Azure Overview
Security
Billing
Identity
Storage
http://aka.ms/azdd
Networking
Compute
Agenda
OMS
Data Insights
http://aka.ms/azdd
Event Logistics
Start: 9:00 AM
Lunch: 12:00 PM
Break:3:00 PM
Finish: 4:00 PM
What to expect from today
• Lots of Azure Content
• Focused on Infrastructure
• Aimed at Configuration and Setup
6
Cloud Computing Stack
Security & Platform Services Hybrid
Management Operations
What is Azure?
Multi-Factor
Authentication Backup
Infrastructure Services
What is Azure?
The only
Productive for The cloud for The cloud you
consistent
developers intelligent apps can trust
hybrid cloud
Azure compute regions
Azure Site Recovery: Protect VMWare and Physical Servers
in Public Preview
Azure Backup Generally Available
Azure API Management Premium simplifies high availability and
massive scale for APIs
ExpressRoute for Office 365
Azure Active Directory Dynamic Membership For Groups
Automatic Password Change for Social Media Shared Accounts
Compute-Intensive A10 and A11 Virtual Machine Instances
Remote Desktop app for Windows Phone support for Gateway
and Remote Resources
Informatica Cloud Agent availability in Linux and Windows Virtual
Machines
Azure DocumentDB Hadoop Connector
Azure HDInsight support for more VM sizes
Enterprise-Grade Array-Based Replication and Disaster Recovery
with ASR and System Center GA
Azure momentum
https://docs.microsoft.com/en-us/azure/
Estimating Cloud Costs
http://azure.microsoft.com/en-us/pricing/calculator/
How we differentiate.
Hyper-scale
Enterprise Hybrid
grade Cloud
The consistent hybrid cloud
Storage Backup/DR Database App Integration
Azure Site
SQL Database Azure Service
Azure Storage Recovery &
as a Service Bus
Azure Backup
Azure
System Centre
Data SQL Server
StorSimple BizTalk Services
Protection 2016
Manager
On-premises
The consistent hybrid cloud
Identity Management Connectivity Consistency
Virtual
Operations
Azure Active Networks with
Management Azure
Directory ExpressRoute
Suite (OMS)
& VPN
Azure
Active On-premises
System Center Azure Stack
Directory network
On-premises
Power of Azure in your
datacenter
Microsoft Azure Stack is a
new hybrid cloud platform
product that enables
organizations to deliver
Microsoft Azure Stack Azure services from their
own datacenter.
Microsoft’s hybrid cloud platform
Power of Azure in your datacenter
Developers
Microsoft Azure
SQL Backup/Recovery
Management Portal SQL Backup tool for legacy
Manual Console Backup “We know that if we lost our database, we would
Managed Backups have it back up and running in a few minutes at
VPN / Encrypted Data
most with SQL Server Backup to Azure.”
Fredrik Elmqvist, Saab
Microsoft Azure
storage queue
On-Premises VPN Cortana
Enterprise VPN Device Gateway Logic Apps Analytics
Data Suite
HDInsight (Hadoop)
SQL
Transactional
SQL Data Sync
Data Azure Data Lake
Azure Batch
Apps
Data Data
Machine
Log Data Management Management 3rd Party
Azure SQL Database Learning
Gateway Service
Catalogue
Cloud
Device Data Gateway DocDB Others
Stream Analytics
Web Apps on Azure
Scenario Developer
Cloud App Discovery
Develop secure cloud apps
Using ADAL and Graph API
Azure Right
Management Service
Azure AD Application
Proxy Connectors
Active Directory,
Websites Facebook,
Autoscale Twitter,
Microsoft,
Service Authenticate Google
Service Bus Relay Instances
Mobile Apps
iOS
Android
Windows Phone On Premises
HTML 5 App
WCF Services
SAP on Azure Scenario
SAP certifications
Microsoft Azure is certified for the following SAP products, with full
support from Microsoft and SAP.
