Cloud Sprawl Virtual Sprawl Shadow IT Rouge IT










































- Slides: 42




• • • Cloud Sprawl Virtual Sprawl Shadow IT / Rouge IT Death of the Perimeter Consumption Culture / Management Change to a consumption model culture Services and Applications as a service API Manage Service and Applications as assets that depreciate and retire. Data Sprawl / Data Authority / Data Ownership / Data Triangulation


OPTIMIZED DATA CENTER Well Managed Infrastructure & Applications App Resource silo #1 App Resource silo #2 Mainframe Windows Unix The Evolution Linux App Resource silo #3 Identity Application Data OS Virtualization HW Storage Network CLOUD Service Oriented Consuming compute Silo-ed Architectures Managing Services App 1 On Premises Legacy Silo-ed Expansion Expansion App 1 App 2 App 3 Silo-ed Architectures To Modernizing Workloads storage network Leveraged Infrastructure Service Oriented App 2 App 3 Leveraged Infrastructure Services On Premises Off Premises Private Cloud Iaa. S – Saa. S - Paa. S Efficiency Legacy Application Cost Reduction Legacy / Silo Application New Requirements New Functionality Scalability Additional Functionality Innovate Cloud Native Application Cloud Capability

Modernization Silo-ed Legacy Application Legacy / Silo Application Efficiency Cost Reduction New Requirements Constrained Capacity Scalability Additional Functionality Innovate Cloud Native Application Cloud Capability Lead

Thoughts on the effect of Cloud on Disaster Recovery Resilient Architecture Warm Site DR Hot Site Online Backup Warm Site Cold Site Offsite Backup Disk/Tape Backup

So what is Hybrid … NETWORKING, COMPUTE, STORAGE, APP SERVICES, AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc. … as a SERVICE NETWORKING & AUTOMATION SERVICES Virtual network Availability Set Azure load balancer Autoscale Traffic Manager Automation CDN DATA SERVICES COMPUTE SERVICES On Premises Private Cloud Health Monitoring Automation Azure Mobile Services TFS or VS Online + GIT Azure Web Site web roles worker roles storage blob storage table storage queue VHD data disk Gallery OS images Stor. Simple Virtual Appliance Backup Service Azure Site Recovery SQL Database SQL Data Sync My. SQL database Site-to-Site VPN Point-to-Site VPN APPLICATIONS & SERVICES Stor. Simple Cloud Integrated Storage VIRTUALIZATION COMPUTE, STORAGE & NETWORKING Virtual Machines Express Route Server Group #1 SAN APP SERVICES Azure AD Server Group #2 Storage Spaces/SMB Multi-Factor Auth Azure Cache Access Control Biz. Talk Services Media Services Service Bus Notification Hub Scheduler Provisioning DEVICES & FACILITIES Monitoring Physical Infrastructure (Servers/Storage/Networking Automation & Self Service Application Insight IT Service Management HDInsight (Hadoop) * Not meant to be a comprehensive list of all services, for a complete list please visit azure. microsoft. com

Azure Security and Compliance Secure development, operations, and threat mitigation practices provide a trusted foundation Private fiber connections to access compute, storage and more using Express. Route Peer Clients / End Users INTERNET THREAT DETECTION: Do. S/IDS Layer Microsoft Azure Cloud Access & Firewall Layer Azure’s certification process is ongoing with annual updates and increasing breadth of coverage. • • No internet access by default Intrusion detection and Do. S prevention measures Customer can deploy additional Do. S/IDS measures within their virtual networks Penetration testing 443 Azure manages compliance with: • ISO 27001 • SOC 1 / SOC 2 • HIPAA BAA • DPA / EU-MC • UK G-Cloud / IL 2 • PCI DSS • Fed. RAMP Customer Environment DOS/IDS Layer 443 Application Tier Azure Storage DOS/IDS Layer VPN Logic Tier DOS/IDS Layer Database Tier Computers Behind Firewalls Enables connection from customer sites and remote workers to Azure Virtual Networks using Site-to-Site and Point-to-Site VPNs Isolated Virtual Network Azure Platform Remote Workers • Logical isolation for customer environments and data • Centralized management via SMAPI or the Azure Portal SQL Database Azure provides a number of options for encryption and data protection.


