6. HYBRID SCENARIOS
Extend
Infrastructure
to the cloud
Data
Processing in
the cloud
Access data &
apps in your
data center
Integrate
services from
On-Premises
Processing
across cloud
& On-Premise
7. WHY HYBRID CLOUD?
Your IT can benefit from public cloud
• Pay-per-use, scalability, elasticity
You cannot move all to a public cloud
• Existing investments, legal constraints etc.
Hybrid = best of both
• Run in public cloud and your own data center
8. A Unified Cloud Strategy
• flexible development
• unified management
Management PPoorrttaall//AAPPII
• common identity
• integrated virtualization
Compute/storage/network Compute/storage/network
• complete data platform
9. NETWORKING & AUTOMATION SERVICES
COMPUTE SERVICES DATA SERVICES
APP SERVICES
* Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com
SO WHAT IS HYBRID …
NETWORKING, COMPUTE, STORAGE, APP SERVICES,
AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc.
… as a SERVICE
On Premises Private Cloud
Health Monitoring Automation
Site-to-Site VPN
Point-to-Site VPN
Express Route
Azure
Web
Site
web
roles
worker
roles
Virtual
Machines
Azure
Mobile
Services
TFS or
VS Online +
GIT
Azure
AD
Multi-Factor
Auth
Azure
Cache
Access
Control
BizTalk
Services
Media
Services
Service
Bus
Notification
Hub
Scheduler
Commercial
Server Group #1 Server Group #2
SAN
Storage Spaces/SMB
VIRTUALIZATION
COMPUTE,
STORAGE &
NETWORKING
Physical Infrastructure
(Servers/Storage/Networking
DEVICES & FACILITIES
StorSimple
Cloud Integrated Storage
Azure Site
Recovery
StorSimple
Virtual
Appliance
Backup
Service
Gallery
OS images
VHD VHD data
disk
MySQL
database
SQL
Database
SQL
Data
Sync
HDInsight
(Hadoop)
storage
queue
storage
blob
storage
table
Virtual
network
Availability Automation CDN
Set
Azure load
balancer
Auto-scale
Traffic
Manager
Active Exchange File Server
Directory
LOB App My SQL Oracle
App
SQL
APPLICATIONS &
SERVICES
JEE App .NET App
System Center 2012 R2
Provisioning
Monitoring
Automation & Self Service
Application Insight
IT Service Management
11. HYBRID CLOUD SCENARIOS
Infrastructure as a Service (3-Tier highly available example)
Availability Set
Load
Balancing
Auto
Scaling
Tier 1
Tier 2
Availability Set
Auto
Scaling
SharePoint
Tier 3
Availability Set
Azure
Storage
SQL
Azure
Analytics
& Reporting
VPN
VPN
Web
Site
Mobile
Service
HDInsight
(Hadoop)
Virtual
Machines
VHD
Storage
BLOB
Storage
Table
Storage
Queue
Windows Azure
Cache
Windows Azure
CDN
Microsoft
Azure AD
Notification Hub
Microsoft
Azure SDK
Developers
Users
On Premises
Microsoft Azure
12. HYBRID CLOUD SCENARIOS
Platform as a Service (Connected Devices)
Connected Devices
Collect / Decode
Load
Balancing
Auto
Scaling
Worker
Roles
INGRESS NODES
ANALYTICS NODE
Filter / Analyze / Aggregate
Record Reporting / BI
Auto
Scaling
Worker
Roles
Azure
Storage
CONSUME
Azure
Storage
SQL
Azure
Analytics
& Reporting
Microsoft Azure
14. HYBRID CLOUD SCENARIOS
Azure Backup
SQL
File Server
Exchange
Encrypted Backup
VPN
Recovery
Windows Backup
SC Data Protection Manager
Microsoft Azure
Azure Site Recovery
Site A Replication
Site A Site B Hyper-V
System Center
Virtual Machine
Manager
Recovery
plan
Health Monitor
System Center
Virtual Machine
Manager
Replica
Orchestrated Recovery in case of outage
Manage
Site B
System Center
Virtual Machine
Manager
Recovery
Microsoft Azure
Microsoft Azure
15. HYBRID CLOUD SCENARIOS
Enterprise Mobility Suite
• Hybrid Identity Management
• Mobile Device Security& Management
• Mobile Application Management
• Strong Authentication & Access based Information
Protection
Microsoft Azure Active Directory
Consumer identity
providers
PCs and devices
Microsoft apps
Custom ISV/CSV apps
LOB apps
3rd party clouds/hosting
Encrypted Synchronization
Microsoft Azure AD
Microsoft Azure Multi-Factor Authentication
Multi-Factor ADFS / SAML
Authentication
Server
Cloud Apps
Multi-Factor
Authentication
Server
Corporate devices
On Premises
Applications
BYOD / Personal
devices
.NET, Java, PHP, …
• Built-in
• SDK for integration
• Strong multi Factor Authentication
• Real Time Fraud Alert
• Reporting, Logging & Auditing
• Enables compliance with NIST 800-63
Level 3, HIPAA,
PCI DSS, and other regulatory
requirements
Microsoft Azure AD
16. SQL SERVER HYBRID CLOUD SCENARIOS
SQL Development
Publish
Compare
Sync
Import / Export
Register / Unregister
Management Portal
VPN Dispersed Teams
Microsoft Azure
SQL Backup/Recovery
SQL Backup tool for legacy
Manual Console Backup
Managed Backups
Management Portal
VPN / Encrypted Data
Microsoft Azure
SQL Business Continuity
Primary Asynchronous Commit Secondary
VPN
Console 2014 / Scripts 2012
Backup
Availability Groups
Periodic Snapshots
Geo Replication
Disaster Recovery
Powering BI Apps
Microsoft Azure
17. SAP on Microsoft Azure
On-Premises
VPN Device
SAP (Dev / Test / UAT)
Windows
Server
& SAP (C:)
Shared
Pool (D:)
Windows
Server (C:)
Shared
Pool (D:)
SQL Server
(E:)
.vhd file
.vhd file
.vhd file
.vhd file
.vhd file
SQL Server
Virtual Network
Blob Storage
On-Premises
On-Premises
Servers
SAP certifications
Microsoft Azure is certified for the following SAP products, with full support
from Microsoft and SAP.
