Content ID - Microsoft Center
advertisement
Ahead of the Game Technical Series Sharon Bennett SMB Product Technology Advisor October 15, 2014 Be Lean, Stay Lean with the Microsoft Cloud Introduction About this Course Delivery Schedule Objectives Logistics and introductions • Class hours • Rest rooms • Meals • Internet - https://cloud.holsystems.com/ModernBiz - The access code is MBVC2825 Azure Pass Presenter introduction About this course Audience: IT Pros, Consultants, Partners Objectives: Identify opportunities for partners to enable small and medium size businesses (SMBs) to increase efficiency and productivity, while reducing IT operating expenses (OPEX) by implementing hybrid cloud scenarios using Microsoft Azure services and become proficient in designing and implementing Azure technologies and services for SMB customers. Topics covered: • Overview of Microsoft Azure, Partner Opportunities, SMB trends, Transacting Microsoft Azure, Reselling Azure services, Azure in Open Licensing • Azure Backup, Azure Storage, Azure Web Sites • Azure Virtual Machine workloads – Infrastructure as a Service (IaaS) • Azure Application Workloads – Platform as Service (PaaS), and Applications on Azure VMs • Azure Virtual Machine Networks (VMNet) • Azure Active Directory and Identity Management Delivery schedule 9:00 – 9:30 9:30 – 10:00 10:00 – 10:15 10:15 – 10:30 10:30 – 11:15 11:15 – 12:00 12:00 – 1:00 1:00 – 1:30 1:30 – 2:00 2:00 – 2:15 2:15 – 2:45 2:45 – 3:00 3:00 – 4:00 4:00 – 4:30 4:30 – 5:00 Class Introduction, Partner Opportunities, SMB Trends Module 1: Azure Backup, Storage and Web sites Hands-on Lab: Azure Backup, Storage and Web sites Morning Break Module 2: Azure Virtual Machine Workloads Hands-on Lab: Azure Virtual Machine Workloads Lunch Break Module 3: Azure Virtual Machine Networks Hands-on Lab: Azure Virtual Machine Networks Module 4: Planning and Deploying Workloads to Azure Hands-on Lab: Deploying Applications to Azure Afternoon Break Module 5: Azure Active Directory, Identity Management and Office 365 Hands-on Lab: Azure Active Directory and Identity Management Wrap up and Q&A Module 1: Azure Backup, Storage, and Web Sites Topics • Overview of IaaS and PaaS. • Pricing out Consumption-Based Services. • Azure Backup. • Azure Storage Accounts and BLOB storage. • Azure Web Sites. Module 2: Azure Virtual Machine Workloads Topics • Provisioning Azure Virtual Machine Workloads. • Managing Azure Virtual Machine Workloads. • Sizing and Capacity. • Importing Virtual Machines. • Monitoring Virtual Machines. • Pricing out Virtual Machines. Module 3: Azure Virtual Machine Network and Traffic Manager Topics • Windows Azure Virtual Network (VNET). • Virtual IP Addresses and Dynamic IP Addresses (VIPs and DIPs). • Inbound Traffic – Software Load Balancer (SLB). • Supporting multiple VNETs within a subscription. • Controlling inter-VNET communications. • Site-to-Site (On-premises to Azure) Communications. Module 4: Planning and Deploying Workloads to Azure Virtual Machines and Servers Topics • Azure SQL Server Database Service. • Azure SQL Server Virtual Machines. Module 5: Azure Active Directory and Identity Management Topics include: • Azure Active Directory (Azure AD). • Password Sync/DirSync. • Office 365 integration and Single Sign-on. • Third Party Cloud Services Support for Azure AD Authentication. Why the cloud? 1 2 Cloud 3 4 5 Physical server Microsoft Azure Virtualization The game is changing for resellers How do I support my mobile employees and keep them productive? Am I ready for a disaster? Will I lose my data? Partner role How do I ensure uptime for my applications? How do I save money on infrastructure? Do I need the cloud? Partner opportunity with Microsoft cloud in SMB Growing your business with Microsoft Azure • Enables partners to differentiate by bundling their own IP alongside other cloud offerings. • Cloud software is easier to develop, test, and take to market. • Lowers the barriers to entry to offer managed services. Microsoft Azure An open and flexible cloud platform that enables you to quickly build, deploy, and manage solutions across a global network of Microsoft-managed datacenters. • Build applications using any language, tool, or framework. • Integrate public cloud solution with the existing IT environment. • 99.95% monthly SLA. • Automatic operating system and service patching. Usage-based services App services Compute Storage Caching Identity Service bus Media Virtual machines Websites Cloud services Mobile services SQL database HDInsight Tables Blob storage Connect Virtual network Traffic manager Network CDN Integration HPC Analytics Key Azure scenarios Data Backup in the Cloud Deploy Applications within VMs Orders AP Product SharePoint Provide easy, scalable data backup in the cloud • A range of applications: file servers, SharePoint, SQL Server, Exchange. • Encrypted backups, Global Georedundant datacenters. • Quickly and easily provision more storage for your customers as needed. Host Websites CRM Acct HR SQL Server Business Databases Applications Virtual Machines Leverage Microsoft Azure to quickly deploy customer applications in the cloud • Cut infrastructure costs and Reduce IT management burden. • Deploy Microsoft Workloads (SharePoint Servers, SQL Server, Domain Controllers) as well as third party business applications. Grow your business helping customers move their websites to the cloud with Microsoft Azure • Quickly build, deploy, and manage websites on an open and flexible cloud platform. • Offer the peace of mind from hosting on a global network of Microsoft-managed data centers. Microsoft Azure kr $ £ $ chf € руб ₩ ¥ TL Global datacenters $ Rp Global support Local account teams Local currencies kr $ R $ 24 x 7 x 365 support Over 1 billion customers, 20 million businesses 90 markets worldwide 280 years of combined industry experience in infrastructure, security, product dev, and global ops $ Azure purchasing options Direct on azure.Microsoft.com Pay As You Go Zero upfront, cancel anytime. No long-term commitment. 