titletime azr343 the next generation of azure compute platform with mark russinovichmonday july 27,...
Post on 21-Jan-2016
217 Views
Preview:
TRANSCRIPT
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Bryon Surace Mahesh Thiagarajan
Azure Compute
What’s New in Azure IaaS
AZR210
Confidentiality Slide
Related SessionsTitle Time
AZR343 The Next Generation of Azure Compute Platform with Mark Russinovich
Monday July 27, 16:30 - 17:45
CDP315 Getting Ready for Microsoft Azure Stack: Technical Skills Investment
Tuesday July 28, 16:15 - 17:30
AZR200 An Overview of Microsoft Azure Networking Capabilities Monday July 27, 16:30 - 17:45
AZR204 How to make Partners successful in the Azure Marketplace? Monday July 27, 16:30 - 17:45
AZR305 Azure IaaS Futures Tuesday July 28, 8:30 - 9:45
AZR214 Azure IaaS: Past, Present, Future, and how we stack up Tuesday July 28, 14:30 - 15:45
AZR316 DevOps Kung Fu on Azure Virtual Machines Wednesday July 29, 12:45 - 14:00
AZR306 Azure Infrastructure and Datacenter Futures with Mark Russinovich
Thursday July 30, 16:15 - 17:30
AZR325 Manage and Secure Azure resources using Azure Resource Groups and Role Based Access Control (RBAC)
Thursday July 30, 8:30 - 9:45
AZR328 Running Docker containers in Azure Wednesday July 29, 14:30 - 15:45
AZR335 What are we doing to make Linux/OSS run great on Azure Thursday July 30, 16:15 - 17:30
AgendaWhat is IaaS and IaaS v2
IaaS templates
Security and cost management
Complex application templates
Migration from Classic to Resource Manager
Unified Azure Stack
Overview of Virtual Machine ServicesCompute resourcesVirtual machinesVM extensions
Storage resourcesBlobs, tables, and ques functionality Storage accounts (blobs) - Standard & Premium Storage
Networking resourcesVirtual networksNetwork interface cards (NICs)Load balancersIP addressesNetwork Security Groups
Management models for IaaSClassic Model (v1) Resource Manager (V2)
Storage Account
Virtual Network
Cloud Service
Subnet-1Disk (blob)
VM w/ IP
Address
Resource Group
VM NICVM IP
Address
Load Balance
dEndpoint w/ IP
Address
Load Balanc
er
DependsOn
ReferenceReference
Backend Pool (NICs)
LB IP Addres
s
Reference
Coming Soon…Gateways (VPN)ExpressRoute
Network Security Group ACLS(deployed to VM, NIC, or Subnet)
VNetSubnet
Storage
Account
Disk (blob)
ReferenceReference
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Premium Storage
High Bandwidth with Low Latency
GA mid-April
Up to 32 TB of storage per VM
64,000 IOPS per VM
50,000 IOPS per disk
~5 ms read/write (no cache)
less than 1ms read latency (cache)
Virtual Machine
Uncached
Disk
CachedDisk
LocalDisk
Disk Provisioning
Disk Provisioning
SSD Provisioning
Premium Storage Blobs
VM/Network Provisioning ServerSSD
Cache HitCache Miss
Virtual machine building blocksOS & data disk imagesWindows base OSsLinux base OSsAzure Certified ImagesCommunity images
VM ExtensionsSecurityDeploymentConfigurationOthers
• Visual Studio debuggers• Diagnostics agents• Monitoring agents• Access recovery• Docker extension• Backup helper
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Demo: Deploy 40 VM Application TierClassic Model vs Resource Manager
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Resource Groups
Manage resources as a single unit
Role based access and control (RBAC) on groups or resources
Billing integrated tagging on groups or resources
Resource Groups
RESOURCE GROUP
Single Resource Group
Single or multiple resource groups?
