Back-up in cloud – o provocare rezolvată de EMC și Microsoft, integrată de BRINEL
Crowne Plaza 06.04.2016
Bucharest
Ovidiu Pismac
MCSE Security, CISSP, MCSE Private Cloud, Server & Desktop Infrastructure
Microsoft Romania
“It has been said that the only
sustainable advantage in business is
the ability for a company to learn
faster and respond more effectively
than its competitors (also known as
business agility).”
– CIO magazine
Microsoft’s vision: Cloud OS
Development Management Identity Virtualization Data
Microsoft Azure Cloud Leader on IAAS and PAAS in Gartner
Microsoft Azure Leader in Cloud Storage
Microsoft SCCM – Client Management Tools – leader for 11 years
Microsoft Azure AD
Microsoft Enterprise Mobility Suite -EMS
System Center Endpoint Protection AV TEST
https://www.av-
test.org/en/antivirus/business-
windows-client/windows-
10/december-2015/microsoft-system-
center-endpoint-protection-4.8-
154674/
https://www.virusbtn.com/vb100/archive/vendor?id=52
https://www.icsalabs.com/vendor/microsoft-corporation
http://www.westcoastlabs.com/checkmark/productList/?vendorID=77
Cloud data protection pitch
https://www.youtube.com/watch?v=WfApzT6lBq0
430B+ Microsoft Azure AD
authentications
280% year-over-year
database growth in
Microsoft Azure
80%of Fortune 500 use the
Microsoft Cloud
$25,000in the cloud would cost
$100,000 on premises
EconomicsScale
30,000 to
250,000
Scale from
site visitors instantly
2 weeksto deliver new services
vs. 6-12 months with
traditional solution
Speed
Technology Trends: Cloud Adoption
of CIOs will embrace a
cloud-first strategy in 2016
(IDC CIO Agenda webinar)
Cloud Trend:
70%
BENEFITS
AZURE ADOPTION
We hear from our enterprise customers
‘I am unable to deliver the services my business
requires’
‘My infrastructure is extremely complex and
difficult to manage’
‘I don’t have the capital budget required to keep my
infrastructure up-to-date’
Impact of data growth
Storage challenges
Why Business Continuity/DR?
Downtime = Loss of business to competition or closure* Source: EMC Digital Universe with Research and Analysis by IDC, 2014
Loss of Data & Service
Organizations experience 4+
disruptions each year
Recovery times range from 1hr
to 9hrs
Cost of Disruption
Average cost of the disruption is
$1.5M/hour
4 in 10 businesses do
not reopen after a major disaster
Brand & Equity
Loss of reputation is
often irreparable
Customer trust and brand severely
impacted
Compliance
Solves IT challenges with the power of Microsoft Azure
Extend Your Datacenter Achieve True Hybrid Cloud Transform Your Business Harness powerful cloud capabilities,
turning IT into a differentiator
A unified platform across your
datacenter and the cloud, making it
easy to truly achieve a hybrid solution
Dynamically respond to the needs of your
business with the elasticity of Azure and
the convenience of a pay-as-you-go
model
Availability on DemandEmpower your business with cloud services from Microsoft Azure
Availability onDemand
Long-Term Retention
Cloud Backup
Recovery
DevTest
Cloud Bursting
Cloud Migration
Achieve complete infrastructure scalability
Limit your datacenter footprint
•
•
•
•
•
•
•
•
•
Hybrid Flexible Trusted partner
Major datacenter
CDN node
Live sub-region
Announced sub-region
Partner-operated sub-region
support. markets worldwide. Compute and storage every six months
Microsoft and Interoperability
“DHMC runs both Windows Server as guest operating systems under
Hyper-V, as well as Linux. To date, DHMC has virtualized Web servers,
sites on Microsoft Office SharePoint® Server, reporting servers,
medical applications, domain controllers, file and print servers, Citrix
servers, and more.”
Dartmouth Hitchcock Medical Center Case Study
Microsoft commitment to support Linux –
Red Hat, CentOS, SUSE, Open Suse, Debian,
Ubuntu, Oracle Linux and FreeBSD 10 on
Hyper-V or Azure;
System Center supports administering non-
Windows platforms: Linux: Red Hat, CentOS,
SUSE, OpenSUSE, Debian, Ubuntu, Oracle
Linux; Unix (IBM AIX, HP-UX, Oracle Solaris)
and Mac OS X systems
Operations Management Suite supports
Linux systems
System Center Virtual
Machine Manager 2012 manages VMware
ESX servers and Citrix XEN Servers
virtualization solutions
Broad ecosystem of third party offerings that expand Azure functionality
Azure Marketplace
*List of offers is not comprehensive.