6- or 12-months Monetary Commitments starting at $500/month. Open Licensing Programs 12-months Flexibility with Volume Licensing through a familiar vehicle for SMBs. Opportunity for partners to earn margins, incentives. Enterprise Agreement Longer-term Offers additional discounts and terms as part of a deeper commitment to the platform. Azure in Open licensing – the details One Monetary Commitment SKU, available in unlimited quantities. Customers can purchase additional credit for Azure services at any time. Can be used against any Azure service* within 12 months from the date of activation. Available in countries with Open Volume Licensing program partners and that offer Azure Direct. 23 Azure and Office 365 in Open – comparison SKU Structure Single SKU used for any eligible pay-as-you-go Azure Service Unique SKUs for each Office 365 Plan, as well as Add-ons Commitment Monetary Commitment that expires 12 months from activation Customers pre-pay for 12 months of service Margin Structure Business Processes Reporting Channel Impact Aligned to cloud channel incentives for managed partners and distributor margin (The FY15 guide will be released in June for the Global Channel Incentives Guide) All Online Services in Open follow existing business processes Leverage existing Distributor and VAR reporting constructs • Single SKU provides flexible ‘building blocks’ to scale partner business or customer services. • Top up and upsell opportunity for additional services. • Partners drive consumption with ongoing customer engagement. • Specific SKUs purchased for each service offering. • Renewal motions have annual anniversary. • Incremental seats added shift customer end dates. Azure in Open: setup and portal experience Why Azure in Open? Low barrier of entry with no investments in complex billing systems. A consistent, familiar licensing option for cloud services along with your on-premises solutions. A flexible, consumption-based purchasing model. New opportunities to grow margins and deepen customer relationships. Capitalize on the opportunity to incorporate the cloud into your solutions and services Module 1: Microsoft Azure overview, Azure backup, storage and web sites Microsoft Azure Overview Microsoft Azure Backup Azure Web Sites Azure Tools Microsoft Azure IaaS at a glance Microsoft Azure PaaS at a glance Microsoft Azure VMs overview Microsoft Azure On-premises Remote workers Data backup in the cloud overview Provide scalable data backup in the cloud Microsoft Azure On-premises Microsoft SQL Server Hosting websites in the cloud overview Grow your business – help customers move their websites to the cloud Microsoft Azure On-premises External workers Web servers Identity and access management overview Enable single sign-on between on-premises and cloud identities Enable single sign-on across multiple cloud and on-premises applications with ADFS. Microsoft Azure Integrate cloud with on-premises Active Directory with Active Directory Synchronization. Azure Active Directory (AAD) On-premises Consumer identity providers PCs and devices Microsoft apps Windows Server Active Directory Third-party cloud/hosting Create and manage identities in the cloud. Help secure access to on-premises and cloud apps with Microsoft Azure Multi-Factor Authentication. Use AAD to manage Office 365 along with other Microsoft and external cloud services. Scenario: How much is your IT costing? CALs Two servers and operating system $10,000 per server Total Costs: $10,000 Two years of facility operating costs $10,000 On-premises backup solution with support for cloud archiving $2,800 with agents about $32,800 / 24 months = ~$1333.33 /month for two datacenter caliber servers month for two datacenter caliber servers. With 7 small virtual machines, this comes out to ~ $1,90.47 per virtual machine per month Pricing out solutions Demo Azure cost calculator Data protection challenges • Storage costs growing. • Backup costs scale with data. It’s expensive to protect all that data. Some data may go without protection. Microsoft Azure backup Simple and reliable server backup to the cloud Reliable offsite data protection A simple and integrated solution Efficient backup and recovery • • • • • • • • • When to choose Microsoft Azure backup Already using System Center Data Protection Manager? Microsoft Azure Backup integrates easily. Small business or branch office? Microsoft Azure Backup integrates with the in-box Windows Server backup tool or you