Front End VMs
Back End VMs
Virtual Network
Storage Account
RG3: Front End VMs
RG4: Back End VMs
RG2: Virtual
Network
RG1:Storage Account
Multiple Resource Groups
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Azure Templates can:• Ensure Idempotency
• Simplify Orchestration
• Simplify Roll-back
• Provide Cross-Resource Configuration and Update Support
Azure Templates are: • Source file, checked-in
• Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets)
• Parametized input/output
Instantiation of repeatable config.Configuration Resource Group
Power of Repeatability
SQL - A Website VirtualMachines
SQL-AWebsite[SQL CONFIG] VM (2x)
DEPENDS ON SQLDEPENDS ON SQL
SQLCONFIG
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Key Improvements: Azure Virtual Machines (v2)
Massive and parallel deployment of Virtual Machines
3 Fault Domains in Availability Sets
Custom URLs for Custom Script VM Extensions for VMs
SSH-2 RSA Format Support for SSH keys for Linux VMs
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Azure Key Vault Increased Security
over Keys Applications get no
direct access to Keys Level 2 Certified
HSMs
Azure Key Vault Integration with Virtual Machines
Create Azure Key Vault
Reference Certificates
Push Keys to Key Vault
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Simplified Manageability of Applications on IaaS
Upgrade
• complexity made simple
• master template can be used to rollout upgrades
• imperative APIs, client tools support to update resources
Manageability, Auditing
• operations can be tracked upto 90 days
• management Locks to lock down resources from deletion
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Wide range of Quickstart Templates
Indexed on Azure.com Github Repo Community & Microsoft contributed
Integration of IaaS with Azure Services
Getting Started with Azure Templates
New “new” capabilities
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
IaaS Functionality under Azure Resource Manager
“New” capabilities
• Virtual Network Gateways
• Site to Site, VNET to VNET, VNET to Multi Site
• Resize Disk
• iDNS
What’s Coming
• Express Route
• Point to Site
• Forced Tunneling
• User Defined Routes
• IP address mobility
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
DemoSimple IaaS Template
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
DemoVNET (Classic) to VNET (ARM) Connectivity Template walkthrough
Enterprise Resource Management
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Demo: Deploy 40 VM Application TierClassic Model vs Resource ManagerHow’d it Do?!
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Resource Tags Tags assigned to resources or groups Subscription-wide taxonomy Each resource can have up to 15 tags Flow through into Azure Billing
Tagging Tips• Notes: Simple note for VM• Creator: track the “owner” of a VM• Department/Cost center: who pays• Environment: production vs. pre-production
vs. test
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Access Control: RBACWhat is RBAC
Role Based Access and Control
Allows secure access with granular permissions to resources
Old Model: All or Nothing
Full integration with Azure Active Directory
Assigned to Subscription, Resource Group, or Resource
Built-in roles make it easy to get started
Role Definitions describes the set of permissions (e.g. read actions) can be used in multiple assignments
Role Assignments associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource
group) always inherited – subscription assignments apply to all resources
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Role Based Access Control
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Granular Scopes
/subscriptions/{id}/resourceGroups/{name}/providers/…/virtualmachines/{vmname}
subscription level – grants permissions for all resources in the sub
resource group level – grants permissions for all resources in the group
resource level – grants permissions to the specific resource
Access Controls are set at the API level
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
DemoTagging and RBAC
Cost Management
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Azure Cost Management
Usage API and RateCard API enable IT Financial Management (ITFM) of Azure.
Usage API – REST API to provide customers and partners programmatic access to azure consumption data.
• Hourly and Daily aggregations• Azure 1st party and 3rd party
(Azure Marketplace) data available
• Includes resource tags• Supports Azure RBAC
RateCard API – REST API to provide customers and partners programmatic access to all resource details and pricing for non-EA offers.
• Gets list of all available Azure resources
• included quantities available• Support for graduated pricing as well
as flat rate pricing• No support for EA offers• Pre-tax rates• Supports Azure RBAC
Reach out to the Azure Billing Feedback alias: azurebillingfeed@microsoft.com
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Demo: Usage Data
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Division
Arch & Design
Assembly
Engineering
Materials
Production Eng.
