♡ ♡

•

•

•

•

•

• Sasha Kranjac

• Azure and Security Expert @ Kranjac - IT Training

& Consulting

• @SasaKranjac

• Microsoft Azure MVP

• MCSE, MCP, MCSA, MCITP, Microsoft Certified

Trainer (MCT), MCT Regional Lead, Certified

Ethical Hacker (CEH), Certified EC-Council

Instructor (CEI)

AM COFFEE LUNCH PM COFFEE

10:45 - 11:15 12:15 - 13:15 14:35 - 15:15

PaaSA platform of

services for

hosting a

custom

solution

IaaSA way to run

virtual servers

in the cloud

with full

control

SaaSA complete

software

solution

Who manages what?

Infrastructureas a Service

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Manag

ed

by M

icroso

ft

Yo

u s

cale

, make

resi

lient

& m

anag

e

Platformas a Service

Sca

le, R

esilie

nce

and

manag

em

ent b

y Micro

soft

Yo

u m

anag

e

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

On PremisesPhysical / Virtual

Yo

u s

cale

, make

resi

lient

and

manag

e

Storage

Servers

Networking

O/S

Middleware

Virtualization

Data

Applications

Runtime

Softwareas a Service

Storage

Servers

Networking

O/S

Middleware

Virtualization

Applications

Runtime

Data

Sca

le, R

esilie

nce

and

manag

em

ent b

y Micro

soft

Windows Azure

Virtual Machines

Windows Azure

Cloud Services

•Azure portal

• PowerShell

•Azure Automation

•Azure CLI

•Visual Studio

•Azure Resource Manager provides a method for

grouping and managing Azure resources

• The advantages include:

• Manage resources as a group

• Reuse solutions and consistently deploy resources

• Quickly deploy and re-deploy large solutions

• Define dependencies and resource deployment order

• Use role-based access control for permissions

• Logically organize resources by using tags

•Resource groups enable logical groupings of

resources

•Resources are assigned to a resource group when

created

• Some resources can be moved between resource

groups

• Virtual networks and subnets

• Network interfaces

• IP addresses (private and public)

• Virtual network-based DNS and Azure DNS

• Azure Load Balancer

• Application Gateway

• Traffic Manager

• Network security groups

• User-defined routes

• Forced tunneling

• Virtual network connectivity

• Virtual network gateways

• An IP address space with one or more subnets:

• Private:

• 10.x.x.x

• 172.16.x.x – 172.31.x.x

• 192.168.x.x

• Public (supported, but rarely used)

• IP addresses:• Private – allocated to VM NICs or internal load balancers

• Public – assigned to VM NICs or load balancers

• DNS name resolution:• Default – Internet names and names within the virtual network

• Custom – cross-premises, cross-virtual networks, custom domains

Customer 2

Isolated Virtual

Networks

Customer 1

Subnet 1 Deployment X Deployment Y

VLAN-to-VLAN

Subnet 2 Subnet 3

DNS Server

Microsoft Azure

Azure virtual machines support:

• Windows Server:

• All currently supported versions (CSA required for older ones)

• All roles and features, except:

• DHCP, Direct Access, RMS, Windows DS

• iSNS, MPIO, NLB, PNRP, SNMP, Storage Manager for SANs, WINS,

Wireless LAN Service

• Linux:

• CentOS, CoreOS, Debian, Oracle Linux, Red Hat, SUSE,

openSUSE, and Ubuntu

• Windows Server software:

• FIM, MIM, SharePoint Server, SQL Server, System Center, and

more

• General purpose:

• Balanced CPU-to-memory ratio

• A0-A7, Av2, D, Dv2, Dv3, DS, DSv2, Dsv3 series

• Compute optimized:

• High CPU-to-memory ratio

• Fs and F series

• Memory optimized:

• High memory-to-CPU ratio

• D, Dv2, DS, DSv2, Ev3, Esv3, Ms, G, and GS series

• Storage optimized:

• High-performance disk I/O

• Ls series

• GPU:

• Graphic Processing Unit support

• NV and NC series

• High performance compute:

• Fastest CPUs and optional high-throughput RDMA

• H series and A8-A11

•Azure VMs in an availability set:

• Logical grouping of two or more Azure VMs

• Must be assigned during Azure VM deployment

• Up to 3 fault domains

• Up to 20 update domains

• 99.95% availability SLA

• Considerations:

• Add multiple virtual machines to the same availability set

• Place application tiers in separate availability sets

• Combine availability sets with load balancing

• Standalone VMs:

• 99.9% availability SLA if using Premium storage disks

• Web Apps:

• Near instant deployment

• SSL and Custom Domain Names available in some tiers

• WebJobs provide background processing for independent scaling

• Can Scale to larger machines without redeploying applications

• SQL-as-a-Service Offering:

• Fully managed

• Automatically replicated

• Compatible with existing TDS-capable software:

• Visual Studio

• SQL Server Management Studio

• Entity Framework

• Managed using existing tools, the CLI, PowerShell or

the Portal

• Performance measured in a predictable manner:

• Database Throughput Units (DTUs)

•Azure provides money-backed SLAs for IaaS

services:

• Two Instances or more in an Availability Set = 99.95%

• Single Instance VM using Premium Storage = 99.9%

•Decisions should based on cost and availability

requirements

• Single instance VM would gain 99.9% SLA if it

complies with:

• Premium Storage for all Operating System Disks and

Data Disks

•Any single instance VM without Premium storage

receives no SLA

•Availability Sets provide assurance that any

multiple instance VM will be available 99.95%

of the time

Availability Sets cater for planned and unplanned maintenance using Update Domains and Fault Domains

When planning multiple tier applications use

multiple Availability sets, one per tier

•Azure Load Balancer:

• Internal load balancer

• Internet-facing load balancer

• To configure:

• Assign a front-end IP

• Public for an Internet-facing load balancer

• Private for an internal load balancer

• Assign back-end address pool

• Create load-balancing rules

• Create inbound NAT rules (optional)

• Create health probes

•Application Gateway

• Traffic Manager

•Azure Functions:

• Build on WebJobs Technology

• Available in Consumption and App Service Plan billing

modes

• Can be deployed using Scripts or Pre-Compiled

• Managed and Edited directly in the portal:

• Supports CI from GitHub or VSO if preferred

•Azure Functions features no-code triggers that

can invoke a function based on changes in the

following services:

• Azure:

• Storage Blobs

• Cosmos DB

• Storage Tables

• Mobile Apps

• Office 365 Files

• Third-Party:

• Twilio

• SendGrid

•Automation workflow solution:

• No-code designer for rapid creation of integration

solutions

• Pre-built templates to simplify getting started

• Out-of-box support for popular SaaS and on-premises

integrations

• BizTalk APIs available to advanced integration solutions

• JSON-based workflow definition:

• Can be deployed using ARM templates

Plan1 Monitor + Learn

ReleaseDevelop +

Test2

Development Production

4

3

DevOps

✓ Centrally manage users and access to

Azure, O365, and hundreds of pre-

integrated cloud applications

✓ Build Azure AD into your web and

mobile applications

✓ Can extend on-premises directories to

Azure AD through synchronizationEnd Users

Active Directory

Azure Active Directory Cloud Apps

✓ Protect sensitive data and applications

both on-premises and in the cloud with

Multi Factor Authentication

✓ Can use Active Directory (on-premises)

with Azure Active Directory (in cloud) to

enable single sign-on, a single directory,

and centralized identity management

✓ Multi Factor Authentication can be

implemented with Phone Factor or with

AD on-premises

Active Directory

Microsoft AzureActive Directory

Virtual Machines:

✓ Data drives – full disk encryption through BitLocker

✓ Boot drives – partner solutions

✓ SQL Server – Transparent Data Encryption

✓ Files & folders - EFS in Windows Server

Storage:✓ Bitlocker encryption of drives for import/export of

data

✓ Server-side encryption of Blob Storage using AES-256

✓ Client-side encryption w/.NET and Java support

✓ StorSimple with AES-256 encryption

Applications:✓ Client Side encryption through .NET Crypto API

✓ RMS SDK for file encryption by your applications