Transcript Content ID

ModernBiz
Technical Series
Speaker Name
Date
Microsoft Cloud
for Small & Midsize
Businesses
Introduction
About this course
Delivery schedule
Objectives
Logistics and introductions
•
•
•
•
Class hours
Rest rooms
Meals
Internet
•
•
Azure Pass
Presenter introduction
- https://cloud.holsystems.com/TechSeries
- The access code is ________
About this course
Audience: IT Pros, Consultants, Partners
Objectives: Identify opportunities for partners to enable small and medium size businesses (SMBs)
to increase efficiency and productivity, while reducing IT operating expenses (OPEX) by implementing
hybrid cloud scenarios using Microsoft Azure services and become proficient in designing and
implementing Azure technologies and services for SMB customers.
Topics covered:
• Overview of Microsoft Azure, Partner Opportunities, SMB trends, Transacting Microsoft Azure,
Reselling Azure services, Azure in Open Licensing
• Azure Backup, Azure Storage, Azure Web Sites
• Azure Virtual Machine workloads – Infrastructure as a Service (IaaS)
• Azure Application Workloads – Platform as Service (PaaS), and Applications on Azure VMs
• Azure Virtual Machine Networks (VMNet)
• Azure Active Directory and Identity Management
Level: 200-300
Duration: 8 hours
Delivery schedule
9:00 – 9:30
9:30 – 10:00
10:00 – 10:15
10:15 – 10:30
10:30 – 11:15
11:15 – 12:00
12:00 – 1:00
1:00 – 1:30
1:30 – 2:00
2:00 – 2:15
2:15 – 2:45
2:45 – 3:00
3:00 – 4:00
4:00 – 4:30
4:30 – 5:00
Class Introduction, Partner Opportunities, SMB Trends
Module 1: Azure Backup, Storage and Web sites
Hands-on Lab: Azure Backup, Storage and Web sites
Morning Break
Module 2: Azure Virtual Machine Workloads
Hands-on Lab: Azure Virtual Machine Workloads
Lunch Break
Module 3: Azure Virtual Machine Networks
Hands-on Lab: Azure Virtual Machine Networks
Module 4: Planning and Deploying Workloads to Azure
Hands-on Lab: Deploying Applications to Azure
Afternoon Break
Module 5: Azure Active Directory, Identity Management and Office 365
Hands-on Lab: Azure Active Directory and Identity Management
Wrap up and Q&A
Module 1: Azure Backup, Storage, and
Web Sites
Topics
•
•
•
•
•
Overview of IaaS and PaaS.
Pricing out Consumption-Based Services.
Azure Backup.
Azure Storage Accounts and BLOB storage.
Azure Web Sites.
Module 2: Azure Virtual Machine Workloads
Topics
• Provisioning Azure Virtual Machine Workloads.
• Managing Azure Virtual Machine Workloads.
• Sizing and Capacity.
• Importing Virtual Machines.
• Monitoring Virtual Machines.
• Pricing out Virtual Machines.
Module 3: Azure Virtual Machine Network and
Traffic Manager
Topics
• Windows Azure Virtual Network (VNET).
• Virtual IP Addresses and Dynamic IP Addresses (VIPs and DIPs).
• Inbound Traffic – Software Load Balancer (SLB).
• Supporting multiple VNETs within a subscription.
• Controlling inter-VNET communications.
• Site-to-Site (On-premises to Azure) Communications.
Module 4: Planning and Deploying Workloads
to Azure Virtual Machines and Servers
Topics
• Azure SQL Server Database Service.
• Azure SQL Server Virtual Machines.
Module 5: Azure Active Directory and
Identity Management
Topics include:
• Azure Active Directory (Azure AD).
• Password Sync/DirSync.
• Office 365 integration and Single Sign-on.
• Third Party Cloud Services Support for Azure AD Authentication.
Why the cloud?
1
2
Cloud
3
4
5
Physical
server
Microsoft
Azure
Virtualization
The game is changing for resellers
How do I support
my mobile
employees and
keep them
productive?
Am I ready for a
disaster? Will I
lose my data?
Partner role
How do I ensure
uptime for my
applications?
How do I save
money on
infrastructure?
Do I need the
cloud?
Partner opportunity with Microsoft cloud in
SMB
Growing your business with Microsoft Azure
• Enables partners to
differentiate by bundling their
own IP alongside other cloud
offerings.
• Cloud software is easier to
develop, test, and take to market.
• Lowers the barriers to entry to
offer managed services.
Microsoft Azure
An open and flexible cloud platform that enables you to quickly build, deploy, and
manage solutions across a global network of Microsoft-managed datacenters.
• Build applications using
any language, tool, or
framework.
• Integrate public cloud
solution with the existing
IT environment.
• 99.95% monthly SLA.
• Automatic operating
system and service
patching.
Usage-based services
App services
Compute
Storage
Caching
Identity
Service bus
Media
Virtual
machines
Websites
Cloud
services
Mobile
services
SQL
database
HDInsight
Tables
Blob
storage
Connect
Virtual
network
Traffic
manager
Network
CDN
Integration
HPC
Analytics
Key Azure scenarios
Data Backup in the Cloud
Deploy Applications within VMs
Orders
AP
Product
SharePoint
Provide easy, scalable data backup in
the cloud
• A range of applications: file servers,
SharePoint, SQL Server, Exchange.
• Encrypted backups, Global Georedundant datacenters.
