Beruflich Dokumente
Kultur Dokumente
com/eBook
July 2015
Building Your
Cloud Infrastructure
with Microsoft Azure
Table of Contents
1. Introduction: Cloud and Infrastructure as a Service .......................................................... 3
2. Cloud Computing: State of the Union .................................................................................... 5
Defining Cloud ....................................................................................................................... 5
Public, Private and Hybrid Cloud ........................................................................................... 5
IaaS, PaaS and SaaS ............................................................................................................ 6
Benefits of Moving IT Infrastructure to the Cloud .................................................................. 7
Cost Comparison: IaaS and On-Premise .............................................................................. 8
Moving to a cloud-first business world ................................................................................ 11
3. Getting Started with Azure IaaS .......................................................................................... 12
Overview of Azure, Microsoft's cloud platform .................................................................... 12
How Azure fits in a cloud-first business world ..................................................................... 13
Choosing a Workload to Move ............................................................................................ 14
4. Azure Hands-On: Five Scenarios for High Value Deployment ............................................ 16
Scenario One: Extend your Datacenter with Azure Storage ............................................... 16
Scenario Two: Extend your Datacenter with Virtual Network and Site-to-Site VPN ........... 20
Scenario Three: Extend your Datacenter with Azure Backup and Disaster Recovery ....... 22
Scenario Four: Virtual Machines: Using Azure for On-Demand Development and Test .... 24
Scenario Five: Single Sign-On with Azure Active Directory: Scenarios and Benefits ......... 27
5. Azure Resources ................................................................................................................. 30
6. Using Azure with Cloud Management ................................................................................. 31
Infrastructure Guardian Cloud Management ....................................................................... 31
7. Conclusion ........................................................................................................................... 33
8. Appendix .............................................................................................................................. 35
About the Author .................................................................................................................. 35
About New Signature ........................................................................................................... 35
About Infrastructure Guardian ............................................................................................. 36
IGCM for Azure .................................................................................................................... 36
About TAG:IF ....................................................................................................................... 37
References .......................................................................................................................... 38
www.IGCM.com/eBook 2
Building Your Cloud Infrastructure with Microsoft Azure
There’s no doubt that cloud has arrived in the enterprise. But it's only just beginning
to show real value to organizations beyond early adopters.
This eBook gives you an overview of cloud computing basics and benefits, and walks
you through five high-value, real-life deployment scenarios based on Azure,
Microsoft's cloud platform for business. We have consulted research and other
external information for this book, but a lot of it is based on our own, hands-on
experience helping Canadian organizations get started in the cloud. I am the founder
of a Toronto-based professional services firm with almost two decades of experience
designing, deploying and operating Microsoft infrastructure technologies on premise
and in the cloud. Recently this company became the Canadian operations of New
Signature, the 2014 Microsoft US Partner of the Year. I also used Azure to start
Infrastructure Guardian, a managed service for enterprise-grade systems and cloud
management that is now a New Signature service offering.
www.IGCM.com/eBook 3
Building Your Cloud Infrastructure with Microsoft Azure
Many concerns about the cloud are no longer valid and, with the right kind of
guidance, transitioning to the cloud has become significantly easier.
When we look at the evolution of cloud computing, not only is it in the process of
transforming how IT is managed in the enterprise, it also transforms the vendors
delivering technology solutions to the enterprise. Microsoft is certainly the most
prominent technology company changing from a traditional software vendor to a
leader in what Microsoft CEO Satya Nadella calls the "cloud-first, mobile-first
business world".
Azure is a cloud platform and a cloud operating system that empowers enterprises
looking to move some or all of their business to the cloud.
The focus of the eBook is to provide a hands-on guide for Microsoft Azure and
Infrastructure as a Service (IaaS) - how IT departments can deliver cloud computing
infrastructure as an on-demand managed service to their business. IaaS is only one
category within the range of cloud solutions, but it is the one that lays the foundation
for everything else. We will leave Platform as a Service (PaaS) and Software as a
Service (SaaS) for future books.
