with the Microsoft Cloud
Download
Report
Transcript with the Microsoft Cloud
Ahead of the Game
Technical Series
Sharon Bennett
SMB Product Technology Advisor
October 15, 2014
Be Lean, Stay Lean
with the Microsoft Cloud
Introduction
About this Course
Delivery Schedule
Objectives
Logistics and introductions
• Class hours
• Rest rooms
• Meals
• Internet
- https://cloud.holsystems.com/ModernBiz
- The access code is MBVC2825
Azure Pass
Presenter introduction
About this course
Audience: IT Pros, Consultants, Partners
Objectives: Identify opportunities for partners to enable small and medium size businesses (SMBs) to
increase efficiency and productivity, while reducing IT operating expenses (OPEX) by implementing
hybrid cloud scenarios using Microsoft Azure services and become proficient in designing and
implementing Azure technologies and services for SMB customers.
Topics covered:
•
Overview of Microsoft Azure, Partner Opportunities, SMB trends, Transacting Microsoft Azure,
Reselling Azure services, Azure in Open Licensing
•
Azure Backup, Azure Storage, Azure Web Sites
•
Azure Virtual Machine workloads – Infrastructure as a Service (IaaS)
•
Azure Application Workloads – Platform as Service (PaaS), and Applications on Azure VMs
•
Azure Virtual Machine Networks (VMNet)
•
Azure Active Directory and Identity Management
Delivery schedule
9:00 – 9:30
9:30 – 10:00
10:00 – 10:15
10:15 – 10:30
10:30 – 11:15
11:15 – 12:00
12:00 – 1:00
1:00 – 1:30
1:30 – 2:00
2:00 – 2:15
2:15 – 2:45
2:45 – 3:00
3:00 – 4:00
4:00 – 4:30
4:30 – 5:00
Class Introduction, Partner Opportunities, SMB Trends
Module 1: Azure Backup, Storage and Web sites
Hands-on Lab: Azure Backup, Storage and Web sites
Morning Break
Module 2: Azure Virtual Machine Workloads
Hands-on Lab: Azure Virtual Machine Workloads
Lunch Break
Module 3: Azure Virtual Machine Networks
Hands-on Lab: Azure Virtual Machine Networks
Module 4: Planning and Deploying Workloads to Azure
Hands-on Lab: Deploying Applications to Azure
Afternoon Break
Module 5: Azure Active Directory, Identity Management and Office 365
Hands-on Lab: Azure Active Directory and Identity Management
Wrap up and Q&A
Module 1: Azure Backup, Storage, and Web Sites
Topics
•
Overview of IaaS and PaaS.
•
Pricing out Consumption-Based Services.
•
Azure Backup.
•
Azure Storage Accounts and BLOB storage.
•
Azure Web Sites.
Module 2: Azure Virtual Machine Workloads
Topics
•
Provisioning Azure Virtual Machine Workloads.
•
Managing Azure Virtual Machine Workloads.
•
Sizing and Capacity.
•
Importing Virtual Machines.
•
Monitoring Virtual Machines.
•
Pricing out Virtual Machines.
Module 3: Azure Virtual Machine Network and
Traffic Manager
Topics
•
Windows Azure Virtual Network (VNET).
•
Virtual IP Addresses and Dynamic IP Addresses (VIPs and DIPs).
•
Inbound Traffic – Software Load Balancer (SLB).
•
Supporting multiple VNETs within a subscription.
•
Controlling inter-VNET communications.
•
Site-to-Site (On-premises to Azure) Communications.
Module 4: Planning and Deploying Workloads to
Azure Virtual Machines and Servers
Topics
•
Azure SQL Server Database Service.
•
Azure SQL Server Virtual Machines.
Module 5: Azure Active Directory and Identity
Management
Topics include:
•
Azure Active Directory (Azure AD).
•
Password Sync/DirSync.
•
Office 365 integration and Single Sign-on.
•
Third Party Cloud Services Support for Azure AD Authentication.
Why the cloud?
1
2
Cloud
3
4
5
Physical
server
Microsoft
Azure
Virtualization
The game is changing for resellers
How do I support
my mobile
employees and
keep them
productive?
Am I ready for a
disaster? Will I
lose my data?
Partner role
How do I ensure
uptime for my
applications?
How do I save
money on
infrastructure?
Do I need the
cloud?
Partner opportunity with Microsoft cloud in SMB
Growing your business with Microsoft Azure
• Enables partners to
differentiate by bundling their
own IP alongside other cloud
offerings.
• Cloud software is easier to
develop, test, and take to market.
• Lowers the barriers to entry to
offer managed services.
Microsoft Azure
An open and flexible cloud platform that enables you to quickly build, deploy, and manage
solutions across a global network of Microsoft-managed datacenters.
• Build applications using
any language, tool, or
framework.
• Integrate public cloud
solution with the existing
IT environment.
• 99.95% monthly SLA.
• Automatic operating
system and service
patching.
Usage-based services
App services
Compute
Storage
Caching
Identity
Service bus
Media
Virtual
machines
Websites
Cloud
services
Mobile
services
SQL
database
HDInsight
Tables
Blob
storage
Connect
Virtual
network
Traffic
manager
Network
CDN
Integration
HPC
Analytics
Key Azure scenarios
Data Backup in the Cloud
Deploy Applications within VMs
Orders
AP
Product
SharePoint
Provide easy, scalable data backup in
the cloud
• A range of applications: file servers,
SharePoint, SQL Server, Exchange.
