yung chou - anatomy of cloud solution
TRANSCRIPT
1
The Anatomy of a Cloud Solution
4
Point-to-Site
VPN
Site-to-Site
VPN
DNS
5
Storage
Primary datacenter
• Region X
Storage accountStorage accountTotal 3 replicas
LRS
Azure
name
resolution
Secure
storage
access
• Three replicas are placed within a single facility
within a single region to provide a continuum of
durability and availability
© 2016 Yung Chou.
Azure Locally-Redundant Storage (LRS)
Storage
Account
Azure pricing: http://aka.ms/pricing 6
Secondary datacenter
• Region YPrimary datacenter
• Region X
Storage accountStorage accountTotal 3 replicas
LRS
Storage accountStorage accountTotal 3 replicas
LRS (Replicated)
Free ingress
transmission
For RA-GRS,
charged egress
transmission
Azure
name
resolutionGeo-failover
Secure
storage
access
Azure Geo-Redundant Storage (GRS/RA-GRS)
Storage
Account
© 2016 Yung Chou.
Azure pricing: http://aka.ms/pricing
GRS or RA-GRS
7
Datacenter facility
• Region X
ReplicaSecure
storage
access
Azure
name
resolution
Datacenter
• Region X (or Region Y)
Replica
Datacenter
• Region X (or Region Y)
Replica
Azure Zone-Redundant Storage (ZRS)
© 2016 Yung Chou.
• Three replicas may span across two or three facilities on
one or two regions.
• ZRS fits between LRS and GRS in terms of providing a
continuum of durability and price.
• No metrics, logging capability, or conversion to LRS/GRS
• Supporting block blobs only
Azure pricing: http://aka.ms/pricing
Storage
Account ZRS
8
9
Point-to-Site
VPN
Site-to-Site
VPN
DNS
Network
contoso.corp
Data-Tier
10.2.2.0/24
Collab-Tier
10.2.3.0/24
Frontend
10.2.4.0/24
Backend
10.2.1.0/24Availability
Set
Availability
Set
fe1fe2
dc1/dns
10.2.1.4/24
dc2/dns
10.2.1.5/24
Load-Balancer
SQLSharePoint
Microsoft Azure Virtual Network - 10.2.x
fe3
Availability Set
AD Forest in Azure Vnet
© 2016 Yung Chou.
10
contoso.corp
Data-Tier
10.2.2.0/24
Collab-Tier
10.2.3.0/24
Frontend
10.2.4.0/24
Backend
10.2.1.0/24 Availability
Set
fe1fe2
dc1/dnsdc2/dns
Load-Balancer
SQLSharePoint
Microsoft Azure Virtual Network
fe3
Availability Set
Microsoft Azure Virtual Network Site
fabrikam.inc
Data-Tier
192.168.12.0/24
Collab-Tier
192.168.13.
0/24
Frontend
192.168.14.0/24
Backend
192.168.11.0/24 Availability
Set
fe1fe2
dc1/dnsdc2/dns
Load-Balancer
SQLSharePoint
Microsoft Azure Virtual Network
fe3
Availability Set
Microsoft Azure Virtual Network Site
B2B with Azure Vnet-to-Vnet Connectionhttp://aka.ms/v2v
© 2016 Yung Chou.
11
contoso.corp
On-premises
Active Directory
establishment
Site-to-Site
VPN
Windows Server 2012 R2
as a VPN gateway
Point-to-Site
VPN
Data-Tier
10.2.2.0/24
Collab-Tier
10.2.3.0/24
Frontend
10.2.4.0/24
Backend
10.2.1.0/24 Availability
Set
fe1fe2
dc1/dns
10.2.1.4/24
dc2/dns
10.2.1.5/24
Load-Balancer
SQLSharePoint
Microsoft Azure Virtual Network - 10.2.x
fe3
Availability Set
Microsoft Azure Virtual Network Site
Hybrid Cloud with Azure S2S/P2S VPN
© 2016 Yung Chou.
12
Point-to-Site
VPN
Site-to-Site
VPN
DNS
13
Compute
14
Point-to-Site
VPN
Site-to-Site
VPN
DNS
15
DevOps
16
DevOps Environment
17
Point-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNSPoint-to-Site
VPN
Site-to-Site
VPN
DNS
Production
18
Point-to-Site
VPN
Site-to-Site
VPN
DNS
19
21
Azure AD Multi-Factor Authentication
22
Point-to-Site
VPN
Site-to-Site
VPN
DNS
