SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
•
0 likes•233 views
There is a lot of misconceptions about Microsoft’s public cloud offering Azure, especially for IT infrastructure administrators but also for it’s consumers. In this session, Kenneth van Surksum will demystify some of the most common questions when talking about public cloud, like: · Will moving our on-premise infrastructure to the cloud solve many of the problems we are facing today? · Can developers just consume Azure, or should they align the IT infrastructure department before starting to develop, and if so why? · Is Cloud computing a next generation virtualization platform? · Will we once we move all of our infrastructure to Azure be relieved migration headaches? · And much more…. Kenneth will share his experiences from implementing Azure solutions at customers with the audience. The goal of this session is to make people, who want to start working with Azure aware of the caveats so that they don’t make the obvious mistakes.
Report
Share
SCUGBE_Lowlands_Unite_2017_Rest azured microsoft cloud demystified
- 1. Rest Azured MICROSOFT CLOUD DEMYSTIFIED
- 2. About me: Kenneth van Surksum Managing Consultant at Insight24 Co-Founder + board member WMUG NL ksurksum@insight24.nl #azure,#sysctr,#configmgr,#opsmgr,#winsrv, #microsoft,#ems,#oms,#ARM,#AIP,#Intune
- 3. Thanks to our event sponsors Silver Gold
- 4. Agenda for this session Birds eye view Back to basics – Cloud Computing definition Demos Misconceptions and key take aways
- 5. bird's eye view on my IT experience so far bird's eye view
- 13. Misconceptions
- 14. Misconception: Cloud is just another virtualization platform
- 15. Cloud versus Virtualization Virtualization: Hardware Consolidation Server Availability Hosting legacy applications on modern hardware Cloud: Scalable On-demand Capacity Parallel and dynamic workloads Self Service
- 18. Key takeaways Cloud ≠ virtualization Azure Stack ≠ Windows Azure Pack Moving your VM workloads to Azure isn’t necessarily cheaper We need developers to start developing on top of Cloud products “Old” style applications will not disappear in the near future
- 19. Misconception: Cloud is secure by default
- 22. Forced Tunnelingorced Tunneling Backend 10.3/16 Middle-tier 10.2/16 Front-end 10.1/16 VPN GW Internet On premises Forced tunneled via S2S VPNS2S VPNs Directly to Internet Virtual Network
- 23. Just in time VM Access
- 24. Best Practices for Locking Down Access 1. Make sure people automatically lose access when they leave 2. Use multi-factor authentication for all Azure users 3. Use “break glass” accounts for Account & Service Admins 4. Give people minimum access needed for day to day work 5. Use Managed Service Identity to keep credentials out of code
- 26. Azure Role-Based Access Control (RBAC) Fine-grained access control to Azure “control plane” Grant access by assigning Security Principal a Role at a Scope Security Principal: User, group, or service principal Role: Built-in or custom role Scope: Subscription, resource group, or resource Assignments are inherited down the resource hierarchy Subscription Reader Resource Group Owner Resource Contributor
- 27. Key takeaways Split user and administrators – Use RBAC Only connect IaaS VM’s to the internet when needed – use forced tunneling Use Network Security Groups which serve as a basic FW Use Just in Time access (Preview) Additional Security has pricing
- 28. Misconception: We don’t use Cloud (yet)
- 30. Key takeaways Almost every company nowadays is using some kind of Cloud solution Shadow IT exists everywhere Start measuring and act on the information
- 31. Misconception: Our developers can start right away
- 34. Demo USING POLICIES TO RESTRICT USE OF AZURE RESOURCES
- 35. Key takeaways Please do not hand over the keys to Developers, instead assist them while staying in charge over the infrastructure Use Resource Policies to restrict the use of certain Azure Resource Types Use Naming Conventions
- 36. Misconception: Once we are in the cloud, we never ever have to migrate again
- 38. The tale of 2 Azures Azure Service Manager (ASM) Version 1 Referred to as ASM or Classic Management via Old Portal en New Portal (some exceptions) Azure Resource Manager (ARM) Version 2 Referred to as ARM Management via New Portal https://www.petri.com/a-tale-of-two-azures
- 40. Demo INFRASTRUCTURE AS A CODE
- 41. Key takeaways Cloud evolves, make sure you are able to support upgrades to “new products” or other products Cloud products are announced fast, but also dismantled fast, make sure you are up to date (#azure)
- 42. Misconception: We can run any Microsoft workload in Azure, it’s all Microsoft after all.
- 43. Support for Microsoft apps Microsoft Biztalk Server Microsoft Dynamics AX Microsoft Dynamics CRM Microsoft Dynamics GP Microsoft Dynamics NAV Microsoft Exchange Microsoft Forefront Identity Manager Microsoft HPC Pack Microsoft Project Server Microsoft SharePoint Server Microsoft SQL Server Microsoft Team Foundation Server Microsoft System Center App Controller Configuration Manager Data Protection Manager Endpoint Protection Operations Manager Orchestrator Server Application Virtualization Service Manager Windows Server ADCS ADDS ADFS ADLDS Application Server DNS Failover Clustering SharePointSQL Server Exchange https://support.microsoft.com/en-us/help/2721672/microsoft-server-software-support-for-microsoft-azure-virtual-machines File Services Hyper-V NPS Print and Document Services Remote Desktop Services Web Server Windows Server Update Service
- 44. Key takeaways If you want to run Microsoft workloads, please check first if it’s supported
- 45. Misconception: Once migrated, my on- premise workloads are high available and can scale out when needed
- 46. Single Instance CostLower Higher Scenario Building a Hyper-Available Solution: Journey VM Backup & DR Scheduled Events Single Instance SLA Planned Maintenance Availability Sets VMSS Managed Disks HA SLA Load Balancing Zone spanning VM/VMSS Sync Storage Replication Traffic Manager Async Storage Replication VM BC/DR (ASR)
- 47. 99,95% equals 4,38 hrs downtime 99,9% equals 8,76 hrs downtime https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_6/
- 48. Availability sets (at VM creation)
- 50. Key takeaways You have to do something in order to make your VM highly available and scalable (most of the time, requires rewriting the application) Make sure you can also monitor your cloud resources (are they available?) Moving to the cloud, doesn’t automatically transform your IT departments maturity
- 51. Misconception: Azure has no limitations, but subscription do!
- 52. Azure Subscription Limits https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits
- 53. Key takeaways Before you start deploying Azure Resources, check the subscription limits
- 54. Don’t make the same mistakes, we made years ago again!