• Encrypted backups, Global Georedundant datacenters.
• Quickly and easily provision more
storage for your customers as
needed.
Host Websites
CRM Acct
HR
SQL Server
Business
Databases Applications
Virtual
Machines
Leverage Microsoft Azure to quickly
deploy customer applications in
the cloud
• Cut infrastructure costs and Reduce
IT management burden.
• Deploy Microsoft Workloads
(SharePoint Servers, SQL Server,
Domain Controllers) as well as third
party business applications.
Grow your business helping
customers move their websites to
the cloud with Microsoft Azure
• Quickly build, deploy, and manage
websites on an open and flexible
cloud platform.
• Offer the peace of mind from
hosting on a global network of
Microsoft-managed data centers.
Microsoft Azure
kr
$
£
$
chf
€
руб
₩ ¥
TL
Global datacenters
$
Rp
Global support
Local account teams
Local currencies
kr
$
R
$
24 x 7 x 365 support Over 1 billion customers, 20 million businesses
90 markets worldwide
280 years of combined industry experience in infrastructure, security, product dev, and global ops
$
Azure purchasing options
Direct on azure.Microsoft.com
Pay As You Go
Zero upfront, cancel
anytime.
No long-term
commitment.
6- or 12-months
Monetary Commitments
starting at $500/month.
Open Licensing Programs
12-months
Flexibility with Volume
Licensing through a
familiar vehicle for SMBs.
Opportunity for partners
to earn margins,
incentives.
Enterprise Agreement
Longer-term
Offers additional
discounts and terms as
part of a deeper
commitment to the
platform.
Azure in Open licensing – the details
One Monetary Commitment SKU, available in unlimited
quantities.
Customers can purchase additional credit for Azure
services at any time.
Can be used against any Azure service* within 12 months
from the date of activation.
Available in countries with Open Volume Licensing
program partners and that offer Azure Direct.
23
Azure and Office 365 in Open – comparison
SKU Structure
Single SKU used for any eligible pay-as-you-go Azure Service
Unique SKUs for each Office 365 Plan, as well as Add-ons
Commitment
Monetary Commitment that expires 12 months from activation
Customers pre-pay for 12 months of service
Margin Structure
Business Processes
Reporting
Channel Impact
Aligned to cloud channel incentives for managed partners and distributor margin
(The FY15 guide will be released in June for the Global Channel Incentives Guide)
All Online Services in Open follow existing business processes
Leverage existing Distributor and VAR reporting constructs
• Single SKU provides flexible ‘building blocks’ to scale partner
business or customer services.
• Top up and upsell opportunity for additional services.
• Partners drive consumption with ongoing customer engagement.
• Specific SKUs purchased for each service offering.
• Renewal motions have annual anniversary.
• Incremental seats added shift customer end dates.
Azure in Open: setup and portal experience
Why Azure in Open?
Low barrier of entry with no investments in
complex billing systems.
A consistent, familiar licensing option for
cloud services along with your on-premises
solutions.
A flexible, consumption-based
purchasing model.
New opportunities to grow margins and
deepen customer relationships.
Capitalize on the
opportunity to
incorporate the
cloud into your
solutions and
services
Module 1: Microsoft Azure overview,
Azure backup, storage and web sites
Microsoft Azure
Overview
Microsoft Azure
Backup
Azure Web Sites
Azure Tools
Microsoft Azure IaaS at a glance
Microsoft Azure PaaS at a glance
Microsoft Azure VMs overview
Microsoft Azure
On-premises
Remote
workers
Data backup in the cloud overview
Provide scalable data backup in the cloud
Microsoft Azure
On-premises
Microsoft
SQL Server
Hosting websites in the cloud overview
Grow your business – help customers move their websites to the cloud
Microsoft Azure
On-premises
External
workers
Web
servers
Identity and access management overview
Enable single sign-on between on-premises and cloud identities
Enable single sign-on across multiple
cloud and on-premises applications
with ADFS.
Microsoft Azure
Integrate cloud with on-premises
Active Directory with Active Directory
Synchronization.
Azure Active Directory
(AAD)
On-premises
Consumer
identity providers
PCs and devices
Microsoft apps
Windows Server
Active Directory
Third-party
cloud/hosting
Create and manage identities in the
cloud.
Help secure access to on-premises
and cloud apps with Microsoft Azure
Multi-Factor Authentication.
Use AAD to manage Office 365 along
with other Microsoft and external cloud
services.
Scenario: How much is your IT costing?
CALs
Two servers and
operating system
$10,000
per server
Total
Costs:
$10,000
Two years of facility
operating
costs
$10,000
On-premises backup
solution with support
for cloud archiving
$2,800
with agents
about $32,800 / 24 months =
~$1333.33 /month for two datacenter caliber servers
month for two datacenter caliber servers. With 7 small virtual machines, this comes out to ~
$1,90.47 per virtual machine per month
Pricing out solutions
Demo
Azure
cost calculator
Data protection challenges
• Storage costs growing.
• Backup costs scale with data.
It’s expensive to
protect all that
data.
Some data may
go without
protection.
