sign in sign up
<<
Home , Windows Live

Take a systematic and disciplined approach to Invest in security and application compliance lifecycle Acquire cloud management development skills Architect core infrastructure components for Define criteria for cloud integration: moving to or • Identity starting Catalog existing • Networking applications in • Security applications (i.e. the cloud first 20) SaaS

Microsoft Dynamics CRM Taking advantage of productivity workloads Windows Intune 1 provided in the cloud is a first step for many enterprise organizations. Azure PaaS

New development and modern applications move Your PaaS application 2 Your business logic, and code to PaaS. Web and mobile backend Compute and integration New applications are optimized for cloud computing. Data and advanced analytics Media and content delivery Focus is on functionality rather than infrastructure. Event streaming and messaging App (build, deploy and manage)

Existing applications move to IaaS 3 Existing applications are moved to IaaS virtual Azure IaaS

machines using one of two approaches: Your virtual network . Lift and shift—existing virtual machines are shifted Cloud Service Cloud Service to the cloud. Active Directory & DNS Your Line of Business application . Build in the cloud—applications are prebuilt in Azure and traditional methods are used to data. Public cloud SaaS Office 365, OneDrive, , Dynamics Online, ... Efficiency increases PaaS

New development

IaaS

IaaS virtual machines – traditional applications

Private cloud Private cloud datacenter IT’s hybrid cloud infrastructure Core network services remain on premises:  Active Directory Domain Services (AD DS) Even though a complete migration to the  Domain Name System (DNS) public cloud is the goal, retaining core  Windows Server Update Services  Microsoft System Center 2012 Configuration Manager network services in traditional datacenters for the near future results in a hybrid cloud. 37,000

Azure Legacy

EOL 60% Private cloud

0 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Current state Future (Legacy) 2013 2014 2015 2016 2017 2018 state

180K+ end users Simplification Servers, 29K devices with Presence in over Migration Using big data to efforts reducing user PC's and Intune, 400 apps 119 Countries planned for 73 secure the app portfolio mobile devices in company portal organizations company at 5% per year 120K+ 1.3K+ 1.2M 150K 513 80K+ 7B Employees Line of Business Devices hit the Devices enrolled in IT supported Users on CRM Online Security monitoring applications Microsoft network Exchange Active Sync Site locations over next 24 months events recorded daily

All new 170K .1 65% Virtualized Migration pace of 40K active in over Online sites Sales team works development managed devices server 3K users 700 external growing 4% 60% mobile + next gen environment per month networks monthly On-Prem apps in PaaS declining at 25% 22% 40K 330K 220K 90K 270K 7.9M LOB apps using Managed System Center Users on Office 365 Employees 97% SharePoint Lync calls/month IaaS or PaaS, hybrid managed devices Exchange participate on sites in the cloud cloud environment Systems Yammer each month

300000

250000

200000 150000 On-Prem 100000

50000

0 FY13 FY14 FY15+ Rethink our Experience in the Cloud Create Shared Utility Sites Custom Understand the Drive Cloud Services Cloud Migration to Workload Ecosystem Adoption Foundation Cloud Migration Post-migration MOVE TO CLOUD MOVE TO CLOUD NOW LATER High

Low Mission Regulatory Security Cross- Monitoring Custom App Database Critical Exposure Requirement Premises Needs Integration Storage

BUSINESS FACTORS TECHNICAL FACTORS Cloud-strategy approach

CLOUD STRATEGY (Cross Discipline Team)

SaaS Hybrid cloud New development BusinessSaaS-architecture led IaaSIaaSlift and shift; LeveragingPaaS all cloud paradigms IaaS and PaaS new deployments

FY12-FY13 Infrastructure Line of business (LOB) • • Dynamics CRM • Live • Third-party solutions VMs IaaS PaaS SaaS • Windows Live • Yammer, PaaS • Office 365 Engineering and operations • SharePoint Online enabling HW IaaS IaaS PaaS SaaS IaaS • Exchange Online • Windows Intune Connectivity • SkyDrive Pro • Team Foundation Service Building on FY12 destination SaaS strategy {Engineering} Moving Microsoft IT apps to the