There are also other vendors with large and comprehensive cloud offerings. But in
our day-to-day work helping our customers we are seeing how using Azure comes
with huge integration and transition benefits. We will outline these in this eBook and
provide best practices on how to create a roadmap for smart cloud integration and
getting your IT infrastructure ready for a cloud-first business world.
www.IGCM.com/eBook 4
Building Your Cloud Infrastructure with Microsoft Azure
Everybody in IT is talking about cloud computing, and it can get a little confusing. It
seems every IT executive, IT professional, vendor, pundit, marketer and journalist
has their own definition of cloud computing. And if you go up to C-level executives,
there is still a broader lack of understanding. Microsoft Canada commissioned a
2014 survey concluding that 90 per cent of Canadian C-suite executives “are not
familiar with what cloud computing means”4.
I believe the definition of cloud computing by the U.S. National Institute for Standards
and Technology is accurate, and a good one to use: "Cloud computing is a model for
enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management
effort or service provider interaction."5
Breaking down the definition of cloud into core elements Public, Private and Hybrid
Cloud can be a little trickier. I sent out a survey in spring of 2014 to Canadians in IT
and associated roles to find out their definitions. What I got back was a mixture of
scary, funny and enlightened responses. If anything, it showed us the importance of
moving beyond the hype around cloud, and making hands-on training and education
for cloud solutions available.
One of the reasons why Microsoft Azure is such a compelling cloud platform is that it
easily enables all three options and integrates with your existing on-premise IT
infrastructure.
www.IGCM.com/eBook 5
Building Your Cloud Infrastructure with Microsoft Azure
In addition to the three different types of cloud deployment options, there are three
categories of cloud computing services:
IDC predicts PaaS, SaaS and IaaS services combined to reach $118 billion in
spending in 2015, with IaaS adoption projected for the highest growth: 36%.7 Here's
a more detailed overview of these categories:
Source: adapted from Microsoft Technet blog post “SaaS, PaaS, and IaaS.. Oh my!” [ 8 ]
www.IGCM.com/eBook 6
Building Your Cloud Infrastructure with Microsoft Azure
If you are part of an organization with rapid growth, IaaS is especially relevant.
Successful services need to grow and scale. If money is no object, you can certainly
over-provision by investing in your own hardware at an early stage and overpay until
you reach capacity. But if you grow faster than expected, you may still be in a
situation where you can't provision hardware fast enough. With IaaS you can scale
your infrastructure on demand in the cloud, and pay more as you use more.
Another relevant cloud scenario example is “tier” upgrades for compute and storage.
For a traditional infrastructure organization to increase a server’s processing power
or memory requires an expensive upgrade or even a new server. This would usually
take days and even weeks to complete. Storage I/O improvement would typically
involve a SAN re-configuration or, in some cases, a new SAN. Local storage I/O
improvements would require the introduction of additional spindles for a RAID setup,
faster disks, or SSDs. All of these scenarios are time-consuming and expensive.
With IaaS, these types of upgrades take seconds to minutes to complete with a
modest increase in cost. You get tremendous business agility, something that is not
possible with traditional on-premise infrastructure.
Even if your IT infrastructure needs are entirely predictable and consistent, IaaS is a
good option because of the ongoing reduction in cloud storage and compute costs.
The usage of a highly-available, enterprise-grade infrastructure to run virtual
machines is very competitive using cloud solutions. And based on predictions by
industry observers, the price is only going down.
www.IGCM.com/eBook 7
Building Your Cloud Infrastructure with Microsoft Azure
Annual expense for Storage, including disks, host adapters, backup, tape,
offsite storage
Annual expense for Network, including fibre channel, Ethernet, KVM switch,
cabling
2% 6%
5% Annual hardware expense
www.IGCM.com/eBook 8
Building Your Cloud Infrastructure with Microsoft Azure
For a comparable Cloud IaaS scenario with Microsoft Azure, we have to consider:
Using IaaS provides the opportunity to further decrease cost by de-allocating Virtual
Machines and only pay for what is provisioned.
www.IGCM.com/eBook 9
Building Your Cloud Infrastructure with Microsoft Azure
Cost Comparison
Annual cost of running on-premises $126,948
Annual cost of running on Azure $25,950
Annual Savings 80%
www.IGCM.com/eBook 10
Building Your Cloud Infrastructure with Microsoft Azure
The "holy grail" will be treating cloud as a total utility. Cloud-first means we will be
moving towards cloud as the default option for IT, not just an afterthought or potential
consideration. I don't like much of the marketing hype around cloud computing but I
do believe in the promise and advantages of cloud computing, especially because
we have seen a similar evolution only a few years ago with virtualization. I remember
going on a tour across Canada in 2005, talking about the benefits of virtualization.