can download the free Windows Azure Backup Tool. Suitable for any workload. Azure Backup pricing Creating the Azure Backup vault Recovery services You have no vaults create one to get started Download Azure Backup agent Windows 8.1 SDK to get MakeCert.exe tool Making the encryption certificate Run the following command, replacing CertificateName with the name of your certificate and specifying the actual expiration date of your certificate after -e: makecert.exe -r -pe -n CN=CertificateName -ss my sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e 01/01/2016 CertificateName.cer Upload the certificate to the Azure Backup vault Install the Windows Azure Backup agent Register the server and connect to the vault Start or schedule backups Scenario: Simple cloud backup Contoso has invested over $2,500 in software to operate third-party backup tools Microsoft Azure Backup tool is free and supports all of the applications Contoso pays between $100- $150 per month for online storage. It’s very easy to find out what the monthly costs will be for the storage by using the Azure Calculator. Contoso’s data is backed up and encrypted on-premises, also it is encrypted over the wire during the transfer and it is encrypted in Azure Contoso is the only owner of the encryption key. Demo Microsoft Azure backup Platform as a service for the web A powerful self service platform for developers A flexible hosting solution for IT Flexible Scalable Secure Web hosting your way with choice of language, framework, database and platform. Scale out or up in seconds on a load balanced, always up to date, global infrastructure. Enterprise Grade Availability with support for SSL and AD DS authentication. Microsoft Azure Web Sites is a scalable, secure and flexible platform for building powerful web applications to run your business, drive your brand or reach new customers. Azure Web Sites is ready for business Azure Web Sites has access to other services Web sites Web scale, world wide Azure Web Sites is load-balanced by default Easily scaling of Azure Web Sites Scale up Scale out Scenario: Web hosting with Azure Contoso currently has: • A company intranet • Several ASP.NET applications • Several WordPress sites - Including a WordPress blog hosted in Internet Information Server (IIS). The sites are hosted on two web servers which are not load-balanced which causes downtime. Contoso wants to implement a BI solution with SQL Server 2014 Reporting Services but is concerned about the growing number of applications that need to be accessed remotely by users with a variety of different mobile devices. Contoso may be willing to migrate its on-premises web sites to Azure. As part of the pilot, Contoso and its Microsoft partner will work closely to create and manage a Word Press Blog, and ASP.NET website which accesses SQL Server databases in Azure as well as on-premises SQL Server data. With this new capability, Contoso can reduce the number of on-premises servers needed to develop and run production web content, as well as provide users with easy, secure access to corporate data by integrating Azure AD with on-premises AD. Demo Azure Web Sites Hands-on Lab 1 Calculating Azure costs Azure backup Azure Web Sites Module 2: Provisioning and managing Azure Virtual Machine workloads Microsoft Azure VM Overview Azure VM Affinity Groups Provisioning VMs Managing and Monitoring VM Workloads Azure Infrastructure as a Service (IaaS) workloads Working with Open Source Scenario: Azure IaaS Contoso expects to implement 10+ new As the number of workloads and hosts grow, servicing the virtual machines and hosts becomes a more complex and manual process virtual machines this year Contoso will SAVE approximately 40 % } of the IT costs of running the on-premises servers by migrating their virtual machines to Azure. Open to all apps PowerShell VMDK Servers supported on Azure virtual machines Microsoft BizTalk Server Microsoft Dynamics AX Microsoft Dynamics GP Microsoft Dynamics NAV Microsoft Forefront Identity Manager Microsoft HPC Pack Microsoft Project Server Microsoft SharePoint Server Microsoft SQL Server Microsoft System Center Microsoft Team Foundation Server Server role support on Azure virtual machines Active Directory Domain Services Active Directory Federation Services Active Directory Lightweight Directory Services Application Server DNS Server File Services Network Policy and Access Services Print and Document Services Remote Access (Web Application Proxy) Remote Desktop Services* Web Server (IIS) Windows Server Update Services Persistent Virtual Machines with Geo-Replication Microsoft Azure Storage Flexibility and portability of VHD Microsoft Azure Availability sets Affinity groups You bring it - we run it Scenario: Migrating virtual machines to Azure Contoso is ready to move several production workloads to Azure VMs The on-premises environment will remain unchanged to avoid the risk of downtime Once communications and access is tested, application deployment, virtual networking, and Active Directory integration testing will begin. Contoso wants to ensure a smooth transition using a phased approach of integrating Azure and on-premises IT resources Contoso will work with an experienced cloudintegration partner to