azure overview - november 2015 -...
TRANSCRIPT
Enterprise
proven
Hybrid
Hyper-scale
Azure
Enterprise
proven
Hybrid
Hyper-scale
Hyper-scale
Hyper-scale
Azure UK Datacenters
Cloud Computing Models
On-Premises( Private Cloud )
Cu
sto
mer
Pro
vis
ion
s &
Man
ag
e
Platform Services
Infrastructure Services
Web Apps
MobileApps
APIManagement
API Apps
Logic Apps
Notification Hubs
Content DeliveryNetwork (CDN)
Media Services
BizTalkServices
HybridConnections
Service Bus
StorageQueues
HybridOperations
Backup
StorSimple
Azure SiteRecovery
Import/Export
SQL Database
DocumentDB
RedisCache
AzureSearch
StorageTables
DataWarehouse
Azure AD Health Monitoring
AD PrivilegedIdentity Management
OperationalAnalytics
Cloud Services
BatchRemoteApp
ServiceFabric
Visual Studio
AppInsights
Azure SDK
VS Online
Domain Services
HDInsight MachineLearning
StreamAnalytics
Data Factory
EventHubs
MobileEngagement
Data Lake
IoT Hub
Data Catalog
Security & Management
Azure ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
Store/Marketplace
VM Image Gallery& VM Depot
Azure ADB2C
Scheduler
Enterprise
proven
Hybrid
Hyper-scale
EnterpriseProven
TrustworthyMore compliance certifications than any other cloud
Microsoft leads in core technologies, IaaS, PaaS, Private and Public Clouds
"Microsoft’s comprehensive hybrid
story, which spans applications and
platforms as well as infrastructure, is
highly attractive to many companies,
drawing them towards the cloud in
general.”
LYDIA LEONG,
GARTNER
What aboutMicrosoft..?
Public Cloud IaaS (May 2015) Cloud Storage (June 2015) Enterprise App PaaS (Mar 2015) Operational DBMS Systems (Oct 2015)X86 Server Virt (July 2015)
99.9943%
99.9986%
99.9798%
Providing clarity and consistency for the protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations that offer goods
and services to people in the European
Union (EU), or that collect and analyze
data tied to EU residents, no matter
where they are located.
Personal
privacy
What are the key changes with the GDPR?
Controls and
notifications
Transparent
policies
IT and training
Need to invest in:
• Privacy personnel and
employee training
• Data policies
• Data Protection Officer
(if 250+ employees)
• Processor/Vendor
contract
• Strict security
requirements
• Breach notification
obligation
• Appropriate consents
for data processing
• Confidentiality
• Recordkeeping
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Transparent and easily
accessible policies
regarding:
• Notice of data
collection
• Notice of processing
• Processing details
• Data retention/deletion
What can you do today?
Identify what personal data you have and where it resides.
Manage how personal data is used and
accessed
Establish security controls to prevent, detect, and
respond to vulnerabilities & data breaches
Action data requests and keep required
documentation
Analyze data and systems, stay compliant
and reduce risk
1 2 3 4 5
Discover Control Protect Report Review
• Microsoft.com/GDPR
Trust
GDPR
Assume Breach
Identify Attacks
Restore Environment
R E D T E A M
Simulates real-world attacks
B L U E T E A M
Detects, protects, recovers
Trust
Prevent
Detect
Respond
Trust
Any Cloud, any platform
Insights
Automation
Security & protection
Private or hosted third-party cloud,
Rackspace, etc.
