Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Mastering the move

Trivadis
Trivadis

Konrad Brunner discusses keys to consider when moving to next generation databases in the cloud. ARM templates are key for defining infrastructure as code and managing infrastructure together with applications. Automation is key for streamlining deployments, scaling resources, and saving money. Identities, network configuration, and application management are also important to consider for security and governance when adopting next generation databases in the cloud.

1 of 35
Next generation databases Mastering the move Grüezi | Willkommen | Bonjour | Welcome | Velkomst Konrad Brunner Senior Consultant
About me 2 7.11.2018 • Working for Trivadis since 3 years • 30 years IT experience • from Unix to Windows • from Token Ring to Ethernet • from Java to C# • from host to client-server • from local to global • from on-premises to the cloud Next generation databases
Next generation databases3 Keys to master the move are … 7.11.2018
ARM Templates are key for ... Next generation databases4 7.11.2018 … software defined data centers (SDDC) and infrastructure as code (IAC) ■ Allows you to define complete data centers as code ■ Allows you to manage the state of your data centers in source control tools ■ Allows you to manage infrastructure together with the applications ■ Enables you to revise your state ■ Allows collaboration with partners ■ Allows you to achieve IT as a service
Automation is key to ... Next generation databases5 7.11.2018 … separate security in your datacenter ■ Allows you to streamline authorities along test, integration and production environments ■ Scripted deployments already starting when you move from test to integration ■ Allows you to work certificate based ■ Allows you to easily scale ■ Allows you to switch between regions ■ Allows you to securely integrate new resources into your existing secure infrastructure
Automation is key to ... Next generation databases6 7.11.2018 … save money ■ … by streamlining the lifetime of resources ■ Some resources in Azure you can’t just stop • SQL Database ■ The automation of the deployment and undeployment allows you to stop also these once ■ …by automating and making the deployment processes faster
Automation and ARM templates are key for ... Next generation databases7 7.11.2018 … DevOps with integrated security ■ Allows you to automate tasks in the Continuous Integration and Continuous Delivery pipelines ■ Together with Azure DevOps Services you have a fully secure and agile platform over the entire DevOps Process ■ Everything running under one single secure identity
Identities are key to ... Next generation databases8 7.11.2018 … expand your existing security to the cloud ■ Seamless integration of all resources into your existing secure infrastructure ■ Azure B2B is your friend for partner identities ■ Azure B2C is your friend for customer identities
Network is key for ... Next generation databases9 7.11.2018 … performance and stability ■ The right bandwidth ■ VPN up to 1.2 Gbps ■ Express route up to 10 Gbps ■ The best latency ■ West Europe <25ms ■ Switzerland North <5ms ■ Secure connections to your database ■ VLANs ■ Firewalls
Application Management is key for... Next generation databases10 7.11.2018 … security and governance ■ Secure the access to applications ■ Supports on- and off-boarding of users ■ Single Sign On into the entire world ■ Manage application access over the company boundaries
KeyVault is key to … Next generation databases11 7.11.2018 … enter next level of security ■ Secure store for keys, credentials and certificates ■ BYOK ■ Allows a centralized management ■ Allow the process identity access to the key vault to get secure information at runtime ■ No need to store connection strings in code or config files any more
Next generation databases12 Demo 7.11.2018
Automation Demo Next generation databases13 7.11.2018 ■ Subscription ■ AD Application ■ Azure Active Directory ■ Certificate based service principal ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook POST https://github.com/TVDKoni/ARM-Base-Templates
Next generation databases14 Resource Manager and ARM templates 7.11.2018
Resource Manager Next generation databases7.11.201815 15