Vast majority of Microsoft IT’s LOB apps 3% are moving to the cloud

• 90% of Microsoft IT’s 1,100+ production apps meet requirements to move to IaaS or private cloud environments • 7% of apps are migrated to the PaaS environment • 3% will remain on dedicated hardware

IaaS and Private Cloud PaaS Dedicated Hardware

NETWORKING, COMPUTE, STORAGE, APP SERVICES, NETWORKING & AUTOMATION SERVICES AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc. Virtual Availability Azure load Auto- Traffic Automation CDN … as a SERVICE network Set balancer scale Manager

COMPUTE SERVICES DATA SERVICES

On Premises Private storage storage Health Monitoring Automation Virtual Azure TFS or Machines Mobile VS Online + blob table queue Services GIT APPLICATIONS & Site-to-Site VPN SERVICES Point-to-Site VPN

Azure web worker StorSimple VHD VHD data Gallery Web roles roles Cloud Integrated Storage disk OS images Site

Express Route APP SERVICES VIRTUALIZATION COMPUTE, StorSimple Backup Azure Site STORAGE & Virtual Service Recovery NETWORKING Azure Multi-Factor Azure Server Group #1 Server Group #2 Appliance AD Auth Cache

Storage Access BizTalk Media SQL SQL MySQL SAN Spaces/SMB Control Services Services Database Data database Provisioning Sync DEVICES & Monitoring FACILITIES Automation & Self Service Service Notification Scheduler HDInsight Physical Infrastructure Bus Hub (Hadoop) (Servers/Storage/Networking Application Insight

IT Service Management * Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com Azure Security and Compliance Azure’s certification process is ongoing Secure development, operations, and threat with annual updates and increasing breadth of coverage. mitigation practices provide a trusted Clients / End Users foundation INTERNET • No internet access by default • Intrusion detection and DoS prevention Azure manages measures • Customer can deploy additional compliance with: THREAT DETECTION: DoS/IDS Layer DoS/IDS measures within their virtual • ISO 27001 Private fiber connections to networks • SOC1 / SOC2 access compute, storage and • Penetration testing • HIPAA BAA more using ExpressRoute • DPA / EU-MC • UK G-Cloud / IL2 Cloud Access & Firewall Layer ExpressRoute 443 • PCI DSS Peer • FedRAMP

Customer Environment Azure provides a number of options for 443 DOS/IDS Layer encryption and data protection. Azure Storage Application Tier

DOS/IDS Layer VPN Logic Tier SQL Database DOS/IDS Layer

Computers Database Tier Behind Firewalls Isolated Virtual Network

Enables connection from customer sites and remote workers to Azure Virtual Azure Platform Networks using Site-to-Site and Point-to-Site VPNs Remote Workers • Logical isolation for customer environments and data • Centralized management via SMAPI or the Azure Portal Heritage of security and compliance

Federal Desktop Trustworthy Core Configuration Office 365 for Microsoft Security Computing Government Response Center Initiative Malware Protection First Microsoft Active Center Datacenter Directory SAS 70 SOC 1 SOC 2 CJIS

1989 1996 2000 2005 2010 2012 2014

FISMA Windows Windows Security IRS 1075 Digital ATO C2 Update Development Crimes Unit Lifecycle Defense HIPAA/ FedRAMP Messaging HITECH ATO System ISO/IEC Operations 27001:2005 Security Assurance HYBRID CLOUD SAMPLE ARCHITECTURES Hybrid Cloud Scenarios

Encrypted Backup VPN Recovery Windows Backup Microsoft Azure SC Data Protection Manager

Site B Site A Replication System Center Virtual Machine Recovery Manager Microsoft Azure Health Monitor Hyper-V Manage Site A Site B Microsoft Azure System Center Replica System Center Recovery Virtual Machine Virtual Machine plan Manager Manager

Orchestrated Recovery in case of outage

VPN

Remote Users Admin Hybrid Cloud Scenarios

Developers VPN Tier 1 Tier 2 Tier 3 Microsoft Availability Set Availability Set Availability Set Azure SDK