http://azure.microsoft.com/en-us/campaigns/sap/
On-Premises Guest Virtual
SAP Product Operating RDBMS Machine
Virtual Network 1Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported
for deployment in Azure
2Customers can try SAP HANA Developer Edition on Azure using the SAP
30
Securing the Platform
Infrastructure Operational Compliance
security controls security controls
Perimeter
Building
Computer room
SQL
Uses Hyper-V – a battle tested
Database and enterprise proven
hypervisor
Scrubbed Traffic
Azure monitors and
detects internally initiated
Scrubbing Array DDoS attacks and
removes offending VMs
SLB from the network
Application
Access
Control
SQL
Database
VM switch at the host level blocks
inter-tenant communication
In-transit
Data
data
destruction
protection
Protecting
your data
Data
Encryption
redundancy
At-rest data
protection
Prevent & Assume Breach
Security Team
Engaged
Event
Detected
Incident
Event Assessment Security Customer
Start Event Customer Process
Confirmed Step 1
Notification
Determine
Affected
Determine Azure
Customers
Customer Impact Customer
In-depth 9-step incident response process Notification
Focus on containment & recovery
Makes contractual commitments regarding
customer notification + provides forensics
Leadership grants
temporary privilege
Microsoft Corporate Network
Logic Tier
Regularly performs penetration testing
DOS/IDS Layer
Database Tier
!
! ! Provides coordination,
analysis of logs and VHD
images in the event of
platform-level incident
https://azure.microsoft.com/en-us/support/trust-center/
Azure covers 54 compliance offerings
Azure has the deepest and most comprehensive compliance coverage in the industry
Global
Demo
Azure Resources Management
• New Portal with dramatically
new capabilities
• ARM Templates and Deployment
• Resource Groups, Resources,
Tags and Role Based Access
Control
• ARM Policy
Subscriptions, Resource Groups and Resources
Demo
Account Management & Billing
Enterprise Enterprise Administrator
Enrolment
http://ea.azure.com
Account Owner
Account A Account B Account C
http://account.windowsazure.com/
60
Enterprise
Enterprise Administrator
Assigns other Enterprise and Department Administrators
Adds Departments or associates Accounts with the Enterprise Enrolment
Views usage and charges across all accounts and subscriptions
Can view the monetary commitment balance associated to the Enterprise Enrolment
Department Administrator
Edit their Department name and Cost Centre
Manage department admins, add / remove accounts from the Enrolment and their Departments
View Department charges (if enabled by the Enterprise Admin)
Non-Enterprise
Account Owner
Add Subscriptions to their Account
Update the Service Administrator and Co-Administrator for an individual Subscription
View usage data for their Account, and view Account charges (if enabled by the Enterprise
Administrator)
Service Administrator
Access and manage Subscriptions and resources within the Azure Management Portal
Enterprise Account Management
Portal Portal Portal
Create EA Departments, Accounts Manage Subscriptions Deploy and host applications
and Subscriptions
Enable Subscription features Download or email invoice
View monetary commit, usage
Update Service Administrators See cost breakdown / burn rate
Download daily usage .csv
Day 0 Day 1 Day 2+
Pricing Calculator Review Estimated Cost Check Cost Breakdown
TCO Calculator Add Resource Tags Check Burn Rate
Check Subscription Access Auto Shutdown VM? Check Azure Advisor
Check Spending Limits Get Invoice & Usage Data
Setup Billing Alerts
Enterprise Agreement Spending Quotas
Demo Links
Day 0 Day 1 Day 2+
Pricing Calculator Estimated Cost (show in creating VM) Cost Breakdown / Burn Rate
TCO Calculator Resource Tags (show RG blade option) Azure Advisor
Subscription Blade Shutdown VM (show RG blade option) Get Invoice
Spending Limits Get Usage Data
Billing Alerts (then Spending Limits link)
Resource Tags
BillTo
Department (or Business Unit)
Environment (Production, Stage, Development)
Tier (Web Tier, Application Tier)
Application Owner
ProjectName
EA Usage
Non-EA Usage
Azure Usage
& Billing Portal
Power BI Enterprise Content Pack
Demo Material EA Dashboard Rolling 6 Months - using AETables.pbit
Division
Arch & Design
Assembly
Engineering
Materials
Production Eng.
