Kako uklopiti oblak u svoju postojeću infrastrukturu?Tomica Kaniški

CITUS d.o.o.tomica@kaniski.info

Agenda• Windows Azure Networking

• Windows Azure Virtual Machines

• Windows Azure Backup

• Windows Azure Hyper-V Recovery Manager

Windows Azure Pricing Calculator• http://www.windowsazure.com/en-us/pricing/calculator/

Windows Azure Networking

Secure Site-to-Site Network Connectivity

Windows Azure Virtual Network

Secure Site-to-Site Network Connectivity

Windows Azure Virtual Network

Windows Azure Hybrid and Connectivity Options

Windows Azure ENTERPRISE

Data Synchronization

SQL Data Sync

Application-Layer Connectivity &

Messaging Service Bus

Secure Machine-to-Machine Network

ConnectivityWindows Azure Connect

http://msdn.microsoft.com/en-us/library/windowsazure/jj156007.aspx

Corpnet

Windows Azure Virtual Network• Your “virtual” branch office /

datacenter in the cloud• Enables customers to extend their

Enterprise Networks into Windows Azure

• Networking on-ramp for migrating existing apps and services to Windows Azure

• Enables “hybrid” apps that span cloud/premises

• A protected private virtual network in the cloud

• Enables customers to setup secure private IPv4 networks fully contained within Windows Azure

• IP address persistence

Subnet 2

Subnet 1

Virtual Network Features• Customer-managed private virtual networks within Windows

Azure• “Bring your own IPv4 addresses”• Control over placement of Windows Azure Roles within the network• Stable IPv4 addresses for VMs

• Hosted VPN Gateway enables site-to-site connectivity• Automated provisioning & management• Support existing on-premises VPN devices

• Use on-premise DNS servers for name resolution• Enables customers to use their on-premise DNS servers for name

resolution• Enables VMs running in Windows Azure to be joined to corporate

domains running on-premise (use your on-premise Active Directory)

The Branch Office

The Corp. HQ

IIS Servers

AD / DNS

SQL Servers

Exchange

The „virtual” branch office

The Virtual Network

in Windows AzureS2S VPN Device

S2S VPN Device

S2S VPN tunnel

Gateway

S2S VPN tunnel

Example: Contoso’s Deployment

The Corp. HQ (10.0.0.0/16)

Contoso Test in Windows Azure

(10.2.0.0/16)

Contoso Production VNet in Windows Azure (10.1.0.0/16)

S2S VPN Device

IIS Servers

AD / DNS

SQL Farm

ExchangeBRK Gateway

S2S VPN tunnels10.0.0.1010.0.0.11

131.57.23.120

10.2.2.0/24

10.2.3.0/24

10.2.2.0/24

10.2.3.0/24

65.52.249.2210.1.0.4 10.1.1.4

Supported VPN Device List

Platform OS Family Examples

SRX Series Routers JunOS 10.2+ 210, 650

J Series Routers JunOS 9.4+ 4350

ISG Series Routers ScreenOS 6.2+ SX2

SSG Series Routers ScreenOS 6.2+ 550

Cisco JuniperPlatform OS Family Examples

ASA 5500 Series (Adaptive Security Appliances)

ASA Software 8.4+

5505, 5550

ASR 1000 Series Aggregation Services Routers

IOS XE 2.1+ 1002

ISR Series Integrated Services Routers

IOS 12.2+ 2801, 2901, 2911

Generic VPN devices must support:• IKE v1

• AES 128, 256• SHA1, SHA2

http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx

Gateway redundancy and availability• Only single IPsec tunnel supported per Virtual Network• Gateway tenant on Azure side has 2 instances (active-passive

mode)• Only one public IP(v4) address for tunnel establishment• A pair of VPN devices can be a redundant pair using industry

standard protocols• HSRP• VRRP

DEMOWindows Azure Networking (Site-to-Site VPN)

Site-to-Site VPN with MikroTik… (yes, it works )

Windows Azure Virtual Machines

New Disk Persisted in

Storage

Cloud

Cloud First ProvisioningSelect Image and VM SizeGetting Started

Management Portal

>_Scripting

(Windows, Linux and Mac)

REST API

Boot VM from New DiskWindows Server

Linux

Extra SmallSmallMediumLarge X-Large

Supported Windows Server Applications

http://support.microsoft.com/kb/2721672

Virtual Machine Sizes

Compute Instance Name CPU Cores Memory Price per hour

Extra Small (A0) Shared 768 MB $0.02 (~$15/month)

Small (A1) 1 1.75 GB $0.09 (~$67/month)

Medium (A2) 2 3.5 GB $0.18 (~$134/month)

Large (A3) 4 7 GB $0.36 (~$268/month)

Extra Large (A4) 8 14 GB $0.72 (~$536/month)

A5 2 14 GB $0.40 (~$298/month)

A6 4 28 GB $0.80 (~$596/month)

A7 8 56 GB $1.60 (~$1,192/month)

VM disk layout (1)OS Disk• Persistent• SATA• Drive C:

VM disk layout (2)Temporary Storage Disk• Local (Not Persistent)• SATA• Drive D:

VM disk layout (3)Data Disk(s)• Persistent• SCSI• Customer Defined

Letter

Some tips on BYO Images• Sysprep and “Generalize” is expected• Do NOT put unattend.xml on the disk• Do NOT install the Windows Azure Integration Components!

DEMOWindows Azure Virtual Machines (Portal + App Controller)

Active Directory (on a VM) in Azure? (1)• AD is Supported in Windows Azure Virtual Machines• Capture/Imaging is not supported with DCs• To make a new DC provision a VM and run promote it to be a DC

• Consider cost and deploy according to requirements• Inbound traffic is free, outbound traffic is not• Standard Azure outbound traffic costs apply

• Nominal fee per hour for the gateway itself• Can be started and stopped as you see fit (if stopped, VMs are isolated

from corporate network )• RODCs will likely prove more cost effective

Active Directory (on a VM) in Azure? (1)

The Virtual Networkin Windows Azure

Gateway

SQL ServersIIS Servers

Load BalancerPublic IP

Site to Site VPN Tunnel

On Premises Resources

Contoso Corp Network

IIS Servers

AD / DNS

SQL Servers

Exchange

S2S VPN Device

Contoso.com Active Directory

AD / DNS

AD Auth

Extranet Active Directory

Windows Azure Backup

Windows Azure Backup• Peace of mind – your server is backing up to the cloud!

• Simple to manage• familiar backup tools in Windows Server 2012 R2, Windows Server

2012 R2 Essentials, and the System Center 2012 R2 Data Protection Manager

• Efficient and flexible• incremental backups – only changes to files are transferred to the

cloud• efficient use of storage, reduced bandwidth usage, offers point-in-time

recovery of multiple versions of data• configurable data retention policies, data compression and data

transfer throttling

• How-to („a bit out-of-date” )• http://

blogs.msdn.com/b/mvpawardprogram/archive/2012/11/12/configuring-online-backup-for-windows-server-2012.aspx?wa=wsignin1.0

DEMOWindows Azure Backup

Windows Azure Hyper-V Recovery Manager

Windows Azure Hyper-V Recovery Manager• SaaS application• Hybrid service that allows you to automate and orchestrate

your DR solution

DEMOWindows Azure Hyper-V Recovery Manager

Agenda• Windows Azure Networking

• Windows Azure Virtual Machines

• Windows Azure Backup

• Windows Azure Hyper-V Recovery Manager

Thank you!

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.