Microsoft Azure backup
Simple and reliable server backup to the cloud
Reliable offsite data
protection
A simple and integrated
solution
Efficient backup and
recovery
•
•
•
•
•
•
•
•
•
When to choose Microsoft Azure backup
Already using System Center Data Protection
Manager?
Microsoft Azure Backup integrates easily.
Small business or branch office?
Microsoft Azure Backup integrates with the
in-box Windows Server backup tool or you
can download the free Windows Azure
Backup Tool.
Suitable for any workload.
Azure Backup pricing
Creating the Azure Backup vault
Recovery services
You have no vaults create one to get
started
Download Azure Backup agent
Windows 8.1 SDK to get MakeCert.exe tool
Making the encryption certificate
Run the following command, replacing
CertificateName with the name of your certificate
and specifying the actual expiration date of your
certificate after -e:
makecert.exe -r -pe -n CN=CertificateName -ss my sr localmachine -eku 1.3.6.1.5.5.7.3.2 -len 2048 -e
01/01/2016 CertificateName.cer
Upload the certificate to the Azure Backup vault
Install the Windows Azure Backup agent
Register the server and connect to the vault
Start or schedule backups
Scenario: Simple cloud backup
Contoso has
invested over
$2,500
in software to
operate third-party
backup tools
Microsoft Azure Backup tool
is free and supports all of
the applications
Contoso
pays
between
$100- $150
per month
for online
storage.
It’s very easy to
find out what the
monthly costs will
be for the storage
by using the Azure
Calculator.
Contoso’s data is backed
up and encrypted
on-premises, also it is
encrypted over the wire
during the
transfer and it
is encrypted
in Azure
Contoso is the only
owner of the
encryption key.
Demo
Microsoft Azure backup
Platform as a service for the web
A powerful self service platform for developers
A flexible hosting solution for IT
Flexible
Scalable
Secure
Web hosting your way with choice of language,
framework, database and platform.
Scale out or up in seconds on a load balanced,
always up to date, global infrastructure.
Enterprise Grade Availability with support for
SSL and AD DS authentication.
Microsoft Azure Web Sites is a scalable, secure and flexible platform for building powerful
web applications to run your business, drive your brand or reach new customers.
Azure Web Sites is ready for business
Azure Web Sites has access to other services
Web sites
Web scale, world wide
Azure Web Sites is load-balanced by default
Easily scaling of Azure Web Sites
Scale up
Scale out
Scenario: Web hosting with Azure
Contoso currently has:
• A company intranet
• Several ASP.NET applications
• Several WordPress sites
- Including a WordPress blog
hosted in Internet Information
Server (IIS).
The sites are hosted on two web servers which
are not load-balanced which causes downtime.
Contoso wants to implement a BI solution with SQL
Server 2014 Reporting Services but is concerned
about the growing number of applications that need
to be accessed remotely by users with a variety of
different mobile devices.
Contoso may be willing to migrate
its on-premises web sites to Azure.
As part of the pilot, Contoso and its Microsoft
partner will work closely to create and manage
a Word Press Blog, and ASP.NET website which
accesses SQL Server databases in Azure as well
as on-premises SQL Server data.
With this new capability, Contoso can reduce
the number of on-premises servers needed to
develop and run production web content, as
well as provide users with easy, secure access
to corporate data by integrating Azure AD
with on-premises AD.
Demo
Azure Web Sites
Hands-on Lab 1
Calculating Azure costs
Azure backup
Azure Web Sites
Module 2: Provisioning and managing
Azure Virtual Machine workloads
Microsoft Azure
VM Overview
Azure VM Affinity
Groups
Provisioning VMs
Managing and
Monitoring VM
Workloads
Azure Infrastructure as a Service (IaaS)
workloads
Working with Open Source
Scenario: Azure IaaS
Contoso expects to
implement 10+ new
As the number of workloads
and hosts grow, servicing the
virtual machines and hosts
becomes a more complex
and manual process
virtual machines this year
Contoso will SAVE
approximately
40 %
}
of the IT costs of running the on-premises
servers by migrating their virtual machines
to Azure.
Open to all apps
PowerShell
VMDK
Servers supported on Azure virtual machines
Microsoft BizTalk Server
Microsoft Dynamics AX
Microsoft Dynamics GP
Microsoft Dynamics NAV
Microsoft Forefront Identity Manager
Microsoft HPC Pack
Microsoft Project Server
Microsoft SharePoint Server
Microsoft SQL Server
Microsoft System Center
Microsoft Team Foundation Server
Server role support on Azure virtual machines
Active Directory Domain Services
Active Directory Federation Services
Active Directory Lightweight Directory Services
Application Server
DNS Server
File Services
Network Policy and Access Services
Print and Document Services
Remote Access (Web Application Proxy)
Remote Desktop Services*
Web Server (IIS)
Windows Server Update Services
Persistent Virtual Machines with Geo-Replication
Microsoft Azure Storage
Flexibility and portability of VHD
Microsoft Azure
Availability sets
Affinity groups
You bring it - we run it
Scenario: Migrating virtual machines to Azure
Contoso is ready to move
several production
workloads to
Azure VMs
The on-premises
environment will
remain unchanged
to avoid the risk
of downtime
Once communications and access is tested,
application deployment, virtual networking, and
Active Directory integration testing will begin.