Shipping
Key Components of Azure
Identity and Access Management
Current State
Solution: Azure Active Directory
Windows Server
Active Directory Username
•••••••••••
Other
Directories
SaaS
Azure
It combines
Directory services
Advanced identity governance
Application access management
Rich standards-based platform for developers.
600 M
• Millions of independent identity systems controlled by
of Fortune 500 Directories
>9 M
companies use
enterprise and government “tenants.”
Microsoft Cloud
(Azure, O365, CRM user accounts on
• Information is owned and used by the controlling Online, and PowerBI) Azure AD
organization—not by Microsoft.
Every Office 365 and Microsoft Azure customer uses Azure Active Directory
Azure AD Connect
Azure AD Sync
On-premises
Sign-on
directory
User
What is a Hash?
• A one way mathematical operation that can never be reversed
17 Modulus 10 7
187 Modulus 10 7
2,141,347 Modulus 10 7
If all of these inputs generate the output of “7”, is there any way I can get
back to my original input from the Digest of “7”?
Hash and Digest
• Different Input, Different Output
• Different algorithm, Different Output
24d5f3ca57617eec1f132ed7ef7d2087152
P@ss1w0rd SHA-256 f0d512d1237a7b3e8900585906b30
Azure AD Connect & Password Hashing
Password
User
Azure AD Sync
On-premises
directory
Password Sync Backup for Federated Sign-In
User accounts
Azure AD Sync
On-premises
directory
What is Pass Thru Authentication?
2
Azure AD App
Azure AD Proxy
1 2
8 7
Contoso Corpnet
6
Connector
4
5
GS6
MR15
GS6 I don't normally like tables and lots of words in a presentation but these two slides are really good since they
can identify some simple steps for the attendees to help them decide what they should be looking at.
George Smpyrakis, 1/2/2018
What login types does it U/P, Win10/Hello U/P, WIA, Cert-based auth, U/P
support? SmartCard,
What MFA options do I Azure MFA Azure MFA, Azure On-premises Azure MFA
have? MFA, 3 party MFA (RSA, Safenet,
rd
User Identity
synchronization
Pass-through Seamless
authentication SSO
Authentication passed to
Windows Server Active Directory
via Pass-through authentication
Pass-through
authentication agent
Microsoft Azure
Active Directory
User Identity +
Password Hash
synchronization
Microsoft Azure
Active Directory
Security
Token
Service
6
1 Token returned to the
User Name 25 Connector returns
notified
user
and or further proofs
password
User (MFA) are initiated
of request
result
Contoso Corpnet
4 DC
3 Connector
returns
result
validates the
credentials
Connector
against AD
How seamless SSO works with Pass-through authentication and Password hash synchronization
Microsoft Azure
Active Directory
Security Token
Service
Contoso Corpnet
5
1
6
2 Token
User returned
sends
enters
401 response toto
ticket
their tothe userAD
Azure
username
get or further
a Kerberos ticket proofs (MFA) are initiated
STS
User 4
3 User
AD returns
requests
Kerberos
a Kerberos
ticketticket
Choosing the User sign-in method for your organization
PHS and
I need to PTA with SSO AD FS
SSO
https://www.contoso.com
Microsoft Azure
Active Directory
DMZ
Corporate
Network
http://intranet
Single sign-on to any app
OTHER DIRECTORIES
Microsoft Azure
Monitor:
• The Azure AD Connect sync engine health
• ADFS infrastructure health
• On-premises AD Domain Services health
AAD Connect Health
• Enterprise-compliant services
Intune/MDM
• SSO from the desktop auto-enrollment
• MDM auto-enrollment
Windows 10 Azure AD
joined devices
• Support for hybrid environments
Azure Active Directory Identity Protection
• Use the power of Identity Protection in PowerBI, SIEM and
other monitoring tools
Infected Leaked
devices Configuration credentials
vulnerabilities
Brute force Suspicious sign-
attacks in activities
Security/Monitoring/Reporting
Notifications Solutions
Data Extracts/Downloads
Reporting APIs
X X X X X
Reporting API
X X X X X
Queues
Reliable queues at
scale for cloud
services
What is a Storage Account?