Shipping
Tag by
Divisio
n
Partner Example 1: Cloud CruiserSimplify Your Cost Allocation with Azure Tags and Cloud Cruiser
Partner Example 2: CloudynKeeping your cost & usage under control
Complex Templates
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Architecting Complex Applications on IaaS
Infrastructure
• Templates for different environments (eg: Dev, Test, Prod)
• orchestration of multiple infrastructure tiers (eg: VMs, VNETs)
• orchestration across multiple azure resources (eg: VMs, Websites) In-VM Configuration
• common scripts/recipes that can be shared across multiple VMs
• app-specific scripts that will be used for application setup
adminUserName
adminPassword
storageAccountname
region
virtualNetworkName
addressPrefix
subnetName
subnetPrefix
jumpbox
tshirtSize
osFamily
Architecting Complex Applications using Templates
DataStax on Azure Virtual Machines (v2)
Parameters
clusterNodeCount
clusterName
DataStax on Azure Virtual Machines
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
DemoDataStax Marketplace Template
Metadata Migration from Classic to Resource Manager
Azure in your Datacenter – “Azure Stack”
Consistent Management Layer
Curated Extensio
ns
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Evaluate - Validate if VNET is capable of migration
Start – Trigger migration once VNET is ready
Validate – Check if migrated resources work as expected
Commit – Apply changes into the Resource manager stack and open up the control plane
Platform Migration Experience and Steps
44
Evaluate
Start
Validate
Commit
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Migration Steps for VMs in a Virtual Network
45
On-Premises Network
Connectivity ProviderInfrastrucutre
Dedicated Express Route Connection
Azure DataCenter
VM1 VM2
Azure IaaS API Service [Classic] Azure IaaS API Service under Azure Resource Manager
Web Server Load Balancer
Migration of State
EvaluateMigrateValidateCommit Check Migrated resources State
Migration will include all resources• VNETs (with its Subnets)• Gateways • VMs (with Internal IP addresses)• NSGs• Reserved IP addresses etc.,
Removal of State from Classic
No VM Downtime
Control Planes locked
VNET & IaaS VMs for migration are identified
Control Planes unlocked
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Platform Migration Details VMs in VNET
Scope of migration will be at the VNET Level
Platform migrates the VNET along with ‘all’ the Virtual Machines in that VNET
No VM downtime during this migration.
VMs not in VNET VMs exist in Hosted Service but not
in a VNET VM will incur downtime during
the migration VMs will move into a Virtual
Network in the Resource Manager stack.
Experience/Contract Changes Certificates – Moves from Hosted
Services to Azure Key Vault Endpoint ACLs – Moves into
Network Security Groups Internal DNS – iDNS Suffixes
changes from the current model to a modified version. Name resolution will continue to work.
Unsupported in Wave-1 PaaS Web & Worker Roles Dependent services integration
[AutoScale etc.,]
46
SummaryVirtual Machines service with Resource ManagerFaster Scalability, Larger overall deploymentsAbility to make parallel configuration changesOne-click deployment of the most complex applicationsRepeatable deployments with “config as code”
Delegation and management with RBAC and taggingRBAC through AAD users or groupsBilling integrated tagging
Unified Azure Stack
Metadata Migration from Classic to Resource Manager
Related SessionsTitle Time
AZR343 The Next Generation of Azure Compute Platform with Mark Russinovich
Monday July 27, 16:30 - 17:45
CDP315 Getting Ready for Microsoft Azure Stack: Technical Skills Investment
Tuesday July 28, 16:15 - 17:30
AZR200 An Overview of Microsoft Azure Networking Capabilities Monday July 27, 16:30 - 17:45
AZR204 How to make Partners successful in the Azure Marketplace? Monday July 27, 16:30 - 17:45
AZR305 Azure IaaS Futures Tuesday July 28, 8:30 - 9:45
AZR214 Azure IaaS: Past, Present, Future, and how we stack up Tuesday July 28, 14:30 - 15:45
AZR316 DevOps Kung Fu on Azure Virtual Machines Wednesday July 29, 12:45 - 14:00
AZR306 Azure Infrastructure and Datacenter Futures with Mark Russinovich
Thursday July 30, 16:15 - 17:30
AZR325 Manage and Secure Azure resources using Azure Resource Groups and Role Based Access Control (RBAC)
Thursday July 30, 8:30 - 9:45
AZR328 Running Docker containers in Azure Wednesday July 29, 14:30 - 15:45
AZR335 What are we doing to make Linux/OSS run great on Azure Thursday July 30, 16:15 - 17:30
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Appendix
© 2015 Microsoft Corporation. All rights reserved.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related