cloud camp: infrastructure as a service advance workloads
TRANSCRIPT
Cloud Valley CTOP-TSP AzureMicrosoft MVP
About me35, Married from Yavne, Israel
Cloud Valley CTOP-TSP AzureMicrosoft MVP
Asaf Nakash
https://il.linkedin.com/in/nakash
https://www.facebook.com/nakashon
https://github.com/nakashon/
US DoD West
US DoD East
8
West Europe
Germany Northeast**
Germany Central**
United Kingdom West United Kingdom South
North Europe
"Microsoft’s comprehensive hybrid
story, which spans applications and
platforms as well as infrastructure, is
highly attractive to many companies,
drawing them towards the cloud in
general.”
LYDIA LEONG,
GARTNER
Industryvalidation
Microsoft a Leader in Gartner Magic QuadrantsPublic Cloud IaaS (May 2015) Cloud Storage (June 2015) Enterprise Application PaaS (Jan 2014) X86 Server Virtualization (July 2014)
Azure ComplianceAzure has the largest compliance portfolio in the industry
United
StatesHIPAA /
HITECH
FedRAMP
JAB P-ATO
FIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS21 CFR
Part 11
IRS 1075 Section
508 VPAT
IndustryISO 27001 PCI DSS Level 1SOC 1 Type 2 SOC 2 Type 2 ISO 27018Cloud Controls
Matrix
Content Delivery and
Security Association
Shared
Assessments
RegionalEuropean Union
Model Clauses
United
Kingdom
G-Cloud
Singapore
MTCS Level 3
Australian
Signals
Directorate
Japan
Financial
Services
China Multi
Layer Protection
Scheme
China
CCCPPF
New
Zealand
GCIO
China
GB 18030ENISA
IAF
>90,000New Azure customer subscriptions/month
1.5Trillion
Messages per month processed by Azure IoT
>500Million
Users in Azure Active Directory
777Trillion
Storage Transactionsper day
>1.5Million
SQL Databases running on Azure
>40%Revenue from
Start-ups and ISVs
Azure momentum
A cloud you can trust
“Businesses and users are
going to embrace technology
only if they can trust it.”
At Microsoft, we never take your
trust for granted
• We are serious about our
commitment to protect customers in
a cloud first world.
• We live by standards and practices
designed to earn your confidence.
• We collaborate with industry and
governments to build trust in the
cloud ecosystem.– Satya Nadella
Cloud computing patterns
Azure Automation
Operational Insights
Direct DSC and PowerShell
Migration and DR
Identity
INTERNET
Internet IP addresses and load balancing
LB
Reserved IPs can move!
User Defined Routes (UDR)
Multiple NICs in Azure VMs
Connect via an encrypted link over public internet
CUSTOMERSITE
INTERNET / VPN GATEWAYS
MICROSOFT CLOUD
PUBLICINTERNET
EXCHANGE PROVIDER
PUBLICINTERNET
MICROSOFT CLOUD
NETWORK SERVICE PROVIDER
WAN
MICROSOFT CLOUD
VPN Gateways for virtual network
VIRTUAL NETWORK
GATEWAY SKU
EXPRESSROUTE GW
THROUGHPUT
VPN GW
EXPRESSROUTE
COEXISTENCE
VPN GW
THROUGHPUT
VPN GW
MAX IPSEC TUNNELSCOST (USD) / HOUR
BASIC 500 MBPS NO 100 MBPS 10 $0.04
STANDARD 1000 MBPS YES 100 MBPS 10 $0.19
PERFORMANCE 2000 MBPS YES 200 MBPS 30 $0.49
NOT
Network Security Groups
INTERNET
VIRTUAL NETWORK
VIRTUAL NETWORK
VIRTUAL NETWORK
BlobsSimple named files
along with metadata
for the file.
Microsoft Azure Storage
Highly durable and scalable
Multiple copies of your data
Financially backed SLAs
Storage for objects, tables, drives
Supports REST APIs
Availability and DR: Local Redundancy
West DCEast DC > 400 miles
Microsoft Azure StorageDefend against regional disasters.