Microsoft Azure Microsoft Azure AD Azure VPN Load Auto Web Virtual VHD Auto SharePoint Mobile Analytics SQL HDInsight Balancing Scaling Site Machines Scaling Service & Reporting Azure Storage (Hadoop)

Microsoft Azure Microsoft Azure Storage Storage Notification Hub CDN Cache BLOB Table

Users Storage Queue On Premises

INGRESS NODES ANALYTICS NODE CONSUME Collect / Decode Record Filter / Analyze / Aggregate Reporting / BI

Azure Microsoft Azure Load Auto Worker Azure Auto Worker Analytics SQL Connected Devices Balancing Scaling Roles Storage Scaling Roles & Reporting Azure Storage Hybrid Cloud Scenarios

Enterprise Mobility Suite • Hybrid Identity Management • Mobile Device Security& Management • Mobile Application Management • Strong Authentication & Access based Information Protection

Encrypted Synchronization Microsoft apps

Custom ISV/CSV Microsoft Azure AD Consumer LOB apps apps identity providers PCs and devices 3rd party clouds/hosting

• Built-in .NET, Java, PHP, … • SDK for integration Multi-Factor ADFS / SAML • Strong multi Factor Authentication Authentication Server Microsoft Azure AD • Real Time Fraud Alert • Reporting, Logging & Auditing Multi-Factor • Enables compliance with NIST 800- Authentication BYOD / Personal 63 Level 3, HIPAA, On Premises Server devices PCI DSS, and other regulatory Applications requirements Corporate devices SQL Server Hybrid Cloud Scenarios

Publish Management Portal Compare Sync Import / Export VPN Register / Unregister Dispersed Teams Microsoft Azure

Management Portal SQL Backup tool for legacy Manual Console Backup Managed Backups VPN / Encrypted Data

Microsoft Azure

Primary Asynchronous Commit Secondary Disaster Recovery Backup VPN Availability Groups Periodic Snapshots Powering BI Apps Console 2014 / Scripts 2012 Geo Replication Microsoft Azure SAP on Microsoft Azure

On-Premises SAP certifications Microsoft Azure is certified for the following SAP products, with full support from Microsoft and SAP. Windows http://azure.microsoft.com/en-us/campaigns/sap/ Server .vhd file Guest Virtual On-Premises & SAP (C:) SAP Product Operating RDBMS Machine Servers System Types Shared SQL .vhd file SAP Business Suite Windows A5 Pool (D:) Server SQL SAP Business All-in-One Windows A5 Server On-Premises Azure VPN SAP NetWeaver Application Server SQL VPN Device Gateway 1 Windows A5 Windows ABAP Server Server (C:) .vhd file

Shared .vhd file SAP HANA Developer Edition Pool (D:) (including the HANA Client software comprised of SQLDBC, SUSE, Linux N/A A7, A8 SQL ODBO (Windows only), ODBC, AND .vhd file JDBC drivers), HANA Studio, and Server (E:) HANA Database) 2

Virtual Network 1 Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported for deployment in Azure. 2 Customers can try SAP HANA Developer Edition on Azure using the SAP Cloud Appliance Library. ATM Manufacturer Quickly Creates ATM Management Solution Using Cloud Resources. Headquartered in North Canton, OH, Diebold is a financial self-service, security and services corporation that is engaged primarily in the sale, manufacture, installation and service of self-service transaction systems, electronic and physical security products, and software and integrated systems for global financial and commercial markets. Diebold is the largest U.S. manufacturer of ATMs. Their top products and services include ATMs and Self-Service, Electronic Security, Assisted Transactions and Barrier, Managed Services, Maintenance Services, and Professional Services. They are using Azure for their smart banking initiative. The Washington Post Builds "Truth Teller" App with Cloud-Based Speech-to-Text Service. One way that The Washington Post is driving innovation on the Internet is through Truth Teller, a software-based, political fact-checker that uses Microsoft Azure Media Services Indexer speech-to-text service. With Indexer, The Post can more easily share its political expertise, has saved hundreds of thousands in development costs, and has made search results more useful to website visitors.