Contoso wants to ensure a smooth
transition using a phased approach of
integrating Azure and on-premises IT
resources
Contoso will work with an experienced cloudintegration partner to create the on-premises
integration with Azure IaaS services
The solution will allow Contoso to expand
and converge infrastructure as needed to
keep up with demands and save costs.
Build, test, deploy
> PowerShell
How to Upload the VHD file to Azure
• The Add-AzureVHD cmdlet, which is part of the Microsoft Azure PowerShell module, is
required to upload the VHD
• The VHDX format is not supported in Microsoft Azure. You can convert the disk to VHD
format using Hyper-V Manager or the Convert-VHD cmdlet.
• The following Windows Server versions are supported:
Service
Pack
Architecture
Windows
Server 2012 All editions
R2
N/A
x64
Windows
All editions
Server 2012
N/A
x64
Windows
Server 2008 All editions
R2
SP1
x64
OS
SKU
Getting started with VMs
Security considerations
• The VM is connected to the Internet.
• RDP inbound is enabled by default.
• RDP port 3389 cannot be used.
• A strong password should be used.
• The VM has unlimited outbound network access.
• Who can control VM?
Virtual machine charge rates and tiers
Charge Rate by the Minute
• Microsoft charges for virtual machines by the minute.
• Prices are listed as hourly rates and are billed based on total number of minutes when
the virtual machines run for a partial hour.
Basic Compute Tier
• New tier of compute instances.
• Similar in configuration to the Standard tier with lower prices.
• Does not include load balancer and auto-scaling.
• Well-suited for single instance production applications, development workloads, test
servers and batch processing applications that might not require these features.
Standard Compute Tier
• This tier of compute instances provides an optimal set of compute, memory and IO
resources for running a wide array of applications.
• These instances include both auto-scaling, load balancing, and internal load balancing
capabilities at no additional cost.
• Internal load balancing feature is currently in preview.
Basic tier virtual machine sizes
Size
CPU
cores
Memory
Disk sizes – virtual machine
Max 1TB
Disks
Max. IOPS
(300 per
disk)
1x300
A0
Shared
(0.25)
768 MB
OS = 127 GB, Temporary = 20 GB
1
A1
1
1.75 GB
OS = 127 GB, Temporary = 40 GB
2
2x300
A2
2
3.5 GB
OS = 127 GB, Temporary = 60 GB
4
4x300
A3
4
7 GB
OS = 127 GB, Temporary = 120 GB
8
8x300
A4
8
14 GB
OS = 127 GB, Temporary = 240 GB
8
8x300
Standard tier virtual machine sizes
Size
CPU
cores
Memory
Disk sizes – virtual machine
Max. data disks
(1 TB each)
Max. IOPS
(500 per disk)
A0
Shared
768 MB
OS = 127 GB, Temporary = 20 GB
1
1x500
A1
1
1.75 GB
OS = 127 GB, Temporary = 70 GB
2
2x500
A2
2
3.5 GB
OS = 127 GB, Temporary = 135 GB
4
4x500
A3
4
7 GB
OS = 127 GB, Temporary = 285 GB
8
8x500
A4
8
14 GB
OS = 127 GB, Temporary = 605 GB
16
16x500
A5
2
14 GB
OS = 127 GB, Temporary = 135 GB
4
4X500
A6
4
28 GB
OS = 127 GB, Temporary = 285 GB
8
8x500
A7
8
56 GB
OS = 127 GB, Temporary = 605 GB
16
16x500
A8
8
56 GB
OS = 127 GB, Temporary = 382 GB
16
16x500
A9
16
112 GB
OS = 127 GB, Temporary = 382 GB
16
16x500
Demo
Provisioning and
managing
virtual machines
Hands-on Lab 2
Provision a new virtual machine
Monitoring virtual machines
Controlling virtual machines
Module 3: Azure VM networks
VMNet Overview
Site-to-Site
Communications
Partner /
Appliance
Landscape
VPN Support
Scenario: Virtual IP addressing in the cloud
Contoso has decided that migrating to Azure is a cost savings move.
In addition, it will improve productivity by allowing employees
to access commonly used intranet data and applications from
the road using mobile devices.
The next challenge is setting up virtual
networking on the Azure side, and
connect the on-premises users and
resources to the Azure cloud.
As part the pilot rollout
of Azure VMs, the
virtual IP Addresses
(VIPs) will be set up and
the Dynamic IP Address
(DIPs) configured.
Microsoft Azure
Virtual Network
Gateway
Point-to-site and Site-to-Site
virtual network
More options for getting your
virtual network started
Windows Azure virtual network
Scenario: Site-to-site connectivity
Contoso is concerned about
the complexities and IP
addressing challengest of
connecting Azure public
cloud services with
on-premises IT infrastructure.
The process will start with a
pilot for a limited number of
users and resources using the
existing RAS/VPN services.
Connecting the office to the Azure public cloud
to the on-premises resources is a fairly simple
process that takes place on the Azure side by
setting up an encrypted connection to the
server using IPSEC.
If the pilot is successful, Contoso will
invest in a new VPN appliance that will
offer better performance, monitoring,
and logging.
IP addressing in Azure virtual networks
There are multiple ways to access a virtual machine by IP address:
VIP – Virtual IP address
•
•
•
An internet-facing IP address that is not bound to a specific computer or network interface card.
The cloud service that the virtual machine sits within is assigned the VIP.
You can have multiple virtual machines in a cloud service. They share the same VIP.