• Quickly and easily provision more
storage for your customers as
needed.
Host Websites
CRM Acct
HR
SQL Server
Business
Databases Applications
Virtual
Machines
Leverage Microsoft Azure to quickly
deploy customer applications in
the cloud
• Cut infrastructure costs and Reduce
IT management burden.
• Deploy Microsoft Workloads
(SharePoint Servers, SQL Server,
Domain Controllers) as well as third
party business applications.
Grow your business helping
customers move their websites to
the cloud with Microsoft Azure
• Quickly build, deploy, and manage
websites on an open and flexible
cloud platform.
• Offer the peace of mind from
hosting on a global network of
Microsoft-managed data centers.
Microsoft Azure
kr
$
£
$
kr
chf
€
₩ ¥
TL
Global datacenters
$
Rp
Global support
Local account teams
Local currencies
руб
$
R
24 x 7 x 365 support Over 1 billion customers, 20 million businesses
$
Available in 140 countries worldwide, 10 languages and 19 currencies
280 years of combined industry experience in infrastructure, security, product dev, and global ops
$
Azure purchasing options
Direct on azure.Microsoft.com
Pay As You Go
Zero upfront, cancel
anytime.
No long-term
commitment.
Open Licensing Programs
Enterprise Agreement
Flexible
Longer-term
Flexibility with Volume
Licensing through a
familiar vehicle for SMBs.
Opportunity for partners
to earn margins,
incentives.
Offers additional
discounts and terms as
part of a deeper
commitment to the
platform.
Azure in Open licensing – the details
One Monetary Commitment SKU, available in unlimited
quantities.
Customers can purchase additional credit for Azure
services at any time.
Can be used against any consumption based Azure service
within 12 months from the date of activation.
Available in countries with Open Volume Licensing
program partners and that offer Azure Direct.
23
Azure and Office 365 in Open – comparison
SKU Structure
Single SKU used for any eligible pay-as-you-go Azure Service
Unique SKUs for each Office 365 Plan, as well as Add-ons
Commitment
Monetary Commitment that expires 12 months from activation
Customers pre-pay for 12 months of service
Margin Structure
Business Processes
Reporting
Channel Impact
Aligned to cloud channel incentives for managed partners and distributor margin
Check with your Distributor for local terms
All Online Services in Open follow existing business processes
Leverage existing Distributor and VAR reporting constructs
• Single SKU provides flexible ‘building blocks’ to scale partner
business or customer services.
• Top up and upsell opportunity for additional services.
• Partners drive consumption with ongoing customer engagement.
• Specific SKUs purchased for each service offering.
• Renewal motions have annual anniversary.
• Incremental seats added shift customer end dates.
Azure in Open: setup and portal experience
Why Azure in Open?
Low barrier of entry with no investments in
complex billing systems.
A consistent, familiar licensing option for
cloud services along with your on-premises
solutions.
A flexible, consumption-based
purchasing model.
New opportunities to grow margins and
deepen customer relationships.
Capitalize on the
opportunity to
incorporate the
cloud into your
solutions and
services
Module 1:
Microsoft Azure overview, Azure backup,
storage and web sites
Microsoft Azure Overview
Microsoft Azure Backup
Microsoft Azure Web Sites
Microsoft Azure Tools
Microsoft Azure IaaS at a glance
Microsoft Azure PaaS at a glance
Microsoft Azure VMs overview
Microsoft Azure
On-premises
Remote
workers
Data backup in the cloud overview
Provide scalable data backup in the cloud
Microsoft Azure
On-premises
Microsoft
SQL Server
Hosting websites in the cloud overview
Grow your business – help customers move their websites to the cloud
Microsoft Azure
On-premises
External
workers
Web
servers
Identity and access management overview
Enable single sign-on between on-premises and cloud identities
Enable single sign-on across multiple
cloud and on-premises applications
with ADFS.
Microsoft Azure
Integrate cloud with on-premises
Active Directory with Active Directory
Synchronization.
Azure Active Directory
(AAD)
On-premises
Consumer
identity providers
PCs and devices
Microsoft apps
Windows Server
Active Directory
Third-party
cloud/hosting
Create and manage identities in the
cloud.
Help secure access to on-premises
and cloud apps with Microsoft Azure
Multi-Factor Authentication.
Use AAD to manage Office 365 along
with other Microsoft and external cloud
services.
Scenario: How much is your IT costing?
CALs
Two servers and
operating system
$10,000
per server
Total
Costs:
$10,000
Two years of facility
operating
costs
$10,000
On-premises backup
solution with support
for cloud archiving
$2,800
with agents
about $32,800 / 24 months =
~$1333.33 /month for two datacenter caliber servers
month for two datacenter caliber servers. With 7 small virtual machines, this comes out to ~
$1,90.47 per virtual machine per month
Pricing out solutions
Demo
Azure cost calculator
Data protection challenges
• Storage costs growing.
• Backup costs scale with data.
It’s expensive to
protect all that
data.
Some data may
go without
protection.
Microsoft Azure backup
Simple and reliable server backup to the cloud
Reliable offsite data
protection
A simple and integrated
solution
Efficient backup and
recovery
•
•
•
•
•
•
•
•
•
When to choose Microsoft Azure backup
Already using System Center Data Protection
Manager?
Microsoft Azure Backup integrates easily.
Small business or branch office?