create the on-premises integration with Azure IaaS services The solution will allow Contoso to expand and converge infrastructure as needed to keep up with demands and save costs. Build, test, deploy > PowerShell How to Upload the VHD file to Azure • The Add-AzureVHD cmdlet, which is part of the Microsoft Azure PowerShell module, is required to upload the VHD • The VHDX format is not supported in Microsoft Azure. You can convert the disk to VHD format using Hyper-V Manager or the Convert-VHD cmdlet. • The following Windows Server versions are supported: Service Pack Architecture Windows Server 2012 All editions R2 N/A x64 Windows All editions Server 2012 N/A x64 Windows Server 2008 All editions R2 SP1 x64 OS SKU Getting started with VMs Security considerations • The VM is connected to the Internet. • RDP inbound is enabled by default. • RDP port 3389 cannot be used. • A strong password should be used. • The VM has unlimited outbound network access. • Who can control VM? Virtual machine charge rates and tiers Charge Rate by the Minute • Microsoft charges for virtual machines by the minute. • Prices are listed as hourly rates and are billed based on total number of minutes when the virtual machines run for a partial hour. Basic Compute Tier • New tier of compute instances. • Similar in configuration to the Standard tier with lower prices. • Does not include load balancer and auto-scaling. • Well-suited for single instance production applications, development workloads, test servers and batch processing applications that might not require these features. Standard Compute Tier • This tier of compute instances provides an optimal set of compute, memory and IO resources for running a wide array of applications. • These instances include both auto-scaling, load balancing, and internal load balancing capabilities at no additional cost. • Internal load balancing feature is currently in preview. Basic tier virtual machine sizes Size CPU cores Memory Disk sizes – virtual machine Max 1TB Disks Max. IOPS (300 per disk) 1x300 A0 Shared (0.25) 768 MB OS = 127 GB, Temporary = 20 GB 1 A1 1 1.75 GB OS = 127 GB, Temporary = 40 GB 2 2x300 A2 2 3.5 GB OS = 127 GB, Temporary = 60 GB 4 4x300 A3 4 7 GB OS = 127 GB, Temporary = 120 GB 8 8x300 A4 8 14 GB OS = 127 GB, Temporary = 240 GB 8 8x300 Standard tier virtual machine sizes Size CPU cores Memory Disk sizes – virtual machine Max. data disks (1 TB each) Max. IOPS (500 per disk) A0 Shared 768 MB OS = 127 GB, Temporary = 20 GB 1 1x500 A1 1 1.75 GB OS = 127 GB, Temporary = 70 GB 2 2x500 A2 2 3.5 GB OS = 127 GB, Temporary = 135 GB 4 4x500 A3 4 7 GB OS = 127 GB, Temporary = 285 GB 8 8x500 A4 8 14 GB OS = 127 GB, Temporary = 605 GB 16 16x500 A5 2 14 GB OS = 127 GB, Temporary = 135 GB 4 4X500 A6 4 28 GB OS = 127 GB, Temporary = 285 GB 8 8x500 A7 8 56 GB OS = 127 GB, Temporary = 605 GB 16 16x500 A8 8 56 GB OS = 127 GB, Temporary = 382 GB 16 16x500 A9 16 112 GB OS = 127 GB, Temporary = 382 GB 16 16x500 Demo Provisioning and managing virtual machines Hands-on Lab 2 Provision a new virtual machine Monitoring virtual machines Controlling virtual machines Module 3: Azure VM networks VMNet Overview Site-to-Site Communications Partner / Appliance Landscape VPN Support Scenario: Virtual IP addressing in the cloud Contoso has decided that migrating to Azure is a cost savings move. In addition, it will improve productivity by allowing employees to access commonly used intranet data and applications from the road using mobile devices. The next challenge is setting up virtual networking on the Azure side, and connect the on-premises users and resources to the Azure cloud. As part the pilot rollout of Azure VMs, the virtual IP Addresses (VIPs) will be set up and the Dynamic IP Address (DIPs) configured. Microsoft Azure Virtual Network Gateway Point-to-site and Site-to-Site virtual network More options for getting your virtual network started Windows Azure virtual network Scenario: Site-to-site connectivity Contoso is concerned about the complexities and IP addressing challengest of connecting Azure public cloud services with on-premises IT infrastructure. The process will start with a pilot for a limited number of users and resources using the existing RAS/VPN services. Connecting the office to the Azure public cloud to the on-premises resources is a fairly simple process that takes place on the Azure side by setting up an encrypted connection to the server using IPSEC. If the pilot is successful, Contoso will invest in a new VPN appliance that will offer better performance, monitoring, and logging. IP addressing in Azure virtual networks There are multiple ways to access a virtual machine by IP address: VIP – Virtual IP address • • • An internet-facing IP address that is not bound to a specific computer or network interface card. The cloud service that the virtual machine sits within is assigned the VIP. You can have multiple virtual machines in a cloud service. They share the same VIP. DIP – Dynamic IP address This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You rely on DHCP – Do NOT statically configure your IP address. Even for DCs. • The IP address lease directly equates to the lifetime of the virtual machine. • If you create a virtual network, the virtual