Il Cloud nella PA Azure Disaster recovery, gestione del file server e RemoteApp

Denis Sacchi Account Techonolgy Strategist – SOFTJAM Roma 27 maggio 2015 Agenda Il "Cloud computing" rappresenta un modello flessibile ed economico per la fornitura di servizi ICT. Attraverso tecnologie basate su internet, consente un accesso più agevole a un insieme di risorse configurabili e condivise (risorse fisiche di rete, di storage e di processamento, servizi e applicazioni finali). Questo sistema consente di migliorare l'efficienza operativa e, nel contempo, di raggiungere significative economie di scala per i costi IT. I nuovi servizi digitali previsti dall'Agenda, come il fascicolo sanitario elettronico e l'anagrafe AgID –Agenzia per l’Italia Digitale nazionale della popolazione, saranno presenti su datacenter (non solo quelli regionali ma anche quelli di privati) e da qui utilizzati via cloud dalle singole Pa e dai cittadini. Il Sole 24 Ore

Microsoft Cloud Platform

Cloud Platform Enterprise-grade Global reach, scale, and security for your business demands—all in a flexible and open Unified platform platform for modern business Hybrid design Cloud capacity and services in a way that fits your business needs and roadmap

Customer People-focused CONSISTENT Extends IT, developer, and employee PLATFORM Service skillsets to the cloud for new Microsoft Provider innovation Offline Operations Remote Debug Tag Expressions Traffic Manager Site to Site Virtual Network Stop without Billing integration Large Memory SKU Hyper-V Recovery SQL, SharePoint, BizTalk Images HDInsight Cloud Services SDK 2.0 Mercurial Deployment Windows Phone Support Distributed Cache Scheduler Partitioned Queues/Topics AutoScale Per Minute Billing Dynamic Remote Desktop Log Streaming Android Support HTML 5/CORS IaaS Active Directory Custom Mobile API IP and SNI SSL http Logs to Storage BizTalk Services Last 12 IP/DDOS Protection Hyper-V Disaster Recovery Support Multi-Factor Auth MSDN Dev/Test http Logs to Storage months Dynamic Remote Desktop Integration Storage Analytics Delete Disks WebSockets AMQP Support iOS Notification Support New VM Gallery Read-Only Secondary Storage VIP ACLs PowerBI Windows Server Backup Queue Geo Replication Mobile Services Manage Azure in AD New Relic Git Source Control Notification Hubs Windows 8 Notification AD Management Portal CORS/JSON Storage Support AD Directory Sync Support B2B/EDI and EAI Adapters Point to Site VOD Streaming + Encoding Software VPN Web Sites Media Services AutoScale/Monitoring VS Online Message Pump Programming Model Import/Export Hard Drives kr kr $ руб £ chf € ₩ $ TL ¥ $

Rp

R $ $ $ Applications Applications Applications Applications Data Data Data Data Runtime Runtime Runtime Runtime Middleware Middleware Middleware Middleware O/S O/S O/S O/S Virtualization Virtualization Virtualization Virtualization Servers Servers Servers Servers Storage Storage Storage Storage Networking Networking Networking Networking IaaS PaaS SaaS Traditional IT = Managed by customer = Managed by MS Chief Objections to the Cloud

Top Objections to the Cloud:

1. Compliance Issues 2. Security 3. Control What’s the Real Issue?

Underlying Issues:

1. Fear 2. Need to Own Stuff 3. Control 4. Change 5. Perceived Risk Cloud innovation presents challenges Hybrid Cloud Datacenter inkl. Storage Management & Azure (StorSimple, Virtualization Remote Backup) Apps Business continuity / Disaster Recovery

Identity & Access Mgmt

Security & Sharepoint Digital Rights Strategy Mgmt Agile Internet development of Things

Mobility / Machine Mobile Apps Learning

Digital Big Marketing & Applicatio Data eCommerce n Test / Dev / Run LOB appsIntegratio Media Business n Services Intelligence (Streaming, & Analytics CDN)

An open and flexible cloud platform that enables you to quickly build, deploy, and manage solutions across a global network of Microsoft-managed datacenters.

• Build applications using Usage-based services any language, tool, or framework. App services • Integrate public cloud Caching Identity Service bus Media CDN Integration HPC Analytics solution with the existing

Compute Virtual Cloud Mobile IT environment. machines Websites services services • 99.95% monthly SLA.

