pritam pabla technology solutions specialist hybrid cloud ... · • unlimited oses, hyper-v...
TRANSCRIPT
• Pritam Pabla
• Technology Solutions Specialist Hybrid Cloud
▪
▪
▪
▪
•
•
•
▪
▪
▪
Velocity | Complexity | Costs | Processes
Business Landscape
Business Goals
Customer satisfaction
Operational / Cost efficiency
Employee productivity
Managing risk
IT Needs
Deliver on security and compliance expectations
Mitigate IT staff and skill resources constraints
Optimize IT budgets
Improve IT agility
Market Trends
Accelerating shift to cloud services
Expanding quantity of data
Increasing mobility and bring your own devices trends
Growing demand for business analytics
Changing world of business
SII
WINDOWS, LINUX
AZURE, AWS,
PRIVATE CLOUDS
Modern IT investments
PACKAGINGDEVOPS TOOLING
PATCHING
CONFIG MONITORING
ORCHESTRATION
ALERTSDISCOVERYANALYTICS
SUBSCRIPTIONCOST POLICY
BACKUP RECOVERY
DETECT PREVENT
Microsoft hybrid IT management
Private or hosted third-party cloud,
Rackspace, etc.
VMware WINDOWS
LINUX
HYPER-V WINDOWS
LINUX
VMware WINDOWS
LINUX
HYPER-V WINDOWS
LINUX
Public cloud
Azure or AWS
Simplified guest and workload management, both on-premises and in the cloud
MicrosoftOperations Management Suite
On-premises with Windows Server, Azure Stack, System Center
WINDOWS
HYPER-VWINDOWS
VMWareWINDOWS
Microsoft IT Infrastructure Products New in 2016
▪ Windows Server 2016 – Datacentre & Standard
▪ System Center Suite 2016 – Datacentre & Standard
▪ System Center Configuration Manager (SCCM) 1511 to 1610
▪ Microsoft Identity Manager 2016
▪ Operations Management Suite (OMS)
▪ Azure Active Directory Premium – “Identity glue”
Windows Server 2016Windows Server 2016
What we heard from customers
Security at the OS level
• Increasing breaches incidents
• Identity is target of attacks
• Complex to secure virtual environments
Software-defined Datacenter (SDDC)
Cloud-ready Application Platform
• Lack of integration between solutions
• Hard to deploy and operate
• Low footprint server
• No integration between Dev and Ops
• Fast and lightweight OS
• Hard to plan for public cloud
Windows Server design points
The cloud-ready server operating system (OS) that delivers new layers of security and Azure-inspired innovation for applications and infrastructure
Security at the OS level
• Built-in security capabilities
• Identity protection
• Secure the virtualization platform
Software-defined Datacenter (SDDC)
Cloud-ready Application Platform
• Built-in SDDC capabilities
• Affordable and enterprise ready
• Azure-inspired infrastructure
• Built-in containers
• Lightweight Nano Server option
• Bring licenses to Azure
Challenges in protecting credentials
Protect against compromised admin credentials
Prevents Pass the Hash and Pass the Ticket attacks by
protecting stored credentials through Virtualization
based Security (VBS)
Administration Limits administrative privileges to the bare-minimum required set of actions (limited in space)
Works in conjunction with Credential Guard for RDP session providing SSO for RDP sessions while eliminating the need for credentials to be passed to the RDP host
Administration Provide privileged access through a workflow that is audited and limited in time
Identity Manager = JEA + JIT
✓ If there are fewer permanent admins, then less
opportunity for attackers to compromise
✓ Some users have only occasional needs for admin rights
✓ Apply Privilege Access Management against your current
AD environment
✓ Privileged user account lifecycle and monitoring
✓ In-box elevation workflows including automatic, manual
and MFA
✓ Plug-in and customize for your environment
Protection of the Operating System
Code Integrity
Windows Defender
Control Flow Guard
Virtual Machine – easy of access!Here’s what happens today when malicious fabric-admins want data from a VM…
1. Logon and run Disk Manager
2. Attach the customer’s VHDX
3. Assign it a drive letter