At the time a lot of training and education was needed to get businesses to buy into
the promise of virtualization technologies. But then things started to click and
adoption started to accelerate quickly. Today, virtualization is a default IT strategy
with large enterprises virtualizing over 75% of their x86 server infrastructure. I’m
confident cloud computing will take the same path.
Cloud-first is coming too because it's both an IT and a business strategy - one that
provides much better ways to manage IT and control costs at a time where IT is
getting squeezed like never before. Your CFO will love a cloud-first business world
because the direct view to cost allows you to better understand and slice-and-dice IT
spend. Your CEO will love the increased business agility.
You get visibility into which units or departments spend what on their IT needs.
Depending on your perspective, this is an advantage or disadvantage. It forces IT
professionals to think more like business managers and will alter job descriptions,
skill sets and specializations needed. But this change also offers more opportunities
for the IT team to move "up the stack" from a support function to strategic business
driver. In this cloud-first world, there will be IT teams who do the in-depth stuff as a
business - for example offering cloud infrastructure management as a service; but
the in-house IT team will be focused on delivering business value and solving
business problems.
www.IGCM.com/eBook 11
Building Your Cloud Infrastructure with Microsoft Azure
Azure is Microsoft's open and flexible cloud platform for business that allows you to
quickly build, deploy and manage applications and services. Azure comes with many
associated services, including those for compute, storage, data, networking and
apps. In a slightly simplified view, Azure provides services for applications, data,
compute and network:
www.IGCM.com/eBook 12
Building Your Cloud Infrastructure with Microsoft Azure
According to a handy Microsoft’s info-graphic, Azure can help you "quickly build,
deploy, and manage applications across a global network of Microsoft-managed
datacenters". You can also build and run applications using any language, tool, or
framework within four primary models: 1) Virtual Machines, 2) Cloud Services, 3)
Web Sites, and 4) Mobile Services.
Microsoft Azure provides a great entry and transition strategy for organizations that
want to extend their data center to the cloud, and the momentum for Azure has been
steadily building over the past years. At the Build 2015 conference, Microsoft
provided some numbers around Azure usage:
More than 90,000 new Azure customer subscriptions per month
1.4 million SQL databases in Azure
More than 50 trillion storage objects in Azure
425 million Azure Active Directory users
3 million developers registered with Visual Studio Online
More than 40% of Azure revenue from start-ups and ISVs
19 Azure Compute Regions open
In April 2015, Microsoft said that its commercial cloud revenue grew 106% (year-
over-year) driven by Office 365, Azure and Dynamics CRM Online, and is now on an
annualized revenue run rate of $6.3 billion. Given Azure’s ongoing growth trajectory,
all these numbers may soon be outdated again. At the company's annual Financial
Analyst Meeting (FAM), CEO Satya Nadella said Microsoft's goal is to hit a $20
billion run rate for its commercial cloud by 2018.
Market research firm Gartner has put Microsoft Azure in a leadership position in its
Magic Quadrant for Cloud Infrastructure as a Service in 2013 and 2014, with
Microsoft making a huge leap both in terms of vision and ability to execute (a free
reprint of the report can be accessed through a Gartner blog post here). Gartner
points out some of Microsoft’s advantages:
“Microsoft has a vision of infrastructure and platform services that are not
only leading stand-alone offerings, but that also seamlessly extend and
interoperate with on-premises Microsoft infrastructure (rooted in Hyper-V,
Windows Server, Active Directory and System Center) and applications, as
well as Microsoft's SaaS offerings.”
www.IGCM.com/eBook 13
Building Your Cloud Infrastructure with Microsoft Azure
Azure feel and operate like part of a unified whole, and Microsoft is making
an effort to integrate them with Visual Studio, Team Foundation Server,
Active Directory, System Center and PowerShell. Conversely, Windows
Azure Pack offers an Azure-like user experience for on-premises
infrastructure.”
In May 2015, Microsoft announced a significant upgrade for Azure for private cloud
customers. The new Azure Stack combines Azure Pack with Windows Server 2016
and Azure Service Fabric, a new layer that helps decompose Azure applications into
microservices. Mary Jo Foley of the All About Microsoft blog explains that these
microservices can be updated and maintained independently of the underlying
infrastructure, and that they “communicate with each other via programming
interfaces.”