DIP – Dynamic IP address
This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure.
You rely on DHCP – Do NOT statically configure your IP address. Even for DCs.
• The IP address lease directly equates to the lifetime of the virtual machine.
• If you create a virtual network, the virtual machine will receive its DIP from that range.
•
Creating a virtual network in the
Management Portal
Custom Create VNet
Quick Create VNet
Extending your infrastructure
Securely connect to Virtual Network from anywhere.
Uses VPN client in Windows operating system.
Traverses firewalls and proxies.
Site-to-Site VPN
Point-to-Site VPN
Remote workers
Demo
Azure Virtual
Networks
•
•
•
•
•
Name resolution between cloud services.
Multiple hostnames for the same virtual machine.
Cross-premises name resolution.
Reverse lookups (PTR).
Wins and NetBIOS name resolution.
Azure Traffic Manager
DNS-based service load balancing
Direct user traffic to services running across Windows Azure datacenters based on policy:
Performance/latency
Round-robin
DR / Failover
How does Traffic Manager work?
1.
User requests info using the company domain name.
2.
The DNS RR for the company domain points to a Traffic Manager domain in
Windows Azure Traffic Manager. This is done by using a CNAME record.
3.
The Traffic Manager domain is part of the Traffic Manager profile that you create. You
also create rules within this profile. The rules you select dictate the load balance
method you want to use and what you want to monitor for health.
4.
Traffic Manager processes the rules and returns the DNS name of the cloud service,
which is later resolved to the IP address.
5.
The User contacts the service directly, by IP address. This information is cached on
the client’s computer. Thus, the client will continue to interact with the selected
service until that TTL expires.
How do I configure Traffic Manager?
You can configure Traffic Manager in the Management Portal.
1. Create a Traffic Manager Profile.
2. Add endpoints.
3. Configure the DNS TTL.
4. Select the Load Balancing Method.
•
Round Robin
•
Performance
•
Failover. Be sure to adjust the failover order.
5. Configure Monitoring.
• You can either monitor ‘/’ (default directory of the services) or create a file with the
same name in each cloud service and allow Traffic Manager to perform an http(s)
GET on the file. Then specify in Traffic Manager.
6. Save your changes.
Hands-on Lab 3
Create and Azure virtual network
Assign virtual machines
Connect on-premises to Azure
Module 4: Planning and deploying
workloads to Azure VMs
Azure AD Service
SQL Server VMs
SharePoint VMs
Scenario: Deploying applications
Contoso is
ready to
start its
application
testing and
authentication to
Azure VMs and
applications from
devices running
in-house.
Deployment of a replica
domain controller, a
SharePoint 2010 Foundation
Server, and a SQL Server 2014
Standard Edition Server
Contoso users can access
applications from their
desktops in the office and
can access the intranet
website using the private
IP address space used for
in-house resources
Once the final phase of the testing is completed, the rollout will be
to integrate the on-premises AD DS environment with the Azure
AD infrastructure to ensure a single sign-on experience for users.
Active directory on an Azure VM
Business Drivers:
•
Support for pre-requisites for existing applications, such as SharePoint.
•
High Availability Solutions for SQL Server Databases using Always-On Availability
Groups.
•
Disaster Recovery solution for branch offices and a limited set of virtual machines.
•
Dev/Test Workloads.
Azure VM considerations for DCs
Do not sysprep the Domain Controller
From an existing physical machine
•
P2V a physical machine and move to Windows Azure
•
Move the Domain Controllers VHD file to Windows Azure
•
Create the virtual machine from the VHD
Starting with a new virtual machine
•
Build a new virtual machine and replicate directory to Windows Azure
Azure VM considerations for DCs (cont’d.)
Attach a data disk (caching turned off)
•
Do not use D:\ ( temporary physical disk)
Put logs and account DB on attached disk to
avoid data loss
Azure VM considerations for DCs (cont’d.)
IP Addressing
•
Windows Azure VMs require use of a DHCP leased IP address.
•
The lease is an infinite ‘dynamic’ lease, but not the same as ‘static assigned’ address that
you would expect to use in and on-premises environment.
•
The leased IP address is routable for the duration of the lease, which is determined by the
life time of the service (or virtual machine).
•
Don’t try to assign a static IP to your virtual machine. You will lose communication to it.
Azure VM considerations (cont’d.)
Deploy DNS on the Domain Controller
•
•
The Windows Azure DNS does not cover the AD DNS records needed.
Register the DNS server in the virtual network.
Common Azure SQL Server scenarios
• Full production environment
• Development and test environments
• Cloud-based backup of on-premises data
• SQL Server Always On with cloud-based secondary's
DBaaS services with performance and scalability
What’s New with SQL Server 2014
Partner Opportunity & Benefit
In-Memory Built-In
Average 10x faster for new and existing SQL Server
apps.
Multi-tenant Management
Enterprise scale using Windows Server and effective
resource management with IO Resource Governor.
Scalability & Density
Enterprise scale using Windows Server.
• Cost efficiency with enhanced
density and effective
management
HA - SQL Always On Availability Groups
Up to 4 Replicas
Replica Authentication
Dependencies
SQL backup and restore using Blob storage
•
Back up or restore using Windows Azure Storage.
•
SQL can be on-premises or cloud-based.