4. Read/copy whatever they want
Shielded Virtual Machine - Blocked AccessHere’s what happens when they try that with a shielded VM…
1. Logon and run Disk Manager
2. Attach the customer’s VHDX
3. Get irritated at the barrage of
error messages
Protection for Virtual Machines
Shielded VMs
Host Guardian Service
Generation 2 VMs
✓
✓ ✓
✓
✓
✓
✓
✓
Windows Server design points
The cloud-ready server operating system (OS) that delivers new layers of security and Azure-inspired innovation for applications and infrastructure
Security at the OS level
• Built-in security capabilities
• Identity protection
• Secure the virtualization platform
Software-defined Datacenter (SDDC)
Cloud-ready Application Platform
• Built-in SDDC capabilities
• Affordable and enterprise ready
• Azure-inspired infrastructure
• Built-in containers
• Lightweight Nano Server option
• Bring licenses to Azure
CapabilityWindows Server 2012/2012 R2
Standard and Datacenter
Windows Server 2016
Standard and Datacenter
Physical (Host)
Memory Support
Up to 4 TB per
physical server
Up to 24 TB per
physical server (6x)
Physical (Host) Logical
Processor SupportUp to 320 LPs Up to 512 LPs
Virtual Machine
Memory Support
Up to 1 TB
per VM
Up to 12 TB
per VM (12x)
Virtual Machine Virtual
Processor Support
Up to 64
VPs per VM
Up to 240 VPs
per VM (3.75x)
Windows Server 2016 Hyper-V scalability
Confidently virtualize anything
Rolling Cluster Upgrades
Linux support
Hot-add and remove
Software defined networking
Network Controller
Distributed Firewall
Load Balancer
High performance storage, fraction of the cost
Storage Spaces Direct
Storage Spaces Replica
Storage QoS
FS
Windows Server design points
The cloud-ready server operating system (OS) that delivers new layers of security and Azure-inspired innovation for applications and infrastructure
Security at the OS level
• Built-in security capabilities
• Identity protection
• Secure the virtualization platform
Software-defined Datacenter (SDDC)
Cloud-ready Application Platform
• Built-in SDDC capabilities
• Affordable and enterprise ready
• Azure-inspired infrastructure
• Built-in containers
• Lightweight Nano Server option
• Bring licenses to Azure
Nano Server deployment option
Just enough OS
Key roles & features
Full developer experience
Containers and next-gen applications Full GUI
Specialized workloads
Third-party applications
RDS experience
Server Core
Lower maintenance
server environment
Traditional VM workloads
Nano Server
Just enough OS
Nano Server performance advantages
2
8
23
Critical Patches
3
6
11
Reboots
11
26
34
Ports Open
0.41
6.5
10.4
VHD Size (GB)
40
300
1140
Setup Time (s)
Remotely Managing Nano Server
Not Command Line only • Server Manager
• Hyper-V Manager
• Failover Cluster Manager
• PerfMon, Event Viewer, etc.
• Server Management Tools (SMT) – new web-based remote GUI
• PowerShell Core
What is a container?
Traditional virtual machines = hardware virtualization
VM VM VM VM VM
…
Containers = Operating system virtualization
CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER
…
OS
Containers - Docker World
Static website
Web frontend
User DB
Queue Analytics DB
Background workers
API endpoint
nginx 1.5 + modsecurity + openssl + bootstrap 2
postgresql + pgv8 + v8
hadoop + hive + thrift + OpenJDK
Ruby + Rails + sass + Unicorn
Redis + redis-sentinel
Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs
Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-client
Development VM
QA server
Public Cloud
Disaster recovery
Contributor’s laptop
Production Servers
Production Cluster
Customer Data Center
Microsoft - Containers
Windows Server ContainerBring the agility and density of containers
to the Windows ecosystem, enabling agile
application development and deployment
Hyper-V ContainerOffer a unique additional level of isolation
for sensitive applications with no additional
coding required
What is a container?
