19_Microsoft
advertisement
• • • • • Started in technology 24 years ago as a Mainframe Librarian for AMEX Been working for Microsoft last 3 years Prior to MSFT, 7 years @ EMC Prior to EMC, 7 years @ Avanade and Perot Systems Authored books and whitepapers on Microsoft technologies (2001): MOF Change Quadrant SMFs (2008): “SCCM 2007 R2 Unleashed” (http://www.amazon.com/System-Center-ConfigurationManager-Unleashed/dp/0672330237) (2011): SCCM 2007 Lab Deployment Guide: http://download.microsoft.com/download/1/3/A/13A161C1-2481-4E47-977186F55AC9F0EC/ConfigurationManager2007 Lab Deployment Guide.docx (2013): Microsoft Office 365 Administration Inside Out (O’Reilly): (http://www.amazon.com/Microsoft-Office-365-Administration-Inside/dp/0735678235) • 2004-2010 Microsoft MVP (WMI (1) & SCOM (6)) This has happened before Electrical Grid Adoption 5% 1900 40% 1907 80% 90% 1930 1935 Storage: always running out of disk DR: offsite storage, servers, backup, surveillance Burst: need more capacity Media: create, store, distribute, to different devices, surveillance Dev/test: validate apps and environments Research: large compute, short window of need Database: without the hassles Collaboration repository HIPAA: process and store private data IT concerns, decision points Cloud Services http://www.windowsazur e.com/enus/support/trust-center/ • Regulatory & Compliance Domain ISO 27001 Windows Azure Yes SAS 70/SSAE/SOC 1 Yes, Type II SOC 2 Yes, Type II ISAE 3402 Yes FERPA N/A FISMA [ATO] Yes FedRAMP Yes HIPAA/BAA Yes Data Processing Agreement Yes Section 508 Rehabilitation Act Section 508 VPATs available PCI Yes GLBA Yes IPv6 TBD – CY14 Q4 CJIS TBD – CY14 Q4 Multi-factor authentication for customer and internal operations access Segregation of duties through role-based group memberships configured as AD security groups All data centers hosting Windows Azure data are managed by Microsoft Global Foundation Services (GFS) which are FedRAMP certified Geographically distributed locations throughout the U.S. Highly secured access mechanisms Data Security Custom developed, highly automated management system through the hypervisor Custom developed monitoring and logging system FIPS 140-2 validated encryption Key and certificate management based on industry best practices Data replication within each data center as well as solutions for geo-replication to multiple data centers Internal and customer configurable software firewalls/DoS/IP filtering Virtual Private IP for all customer connections based on Azure subscriptions Federal Risk and Authorization Management Program (FedRAMP) JAB Provisional ATO ISO/IEC 27001:2005 Audit and Certification SOC 1 and SOC 2 SSAE 16/ISAE 3402 Attestations Cloud Security Alliance Cloud Controls Matrix PCI Level 1 Compliant UK G-Cloud Impact Level 2 Accreditation HIPAA Business Associate Agreement (BAA) Tailored to meet security functionalities in a cloud service environment − Scalability − Virtual machine and customer-to-customer isolation − Security built into the software and focused on predeployment testing Understanding Microsoft's Public Cloud Solution Operational Energy Traditional Modular Offline UPS technologies can drive Electrical losses substantially down Widening temperature range can remove chillers and drive cooling to zero Virtualization, active power management increase IT return on investment Source: EYP Mission Critical Facilities Inc., New York Datacenter 1989-2005 2007 2009 2012 Future Generation 1 Generation 2 Generation 3 Generation 4 Generation 5 1.2 – 1.5 PUE 1.12 – 1.20 PUE 1.07 – 1.19 PUE 2.0+ PUE Colocation Server Capacity 20 year Technology 1.4 – 1.6 PUE Density Rack Density & Deployment Minimized Resource Impact Containment Modular Containers, PODs Scalability & Sustainability Air & Water Economization Differentiated SLAs ITPACs & Colocations Reduced Carbon Right-Sized Faster Time-to-Market Outside Air Cooled Integrated Integrated System Resilient Software Common Infrastructure Operational Simplicity