Microsoft Azure
Extend your infrastructure
Microsoft Azure
ExpressRoute: dedicated, secure connections
33
Public Internet
Public Internet
Microsoft Azure Microsoft Azure
WAN
ExpressRoute
location
Customer site
Multiple customer sites
Exchange Provider Network Service Provider
Connecting at ExpressRoute Location (Exchange Provider facility) Connecting from a WAN (e.g. MPLS VPN) provided by network services providers
Azure Site Recovery and Azure Backup
Datacenter Availability on DemandAzure Site Recovery
Azure Backup
Decrease reliance on tape backup to save money and increase agility
Azure Backup integrated with SCDPM protects enterprise workloads including SharePoint, Exchange, SQL Server, and Hyper-V VMs,
Lowers the management costs of backing up remote/branch offices
Reduce the dependence on offsite tape backup to accelerate recovery time
Ensure the longevity of your data with long-term retention – 99+ years
Reduce investments in tape archives, saving capital budget for your business
Meet regulatory compliance requirements for your business or industry
A scalable backup solution that can meet the needs of your growing business
99+
IaaS Backup
Enterprise & SMBAzure IaaS VM Backup
On-Premises
Enterprise SolutionSCDPM
SMB SolutionAzure Backup Server
Hybrid Backup
Enterprise SolutionSCDPM + Azure Backup
SMB SolutionAzure Backup ServerAzure Backup Agent
Simplified protection and recovery, built into Windows Server with Windows Server Backup
Enhanced through integration with Microsoft Azure Backup
Simplified protection: Back up full volumes, selected volumes, system state, specific files, and folders.
Bare Metal Recovery: Fully recover a physical system.
Policies: Support backup versioning and simple, effective retention policies.
Virtual machines: Protect Hyper-V virtual machines whether they are running or not.
Flexible storage: Protect key data to local, including USB, or remote file server storage.
Simplified scheduling: Support automated backup once or multiple times per day.
Azure Backup integration: Reliable offsite data protection, integrated into the Windows Server Backup user interface.
Scalable, centralized backup with Azure Backup Server or
System Center Data Protection Manager
Enhanced through integration with Microsoft Azure Backup
Workload integration: Protect Windows Server and Windows Client along with Exchange, SQL Server, SharePoint, and Microsoft Dynamics across Hyper-V and VMware.
Long-term retention: 9+ years with 4 week intervals.
Flexible storage options: Protect to disk or cloud.
Flexible deployment: Run Azure Backup Server or System Center Data Protection Manager virtualized and reduce storage consumption through deduplication support.
Low-cost disaster recovery: Protect data on a primary site by using Data Protection Manager on a secondary site.
Integration with Operations Management Suite or System Center Operations Manager: Centralize monitoring of backup infrastructure.
Azure Backup integration: Provide reliable offsite data protection, integrated into the Data Protection Manager UI.
Azure IaaS protection: Run Azure Backup Server and protect Azure IaaS virtual machines.
Data Protection Manager
Workloads – DPM protects key workloads, at a granular application level, up to every 15 minutes.
Disk/Tape – DPM supports protecting short-term to disk, and long-term to tape.
Centralized – With integration with OpsMgr,the central console enables management ofall DPM servers from a single location.
Azure Integration – DPM now supports archiving data up to Windows Azure
Low-Cost DR – DPM on site 1, can be protected by DPM on another site, for DR purposes.
Scalable – 800 VMs per DPM server, parallel backups, page-file exclusion, Live Migration support
Centralized protection for key
VMs and applications
Azure IaaS, PaaS and workload backup
Centralized management from Azure
Recover data anywhere
Azure Express Route support
Shielded VM
Storage spaces direct
Nano Server
Mixed mode cluster upgrade
WHAT’S NEXT DPM 2016
Workload aware backup for hybrid clouds
Physical, Virtual, Hybrid, Cloud
Workload aware backup
Deduplication support
SCOM Centralized Reporting
Long term retention of data in Azure
Backup and Recovery for Azure
Backup Windows and Linux VMs
Data Protection
Manager
Workloads – Azure Backup Server protects key workloads, at a granular application level, up to every 15 minutes.
Disk/Cloud – Azure Backup Server supports protecting short-term to disk, and long-term to cloud.