WINDOWS
WINDOWS
WINDOWS
WINDOWS
Public cloud
Azure or AWS
On-premises with System Center
WINDOWS
HYPER-V WINDOWS
VMWare WINDOWS
MicrosoftOperations Management Suite
HIPAA /
HITECH Act
Moderate
JAB P-ATO
FIPS 140-2
FERPA
DoD DISA
SRG Level 2
ITAR CJIS
GxP
21 CFR Part 11
IRS 1075Section
508 VPAT
ISO 27001 SOC 1
Type 2
ISO 27018 CSA STAR
Self-Assessment
Singapore
MTCS
UK
G-Cloud
Australia
IRAP/CCSL
FISC
Japan
China
DJCP
New
Zealand
GCIO
China
GB 18030
EU
Model Clauses
ENISA
IAF
Argentina
PDPA
Japan CS
Mark Gold
SP 800-171
China
TRUCS
Spain
ENS
PCI DSS
Level 1
CDSA Shared
Assessments
MPAA
Japan
My
Number
Act
FACT
UK
High
JAB P-ATO
GLBA
DoD DISA
SRG Level 4
MARS-E FFIEC
ISO 27017 SOC 2
Type 2
SOC 3
India
MeitY
Canada
Privacy
Laws
Privacy
Shield
ISO 22301
Germany IT
Grundschutz
workbook
Spain
DPA
CSA STAR
Certification
CSA STAR
Attestation
HITRUST IG Toolkit
UK
Trust
The most trusted and compliant cloudG
LO
BA
LU
S G
OV
IND
US
TR
YR
EG
ION
AL
Applications
Clients
Infrastructure
Management
Databases &
Middleware
App Frameworks
& Tools
DevOps
PaaS &
DevOps
Enterprise
proven
Hybrid
Hyper-scale
Hybrid
Hybrid
Azure Stack
On-premises
The Microsoft Platform Strategy
Public, Global, Shared DatacentersMicrosoft Azure Stack & Cloud Platform System
Secu
rity
&
Man
ag
em
en
t
Public Cloud
Platform
Hyb
ridO
pera
tion
sSecu
rity
&
Man
ag
em
en
t
Hyb
ridO
pera
tion
s
Software As a Service• Office 365• Microsoft CRM• Dynamics AX• VS Online• Etc.
Common
Identity
Compatible
Data
Infrastructure
Management &
Security
Openness and flexibility
Uniform
Development
Common Portalfor Azure Stack &
Azure
Infrastructure as a Service
Azure IaaS: Understanding Disks
Am I billed separately for disk
storage?
While Temporary disk storage is included,
it is important to note that OS Disks and
associated Data Disks will incur additional
charges.
Azure IaaS: Understanding Storage
Azure hosts five types of storage
Queues“Reliable messaging
at scale for cloud
services”
Disks“Persistent disks for
Azure IaaS VMs”
Files“SMB Access to
Azure Storage”
Blob Storage – Unstructured Data such as:
• Documents
• Social data such as photos, videos, music, and blogs
• Backups of files, computers, databases, and devices
• Images and text for web applications
• Configuration data for cloud applications
• Big data, such as logs and other large datasets
Append Blob – Optimized
for append operations such
as logs
Page Blob – Optimized for
IaaS disks and supporting
random writes
TY
PES O
F B
LO
B S
TO
RA
GE
QueuesQueue storage provides a reliable messaging solution for asynchronous
communication between application components, whether they are running in the
cloud, on the desktop, on an on-premises server, or on a mobile device. Queue
storage also supports managing asynchronous tasks and building process
workflows.
Disks“Persistent disks for your Azure IaaS VMs”
• All Azure IaaS VMs – Both OS and data disks
• VHDs are assigned to page blobs
• 3 synchronous, strongly consistent copies
• Can stripe disks for more capacity/throughput
• Premium Storage disks allow for scale up workloads
Queues“Reliable messaging
at scale for cloud
services”
Files“SMB Access to Azure Storage”
• Lift and shift on premise applications
Azure File storage offers cloud-based SMB file shares, so that you can migrate
legacy applications that rely on file shares to Azure quickly and without costly
rewrites.
Queues“Reliable messaging
at scale for cloud
services”
Disks“Persistent disks for
Azure IaaS VMs”
Azure IaaS: Tiered Storage TypesTier Workload Usage Charges
Premium (Disk)
Delivers high-performance, low-latency disk support for virtual
machines running I/O-intensive workloads. Virtual machine (VM) disks
that use Premium Storage store data on solid state drives (SSDs).
Standard – Hot
In cases where consistent low latency and high throughput are not
required, you may use Standard Disks as a more economical option.