Flexible & Scalable 200+ Cloud Services 430B+ 280% 50% 29K+ 93% 2:3 46% 66% Windows Azure runs on Windows Server 8.5T objects stored in Windows Azure Bing runs on Windows Server 5.5B+ global queries per month Windows Azure AD authentications of the Fortune 1000 use Active Directory year-over-year database growth in Windows Azure servers worldwide run on Windows Server** of Fortune 500 use Windows Azure organizations already use Windows Intune worldwide share: SQL Server most widelydeployed database* of enterprise seats covered with System Center 1B+Office users, 1 in 4 enterprise customers now has Office 365 * IDC Server Workloads Study 2013 ** IDC 2013 WW Server Tracker One consistent experience Azure Azure Private Cloud Private Cloud Your Datacenter ONE Microsoft Consistent Platform Service Provider Anyone watch the Olympics? Olympics NBC Sports Live video encoding and streaming Web + Mobile Over 100 million viewers in 22 countries and 4 continents More than 100TB of storage Over 500 Billion Storage Transactions The Sochi Olympics were powered worldwide by Azure & Hyper-V World Record: 2.1 million concurrent HD viewers during the USA vs. Canada hockey match Store, backup, recover your data Develop, test, run your apps Extend your infrastructure Reach where your datacenter won’t 27 Cloud Storage Opportunity Highly durable and scalable Multiple copies of your data Financially backed SLAs Storage for objects, tables, drives Supports REST APIs Windows Azure Storage Defend against regional disasters. Simple and fast on-ramp to Azure Active data instantly available locally Archives less used data to Windows Azure Recover data from any internet connection Reduce Agency storage TCO by 60-80% 1. Full MPIO Support 2. Dual Controllers with Autofailover 3. Dual Power 4. Dual Cooling 5. RAID drives 6. Hot-spare drives 7. Non-disruptive software upgrades 8. Certified by Microsoft & VMWare SSD A B C A B D E Linear Tier SSD E Deduplicated SAS C D D E Deduplicated Compressed E Cloud Deduplicated Compressed Encrypted 34 Backup and restore database to the cloud SQL Server Management Studio Benefits Reliable off-site data backup for SQL images Easily restore databases using VMs Backup datacenter data to Windows using System Center Data Protection Manager Backup and recover files/folders from Windows Server 2012 SP1 Your On-Premises Datacenter Benefits Reliable offsite data protection Simple, familiar, integrated Efficient backup and recovery Easy set up Store, backup, recover your data Develop, test, run your apps Extend your infrastructure Reach where your datacenter won’t can’t 38 Your Datacenter Store, backup, recover your data Test drive test, Develop, yourrun apps your apps Extend your infrastructure Reach where your datacenter won’t 43 Active Directory SharePoint Your Datacenter SQL Server Store, backup, recover your data Test drive test, Develop, yourrun apps your apps Extend your infrastructure Reach where your datacenter won’t 45 Windows Azure Websites http://WindowsAzure.com HYBRID CLOUD SAMPLE ARCHITECTURES Hybrid Cloud Scenarios Encrypted Backup VPN Windows Backup SC Data Protection Manager Recovery Health Monitor Manage Recovery plan System Center Virtual Machine Manager AD Hyper-V Replica SQL Exchange Site B System Center Virtual Machine Manager AD SQL Exchange Orchestrated Recovery in case of outage Policies Automation Most Active Data on SSD StoreSimple Cloud Integarted Storage Warm data on SAS Local Tier 100 up to 550 TB De duplicated, Compressed & Encrypted De duplicated 2 up to 20 TB Application Servers Site A VPN De duplicated & Compressed Encrypted Backup Recovery Benefits • Consolidates primary, archive, backup, DR thru seamless integration with Azure • Cloud Snapshots • De duplication • Compression • Encryption • Reduces enterprise storage TCO by 60–80% Hybrid Cloud Scenarios File / Application Servers File / Application Servers • Live Backups, Archives, and Disaster Recovery • Dramatic Cost Reduction • No Changes to Application