Centralized –integration with Operations Management Suite, the central console enables management of servers from a single location.
Azure Integration – Azure Backup Server supports archiving data up to Windows Azure
Low-Cost DR
Scalable – multiple VMs per Azure Backup server, parallel backups, page-file exclusion, Live Migration support
Centralized protection for key
VMs and applications
Microsoft Software Defined Storage (SDS) Breadth offering, unified platform for Microsoft workloads and Linuxpublic cloud scale and cost economics for private cloud customers
SAN and NAS storage
Private cloud with traditionalstorage
Microsoft Azure Stack StorageWindows Server Storage Services
Private cloud with Microsoft SDS
StorSimple with Azure storage
Hybrid cloudStorage
Azure storage
Public cloudStorage
Customer
ServiceproviderMicrosoft
ONEconsistent platform
Microsoft Azure
Multiple levels of redundant storage
Level Definition
Locally redundant storage multiple replicas of data within a single region (3 copies)
Zone-redundant storage replication between two to three facilities within one or more regions
Geo-redundant storagereplication between two regions hundreds of miles apart within a geo
(6 copies)
Read-access geo-redundant storage GRS + read-only access to storage in secondary region
Microsoft Azure
StorSimple: Hybrid cloud storageConnect Windows, Linux, and VMware servers to Azure Storage in minutes with no application modification
StorSimpleManager
Customer Data Center
Microsoft Azure
SVAEnterprise SAN storage
Inline de-dupe, compression & automatic tiering
Automated offsite data protection using cloud snapshots
Highly efficient, location-independent disaster recovery
Access to enterprise data with StorSimple Virtual Appliance
StorSimple 8000 series
Model Number 81001 86001
Usable Capacity 15TB 40TB
Usable SSD Capacity 800GB 2TB
Effective Local Capacity2 15-75TB 40-200TB
Max Capacity (including cloud) 200TB 500TB
Network Interface Cards 2 x 10G and 4 x 1G
Enclosure Form Factor 1 X 2U 2 X 2U
StorSimple Tiered ArchitectureSSD Performance, Deduplication and Auto-Tiering to Cloud
SSDDeduplicated
SASDeduplicated
Compressed
Cloud
Deduplicated
Compressed
Encrypted
SSDLinear TierA B C A B D E
C D E
D E
E
48
Microsoft Azure
Fast, flexible, & secure data transfer
Azure Import/Export
Customer
MicrosoftAzure
MS Regional
Data center
StorSimple
Microsoft Azure Multiple options for secure data transfer
Transfer large amounts of data to Azure quickly with StorSimple
Ship data in hard disk drives through FedEx to our data centers
“[We are] using StorSimple to create policies that archives data to Azure storage if it hasn’t been
accessed in 12 months.” – Richard Proud, Director at Risual, for Paul Smith
Orchestrate the recovery of your apps for simplified disaster recovery
Improve Recovery-Time-Objectives (RTO) and Recovery-Point-Objectives (RPO) for both planned and unplanned outages
Achieve zero impact disaster recovery drills
Minimize app errors and data loss with application consistent recovery points
Replication for heterogeneous environments: Hyper-V, VMware, and physical
Azure
Microsoft Azure
Automate recovery with Azure Site Recovery
Communication and Replication
Azure Site Recovery
Communication Channel
Replication channel: Hyper-V Replica
Windows Server
Azure Site Recovery
Orchestrate disaster recovery to a second site…. …Or to Azure
Windows Server Windows Server
Primary Site
Primary Site
Recovery Site
Protect & Migrate your applications
Azure
Azure Site RecoveryOne solution for multiple infrastructures
Hyper-V to Hyper-V(on-premises)
Hyper-V Hyper-V
Replication
Hyper-V to Microsoft Azure
Hyper-VMicrosoft
Azure
Replication
VMware/Physical to VMware (on-premises)
VMware/Physical VMware
Replication
VMware/Physical to Microsoft Azure
VMware/PhysicalMicrosoft
Azure
Replication
Hyper-V to Hyper-V(on-premises)
Hyper-V Hyper-V
Replication
SAN SAN
Protect important applications by coordinating the replication and recovery of private clouds across sites.
Protect your applications to your own second site, a HSP’s site, or even use Microsoft Azure as your disaster recovery site
Microsoft Azure Site RecoveryOrchestrated Recovery using Recovery Plans
Orchestrated Steps for Recovery
Recovery Plans help automate the orderly recovery in the event of a site outage at the primary datacenter.
