Transcript Ford OPTIMIZED DATA CENTER Well Managed Infrastructure & Applications Owning App Resource silo #1 App Resource silo #2 Mainframe Windows Managing Platforms X Unix The Evolution Linux App Resource silo #3 Identity Application Data OS Virtualization HW Storage Network CLOUD Service Oriented Consuming compute Silo-ed Architectures Managing Services App 1 On Premises Legacy Silo-ed Expansion Expanding Legacy Platforms Expansion Expansion Expansion Expansion Expansion App 1 App 2 App 3 Silo-ed Architectures To.

Ford
OPTIMIZED DATA CENTER
Well Managed
Infrastructure & Applications
Owning
App
Resource
silo #1
App
Resource
silo #2
Mainframe Windows
Managing
Platforms
X
Unix
The Evolution
Linux
App
Resource
silo #3
Identity
Application
Data
OS
Virtualization
HW
Storage
Network
CLOUD
Service Oriented
Consuming
compute
Silo-ed
Architectures
Managing
Services
App 1
On Premises
Legacy
Silo-ed
Expansion
Expanding
Legacy
Platforms
Expansion
Expansion
Expansion
Expansion Expansion
App 1
App 2
App 3
Silo-ed Architectures
To Modernizing
Workloads
storage
network
Leveraged
Infrastructure
Service
Oriented
App 2
App 3
Leveraged
Infrastructure
Services
On Premises
Off Premises
Private Cloud IaaS – SaaS - PaaS
Efficiency
Host / Collocate
Legacy Application
Cost Reduction
Re - platform
Legacy / Silo Application
New
Requirements
Re - write
New Functionality
Scalability
Burst out
Additional Functionality
Innovate
Expand
Cloud Native Application
Cloud Capability
Cloud Service
200k+
Unique devices
connect to
wireless/day
180k+
1,300+
Site locations
(114 countries)
160k
Users on
Office 365
Exchange
Managed
Windows 8.1
Systems
80%
11%
270k
95%
300k
90k
LOB apps in
Azure in 5 years
Users
717
165k+
1.2m+
4.5m
Remote
connections/
month
37k
MSIT Servers in
On-Prem Data
Centers
In the Cloud,
WAP and Azure,
in 5 years
LOB apps run
in SaaS or PaaS
today
System Center
managed
devices
SharePoint
Sites in the
Cloud
MSFT
employees on
Yammer
12,055
Total Managed
Network
Devices
519
10
600
49,152
22GB
Sustained
Internet Traffic
Legacy
Apps
3
Azure Regions
Used with
ExpressRoute
3.5Gbs
Sustained
Hybrid Traffic
To Azure
New
Apps
PaaS
Hyper-scale
Enterprise
Grade
Hybrid
Azure compute regions
Azure compute regions
Global
ISO/IEC 27001
United
States
Regional
FedRAMP
SOC 1
HIPAA
(Healthcare)
European Union
Model Clause
SOC 2
FIPS 140-2
United Kingdom
G-Cloud
PCI DSS L1 version 3
Life Sciences GxP
China
Multi Layer Protection
Scheme
Cloud Security Alliance
Cloud Security Matrix
Family Educational Rights
and Privacy Act
China
CCCPPF
Singapore
Multi-Tier Cloud
Security
ISO /
IEC 27018
Criminal Justice
Information System
Australian Signals
Directorate I-RAP
Assessment
Azure infrastructure includes hardware, software, networks, administrative and
operations staff, the physical data centers
24 hour monitored
PHYSICAL SECURITY
Centralized
MONITORING AND
ALERTS
Update
MANAGEMENT
Anti-Virus/Anti-Malware
PROTECTION
Penetration TESTING
DDoS DEFENSE
17
Visio version
PDF version
Hybrid Cloud is
NETWORKING, COMPUTE, STORAGE, APP SERVICES,
AUTOMATION, DISASTER RECOVERY, DEV, TEST etc.
… as a SERVICE
NETWORKING & AUTOMATION SERVICES
Virtual
network
Availability
Set
Azure load
balancer
Autoscale
Traffic
Manager
Automation
CDN
DATA SERVICES
COMPUTE SERVICES
On Premises Private Cloud
Health Monitoring
APPLICATIONS &
SERVICES
Active Exchange File Server JEE App
Directory
LOB App
VIRTUALIZATION
COMPUTE,
STORAGE &
NETWORKING
Automation
Commercial
App
SQL
.NET App
My SQL Oracle
SAN
Server Group #2
Storage
Spaces/SMB
Azure
Mobile
Services
TFS or
VS Online +
GIT
Azure
Web
Site
web
roles
worker
roles
storage
blob
storage
table
storage
queue
VHD
VHD data
disk
Gallery
OS images
StorSimple
Virtual
Appliance
Backup
Service
Azure Site
Recovery
SQL
Database
SQL
Data
Sync
MySQL
database
Site-to-Site VPN
Point-to-Site VPN
StorSimple
Cloud Integrated Storage
ExpressRoute
Server Group #1
Virtual
Machines
APP SERVICES
Azure
AD
Multi-Factor
Auth
Azure
Cache
Access
Control
BizTalk
Services
Media
Services
Service
Bus
Notification
Hub
Scheduler
DEVICES &
FACILITIES
Physical Infrastructure
(Servers/Storage/Networking
HDInsight
(Hadoop)
* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com
A Unified Cloud Strategy
• flexible development
• unified management
• common identity
Management Portal/API
Management Portal/API
Management Portal/API
• integrated virtualization
• complete data platform
Compute/storage/network
Compute/storage/network
Connectivity: ExpressRoute and VPN
22
Microsoft Confidential – Internal Use Only
22
Users
Azure
Virtual Network
Internet
Backend
Connectivity
ExpressRoute
VPN Gateways
Internet Connectivity
•
•
•
•
Consumers
Access over public IP
DNS resolution
Connect from anywhere
Secure point-to-site
connectivity
•
•
•
•
Developers
POC Efforts
Small scale deployments
Connect from anywhere
Secure site-to-site
VPN connectivity
ExpressRoute private
connectivity
• SMB, Enterprises
• Connect to Azure compute
•
•
•
•
SMB & Enterprises
Mission critical workloads
Backup/DR, media, HPC
Connect to Microsoft services
Extend your infrastructure to Azure
Public
Internet
VPN