http://azure.microsoft.com/en-us/campaigns/sap/
SAP Product
Guest
Operating
System
RDBMS
Virtual
Machine
Types
SAP Business Suite Software Windows
SQL
Server
A5
SAP Business All-in-One Windows
SQL
Server
A5
SAP NetWeaver Application Server
ABAP 1 Windows
SQL
Server
A5
SAP HANA Developer Edition
(including the HANA Client software
comprised of SQLDBC, ODBO
(Windows only), ODBC, AND JDBC
drivers), HANA Studio, and HANA
Database) 2
SUSE, Linux N/A A7, A8
Azure VPN
Gateway
1 Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported for
deployment in Azure.
2 Customers can try SAP HANA Developer Edition on Azure using the SAP Cloud
Appliance Library.
18. THE BIG (NETWORK) PICTURE
Internet Clients
Azure
Virtual Network
On premises
Datacenter
Frontend Connectivity
Load-balanced and direct IPs
ACLs & DDoS protection
Traffic Manager & Azure DNS
Virtual Networks
Flexible multi-tier topologies
Backend Connectivity
Secure Internet cross premises VPN
connectivity
ExpressRoute – direct connectivity
19. FORCED TUNNELING
“Force” or redirect customer
Internet-bound traffic to an
on-premises site
Auditing & inspecting
outbound traffic from Azure
Needed by many scenarios
for critical security and IT
policy requirements
Backend
10.3/16
Mid-tier
10.2/16
Virtual Network
Frontend
10.1/16
VPN
GW
Internet
On Premises
S2S
VPNs
Forced Tunneled
via S2S VPN Internet
20. GATEWAY ENHANCEMENTS
High Performance Gateway
• Better throughput
• More S2S tunnels
• Pricing
• $0.49 per gateway hour
• Data transfer & VNet traffic rates unchanged
No Encryption option
• Better throughput for Vnet-to-Vnet
within Azure
• Intra-/Inter-region Vnet-to-Vnet traffic
stays within Microsoft networks, not
Internet
PFS Support for IKE
• Compliance requirements & better
security
Operations Logs
• Visibility into critical gateway events
Gateway SKU ExpressRoute
Throughput*
S2S
Throughput*
Max
Tunnels
Default 500 Mbps 100 Mbps 10
Performance 1000 Mbps 200 Mbps 30
21. ENnaEbTlWesO nReKtw SoErCkU RITY GROUPS (NSG)
segmentation & DMZ
scenarios
Access Control List
• Filter conditions with allow/deny
• Individual addresses, address prefixes,
wildcards
Associate with VMs or
subnets
ACLs can be updated
independent of VMs
Backend
10.3/16
Mid-tier
10.2/16
Virtual Network
Frontend
10.1/16
VPN
GW
Internet
On Premises 10.0/16
S2S
VPNs
Internet
22. MULTIPLE NICS IN AZURE VMS
Multiple NICs enable virtual
appliances in Azure
MAC/IP addresses persist through
VM life cycle
Separate frontend-backend traffic,
and management-data planes
Up to 4 NICs per VM
Azure Virtual Machine
NIC2 NIC1 Default
Internet
10.2.3.33 10.2.2.22 10.2.1.11
VIP:
133.44.55.66
25. FOR MORE INFORMATION
• Introduction to Microsoft Azure Networking Technologies and
What's New
• Designing Hybrid Scenarios with Microsoft Azure
• Architecting Effective Cloud Adoption Strategies
• How to Develop a Successful Hybrid Cloud Strategy
26. EVALUATE THIS SESSION
Win…
There will be other prizes including Bluetooth devices,
Office 365 subscriptions, Xbox Live subscriptions and more!