Recovery Plans consist of a series of groups that contain a list of protected virtual machines. The order the VMs failover is determined by the group they are within. VMs within a particular group failover in parallel
Recovery plans typically model an application that needs to start up, or failover, in a particular order.
Script Integration
Scripts can be added, to run before or after a specific group in a recovery plan. Scripts could also allow integration with SQL Server AlwaysOn failover between sites.
Manual Actions
Manual actions can also be added, to run before or after a selected group. These require some form of physical interaction by a particular user before recovery plan continues.
Microsoft Azure Site RecoveryExecuting Recovery Plans
Test Failover
Useful to verify that your recovery plan and virtual machine failover strategy are working as expected.
Simulates your failover and recovery mechanism into an isolated network(s), that you define, or that can be created automatically.
Unplanned Failover
Run an unplanned failover when a primary site experiences an unexpected incident, such as a power outage.
Planned Failover
Perform a complete failover and recovery of virtual machines in your recovery plans in a proactive, planned manner.
Non-replicated changes are applied to the replica virtual machine with no data loss before bringing the VM online in the secondary site.
Business Continuity Solution on Windows Azure
Use for Disaster Recovery
Cloud Backup on Windows Azure
App services
Network
Storage
Compute
Caching Identity Service bus Media CDN Integration HPC Analytics
Virtual
machines Websites
Cloud
services
Mobile
services
SQL
database HDInsight Tables
Blob
storage
Connect
Virtual
network
Traffic
manager
Usage-based services• Build applications using
any language, tool, or
framework
• Integrate public cloud
solution with the existing
IT environment
• 99.95% monthly SLA
• Automatic OS and
service patching
An open and flexible cloud platform that enables you to quickly build, deploy, and manage
solutions across a global network of Microsoft-managed datacenters.
61
Microsoft Azure
Built on Microsoft trustworthy foundation
20+ Data Centers
1st
Microsoft Data
Center
ActiveDirectory
FedRAMP/FISMA
SOC 2
Trustworthy Computing
Initiative
Global Data Center
Services
Windows Update
SOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
UK G-Cloud Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
E.U. Data Protection Directive
Operations Security
Assurance
Malware Protection
Center
Security Development
LifecycleMicrosoft SecurityResponse Center
Extensive experience and credentials
Operations
Security
Assurance
HIPAA/
HITECH
CJISSOC 1
201220112010
SOC 2
FedRAMP
P-ATO
FISMA
ATO
UK G-Cloud OFFICIAL
2013 2014 2015
ISO/IEC
27001:2005
CSA Cloud
Controls
Matrix
PCI DSS
Level 1
AU IRAP
Accreditation
Singapore
MCTS
ISO/IEC
27018EU Data
Protection
Directive
CDSA
Program Description
ISO/IEC 27001The ISO/IEC 27001:2005 certificate validates that Azure has implemented the internationally recognized information
security controls defined in this standard.
SOC 1
SSAE 16/ISAE 3402
Azure has also been audited against the Service Organization Control (SOC) reporting framework for SOC 1 Type 2
(formerly SAS 70), attesting to the design and operating effectiveness of its controls.
SOC 2Azure has been audited for SOC 2 Type 2, which includes a further examination of Azure controls related to security,
availability, and confidentiality
FedRAMP/FISMAAzure has received Provisional Authorization to Operate from the Federal Risk and Authorization Management
Program (FedRAMP) Joint Authorization Board (JAB), having undergone the assessments necessary to verify that it
meets FedRAMP security standards.
PCI DSS Level 1 Azure has been validated for PCI-DSS Level 1 compliance by an independent Qualified Security Assessor (QSA).
UK G-Cloud IL2In the United Kingdom, Azure has been awarded Impact Level 2 (IL2) accreditation, further enhancing Microsoft and
its partner offerings on the current G-Cloud procurement Framework and CloudStore.
HIPAA BAATo help customers comply with HIPAA and HITECH Act security and privacy provisions, Microsoft offers a HIPAA
Business Associate Agreement (BAA) to healthcare entities with access to Protected Health Information (PHI).