VPN
On Premises

10.0/16
Internet




VPN &
ExpressRoute
Azure
VPN
GW
Backend
10.3/16
Mid-tier
10.2/16
Virtual Network
Frontend
10.1/16




On Premises


Internet
VPN GW
Forced Tunneled
via S2S VPN

S2S
VPN
WAN
WAN
WAN
ExpressRoute provides a private,
dedicated, high-throughput network
connection to Microsoft
Customer’s
network
Partner
Edge
Customer’s
connection
Traffic to Office 365 Services
Traffic to public IP addresses in Azure
Traffic to Virtual Networks
Microsoft
Edge
Microsoft
Microsoft
Public
internet
Customer site 3
Customer site 2
Customer site
Exchange
Customer site 1
Public
internet
Atlanta
Chicago
Chicago (Gov Cloud)*
Dallas
LA
NY
Seattle
Silicon Valley
Washington DC
Washington DC (Gov Cloud)*
Amsterdam
Dublin*
London
Sao Paulo
Chennai*
Hong Kong
Mumbai*
Melbourne*
Osaka*
Singapore
Sydney
Tokyo
Microsoft Cloud
WAN
ExpressRoute
Q3 CY 2015






• Reach any Microsoft region with ExpressRoute premium add-on
• Traffic carried over Microsoft’s core network
• You choose optimal path – traffic through carrier or Microsoft’s network
Internet
VPN Gateway
(Internet Edge)
Services on public IPs
ExpressRoute
Contoso virtual networks/VMs