machine will receive its DIP from that range. • Creating a virtual network in the Management Portal Custom Create VNet Quick Create VNet Extending your infrastructure Securely connect to Virtual Network from anywhere. Uses VPN client in Windows operating system. Traverses firewalls and proxies. Site-to-Site VPN Point-to-Site VPN Remote workers Demo Azure Virtual Networks • • • • • Name resolution between cloud services. Multiple hostnames for the same virtual machine. Cross-premises name resolution. Reverse lookups (PTR). Wins and NetBIOS name resolution. Azure Traffic Manager DNS-based service load balancing Direct user traffic to services running across Windows Azure datacenters based on policy: Performance/latency Round-robin DR / Failover How does Traffic Manager work? 1. User requests info using the company domain name. 2. The DNS RR for the company domain points to a Traffic Manager domain in Windows Azure Traffic Manager. This is done by using a CNAME record. 3. The Traffic Manager domain is part of the Traffic Manager profile that you create. You also create rules within this profile. The rules you select dictate the load balance method you want to use and what you want to monitor for health. 4. Traffic Manager processes the rules and returns the DNS name of the cloud service, which is later resolved to the IP address. 5. The User contacts the service directly, by IP address. This information is cached on the client’s computer. Thus, the client will continue to interact with the selected service until that TTL expires. How do I configure Traffic Manager? You can configure Traffic Manager in the Management Portal. 1. Create a Traffic Manager Profile. 2. Add endpoints. 3. Configure the DNS TTL. 4. Select the Load Balancing Method. • Round Robin • Performance • Failover. Be sure to adjust the failover order. 5. Configure Monitoring. • You can either monitor ‘/’ (default directory of the services) or create a file with the same name in each cloud service and allow Traffic Manager to perform an http(s) GET on the file. Then specify in Traffic Manager. 6. Save your changes. Hands-on Lab 3 Create and Azure virtual network Assign virtual machines Connect on-premises to Azure Module 4: Planning and deploying workloads to Azure VMs Azure AD Service SQL Server VMs SharePoint VMs Scenario: Deploying applications Contoso is ready to start its application testing and authentication to Azure VMs and applications from devices running in-house. Deployment of a replica domain controller, a SharePoint 2010 Foundation Server, and a SQL Server 2014 Standard Edition Server Contoso users can access applications from their desktops in the office and can access the intranet website using the private IP address space used for in-house resources Once the final phase of the testing is completed, the rollout will be to integrate the on-premises AD DS environment with the Azure AD infrastructure to ensure a single sign-on experience for users. Active directory on an Azure VM Business Drivers: • Support for pre-requisites for existing applications, such as SharePoint. • High Availability Solutions for SQL Server Databases using Always-On Availability Groups. • Disaster Recovery solution for branch offices and a limited set of virtual machines. • Dev/Test Workloads. Azure VM considerations for DCs Do not sysprep the Domain Controller From an existing physical machine • P2V a physical machine and move to Windows Azure • Move the Domain Controllers VHD file to Windows Azure • Create the virtual machine from the VHD Starting with a new virtual machine • Build a new virtual machine and replicate directory to Windows Azure Azure VM considerations for DCs (cont’d.) Attach a data disk (caching turned off) • Do not use D:\ ( temporary physical disk) Put logs and account DB on attached disk to avoid data loss Azure VM considerations for DCs (cont’d.) IP Addressing • Windows Azure VMs require use of a DHCP leased IP address. • The lease is an infinite ‘dynamic’ lease, but not the same as ‘static assigned’ address that you would expect to use in and on-premises environment. • The leased IP address is routable for the duration of the lease, which is determined by the life time of the service (or virtual machine). • Don’t try to assign a static IP to your virtual machine. You will lose communication to it. Azure VM considerations (cont’d.) Deploy DNS on the Domain Controller • • The Windows Azure DNS does not cover the AD DNS records needed. Register the DNS server in the virtual network. Common Azure SQL Server scenarios • Full production environment • Development and test environments • Cloud-based backup of on-premises data • SQL Server Always On with cloud-based secondary's DBaaS services with performance and scalability What’s New with SQL Server 2014 Partner Opportunity & Benefit In-Memory Built-In Average 10x faster for new and existing SQL Server apps. Multi-tenant Management Enterprise scale using Windows Server and effective resource management with IO Resource Governor. Scalability & Density Enterprise scale using Windows Server. • Cost efficiency with enhanced density and effective management HA - SQL Always On Availability Groups Up to 4 Replicas Replica Authentication Dependencies SQL backup and