Live from a one day Azure Camp for IT

Cloud OS area

New trend usages:

  • social network (Twitter, Facebook, LinkedIn…)
  • data volume is increasing
    • 80% are unstructured data
  • number of connected devices is increasing
    • 7 M people for 6 M SIM card >>> more connected devices than people

 

Windows Server 2012 is the first ‘On Premise’ cloud OS which integrates with Windows Azure; meaning you can move your virtual machines from On Premises to Online service and vice versa

Windows Azure is composed by 8 datacenters across the world (4 in US, 2 in Europe and 2 in Asia)

Windows Azure is proposing:

  • web apps (web sites)
  • cloud apps (cloud services)
  • existing apps (virtual machines)

 

 

Windows Azure: network, load balancing and CDN

Windows Azure Connect

Simple network connectivity to implement and administer

Less scalability (1 to n – developer station to n virtual machine)

Windows Azure Virtual Network

Site to site VPN for Enterprise customers

This includes fault tolerance, load balancing and more complex scenario (n to n)

 

Consider Windows Azure datacenter as an extension of your branch office network; like a virtual/cloud branch office connected to your datacenter using a site to site VPN

 

Network plan must be compliant with the RFC 1918 – i.e. non routable IP addresses

Use case:

  • application running on Azure and consuming data from your On Premise databases
  • identity and access management based on your local Active Directory
  • monitoring and troubleshooting from your On Premises using System Center products suite

 

Current Limitations (v1)

  • 5 virtual network
  • 5 sites
  • 1 virtual network per affinity group
  • 1 local site
  • 9 DNS server
  • IP v4 only
  • No broadcast or multicast
  • 1 public IP address
  • 1 IP address per site gateway
  • No IKE v2 support
  • No certificate authentication support

 

CDN

CDN: content Delivery Network

Distributed network associated with Point of Presence’s: 24 Azure CDN across the world

Users are connected through the nearest POP to reach the content requested

CDN delivers:

  • static content
  • pay per use
  • peak load

 

 

Windows Azure Virtual Machine

PaaS vs Iaas >> PaaS is more recommended to support peak load

Use IaaS for

  • LOB application
  • Infrastructure services
    • file share, database, identity management…
  • Duplicate existing environment
    • for example to deploy a pre production environment
  • Hybrid deployment

 

Available OS

  • Windows 2008 R2 to Windows 2012
  • Windows 2008 R2 with SQL 2012
  • BizTalk 2010 R2
  • OpenSuse 12.1
  • CentOS 6.2
  • Ubuntu 12.0.4

You have to pay even if your VM is stopped because you are consuming anyway some resources, such as storage space. To stop paying, you must remove the virtual machine but you can keep the hard drive used.

To upload an existing VHD from your On Premise to Windows Azure, you must upload it using page blob option through Azure Explorer

VHD must be fixed size

Virtual disk can be moved between Azure and On Premises

Any data written on Azure disks are duplicated 3 times

Virtual Hard Drive Limitations

  • System disk: 127 Go
    • Cache Default: ReadWrite
    • Available option: ReadOnly
  • Data disk: 1 To but can be aggregated
    • Cache Default: none
    • Available options: ReadOnly or ReadWrite

Options are set using PowerShell – Set-AzureOSDisk or Set-AzureDataDisk

To manage cache, Windows Azure Virtual Machine is using a Temporary Storage (not persistent)

 

Management and automation

  • Group Policy
  • Scripting cross platform (JS)
  • System Center
  • PowerShell
  • Rest API

You can use Get-AzurePublishSettingsFile to get an auto generated configuration file to connect to your Azure subscription using PowerShell (see http://msdn.microsoft.com/en-us/library/windowsazure/jj152882.aspx).

 

SLA

  • 99.95 % with redundancy (4.38 h per year)
  • 99.9 % (8.75 h per year)

 

 

Windows Azure and Active Directory

Active Directory database and SYSVOL must be located on data virtual drive

Writing cache is not supported with Active Directory (FUA – Forced Unit Access)

Ongoing request are free; Outgoing request are paid

Active Directory topology with AD on Azure must be managed identically than with ‘On Premises’ AD topology with Headquarter and branch office

It’s recommended to deploy a Global Catalog on Azure to optimize authentication request (and so usage and pricing)

AD architecture (i.e. trust relationship or replication) has to be defined accordingly to your need; this is exactly the same problem with On Premises

Azure Virtual Machine are using DHCP for IP address assignment so the AD wizard will alert you but that’s ok as the IP address lease never expires

DNS service must be deploy within the domain controller deployed on Azure as Azure DNS doesn’t support DNS requirements for AD (SRV record….)