Certifications & programs
Infrastructure security controls Operational security controls Compliance
Azure Trust CenterOne location to aggregate content across Security, Privacy, and Compliance
Windows Azure feature ISO
27001
SSAE 16
SOC 1
Type 2
EU
Model
Clauses
HIPAA
BAA
Web Sites
Virtual Machines
Cloud Services
Storage (Tables, Blobs, Queues)
SQL Database
Caching
Content Delivery Network
Networking (Connect, TM, VNet)
Azure Active Directory
Service Bus
Media Services
Program Description
ISO 27001 • Internationally recognized information security standard, broadly accepted outside U.S.,133 controls across 11 domains
• Annual surveillance audits with continual improvement
EU Data Protection Directive • Law that sets a baseline for handling personal data in the EU, Microsoft complies through EU-US Safe Harbor Framework
• EU regulators and customers asking for EU Model Clauses
HIPAA BAA • Specifies privacy, security, and disaster recovery guidelines for electronic storage of health records in the United States
• Business Associate Agreement (BAA) enables third parties to build HIPAA compliant solutions
SSAE 16 / ISAE 3402 • Accounting standard relied upon as the authoritative guidance for reporting on service organizations (SOC 1, SOC 2, SOC 3)
• Annual audit, controls monitored for 6 months, 10 domains, detailed audit report shared with customers under NDA
FISMA • U.S. Federal law enacted in 2002, based on NIST 800 series, 18 control domains, in-depth audit, documentation heavy
• Applies to all U.S. Federal agencies, New FedRAMP became effective in June 2012
FISMA
ISO
HIPAA
Azure Compliance
Infrastructure security controls Operational security controls Compliance
Constantly collects, analyzes, and fuses
security events from your Azure resources, the
network, and integrated partner solutions
Leverages global threat intelligence from
Microsoft products and services, Digital Crime and
Incident Response Centers, and third party feeds
Creates prioritized security alerts with insight
into the attack and recommendations on how to
remediate
Microsoft hybrid cloud IT management solution
Azure | AWS
Modern management Security
Robust threat analysis for your servers and workloads
VisibilityUnparalleled insights into applications and infrastructure
ProtectionAutomated backup and disaster recovery
Operations Management Suite
ControlBusiness agility while retaining IT control
System Center
E2E on-premise monitoring experience
End-to-end monitoring and diagnostics of infrastructure and workloads
Alerts, notifications and other controls
Strong native support, and incremental 3rd party
Integrates with other on-premise systems
Cloud-inspired & platform agnostic
Data analytics
Bottomless capacity and elastic scalability
No infrastructure to maintain
Innovations on-boarded at a faster rate
Operations Management Suite
(OMS)
On-demand & hybrid monitoring experience
Hybrid extensions (across on-premise and cloud)
Transition between day-to-day monitoring and analytics driven diagnostics
Better aligned to market requirements
Wider and deeper health insights
System Center + Operations Management Suite (OMS)
Why Microsoft for Management & Virtualization
Low TCO/High ROI
Lower upfront investment costs
Lower deployment, management,
and maintenance costs
Extends current IT investments
Datacenter to Desktop
Full range of products and solutions
Large partner ecosystem
The Platform You Know
Single management platform
Use the skills, tools, and processes you already know
End-to-End Management
Physical, virtual machine and application management
Interoperate with existing Microsoft infrastructure
Easily manage a heterogeneous environment
System CenterUnified management for the Cloud OS
Azure Pack
Service model
Orchestrator
Service
Manager
Service admin
Customers
Microsoft
Customer
Service
Provider
Benefits of System Center
SCOMSCOM
SCCM & Endpoint Protection
DPM
Service ManagerVirtual Machine Manager &
SCOM
Orchestrator
Java EE monitoring-supported platforms
Microsoft acquired BlueStripe – to be integrated in System Center and OMS
A single portal for all your
management tasks. No infrastructure
to maintain.
It’s simple
Onboard fast. No content to create.
Connects to your on-premises
datacenter.
Time to value
Add new servers, or connect to your
existing management tools within
minutes.
Easy to integrate
Manage workloads across Windows
and Linux, hybrid and public clouds,
Azure and AWS.
Hybrid and open
Complements your System Center
investment to unleash new
management scenarios.
Extend System Center
Gain visibility across your
hybrid enterprise cloud
Log analytics Automation
Orchestrate complex and
repetitive operations
Availability
Increase data protection
and application availability
Security
Help secure your
workloads, servers, and
users
Security and best practices
assessments: AD, SQL , malware,
change tracking, auditAssessments
Benefits of OMS (for customers)
System Center + OMS
VM capacity planning and management
Integrated disaster recovery for VM workloads
Cloud backup and long-term retention
… & many more to come!
Better Together
Monitoring
Provisioning
Protection
Web based alert management
Efficient server discovery and agent deployment
Centralized log repository