Amazon and Google are the only two other companies with cloud solutions and the
ability to execute at the same global scale, Microsoft is the only one of the three with
similar enterprise infrastructure and expertise at its core. A huge advantage of Azure
is the ability to integrate your public cloud applications with your existing IT
environment. You don't have to choose between one or the other, it allows you to run
a hybrid environment. Azure also allows you take advantage of existing enterprise
licence agreements you may have, if you already have Microsoft technology in your
IT infrastructure.
However, using Azure to enable IaaS in your organization requires the consideration
of many options with many benefits, so it is definitely advisable to include a thorough
assessment and capacity planning process. At the very basic level, you need to
inventory your tech infrastructure, and be sure to be able to answer these questions:
What do I have in my current IT infrastructure?
Where is it?
What are my performance metrics?
Microsoft provides resources to help with this process. For example, the Microsoft
Assessment and Planning (MAP) Toolkit for Azure “gets your cloud migration
planning process going with automated discovery and detailed inventory reporting of
web applications, application portfolios, and database readiness for Azure platform”.
www.IGCM.com/eBook 14
Building Your Cloud Infrastructure with Microsoft Azure
It helps you catalog all of the applications in your IT environment, and provides a
readiness and capacity assessment.
Source: Microsoft Assessment and Planning (MAP) Toolkit for Azure Platform [ 10 ]
In addition to the technical planning, making the right business case is critical.
Consider which scenarios lend themselves the most to getting started with a journey
to the cloud. Here are two types of scenarios you could look at first:
Scenarios that are needed but not needed all the time: If your
organization has a seasonal need for high-performance computing or
additional virtual machine capacity, think of the possibilities of using Azure to
temporarily switch on a massive amount of virtual machines. Why buy the
hardware if you can just switch it on for as long as you need it? You only pay
for what you use. These types of scenarios are the low-hanging fruit when
choosing a workload to move.
The following section of the book provides five high-value scenarios for your
consideration.
www.IGCM.com/eBook 15
Building Your Cloud Infrastructure with Microsoft Azure
Overview
Azure Storage is cloud storage that provides customers with anywhere and anytime
access. It is highly durable, highly available and massively scalable. Azure Storage
easily scales from megabytes to exabytes, and you pay only what you use when you
use it. Pricing is based on the number of storage transactions, data stored, data
egress and the type of replication. This makes it attractive for start-ups, small to mid-
sized businesses and enterprise organizations alike.
For example, a start-up company could design an application and launch it without
having to worry about supporting growth on a global scale. Microsoft points out that
“Azure Storage is accessible from anywhere in the world, from any type of
application, whether it’s running in the cloud, on the desktop, on an on-premises
server, or on a mobile or tablet device”.
www.IGCM.com/eBook 16
Building Your Cloud Infrastructure with Microsoft Azure
Technical details
1. Blob storage: A blob can be any type of text or binary data, such as a
document, media file (audio, video, photo), or application installer. It works
particularly well for companies that need to store large amounts of
unstructured data in the cloud. Every blob is organized into a container, which
can help assign different security policies to groups of objects. There are
block blobs and page blobs, with the former being optimized for streaming
and storing objects and the latter “representing IaaS disks”. For example, “an
Azure virtual machine network attached IaaS disk is a VHD stored as a page
blob”.
3. Queue storage: Provides reliable messaging for workflow processing and for
communication between components of cloud services, including running on
a desktop, on-premise server or mobile device. A storage account can
contain any number of queues. A queue can contain any number of
messages, up to the capacity limit of the storage account.
4. File storage: There are a number of strong cloud usage cases for file storage.
Migrating legacy apps to the cloud: Offers shared storage for legacy
applications using the standard SMB 2.1 protocol. With file storage, an
enterprise can choose to migrate some legacy applications to Azure and
continue running others from within their own organization.
www.IGCM.com/eBook 17
Building Your Cloud Infrastructure with Microsoft Azure
Diagnostic Share: Save and share diagnostic files like logs, metrics, and
crash dumps for use with tools for processing and analyzing the data.