Virtual
Network
Gateway SKU
ExpressRoute
GW
Throughput
VPN GW
ExpressRoute
Coexistence
VPN GW
Throughput
VPN GW
Max IPsec Tunnels
Cost (USD) /
Hour
Basic
500 Mbps
No
100 Mbps
10
$0.04
Standard
1000 Mbps
Yes
100 Mbps
10
$0.19
Performance
2000 Mbps
Yes
200 Mbps
30
$0.49
ExpressRoute
Azure
Virtual Network
Corp HQ
S2S VPN
Internet
Branch
Azure Virtual Network
2
3
ExpressRoute
Azure Site Recovery










Azure Virtual Network
Internet
Cross-premises connectivity
Cloud Services
&
Virtual Machines
VM
Firewall
DMZ
Virtual
Network
Isolation
ACLs
DDoS
Protection
Internet

ADC &
Load
Balancer
Internet
Microsoft Azure

Customer
On Premises
Compress/Optimize
ExpressRoute
Storage, backup,
and recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps
Storage, backup,
and recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps
Archival: StorSimple
Primary Storage
Archival Storage
Customer Data Center
Disk-based Backup
Applications in Physical or Virtual Servers
StorSimple
Remote Replication
Windows File
Server
Linux File
Server
VMware Server
Tape backup and DR
iSCSI
StorSimple Hybrid Storage Array
Internet
Azure Data Center
iSCSI
StorSimple Virtual
Appliance
Azure-based
Applications
StorSimple Manager
Enterprise SAN storage
Inline de-dupe,
compression &
automatic tiering
Automated offsite data
protection using cloud
snapshots
Highly efficient, location
independent disaster
recovery
Data mobility for
enterprise data
Consolidated storage
and data management
• Compliance
• Storage performance (IOPs etc.)
• If Azure doesn’t offer desired storage type (e.g. for SQL clustering etc.)
• Available in ExpressRoute Exchange provider locations
Customer
cage
Exchange
provider facility
• Price/Performance different from Azure storage
• SI might need to be engaged
Microsoft Azure
Disaster
Recovery
Datacenter
DevTest
Azure Site Recovery
Cloud
Bursting
Application
Analytics
Migration
Backup
Long-term Retention
Azure Backup
Azure Site Recovery
vCenter
VMM
vCenter
WAP
vSphere
Hyper-V
ESX/
Physical
Hyper-V
ESX/
Physical
Hyper-V
ESX/
Physical
Hyper-V
Enterprise Site
Hoster Site
Branch Office/SMB Site
Enable Availability on Demand for SANbased Hyper-V workloads
Protect Tier 1 Hyper-V workloads and
benefit from the performance placing
NetApp storage in Equinix datacenter
Azure ExpressRoute to improve throughput
between storage and Azure compute.
ASR’s Replication to Azure functionality used
to replicate the OS drives of the Hyper-V
workload
ASR’s Array-Based Replication functionality
used to mirror data between on-premises
and NetApp Private Storage
Storage, backup,
and recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps
ExpressRoute
Storage, backup,
and recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps
Collect and load big data
Interactive
Relational
Data
Streaming
data
10
01
Azure
blob
Server log
files
HDInsight
Automated
Storage, backup,
and recovery
Dev/test lab
BI/big data
Media
Hybrid apps
Productivity apps
Azure
RemoteApp
RDP
User
On-premises network
Elastic runtime
Domain
Joined
Subject to IT policy via
GP, System Center, or
other enterprise
management tools
Corporate Apps
Persistent user
data
(50GB per user)
Corporate apps
Custom template image
Maintained via Azure Portal
Azure VPN
Authentication
Identity options
Azure Active
Directory
DirSync
Windows Server
Active Directory
http://aka.ms/learnhybrid
http://aka.ms/hybrid-storage-ebook
http://aka.ms/azure-fundamentals-ebook
@MS_ITPro
http://myignite.microsoft.com