Thoughts Evolution of the IT Skillset Commoditized Skills Strategic Skills for the New Era

Microsoft ALM & Dev. Ops Microsoft Azure ONPREMISES Repository ONE CONSISTENT PLATFORM SERVICE PROVIDER System Center Operations Manager Build Ops Test Deploy App Service Manager Process tools

By: Thomas W Shinder and Jim Dial • Green subdomains contain components that represent IT operational processes • Blue subdomains contain technical capabilities components, which represent the functionality that is provided by hardware devices or software applications or both http: //blogs. technet. com/b/cloudsolutions/archive/2013/08/15/cloud-services-foundation-reference-architecture-reference-model. aspx


service architecture software · hardware · operations · business · Developer Operations Public, Private, Hybrid Cloud Software Features Playbook Abstraction Layer Resources Efficient Performance § Dev-Ops Model § Realistic availability assumptions § Chaos Monkey § Bug Fix § Incident Triage § § Capabilities Service Health SLA Compliance Incident & Event Management § Usage Model § Cost Control § Workload Placement § Capacity Advertisement § Real Time Availability § Maintenance Windows § Workload migration § Physical Placement § Integrated Automation § Full Stack TCO § Standards § Capacity Supply Chain § § § Hardware Datacenter Availability Manual Processes Decision Support Runtime Telemetry Machine Learning

INFRASTRUCTURE q 100% virtualisation APPLICATION LIFECYCLE MANAGEMENT ARCHITECTURAL MODELS Snowman Architecture Roger Sessions link q 100% automation q Support for multiple diverse workloads Business Architecture q Full end-to-end high-availability Technical Architecture Service Architecture q Sub-system scale-out q Storage q Networking q Compute q Cost to serve reduction q Removal of middleware q Hardware platform agnostic q Just in time hardware provisioning Release Data Architecture Ø Ø Ø Ø Ø Horizontal Scaling (1 Tier) Auto Scaling (Multi Tier) Queue Workflow Multi Site (4+1) Busy Signal Node Failure Internet of Things Media … Many more


Ad. Hoc Managed Service Oriented Access / Security Multiple ID’s Consolidation Federation Front End Multiple Web Consolidation / Integration Applications Monolithic Distributed Dynamic Integration & Scaling Data Silos Data Integration Data Warehouse Big Data Enterprise Content Management OS Monolithic OS Distributed Processing Resource Pooling Metering + Aggregation Servers Segregated Platforms Server Farms Clustering Resource Pooling Storage Segregated Storage Management Virtualization Massive Storage Scaling Commoditization Networking MB/GB Load Balancing Network Virtualization Facilities 0. 9999 Availability Colocation Container Evolving to Modular Platform / Architecture Platform Silos Virtualization On Premise Private Cloud Public Cloud (Iaa. S, Saa. S, Paa. S) Platform Application Capability Current Application Catalogue Silo-ed Architectures App 1 On Premises Legacy Leveraged Infrastructure Service Oriented App 2 App 3 Leveraged Infrastructure On Premises Off Premises Private Cloud Iaa. S – Saa. S - Paa. S

Objectives Triggers • New Application Project / Business Initiative • Tech Refresh • Workload Capacity Growth • Hosting • Enhanced SLA • High Availability / Disaster Recovery • Lower Operational Costs Scenarios Needs • Discovery of capabilities • Selection of potential scenarios: • • • App/Workload Consolidation Disaster Recovery / Backup Storage / Archiving Cloud Identity Content Delivery Media Hosting Databases BI Web Hosting Infrastructure Hosting E-Commerce HPC Build Deploy Architectural Design Build Deploy • Application / Workload Architectural Design • Pilot Architecture • Deployment guidance • Checklist: Identity, Security, Networking, Compliance, Dev. Ops • Deployment resources & team • Compute, Storage, Networking, Applications Services • Identity • Security • Networking / Connectivity • Compliance • Data Archival • Dev. Ops • Build • Test • Configure • Deploy • Measure Consumption • Monitor / Manage • Scale • Common Process • Patterns & Practices • Test • Promotion to production with Identity, Security, Compliance and Dev. Ops considerations • Validate with Data • Continuous Enablement • Validate Scaling and Resiliency • Cloud cost management • Service Management • Cloud Reference Model and Standard Setting • Self Service • SLA • Scaling • Resiliency • Cost evaluation

