titletime azr343 the next generation of azure compute platform with mark russinovichmonday july 27,...

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Bryon Surace Mahesh Thiagarajan

Azure Compute

What’s New in Azure IaaS

AZR210

Confidentiality Slide

Related SessionsTitle Time

AZR343 The Next Generation of Azure Compute Platform with Mark Russinovich

Monday July 27, 16:30 - 17:45

CDP315 Getting Ready for Microsoft Azure Stack: Technical Skills Investment

Tuesday July 28, 16:15 - 17:30

AZR200 An Overview of Microsoft Azure Networking Capabilities Monday July 27, 16:30 - 17:45

AZR204 How to make Partners successful in the Azure Marketplace? Monday July 27, 16:30 - 17:45

AZR305 Azure IaaS Futures Tuesday July 28, 8:30 - 9:45

AZR214 Azure IaaS: Past, Present, Future, and how we stack up Tuesday July 28, 14:30 - 15:45

AZR316 DevOps Kung Fu on Azure Virtual Machines Wednesday July 29, 12:45 - 14:00

AZR306 Azure Infrastructure and Datacenter Futures with Mark Russinovich

Thursday July 30, 16:15 - 17:30

AZR325 Manage and Secure Azure resources using Azure Resource Groups and Role Based Access Control (RBAC)

Thursday July 30, 8:30 - 9:45

AZR328 Running Docker containers in Azure Wednesday July 29, 14:30 - 15:45

AZR335 What are we doing to make Linux/OSS run great on Azure Thursday July 30, 16:15 - 17:30

AgendaWhat is IaaS and IaaS v2

IaaS templates

Security and cost management

Complex application templates

Migration from Classic to Resource Manager

Unified Azure Stack

Overview of Virtual Machine ServicesCompute resourcesVirtual machinesVM extensions

Storage resourcesBlobs, tables, and ques functionality Storage accounts (blobs) - Standard & Premium Storage

Networking resourcesVirtual networksNetwork interface cards (NICs)Load balancersIP addressesNetwork Security Groups

Management models for IaaSClassic Model (v1) Resource Manager (V2)

Storage Account

Virtual Network

Cloud Service

Subnet-1Disk (blob)

VM w/ IP

Address

Resource Group

VM NICVM IP

Address

Load Balance

dEndpoint w/ IP

Address

Load Balanc

er

DependsOn

ReferenceReference

Backend Pool (NICs)

LB IP Addres

s

Reference

Coming Soon…Gateways (VPN)ExpressRoute

Network Security Group ACLS(deployed to VM, NIC, or Subnet)

VNetSubnet

Storage

Account

Disk (blob)

ReferenceReference


Premium Storage

High Bandwidth with Low Latency

GA mid-April

Up to 32 TB of storage per VM

64,000 IOPS per VM

50,000 IOPS per disk

~5 ms read/write (no cache)

less than 1ms read latency (cache)

Virtual Machine

Uncached

Disk

CachedDisk

LocalDisk

Disk Provisioning

Disk Provisioning

SSD Provisioning

Premium Storage Blobs

VM/Network Provisioning ServerSSD

Cache HitCache Miss

Virtual machine building blocksOS & data disk imagesWindows base OSsLinux base OSsAzure Certified ImagesCommunity images

VM ExtensionsSecurityDeploymentConfigurationOthers

• Visual Studio debuggers• Diagnostics agents• Monitoring agents• Access recovery• Docker extension• Backup helper


Demo: Deploy 40 VM Application TierClassic Model vs Resource Manager


Resource Groups

Manage resources as a single unit

Role based access and control (RBAC) on groups or resources

Billing integrated tagging on groups or resources

Resource Groups

RESOURCE GROUP

Single Resource Group

Single or multiple resource groups?