Microsoft Azure Backup integrates with the
in-box Windows Server backup tool or you
can download the free Windows Azure
Backup Tool.
Suitable for any workload.
Azure Backup pricing
Scenario: Simple cloud backup
Contoso has
invested over
$2,500
in software to
operate third-party
backup tools
Microsoft Azure Backup tool
is free and supports all of
the applications
Contoso
pays
between
$100- $150
per month
for online
storage.
It’s very easy to
find out what the
monthly costs will
be for the storage
by using the Azure
Calculator.
Contoso’s data is backed
up and encrypted
on-premises, also it is
encrypted over the wire
during the
transfer and it
is encrypted
in Azure
Contoso is the only
owner of the
encryption key.
Select recovery services
Option 1: Create a backup vault
Option 2: Select an existing vault
Microsoft Azure Backup quick start
Download vault credentials
Download Azure Backup Agent
Install the Agent on the server
Configure proxy settings
Use custom proxy settings
Prerequisites and installation
Server registration
Select vault credentials
Enter passphrase
If your passphrase is lost or forgotten, the data cannot be recovered. Microsoft Service
Online does not save or manage this passphrase. It is strongly recommended you save your
passphrase to an external location like a USB drive or network drive.
Registration complete
Registration Complete
n
Proxy Configuration
n
Vault Credentials
n
Encryption Setting
n
Registration
Open Schedule Backup wizard to configure backups for items in this server
Register
Close
Setup summary
Create a backup vault under
Recovery Services
Register server
Enter vault credentials
Download vault credentials
for the backup vault
Download and install
agent on the onpremises server
120 days retention with a daily backup
schedule
120 weeks retention with a weekly backup
schedule
9-year retention with a monthly backup
schedule
Demo
Microsoft Azure backup
Platform as a service for the web
A powerful self service platform for developers
A flexible hosting solution for IT
Flexible
Scalable
Secure
Web hosting your way with choice of language,
framework, database and platform.
Scale out or up in seconds on a load balanced,
always up to date, global infrastructure.
Enterprise Grade Availability with support for
SSL and AD DS authentication.
Microsoft Azure Web Sites is a scalable, secure and flexible platform for building powerful
web applications to run your business, drive your brand or reach new customers.
Azure Web Sites is ready for business
Azure Web Sites has access to other
services
Web sites
Web scale, world wide
Azure Web Sites is load-balanced by default
Easily scaling of Azure Web Sites
Scale up
Scale out
Scenario: Web hosting with Azure
Contoso currently has:
• A company intranet
• Several ASP.NET applications
• Several WordPress sites
- Including a WordPress blog
hosted in Internet Information
Server (IIS).
The sites are hosted on two web servers which
are not load-balanced which causes downtime.
Contoso wants to implement a BI solution with SQL
Server 2014 Reporting Services but is concerned
about the growing number of applications that need
to be accessed remotely by users with a variety of
different mobile devices.
Contoso may be willing to migrate
its on-premises web sites to Azure.
As part of the pilot, Contoso and its Microsoft
partner will work closely to create and manage
a Word Press Blog, and ASP.NET website which
accesses SQL Server databases in Azure as well
as on-premises SQL Server data.
With this new capability, Contoso can reduce
the number of on-premises servers needed to
develop and run production web content, as
well as provide users with easy, secure access
to corporate data by integrating Azure AD
with on-premises AD.
Demo
Azure Web Sites
Hands-on Labs 1
Calculating Azure costs
Azure backup
Azure Web Sites
Module 2:
Provisioning and managing Azure Virtual
Machine workloads
Microsoft Azure VM Overview
Azure VM Affinity Groups
Provisioning VMs
Managing and Monitoring VM
Workloads
Azure Infrastructure as a Service (IaaS)
workloads
Working with Open Source
Growing gallery of
open source Linux
images
Licensed &
supported by the
community
Integrated with
Microsoft Azure
Management
Portal for easy
deployment
Scenario: Azure IaaS
Contoso expects to
implement 10+ new
As the number of workloads
and hosts grow, servicing the
virtual machines and hosts
becomes a more complex
and manual process
virtual machines this year
Contoso will SAVE
approximately
40 %
}
of the IT costs of running the on-premises
servers by migrating their virtual machines
to Azure.
Open to all apps
PowerShell
VMDK
Servers supported on Azure virtual machines
Microsoft BizTalk Server
Microsoft Dynamics AX
Microsoft Dynamics GP
Microsoft Dynamics NAV
Microsoft Forefront Identity Manager
Microsoft HPC Pack
Microsoft Project Server
Microsoft SharePoint Server
Microsoft SQL Server
Microsoft System Center
Microsoft Team Foundation Server
Server role support on Azure virtual
machines
Active Directory Domain Services
Active Directory Federation Services
Active Directory Lightweight Directory Services
Application Server
DNS Server
File Services
Network Policy and Access Services
Print and Document Services
Remote Access (Web Application Proxy)
Remote Desktop Services*
Web Server (IIS)
Windows Server Update Services
Persistent Virtual Machines with
Geo-Replication
Microsoft Azure Storage
Flexibility and portability of VHD
Microsoft Azure
Availability sets
Affinity groups
You bring it – we run it
Scenario: Migrating virtual machines to
Azure
Contoso is ready to
move several production
workloads to
Azure VMs
The on-premises
environment will
remain unchanged
to avoid the risk
of downtime
Once communications and access is tested,
application deployment, virtual networking, and
Active Directory integration testing will begin.