restore using Blob storage • Back up or restore using Windows Azure Storage. • SQL can be on-premises or cloud-based. SQL Server versus Windows Azure SQL Database SQL Server (IaaS) Windows Azure SQL Database (PaaS) Development Migrate Existing or Build New Apps Develop New Apps Management Full Control Managed Service Compatibility Full SQL Server Capabilities Based on SQL Server Technology Shared Technology Network transport (Tabular Data Stream) SQL dialect (Transact-SQL) Data access APIs (ADO.NET, ODBC, JDBC) Development tools (SQL Server Data Tools) Management tools (SQL Server Management Studio) More Information: http://blogs.msdn.com/b/windowsazure/archive/2013/02/14/choosingbetween-sql-server-in-windows-azure-vm-amp-windows-azure-sql-database.aspx SharePoint support on Windows Azure Product support • SharePoint Server 2010 and 2013 supports the hosted virtualization solution of Microsoft, as well as required technologies, such as Microsoft SQL Server, when these products and technologies are deployed on the Windows Azure platform. FAST Search support • Do not support Microsoft FAST Search Server 2010 for SharePoint deployments on Windows Azure. SharePoint Architecture Tips IOPS Most Important Factor • Optimize SQL Server storage. • Only SharePoint is on the C: drive. Scale Out Not Up • • • • Move content databases to separate SQL Servers. Move search databases to separate SQL Servers. Add more WFE for scaling SharePoint services. Add dedicated Search servers and SQL Server. Single virtual machines template Web/App Tier WEB/APP 1 x Large (4 Cores & 7 GB) Identity Tier 1 Small (1 Core & 1.75 GB) AD/DC/DNS LB Data Tier 1 x A6 (4 Cores & 28 GB) SQL 80 20000 Admin AVET SPWEB AVSET SQL AVSET DCSET Cloud Service Virtual Network Windows Azure Highly available template LB Web Tier WEB APP SQL AD/DC/DNS 2 x Large (4 Cores & 7 GB) AVSET SPWEB App Tier 2 x Large (4 Cores & 7 GB) AVSET SPAPP AVSET SQLHA AVSET DCSET 80 Data Tier 2 x A6 (4 Cores & 28 GB) 1 x Small (Quorum) (1 Core & 1.75 GB) Identity Tier 2 Small (1 Core & 1.75 GB) 20000 Admin Cloud Service Virtual Network Windows Azure Demo Deploy a Database to Azure Hands-on Lab 4 Deploy a SQL Server virtual machine Deploy a domain controller in Azure Module 5: Azure AD and identity management Azure AD DirSync and Password Sync Third Party SaaS Support and Office 365 Integration Public identity as the control point Active Directory What is Azure Active Directory? comprehensive Cloud app discovery AD Agent Logs Active Directory Cloud App Discovery Single set of credentials * *Coming soon Your Directory on the cloud Preintegrated SaaS apps in the application gallery Centrally managed identities and access What is Azure multi-factor authentication? A stand-alone Azure Identity and Access management service also included in Azure Active Directory Premium. Prevents unauthorized access to both onpremises and cloud applications by providing an additional level of authentication. Trusted by thousands of enterprises to authenticate employee, customer, and partner access. How MFA works Azure MFA versus MFA for Office 365 MFA for Office 365/Azure Administrators Administrators can Enable/Enforce MFA to end-users Use Mobile app (online and OTP) as second authentication factor Use Phone call as second authentication factor Use SMS as second authentication factor Application passwords for non-browser clients (e.g. Outlook, Lync) Default Microsoft greetings during authentication phone calls Custom greetings during authentication phone calls Fraud alert MFA SDK Security Reports MFA for on-premises applications/ MFA Server. One-Time Bypass Block/Unblock Users Customizable caller ID for authentication phone calls Event Confirmation Azure Multi-Factor Authentication Directory Sync • Synchronizes users, groups, and contacts to Windows Azure AD. • Users will have a different password in Windows Azure AD than they have for the on-premises AD. Password Sync versus Single Sign-On Password Sync Single Sign-On (ADFS) Same password to access resources X X Control password policies on-premises X X Support for multi-factor authentication X* X No password re-entry if on premises X Authentication occurs in on-premises directory X Client access filtering X * Limited Support Preparing for DirSync From the Windows Azure Management Portal Azure AD sync tool • • • Formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. Also synchronizes users, groups and contacts. This new feature will allow for same user sign in with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will be synced up to Azure AD. Demo Installing and running DirSync Hands-on Lab 5 Set up Azure AD install and run DirSync Wrap up and Q&A The Benefits of Selling Azure The best path to capitalizing on the major new business opportunities enabled by cloud computing. $ Increase profitability with new lines of business in the cloud Deliver the right solutions and services to your customers Build and deploy quickly on a familiar platform Why Microsoft Microsoft offers compelling competitive differentiation to customers Single vendor across clouds – private, public and hosting provider. Single point of support for infrastructure, OS, services, and applications. Tenured experience and enterprise