Geo replication
Availability and DR: Geo-replication
Azure storage types
Locally Redundant Storage (LRS)
Zone Redundant Storage (ZRS)
Geographically Redundant Storage (GRS)
Read-Access Geographically Redundant Storage (RA-GRS)
How it works Makes multiple synchronous copies of your data within a single datacenter
Stores three copies of data across multiple datacenters within or across regions. For block blobs only
Same as LRS, plus multiple asynchronous copies to a second datacenter hundreds of miles away
Same as GRS, plus read access to the secondary datacenter
Total copies 3 3 6 6
Why use it For economical local storage or data governance compliance
An economical, higher durability option for block blob storage
For protection against a major datacenter outage or disaster
Provides read access to data during an outage, for maximum data availability and durability
Availability SLA 99.9% read/write 99.9% read/write 99.9% read/write 99.9% write 99.99% read
https://azure.microsoft.com/en-us/pricing/details/storage/
Premium storageVirtual machine
Diskprovisioning
Diskprovisioning
SSD provisioning
VM/network provisioning Server SSD
Premium storage blobs
Temporary drive guidance
http://blogs.technet.com/b/dataplatforminsider/archive/2014/09/25/using-ssds-in-azure-vms-to-store-sql-server-tempdb-and-buffer-pool-extensions.aspx
Azure virtual machine
C:\OS disk
E:\,F:\, etc.data disks
D:\temporary disk
Disk cache
Oracle CouchDBDB2Postgres MongoDBCassandra
RavenDB
Azure data management offerings
MySQL RedisDocumentDB
Relational No-SQL
MySQL
Postgrese
SQL DB
Introducing: Azure Security Center
Enable security
at cloud speed
Gain visibility
and control Detect cyber
threatsIntegrate partner
solutions
Provides a unified view of security across all your Azure subscriptions
Makes it easy to understand your security posture, including vulnerabilities and
threats detected
Integrates security event logging and monitoring, including events from partners
APIs, SIEM connector and Power BI dashboards make it easy to access, integrate,
and analyze security information using existing tools
Gain visibility and control
Set security policies for subscriptions and resource groups
Monitor the security state of resources –quickly identify vulnerabilities
Gain insight into the security state of subscriptions in Power BI
Access security data in near real-time from your Security Information and Event Management (SIEM)
Public Preview
Export Logs
Log
Analytics/
SIEM
Azure Diagnostics
Azure
Storage
Rehydrate:
“Forwarded Events”
Flat files (IIS Logs)
CEF formatted logs
Azure Log
Integration
Standard Log Connector
(ArcSigt, Splunk, etc)
Azure APIs
Enable agility with security
Tailors security recommendations based on the security policy defined for the
subscription or resource group
Guides users through the process of remediating security vulnerabilities
Enables rapidly deployment of security services and appliances from Microsoft
and partners (firewalls, endpoint protection, and more)
Prioritized recommendations take the guesswork out of security for resource owners
Integrate partner solutions
Recommends and streamlines provisioning of partner solutions
Integrates signals for centralized alerting and advanced detection, including fusion
Leverages Azure Marketplace for commerce and billing
Closes security gaps created by disconnected point solutions
Easily deploy security solutions from partners and automatically integrate logs
Continuously analyzes security data from your Azure virtual machines, Azure
services (like Azure SQL databases), the network, and connected partner solutions
Leverages security intelligence and advanced analytics to detect threats more
quickly and reduce false positives
Creates prioritized security alerts that provide insight into the attack and
recommendations on how to remediate
Detect cyber threats
Prioritized security alerts provide details about the threat detected and suggests steps to remediate
Alerts that conform to kill chain patterns are fused into a single incident
In-memory malware and exploit detected using crash analysis
Outbound SPAM detected using machine learning and threat intelligence
Resource groups
What is RBAC
•Allows secure access with granular permissions to
resources
•Assignable to users, groups or service principals
•Built-in roles make it easy to get started
Role Definitions
• Describes the set of permissions (e.g. read actions)
• Can be used in multiple assignments
Role Assignments
• Associate role definitions with an identity (e.g.
user/group) at a scope (e.g. resource group)
• Always inherited – subscription assignments
apply to all resources
MICROSOFT ANALYTICS
THIRD PARTY OR ON-PREM TOOLS
ANALYZEDOWNLOAD
VIRTUAL NETWORK
Thank you!
Cloud Valley CTOP-TSP AzureMicrosoft MVP
Asaf Nakash
https://il.linkedin.com/in/nakash
https://www.facebook.com/nakashon
https://github.com/nakashon/