Storage SQL Blob • Automatic operating database HDInsight Tables storage system and service Network patching. Virtual Traffic Connect network manager

Microsoft Azure Data and Storage Services

Azure Data Site Recovery

Storage Services Data Management

Up to 32 TB of storage per VM >50,000 IOPS per VM Less than 1ms read latency ON-PREMISES DATA CENTER CLOUD DATACENTER

Series 8000 Server Hybrid Storage Array StorSimple BLOB BLOB Virtual Data Data Appliance

StorSimple Manager

StorSimple Snapshot Manager Plug-in

StorSimple connects Windows, Linux and VMware servers to Administrator Azure Storage in minutes with no application modification Series 8000 models Models Model Number 8100 8600 Total usable capacity 15TB 40TB Usable SSD Capacity 800GB 2TB Effective Local Capacity 15-45TB 40-120TB Max Volume Capacity 64TB 64TB Max Capacity (including 200TB 500TB cloud) Network Interface Cards 4 x 1Gbps and 2 x 10Gbps

Enclosure Form Factor 1 X 2U 2 X 2U Local redundant and geo redundant storage

Primary Location

Secondary Location StorSimple Virtual Appliance

VM

Data Disaster recovery

• Thin restores provides fast recovery of data, downloading a small subset of data necessary data bring applications online. Not dependent on volume size.

• Recover data anyway: a secondary datacenter or a StorSimple Virtual Appliance in Azure

• A volume container is failed over to the destination appliance. Time to recover is the same for physical and virtual appliance DR to secondary datacenter or Virtual Appliance Datacenter 1

Physical Appliance Filer Server (Appliance1)

File Server StorSimpleManager1

Azure Storage

Physical Appliance Filer Server (Appliance2) Virtual Appliance (Appliance3)

Recover data to Appliance2 (physical) or Appliance3 (virtual) by rehydrating data from a Cloud snapshot stored in Azure BLOB Datacenter 2 storage.

Microsoft Azure Microsoft Azure Site Recovery Site Recovery

Communication Channel Download InMage Scout

InMage InMage Scout Scout Replication and Replication channel: orchestration Hyper-V Replica or channel: InMage SAN replication replication

Windows Primary Recovery Windows VMware/ Primary Recovery Server site site Server Physical site site VMware Microsoft Azure Microsoft Azure Site Recovery Site Recovery

Orchestration Orchestration and replication and replication

InMage Scout NOW

Primary Windows Primary VMware/ site Server site Physical Microsoft Azure Compute Services Approach

Virtual Machines Web Sites Cloud Services workload forecast Deficiency

Extra resources

Extra IT CAPACITY IT Initial investment

TIME Allocated IT resoruce Real load workload forecast

No exceeding resources

less Less exceeding exceeding

resources resources IT CAPACITY IT

Smaller initial investment TIME Allocated IT resoruce Real load

A family D family G family A D G

Highest value VM Size 60% faster CPU Optimized for data workloads Basic and Standard Sizes Up to 112 GB Memory Up to 32 CPU cores, 448 GB RAM, 6.5 TB local SSD General Purpose and High Memory Local SSD storage Latest generation Intel processor High Performance A8/A9 (RDMA) Capture VM images Captures all disks attached Best effort disk consistency Re-deploy as a new VM Sysprep and non-Sysprep

My DB Image @ today Availability set • Virtual Machines (IaaS) • Multiple instances doing the same work • Place instances in same availability set • Use load-balanced endpoints • Cloud Services (PaaS) • Multiple instances • Instances are automatically in different update domains • Instances in same role are automatically load-balanced

What happens when there is only 1 VM in an Availability Set? SLA 99.95 Updates notifications only sent to VM(s) that are not in an Availability Set. Internal Load Balancing

• Enables load balancing among VMs with private IP addresses • Accessible only by customer’s virtual network and on-premises networks • Up to 50 VM in a single load-balanced set • Multi-tier applications with internal facing tiers require load balancing • HA LOB apps • SQL Always On • RDP to internal endpoints for added default security IP reservation customers can reserve public IP addresses and use them as VIPs. In a Virtual Machine scenario, the Reserved IP address will remain associated with your cloud service even when all the VMs in the cloud service are stop/deallocated. Internet

1. VIP Reservation: Customers can reserve Instance-level Public IPs customers can assign public IP addresses for 1 Reserved VIP VIP 2. Instance-level Public IPs: publically addressable IPs directly to VMs. These will Individual instances and VMs can be assigned public IPs allow scenarios like running FTP services, monitoring Microsoft Azure VMs using their IPs etc. LB

Static IP customers can deploy Virtual Machines in Azure with static IP address in Azure Virtual Network. 2 PIP1 PIP2 Cloud service Reserved VIP

VM1 VM2

DIP1 DIP2

Develop apps with… .NET Node.js PHP Python Java The Azure Websites Migration Assistant makes it easy to migrate existing websites, including those running on Windows Server 2003 to Azure.