Standard disks support all the features as Premium Disks
Higher Storage Costs and
Lower Access and
Transaction Costs
Standard – Cool
Low-cost storage option for object data that is infrequently accessed
and long lived . Example use cases include backups, media content,
scientific data, compliance data, and archival data. In general, any data
that lives for a longer period of time and is accessed less than once a
month is a candidate for Cool storage.
Lower Storage Costs and
Higher Access and
Transaction Costs
StorSimple 8000 Series Storage Arrays, StorSimple Cloud Appliances and the
StorSimple Virtual Array all have full support for both the hot and cool access
tiers provided by Blob storage accounts
Azure IaaS: Replication and High Availability
When you create a storage account, you must select one of the
following replication options:
• Locally redundant storage (LRS)
• Zone-redundant storage (ZRS)
• Geo-redundant storage (GRS)
• Read access geo-redundant storage (RA-GRS)
Azure IaaS: Replication and High Availability
Locally redundant storage (LRS)Maintains three copies of your data within a single facility.
LRS protects your data from normal hardware failures, but not from the failure
of a single facility.
Zone-redundant storage (ZRS)Maintains three copies of your data replicated across two to three facilities, either
within a single region or across two regions, providing higher durability than LRS.
Azure IaaS: Replication and High Availability
Geo-redundant storage (GRS)Maintains six copies of your data, three within the primary region, and three
replicated into a secondary region hundreds of miles away.
In the event of a failure at the primary region, Azure Storage will failover to the
secondary region automatically.
Read access geo-redundant storage (RA-GRS)Replicates data to a secondary geographic location, and also provides read
access to the data hosted in the secondary location.
Connectivity Options
ExpressRoute
Private Network
Customer DC
Customer site 1
Customer site 2
ExpressRoute
Enterprise workloads
Publicinternet
Publicinternet
Publicinternet
Microsoft
Azure
Microsoft
Azure
Microsoft
Azure
Exchange Provider Scenarios
Monthly fee with included outbound data transfer.
Unlimited inbound data transfer included
SLA
▪
▪
▪
Primary
Storage
Disk-based
Backup StorageTape Infrastructure
& Management
Archival
StorageReplicated
Storage for DR
Offsite Facility for
Geo-resilience
Storage Today = Complex & Expensive
Data
Management
Complexity
Backup IssuesUntested
Disaster
Recovery
Data Growth
& Footprint
Equipment
Sprawl
StorSimple + Windows Azure = 60–80% Lower TCO
Thin, Reduced
SnapshotsCloud Snapshots
Recover from Cloud
to any DC
Automated
Cloud-as-a-Tier
Enterprise
SAN Storage
Primary
Storage
Disk-based
Backup StorageTape Infrastructure
& Management
Archival
StorageReplicated
Storage for DR
Offsite Facility for
Geo-resilience
Storage Today = Complex & Expensive
56
StorSimple Solution Operation
SSD Deduplicated
SASDeduplicated
Compressed
Cloud
Deduplicated
Compressed
Encrypted
SSDLinear TierA B C A B D E
C D E
D E
E
Introducing new StorSimple subscription model
$125Per Month
$1,300*Per Month
$1,900*Per Month
Virtual Array
8TB capacity (local Disk); 64TB max total
usable capacity including cloud
iSCSI or SMB
StorSimple solution in a
virtual machine form
Includes Standard Support
8100 Array
200TB capacity
SDD & HDD
Form factor 1 X 2U; iSCSI
High availability; non-disruptive upgrade
Includes Standard Support
8600 Array
500TB capacity
SDD & HDD
Form factor 2 X 2U; iSCSI
High availability; non-disruptive upgrade
Includes Standard Support
Scenarios
Smaller enterprise environments
Remote office and branch office
(ROBO) locations
Data protection and disaster recovery for ROBO
tiered to the cloud
Block storage for small SQL server workloads
Scenarios
Manage primary data growth in
on-premises data centers
Archive, Backup, DR & remote replication
Automatically expand capacity on-demand
Pair with SCAs** in the cloud
Scenarios
Manage/respond to unpredictable data growth in
large data centers
Archive, disaster recovery, backup & rapid
recovery
Pair with SCAs** in the cloud
Test Disaster Recovery scenarios before going live
Location-independent DR, using SCA
as the target device
*actual-$1,333 & $1,916
**StorSimple Cloud Appliances
Notes:
1. The subscription model charges are for management of the StorSimple appliance. The hardware appliance is provided at no cost to customers.
