fundamentals of managing and securing your sles workloads ... · fundamentals of managing and...

Fundamentals of managing and securing your SLES workloads on AzureScott Woodgate, Sr. Director, Product Marketing, Microsoft AzureShankar Sivadasan, Sr. Product Marketing Manager, Microsoft Azure

Welcome to City Power & Light

City Power and Light migration and modernization journey

App

Infrastructure

Data

Security | Management

Why Azure for SUSE workloads?

>95%of Fortune 500 use

Microsoft Azure

54Azure regions

Benefits of running SUSE workloads on Azure

Metrics Log

Optimized ExperienceAccess the latest and most advanced technologies– from Azure optimized SLES kernels to Cloud Application Platform with Azure Kubernetes service

Enterprise Support24x7 global, collaborative support.SLES for SAP and SLES for HPC are certified to run on Azure.

Flexible PricingBring your own license. Or use on-demand pay-as-you-go pricing. Or use Azure reservations for SUSE software appliance

Your choice at every level

Applications

Management

Databases andmiddleware

App frameworksand tools

DevOps

Step 1 - Rehost

Admin

Internet

Resource Group

Dev Subnet

Azure Virtual Machine

Virtual Network

PublicIP

On Premises Azure

Local Dev Box

Web Tier

API Tier

Data Tier

Demo- Rehost

Step 2 - Refactor

Admin

Internet

Resource Group

Dev Subnet

Azure Virtual Machine

Virtual Network

PublicIP

Cosmos DB(Mongo DB API)

Blob Storage

Redis Cache

Step 2 - Refactor

Admin

Internet

Resource Group

Dev Subnet

Azure Virtual Machine

Virtual Network

PublicIP

Cosmos DB(Mongo DB API)

Blob Storage

Redis Cache

Demo- Refactor

Challenges with moving to AzureBuilt-in Azure services options to keep your Azure and hybrid resources secure and well-managed

How do you set policies and control cloud spend?

How do you ensure that your environment is secure?

Governance in Azure

Development IT Governance

Traditional approach needs rethinking

Speed Control

Speed versus control

Built-in modern governance

Templates

Policies

RBAC

BlueprintsManagement

Groups

Cost Management

Resource Graph

Speed Control

Development IT Governance

Speed and control

Azure Cost Management

Native within Azure Portal, on by default with improved experience

Monitor cloud usage and spend in a single, unified view

Extend cost management to PowerBIor to your custom applications

Now available in preview on Azure portal for EA customers

Securing your Azure and hybrid resources

Unique Intelligence

Built-in Controls

$1B+ annual investmentsOver 3500 security expertsTrillions of diverse signals

Gain unmatched security

Simplify security management with Azure services

Microsoft Antimalwarefor Azure

Azure MonitorLog Analytics

Azure Security CenterVNET, VPN, NSG

Application Gateway(WAF), Azure Firewall

DDoS ProtectionStandard

ExpressRoute

Encryption (Disks, Storage, SQL)

Azure Key Vault

Confidential Computing

Azure Active Directory

Multi-Factor Authentication

Role Based Access Control

Azure Active Directory(Identity Protection)

+ Partner Solutions

Data protection

Network security

Threat protection

Identity & access management

Security management

Introducing Microsoft Azure Sentinel

Collect

DetectRespond

Limitless cloud speed and scale

Faster threat protection with AI

Bring your Office 365 data for free

Easy integration with your existing tools

Investigate

Cloud-native SIEM for intelligent security analytics for your entire enterprise

Security data across your enterprise

Rapidly and automate protection

Threats with vast threat intelligence

Critical incidents guided by AI

Azure Security and Azure Governance Demo

Challenges with moving to Azure

Governance Security

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Cost ManagementPolicy

Blueprint

Step 3 - Rearchitect

Admin

Internet

Resource Group

Mgmt Subnet

Jumpbox

Document DB(Mongo DB API)

Blob Storage

Redis Cache

Public Load

Balancer

SSH (whitelisted IP)

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

City Power and Light – Management Add-ons

Governance Security

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Cost ManagementPolicy

Blueprint

How do you know if you have architected it right?

Is there a way to create a repeatable and reliable process?