Contoso wants to ensure a smooth
transition using a phased approach of
integrating Azure and on-premises IT
resources
Contoso will work with an experienced cloudintegration partner to create the on-premises
integration with Azure IaaS services
The solution will allow Contoso to expand
and converge infrastructure as needed to
keep up with demands and save costs.
Build, test, deploy
> PowerShell
How to Upload the VHD file to Azure
• The Add-AzureVHD cmdlet, which is part of the Microsoft Azure PowerShell
module, is required to upload the VHD
• The VHDX format is not supported in Microsoft Azure. You can convert the disk
to VHD format using Hyper-V Manager or the Convert-VHD cmdlet.
• The following Windows Server versions are supported:
Service
Pack
Architecture
Windows
Server 2012 All editions
R2
N/A
x64
Windows
All editions
Server 2012
N/A
x64
Windows
Server 2008 All editions
R2
SP1
x64
OS
SKU
Getting started with VMs
Create Virtual Machine based on VHD-file
• Virtual Machine is a Hyper-V Virtual Machine
• Azure runs thousands of physical Hyper-V servers
• VHD-file (disk) can be:
• Provided by Azure (= "image")
• Provided by customer (= "uploaded vhd-file")
Security considerations
•
•
•
•
•
•
The VM is connected to the Internet.
RDP inbound is enabled by default.
RDP port 3389 cannot be used.
A strong password should be used.
The VM has unlimited outbound network access.
Who can control VM?
Virtual machine charge rates and tiers
Charge Rate by the Minute
• Microsoft charges for virtual machines by the minute.
• Prices are listed as hourly rates and are billed based on total number of minutes when the virtual
machines run for a partial hour.
Basic Compute Tier
• New tier of compute instances.
• Similar in configuration to the Standard tier with lower prices.
• Does not include load balancer and auto-scaling.
• Well-suited for single instance production applications, development workloads, test servers and
batch processing applications that might not require these features.
Standard Compute Tier
• This tier of compute instances provides an optimal set of compute, memory and IO resources for
running a wide array of applications.
• These instances include both auto-scaling, load balancing, and internal load balancing capabilities
at no additional cost.
• Internal load balancing feature is currently in preview.
Basic tier virtual machine sizes
Size
CPU
cores
Memory
Disk sizes – virtual machine
Max 1TB
Disks
Max. IOPS
(300 per
disk)
1x300
A0
Shared
(0.25)
768 MB
OS = 127 GB, Temporary = 20 GB
1
A1
1
1.75 GB
OS = 127 GB, Temporary = 40 GB
2
2x300
A2
2
3.5 GB
OS = 127 GB, Temporary = 60 GB
4
4x300
A3
4
7 GB
OS = 127 GB, Temporary = 120 GB
8
8x300
A4
8
14 GB
OS = 127 GB, Temporary = 240 GB
8
8x300
Standard tier virtual machine sizes
Size
CPU
cores
Memory
Disk sizes – virtual machine
Max. data disks
(1 TB each)
Max. IOPS
(500 per disk)
A0
Shared
768 MB
OS = 127 GB, Temporary = 20 GB
1
1x500
A1
1
1.75 GB
OS = 127 GB, Temporary = 70 GB
2
2x500
A2
2
3.5 GB
OS = 127 GB, Temporary = 135 GB
4
4x500
A3
4
7 GB
OS = 127 GB, Temporary = 285 GB
8
8x500
A4
8
14 GB
OS = 127 GB, Temporary = 605 GB
16
16x500
A5
2
14 GB
OS = 127 GB, Temporary = 135 GB
4
4X500
A6
4
28 GB
OS = 127 GB, Temporary = 285 GB
8
8x500
A7
8
56 GB
OS = 127 GB, Temporary = 605 GB
16
16x500
A8
8
56 GB
OS = 127 GB, Temporary = 382 GB
16
16x500
A9
16
112 GB
OS = 127 GB, Temporary = 382 GB
16
16x500
Demo
Provisioning and managing virtual machines
Hands-on Lab 2
Provision a new virtual machine
Monitoring virtual machines
Controlling virtual machines
Module 3:
Azure VM networks
VMNet Overview
Site-to-Site Communications
Partner / Appliance Landscape
VPN Support
Scenario: Virtual IP addressing in the cloud
Contoso has decided that migrating to Azure is a cost savings move.
In addition, it will improve productivity by allowing employees
to access commonly used intranet data and applications from
the road using mobile devices.
The next challenge is setting up
virtual networking on the Azure side,
and connect the on-premises users
and resources to the Azure cloud.
As part the pilot rollout
of Azure VMs, the
virtual IP Addresses
(VIPs) will be set up and
the Dynamic IP Address
(DIPs) configured.
Microsoft Azure
Virtual Network
Gateway
Point-to-site and Site-to-Site
virtual network
More options for getting your virtual
network started
Microsoft Azure virtual network
Scenario: Site-to-site connectivity
Contoso is concerned about the
complexities and IP
addressing challenges of
connecting Azure public cloud
services with on-premises IT
infrastructure.
The process will start with
a pilot for a limited
number of users and
resources using the
existing RAS/VPN services.
Connecting the office to the Azure public cloud to
the on-premises resources is a fairly simple process
that takes place on the Azure side by setting up an
encrypted connection to the server using IPSEC.
If the pilot is successful, Contoso will invest in a new
VPN appliance that will offer better performance,
monitoring, and logging.