Front End VMs

Back End VMs

Virtual Network

Storage Account

RG3: Front End VMs

RG4: Back End VMs

RG2: Virtual

Network

RG1:Storage Account

Multiple Resource Groups


Azure Templates can:• Ensure Idempotency

• Simplify Orchestration

• Simplify Roll-back

• Provide Cross-Resource Configuration and Update Support

Azure Templates are: • Source file, checked-in

• Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets)

• Parametized input/output

Instantiation of repeatable config.Configuration Resource Group

Power of Repeatability

SQL - A Website VirtualMachines

SQL-AWebsite[SQL CONFIG] VM (2x)

DEPENDS ON SQLDEPENDS ON SQL

SQLCONFIG


Key Improvements: Azure Virtual Machines (v2)

Massive and parallel deployment of Virtual Machines

3 Fault Domains in Availability Sets

Custom URLs for Custom Script VM Extensions for VMs

SSH-2 RSA Format Support for SSH keys for Linux VMs


Azure Key Vault Increased Security

over Keys Applications get no

direct access to Keys Level 2 Certified

HSMs

Azure Key Vault Integration with Virtual Machines

Create Azure Key Vault

Reference Certificates

Push Keys to Key Vault


Simplified Manageability of Applications on IaaS

Upgrade

• complexity made simple

• master template can be used to rollout upgrades

• imperative APIs, client tools support to update resources

Manageability, Auditing

• operations can be tracked upto 90 days

• management Locks to lock down resources from deletion


Wide range of Quickstart Templates

Indexed on Azure.com Github Repo Community & Microsoft contributed

Integration of IaaS with Azure Services

Getting Started with Azure Templates

New “new” capabilities


IaaS Functionality under Azure Resource Manager

“New” capabilities

• Virtual Network Gateways

• Site to Site, VNET to VNET, VNET to Multi Site

• Resize Disk

• iDNS

What’s Coming

• Express Route

• Point to Site

• Forced Tunneling

• User Defined Routes

• IP address mobility


DemoSimple IaaS Template


DemoVNET (Classic) to VNET (ARM) Connectivity Template walkthrough

Enterprise Resource Management


Demo: Deploy 40 VM Application TierClassic Model vs Resource ManagerHow’d it Do?!


Resource Tags Tags assigned to resources or groups Subscription-wide taxonomy Each resource can have up to 15 tags Flow through into Azure Billing

Tagging Tips• Notes: Simple note for VM• Creator: track the “owner” of a VM• Department/Cost center: who pays• Environment: production vs. pre-production

vs. test


Access Control: RBACWhat is RBAC

Role Based Access and Control

Allows secure access with granular permissions to resources

Old Model: All or Nothing

Full integration with Azure Active Directory

Assigned to Subscription, Resource Group, or Resource

Built-in roles make it easy to get started

Role Definitions describes the set of permissions (e.g. read actions) can be used in multiple assignments

Role Assignments associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource

group) always inherited – subscription assignments apply to all resources


Role Based Access Control


Granular Scopes

/subscriptions/{id}/resourceGroups/{name}/providers/…/virtualmachines/{vmname}

subscription level – grants permissions for all resources in the sub

resource group level – grants permissions for all resources in the group

resource level – grants permissions to the specific resource

Access Controls are set at the API level


DemoTagging and RBAC

Cost Management


Azure Cost Management

Usage API and RateCard API enable IT Financial Management (ITFM) of Azure.

Usage API – REST API to provide customers and partners programmatic access to azure consumption data.

• Hourly and Daily aggregations• Azure 1st party and 3rd party

(Azure Marketplace) data available

• Includes resource tags• Supports Azure RBAC

RateCard API – REST API to provide customers and partners programmatic access to all resource details and pricing for non-EA offers.

• Gets list of all available Azure resources

• included quantities available• Support for graduated pricing as well

as flat rate pricing• No support for EA offers• Pre-tax rates• Supports Azure RBAC

Reach out to the Azure Billing Feedback alias: [email protected]

mailto:[email protected]


Demo: Usage Data


Division

Arch & Design

Assembly

Engineering

Materials

Production Eng.

