faizan khan cloud solution arhitect @whoisfaizan microsoft ... architecture.pdfdelivering...
TRANSCRIPT
Session Objectives And TakeawaysSession Objective(s): Outline Azure security and market position
Determine when to pick one Azure service over the other
Identify the architectural considerations around some of the major Azure services
Have a sensible discussion around tough technical architectural questions.
Key Takeaway 1Understand the various architectural considerations around some of the most common competing services in Azure
Key Takeaway 2Be able to have a meaningful discussion when it comes to designing a solution to run on Azure. Each solution has pros and cons, knowing the trade-offs is what is important.
Operations
Security
Assurance
HIPAA/
HITECH
CJISSOC 1
201220112010
SOC 2
FedRAMP
P-ATO
FISMA
ATO
UK G-Cloud OFFICIAL
2013 2014 2015
ISO/IEC
27001:2005
CSA Cloud
Controls
Matrix
PCI DSS
Level 1
AU IRAP
Accreditation
Singapore
MCTS
ISO/IEC
27018EU Data
Protection
Directive
CDSA
// Trustworthy
Secure Access & Isolation
Access via VPN or Express route
Network, Storage, SQL Isolation,
Intrusion detection & DoS prevention
RBAC & Access Control
RBAC, Least Privilege / Just-in-Time (JIT) Access
Active Directory, Two Factor Authentication
Vulnerability Scanning, Security Logs
Security Development Lifecycle
Operations Security
Assume Breach, Incident Response
Encryption & Data Protection
Data Segregation, Protection At-rest and In-transit
Encryption in Transit & at Rest, Key Vault Service
Data Residency, Redundancy, Destruction
Ongoing Compliance Certification
cloud services independently validated through certifications and attestations, as well as third-party audits
More compliance certifications than any other cloud
x86 Server virtualization Cloud PaaS
Public cloud storage services BI and analytics platforms Social software in the workplace Sales force automation
Gartner “Magic Quadrant for x86 Server Virtualization Infrastructure,” by Thomas J. Bittman, Mark A. Margevicius, Philip Dawson, July 2, 2014 Gartner “Magic Quadrant for Cloud Infrastructure as a Service,” by Lydia Leong, Douglas Toombs, Bob Gill, Gregor Petri, Tiny Haynes, May 28, 2014 Gartner “Magic Quadrant for Enterprise Application Platform as a Service,” by Yefim V. Natis, Massimo Pezzini, Mark Driver, David Mitchell Smith, Kimihiko Iijima, Ross Altman, January 7, 2014
Gartner “Magic Quadrant for Business Intelligence and Analytics Platforms,” by Rita L. Sallam, Joao Tapadinhas, Josh Parenteau, Daniel Yuen, and Bill Hostmann, February 20, 2014
Gartner “Magic Quadrant for Public Cloud Storage Services,” by Gene Ruth, Arun Chandrasekaran, July 9, 2014 Gartner “Magic Quadrant for Social Software in the Workplace,” by Nikos Drakos, Jeffrey Mann, Mike Gotta, September 3, 2014 Gartner “Magic Quadrant for Sales Force Automation,” by Robert P. Desisto, July 15, 2014
Cloud IaaS
These graphics were published by Gartner, Inc. as part of larger research documents and should be evaluated in the context of each entire document. The Gartner documents are available upon request from Microsoft.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
Database Management System
Gartner “Magic Quadrant for Operational DBMS,” by Donald Feinberg, Merv Adrian, Nick Heudecker, Adam M. Ronthal, Terilyn Palanca, October 12, 2015
Gartner has named Microsoft a leader in eight Magic Quadrants for cloud-based solutions based on its ability to execute and completeness of vision.
