260 likes | 512 Views
Windows Azure for IT Pros. Kurt CLAEYS (TSP Windows Azure, Microsoft EMEA). “What IT pros need to know about Azure”. Agenda. Azure overview Create a hybrid environment with Azure Virtual Network Federated authentication with AD / ADFSv2 / ACS Monitoring Azure roles with SCOM VMRole.
E N D
Windows Azure for IT Pros Kurt CLAEYS (TSP Windows Azure, Microsoft EMEA)
Agenda • Azure overview • Create a hybrid environment with Azure Virtual Network • Federated authentication with AD / ADFSv2 / ACS • Monitoring Azure roles with SCOM • VMRole
infrastructure as a service (hardware) • Servers available in the cloud • platform as a service (developer) • Delivery of a OS for custom, cloud enabled apps • Support for service hosting and interoperability • Relational data storage in the cloud • software as a service (end users) = BPOS • Exchange online • Sharepoint online • Dynamics CRM online SAAS IAAS PAAS
Virtual Network Storage Compute Access Control Service Bus Caching Reporting Database Data Sync
Create a hybrid environment with Azure Virtual Network • Hybrid = Apps in Azure need to be able to communicate with on premises machines and vice versa. • Virtual Network = enabling direct IP-based network connectivity between machines, abstracting where the machine are located. • Scenarios : • Connect to an on-premises SQL Server database • Domain-join Windows Azure services to local Active Directory
Azure Virtual Network Network policy managed through portal : “which machine can access which machine” Web/Worker VM Role Azure Connect Gateway Azure Connect Gateway IPV6 address IPV6 address Corporate FIREWALL On Premise Machine opening https outbound on firewall is enough ! SQL Server Azure Connect Gateway IPV6 address
Azure AppFabric Access Control • Helps you build federated authorization into your applications and services. • Declarative model of rules and claims. • Supports different identity-management infrastructures. • Bridges • Active Directory identity stores on premises (ADFS v2) • Services using Windows Identity Framework
Authentication – Authorization - Rules identity providers Azure ACS rules Facebook ID Claims authorization Redirect login ADFS2 authentication WebApp
Federation of identities contoso fabrikam ADFSv2 ADFSv2 Claimset owned by fabrikam Claimset owned by contoso Azure ACS AD AD My Claimset My WebApp
VMROLE • Ability to upload your own customized WS2008R2 Enterprise images. • Full control over the OS image, install whatever you want on it. • You can remote desktop into the OS. • Target scenarios : • Need to use apps/libraries with no unattended setup. • Dev/Test on premises ... Production on Azure. • Scale out ! • Instances are behind loadbalancer, one public IP per service. • No durability of OS image on hardware failure. • With VM Role, the customer creates & maintains the OS. • Paying model = Paying model of current web/workerrole. • Uses differencing disks to upload deltas to image.
Web/Worker Role • The virtual image is already there, ... you upload your app, ... Azure places this app on the image and runs the image. virtual image app app Visual Studio Azure development environment • VM Role • You upload the complete virtual image with all apps installed, ... Azure runs the image virtual image virtual image Hyper-V app app Azure development environment
<?xml version="1.0" encoding="utf-8"?> <ServiceDefinition name="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition"> <VirtualMachineRole name="VMRole1" vmsize="Medium"> <Imports> <Import moduleName="Diagnostics" /> </Imports> <ConfigurationSettings> <Setting name="ConnString" /> </ConfigurationSettings> <Endpoints> <InputEndpoint name="Endpoint1" protocol="tcp" port="9876" localPort="12345" /> </Endpoints> </VirtualMachineRole> </ServiceDefinition> <?xml version="1.0" encoding="utf-8"?> <ServiceConfigurationserviceName="DemoX" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="1" osVersion="*"> <Role name="VMRole1"> <Instances count="2" /> <ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" /> <Setting name="ConnString" value="Foo" /> </ConfigurationSettings> <OsImagehref="baseimage.vhd" /> </Role> </ServiceConfiguration>
VMRole Lifecycle • Create a .vhd in Hyper-V manager, install W2008 R2 as OS. • Install whatever roles, features and apps you want on it. • Turn of automatics updates. • Install Windows Azure VM Role Integration Components. • Run sysprep.exe and bring it down. • Upload the .vhd to Azure (needs a certificate). • Deploy a service configuration (Visual Studio, Managament Portal or Management API PS commandlets).
System Center Operation Manager - Azure • Management pack enables Operations Manager customers to monitor the availability and performance of applications that are running on Windows Azure. • Discovery of Windows Azure applications. • Status of each role instance. • Collection and monitoring performance information. • Collection and monitoring of Windows events. • Collection and monitoring of the .NET Framework trace messages from each role instance. • Change the number of role instances.
Stay up to date with TechNet Belux Register for our newsletters and stay up to date:http://www.technet-newsletters.be • Technical updates • Event announcements and registration • Top downloads Join us on Facebook http://www.facebook.com/technetbehttp://www.facebook.com/technetbelux LinkedIn: http://linkd.in/technetbelux/ Twitter: @technetbelux DownloadMSDN/TechNet Desktop Gadgethttp://bit.ly/msdntngadget
TechDays 2011 On-Demand • Watchthis session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/http://technet.microsoft.com/nl-be/edge/ • Download to your favorite MP3 or video player • Get access to slides and recommended resources by the speakers