Shipping

Tag by

Divisio

n

Partner Example 1: Cloud CruiserSimplify Your Cost Allocation with Azure Tags and Cloud Cruiser

Partner Example 2: CloudynKeeping your cost & usage under control

Complex Templates


Architecting Complex Applications on IaaS

Infrastructure

• Templates for different environments (eg: Dev, Test, Prod)

• orchestration of multiple infrastructure tiers (eg: VMs, VNETs)

• orchestration across multiple azure resources (eg: VMs, Websites) In-VM Configuration

• common scripts/recipes that can be shared across multiple VMs

• app-specific scripts that will be used for application setup

adminUserName

adminPassword

storageAccountname

region

virtualNetworkName

addressPrefix

subnetName

subnetPrefix

jumpbox

tshirtSize

osFamily

Architecting Complex Applications using Templates

DataStax on Azure Virtual Machines (v2)

Parameters

clusterNodeCount

clusterName

DataStax on Azure Virtual Machines


DemoDataStax Marketplace Template

Metadata Migration from Classic to Resource Manager

Azure in your Datacenter – “Azure Stack”

Consistent Management Layer

Curated Extensio

ns


Evaluate - Validate if VNET is capable of migration

Start – Trigger migration once VNET is ready

Validate – Check if migrated resources work as expected

Commit – Apply changes into the Resource manager stack and open up the control plane

Platform Migration Experience and Steps

44

Evaluate

Start

Validate

Commit


Migration Steps for VMs in a Virtual Network

45

On-Premises Network

Connectivity ProviderInfrastrucutre

Dedicated Express Route Connection

Azure DataCenter

VM1 VM2

Azure IaaS API Service [Classic] Azure IaaS API Service under Azure Resource Manager

Web Server Load Balancer

Migration of State

EvaluateMigrateValidateCommit Check Migrated resources State

Migration will include all resources• VNETs (with its Subnets)• Gateways • VMs (with Internal IP addresses)• NSGs• Reserved IP addresses etc.,

Removal of State from Classic

No VM Downtime

Control Planes locked

VNET & IaaS VMs for migration are identified

Control Planes unlocked


Platform Migration Details VMs in VNET

Scope of migration will be at the VNET Level

Platform migrates the VNET along with ‘all’ the Virtual Machines in that VNET

No VM downtime during this migration.

VMs not in VNET VMs exist in Hosted Service but not

in a VNET VM will incur downtime during

the migration VMs will move into a Virtual

Network in the Resource Manager stack.

Experience/Contract Changes Certificates – Moves from Hosted

Services to Azure Key Vault Endpoint ACLs – Moves into

Network Security Groups Internal DNS – iDNS Suffixes

changes from the current model to a modified version. Name resolution will continue to work.

Unsupported in Wave-1 PaaS Web & Worker Roles Dependent services integration

[AutoScale etc.,]

46

SummaryVirtual Machines service with Resource ManagerFaster Scalability, Larger overall deploymentsAbility to make parallel configuration changesOne-click deployment of the most complex applicationsRepeatable deployments with “config as code”

Delegation and management with RBAC and taggingRBAC through AAD users or groupsBilling integrated tagging

Unified Azure Stack

Metadata Migration from Classic to Resource Manager

Related SessionsTitle Time

AZR343 The Next Generation of Azure Compute Platform with Mark Russinovich

Monday July 27, 16:30 - 17:45

CDP315 Getting Ready for Microsoft Azure Stack: Technical Skills Investment

Tuesday July 28, 16:15 - 17:30

AZR200 An Overview of Microsoft Azure Networking Capabilities Monday July 27, 16:30 - 17:45

AZR204 How to make Partners successful in the Azure Marketplace? Monday July 27, 16:30 - 17:45

AZR305 Azure IaaS Futures Tuesday July 28, 8:30 - 9:45

AZR214 Azure IaaS: Past, Present, Future, and how we stack up Tuesday July 28, 14:30 - 15:45

AZR316 DevOps Kung Fu on Azure Virtual Machines Wednesday July 29, 12:45 - 14:00

AZR306 Azure Infrastructure and Datacenter Futures with Mark Russinovich

Thursday July 30, 16:15 - 17:30

AZR325 Manage and Secure Azure resources using Azure Resource Groups and Role Based Access Control (RBAC)

Thursday July 30, 8:30 - 9:45

AZR328 Running Docker containers in Azure Wednesday July 29, 14:30 - 15:45

AZR335 What are we doing to make Linux/OSS run great on Azure Thursday July 30, 16:15 - 17:30


Appendix


© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

titletime azr343 the next generation of azure compute platform with mark russinovichmonday july 27,...

Documents

microsoft azure stack

azure marketplace

45azr214 azure iaas

powerpoint presentation

azure resource groups

secure azure resources

00azr306 azure infrastructure

product names