IP addressing in Azure virtual networks
There are multiple ways to access a virtual machine by IP address:
VIP – Virtual IP address
An internet-facing IP address that is not bound to a specific computer or network
interface card.
The cloud service that the virtual machine sits within is assigned the VIP.
You can have multiple virtual machines in a cloud service. They share the same VIP.
DIP – Dynamic IP address
This IP address is dynamically assigned (via DHCP) to your virtual machine by
Windows Azure. You rely on DHCP – Do NOT statically configure your IP address.
Even for DCs.
The IP address lease directly equates to the lifetime of the virtual machine.
If you create a virtual network, the virtual machine will receive its DIP from that
range.
Creating a virtual network in the
Management Portal
Custom Create VNet
Quick Create VNet
Extending your infrastructure
Securely connect to Virtual Network from anywhere.
Uses VPN client in Windows operating system.
Traverses firewalls and proxies
Site-to-Site VPN
Point-to-Site VPN
Remote workers
Demo
Azure Virtual Networks
•
•
•
•
•
Name resolution between cloud services.
Multiple hostnames for the same virtual machine.
Cross-premises name resolution.
Reverse lookups (PTR).
Wins and NetBIOS name resolution.
Azure Traffic Manager
DNS-based service load balancing
Direct user traffic to services running across Windows Azure datacenters based on policy:
 Performance/latency
 Round-robin
 DR / Failover
How does Traffic Manager work?
1.
User requests info using the company domain name.
2.
The DNS RR for the company domain points to a Traffic Manager domain in
Windows Azure Traffic Manager. This is done by using a CNAME record.
3.
The Traffic Manager domain is part of the Traffic Manager profile that you
create. You also create rules within this profile. The rules you select dictate the
load balance method you want to use and what you want to monitor for health.
4.
Traffic Manager processes the rules and returns the DNS name of the cloud
service, which is later resolved to the IP address.
5.
The User contacts the service directly, by IP address. This information is cached
on the client’s computer. Thus, the client will continue to interact with the
selected service until that TTL expires.
How do I configure Traffic Manager?
You can configure Traffic Manager in the Management Portal.
1.
2.
3.
4.
Create a Traffic Manager Profile.
Add endpoints.
Configure the DNS TTL.
Select the Load Balancing Method.
•
Round Robin
•
Performance
•
Failover. Be sure to adjust the failover order.
5. Configure Monitoring.
•
You can either monitor ‘/’ (default directory of the services) or create a file with the same
name in each cloud service and allow Traffic Manager to perform an http(s) GET on the file.
Then specify in Traffic Manager.
6. Save your changes.
Hands-on Lab 3
Create and Azure virtual network
Assign virtual machines
Connect on-premises to Azure
Module 4:
Planning and deploying workloads to Azure
Azure AD Service
SQL Server VMs
SharePoint VMs
Scenario: Deploying applications
Contoso is
ready to
start its
application
testing and
authentication
to Azure VMs
and applications
from devices
running inhouse.
Deployment of a replica
domain controller, a
SharePoint 2010 Foundation
Server, and a SQL Server
2014 Standard Edition Server
Contoso users can access
applications from their
desktops in the office and
can access the intranet
website using the private
IP address space used for inhouse resources
Once the final phase of the testing is completed, the rollout will be
to integrate the on-premises AD DS environment with the Azure
AD infrastructure to ensure a single sign-on experience for users.
Active directory on an Azure VM
Business Drivers:
• Support for pre-requisites for existing applications, such as SharePoint.
• High Availability Solutions for SQL Server Databases using Always-On Availability
Groups.
• Disaster Recovery solution for branch offices and a limited set of virtual
machines.
• Dev/Test Workloads.
Azure VM considerations for DCs
Do not sysprep the Domain Controller
From an existing physical machine
P2V a physical machine and move to Windows Azure
Move the Domain Controllers VHD file to Windows Azure
Create the virtual machine from the VHD
Starting with a new virtual machine
Build a new virtual machine and replicate directory to Windows Azure
Azure VM considerations for DCs (cont’d.)
Attach a data disk (caching turned off)
Do not use D:\ ( temporary physical disk)
Put logs and account DB on attached disk to avoid data loss
Azure VM considerations for DCs (cont’d.)
IP Addressing
Windows Azure VMs require use of a DHCP leased IP address.
The lease is an infinite ‘dynamic’ lease, but not the same as ‘static assigned’ address that you would
expect to use in and on-premises environment.
The leased IP address is routable for the duration of the lease, which is determined by the life time of
the service (or virtual machine).
Don’t try to assign a static IP to your virtual machine. You will lose communication to it.
Azure VM considerations (cont’d.)
Deploy DNS on the Domain Controller
The Windows Azure DNS does not cover the AD DNS records needed.
Register the DNS server in the virtual network.
Common Azure SQL Server scenarios
Full production environment
Development and test environments
Cloud-based backup of on-premises data
SQL Server Always On with cloud-based secondary's
DBaaS services with performance and
scalability
What’s New with SQL Server 2014
Partner Opportunity & Benefit
In-Memory Built-In
Average 10x faster for new and existing
SQL Server apps.
Multi-tenant Management
Enterprise scale using Windows Server
and effective resource management
with IO Resource Governor.
Scalability & Density
Enterprise scale using Windows Server.