 

 

SharePoint on Azure

You can also take a look to my post from the SharePoint Conference 2012 http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=457

3 options:

  • On Premises: full control
    • Can be costly
  • IaaS: ie hosted SharePoint
    • Less control
    • Virtual Machine on Azure
    • Full SharePoint control
    • Simple application
  • SaaS: ie Office 365
    • Few control

 

Use of SharePoint on Azure for:

  • Internet Site: SharePoint for Internet Site
  • Development, test or pre production platforms
  • Hybrid mode
    • for example Business Intelligence or Extranet mode
  • Disaster Recovery

 

What about support? SharePoint 2010 or 2013 can be deployed (Foundation or Server) on Azure, except Fast for SharePoint 2010 (SharePoint 2013 Server is not yet supported but it’s coming soon)

 

 

Windows Azure Active Directory(AAD)

This is not AD running on Azure but an identity management and access control solution to provide access to cloud service

This allow identity consolidation between application on the cloud what ever the identity provider or organization used by the application, whatever the platform or the device use
d to connect to the application

ADD is used by Office 365, Dynamics CRM Online and Window Intune subscriptions

AAD can be synchronized and federated with your local AD

  • Federation is used for authentication (SSO)
  • Synchronization is used to manage access control based on your local AD identities and roles (DirSync or AAD connector for FIM 2010)

You can use GraphExporer to get details about AAD (such as schema, objects….) http://graphexplorer.cloudapp.net

The AAD is currently available as a preview http://g.microsoftonline.com/0AX00en/5

 

 

Storage

You can take look at the SOSP Paper available at http://blogs.msdn.com/b/windowsazure/archive/2011/11/21/windows-azure-storage-a-highly-available-cloud-storage-service-with-strong-consistency.aspx

Storage on Azure is declined with the following

  • Blobs: file name with metadata
    • Block blob: write once, multiple read // limited to 200 Go par blob // optimized for concurrent access
    • Page blog: multiple read/write
  • Drives: high availability drive, used by VM’s
    • Formatted Page blog
    • Write access are done synchronously
  • Tables: structured data used to store logs (noSQL)
  • Queue: sends notification between web and broker roles for application on Azure

 

 

Use System Center 2012

System Center products line:

  • SCVMM: private cloud management
  • Orchestrator: tasks automation
  • App Controller: self-service portal
  • Service Manager: helpdesk and service request management
  • Operation Manager: monitoring
  • Configuration Manager: software and updates deployment with inventorying
  • Data Protection Manager: backup and restoration
  • Endpoint Protection: antiviral and antimalware protection

System Center 2012 is integrating with Windows Azure and additionally with Windows Intune (to manage client configuration – software deployment and updates management)

System Center 2012 is able to manage on-premises systems as well as cloud services (Azure Virtual Machines) with the incoming SP1 (GA is schedule for January 2013 – more details http://www.microsoft.com/en-us/server-cloud/system-center/sp1-default.aspx)

System Center App Controller will be able to perform VM move between On Premises and Azure cloud service

 

Backup

A new service is available to extend Windows Backup tool to store backup files on Azure: Windows Server Online Backup Service

This is an agent which will automatically backup date directly on Windows Azure Storage; there is no centralized management, agent must be deployed on every server manually

Details http://blogs.technet.com/b/server-cloud/archive/2012/09/07/windows-azure-online-backup.aspx

 

DPM is performing the same thing than WSOBS but this is a centralized solution which allow to choose where to store the backup: On Premise or Online

Windows Azure Storage could help to manage longer retention time for backup

 

 

Pricing

New approach of the IT: OPEX vs APEX

Public cloud benefits:

  • cost reduction: end of hardware ordering and maintenance
  • agility: quickly deploy and undeploy
  • productivity: high value task oriented

3 options:

  • MOSP: pay per use
    • all Azure service available
    • use of credit card
    • monthly billing
  • MOSP
    • monthly billing
    • engagement period: 6 to 12 months
    • Min: 350 € / month
  • Enterprise Agreement
    • Min: 24 000 € / year
    • engagement period: 12 month mini

Cost = VM cost [based on VM template) + storage + transaction (0,0071 € per 100 000)

Incoming requests are free

Options:

  • encryption
  • geo replication

Pricing calculator: http://www.windowsazure.com/en-us/pricing/calculator/