Hot Cool
GS9 Need to add Archival to this Archival is now GA Also the storage names have changed to General purpose V1
and V2
George Smpyrakis, 1/2/2018
Disk Storage Tiers
Standard Premium
Disk type Hard Disk Drive (HDD) Solid State Drive (SSD)
Disk Failures
Read only
Generally Available
Low-cost Blob storage
As low as $0.01 per gigabyte
Archive on-premises data to cloud
HOT TIER
Azure
Folders
Azure Storage (Blob)
Files
Disks StorSimple
COOL TIER
Bitlockered Bitlockered
HDD HDD
• Agentless backup
• No shut down of VM required
• No On-Premises resources required
• Perform scheduled daily or weekly backups
Azure Backup Architecture
Azure
SC DPM/
Azure Backup Server
Azure Backup
(SaaS service)
Windows Hyper-V
Server IaaS VM backup
Replicate and protect physical, VMware, AWS and Hyper-V VMs to Azure
• Migration cutovers to Azure in as little as minutes
• Automated asset discovery and migration
• On the fly conversion of source VM
• Auto-provisioned target Azure VM’s
• Near zero downtime and data loss
• Failback to VMware infrastructure from Azure
Azure Site Recovery
Azure
Enables recovery of Hyper-V, VMware, and
physical servers to Azure or your
secondary datacenter
On-premises/cloud Datacenter
Replication & Migration of workloads
Heterogeneous Platform Support
Migration
DR Service
Replication
Cloud
Physical Servers Virtual Storage
Machines
Test Failover
(or Failover)
Test Failover
(prior to
migration)
Enhanced capacity
Planning and
Monitoring
Capacity Planning
VM readiness for DR and Migration
to Azure
Churn profiling
Bandwidth/Throughput
measurement
Storage, Compute and bandwidth
requirements
Monitoring
Enhanced event reporting
Enhanced replication health
monitoring with Log Analytics
Enable integration with custom
solutions
Enhancements for
App-Aware DR
SQL Always-ON Integration
Discovery and failover
Available in new Azure portal
First class support for
Resource groups
Availability sets
NSG, Public IP
Enhanced support for Internal Load
balancers
Networking
Start Here -> Azure Virtual Networks (VNET)
(10.1.0.0/16)
(10.1.1.0/24) (10.1.2.0/24)
(10.1.3.0/24) (10.1.4.0/24)
Microsoft Confidential
Azure Virtual Networks- Usage Scenarios
• Option 1: As a protected private virtual network in the cloud
• Allows customers to set up secure private IPv4 networks fully
contained within Microsoft Azure
Microsoft Confidential
Hybrid Cloud -Virtual Networks
Network
Network configuration
Admin
CorpOffice
Deployment
IT Admin package
(10.1.0.0/16)
(10.0.0.0/16)
(10.1.1.0/24) (10.1.2.0/24)
GWSubnet (10.1.2.101)
(10.1.5.0/24)
131.57.23.45
GW IP (10.1.3.0/24) (10.1.4.0/24)
65.57.23.45
10.0.0.21 10.0.0.20
Microsoft Confidential
Hybrid Networking Scenarios
Cloud Customer Segment & Workloads
On-premises VPN
Gateway Virtual Network
Hardware VPN or
Windows RRAS
Your datacenter
Microsoft Confidential
Virtual Network and ExpressRoute
Public Public
internet internet
Public
internet
Hybrid Networking Scenarios
Cloud Customer Segment & Workloads
What is ExpressRoute?