SAT is In charge of all of Mexico’s tax-related transactions and needed to transform to receive and validate electronic invoices, as well as deploy new portals for taxpayers to manage their electronic bills & electronic billing, an on-premises solutions was quoted to take a full year & cost US$1 million which was too much for SAT at the time. We built in 4 months a solution that manages 2 Billion+ documents annually, with 200+ documents/sec and avoided a large investment associated with redundant datacenters setup, storage, bandwidth, hardware, software. NBC provides continuous coverage for live events on mobile devices Reimagining global media and entertainment delivery

April 9, 2013, Microsoft Corp. and NBC Sports Group announced they are “We are pleased to be working partnering to use Microsoft Azure Media once again with Microsoft, and Services across NBC Sports’ digital we are confident that Microsoft platforms, including NBCSports.com, Azure Media Services will help NBCOlympics.com and GolfChannel.com. us provide the most robust streaming experience ever for a Goal Winter Olympics.” Deliver more than 1,000 hours —Richard Cordella, Senior Vice president & General Manager of Digital Media, NBC of live streaming sports to Sports Group millions of viewers on multiple devices and operating systems

Tactics Results 100+ MILLION FANS Uses the Microsoft Azure • First in history to provide continuous live streaming footage AND GUESTS cloud platform to encode, entirely from the cloud transcode, and stream live THROUGH footage from the Olympics • The largest-ever audience on an authenticated stream for SOCHI2014.COM ON (and other high-profile events) any sporting event to its customers • Enabled access to all 98 sporting events online through a Microsoft Azure platform that scales up and down to meet actual demand Platform Application Capability Applications Architecture Networking Platform / Front End Access / / Access Facilities Security Storage Servers Data OS SegregatedPlatforms SegregatedStorage Monolithic Monolithic OS Platform Silos Multiple ID’s Monolithic Availability Data Silos AdHoc Multiple MB/GB 0.9999 Distributed Processing Storage Management Data Warehouse Data Integration Load BalancingLoad Consolidation Virtualization Virtualization Server Farms Managed Distributed Colocation Clustering Web Enterprise Content Management Public Cloud ( Consolidation Integration/ On On Premise Private Cloud Metering Aggregation+ Massive StorageScaling Network Virtualization Integration & Scaling Evolving Modular to Service Service Oriented Resource Pooling Resource Pooling Commoditization Federation Container Dynamic Big Data IaaS , SaaS, , PaaS ) Architectures On Premises Silo Legacy App 1 - ed Current Application Infrastructure Infrastructure Private Cloud Catalogue On Premises Leveraged Leveraged App 2 IaaS Off Premises Oriented – Service App 3 SaaS - PaaS Objectives Scenarios Build Deploy Triggers Needs Architectural Design Build Deploy • New Application Project / • Discovery of capabilities Business Initiative • Selection of potential scenarios: • Application / Workload • Pilot Architecture • Deployment guidance • Tech Refresh Architectural Design • Checklist: Identity, Security, • Deployment resources & • Workload Capacity Growth • App/Workload Consolidation • Compute, Storage, Networking, Compliance, team • Hosting • Disaster Recovery / Backup Networking, DevOps • Promotion to production with • Enhanced SLA • Storage / Archiving Applications Services • Test Identity, Security, Compliance • High Availability / Disaster • Cloud Identity • Identity • Validate with Data and DevOps considerations Recovery • Content Delivery • Security • Continuous Enablement • Lower Operational Costs • Media Hosting • Validate Scaling and Resiliency • Databases • Networking / Connectivity • Service Management • Cloud cost management • BI • Compliance • Self Service • Cloud Reference Model and • Web Hosting • Data Archival Standard Setting • Infrastructure Hosting • SLA • E-Commerce • DevOps • Scaling • HPC • Build • Resiliency • Test • Cost evaluation • Configure • Deploy • Measure Consumption • Monitor / Manage • Scale • Common Process • Patterns & Practices