• A new approach to build, ship, deploy, and instantiate applications
• Unlimited OSEs, Hyper-V containers, and Windows Server containers in Datacenter Edition
• Up to 2 OSEs or Hyper-V containers and unlimited Windows Server containers in Standard Edition
Benefits of Containers
• Further acceleration of app deployment
• Reduce effort to deploy apps
• Streamline development and testing
• Lower costs associated with app deployment
• Increase server consolidation
Windows Server ContainersCreation, deployment, and management
Physical/Virtual Servers
Windows Server 2016 – Licensing, feature differentiation & Servicing
• Previously per socket, now per core
• Won’t change cost if you have 16 or fewer cores on a server
• For more than 16, now might have to buy an extra license
• Example: a server with 2 processors, each at 8 cores will be the same cost
• Example: a server with 2 processors, each at 16 cores will now cost double
Window Server 2016 LicensingLicensing cores based on consumption
Introducing the Azure Hybrid Use Benefit (HUB)BenefitsUse Windows Server licenses in Azure datacenters when covered by Software Assurance.
In Azure, pay only for the base virtual machine service utilization.
Datacenter edition can be run in Azure and on-premises simultaneously.
Significantly reduce costs compared to running Windows Server in other public clouds.
DetailsLicenses required to have Software Assurance.
Each 2-processor Windows Server Datacenter or Standard edition allows up to two Windows Server VMs on Azure at 8 cores each.
Note: D4 Virtual Machine = 8 cores, 28GB RAM, 400GB Disk.
Pricing comparison assumes EA Level D pricing.
Datacenter
Edition
Standard
Edition
Core Windows Server
functionality • •
OSEs*/Hyper-V containers Unlimited 2
Windows Server containers Unlimited Unlimited
Nano Server** • •
Host Guardian Service • •
Storage features including
Storage Spaces Direct and
Storage Replica•
Shielded Virtual Machines •
Networking stack •
*OSE refers to a server Operating System Environment. Windows Server Standard Edition license
permits two OSEs or VMs when all physical cores are licensed.
**Software Assurance is required to deploy and operate Nano Server in production.
Windows Server 2016 feature differentiation
Standard and Datacenter editionsDelivers enhancements to core Windows Server functionality.
Makes modern app development features accessible.
Datacenter EditionContinues to enable high density virtualization.
Adds advanced software-defined datacenter capabilities, new networking stack and Shielded Virtual Machines.
Why choose an OEM Server license?
Simplest, most cost-effective license for many businesses
License reassignment to other server hardware (with some licenses)
Same downgrade and virtual machine portability rights as with volume licensing
Your one-stop shop for hardware, OS, and CALs
OS and drivers pre-tested and optimized for your hardware -and supported by the OEM
• This is the traditional servicing model Windows Server has always used
• Two Windows Server 2016 installation options use this model
Long Term Servicing Branch (LTSB) servicing model
• Nano Server will be CBB only
• What does this change?
• What doesn’t this change?
