38 sessions at teched talking about some aspect of “hybrid”

Designing Hybrid Scenarios with Microsoft AzureGanesh SrinivasanNarayan AnnamalaiYu-Shun WangMicrosoft Corporation

CDP-B209

Hybrid Overview and Scenarios

Networking in the Cloud

Hybrid Networking Services

Agenda

38 sessions at TechEd talking about some aspect of “Hybrid”

OPTIMIZED DATA CENTERWell Managed Infrastructure & Applications

CLOUDService OrientedThe

Evolution

Silo-ed EfficiencyHost / Collocate

Legacy Application Cost ReductionRe - platform

Legacy / Silo Application NewRequirements

Re - write

Additional Functionality InnovateExpand

New Functionality ScalabilityBurst out

Cloud Native Application Cloud CapabilityCloud Service

Expanding Legacy Platforms

To Modernizing Workloads

Silo-ed Architectures

App 1

Expansion

Expansion

Expansion

App 2

Expansion

Expansion

App 3

Expansion

Managing Platforms

Managing Services

On PremisesLegacy

App 1

Silo-edArchitectures

On PremisesPrivate Cloud

LeveragedInfrastructure

App 2

LeveragedInfrastructure

Off PremisesIaaS – SaaS -

PaaS

Services

ServiceOriented

App 3

Identity

Application

Data

OS

VirtualizationHW

Storage

Network

Unix Linux

MainframeWindows

X

Owning

compute storage

network

ConsumingApp

Resource silo #1

App Resource

silo #2

App Resource

silo #3

A Unified Cloud Strategy

Azure

Microsoft Azure

Windows Server System Center

On Premises

Compute/storage/network

Windows Server System Center

Service provider

Compute/storage/network

Management Portal/API

Web sites

VM Service

bus

Management Portal/API

Web sites

VM Service

bus

Management Portal/API

Web sites

VM Service

bus

• flexible development

• unified management

• common identity

• integrated virtualization

• complete data platform

* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com

APP SERVICES

NETWORKING & AUTOMATION SERVICES

COMPUTE SERVICES DATA SERVICES

So what is Hybrid …

On Premises Private Cloud

AutomationHealth Monitoring

Site-to-Site VPNPoint-to-Site VPN

Express Route

Azure Web Site

web roles

worker roles

Virtual Machine

s

Azure Mobile

Services

TFS or VS Online

+ GIT

Azure AD

Multi-Factor Auth

Azure Cache

Access Control

BizTalk Services

Media Services

Service Bus

Notification Hub

Scheduler

SANStorage

Spaces/SMB

Server Group #1 Server Group #2

VIRTUALIZATION

COMPUTE,STORAGE &

NETWORKING

Physical Infrastructure (Servers/Storage/Network

ing

DEVICES & FACILITIES

NETWORKING, COMPUTE, STORAGE, APP SERVICES, AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc.… as a SERVICE

StorSimpleCloud Integrated Storage

Azure Site

Recovery

StorSimple

Virtual Appliance

Backup Service

GalleryOS images

VHD VHD data disk

MySQL database

SQLDatabas

e

SQL Data Sync

HDInsight (Hadoop)

storage queue

storage blob

storage table

Virtual network

Automation CDNAvailability Set

Azure load balancer

Auto-scale

Traffic Manager

File ServerExchangeActiveDirectory

My SQL OracleLOB App Commercial App

SQL

APPLICATIONS &

SERVICES JEE App .NET App

System Center 2012 R2

Provisioning

Monitoring

Automation & Self Service

Application Insight

IT Service Management

Cloud OS Consistent Experiences

Self Service Portal Moves On-Premises

Common Mgt. Experience

Workload Portability

Cloud-Enabled Services Move On-

Premises

Consistent Dev.

Experience

R2 w/ Service Provider Foundation

Future Services

Service Bus

SQLVMsWebSites

Service Management API

Service ProviderCustomer

R2

ServicePlansUsers Provider

PortalConsumer

Self-ServicePortal

Web SitesAppsDatabaseVMs

Windows Azure Pack

Other Service

sCDN.

Media,, etc.

Caching

Service Bus

SQLVMRole

WebSites

WorkerRole

Service Management API

Web SitesAppsDatabaseVMs

Subscriber Self-

ServicePortal

Microsoft Azure

Microsoft Azure

Microsoft Azure

Moving Data To The Cloud

Reliable offsite data protection

Simple, & integrated solution

Efficient and flexible backup & recovery

Microsoft Azure BackupExtending Windows Server Backup into the Cloud

Contoso Private Cloud(On Premises)

Microsoft Azure

Encrypted data sent to Microsoft Azure

Windows Servers with the Microsoft Azure Backup Agent installed and

configured

ContosoBackup

Vault

Cu

sto

mer

DC

/ E

xp

ressR

ou

te

Part

ner

Locati

on

Archive: StorSimpleStorSimple connects Windows, Hyper-V and VMware servers to Azure Storage in minutes with no application modificationStorSimple Benefits• Consolidates primary, archive, backup, DR

thru seamless integration with Microsoft Azure

• Integrated data management and protection through tiering, de-dupe/compression, cloud snapshots