Azure The Migration Assistant will provide a Websites readiness assessment and will highlight if a site can be migrated right away or Migration Assistant provide a list of compatibility items to be Web application On premises addressed web application

MicrosoftMicrosoft Confidential Confidential - Subject to NDA Employees cspkg

cscfg Applications hosted within worker roles can run Provides a dedicated Internet Information Services (IIS) asynchronous, long-running or perpetual tasks web-server used for hosting front-end web applications. independent of user interaction or input.

All features of a worker role + IIS 7, 7.5 or IIS 8.0* ASP.NET 3.5 SP1, 4.0 or 4.5* – 64bit Hosts Webforms or MVC, FastCGI applications (e.g. PHP), Multiple Websites Http(s) Web/Worker Hybrid Can optionally implement RoleEntryPoint Control Support for legacy apps Ease of managment Agility

Control Support for legacy apps Ease of managment Agility

Control Support for legacy apps Ease of managment Agility Microsoft Azure Networking Services Extend your infrastructure Microsoft Azure

Public Internet Microsoft Azure Public Internet

WAN

ExpressRoute location Multiple customer sites Customer site

Connecting at ExpressRoute Location Connecting from a WANConnecting (e.g. MPLS from VPN) a WAN (e.g. MPLS VPN) (Exchange Provider facility) provided by network servicesprovided providers by network services providers . Multiple Site-to-Site connections . Multiple on-premises sites connect to same virtual Multi-site & VNet-to-VNet network

. VNet-to-VNet connectivity to any Azure VNet1 VNet2 US West East Asia datacenter 10.1/16 10.2/16 . Same region or cross regions . For HA and DR, customers create virtual networks in different Azure regions

. Cross-subscription connectivity . Virtual networks in different subscriptions can securely communicate using private IP addresses

Contoso NorthAm HQ Contoso East Asia (10.0.0.0/16) (10.3.0.0/16) Microsoft Azure App Services Azure RemoteApp combines Windows application experience and powerful RDS capabilities on Azure’s reliable platform and helps IT to bring, scale, agility and global access to corporate applications Delivered via Microsoft Remote applications Access from Windows, Remote Desktop Flexible hybrid delivered from the iOS, Mac OS X, and Protocol and Scale without large or cloud deployment reliable Azure platform Android devices RemoteFX capital expense options RemoteApp RemoteApp cloud deployment hybrid deployment

• Image available with Professional Plus 2013 • Fully customizable apps, OS, and settings preinstalled • IT can manage template images and apply • Rapid provisioning: apps quickly available updates via Azure Portal

• Automatic maintenance of platform image: OS and apps • Full access to on-premises network always up-to-date, Microsoft antimalware • User logon with corporate credentials federated • User logon with Microsoft account or corporate credentials with Azure Active Directory federated with Azure Active Directory

Windows Server Dynamic Global High fidelity Secure, Clients for 2012 R2 session scalability presence with RDP WAN-ready Windows, Mac, virtualization connectivity iOS, Android Azure RemoteApp Elastic runtime

RDP

User Persistent user Published apps Prebuilt template image data automatically maintained (50GB per user)

Authentication Microsoft account On-premises network Identity options DirSync (optional) Windows Server Azure Active Active Directory Directory Azure On-premises network RemoteApp Elastic runtime Domain Subject to IT policy via Joined GP, System Center, or other enterprise management tools

RDP Corporate Apps Azure VPN User Persistent user Corporate apps Custom template image data Maintained via Azure Portal (50GB per user)

Authentication

Azure Active Windows Server Identity options Directory DirSync Active Directory RemoteApp RemoteApp cloud deployment hybrid deployment

• Image with Office 2013 ProPlus pre-installed available • Ideal for corporate LOB apps

• Access to cloud-connected data and services • Hybrid Networking provides secure access to on-premises resources • Users sign on with Microsoft Account or with federated identity with Azure AD • Federated identity with Azure AD

• Rapid provisioning, automatic maintenance, turn-key • Domain-joined and conforms to on-premises IT policy

• Image-based software update via Azure Portal

Windows Server Dynamic Global High fidelity Secure, Clients for 2012 R2 session scalability presence with RDP WAN-ready Windows, Mac, virtualization connectivity iOS, Android