More & S a a P a REWARD/BENEFIT ion nct S a a S l ica t i r a n C e Dat o i s t Mis Priva w Ne sing s cce A lity S a a Fu I le Sca g tin s i Ex ds oa rkl Wo cy ega L d lize lity a u t na Vir ctio n Fu S a Ia nct u g. F n i t xis oud) E Cl ng ori for t c ng fa Re sturi (Po nse y e t In lit ta iona a D t e, Func t a v lity a ion Pri f no y o i rat alit Mig tion nc Fu g tin s Exi Less Roadmap for Cloud Adoption S a Sa n sio nality s i o -M on uncti N F w Ne tical i Cr More COMPLEXITY/RISK Less Use Cloud Patterns

Cloud Strategy Approach CLOUD STRATEGY (Cross Discipline Team) Saa. S Hybrid Cloud New Development (Business Architecture Led) (Iaa. S Lift and Shift; Iaa. S and Paa. S New Deployments) (Leveraging all cloud paradigms – 6 Cells) Infrastructure • Office 365 • Share. Point Online • Exchange Online • One. Drive Pro Line of Business • Dynamics CRM • 3 rd Party Solutions • Yammer, Skype Engineering & Operations Enabling • MDM - In Tune • Dev. Ops -TFS Iaa. S Public Cloud VMs HW Private Cloud Iaa. S CONNECTIVITY Saa. S Paa. S Iaa. S Public Cloud Iaa. S Paa. S Saa. S Private Cloud Iaa. S Paa. S Saa. S

Hybrid IT Cloud Strategy Vision: All of Microsoft Runs in the Cloud On-Premise Off-Premise Cloud Abstraction Levels Cloud Saa. S Strategy Move commoditized processes to Saa. S as required capabilities are met. IT Hybrid Cloud Management Platform (CMP) Provisioning, Deployment, Monitoring, Management Cloud Migration Networking Connectivity Cloud Paa. S Strategy Move specific processes to Paa. S as investments allow. Public Cloud Private Cloud Innovation Program Today Tomorrow Operational Costs Cloud Iaa. S Strategy Move the rest to Iaa. S (Azure VM role or Windows Azure Pack VM role)

Cloud Adoption - Example HYBRID CLOUD CAPABILITIES On-demand self-service programmatic self-service provisioning supports variable usage scenarios like nightly test suites, on demand POC environments. Broad network access Improved public cloud network integration as well as improving device support Resource pooling pay by hour will increase utilization Rapid elasticity 1 infrastructure for all environments delivers • Economy of scale • Larger resource pool for elasticity • Efficiency by removing environment differences Measured service New pay by hour offering Note: Augmented with projected Private Cloud efficiencies

DEFINE THE SERVICES DEFINE THE FABRIC q Business Needs q Network Virtualization q Interconnections & q Storage Consolidation q Server Virtualization (Hyper- Dependencies q Delivery Channels, Screens q Resiliency, Scalability & Archival q Security & Compliance q Operational Model V, VMware, XEN) q Scalability & Bursting q Cloud Sourcing ( Azure, AWS, etc) q Access & Information Protection q Management & Automation q High Availability q Role Based Administration SERVICE ARCHITECTURE q Application Specification MANAGE CONSUMPTION OPERATE & MONITOR q Self Service Catalogue q Service Dependencies (Physical / Virtual / Iaa. S / Paa. S q Service Management q Application Insight or Hybrid) q Chargeback / Show-back q Security & Protect q Automation q Availability & Recovery q Service library q Deployment Services q Dynamic Optimization q Capacity Planning q Dashboards q Multi-Cloud Support (Physical, Virtual, Private, Hybrid, Public)


Hybrid Cloud Scenarios Encrypted Backup VPN Windows Backup SC Data Protection Manager Recovery Microsoft Azure Site B Replication Site A System Center Virtual Machine Manager Recovery Microsoft Azure Manage Recovery plan Health Monitor Microsoft Azure Hyper-V Replica Site A System Center Virtual Machine Manager Site B System Center Virtual Machine Manager Orchestrated Recovery in case of outage VPN Active Directory Admin Remote Users