• DR testing and revolutionary performance for DR

Application Servers

Inactive Primary Data + Backup + Archive + DR

Speed of SSD/SAS

Warm data on SAS Local Tier

Most Active Data on SSD

StorSimple

Azure Public Storage

Microsoft Azure

LAN connection

ISP or ExpressRoute

ExpressRoute to Microsoft Azure• Predictable network performance (reliability)• High throughput (up to 10G)• Low cost of connectivity

Elastic, On-demand, Cost-effective

3. Import Certificate & Deploy Provider

Microsoft Azure Site Recovery

Primary Site

System Center Virtual MachineManager

System Center Virtual MachineManager

Secondary Site

4. VMM Metadata pushed to Azure Site Recovery, outbound, over HTTPS

Demo: Azure Site Recovery and Backup in Action

Ganesh Srinivasan

WAN Optimizers

CORPORATE DATA CENTER

SCVMM 2012 R2 Cloud

SteelHead CXAzure VM

ReplicationTraffic

LAN

MICROSOFT AZURE

Optimize Azure Site Recovery!

Replication

Traffic

EXPR

ESSR

OUTE

Accessing data On-premises from the Cloud

NetApp Private Storage for Microsoft AzureNetApp private storage resides in an

ExpressRoute edge facility Bidirectional data mobility between on-premise and co-location facilities occurs via NetApp replication Secure, high-performance integration between NetApp storage and Microsoft® Azure Compute via Azure ExpressRoute with Equinix Azure

ExpressRoute

On-premises Data Center

Private Cloud

NetApp Storage

Equinix Co-location Facility

NetAppSnapMirror®

SnapVault®

Azure Compute

NetApp Storage

VM …VM VM

NetApp® Private Storage for Microsoft Azure

VMs for App 1

Azure US West

DR VMs for App 1

Azure US East

Zadara Cloud West

Zadara Cloud East

Secure Remote ReplicationAsynchronous and

CompressedOver the Public Internet

Zadara Storage – Storage as a Service

VMs for App 2 DR VMs for App 2

ExpressRoute

Silicon Valley

10G

10G

Washington,

DC

ExpressRoute

Networking in the Cloud

Elastic and on-demand – Burst to the cloud

Develop and test in the Cloud – Dev/Test

Line of Business Applications

Connect from anywhere

Scenarios to optimize the Cloud

VPN

Remote UsersAdmin

Multi Tier Application

Load Balancer

Internet

Web Proxy

DNS / DC

App Servers

Database

On Premises

VIRTUAL NETWORK

DMZ

S2S, ER

Load Balancer (Internal)

Infrastructure

Virtual Network

<subnet X>

<subnet Y>

<subnet Z>

Virtual network

DNS Server

Your Virtual Private Network in the Cloud

Basic building block

Logical isolation with control over network

Create subnets with your private IP addresses

Stable and persistent private IP addresses

IaaS + PaaS together

Isolated and connected

Microsoft Azure

Virtual Network to regional scopeVirtual Networks expanded to regional scope

Different sized VMs (A8, A9, D series, G series) in the same VNet

NEW Allows Public IP prefixes as Virtual Network Address space

Security in the Cloud Grouping of Network traffic rules as security group

Security groups associated with Virtual machines or virtual subnets

Controlled access between machines in subnets

Controlled access to and from Internet

Network traffic rules updated independent of Virtual machines

Virtual Network

Backend10.3/16

Mid-tier10.2/16

Frontend10.1/16

VPN GW

Internet

On Premises 10.0/16

S2SVPNs

Internet

√ √

√ √

Network Security GroupFull 5 tuple based Access control rules

Prioritized set of rules

CIDR for Source and Destination IP ranges

A single port or port range

Applies to intranet and Internet traffic

Applied at the VM and/or Subnet

Pri Access

Src

Port Dst Port Protocol

Subnet

Pri Access

Src

Port Dst Port Protocol

VM1 VM2

NSG 1

NSG 2

NEW

Front End

Azure Load BalancerAzure Infrastructure load balancer – works on both IaaS and PaaS services

Hash based 5 tuple algorithm

Supports TCP and UDP

Custom health probes

Reserved IPs for Load Balancing

NEW Source IP based Affinity – Media service workloads

NEW Increased Idle connection Timeout – Mobile clients

Azure Load Balancer

VIP

Client 1

Client 2

Server 1

Server 2

Source IP based distribution

Timeout ++

Instance Level Public IPAssign public IPs to VMs

Direct reachability to the VM, no endpoint required

Public IP used as the outgoing IP address

Enables scenarios like FTP services, external monitoring

Quota: 5 Public IPs per subscription

PIP1

Internet

DIP1 DIP2

Cloud service

Reserved VIP

Azure Load

Balancer

Microsoft Azure

Public IP1

Public IP 2

Internet

App and Data Tier

Internal Load balancing (ILB) between VMs without public facing endpoints Enables load balancing among VMs with private IP addresses Load balanced endpoint accessible only by customer’s virtual and on-premises networks or just within the cloud service

