THE SMALL BUSINESS IT CLOSET

Servers on the Floor.

Space enough for one old used rack.

Soooo. How old are you, anyway?

Servers ♡ Dust.

House fan. On a box of wine.

Home AC units.

Hand crafted ventilation system.

At least it vents outside.

SMALL BUSINESSES

• No more room in the closet!

• Lease is up – what do we do now?

• SharePoint 2013 needs HOW MUCH RAM???

• External Collaboration

• Licensing headaches

LARGE BUSINESSES

• Didn’t budget for dev, test, stage, DR farms

• Lots of hardware sitting under-utilized

• IT department is an obstacle

• IT budgets getting slashed

• Licensing headaches

WINDOWS AZURE

• Infrastructure as a Service (IaaS).

• Host VMs on someone else’s hardware.

• Pay by the minute, shut them down when not in use.

• Use pre-made images, or upload your own VHDs.

• License costs are rolled into the pre-made images.

SOME GOOD CANDIDATES

• ADFS

• IRM / ADRMS

• On-Prem SharePoint

• Source Control Systems (TFS, SVN)

• LOB App Servers that don’t need to be on the LAN

NOT SO GOOD CANDIDATES

• Lync Server

• Exchange Server

• Servers that need to be on the LAN

• Site2Site IPSEC Persistent VPN Tunnel Between On-Prem and Azure

• Can define the address space in Azure (prevent conflicts with on-prem)

• A virtual extension of an office network

• Microsoft is adding new devices all the time as they test them

• Anything that supports modern IPSEC may work

• Have an open-source firewall like pfSense, Racoon, FreeBSD? Try it!

• Just announced partnership with AT&T will provide other VPN opportunities over private MPLS networks

Vendor Device Family

CISCO ASA/ASR/ISR

Juniper J Series/ISG/SSG

Watchguard All

F5 BIG-IP Series

Citrix CloudBridge MPX/VPX

Microsoft RRAS Windows Server 2012

http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx

• Create an Azure Virtual Network

• Setup Azure subnets and IP Addressing

• Setup the VPN

• Configure connection to local network

• Establish the gateway

• Test the connection

• Install R/W Domain Controllers + DNS

• Join to the corporate domain

• Replicate / test replication

• Setup AD Replication Site for Azure Subnets

• Install Member Servers

• ADFS / ADRMS / SharePoint Etc.

• Join to the Domain

• Ensure IaaS DNS servers are used for name resolution

• GOAL – Reduce traffic over the VPN

• Ideally only replication traffic

• Test! Test! Test!

• Take the VPN Down. Can users still use your applications?

• Use Availability Sets

• Use SQL Availability Groups

• Configure ProbePorts for EndPoints

• Don’t depend on the VPN connection, it can go down!

• Use Read/Write Domain Controllers

• Not a good idea in general

• Lots of things are broken with an RODC:

• Can’t run the configuration wizard

• Can’t create new site collections

• People Picker won’t resolve new users

• User Profile property export

• Problems w/ Managed Service Accounts with automatic password expiration

• Incoming mail services

• Prezi Presentation

• On-prem footprints present challenges for small and large businesses

• Azure IaaS can reduce on-prem footprints

• Key is the Azure Virtual Private Network

• Plan for resiliency

• Great for labs or real workloads like SharePoint