Environment • File share with integrated data protection • All-in-one primary data + backup + live archives + DR with de-duplication & Compression Most Active Data on SSD De duplicated VPN Encrypted Backup Warm data on SAS Local Tier StoreSimple Archive Data Encrypted • SharePoint storage on StorSimple + Azure • StorSimple SharePoint Database Optimizer • Improved performance & scalability De duplicated, Compressed & Encrypted Policies De duplicated & Compressed Automated Control Virtual Sprawl Cloud-as-a-tier Offload storage footprint VMware Storage DRS Storage pools • Virtual Machine Archive • Regional VM Storage • • • • Recovery Benefits • Consolidates primary, archive, backup, DR thru seamless integration with Azure • Cloud Snapshots • De duplication • Compression • Encryption • Reduces enterprise storage TCO by 60–80% Hybrid Cloud Scenarios Developers Tier 1 VPN Windows Azure SDK Windows Azure AD VPN Tier 2 Tier 3 Availability Set Availability Set Availability Set Load Auto Web Virtual VHD Balancing Scaling Site Machines Auto SharePoint Mobile Scaling Service Azure HDInsight Analytics SQL Storage & Reporting Azure (Hadoop) Windows Azure CDN Windows Azure Cache Storage BLOB Storage Table Notification Hub Storage Queue Users On Premises INGRESS NODES Collect / Decode Connected Devices Load Auto Worker Balancing Scaling Roles ANALYTICS NODE Record Filter / Analyze / Aggregate Azure Storage Auto Worker Scaling Roles CONSUME Reporting / BI Azure Analytics SQL & Reporting Azure Storage Hybrid Cloud Scenarios Encrypted Synchronization Microsoft apps Consumer identity providers AD PCs and devices Multi-Factor Authentication can be configured through Windows Azure AD AD Multi-Factor Authentication can be configured through the AD FS integration with Windows Azure User attributes are synchronized using DirSync including the password hash, Authentication is completed against Windows Azure Active Directory User attributes are synchronized using DirSync, Authentication is passed back through federation and completed against Windows Server Active Directory Custom ISV/CSV LOB apps apps 3rd party clouds/hosting Hybrid Cloud Scenarios Multi-Factor Authentication Server On Premises Applications ADFS / SAML .NET, Java, PHP, … AD Multi-Factor Authentication Server BYOD / Personal devices Corporate devices VPN Admin Remote Users • • • • • • Built-in SDK for integration Strong multi Factor Authentication Real Time Fraud Alert Reporting, Logging & Auditing Enables compliance with NIST 80063 Level 3, HIPAA, PCI DSS, and other regulatory requirements SQL Server Hybrid Cloud Scenarios Publish Compare Sync Import / Export Register / Unregister Management Portal VPN Management Portal VPN / Encrypted Data Primary Dispersed Teams SQL Backup tool for legacy Manual Console Backup Managed Backups Asynchronous Commit VPN Console 2014 / Scripts 2012 Backup Availability Groups Periodic Snapshots Geo Replication Secondary Disaster Recovery Powering BI Apps NEXT STEPS Explore potential scenarios - Center of Excellence Architectural Design Session - Microsoft Technology Center Define and build a proof of concept (At MTC or customer lab) Setup Quick Test Scenarios Disaster Recovery, Test/Dev or Storage for Azure Setup High Business Impact Test Scenarios SQL, SharePoint, Web, File share >_ I have previously set up an Azure Account. http://manage.windowsazure.com/ Also see http://www.windowsazure.com/en-us/ +NEW” Click “ Click VIRTUAL MACHINE Click FROM GALLERY http://manage.windowsazure.com/ Choose a Server Operating System Click Windows Server 2012 Input a desired VM Name Click Next (right arrow) Input a desired DNS Name Choose the Geo Location of the Microsoft Datacenter where you want your VM(s) to be located I have chosen EAST US as my Geo Location Click Next (right arrow) Choose an Availability Set Click #7 to Provision the New VM My New Virtual Machine, hosted in Windows Azure’s United States-based Datacenter(s) is being provisioned. Now my VM is accessible through RDP