GS8 I think the ER peering slide is still one that is needed at this level so people understand the difference between
private and Public peering. https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings
George Smpyrakis, 1/2/2018
Public, Private and Microsoft peering
What is Azure Network Watcher?
Internal Azure
backbone network
No gateway
High bandwidth,
Low latency
Virtual DMZ
Networking
• Reserved IPs
• Multiple NIC’s
• Forced Tunneling
• Network Security Groups
• Virtual Network Appliances
• Multiple load balanced IPs per VM
• Create virtual networks with private or public IP ranges
• IPv6 in most regions
• Accelerated Networking (Preview)
• High performance S2S VPN gateways (200Mbps vs 100Mbps)
Compute
What are Azure Virtual Machines
F NV NC
Compute
Optimized GPU
L High H
Storage Performance
Optimized Compute
Series and Scale-up options
A AV2 D DV2 F G L N H
Nested
Virtualisation in
Azure
Dv3 and Ev3 VM’s
Run a virtual machine within another virtual
machine
Development, testing, training, demonstration
Marketplace images
Microsoft
Open Source
MR21 PUt in notes about what we are trying to protect against - eg Rack, Cluster,
Mark Rhodes, 1/11/2018
VM Availability Sets
• Update domains are honored by host OS updates
Virtual Machine Scale Sets
What are VM Scale Sets
Demo
Operations Management Suite
Log Analytics Monitor and analyze the availability
and performance of different
resources including physical and
virtual machines.
OMS
Log Analytics
HTTPS
Hybrid
CentOS Oracle Ubuntu
On-Premises Windows OMS Repository
Debian RHEL SLES Events,
Any Cloud Properties,
Performance
184
The View From Above – Azure Services
Activity Log IoT Hub
Application Gateway Key Vault
Application Insights Load Balancer OMS
Automation Logic App
Log Analytics
Office 365
Batch Service Network Security Group
Azure Cognitive Services Search
Containers Service Bus
Data Lake Store Service Fabric Cluster
Event Hubs SQL Database
HDInsight HBase Web App/Farm
HTTPS
Hybrid
CentOS Oracle Ubuntu
On-Premises Windows OMS Repository
Debian RHEL SLES Events,
Any Cloud Properties,
Performance
Hybrid
CentOS Oracle Ubuntu
On-Premises Windows OMS Repository
Debian RHEL SLES Events,
Any Cloud Properties,
Performance
Excel
Active Directory Security & Audit
Collector API Search API
Antimalware Service Map
Solution Capacity & Performance SQL Server
Packs Change & File Tracking Update Management
Network Performance VMWare Monitoring
Operations Manager Wire Data
Ingest logs from Export
any device or app to any app 187
The View From Above – Alert Remediation
Activity Log IoT Hub
Application Gateway Key Vault
Application Insights Load Balancer OMS Email
Automation Logic App
Log Analytics
Office 365 Webhook
Batch Service Network Security Group
Azure Cognitive Services Search
Containers Service Bus
Automation
Data Lake Store Service Fabric Cluster
Event Hubs SQL Database Alerts
Excel
Active Directory Security & Audit
Collector API Search API
Antimalware Service Map
Solution Capacity & Performance SQL Server
Packs Change & File Tracking Update Management
Network Performance VMWare Monitoring
Operations Manager Wire Data
Ingest logs from Export
any device or app to any app 188
Azure App Service
and DevOps
What are Azure Web Apps?
Max 3 10 20 100
Instances
Custom Supported Supported Supported Supported Supported
Domain
Autoscaling Supported Supported Supported
Network Supported
Isolation
Price Free $0.013 $0.15 $0.20 $0.30 $0.40
Azure App Service
What is an Azure SQL Database?