SQL Server versus Windows Azure SQL Database
SQL Server
(IaaS)
Windows Azure SQL Database
(PaaS)
Development
Migrate Existing or Build New Apps
Develop New Apps
Management
Full Control
Managed Service
Compatibility
Full SQL Server Capabilities
Based on SQL Server Technology
Shared Technology
Network transport (Tabular Data Stream)
SQL dialect (Transact-SQL)
Data access APIs (ADO.NET, ODBC, JDBC)
Development tools (SQL Server Data Tools)
Management tools (SQL Server Management Studio)
More Information: http://blogs.msdn.com/b/windowsazure/archive/2013/02/14/choosingbetween-sql-server-in-windows-azure-vm-amp-windows-azure-sql-database.aspx
SharePoint support on Windows Azure
Product support
•
SharePoint Server 2010 and 2013 supports the hosted virtualization solution
of Microsoft, as well as required technologies, such as Microsoft SQL Server,
when these products and technologies are deployed on the Windows Azure
platform.
FAST Search support
•
Do not support Microsoft FAST Search Server 2010 for SharePoint
deployments on Windows Azure.
SharePoint Architecture Tips
IOPS Most Important Factor
• Optimize SQL Server storage.
• Only SharePoint is on the C: drive.
Scale Out Not Up
•
•
•
•
Move content databases to separate SQL Servers.
Move search databases to separate SQL Servers.
Add more WFE for scaling SharePoint services.
Add dedicated Search servers and SQL Server.
Single virtual machines template
Web/App Tier
WEB/APP
1 x Large
(4 Cores & 7 GB)
Identity Tier
1 Small
(1 Core & 1.75 GB)
AD/DC/DNS
LB
Data Tier
1 x A6
(4 Cores & 28 GB)
SQL
80
20000
Admin
AVET
SPWEB
AVSET
SQL
AVSET
DCSET
Cloud Service
Virtual Network
Windows Azure
Highly available template
LB
Web Tier
WEB
APP
SQL
AD/DC/DNS
2 x Large
(4 Cores & 7 GB)
AVSET
SPWEB
App Tier
2 x Large
(4 Cores & 7 GB)
AVSET
SPAPP
AVSET
SQLHA
AVSET
DCSET
80
Data Tier
2 x A6
(4 Cores & 28 GB)
1 x Small (Quorum)
(1 Core & 1.75 GB)
Identity Tier
2 Small
(1 Core & 1.75 GB)
20000
Admin
Cloud Service
Virtual Network
Windows Azure
Demo
Deploy a
Database
to Azure
Hands-on Lab 4
Deploy a SQL Server virtual machine
Deploy a domain controller in Azure
Module 5: Azure AD and identity
management
Azure AD
DirSync and
Password Sync
Third Party SaaS
Support and
Office 365
Integration
Public identity as the control point
Active Directory
What is Azure Active Directory?
comprehensive
Cloud app discovery
AD Agent
Logs
Active Directory
Cloud App Discovery
Single set of credentials
*
*Coming soon
Your Directory on the cloud
Preintegrated SaaS apps in the application gallery
Centrally managed identities and access
What is Azure multi-factor authentication?
A stand-alone Azure Identity and Access
management service also included in
Azure Active Directory Premium.
Prevents unauthorized access to both onpremises and cloud applications by
providing an additional level of
authentication.
Trusted by thousands of enterprises to
authenticate employee, customer, and
partner access.
How MFA works
Azure MFA versus MFA for Office 365
MFA for Office 365/Azure
Administrators
Administrators can Enable/Enforce MFA to end-users
Use Mobile app (online and OTP) as second authentication factor
Use Phone call as second authentication factor
Use SMS as second authentication factor
Application passwords for non-browser clients (e.g. Outlook, Lync)
Default Microsoft greetings during authentication phone calls
Custom greetings during authentication phone calls
Fraud alert
MFA SDK
Security Reports
MFA for on-premises applications/ MFA Server.
One-Time Bypass
Block/Unblock Users
Customizable caller ID for authentication phone calls
Event Confirmation
Azure Multi-Factor
Authentication
Directory Sync
• Synchronizes users, groups,
and contacts to Windows
Azure AD.
• Users will have a different
password in Windows Azure
AD than they have for the
on-premises AD.
Password Sync versus Single Sign-On
Password Sync
Single Sign-On
(ADFS)
Same password to access resources
X
X
Control password policies on-premises
X
X
Support for multi-factor authentication
X*
X
No password re-entry if on premises
X
Authentication occurs in on-premises directory
X
Client access filtering
X
* Limited Support
Preparing for DirSync
From the Windows Azure Management Portal
Azure AD sync tool
•
•
•
Formerly known as Dirsync, this tool
has been updated to allow for the
synchronization of local Active
Directory passwords to Azure Active
Directory.
Also synchronizes users, groups and
contacts.
This new feature will allow for same
user sign in with Microsoft cloud
services such as Office 365 Education
powered by Azure Active Directory
since the username and the password
from local AD will be synced up to
Azure AD.
Demo
Installing and running DirSync
Hands-on Lab 5
Set up Azure AD
install and run DirSync
Wrap up
and Q&A
The Benefits of Selling Azure
The best path to capitalizing on the major new business
opportunities enabled by cloud computing.