Azure Storage also includes three options for replication for durability and high
availability:
2) Geo Redundant Storage (GRS): Stores 6 replicas of the data across two
regions (3 in each region); it provides additional durability to protect data
against major regional natural disasters (e.g., tornado, hurricane or fire, etc.
destroying a whole region). Updates across regions are performed
asynchronously
3) Zone Redundant Storage (ZRS): Stores 3 replicas of the data across multiple
zones (facilities) within a single region or across regions. Provides additional
durability to protect data against zone failures (e.g., fire burning down a
facility). ZRS is only available for block blobs.
Scenarios
www.IGCM.com/eBook 18
Building Your Cloud Infrastructure with Microsoft Azure
3. Born in Cloud Applications: While traditional virtual machines and file storage
will use blob storage in Azure, as new applications evolve and are built on the
Azure platform, the usage of Table storage and Queue storage can be very
compelling platform tools to enable key application workloads.
Benefits
Azure storage benefits largely come down to agility, resiliency and price. On-premise
storage is a significant cost for enterprises. In the cloud, you only pay for what you
use, when you use it. No longer do you have to buy storage based on the IOPS you
expect to need or the capacity you expect you may grow to need over the next
several years. As cloud vendors fight for business in this highly competitive market,
highly resilient, highly redundant storage is available for as low as $0.025/GB at full
list price. This also means it is very affordable to move those big virtual machines to
Azure and not worry about storage.
www.IGCM.com/eBook 19
Building Your Cloud Infrastructure with Microsoft Azure
Scenario Two: Extend your Datacenter with Virtual Network and Site-
to-Site VPN
Overview
Azure Virtual Network allows you to extend an on-premise network into the cloud
through site-to-site VPN. You can manage it like an on-premise infrastructure, and
control the network topology and configuration of DNS and IP address ranges.
A virtual network consists of one or more virtual machines configured to access local
or external network resources. In Azure, virtual networks are used to provide a layer
of security and isolation to your services. Virtual machines and web services that are
part of the same virtual network can access each other. A site-to-site VPN
connection to Azure is secured with industry standard IPSec technology and the
endpoint at your site will most likely be the firewall you already have.
www.IGCM.com/eBook 20
Building Your Cloud Infrastructure with Microsoft Azure
Microsoft provides three types of core scenarios in which a virtual network may make
sense for you:
Securely extend your data center: With Virtual Network, you can build
traditional site-to-site VPNs to securely scale your datacenter capacity. Virtual
Network uses industry-standard IPSEC protocol to provide a secure connection
between your corporate VPN gateway and Azure. Add as many machines as
you want behind the VPN gateway.
Enable hybrid cloud scenarios: Virtual Network gives you the flexibility to
support a range of hybrid cloud scenarios. You can securely connect cloud-
based applications to any type of on-premises system such as mainframes and
Unix systems.
www.IGCM.com/eBook 21
Building Your Cloud Infrastructure with Microsoft Azure
Overview
Backup and restore options are a prerequisite for any business organization. Azure
provides scalable and durable cloud storage, backup, and recovery solutions, and
connects with your existing on-premise IT infrastructure, so you can backup and
restore your apps and data regardless of whether they reside in the cloud or on
premise. Azure can provide a cost-effective way to enhance and optimize your
disaster recovery and business continuity strategy.
Azure Backup is a simple and reliable data protection solution which enables
customers to back up their on-premises data to Microsoft Azure. It is built on top of
Azure’s robust global infrastructure and stores backup data in geo-replicated storage
which maintains 6 copies of data across two Azure datacenters.
Scenarios
Hybrid cloud storage: Access frequently used data locally and tier less-used,
backup, and archive data to the cloud using StorSimple and Azure. Your data
is de-duplicated, compressed, and encrypted before sending. You can rapidly
recover your data to a StorSimple device from virtually any location with an
Internet connection.
www.IGCM.com/eBook 22
Building Your Cloud Infrastructure with Microsoft Azure
Cloud-based data backups: Protect against data loss and corruption. Back up
and recover data across the Windows Server operating system and Microsoft
System Center with Azure Backup. Store and recover files, SQL Server
database snapshots, and Hyper-V virtual machines in Azure using Azure
Backup.
Benefits
You can gain many benefits by integrating Azure Backup and SiteRecovery into your
IT environment. Azure Backup can “protect your critical applications including
SharePoint, Exchange & SQL; Files and Folders, Windows Servers, Windows
Clients and Azure IaaS VMs”.