• Cost efficiency with enhanced
density and effective
management
HA - SQL Always On Availability Groups
Up to 4 Replicas
Replica Authentication
Dependencies
SQL backup and restore using Blob storage
•
Back up or restore using Windows Azure Storage.
•
SQL can be on-premises or cloud-based.
SQL Server versus Azure SQL Database
SQL Server (IaaS)
Windows Azure SQL Database (PaaS)
Development
Migrate Existing or Build New Apps
Develop New Apps
Management
Full Control
Managed Service
Compatibility
Full SQL Server Capabilities
Based on SQL Server Technology
Shared Technology
Network transport (Tabular Data Stream)
SQL dialect (Transact-SQL)
Data access APIs (ADO.NET, ODBC, JDBC)
Development tools (SQL Server Data Tools)
Management tools (SQL Server Management Studio)
More Information: http://blogs.msdn.com/b/windowsazure/archive/2013/02/14/choosing-between-sqlserver-in-windows-azure-vm-amp-windows-azure-sql-database.aspx
SharePoint support on Azure
Product support
SharePoint Server 2010 and 2013 supports the hosted virtualization
solution of Microsoft, as well as required technologies, such as
Microsoft SQL Server, when these products and technologies are
deployed on the Windows Azure platform.
FAST Search support
Do not support Microsoft FAST Search Server 2010 for SharePoint
deployments on Windows Azure.
SharePoint Architecture Tips
IOPS Most Important Factor
Scale Out Not Up
Single virtual machines template
Web/App Tier
WEB/APP
1 x Large
(4 Cores & 7 GB)
Identity Tier
1 Small
(1 Core & 1.75 GB)
AD/DC/DNS
LB
Data Tier
1 x A6
(4 Cores & 28 GB)
SQL
80
20000
Admin
AVET
SPWEB
AVSET
SQL
AVSET
DCSET
Cloud Service
Virtual Network
Windows Azure
Highly available template
LB
Web Tier
WEB
APP
SQL
AD/DC/DNS
2 x Large
(4 Cores & 7 GB)
AVSET
SPWEB
App Tier
2 x Large
(4 Cores & 7 GB)
AVSET
SPAPP
AVSET
SQLHA
AVSET
DCSET
80
Data Tier
2 x A6
(4 Cores & 28 GB)
1 x Small (Quorum)
(1 Core & 1.75 GB)
Identity Tier
2 Small
(1 Core & 1.75 GB)
20000
Admin
Cloud Service
Virtual Network
Windows Azure
Demo
Deploy a Database to Azure
Hands-on Lab 4
Deploy a SQL Server virtual machine
Deploy a domain controller in Azure
Module 5:
Azure AD and identity management
Azure AD
DirSync and Password Sync
Third Party SaaS Support and Office 365
Integration
Public identity as the control point
Active Directory
What is Azure Active Directory?
A comprehensive identity and access
management cloud solution.
It combines directory services, advanced
identity governance, application access
management and a rich standards-based
platform for developers.
Azure Active Directory Premium is an
advanced offering that includes IAM
capabilities for on-premises, hybrid and
cloud environments. Note that AD Premium
is not currently available in Open Licensing.
Cloud app discovery
AD Agent
Logs
Active Directory
Cloud App Discovery
Single set of credentials
*
*Coming soon
Your Directory on the cloud
Preintegrated SaaS apps in the application
gallery
Centrally managed identities and access
What is Azure multi-factor authentication?
A stand-alone Azure Identity and Access
management service also included in Azure
Active Directory Premium.
Prevents unauthorized access to both onpremises and cloud applications by providing an
additional level of authentication.
Trusted by thousands of enterprises to
authenticate employee, customer, and partner
access.
How MFA works
Azure MFA versus MFA for Office 365
MFA for Office 365/Azure
Administrators
Administrators can Enable/Enforce MFA to end-users
Use Mobile app (online and OTP) as second authentication factor
Use Phone call as second authentication factor
Use SMS as second authentication factor
Application passwords for non-browser clients (e.g. Outlook, Lync)
Default Microsoft greetings during authentication phone calls
Custom greetings during authentication phone calls
Fraud alert
MFA SDK
Security Reports
MFA for on-premises applications/ MFA Server.
One-Time Bypass
Block/Unblock Users
Customizable caller ID for authentication phone calls
Event Confirmation
Azure Multi-Factor
Authentication
Directory Sync
• Synchronizes users, groups, and
contacts to Windows Azure AD.
• Users will have a different password in
Windows Azure AD than they have for
the on-premises AD.
Password Sync versus Single Sign-On
Password Sync
Single Sign-On (ADFS)
Same password to access resources
X
X
Control password policies on-premises
X
X
Support for multi-factor authentication
X*
X
No password re-entry if on premises
X
Authentication occurs in on-premises directory
X
Client access filtering
X
* Limited Support
Preparing for DirSync
From the Windows Azure Management Portal
Azure AD sync tool
•
Formerly known as Dirsync, this tool has
been updated to allow for the
synchronization of local Active Directory
passwords to Azure Active Directory.
•
Also synchronizes users, groups and
contacts.
•
This new feature will allow for same user
sign in with Microsoft cloud services
such as Office 365 Education powered
by Azure Active Directory since the
username and the password from local
AD will be synced up to Azure AD.
Demo
Installing and running DirSync
Hands-on Lab 5
Set up Azure AD
install and run DirSync
Wrap up and Q&A
The Benefits of Selling Azure
The best path to capitalizing on the major new business opportunities enabled by
cloud computing.