$
Increase profitability
with new lines of
business in the cloud
Deliver the right
solutions and services
to your customers
Build and deploy
quickly on a familiar
platform
Why Microsoft
Microsoft offers compelling competitive differentiation to customers
Single vendor across clouds – private, public and hosting provider.
Single point of support for infrastructure, OS, services, and applications.
Tenured experience and enterprise credibility.
Single vendor for Infrastructure-as-a-Service (IaaS) and Platform-as-aService (PaaS).
SharePoint, SQL Server, and Windows Server run best on Microsoft Azure.
Next steps
Microsoft Partner Network benefits overview
Action Pack
subscription
Microsoft logo
Silver
competency
Gold
competency
Silver competency logo
Gold competency logo
Partner Incentives
Cloud incentives
Licensing, solution and cloud
incentives
Licensing, solution and cloud
incentives
Internal Use Software
Up to 10
product licenses
Up to 25
product licenses
Up to 100
product licenses
MSDN Subscriptions
3 MSDN
5 MSDN
10 MSDN
Marketplace listing
Priority listing
Premier listing
n
n
n
Varies by subscription type
20 hours
50 hours
n
n
n
Microsoft Pinpoint
Partner Support
Community
Partner Advisory Hours
Marketing Tools,
Microsoft Financing,
Sales Tools
Active partners can
download a benefits
summary to understand
the benefits available to
them and maximize their
usage.
http://aka.ms/usmpnbenefits
Internal Use Rights (IUR) Core Benefits*
Integrating Microsoft Online Services and Windows Azure
Promoting the
power of choice
Partners can deploy
Internal Use licenses
via Microsoft Online
Services or onpremises software.
Cloud
Service
SKU
Gold
Benefit**
Silver
Benefit**
MAPS
Benefit***
Comments
Office365
E3
100 seats
25 seats
5 seats
Each seat of O365 used in exchange for 1
on-premises Client Access License (CAL) (SharePoint, Exchange, and Lync).
CRM
Online
CRMOL
Pro
60 seats
15 seats
5 seats
Each seat of CRM Online used in exchange
for 1 on-premises CAL of Dynamics CRM .
5 licenses
Up to 5 devices per license. Each license of
Windows Intune used in exchange for 1
on-premises CAL of System Center Device
Manager.
Cloud
Windows
Service
Intune
Only
Azure
N/A
100 licenses
25 licenses
$100 Monthly $100 Monthly $100 Monthly Azure credit is additional to existing onpremises IURs.
Credit
Credit
Credit
Internal use rights licenses that are part of Cloud Essentials or Cloud Accelerate entitlements must be deployed by Microsoft Partner Network Integration launch in January. The end date for all Internal Use Rights will be June 30, 2014.
Must sign MOSPA + CSA agreements in order to qualify for CRM Online IURS.
*Please refer to the Disclosure Document for full details. Core benefits are available to all partners in all competencies.
**Partners will be able to earn additional licenses of Microsoft Dynamics CRM Online and Windows Azure through specific competencies and competency tracks. Partners are eligible to earn an additional 20 seats of Microsoft
Dynamics CRM Online by attaining either a Customer Relationship Management (CRM) competency or an Enterprise Resource Planning (ERP) competency.
***Partners can earn additional Office365 licenses by selling Microsoft Online Services. Partners are eligible to receive an additional five seats of Office 365 after selling 25 seats of Office 365 within the previous 12 months.
Start testing Azure now – using IURs
What to
Test?
Azure Scenarios for SMB
Why?
Develop expertise now in a
controlled environment using
$100 of monthly Azure credits
at no charge
Where to
Start?
Partner Programs, Azure
Technical Scenario 101s
Azure Benefits through MPN (MAPS)
Azure Benefits through MSDN
Find out more: http://Aka.ms/azureiur
Azure 101’s
Azure Backup – Virtual Machines – Active Directory – Websites
Microsoft Action Pack Subscription – Update
Single, universal Action Pack
subscription leading with cloud
New benefits
Six resource centers aligned to partner practices
(partners can choose 1 or more)
• Technical support: Access to telephone support for presales, technical, and deployment issues related to
Microsoft Cloud Services.
• Internal Use Rights (IURs): including both on-premises
and Cloud products and services.
• Training: access to over 2,000 training courses on
selling, configuring, and implementing Microsoft
products and services plus discounts on Microsoft
Certified Professional exams.
• Developer tools: access to world-class Visual Studio
developer tools to support development across
Microsoft platforms, including desktop, phone, server,
and Web.
• Bing credits: $600 Bing Ads Credit ($100 for partners,
$500 for their customers) to market products, services,
and solutions.
• Campaigns: exclusive access to Ready-To-Go Marketing
Campaigns for Microsoft products and services.
Ahead of the Game Technical Series
Get additional hands-on technical training on building solutions for
small and midsize organizations:
Be Lean, Stay Lean with Virtualization and Cloud
Master the key technologies for helping SMBs virtualize, and where appropriate, to deploy to
the cloud.
Be Lean, Stay Lean with the Data Platform
Learn to leverage the power of SQL Server 2014 to deliver database solutions both onpremises and in the cloud.
Be Lean, Stay Lean with the Microsoft Cloud
Learn about Azure cloud solutions and reselling Azure through the Open licensing channel.
Business Anywhere
Gain the skills to provide solutions to SMB customers in for key mobility and remote access
scenarios.