It also provides a great way of meeting compliance requirements for data protection
with up to 99 years of retention at much lower cost than traditional tape storage
solutions.
For hybrid cloud scenarios in particular, Azure StorSimple is “an efficient, cost-
effective, and manageable solution that eliminates many of the issues and expense
associated with enterprise storage and data protection.”
www.IGCM.com/eBook 23
Building Your Cloud Infrastructure with Microsoft Azure
Overview
If your organization develops custom applications, you need a development and test
environment for those apps. This includes installing developer tools such as Visual
Studio and creating a test environment that replicates a real-life production scenario.
Over the past decade, creating virtual machines has replaced provisioning physical
servers for each environment. Using a cloud platform instead of your own data
center for virtualization has many advantages.
In Azure, you can deploy Azure Cloud Services and Azure Virtual Machines. The
former offers full Platform-as-a-Service (PaaS) capabilities that allow you to create
applications without having to manage the server infrastructure. The latter provides
Infrastructure-as-a-Service (IaaS) capabilities, which give you way more control but
also require you to manage most of the features of a virtual machine.
If you know how to use virtual environments, getting started with Azure Virtual
Machines will be easy. Running a virtual machine on Azure provides you with the
infrastructure for virtualization. You don’t have to buy or maintain the hardware but
you still need to manage the virtual machine. This includes configuring, patching, and
maintaining the operating system and any other software that runs on the virtual
machine.
When you set up a virtual machine, you can choose to use an image provided by
Azure or a certified partner, or use your own image. To pick an existing image, go to
the gallery on the Microsoft website, where images are available from Microsoft and
many partner solutions including Oracle, SAP, IBM, Cloudera, Hortonworks and
many others. In addition, the open source community offers images at VM Depot.
www.IGCM.com/eBook 24
Building Your Cloud Infrastructure with Microsoft Azure
You also need to decide the VM size, Operating System, Networking Configuration,
and Cloud Service Configuration.
Scenarios
Production Environments
Project-based Testing and Development
Short-term Testing Environments
Microsoft provides a helpful info-graphic showing some of the things you can do with
Azure VM, for example:
1) Create VMs for Dev and Test to free up your on-premises infrastructure: You
can quickly create dev and test environments with Azure VMs and test at scale
with Visual Studio and Team Foundation Server.
2) Application Hosting: If the infrastructure needs of your apps in the cloud are
growing, Azure VM can meet them easily and scale up or down without
requiring changes. You can also connect to on-premise applications and data
through a VPN in a hybrid scenario.
3) Infrastructure for SQL Server: You can get full SQL Server in the cloud through
Azure VM. You can prototype and test apps or extend existing SQL Server
apps from on-premise to the cloud.
If you have deployed virtual machines in a traditional data center, then deploying
them in Azure will be easy for you. Here are key steps:
www.IGCM.com/eBook 25
Building Your Cloud Infrastructure with Microsoft Azure
Benefits
Microsoft partner InCycle Software highlights three scenarios that show why you
should care about Azure for Dev/Test:
2. Speed and Risk Reduction - From a release perspective, it reduces system downtime
related to moving an application into production. Working with production-like
environments and deploying to them in the same consistent way validates the
deployment process early increasing reliability of application hand-off between
engineering teams and operations. Companies that apply a Dev Test strategy
combined with deployment automation can increase the number of weekly
deployments by 300% as well as the software quality by 20%.
3. Cost - Decrease or eliminate the need for computer asset management associated
with having to acquire the necessary physical hardware to support software
engineering teams. Save the cost of adding/removing hardware in a datacenter and
disposal fees of out dated end of life hardware. By implementing Azure for
development and Test environments, a large US insurance company decreased by
30% its Cost of Ownership (COS = pay for what you use).
Source: “What is Azure Dev Test and Why Should You Care?” [ 15 ]
Flexibility: you can integrate cloud apps with your existing on-premise IT
environment.
Control: you can secure management over applications hosted on the Azure
cloud platform.
Scalability: you can increase or decrease your resource usage based on
your needs.
Ease of Implementation: you can quickly build, deploy and manage apps
across a global cloud network.