$
Increase profitability
with new lines of
business in the cloud
Deliver the right
solutions and services
to your customers
Build and deploy
quickly on a familiar
platform
Why Microsoft
Microsoft offers compelling competitive differentiation to customers
Single vendor across clouds – private, public and hosting provider.
Single point of support for infrastructure, OS, services, and applications.

Tenured experience and enterprise credibility.
Single vendor for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service
(PaaS).
SharePoint, SQL Server, and Windows Server run best on Microsoft Azure.
Microsoft Partner Network benefits overview
Action Pack
subscription
Microsoft logo
Silver
competency
Gold
competency
Silver competency logo
Gold competency logo
Partner Incentives
Cloud incentives
Licensing, solution and cloud
incentives
Licensing, solution and cloud
incentives
Internal Use Software
Up to 10
product licenses
Up to 25
product licenses
Up to 100
product licenses
MSDN Subscriptions
3 MSDN
5 MSDN
10 MSDN
Marketplace listing
Priority listing
Premier listing
n
n
n
Varies by subscription type
20 hours
50 hours
n
n
n
Microsoft Pinpoint
Partner Support
Community
Partner Advisory Hours
Marketing Tools,
Microsoft Financing,
Sales Tools
Active partners can
download a benefits
summary to understand
the benefits available to
them and maximize their
usage.
http://aka.ms/usmpnbenefits
Internal Use Rights (IUR) Core Benefits*
Integrating Microsoft Online Services and Windows Azure
Promoting the
power of choice
Partners can deploy
Internal Use licenses
via Microsoft Online
Services or onpremises software.
Cloud
Service
SKU
Gold
Benefit**
Silver
Benefit**
MAPS
Benefit***
Comments
Office365
E3
100 seats
25 seats
5 seats
Each seat of O365 used in exchange for 1
on-premises Client Access License (CAL) (SharePoint, Exchange, and Lync).
CRM
Online
CRMOL
Pro
60 seats
15 seats
5 seats
Each seat of CRM Online used in exchange
for 1 on-premises CAL of Dynamics CRM .
5 licenses
Up to 5 devices per license. Each license of
Windows Intune used in exchange for 1
on-premises CAL of System Center Device
Manager.
Cloud
Windows
Service
Intune
Only
Azure
N/A
100 licenses
25 licenses
$100 Monthly $100 Monthly $100 Monthly Azure credit is additional to existing onpremises IURs.
Credit
Credit
Credit
Internal use rights licenses that are part of Cloud Essentials or Cloud Accelerate entitlements must be deployed by Microsoft Partner Network Integration launch in January. The end date for all Internal Use Rights will be June 30, 2014.
Must sign MOSPA + CSA agreements in order to qualify for CRM Online IURS.
*Please refer to the Disclosure Document for full details. Core benefits are available to all partners in all competencies.
**Partners will be able to earn additional licenses of Microsoft Dynamics CRM Online and Windows Azure through specific competencies and competency tracks. Partners are eligible to earn an additional 20 seats of Microsoft
Dynamics CRM Online by attaining either a Customer Relationship Management (CRM) competency or an Enterprise Resource Planning (ERP) competency.
***Partners can earn additional Office365 licenses by selling Microsoft Online Services. Partners are eligible to receive an additional five seats of Office 365 after selling 25 seats of Office 365 within the previous 12 months.
Start testing Azure now – using IURs
What to
Test?
Azure Scenarios for SMB
Why?
Develop expertise now in a
controlled environment using
$100 of monthly Azure credits
at no charge
Where to
Start?
Partner Programs, Azure
Technical Scenario 101s
Azure Benefits through MPN (MAPS)
Azure Benefits through MSDN
Find out more: http://Aka.ms/azureiur
Azure 101’s
Azure Backup – Virtual Machines – Active Directory – Websites
Microsoft Action Pack Subscription – Update
Single, universal Action Pack
subscription leading with cloud
New benefits
Six resource centers aligned to partner practices
(partners can choose 1 or more)
• Technical support: Access to telephone support for presales, technical, and deployment issues related to
Microsoft Cloud Services.
• Internal Use Rights (IURs): including both on-premises
and Cloud products and services.
• Training: access to over 2,000 training courses on
selling, configuring, and implementing Microsoft
products and services plus discounts on Microsoft
Certified Professional exams.
• Developer tools: access to world-class Visual Studio
developer tools to support development across
Microsoft platforms, including desktop, phone, server,
and Web.
• Bing credits: $600 Bing Ads Credit ($100 for partners,
$500 for their customers) to market products, services,
and solutions.
• Campaigns: exclusive access to Ready-To-Go Marketing
Campaigns for Microsoft products and services.
Microsoft Partner Learning Paths
The Learning Paths site allows you to
build learning plans for resources within
your organization.
Create plans by product, competency, or
partner type and track your progress!
Click here for a demo!
The Microsoft Partner Learning Paths site is the key resource for all
competency related training. Specifically:
•
•
•
•
Sales Specialist assessments.
Pre Sales Technical assessments.
Technical assessments.
Technical Certification courses that align to competency.
For more info on the Learning Paths click here.
Training Certifications and Accreditations
Microsoft Technical Certifications
Microsoft Solutions Associate (MCSA)
Microsoft Solutions Expert (MCSE)
Microsoft Sales Specialist Accreditation
Designed for individuals, who support the initial stage of the sales
process at Microsoft partner organizations, and require only a high-level
overview of technical product features and benefits.