Hybrid Cloud Scenarios File / Application Servers • Live Backups, Archives, and Disaster Recovery • Dramatic Cost Reduction • No Changes to Application Environment • File share with integrated data protection • All-in-one primary data + backup + live archives + DR with de-duplication & Compression Most Active Data on SSD De duplicated VPN Encrypted Backup Warm data on SAS Local Tier Store. Simple Archive Data Encrypted • Share. Point storage on Stor. Simple + Azure • Stor. Simple Share. Point Database Optimizer • Improved performance & scalability De duplicated, Compressed & Encrypted • Storage for Tier 2 – 3 SQL Databases • Integrated Backup, Restore & Disaster Recovery Policies De duplicated & Compressed Recovery Automated Control Virtual Sprawl Cloud-as-a-tier Offload storage footprint VMware Storage DRS Storage pools • Virtual Machine Archive • Regional VM Storage • • Microsoft Azure Benefits • Consolidates primary, archive, backup, DR thru seamless integration with Azure • Cloud Snapshots • De duplication • Compression • Encryption • Reduces enterprise storage TCO by 60– 80%

Hybrid Cloud Scenarios Developers Tier 1 VPN Microsoft Azure SDK VPN Microsoft Azure AD Microsoft Azure Active Directory Tier 2 Tier 3 Availability Set Load Auto Web Virtual VHD Balancing Scaling Site Machines Auto Share. Point Mobile Scaling Service Azure HDInsight Analytics SQL Storage & Reporting Azure (Hadoop) Windows Azure CDN Windows Azure Cache Storage BLOB Storage Table Notification Hub Storage Queue Users On Premises INGRESS NODES Collect / Decode Connected Devices Microsoft Azure Load Auto Worker Balancing Scaling Roles ANALYTICS NODE Record Filter / Analyze / Aggregate Azure Storage Auto Worker Scaling Roles CONSUME Reporting / BI Azure Analytics SQL & Reporting Azure Storage

Hybrid Cloud Scenarios Enterprise Mobility Suite • • Hybrid Identity Management Mobile Device Security& Management Mobile Application Management Strong Authentication & Access based Information Protection Encrypted Synchronization Microsoft apps Active Directory PCs and devices Multi-Factor Authentication Server Active Directory On Premises Applications ADFS / SAML . NET, Java, PHP, … Microsoft Azure AD Multi-Factor Authentication Server Corporate devices Custom ISV/CSV LOB apps Consumer identity providers Microsoft Azure AD BYOD / Personal devices 3 rd party clouds/hosting • • • Built-in SDK for integration Strong multi Factor Authentication Real Time Fraud Alert Reporting, Logging & Auditing Enables compliance with NIST 800 -63 Level 3, HIPAA, PCI DSS, and other regulatory requirements

SQL Server Hybrid Cloud Scenarios Management Portal VPN Publish Compare Sync Import / Export Register / Unregister Dispersed Teams Microsoft Azure Management Portal VPN / Encrypted Data SQL Backup tool for legacy Manual Console Backup Managed Backups Microsoft Azure Primary Asynchronous Commit VPN Console 2014 / Scripts 2012 Backup Availability Groups Periodic Snapshots Geo Replication Secondary Disaster Recovery Powering BI Apps Microsoft Azure

Windows Server 2003 EOS Used as a web application server Uses 3 rd party solution atop OS File / Application Servers Web Server 3 rd Party App Server For example: • IIS +. Net • Java WAS + J 2 EE Methods: • Rehost • Refactor • Replace/Retire Methods: • Refactor • Revise • Replace/Retire In Azure, Consider Using: • Active Directory Premium • Iaa. S • Azure Storage • Express. Route or VPN Tools for Migration: • Web Deploy 3. 5 In Azure, Consider Using: • Active Directory Premium • Azure Web Sites • Iaa. S • Express. Route or VPN Database Servers For example: • Custom software • ERP • CRM Migration scenario 3 Tools for Migration: • Windows Server Migration Tool (WSMT) • Migration Guides Used as a database server For example: • SQL Server • Oracle • My. SQL Methods: • Revise • Rebuild • Replace/Retire Methods: • Refactor • Revise • Rebuild • Replace/Retire Tools for Migration • Follow the 9 Step Migration Process • Leverage MCS & Partners (App. Zero, Vision Solutions) Tools for Migration: • MAP Toolkit • SQL Server Migration Assistant (SSMA) In Azure, Consider Using: • Active Directory Premium • Iaa. S • Office 365 • CRM Online • Express. Route or VPN Migration scenario 4 For example: • AD • File server • DNS • DHCSP • WSUS Migration scenario 2 Migration scenario 1 Windows 2003 Physical or Virtual Server Uses default roles & features provided by OS In Azure, Consider Using: • SQL Azure • Iaa. S • Add-Ons (Azure Store) • Express. Route or VPN

