There is a lot of misconceptions about Microsoft’s public cloud offering Azure, especially for IT infrastructure administrators but also for it’s consumers. In this session, Kenneth van Surksum will demystify some of the most common questions when talking about public cloud, like:
· Will moving our on-premise infrastructure to the cloud solve many of the problems we are facing today?
· Can developers just consume Azure, or should they align the IT infrastructure department before starting to develop, and if so why?
· Is Cloud computing a next generation virtualization platform?
· Will we once we move all of our infrastructure to Azure be relieved migration headaches?
· And much more….
Kenneth will share his experiences from implementing Azure solutions at customers with the audience. The goal of this session is to make people, who want to start working with Azure aware of the caveats so that they don’t make the obvious mistakes.
Report
Share
Report
Share
1 of 54
Download to read offline
More Related Content
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
2. About me:
Kenneth van Surksum
Managing Consultant at Insight24
Co-Founder + board member WMUG NL
ksurksum@insight24.nl
#azure,#sysctr,#configmgr,#opsmgr,#winsrv,
#microsoft,#ems,#oms,#ARM,#AIP,#Intune
18. Key takeaways
Cloud ≠ virtualization
Azure Stack ≠ Windows Azure Pack
Moving your VM workloads to Azure isn’t necessarily cheaper
We need developers to start developing on top of Cloud
products
“Old” style applications will not disappear in the near future
24. Best Practices for Locking Down Access
1. Make sure people automatically lose access when they leave
2. Use multi-factor authentication for all Azure users
3. Use “break glass” accounts for Account & Service Admins
4. Give people minimum access needed for day to day work
5. Use Managed Service Identity to keep credentials out of code
26. Azure Role-Based Access Control (RBAC)
Fine-grained access control to
Azure “control plane”
Grant access by assigning Security
Principal a Role at a Scope
Security Principal: User, group, or
service principal
Role: Built-in or custom role
Scope: Subscription, resource group, or
resource
Assignments are inherited down
the resource hierarchy
Subscription
Reader
Resource Group
Owner
Resource
Contributor
27. Key takeaways
Split user and administrators – Use RBAC
Only connect IaaS VM’s to the internet when needed –
use forced tunneling
Use Network Security Groups which serve as a basic FW
Use Just in Time access (Preview)
Additional Security has pricing
30. Key takeaways
Almost every company nowadays is using some kind of
Cloud solution
Shadow IT exists everywhere
Start measuring and act on the information
35. Key takeaways
Please do not hand over the keys to Developers, instead
assist them while staying in charge over the infrastructure
Use Resource Policies to restrict the use of certain Azure
Resource Types
Use Naming Conventions
38. The tale of 2 Azures
Azure Service Manager (ASM)
Version 1
Referred to as ASM or Classic
Management via Old Portal en New Portal (some
exceptions)
Azure Resource Manager (ARM)
Version 2
Referred to as ARM
Management via New Portal
https://www.petri.com/a-tale-of-two-azures
41. Key takeaways
Cloud evolves, make sure you are able to support
upgrades to “new products” or other products
Cloud products are announced fast, but also dismantled
fast, make sure you are up to date (#azure)
43. Support for Microsoft apps
Microsoft Biztalk Server
Microsoft Dynamics AX
Microsoft Dynamics CRM
Microsoft Dynamics GP
Microsoft Dynamics NAV
Microsoft Exchange
Microsoft Forefront Identity Manager
Microsoft HPC Pack
Microsoft Project Server
Microsoft SharePoint Server
Microsoft SQL Server
Microsoft Team Foundation Server
Microsoft System Center
App Controller
Configuration Manager
Data Protection Manager
Endpoint Protection
Operations Manager
Orchestrator
Server Application Virtualization
Service Manager
Windows Server
ADCS
ADDS
ADFS
ADLDS
Application Server
DNS
Failover Clustering
SharePointSQL Server
Exchange
https://support.microsoft.com/en-us/help/2721672/microsoft-server-software-support-for-microsoft-azure-virtual-machines
File Services
Hyper-V
NPS
Print and Document Services
Remote Desktop Services
Web Server
Windows Server Update Service
44. Key takeaways
If you want to run Microsoft workloads, please check
first if it’s supported
46. Single Instance
CostLower Higher
Scenario
Building a Hyper-Available Solution: Journey
VM Backup & DR
Scheduled Events
Single Instance SLA
Planned Maintenance
Availability Sets VMSS
Managed Disks
HA SLA
Load Balancing
Zone spanning VM/VMSS
Sync Storage Replication
Traffic Manager
Async Storage Replication
VM BC/DR (ASR)
50. Key takeaways
You have to do something in order to make your VM
highly available and scalable (most of the time, requires
rewriting the application)
Make sure you can also monitor your cloud resources
(are they available?)
Moving to the cloud, doesn’t automatically transform
your IT departments maturity