Microsoft Pre Sales Technical Accreditation
Designed for technical professionals, who support sales teams with value
demonstrations and proof-of-concept development to close deals on
solutions built on Microsoft technologies.
Get more information
at Microsoft Learning
Get more information
on Sales Specialist
training and
accreditation
Get more information
on Pre-Sales Technical
training and
accreditation
Become a Microsoft Cloud Partner
When you become a Microsoft Cloud Partner,
you receive a set of core benefits to help you
start and build your cloud practice, including:
•
•
•
Internal-use software rights.
Tailored training.
Prioritized exposure in Microsoft marketing and
product directories.
Members of the Microsoft Partner Network Cloud
Essentials program receive monthly credits of $100 of
Windows Azure at no charge.
For details, visit:
http://www.windowsazure.com/en-us/offers/ms-azr-0051p/
Microsoft Virtual Academy
Free Microsoft Training Delivered by Experts
Microsoft Virtual Academy (MVA) offers online Microsoft training delivered
by experts to help technologists continually learn, with hundreds of courses,
in 11 different languages. Learn the latest technology, build skills, and
advance your careers.
http://www.microsoftvirtualacademy.com
178
Spiceworks
With more than 5 million IT pros, Spiceworks is
where people go to share and find info on allthings-IT.
Free App
Download the Spiceworks app to get network inventory, network
monitoring, help desk software, and more!
Free Community
Spiceworks has all the IT resources you need to make smart IT
decisions, including product reviews, vendor ratings, IT help, howtos, and discussions.
Free Career Tools
Take your career wherever you want it to go by creating a portfolio,
searching job listings, and browsing helpful tips and resources.
ModernBiz campaign resources
Grow your business and profits delivering solutions SMBs need
A complete set of marketing and sales
materials designed to help you tap new
opportunities and expand your business
with small and midsize customers.
The ModernBiz campaign covers a breadth
of Microsoft solutions that enable the
modern business – from server to cloud,
desktop to mobile devices.
Connect with
customers
Adapt to
Change
Understand
your
customer
ModernBiz
Be prepared
for the
unexpected
Safeguard
your business
Get started!
Increase
your sales
Grow
efficiently
Get the
most out
of your
technology
Get your
work done
anywhere
Protect
and control
your data
Work
together
easily
Business
anywhere
Visit http://aka.ms/modernbiz to access tools and resources designed to help
market and sell high-priority SMB solutions
180
ModernBiz campaign examples
Campaign scenarios based on customer feedback
Case studies
Content integration: 87 SMB hubs
Digital assets: banner ads/social
To-partner presentations
Thru-partner presentations
Video animation
#modernbiz
ModernBiz sales demos
Take advantage of ModernBiz sales demos that
show how you can pitch Microsoft solutions in four
key areas:
•
•
•
•
Grow efficiently
Business anywhere
Safeguard your business
Connect with customers
These 8-10 minute sales demos are focused on “making it real”
by showing specific ways that Microsoft solutions can make
life easier for SMBs
Get started!
Visit http://aka.ms/modernbiz to access the demos
182
Partner technical support
Take advantage of a range of support resources across the ModernBiz pillars
Grow efficiently
Business Anywhere
Safeguard your
Business
Connect with customers
Enrich your Pitch
Office 365
Windows Server
Office 365
• MS Tech Support Access
• Compete resources
• RFP Support
Free MPN Community
Support
• All associated employees
have unlimited access
Gold/Silver - free Pre-sales
Support for deals over $3K
• Gold/Silver: Deployment
Shadowing
• Breadth: PA for SMB (Q2
FY15)
• Breadth Play
Microsoft Azure
• Gold/Silver/MidMarket: Labs
on Azure
• Breadth: Selling Azure
• Gold/Silver: EOS for WS
2003
• Gold/Silver: Migrate from
WS 2003
Microsoft Azure
• Gold/Silver/MidMarket: Labs
on Azure
• Gold/Silver: Modernize your
Data Center
• Gold/Silver: Tech Pre-Sales
Support
• Breadth: Google Compete
CRM Online
• Gold/Silver: Tech Pre-Sales
Support
CRM Online
• Gold/Silver: Deployment
support
183
Incentives and promotions
Make a strong start with timely new offers designed to give you an edge
Take advantage of these new offers starting July 1st
•
•
•
•
OneDrive for Business (50-70% discount)
Office 365 Add On SKUs
Power BI (33-40% discount)
AND starting in August/September: O365 Renew to the Cloud and 17% Open
M SKU Promotions and 15% Windows Open Upgrade Promo!
Check out your local incentives
• Richest incentive program in the industry, based on defined eligibility criteria
• Growing focus on cloud-related incentives
• Beginning August 1, earn margin and new cloud incentives with Azure in
Open Volume Licensing for SMB
• Check out the MPN incentives page for more information
• Connect with your local team to discuss incentive offerings further
184
Get started
Power up your
marketing and sales
Hone your
technical skills &
learn more about
Azure in Open
Capitalize on
current incentives
http://aka.ms/modernbiz
http://aka.ms/smblearningpath
http://aka.ms/rampup
http://aka.ms/AzureVAR
https://mspartner.microsoft.com/en/us/Pages/Membership/
Premium/partner-incentives.aspx
185
Appendix
Azure Migration Strategy