Azure Resource Manager provides Integration Component Application Lifecycle Containment – Deployment, update, delete and status Declarative solution for Deployment – “Config as Code” Grouping – Metering, billing, quote: applied and rolled up to the group Consistent Management Layer Access Control – Scope for RBAC permissions Next generation databases7.11.201816
ARM Templates can: • Ensure Idempotency • Simplify Orchestration • Simplify Roll-back • Provide Cross-Resource Configuration and Update Support ARM Templates are: • Source file, checked-in • Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets) • Parametrized input/output Instantiation of repeatable config. Configuration  Resource Group Power of Repeatability SQL - A Website Virtual Machines SQL-A Website [SQL CONFIG] VM (2x) DEPENDS ON SQLDEPENDS ON SQL SQL CONFIG 17
Next generation databases18 Azure Automation 7.11.2018
Automation key services Next generation databases19 7.11.2018 ■ Azure Active Directory ■ AD Application ■ Subscription ■ Certificate ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook ■ LogicApps ■ Desired State Configuration POST
Automation Account Next generation databases20 7.11.2018 Automation Account LogicApps
LogicApps Next generation databases21 7.11.2018
Security 7.11.2018 Next generation databases22
One Identity, on-premises and in the cloud Next generation databases23 7.11.201823
Microsoft Azure Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 20+ Data Centers Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 24
Transparency Next generation databases25 7.11.2018 ■ Security & Compliance Center ■ Service compliance reports like Azure - ISO 27001 and ISO 27018 Audit Assessment Report ■ Trust documents provided by Microsoft ■ Shared GDPR and ISO Assessments ■ Law Enforcement Requests Report → 25
Next generation databases26 7.11.2018 Network
Microsoft Azure External Connectivity Options 7.11.2018 Next generation databases27
Connectivity pricing 7.11.2018 Next generation databases28
VPN GW S2S and ExpressRoute coexistence VPN gateway allows you to have Site-to-Site (S2S) VPN connectivity to a Virtual Network that also has a gateway connected to an ExpressRoute circuit. This enables new connectivity scenarios: You can now use S2S VPN tunnel as a backup for your ExpressRoute connection. You can connect branch offices that aren’t part of your WAN to your Azure virtual networks that are also connected via ExpressRoute. You can have Point-to-Site connections to the same Virtual Network that is also connected via ExpressRoute enabling dev/test and mobile worker scenarios. 7.11.2018 Next generation databases29
Next generation databases30 7.11.2018 Other keys
Naming Convention Next generation databases31 7.11.2018 Max length hostname Max length Storage Account name Character 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Name Area D Main resources Production Environment Subscription t v d 2 0 a b a tvd20aba Resource Group t v d 2 0 a b a p r s g 0 0 1 tvd20abaprsg001 Virtual Network t v d 2 0 a b a p n g w 0 0 1 tvd20abapngw001 Virtual Machine t v d 2 0 a b a p s r v 0 0 1 tvd20abapsrv001 Storage Account t v d 2 0 a b a p s t g 0 0 1 tvd20abapstg001 Test Environment Subscription t v d 2 0 a b a t tvd20abat Resource Group t v d 2 0 a b a t r s g 0 0 1 tvd20abatrsg001 Virtual Network t v d 2 0 a b a t n g w 0 0 1 tvd20abatngw001 Virtual Machine t v d 2 0 a b a t s r v 0 0 1 tvd20abatsrv001 Dependent resources VM Public IP t v d 2 0 a b a p s r v 0 0 1 p i p tvd20abapsrv001pip VM Disk t v d 2 0 a b a p s r v 0 0 1 v h d tvd20abapsrv001vhd Vm Network Interface t v d 2 0 a b a p s r v 0 0 1 n i c tvd20abapsrv001nic VM Public IP 1 t v d 2 0 a b a p s r v 0 0 1 p i p 0 1 tvd20abapsrv001pip01 VM Public IP 2 t v d 2 0 a b a p s r v 0 0 1 p i p 0 2 tvd20abapsrv001pip02 I JHA B C E F G
Central Registries Keys, Certificates, Passwords and other stuff can have an expiry date Start manage these changes from the beginning – Information about – Expiry date – Change procedure Use KeyVault where ever possible 7.11.201832 Next generation databases
Costs 7.11.201833 Next generation databases
Fun is key for ... Next generation databases34 7.11.2018 … the future ■ Fun promotes innovation ■ Fun promotes productivity ■ Fun finds and holds talents ■ Why it makes fun? ■ It’s easy ■ It’s stable ■ It’s modern ■ It works from everywhere