credibility. Single vendor for Infrastructure-as-a-Service (IaaS) and Platform-as-aService (PaaS). SharePoint, SQL Server, and Windows Server run best on Microsoft Azure. Next steps Microsoft Partner Network benefits overview Action Pack subscription Microsoft logo Silver competency Gold competency Silver competency logo Gold competency logo Partner Incentives Cloud incentives Licensing, solution and cloud incentives Licensing, solution and cloud incentives Internal Use Software Up to 10 product licenses Up to 25 product licenses Up to 100 product licenses MSDN Subscriptions 3 MSDN 5 MSDN 10 MSDN Marketplace listing Priority listing Premier listing n n n Varies by subscription type 20 hours 50 hours n n n Microsoft Pinpoint Partner Support Community Partner Advisory Hours Marketing Tools, Microsoft Financing, Sales Tools Active partners can download a benefits summary to understand the benefits available to them and maximize their usage. http://aka.ms/usmpnbenefits Internal Use Rights (IUR) Core Benefits* Integrating Microsoft Online Services and Windows Azure Promoting the power of choice Partners can deploy Internal Use licenses via Microsoft Online Services or onpremises software. Cloud Service SKU Gold Benefit** Silver Benefit** MAPS Benefit*** Comments Office365 E3 100 seats 25 seats 5 seats Each seat of O365 used in exchange for 1 on-premises Client Access License (CAL) (SharePoint, Exchange, and Lync). CRM Online CRMOL Pro 60 seats 15 seats 5 seats Each seat of CRM Online used in exchange for 1 on-premises CAL of Dynamics CRM . 5 licenses Up to 5 devices per license. Each license of Windows Intune used in exchange for 1 on-premises CAL of System Center Device Manager. Cloud Windows Service Intune Only Azure N/A 100 licenses 25 licenses $100 Monthly $100 Monthly $100 Monthly Azure credit is additional to existing onpremises IURs. Credit Credit Credit Internal use rights licenses that are part of Cloud Essentials or Cloud Accelerate entitlements must be deployed by Microsoft Partner Network Integration launch in January. The end date for all Internal Use Rights will be June 30, 2014. Must sign MOSPA + CSA agreements in order to qualify for CRM Online IURS. *Please refer to the Disclosure Document for full details. Core benefits are available to all partners in all competencies. **Partners will be able to earn additional licenses of Microsoft Dynamics CRM Online and Windows Azure through specific competencies and competency tracks. Partners are eligible to earn an additional 20 seats of Microsoft Dynamics CRM Online by attaining either a Customer Relationship Management (CRM) competency or an Enterprise Resource Planning (ERP) competency. ***Partners can earn additional Office365 licenses by selling Microsoft Online Services. Partners are eligible to receive an additional five seats of Office 365 after selling 25 seats of Office 365 within the previous 12 months. Start testing Azure now – using IURs What to Test? Azure Scenarios for SMB Why? Develop expertise now in a controlled environment using $100 of monthly Azure credits at no charge Where to Start? Partner Programs, Azure Technical Scenario 101s Azure Benefits through MPN (MAPS) Azure Benefits through MSDN Find out more: http://Aka.ms/azureiur Azure 101’s Azure Backup – Virtual Machines – Active Directory – Websites Microsoft Action Pack Subscription – Update Single, universal Action Pack subscription leading with cloud New benefits Six resource centers aligned to partner practices (partners can choose 1 or more) • Technical support: Access to telephone support for presales, technical, and deployment issues related to Microsoft Cloud Services. • Internal Use Rights (IURs): including both on-premises and Cloud products and services. • Training: access to over 2,000 training courses on selling, configuring, and implementing Microsoft products and services plus discounts on Microsoft Certified Professional exams. • Developer tools: access to world-class Visual Studio developer tools to support development across Microsoft platforms, including desktop, phone, server, and Web. • Bing credits: $600 Bing Ads Credit ($100 for partners, $500 for their customers) to market products, services, and solutions. • Campaigns: exclusive access to Ready-To-Go Marketing Campaigns for Microsoft products and services. Ahead of the Game Technical Series Get additional hands-on technical training on building solutions for small and midsize organizations: Be Lean, Stay Lean with Virtualization and Cloud Master the key technologies for helping SMBs virtualize, and where appropriate, to deploy to the cloud. Be Lean, Stay Lean with the Data Platform Learn to leverage the power of SQL Server 2014 to deliver database solutions both onpremises and in the cloud. Be Lean, Stay Lean with the Microsoft Cloud Learn about Azure cloud solutions and reselling Azure through the Open licensing channel. Business Anywhere Gain the skills to provide solutions to SMB customers in for key mobility and remote access scenarios. Tap Your Data Goldmine Learn how to deliver powerful business intelligence solutions to your SMB customers using familiar tools. http://aka.ms/smblearningpath Microsoft Partner Learning Paths The Learning Paths site allows you to build learning