2. The StorSimple commitment must align with EA anniversary or enrollment expiration date, whichever comes first.
You have an insurance policy for your
business. What’s your insurance
policy for your data and IT systems?
40% of businesses hit by a disaster never reopen1
1 Federal Emergency Management Agency, fema.gov
Why Disaster Recovery?2 of 9
AccountabilityFiduciary responsibility to
shareholders and other
key stakeholders
ExpectationImpacts confidence and
retention of employee and
customers.
Competitive
advantageDowntime creates an
opportunity for
competitors to seize
market share.
Cost of
downtimeRevenue loss, employee
productivity loss, cash flow
fines, penalties.
On-premises to on-premises protection with Azure Site Recovery
Microsoft Azure Site Recovery
Communication channel
Replication channel: Hyper-V Replica or
SAN replication
Primarysite
Windows Server
Recovery site
Windows Server
Microsoft Azure Site Recovery
Download InMage Scout
Replication and orchestration
channel: InMagereplication
Primary site
VMware/Physical
Recovery site VMware
InMage Scout
InMage Scout
Orchestrationand replication
Microsoft Azure Site Recovery
Enterprise & HSP
primary site Windows Server
On-premises to Microsoft Azure protection with Azure Site Recovery
Orchestrationand replication
Microsoft Azure Site Recovery
Enterprise, SMB & HSP primary site VMware/
Physical
InMage Scout
New
Orchestrationand replication
Microsoft Azure Site Recovery
SMB & branch
primary site Windows Server
Private Clouds (Hyper-V, VMware, System Center,
OpenStack)
Windows
Server
(VM)
Windows
Server
(VM)
Windows
Server
(VM)
Windows
Server
(VM)
Linux
(VM)
3rd Party Clouds(AWS, GOOG, …)
Windows
Server
(VM)
Windows
Server
(VM)
Linux
(VM)
Linux
(VM)
Linux
(VM)
Azure
Windows
Server
(VM)
Windows
Server
(VM)
Windows
Server
(VM)
Windows
Server
(VM)
Linux
(VM)
MULTI CLOUD MANAGEMENT
SECURITY &
PROTECTION
Help secure your
workloads, servers,
and users
INSIGHT &
ANALYTICS
Gain visibility across
your hybrid
enterprise cloud
CONFIGURATION &
AUTOMATION
Orchestrate complex and
repetitive operations
BACKUP &
DATA RECOVERY
Increase data protection
and application
availability
ANY CLOUD
ANY PLATFORM
LINUX
LINUX
LINUX
LINUX
LINUX
LINUX
LINUX
MicrosoftOperations Management Suite
Operations Management Suite (OMS)Simplified guest and workload management anywhere (on-premises or in the cloud)
Log analytics IT AutomationBackup & Recovery Security & Compliance
Operations Management Suite Capabilities
• Effortless log collection
• Integrated fast search
and queries with custom
dashboard
• Integrated cloud backup
• Seamless disaster
recovery and workload
migration
• Hybrid runbook worker
• Graphical workbook
authoring and
automation DSC
• Malware assessment
• Security posture and
system update
assessment
Spot problems fast Automate tasks quickProtect data easily Recognize threat early
With OMS capabilities customers can…
extending System Center capabilities, as an all-in-one management solution!