Utilization of Resources: You can share virtual environments to optimize
utilization and reduce associated costs of hardware and software licenses.
www.IGCM.com/eBook 26
Building Your Cloud Infrastructure with Microsoft Azure
Overview
Azure Active Directory (AD) provides identity and access management in the cloud.
It offers “a robust set of capabilities to manage users and groups and helps secure
access to on-premises and cloud applications including Microsoft online services like
Office 365”. It is the cloud counterpart to Active Directory, which offers on-premises
identity management through Windows Server.
Using Azure AD allows you to extend single What you can do with Azure AD
sign-on capabilities to Office 365 as well as • Manage users and access to
other Microsoft and third-party solutions. It can cloud resources.
also enable single sign-on capabilities to other • Extend your on premise Active
SaaS applications, so that companies can have Directory to the cloud.
their end users access CRM, BI, HR or other • Provide single-sign-on (SSO)
important corporate applications safely and
across your cloud applications.
securely. You can even enable multi-factor
• Reduce risks by enabling multi-
authentications for cloud applications which
factor authentication.
wouldn’t otherwise support it. Thousands of pre-
• Support development’s need to
integrated Azure AD applications from Microsoft
build secure directory integrated
and third parties can be found in the Microsoft
applications for the enterprise.
Azure Marketplace.
Azure AD can be used as a standalone service in the cloud or integrated with on-
premise Active Directory. Extending existing on-premises directories to Azure AD
provides a number of benefits including a streamlined sign-in experience for users
that combines single sign-on to both on-premise and cloud-based applications. It can
also create an integrated and unified experience for the management of user and
device identities, including simplified user access to Windows, Mac, iOS and Android
devices.
Azure AD comes in three versions: Free, Basic and Premium. Basic and Premium
offer more advanced capabilities including high availability SLA uptime, advanced
security reports, company branding and group-based application access
management and provisioning.
www.IGCM.com/eBook 27
Building Your Cloud Infrastructure with Microsoft Azure
Basic - Includes all the capabilities that Azure Active Directory Free has to
offer, plus group-based access management, self-service password reset for
cloud applications, Azure Active Directory application proxy (to publish on-
premises web applications using Azure Active Directory), customizable
environment for launching enterprise and consumer cloud applications, and
an enterprise-level SLA of 99.9 percent uptime. An administrator with Azure
Active Directory Basic edition can also activate an Azure Active Directory
Premium trial.
Premium - Get all of the capabilities of Azure Active Directory Free and Basic
editions and add feature-rich enterprise-level identity management
capabilities, for example multi-factor authentication or password reset with
write-back.
A more detailed overview and comparison of the three editions can be found on the
Microsoft website.
Web Application to Web API: A web application needs to get resources from a
web API secured by Azure AD.
www.IGCM.com/eBook 28
Building Your Cloud Infrastructure with Microsoft Azure
Multi-Factor Authentication
Azure AD allows you to set rules and policies that control who has access and under
what conditions. To manage access based on the device or location, you can
implement multi-factor authentication (MFA) which requires any two or more of these
verification methods:
Password
Trusted device
Biometric verification
Azure MFA
By combining these methods, you make it way more difficult to get breached in an
attack scenario. For example, even if the attacker learns a user password, it won’t be
useful without also having the trusted device. Azure MFA requires users to verify
sign-ins using a mobile app, phone call or text message.
You can use MFA to secure access to Azure, Office 365, Dynamics CRM Online,
and non-Microsoft cloud services that integrate with Azure AD, with no additional
setup. It’s easy to enable MFA for large numbers of global users and applications. In
addition to adding MFA to Azure AD, you can also enable MFA for on-premise
resources using the Azure MFA Server through Windows Server Active Directory
Domain Services and build MFA into custom applications using an SDK.
www.IGCM.com/eBook 29
Building Your Cloud Infrastructure with Microsoft Azure
5. Azure Resources
Microsoft is putting enormous efforts into building out Azure, its cloud platform for
business. Both the amount and the pace of updates to Azure are astonishing. It's not
easy to keep up with all the developments, especially if you are just getting started
with Azure. Microsoft provides guidance and information on its cloud platform in a
few places online. Here are just a few of the key ones:
Azure Service Updates: This page is the home of all service updates to
Azure. There are new posting several times each week, and you can also
subscribe by RSS feed.