Tap Your Data Goldmine
Learn how to deliver powerful business intelligence solutions to your SMB customers using
familiar tools.
http://aka.ms/smblearningpath
Microsoft Partner Learning Paths
The Learning Paths site allows you to
build learning plans for resources within
your organization.
Create plans by product, competency, or
partner type and track your progress!
Click here for a demo!
The Microsoft Partner Learning Paths site is the key resource for all
competency related training. Specifically:
•
•
•
•
Sales Specialist assessments.
Pre Sales Technical assessments.
Technical assessments.
Technical Certification courses that align to competency.
For more info on the Learning Paths click here.
Training Certifications and Accreditations
Microsoft Technical Certifications
Microsoft Solutions Associate (MCSA)
Microsoft Solutions Expert (MCSE)
Microsoft Sales Specialist Accreditation
Designed for individuals, who support the initial stage of the sales
process at Microsoft partner organizations, and require only a high-level
overview of technical product features and benefits.
Microsoft Pre Sales Technical Accreditation
Designed for technical professionals, who support sales teams with value
demonstrations and proof-of-concept development to close deals on
solutions built on Microsoft technologies.
Get more information
at Microsoft Learning
Get more information
on Sales Specialist
training and
accreditation
Get more information
on Pre-Sales Technical
training and
accreditation
Become a Microsoft Cloud Partner
When you become a Microsoft Cloud Partner,
you receive a set of core benefits to help you
start and build your cloud practice, including:
•
•
•
Internal-use software rights.
Tailored training.
Prioritized exposure in Microsoft marketing and
product directories.
Members of the Microsoft Partner Network Cloud
Essentials program receive monthly credits of $100
of Windows Azure at no charge.
For details, visit:
http://www.windowsazure.com/en-us/offers/ms-azr-0051p/
Host your own solutions to rent out to your customers with SPLA
Examples
Service Offerings
& Managed
Services
Microsoft hosting solutions—based on one common platform (Windows Server, System Center & SQL Server)
• Rented Virtual Servers
Shared or Dedicated
• Disaster Recovery
• Rented virtual database
servers
• Database-as-a-Service
• Lync, SharePoint,
Exchange, Dynamics
• CRM, ERP, LOB apps
• Custom LOB apps
• Ecommerce sites
• Company websites
• Gaming & entertainment
To become an authorized SPLA hosting provider, follow these 6 easy steps:
1
2
• Windows desktops for
students or call centers
• Mobile sales team apps
3
Contact your SPLA-Disti
for further assistance.
Join the Microsoft
Partner Network.
Join the Microsoft
Hosting Community.
Sign the Microsoft Business
and Services Agreement.
Build your offer and start selling
to customers.
Provide monthly reporting
and payment.
4
5
6
For full detail requirements, please see the SPLA Program Guide
Learn more about SPLA
Take advantage the momentum.
Plan and expand your service
offerings on Microsoft Cloud OS
•
Download and Try: Windows Server
2012 R2, System Center 2012 R2,
Windows Azure Pack.
Build and optimize your services
offerings by leveraging new
capabilities
Expand your reach with
investments in marketing and
sales
• Data Center and Data Platform
Hosting Competency..
• Microsoft Services Provider License
Agreement (SPLA).
• License Mobility through Software
Assurance.
•
Learn more about Cloud OS.
• Technical Deployment Camp: Cloud
Infrastructure and SQL Server.
•
TechNet Virtual Labs.
• Hosting Days Events.
•
Hosting Resources on MS.COM/hosting.
•
Microsoft Partner Network Hosting
Community.
• Cloud OS Hosting Service Provider
Programs: Hyper-V Ignite, COSN,
Cloud OS Network
• Technical Reference Architecture.
• Microsoft Partner Network
Resources .
• Partner Marketing Center
Hosting Service Provider Campaign.
Microsoft Virtual Academy
Free Microsoft Training Delivered by Experts
Microsoft Virtual Academy (MVA) offers online Microsoft training delivered
by experts to help technologists continually learn, with hundreds of courses,
in 11 different languages. Learn the latest technology, build skills, and
advance your careers.
http://www.microsoftvirtualacademy.com
173
Spiceworks
With more than 5 million IT pros, Spiceworks is
where people go to share and find info on allthings-IT.
Free App
Download the Spiceworks app to get network inventory, network
monitoring, help desk software, and more!
Free Community
Spiceworks has all the IT resources you need to make smart IT
decisions, including product reviews, vendor ratings, IT help, howtos, and discussions.
Free Career Tools
Take your career wherever you want it to go by creating a portfolio,
searching job listings, and browsing helpful tips and resources.
Ahead of the game campaign resources
Leverage Server and Cloud Solutions to dramatically increase
margin and keep SMB customers ahead of the game
http://aka.ms/AheadoftheGame
Next steps
http://aka.ms/smblearningpath
http://aka.ms/rampup
http://aka.ms/AzureVAR
Cloud Partner Community
Summary of partner resources
Ahead of the Game
Marketing Content
http://aka.ms/AheadoftheGame
Competencies
http://partner.Microsoft.com
Partner Learning
Center:
https://mspartner.microsoft.com/en/us/Pages
/Training/partner-learning-center.aspx
Microsoft Virtual
Academy
http://www.microsoftvirtualacademy.com/
ISV Upgrade Support
Email [email protected] with app
name and name of ISV
Appendix
Azure Migration Strategy