Deliver IT insightsLog analytics
Combine and correlate any machine data from multiple sources with
• Integrated search and
• Custom dashboards
Faster investigation and resolution of operational issues through various solutions including
• Alert management,
• Active Directory assessment,
• Capacity planning,
• Change tracking,
• System update assessment, etc.,
Improve operational efficiencyIT Automation
Creation, monitoring, management, and deployment of resources in hybrid environments with
• Graphical workflow-authoring tool
• Integrated workflow and runbook management
• Ready-to-use runbooks from a centralized library
Integration with the services you depend on
• Automation runbooks work with Azure Websites, Virtual Machines, Storage, SQL Server, and other popular Azure services
• Easily integrate virtually any service offering public Internet APIs
Champion IT securitySecurity & Compliance
Collect security related events and perform forensic and audit analysis
• Quickly assess servers that are infected by malware
• Detect breaches and threats with out-of-the box solutions
Comprehensive updates assessment across datacenters and public clouds
• Identify missing system updates across all servers and enable compliance standards
• Assess the risk and health of Active Directory & SQL Server
* Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise & consumer technologies,” Feb. 21, 2013** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report*** Verizon 2013 data breach investigation report
61 percent of workers mix
personal and work tasks in
their devices*
61% >70%
>70 percent of network
intrusions exploited weak or
stolen credentials ***
>80 percent of employees
admit to using non-approved
software-as-a-service (SaaS)
applications in their jobs**
>80%
Mobile and cloud: challenging security paradigms
Is it possible to keep up?
Employees
Business partners
Customers
Is it possible to stay secure?
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
Is it possible to keep up?
Employees Business partners Customers
Microsoft’s vision
Access everything from everywhere
Manage and secure productivity
Integrate with what you haveApps
Devices
Data
Users
User freedomSecure against new threats Do more with less
Customers need
Identity – driven security Productivity without
compromise
Comprehensive
solutions
Microsoft solution
ENTERPRISE MOBILITY + SECURITY
Identity-drivensecurity
Comprehensive solution
Managed mobile productivity
Enterprise Mobility +SecurityIDENTITY - DRIVEN SECURITY
Microsoft
Intune
Azure Information
Protection
Protect your users, devices, and apps
Detect threats early with visibility and threat analytics
Protect your data, everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Microsoft
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Premium
Self-service Singlesign on
•••••••••••
Username
Identity as the control plane
Simple connection
Cloud
SaaSAzure
Office 365Publiccloud
Other Directories
Windows ServerActive Directory
On-premises Microsoft Azure Active Directory
Manage your account, apps, and groups
Company-branded, personalized application Access Panel:
http://myapps.microsoft.com
+ Mobile Apps
Self-service password reset
Application access requests
MONITOR AND PROTECT
Public Preview
Using Azure AD Identity Protection, you are able to:
· Get a consolidated view to examine suspicious user activities that
have been detected real-time with the use of machine learning algorithms
on signals like brute force attacks, leaked credentials, and sign ins from
unfamiliar locations.
· Use remediation recommendations on a list of configuration
vulnerabilities that could lead to an elevated risk of user compromise.
· Set risk-based policies to automatically protect the identities of your
organization.
Protect your organization from compromised accounts, identity attacks, and configuration issues. Identity Protection
provides a consolidated view into identity threats and vulnerabilities. Be notified of and understand risk, perform
recommended remediation, and automate future responses with Risk-based Conditional Access policies.
MONITOR AND PROTECT
Detect threats fast
with behavioral
analytics
Adapt as fast as
your enemies
Focus on what is
important fast using the
simple attack timeline
Reduce the fatigue
of false positives
No need to create rules or policies,
deploy agents, or monitor a flood of
security reports. The intelligence
needed is ready to analyze and is
continuously learning.
ATA continuously learns from the
organizational entity behavior (users,
devices, and resources) and adjusts
itself to reflect the changes in your
rapidly evolving enterprise.
The attack timeline is a clear, efficient,
and convenient feed that surfaces the
right things on a timeline, giving you
the power of perspective on the “who,
what, when, and how” of your
enterprise. It also provides
recommendations for next steps.
Alerts only happen once suspicious
activities are contextually
aggregated; not only comparing the
entity’s behavior to its own behavior,
but also to the profiles of other
entities in its interaction path.
Additional resources
Cloud and proud - www.cloudandproud.info
Components of azure - http://azureplatform.azurewebsites.net/en-us/
Disaster recovery - https://azure.microsoft.com/en-us/documentation/learning-paths/site-recovery/
Storsimple - https://azure.microsoft.com/en-us/documentation/learning-paths/site-recovery/
http://aka.ms/upskill
TCO Site: http://tco.Microsoft.com