plans for resources within your organization. Create plans by product, competency, or partner type and track your progress! Click here for a demo! The Microsoft Partner Learning Paths site is the key resource for all competency related training. Specifically: • • • • Sales Specialist assessments. Pre Sales Technical assessments. Technical assessments. Technical Certification courses that align to competency. For more info on the Learning Paths click here. Training Certifications and Accreditations Microsoft Technical Certifications Microsoft Solutions Associate (MCSA) Microsoft Solutions Expert (MCSE) Microsoft Sales Specialist Accreditation Designed for individuals, who support the initial stage of the sales process at Microsoft partner organizations, and require only a high-level overview of technical product features and benefits. Microsoft Pre Sales Technical Accreditation Designed for technical professionals, who support sales teams with value demonstrations and proof-of-concept development to close deals on solutions built on Microsoft technologies. Get more information at Microsoft Learning Get more information on Sales Specialist training and accreditation Get more information on Pre-Sales Technical training and accreditation Become a Microsoft Cloud Partner When you become a Microsoft Cloud Partner, you receive a set of core benefits to help you start and build your cloud practice, including: • • • Internal-use software rights. Tailored training. Prioritized exposure in Microsoft marketing and product directories. Members of the Microsoft Partner Network Cloud Essentials program receive monthly credits of $100 of Windows Azure at no charge. For details, visit: http://www.windowsazure.com/en-us/offers/ms-azr-0051p/ Host your own solutions to rent out to your customers with SPLA Examples Service Offerings & Managed Services Microsoft hosting solutions—based on one common platform (Windows Server, System Center & SQL Server) • Rented Virtual Servers Shared or Dedicated • Disaster Recovery • Rented virtual database servers • Database-as-a-Service • Lync, SharePoint, Exchange, Dynamics • CRM, ERP, LOB apps • Custom LOB apps • Ecommerce sites • Company websites • Gaming & entertainment To become an authorized SPLA hosting provider, follow these 6 easy steps: 1 2 • Windows desktops for students or call centers • Mobile sales team apps 3 Contact your SPLA-Disti for further assistance. Join the Microsoft Partner Network. Join the Microsoft Hosting Community. Sign the Microsoft Business and Services Agreement. Build your offer and start selling to customers. Provide monthly reporting and payment. 4 5 6 For full detail requirements, please see the SPLA Program Guide Learn more about SPLA Take advantage the momentum. Plan and expand your service offerings on Microsoft Cloud OS • Download and Try: Windows Server 2012 R2, System Center 2012 R2, Windows Azure Pack. Build and optimize your services offerings by leveraging new capabilities Expand your reach with investments in marketing and sales • Data Center and Data Platform Hosting Competency.. • Microsoft Services Provider License Agreement (SPLA). • License Mobility through Software Assurance. • Learn more about Cloud OS. • Technical Deployment Camp: Cloud Infrastructure and SQL Server. • TechNet Virtual Labs. • Hosting Days Events. • Hosting Resources on MS.COM/hosting. • Microsoft Partner Network Hosting Community. • Cloud OS Hosting Service Provider Programs: Hyper-V Ignite, COSN, Cloud OS Network • Technical Reference Architecture. • Microsoft Partner Network Resources . • Partner Marketing Center Hosting Service Provider Campaign. Microsoft Virtual Academy Free Microsoft Training Delivered by Experts Microsoft Virtual Academy (MVA) offers online Microsoft training delivered by experts to help technologists continually learn, with hundreds of courses, in 11 different languages. Learn the latest technology, build skills, and advance your careers. http://www.microsoftvirtualacademy.com 173 Spiceworks With more than 5 million IT pros, Spiceworks is where people go to share and find info on allthings-IT. Free App Download the Spiceworks app to get network inventory, network monitoring, help desk software, and more! Free Community Spiceworks has all the IT resources you need to make smart IT decisions, including product reviews, vendor ratings, IT help, howtos, and discussions. Free Career Tools Take your career wherever you want it to go by creating a portfolio, searching job listings, and browsing helpful tips and resources. Ahead of the game campaign resources Leverage Server and Cloud Solutions to dramatically increase margin and keep SMB customers ahead of the game http://aka.ms/AheadoftheGame Next steps http://aka.ms/smblearningpath http://aka.ms/rampup http://aka.ms/AzureVAR Cloud Partner Community Summary of partner resources Ahead of the Game Marketing Content http://aka.ms/AheadoftheGame Competencies http://partner.Microsoft.com Partner Learning Center: https://mspartner.microsoft.com/en/us/Pages /Training/partner-learning-center.aspx Microsoft Virtual Academy http://www.microsoftvirtualacademy.com/ ISV Upgrade Support Email isvupgrade@microsoft.com with app name and name of ISV Appendix Azure Migration Strategy