Resiliency

Delivering resilient applications in Azure

Azure Backup Availability Sets, Zones and Region Pairs Azure Site Recovery

Architecting for high availability in Azure

VM SLA99.9%

VM SLA99.95%

VM SLA99.99%

Regions54

Disaster recovery

Single VMProtection with Premium Storage

Availability setsProtection against failures within datacenters

Availability zonesProtection from entire datacenter failures

Site Recovery & Region pairsProtection from disaster with Data Residency compliance

AZs available across US, Europe and Asia… more regions coming soon

Industry-only High availability SLA

Automation in Azure

Simplify cloud management from the command line

Automation

Orchestrate

Runbooks & FunctionsUse functions, logic apps or runbooks to automate and deliver reliable and repeatable solutions

Script

Azure Cloud ShellUse PowerShell or Bash to operate your infrastructure and apps with scripts authored in languages including Python, Node.js and .NET

Azure Resource ManagerDeliver repeatable and consistent infrastructure as code with VM extensions and resource manager templates

Provision

Enable consistent delivery and operations of cloud quickly and easily

Automation and Resiliency Demo

City Power and Light – Management Add-ons

Governance Security

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Cost ManagementPolicy

Blueprint

Availability Zones

Backup

Azure Site Recovery

Resiliency Automate

ARM templates

Azure Cloud Shell

Jenkins

City Power and Light – Management Add-ons

Governance Security

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Cost ManagementPolicy

Blueprint

Availability Zones

Backup

Azure Site Recovery

Resiliency Automate

ARM templates

Azure Cloud Shell

Jenkins

How can you detect and troubleshoot issues?

Monitoring your applications and infrastructure

Azure Monitor

Metrics Log

Common Store

Built-in telemetryA common platform for all metrics, logs and other monitoring telemetry

Data driven insightsAdvanced querying and analytics powered by machine learning capabilities

Partner integrationRich ecosystem of popular DevOps, issue management, SIEM, and ITSM tools

Full observability for your infra, app and network

Metrics

Logs

Stores

Application Container VM Monitoring Solutions

Insights

Dashboards Views Power BI WorkbooksVisualize

Metrics Explorer Log AnalyticsAnalyze

Alerts AutoscaleRespond

Event Hubs Ingest & Export APIs

Logic AppsIntegrate

Application

Infrastructure

Network

Custom

Azure Monitor

Demo – Azure Monitor

City Power and Light – Management Add-ons

Governance Security

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Cost ManagementPolicy

Blueprint

Availability Zones

Backup

Azure Site Recovery

Resiliency Automate

ARM templates

Azure Cloud Shell

Jenkins

Monitoring

Azure Monitor

Azure Advisor

City Power & Light – Global, Scalable and Resilient

Resource Group (East US)

Mgmt Subnet

Jumpbox

Redis Cache

Public Load Balancer

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

Admin

Internet

Traffic Manager

Resource Group (West US)

Redis Cache

Public Load Balancer

Mgmt Subnet

Jumpbox

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

Cosmos DB App Storage CDN

Resource Group

Turn on Security and Management for your Azure workloadsMigrate with confidence

Azure Monitor

Azure Advisor

Azure Security Center

Azure Sentinel

Azure Firewall

Azure Key Vault

Policy

Cost Management

Blueprint

ARM templates

Azure Cloud Shell

Jenkins

Ansible

Resiliency Governance Security MonitoringAutomate

Availability Zones

Backup

Azure Site Recovery

© Copyright Microsoft Corporation. All rights reserved.

Thank you.

Appendix

Glo

bal

US

Gov

Indu

stry

Regi

onal

Azure: Trusted

54Azure regions

Migration and Modernization Journey

SaaSCloud-nativeRebuild/New Replace

Migration drivers

Migration drivers

Step 3 - Rearchitect

Admin

Internet

Resource Group

Mgmt Subnet

Jumpbox

Document DB(Mongo DB API)

Blob Storage

Redis Cache

Public Load

Balancer

SSH (whitelisted IP)

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

Towards the future - Multi region deployments

Resource Group (East US)

Mgmt Subnet

Jumpbox

Redis Cache

Public Load Balancer

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

Admin

Internet

Traffic Manager

Resource Group (West US)

Redis Cache

Public Load Balancer

Mgmt Subnet

Jumpbox

Web Subnet

Virtual Machine Availability Set

Virtual NetworkAPI Subnet

Virtual Machine Availability Set

Internal Load Balancer

Cosmos DB App Storage CDN

Resource Group