SAP on Microsoft Azure On-Premises SAP certifications On-Premises Servers On-Premises VPN Device Azure VPN Gateway Windows Server & SAP (C: ) . vhd file Shared Pool (D: ) . vhd file Windows Server (C: ) . vhd file Shared Pool (D: ) . vhd file SQL Server (E: ) Virtual Network Microsoft Azure is certified for the following SAP products, with full support from Microsoft and SAP. http: //azure. microsoft. com/en-us/campaigns/sap/ . vhd file SAP Product Guest Operating System RDBMS Virtual Machine Types SAP Business Suite Software Windows SQL Server A 5 SAP Business All-in-One Windows SQL Server A 5 SAP Net. Weaver Application Server ABAP 1 Windows SQL Server A 5 N/A A 7, A 8 SAP HANA Developer Edition (including the HANA Client software comprised of SQLDBC, ODBO SUSE, Linux (Windows only), ODBC, AND JDBC drivers), HANA Studio, and HANA Database) 2 1 Only Net. Weaver 7. 00 and later SAP releases of Net. Weaver are supported for deployment in Azure. 2 Customers can try SAP HANA Developer Edition on Azure using the SAP Cloud Appliance Library.

CASE STUDIES NASDAQ managing multiple petabytes of data and quintillions of records in their US Options and Equity archive Dell speeding performance of their website apps by up to 9 x using In-Memory OLTP Blinkbox saving million by managing their video library in the cloud with Azure Media Services and Iaa. S Callaway Golf using Windows Intune & System Center to manage laptops and tablets for their mobile salesforce and Microsoft Azure to manage their website during peak times Mazda using Stor. Simple and Azure to manage storage and backup in the cloud

ATM Manufacturer Quickly Creates ATM Management Solution Using Cloud Resources. Headquartered in North Canton, OH, Diebold is a financial self-service, security and services corporation that is engaged primarily in the sale, manufacture, installation and service of selfservice transaction systems, electronic and physical security products, and software and integrated systems for global financial and commercial markets. Diebold is the largest U. S. manufacturer of ATMs. Their top products and services include ATMs and Self-Service, Electronic Security, Assisted Transactions and Barrier, Managed Services, Maintenance Services, and Professional Services. They are using Azure for their smart banking initiative. The Washington Post Builds "Truth Teller" App with Cloud-Based Speech-to-Text Service. One way that The Washington Post is driving innovation on the Internet is through Truth Teller, a software-based, political fact-checker that uses Microsoft Azure Media Services Indexer speechto-text service. With Indexer, The Post can more easily share its political expertise, has saved hundreds of thousands in development costs, and has made search results more useful to website visitors. SAT is In charge of all of Mexico’s tax-related transactions and needed to transform to receive and validate electronic invoices, as well as deploy new portals for taxpayers to manage their electronic bills & electronic billing, an on-premises solutions was quoted to take a full year & cost US$1 million which was too much for SAT at the time. We built in 4 months a solution that manages 2 Billion+ documents annually, with 200+ documents/sec and avoided a large investment associated with redundant datacenters setup, storage, bandwidth, hardware, software.


http: //technet. microsoft. com/library/dn 765472. aspx http: //technet. microsoft. com/en-us/library/hh 546785. aspx http: //www. microsoft. com/en-us/server-cloud/products/ windows-azure-pack http: //azure. microsoft. com/en-us/

http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //developer. microsoft. com