… Designing a multi-tenant,partition-tolerant solution running on an abstraction against commodity hardwareat Internet scale, composed of multiple services
Evolving services to hyper-scale
Delivering hyper-scale services requires a radical restructuring
of technology, processes, and people
Enterprise IT Hyper-Scale
10,000
Custodians
Directional
Pull
Physical
Process
Fixed Cost
Siloed
Loose
Overhead
Regional
Seats
Talent
Data Quality
Data Access
Assessment
Supply Chain
Budget
Architecture
Application integration
Infrastructure
Reach
1,000,000,000
Designers
Foundational
Push
Statistical
Strategic
Rates
Integrated
Tight
Enabler
Global
Custom
Manual
Infrastructure
MTBF
Hardware
Audit
Impacting
99.999%
Primary/Backup
Weeks
UI
Hardware
Deployment
Availability
Operability
Reliability
Security
Network downtime
Network availability
Design
Deployment time
System admin
Commodity
Automated
Service
MTTR
Software
Intrinsic
Irrelevant
99.9%
Active/Active
Minutes
API
Enterprise IT Hyper-Scale
Platform Services
Security & Management
Infrastructure Services
Web Apps
MobileApps
APIManagement
APIApps
LogicApps
NotificationHubs
Content DeliveryNetwork (CDN)
MediaServices
HDInsight MachineLearning
StreamAnalytics
DataFactory
EventHubs
MobileEngagement
ActiveDirectory
Multi-FactorAuthentication
Automation
Portal
Key Vault
BiztalkServices
HybridConnections
ServiceBus
StorageQueues
Store /Marketplace
HybridOperations
Backup
StorSimple
SiteRecovery
Import/Export
SQLDatabase
DocumentDB
RedisCache Search
Tables
SQL DataWarehouse
Azure AD Connect Health
AD PrivilegedIdentity Management
OperationalInsights
CloudServices
Batch Remote App
ServiceFabric Visual Studio
ApplicationInsights
Azure SDK
Team Project
VM Image Gallery& VM Depot
Mobile ServicesWebjobsWorker Role
Microsoft Azure Competing ServicesN
etw
ork
ing
Cach
ing
Dep
loym
ent
(DevO
ps)
Service Bus RelayVNET
Hybrid Connections Express Route End Point
Traffic Manager
Redis Cache
Cloud Services Scheduler
Mobile Services
VSO Build
Websites Web Jobs
Websites
Co
mp
ute
Web Role Scheduler
Tables DocDB HDInsightNoSQLSto
rag
e
Queues Storage Service Bus Event Hubs
Release Management
PowerShell DSC Docker
Search
Batch
SQL Database
Puppet Chef
Microsoft Azure Compute Services
Mobile ServicesWebjobs
Worker RoleCloud Services Scheduler
Mobile Services Websites Web JobsWebsitesC
om
pute
Web Role
Scheduler
Worker Role Batch
Web Apps
Azure AD Application
Proxy Connectors
HTTP LOB App
Windows Server AD/ADFS
Multiforest
DirSync/AADSync/password writeback
On Premise User Remote User
Azure AD Premium
Azure Right
Management Service
Cloud App Discovery
Custom sing-on
experienceUsers see and launch
cloud apps
Developer
Develop secure cloud apps
Using ADAL and Graph API
Mobile Apps
Mobile Apps
iOS
Android
Windows Phone
Websites
Service Bus Relay
HTML 5 App
WCF Services
On Premises
Notification Hub
Autoscale
Service Instances
Store App Data
SQL DB, Table Storage and 3rd
party data stores available in the Azure Store
Authenticate
Active Directory, Facebook, Twitter, Microsoft, Google
Send Push Notification to Every Device
Windows Phone (MPNS)
iOS (APNS)
Android (GCM)
Windows Store (WNS)
Disaster Recovery
On premise
SQL database
(generic)Azure SQL Database
Microsoft
Azure
Virtual Machines
continuous sync
server VHD
only in disaster event
Azure Site
Recovery
Traffic Manager
switch over only in disaster event
A DR pattern that works in the public cloud with
providing the best RTO, RPO and costs.
Keep storage up to date (RTO, RPO)
and boot infrastructure only in DR event (costs).