Multi-tier applications with internal

facing tiers require load balancingMiddle tier, DB backend not

exposed to InternetLoadbalanced endpoints exposed

only to CorpNet Sharepoint, LOB Apps

External load

balancer

Web frontend tier Logic tier

Customer Virtual Network

Internal load

balancer

Customer on-premises

Back end

Front end

Internet

Internal load balancing

Microsoft Azure

Internal VIP

Public VIP

S2S, P2S or Express Route tunnel

DEMOSQL High Availability“SQL Always ON” in a Hybrid environment

SQL ALWAYS ON

SQL Listener

ALWAYS ON

MICROSOFT AZURE

ON PREMISES

APP SERVER

VIRTUAL NETWORK

Connecting to Azure

Hybrid Networking Offerings

Cloud Customer Segment and workloads

Secure point-to-site connectivity

• Developers• POC Efforts• Small scale

deployments• Connect from

anywhere

Secure site-to-site VPN connectivity

• SMB, Enterprises• Connect to Azure

compute

ExpressRoute private connectivity

• SMB & Enterprises• Mission critical workloads• Backup/DR, media, HPC• Connect to all Azure

services

Forced Tunneling“Force” or redirect customer Internet-bound traffic to an on-premises site

Auditing & inspecting outbound traffic from Azure

Needed by many scenarios for critical security and IT policy requirements

NEW

Virtual Network

Backend10.3/16

Mid-tier10.2/16

Frontend10.1/16

VPN GW

Internet

On Premises

S2SVPNs

Forced Tunneledvia S2S VPN Internet

Gateway EnhancementsHigh Performance Gateway

Better throughputMore S2S tunnelsPricing

$0.49 per gateway hourData transfer & VNet traffic rates unchanged

No Encryption option

Allows better throughput for Vnet-to-Vnet within AzureIntra-/Inter-region Vnet-to-Vnet traffic stays within Microsoft networks, not Internet

PFS Support for IKE

Compliance requirements & better security

Operations Logs

NEW

Gateway SKU

ExpressRoute Throughput

S2S Throughput

MaxTunnels

Default 500 Mbps 100 Mbps 10

Performance 1000 Mbps 200 Mbps 30

* Subject to traffic conditions and application behavior

Virtual Network VPN EcosystemNEW

ExpressRoute PartnersExchange Provider Network Service Provider

ExpressRoutepartner location

Publicinternet

Customer site

Microsoft Azure

Customer site 1

Customer site 2

Customer site 3

WANPublic

internet

Microsoft Azure

Enterprise cloud migration strategies involve hybrid scenarios

Unified strategy across private and public clouds

Backup, DR, Archival,… as a service

Flexible and robust platform to run Enterprise workloads

Enterprise grade connectivity solutions

Summary

Breakout SessionsCDP-B229 Mark Russinovich and Mark Minasi on Cloud Computing CDP-B227 Introduction to Microsoft Azure Networking Technologies and What's New CDP-B333 Extending Your Network to Microsoft Azure Using ExpressRoute CDP-B209 Designing Hybrid Scenarios with Microsoft Azure CDP-B212 Microsoft Azure for Enterprises: What and Why CDP-B226 Introduction to Microsoft Azure Infrastructure-as-a-Service CDP-B356 What's New in Microsoft Azure IaaS and Roadmap CDP-B365 Hybrid Cloud Solutions with Microsoft Azure: For Architects

Hands On LabsCDP-H204 Introduction to Microsoft Azure Virtual MachinesDBI-H308 Exploring Manual and Automatic Database Backup Using Microsoft Azure Storage in Microsoft SQL Server 2014

Additional ResourcesNetwork Security Groups: http://msdn.microsoft.com/en-us/library/azure/dn848316.aspx

Related content

Come visit us in the Microsoft Solutions Experience (MSE)!Look for the Cloud and Datacenter Platform area TechExpo Hall 7

For more informationWindows Server Technical Previewhttp://technet.microsoft.com/library/dn765472.aspx

Windows Server

Microsoft Azure

Microsoft Azurehttp://azure.microsoft.com/en-us/

System Center

System Center Technical Previewhttp://technet.microsoft.com/en-us/library/hh546785.aspx

Azure Pack Azure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Developer Network

http://developer.microsoft.com

Azure

Implementing Microsoft Azure Infrastructure Solutions

Classroomtraining

Exams

+

(Coming soon)Microsoft Azure Fundamentals

Developing Microsoft Azure Solutions

MOC

10979

Implementing Microsoft Azure Infrastructure Solutions

Onlinetraining

(Coming soon)Architecting Microsoft Azure Solutions

(Coming soon)Architecting Microsoft Azure Solutions

Developing Microsoft Azure Solutions

(Coming soon)Microsoft Azure Fundamentals

http://bit.ly/Azure-Cert

http://bit.ly/Azure-MVA

http://bit.ly/Azure-Train

Get certified for 1/2 the price at TechEd Europe 2014!http://bit.ly/TechEd-CertDeal

2 5 5MOC

20532

MOC

20533

EXAM

532EXAM

533EXAM

534

MVA MVA

Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC

TechEd Mobile appPhone or Tablet

QR code

Evaluate this session

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.