Thank you Konrad Brunner Senior Consultant Tel. +41 79 960 61 49 7.11.2018 Next generation databases35

More Related Content

Mastering the move

  • 1. Next generation databases Mastering the move Grüezi | Willkommen | Bonjour | Welcome | Velkomst Konrad Brunner Senior Consultant
  • 2. About me 2 7.11.2018 • Working for Trivadis since 3 years • 30 years IT experience • from Unix to Windows • from Token Ring to Ethernet • from Java to C# • from host to client-server • from local to global • from on-premises to the cloud Next generation databases
  • 3. Next generation databases3 Keys to master the move are … 7.11.2018
  • 4. ARM Templates are key for ... Next generation databases4 7.11.2018 … software defined data centers (SDDC) and infrastructure as code (IAC) ■ Allows you to define complete data centers as code ■ Allows you to manage the state of your data centers in source control tools ■ Allows you to manage infrastructure together with the applications ■ Enables you to revise your state ■ Allows collaboration with partners ■ Allows you to achieve IT as a service
  • 5. Automation is key to ... Next generation databases5 7.11.2018 … separate security in your datacenter ■ Allows you to streamline authorities along test, integration and production environments ■ Scripted deployments already starting when you move from test to integration ■ Allows you to work certificate based ■ Allows you to easily scale ■ Allows you to switch between regions ■ Allows you to securely integrate new resources into your existing secure infrastructure
  • 6. Automation is key to ... Next generation databases6 7.11.2018 … save money ■ … by streamlining the lifetime of resources ■ Some resources in Azure you can’t just stop • SQL Database ■ The automation of the deployment and undeployment allows you to stop also these once ■ …by automating and making the deployment processes faster
  • 7. Automation and ARM templates are key for ... Next generation databases7 7.11.2018 … DevOps with integrated security ■ Allows you to automate tasks in the Continuous Integration and Continuous Delivery pipelines ■ Together with Azure DevOps Services you have a fully secure and agile platform over the entire DevOps Process ■ Everything running under one single secure identity
  • 8. Identities are key to ... Next generation databases8 7.11.2018 … expand your existing security to the cloud ■ Seamless integration of all resources into your existing secure infrastructure ■ Azure B2B is your friend for partner identities ■ Azure B2C is your friend for customer identities
  • 9. Network is key for ... Next generation databases9 7.11.2018 … performance and stability ■ The right bandwidth ■ VPN up to 1.2 Gbps ■ Express route up to 10 Gbps ■ The best latency ■ West Europe <25ms ■ Switzerland North <5ms ■ Secure connections to your database ■ VLANs ■ Firewalls
  • 10. Application Management is key for... Next generation databases10 7.11.2018 … security and governance ■ Secure the access to applications ■ Supports on- and off-boarding of users ■ Single Sign On into the entire world ■ Manage application access over the company boundaries
  • 11. KeyVault is key to … Next generation databases11 7.11.2018 … enter next level of security ■ Secure store for keys, credentials and certificates ■ BYOK ■ Allows a centralized management ■ Allow the process identity access to the key vault to get secure information at runtime ■ No need to store connection strings in code or config files any more
  • 13. Automation Demo Next generation databases13 7.11.2018 ■ Subscription ■ AD Application ■ Azure Active Directory ■ Certificate based service principal ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook POST https://github.com/TVDKoni/ARM-Base-Templates
  • 14. Next generation databases14 Resource Manager and ARM templates 7.11.2018
  • 15. Resource Manager Next generation databases7.11.201815 15
  • 16. Azure Resource Manager provides Integration Component Application Lifecycle Containment – Deployment, update, delete and status Declarative solution for Deployment – “Config as Code” Grouping – Metering, billing, quote: applied and rolled up to the group Consistent Management Layer Access Control – Scope for RBAC permissions Next generation databases7.11.201816
