orin thomas @orinthomas [email protected]
TRANSCRIPT
![Page 1: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/1.jpg)
![Page 3: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/3.jpg)
Perimeter Network
![Page 4: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/4.jpg)
Screened Subnet
![Page 5: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/5.jpg)
Not exposed to Internet
Perimeter network Internal Network
Externalfirewall
Internalfirewall
Some exposureto Internet
![Page 6: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/6.jpg)
Not exposed to Internet
Perimeter network Internal Network
Externalfirewall
Internalfirewall
Some exposureto Internet
![Page 7: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/7.jpg)
This model isno longer relevant
![Page 8: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/8.jpg)
This model isbroken
![Page 9: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/9.jpg)
Workloads are increasingly virtualized.
This includes perimeter network workloads.
![Page 10: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/10.jpg)
Assumes people “inside” the perimeter always have the
organisation’s best interests in mind
![Page 11: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/11.jpg)
When servers were serversand virtualization was something
that happened on mainframes
![Page 12: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/12.jpg)
Model worked in the 90’s
![Page 13: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/13.jpg)
Assumes that computers and devices inside the perimeter have
not been compromised
![Page 14: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/14.jpg)
Exposed to Internet
Not exposed to Internet
Perimeter network Internal Network
Externalfirewall
Internalfirewall
![Page 15: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/15.jpg)
(Almost) assumes an “on prem” model of critical infrastructure
deployment
![Page 16: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/16.jpg)
Also not relevant as more resources are being moved into
the cloud
![Page 17: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/17.jpg)
Domain Isolation Policies
![Page 18: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/18.jpg)
What was the goal of perimeter networks?
![Page 19: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/19.jpg)
To host services that require exposure to the Internet and the
internal network
(Bastion Hosts)
![Page 20: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/20.jpg)
Typical perimeter network workloads:• Proxy services
• Email gateway• Websites
• DNS• Remote access• Appliances
![Page 21: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/21.jpg)
Hosts usually have public IP addresses
(unless NAT shenanigans)
![Page 22: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/22.jpg)
Can’t virtualize everything (yet)
![Page 23: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/23.jpg)
If you can’t virtualize it, you can’t move it to Azure
![Page 24: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/24.jpg)
Significant savings in migrating workloads off perimeter network
into Azure
![Page 25: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/25.jpg)
Not just about money:Simplify deploymentIncreased security
Increased availabilityEasy access to public IP address
![Page 26: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/26.jpg)
Don’t have to migrate everything
to save money
![Page 27: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/27.jpg)
First: Assess Perimeter Network Workloads
![Page 28: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/28.jpg)
Easy to migrate
• Web sites / applications
• Email gateway• DNS
![Page 29: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/29.jpg)
Difficult to migrate:
• Remote Access • Appliances• Proxy Servers
![Page 30: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/30.jpg)
Azure as Perimeter Network
![Page 31: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/31.jpg)
Some exposureto Internet
Not exposed to Internet
Azure Internal Network
Externalfirewall
![Page 32: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/32.jpg)
Understanding Azure Public IP Addressing
![Page 33: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/33.jpg)
Understanding Azure Endpoints
![Page 34: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/34.jpg)
Understanding Host Level Firewalls
![Page 35: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/35.jpg)
Understanding Azure Virtual Networks
![Page 36: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/36.jpg)
Azure Point to Site VPN
Azure
![Page 37: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/37.jpg)
Azure Site-to-Site VPN
Azure
![Page 38: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/38.jpg)
Moving workloads to Azure
Virtualize Migrate
Azure
![Page 39: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/39.jpg)
Manual Migration• Upload VHDs to Azure• Build workload in Azure and migrate
data
![Page 40: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/40.jpg)
Automate Migration:Microsoft Migration Accelerator
for Azure
![Page 41: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/41.jpg)
Can migrate the following to Azure:
• Physically deployed computers• VMware• Hyper-V• AWS
![Page 42: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/42.jpg)
Automated migration:
• Automatically discover workloads from cloud
• Auto-provisioned target Azure VMs• Validate migrated workload in cloud
before cutover
![Page 43: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/43.jpg)
Supports multi-tier applications
• Automatically migrate multi-tier production systems with application level consistency orchestrated across tiers
• Application startup order kept in place without requiring special configuration
![Page 44: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/44.jpg)
Can discover Microsoft workloads
• Exchange• SQL Server• File Server• SharePoint• IIS
![Page 45: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/45.jpg)
Use continuous replication to minimize cutover period
• MA for Azure supports full system replication including OS and application data
• Continuous replication and in-memory change tracking reduces cutover to minutes rather than hours
![Page 46: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/46.jpg)
Migration Profiler
• Helps determine the size, activity and performance requirements of workloads
• Ensures correct Azure templates are being used prior to migration
• Monitors change rates, replication differential, asset health and more.
![Page 47: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/47.jpg)
How it works
MA
Azure subscription
CS MT
PS
![Page 48: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/48.jpg)
Workloads to migrate
MA
Azure subscription
CS MT
PS
Mobility Service agent installed on source servers.Performs real-time data capture and sync to target servers
![Page 49: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/49.jpg)
Process Server (On Prem)
Azure subscription
MA
Server (physical or virtual). Manages communication Between agents and target VMs in Azure
![Page 50: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/50.jpg)
Organizational Azure Subscription
MA
Azure subscription
CS MT
PS
![Page 51: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/51.jpg)
Configuration Server (Azure VM)
MA
Azure subscription
CS MT
PS
Azure VM which manages communication between Master Target and Migration Accelerator (MA) Portal
![Page 52: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/52.jpg)
Master Target(Azure VM)
MA
Azure subscription
CS MT
PS
Azure VM which hosts target for replicating disks of on-prem servers
![Page 53: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/53.jpg)
MA Portal
MA
Azure subscription
CS MT
PS
Multitenant portal that can discover, configure protection,and migrate on-prem workloads to Azure
![Page 54: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/54.jpg)
Migration Accelerator Support MatrixArea Limits
Operating Systems • Windows Server 2008 R2 SP1• Windows Server 2012• Windows Server 2012 R2
Platforms • Physical• VMware VM (ESX/ESXi/vSphere/vCenter 4.x or 5.x)• AWS• Hyper-V VM
OS Disk 127 GB
Data disks 16 disks, maximum 1 TB per data disk
Network Single VM NIC
Cluster No support for guest cluster (Azure has other HA options)
http://blogs.technet.com/b/srinathv/archive/2014/09/17/prerequisite-and-support-matrix-microsoft-migration-accelerator-for-azure.aspx
![Page 55: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/55.jpg)
Deploying Migration Accelerator
1. Azure account2. Sign up for MA Preview3. Receive MA Portal URL, User ID & Password4. Install Configuration Server in Azure VM5. Install Master Target in Azure VM6. Install Process Server on-prem7. Register MA Account to Azure account8. Start on-prem resource discovery
• R
![Page 56: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/56.jpg)
The Future• Virtual appliances designed for Hyper-V,
VMware, and AWS deployable to Azure• More roles supported in Azure
![Page 57: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/57.jpg)
Related content
DCI 307 Getting Foxy with Azure IAAS
![Page 58: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/58.jpg)
Track resources
Resource 1
Resource 2
Resource 3
Resource 4
![Page 59: Orin Thomas @orinthomas orin@windowsitpro.com](https://reader035.vdocuments.net/reader035/viewer/2022062314/56649d745503460f94a54cd4/html5/thumbnails/59.jpg)
Thanks! Don’t forget to complete your evaluations
aka.ms/mytechedmel