On-
Premises
Co-Lo
Before cloud
Which packages should
be on my server? How can I increase server utilization?
Azure
Functions
Google
Cloud
Functions
IBM
OpenWhisk
Strong growth
1) Trigger 2) Input Binding 3) Develop 4) Execute 5) Output Binding
Web
Hooks
App Services
Hosting Plans
Azure Services Azure Services Azure Services
7) Develop Locally
Developer IDE
Build + Test Build/CI
Release/CD
Deploy
Monitor
Monitor + Learn
Team Collaboration
Test
Developer IDE
Build + Test Build/CI
Deploy
Configuration
Monitor + Learn
Monitor
Team Collaboration
Release
Test
Real devices,
real quality
• Ensure higher quality by testing on
real devices
• Automate app testing on over 2,000
real devices
• Use C#, Ruby, or Cucumber to build
automated tests
• Integrates with any continuous
integration system
Transform data into intelligent action
Information Big Data Stores Machine Intelligence
Management Learning and People
Data
Sources Analytics
Machine Cognitive
Data Factory Data Lake Store
Learning Services
Mobile
HDInsight
Event Hubs (Hadoop and Cortana Apps
Spark)
Bots
Sensors
and Stream Dashboards &
devices Analytics Visualizations Automated
Systems
Power BI
Data
Data Lake
Analytics
HDInsight
(Hadoop and
Spark)
• Analyze data of any kind and size • Managed and supported with an enterprise-grade SLA
• Develop faster, debug and optimize smarter • Dynamically scales to match your business priorities
• Interactively explore patterns in your data • Enterprise-grade security with Azure Active Directory
• No learning curve—use U-SQL, Spark, Hive, HBase and Storm • Built on YARN, designed for the cloud
Bringing the Power of Big Data to everyone
Information Big Data Stores Machine Learning Intelligence
Data Management and Analytics
People
Sources
Machine Cognitive
Data Factory Data Lake Store
Learning Services
Apps HDInsight
(Hadoop and Mobile
Event Hubs Cortana
Spark) Apps
Dashboards &
Visualizations
Sensors Automated
and Power BI Systems
devices
*IDC study “The Business Value and TCO Advantage of Apache Hadoop in the Cloud with Microsoft Azure HDInsight”
Introducing Azure Data Lake
YARN YARN
HDFS
VMWare
HYPER-V HYPER-V
VMWare
Security and Audit
240
What next?
Get started
http://aka.ms/azuredd
(slides)
http://aka.ms/try-azure
(new offer)
https://www.microsoft.com/en-us/azureessentials
Certifications
https://azure.microsoft.com/en-
us/training
Massively Open Online Courses (MOOCs)
Free and easily Build and demonstrate Learn on your Apply and validate
accessible your capability own time your skills
Fundamentals Nov 22 Microsoft Azure Fundamentals Microsoft Azure for AWS Experts
Core IaaS Nov 22 Microsoft Azure Virtual Machines Microsoft Azure Networks Microsoft Azure Identity Microsoft Azure Storage
Learn more about our new digital badges for certified professionals
Get Started Today!
Explore MOOCs Get Started with Exams Transform
• Bookmark https://openedx.microsoft.com/ to access • Go to https://azure.microsoft.com/en-us/learn/skills/ • Visit the Azure Skills Readiness Page for detailed
online courses anytime. Check back often – new to learn more and click to purchase the $99 or $279 information, resources and program updates.
courses added monthly! offer.
• Review Gavriella Schuster’s Azure Skills Readiness
• Look for two emails. One for your exam and replay Blog to learn more about why.
voucher and the other for your practice test. Follow
redemption instructions for each.
• Register and schedule your exams, then enter your
voucher code during checkout.
• Learn more about our new certification badges
Get started
Visit azure.microsoft.com
http://aka.ms/azdd
http://aka.ms/try-azure
Thanks!