Current Branch for Business (CBB)
Recap: Windows Server 2016
The cloud-ready server operating system (OS) that delivers new layers of security and Azure-inspired innovation for applications and infrastructure
Security at the OS level
• Protection to Identity
• Secure the virtualization platform
• Built-in layers of security
Software-defined Datacenter (SDDC)
Cloud-ready Application Platform
• Affordable & Enterprise ready
• Learnings from Azure
• Built-in SDDC capabilities
• Support to containers
• Built-purpose OS
• AHUB eases transition to Cloud
System Center Suite 2016 & Operations Management Suite
(OMS)
Virtual Machine ManagerVM & cloud management, infrastructure provisioning
Operations ManagerInfrastructure & application monitoring & alerting
Data Protection ManagerContinuous protection of key applications & workloads
Service ManagerIT Service Management & IaaS Self-ServiceOrchestrator
Integration & automation of key technologies & processes
Configuration ManagerOS Deployment, Software Updates, Compliance & Reporting Endpoint Protection
Protect the infrastructure against malware & rootkits
System Center 2016
System Center 2016 - Benefits
• Device Management• Support for Windows 10 deployments, MDM enrollment with Azure AD, Access restriction based on device
enrollment and policy
• Provisioning• Support for Windows Server 2016 Hyper-V features, Rolling cluster upgrades, Simplified networking, Shielded VM
provisioning, Guarded host management, Support for vCenter 5.5
• Monitoring• Nano Server, Windows storage, SMI-S support, MP Catalog, Performance improvements, Enhanced Data
Visualization, SCOM Partner Program
• Automation• Migration to cloud, SCO Integration Packs and Runbooks
• Self-Service• Improved usability and perf, HTML5 self-service portal, New Exchange connector
• Data Protection• Azure Express Route support, Shielded VM, Storage spaces direct
*OSE refers to a server operation system environment under management by System Center.
System Center 2016 editions and featuresDatacenter
Edition
Standard
Edition
OSEs*/Hyper-V containers Unlimited 2
Windows Server containers Unlimited Unlimited
Configuration Manager • •
Operations Manager • •
Data Protection Manager • •
Virtual Machine Manager • •
Service Manager • •
Orchestrator • •
Endpoint Protection Manager • •
Microsoft System helps you realize the Microsoft Cloud OS vision by delivering unified management across customer, service provider, and Azure datacenters.
Introducing Operations Management Suite
Private or hosted third-party cloud,
Rackspace, etc.
VMware WINDOWS
LINUX
HYPER-V WINDOWS
LINUX
VMware WINDOWS
LINUX
HYPER-V WINDOWS
LINUX
Public cloud
Azure or AWS
MicrosoftOperations Management Suite
On-premises with Windows Server, Azure Stack, System Center
WINDOWS
HYPER-VWINDOWS
VMWareWINDOWS
Insight &
AnalyticsGain visibility across your
hybrid enterprise cloud
Azure Operational
Insight for Log
analytics
Automation
& ControlOrchestrate complex
and repetitive
operations
Azure
Automation
Protection &
RecoveryEnsure data integrity and
application availability
Azure Backup.
Azure Site Recovery
for Disaster Recovery
Security &
ComplianceSecure your workloads,
servers, and users
Azure Operational
Insight for Security
analytics
Operations Management Suite (OMS) components
Microsoft Azure Stack
Microsoft Azure Stack
Azure Services in your datacenter
Azure services from their own datacenter.
* - some components will be in Preview at Azure Stack GA
Legend
= Available at Azure Stack GA
= In preview at Azure Stack GA
Microsoft Azure Regions36 Azure regions worldwide
100 + datacenters
One of 3 largest networks in the world
*Operated by 21 Vianet
**German data trustee services
provided by T-systems
Central US
East US
North Central US
Brazil South
West Europe
Japan East
South India
Southeast
Asia
Australia Southeast
Australia East
Central India
West India
Japan West
East Asia
China West*
North Europe Germany
Northeast**Canada East
Canada Central
South Central US
China East*
Germany Central**
Korea South
East US 2
Korea Central
United Kingdom West
United Kingdom
South
West Central US
US Gov
US Gov
US DoD East
US DoD
WestVienna
Finland
Chile
Asia
Accelerated time to value
• From concept to operations in days, not months
• Help developers be productive much faster
Enriched lifecycle management
• Greater quality and system reliability
• Focus on delivering Azure services, not operations
Continuous innovation
• Newest services and fastest updates
• No disruption to tenant availability or experience
Plus other hardware vendors
https://azure.microsoft.com/en-gb/overview/azure-stack/try/
Microsoft Azure Stack - Technical Preview 2
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.