  • 17. ARM Templates can: • Ensure Idempotency • Simplify Orchestration • Simplify Roll-back • Provide Cross-Resource Configuration and Update Support ARM Templates are: • Source file, checked-in • Specifies resources and dependencies (VMs, WebSites, DBs) and connections (config, LB sets) • Parametrized input/output Instantiation of repeatable config. Configuration  Resource Group Power of Repeatability SQL - A Website Virtual Machines SQL-A Website [SQL CONFIG] VM (2x) DEPENDS ON SQLDEPENDS ON SQL SQL CONFIG 17
  • 18. Next generation databases18 Azure Automation 7.11.2018
  • 19. Automation key services Next generation databases19 7.11.2018 ■ Azure Active Directory ■ AD Application ■ Subscription ■ Certificate ■ Key Vault ■ Automation Account ■ Runbook ■ Storage Account ■ Webhook ■ LogicApps ■ Desired State Configuration POST
  • 20. Automation Account Next generation databases20 7.11.2018 Automation Account LogicApps
  • 23. One Identity, on-premises and in the cloud Next generation databases23 7.11.201823
  • 24. Microsoft Azure Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 20+ Data Centers Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 24
  • 25. Transparency Next generation databases25 7.11.2018 ■ Security & Compliance Center ■ Service compliance reports like Azure - ISO 27001 and ISO 27018 Audit Assessment Report ■ Trust documents provided by Microsoft ■ Shared GDPR and ISO Assessments ■ Law Enforcement Requests Report → 25
  • 26. Next generation databases26 7.11.2018 Network
  • 27. Microsoft Azure External Connectivity Options 7.11.2018 Next generation databases27
  • 28. Connectivity pricing 7.11.2018 Next generation databases28
  • 29. VPN GW S2S and ExpressRoute coexistence VPN gateway allows you to have Site-to-Site (S2S) VPN connectivity to a Virtual Network that also has a gateway connected to an ExpressRoute circuit. This enables new connectivity scenarios: You can now use S2S VPN tunnel as a backup for your ExpressRoute connection. You can connect branch offices that aren’t part of your WAN to your Azure virtual networks that are also connected via ExpressRoute. You can have Point-to-Site connections to the same Virtual Network that is also connected via ExpressRoute enabling dev/test and mobile worker scenarios. 7.11.2018 Next generation databases29
  • 30. Next generation databases30 7.11.2018 Other keys
  • 31. Naming Convention Next generation databases31 7.11.2018 Max length hostname Max length Storage Account name Character 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Name Area D Main resources Production Environment Subscription t v d 2 0 a b a tvd20aba Resource Group t v d 2 0 a b a p r s g 0 0 1 tvd20abaprsg001 Virtual Network t v d 2 0 a b a p n g w 0 0 1 tvd20abapngw001 Virtual Machine t v d 2 0 a b a p s r v 0 0 1 tvd20abapsrv001 Storage Account t v d 2 0 a b a p s t g 0 0 1 tvd20abapstg001 Test Environment Subscription t v d 2 0 a b a t tvd20abat Resource Group t v d 2 0 a b a t r s g 0 0 1 tvd20abatrsg001 Virtual Network t v d 2 0 a b a t n g w 0 0 1 tvd20abatngw001 Virtual Machine t v d 2 0 a b a t s r v 0 0 1 tvd20abatsrv001 Dependent resources VM Public IP t v d 2 0 a b a p s r v 0 0 1 p i p tvd20abapsrv001pip VM Disk t v d 2 0 a b a p s r v 0 0 1 v h d tvd20abapsrv001vhd Vm Network Interface t v d 2 0 a b a p s r v 0 0 1 n i c tvd20abapsrv001nic VM Public IP 1 t v d 2 0 a b a p s r v 0 0 1 p i p 0 1 tvd20abapsrv001pip01 VM Public IP 2 t v d 2 0 a b a p s r v 0 0 1 p i p 0 2 tvd20abapsrv001pip02 I JHA B C E F G
  • 32. Central Registries Keys, Certificates, Passwords and other stuff can have an expiry date Start manage these changes from the beginning – Information about – Expiry date – Change procedure Use KeyVault where ever possible 7.11.201832 Next generation databases
  • 34. Fun is key for ... Next generation databases34 7.11.2018 … the future ■ Fun promotes innovation ■ Fun promotes productivity ■ Fun finds and holds talents ■ Why it makes fun? ■ It’s easy ■ It’s stable ■ It’s modern ■ It works from everywhere
  • 35. Thank you Konrad Brunner Senior Consultant Tel. +41 79 960 61 49 7.11.2018 Next generation databases35