC 3
þ CSA STAR Cer0fica0on þ CSA STAR AAesta0on þ CSA STAR Self-‐Assessment þ WCAG 2.0
þ FedRAMP High þ FedRAMP Moderate þ EAR
þ DoD DISA SRG Level 5 þ DoD DISA SRG Level 4 þ DoD DISA SRG Level 2 þ DFARS
þ DoE 10 CFR Part 810 þ NIST SP 800-‐171 þ NIST CSF þ Sec0on 508 VPATs
þ PCI DSS Level 1 þ GLBA þ FFIEC þ Shared Assessments þ FISC (Japan)
þ FCA (UK) þ MAS + ABS (Singapore) þ 23 NYCRR 500 þ HIPAA BAA þ HITRUST
þ 21 CFR Part 11 (GxP) þ MARS-‐E þ NHS IG Toolkit (UK) þ NEN 7510:2011 (Netherlands) þ FERPA
þ CDSA þ MPAA þ FACT (UK)
þ Argen0na PDPA þ Australia CCSL / IRAP þ Canada Privacy Laws þ China GB 18030:2005 þ China DJCP (MLPS) Level 3
þ Germany C5 þ India MeitY þ Japan CS Mark Gold þ Japan My Number Act þ Netherlands BIR 2012 þ New Zealand Gov CIO Fwk
þ Singapore MTCS Level 3 þ Spain ENS þ Spain DPA þ UK Cyber Essen0als Plus þ UK G-‐Cloud þ UK PASF
þ FIPS 140-‐2 þ ITAR þ CJIS þ IRS 1075
þ China TRUCS / CCCPPF þ EN 301 549 þ EU ENISA IAF þ EU Model Clauses þ EU – US Privacy Shield þ Germany IT-Grundschutz workbook
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
(On-
Premises)
IaaS “Just add Apps”
PaaS “Just add Data”
As a what?
Storage
Servers
Networking
O/S
Middleware
Virtualization
Data
Applications
Runtime
Storage
Servers
Networking
Middleware
Virtualization
Data
Applications
Runtime
You
man
age M
anaged by vendor
Man
aged
by
vend
or
You
man
age
You manage
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
SaaS “Just add users”
Managed by vendor
Storage
Servers
Networking
O/S
Middleware
Virtualization
Applications
Runtime
Data
O/S
Most Flexible Lowest Cost
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Reducing the cost of Azure • Reserved instances
• Commitment for 1 or 3 years • Can amend if your needs change
• Hybrid use benefit • Use your on-‐premise licences
• 99.9% SLA for single instance machines • Avoids need to double up instances • Advanced no0ce of maintenance
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Modernise and reduce costs • Leverage the pay as you use model
• Business hours are just 1/3rd of a calendar month • Scale up in working hours, scale down out of hours
• Consider PaaS rather than IaaS when possible • IaaS is s0ll requires feeding and watering..
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Compute • Dv3 Series –General purpose produc0on applica0on workloads • Ev3 Series – Database workloads, high-‐memory to core ra0os • M Series – Large in-‐memory databases such as SAP • B Series – Smaller workloads that are idle much of the 0me – • Fv2 Series – Scien0fic modelling, cluster compu0ng, gaming and analy0cs
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Availability options • Single VM SLA • Availability Zones • Azure to Azure Site Recovery Manager
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
IaaS meets PaaS • Service Endpoints
• SQL PaaS • Storage Accounts
• Azure File Sync • Centralise file storage in Azure • Cache hot files locally
IaaS VM
SQL PaaSStorage blob
IaaS VM
SQL PaaS Storage blob
Before Service Endpoints:
With Service Endpoints:
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Network Improvements • Global vNet peering; link your primary and secondary DC’s for replica0on • Expressroute simplified; Only 2 peering’s & ability to overlay encryp0on • Simplified support for HA network virtual appliances (Preview)
Primary Site Hub vNet
PeeringDR Site – Hub vnet
Primary SharedSecondary Shared
Local Peering
ExpressRoute
Primary Region (UK SOUTH)DR Region (UK WEST)
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Accelerated Networking • Direct communica0on with the network interface • Significantly reduced latency and jiAer • Run the most performance-‐sensi0ve workloads • 25 Gbps networking speed
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Your path to cloud • LiB and shiB exis0ng Infrastructure
• Quick and rela0vely easy, remember; rubbish in – rubbish out • S0ll need networking and security • ASR or Velostrata
• Migrate / Upgrade into cloud • More 0me consuming – but architected for cloud
• Scratch built in the cloud • Can modernise and leverage PaaS and Func0ons as a Service
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Questions.. Any Ques0ons….
Supporting Content
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Azure DDOS protection • Basic DDOS mainly protects the plauorm • Standard DDOS will clean and mi0gate aAacks
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
From the team • Plan before you deploy
• Don’t paint yourself into a corner by hivng limits • Don’t obsess with long term design • Be prepared to refine and redeploy (IaC)
• Subscrip0ons, Resource Groups, Roles and Policy • Update security principles for cloud • Establish naming and tagging standards
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
IaaS – It’s still your problem • You s0ll need a network and you s0ll need to secure it
• Outbound traffic is open • Consider firewall appliances
• Your VM’s s0ll need patching • They s0ll run out of disk space!
• Latency; some apps are ‘chaAy’
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Secure your cloud • Secure the network
• All outbound traffic is allowed by default • All traffic between vNets and on-‐premise is allowed by default • Use ACLs or Firewalls
• Storage accounts • Change the keys and monitor access to the keys • Use Managed disks
• Aler0ng and monitoring • Use inbuilt or third party log monitoring tools • Configure alerts for unusual and sensi0ve ac0vity
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
3 Tier Apps
Peering-vnet-003-vnet-001
Vnet
WAHL
EDM
File Share
SQL PaaS
Web Front EndVirus Checker AD
Content Man
WAF
ADMail Citrix
SQL PaaSNSGNSGNSG
SFTP
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Maintenance
• Control the 0ming of impacuul planned maintenance on your VMs prior to plauorm maintenance. • Configure alerts about upcoming maintenance via SMS, email, webhook, and through in-‐VM REST API.
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
IoT cloud project • HomeSeer • Azure IoT Hub • Stream Analy0cs • Azure SQL PaaS • Power BI • Azure App Service
DEFINE | ACCELERATE | ASSURE CLOUD. SIMPLIFIED.
Azure Iot & Power BI