Microsoft Azure Storage Services
Tables DocDB HDInsightNoSQLSto
rag
e
Queues Storage Service Bus Event Hubs Azure Search SQL Database
Azure Data Platform
Ingest
VPN
Gateway
Cloud
Gateway
EventHub
ExpressRoute
SQL Data Sync
Data
Management
Service
Process
Data Factory
Logic Apps
Virtual Machines
Worker Role
Stream Analytics
Azure Data
Catalogue
Azure Batch
On-Premises
VPN Device
On-Premises
File Data
IOT
Transactional
Data
Had
oo
pSQ
L
Device Data
Log Data
Ap
ps
Stream Data
iOS/
And
roid
MPLS
Enterprise
Data
MP
P/A
PS
Data
Management
Gateway
Store / Process
DocDB
storage blob
storage table
storage queue
MySQL Database
Azure SQL Data
Warehouse
HDInsight (Hadoop)
Azure Data Lake
Azure SQL Database3rd Party
Others
Analyze / Visualize
MachineLearning
PowerBI
CortanaAnalytics
Suite
Microsoft Azure Networking Services
Netw
ork
ing
Service Bus Relay
VNET
Hybrid Connections Express RouteEnd Point
Traffic Manager
Design Goals• Avoid the “Not Invented Here” Syndrome
• Reuse existing services whenever possible
• Find reasons to be the same rather than different
• Keep it simple• Scalable services are very difficult to build
• Question complexity if there is a simpler way to accomplish the same thing
• Read public information • Research similar services
• Understand the reasons for their choices
• Don’t blindly copy what they did
SQL Server Hybrid Cloud Scenarios
SQL DevelopmentPublishCompareSyncImport / ExportRegister / Unregister
Management Portal
VPNDispersed Teams
Microsoft Azure
SQL Backup/Recovery
SQL Backup tool for legacyManual Console BackupManaged Backups
Management Portal
VPN / Encrypted Data
Microsoft Azure
SQL Business ContinuityPrimary SecondaryAsynchronous Commit
Console 2014 / Scripts 2012
VPN
BackupAvailability GroupsPeriodic SnapshotsGeo Replication
Disaster Recovery
Powering BI Apps
Microsoft Azure
Resourceshttp://aka.ms/cloudpatterns
http://aka.ms/azurelimits
http://aka.ms/documentdb
http://aka.ms/migratetoredis
http://azureplatform.azurewebsites.net/en-us/
In Review: Session Objectives And Takeaways
Determine when to pick one Azure service over the other
Identify the architectural constraints around some of the major Azure services
Have a sensible discussion with your customer when faced with tough technical architectural questions.
Key Takeaway 1Understand the various architectural constraints around some of the most common competing services in Azure
Be able to have a sensible discussion with your customers when it comes to designing a solution to run on Azure
API MANAGEMENT
Monetizedigital assets
Transformproduct to platform
Createcontent channels
DriveInternal agility
Publishing access to this data as an API allows organizations to monetize these existing assetsE.g. Fantasy Data, ESPN, US News & World Reports, New York Times
Exposing core product functionality as an API introduces licensing and ecosystem opportunitiesE.g. Salesforce, Bluegarden, SpeakToIt
Enable IT or developers quickly build apps without spending months customizing existing systems across agenciesE.g. MSIT
Allow third-party content syndication on partner websitesCreates opportunities for new digital distribution channelsE.g. Washington Post, Wellmark
AZURE API MANAGEMENT
Publisher portal
Proxy
Developer PortalDevelopers
Apps
Publisher/Admin
Can be hosted anywhere and authored in any language on any platform.
Media Services
MEDIA
CREATION
PROCESS
DELIVER
CONSUME
Reach your audience
Caching
Content encryption/decryption
Dynamic packaging
iOS, Android, Windows, XBOX
UPLOAD ENCODE PACKAGE ENCRYPT CONTENT MONITOR ENCODE AD PROCESS
Content Delivery
Network (CDN)
Media Services
Streaming Service
Delivery of Multiple Formats
To virtually any device
Pre Recorded Media
Live Streaming Events Live & On Demand Streaming
with integrated CDN
Content Protection
Encoding, Packaging,
and Indexing
Cloud Upload & Storage
Player
Clients