Cloud Platform Roadmap: The roadmap page provides a snapshot of what
Microsoft is working on in the Cloud Platform business. It includes an
overview of what's become available recently, public previews, projects in
development, and canceled projects.
Microsoft Azure Blog: The official blog combines posts from many different
members of the Azure team; it's a good place to start before digging into
some of the other resources on TechNet and MSDN
Azure on Twitter: If you are using Twitter, the Azure account is a great way
of following the latest and greatest from the Azure team.
Azure on Facebook: For those who prefer Facebook, the Azure team posts
its updates here too.
Azure tag on MSDN Blogs: If you are looking at Azure from the dev/test
side, there are almost daily posts about Azure here
TechNet - In the Cloud Blog: Brad Anderson, Microsoft's corporate vice
president of Enterprise Client & Mobility blogs about Cloud here. While his
focus is more on mobility, he does mention Azure frequently
TechNet - Building Clouds Blog: This TechNet blog focuses on "...building
hybrid clouds that can support any device from anywhere". It features a great
overview of topics by track at the top of the blog, which makes it easy to dive
into anything from Application Management to Disaster Recovery or VM
Migration.
TechNet - Server & Cloud Blog: This blog aggregates posts from
Microsoft's Server & Cloud Platform team.
Microsoft Cloud Platform on Facebook: In addition to the Azure page on
Facebook, the Server & Cloud Platform team has a presence too.
TechNet - Azure Forum: There are several Azure topic threads in the
TechNet Forums. Just click on the dropdown menu in the left sidebar and
select one of the topics.
Microsoft Azure eBooks: Microsoft offers a number of eBooks about Azure
on the Virtual Academy website.
These links are only some of the "official" resources from Microsoft. Of course, there
is also a large community of Azure users out there sharing perspectives on
Redmond's cloud platform efforts, including The Azure Group: Infrastructure Focus.
www.IGCM.com/eBook 30
Building Your Cloud Infrastructure with Microsoft Azure
Getting security and privacy right is part of these conversations, as are the pricing
advantages of moving workloads to the cloud, which we discussed in the earlier
chapter of this book. But operational concerns with transitioning to cloud solutions,
and efficiently running them on an ongoing basis plays a big role too, especially in
conjunction with existing on premise infrastructure. When companies extend their
environments to the cloud, there is an extra “glue layer” that ensures that everything
works together and allows proper authentication to the cloud. This glue layer needs
to be built and managed on an ongoing basis.
Cloud solutions provide better business value, operational efficiency and time-to-
market in many IT scenarios. By adding Cloud Management Services to these cloud
plans, you can integrate cloud infrastructure "out of the box" and run it in a way that
makes it easy to operate and scale.
Infrastructure Guardian Cloud Management consists of three main pillars that make
your journey to the cloud faster and easier:
www.IGCM.com/eBook 31
Building Your Cloud Infrastructure with Microsoft Azure
IGCM can manage all key aspects of your cloud environment and enable you to
quickly launch and use cloud solutions without having to worry about legal, technical
or pricing complexities. You get peace of mind for health and performance of your
cloud environments while being able to leverage and integrate internal processes
and workflows.
www.IGCM.com/eBook 32
Building Your Cloud Infrastructure with Microsoft Azure
7. Conclusion
Microsoft is transitioning into a Cloud-first company. During the Q3 financial update
on April 23, 2015, Microsoft CEO Satya Nadella highlighted the worldwide growth
momentum of the Azure cloud platform for business:
“Right now, more than 5 million organizations are represented in Azure Active
Directory with more than 425 million identities. Storage is also a strong indicator of
consumption and now we have 50 trillion objects stored in Azure, a three times
growth year-over-year in storage transactions, more than 5 trillion in March alone.
Azure websites are growing with nearly half a million sites hosted.”18
Microsoft is just one of a number of large technology vendors embracing growth
through cloud services. But Microsoft certainly has the most complete enterprise
cloud offering and makes a transition to the cloud or a hybrid cloud IT environment
easier than any other company.
This eBook focused on cloud infrastructure with Azure, Microsoft’s cloud platform for
business. Microsoft has many more cloud offerings that all work together, from Office
365 and Yammer to mobile solutions, Dynamics CRM and Data & Insights Tools.
Microsoft also lets you integrate and connect with many other cloud solutions,
including running competitive offerings and open source technologies.
Cloud computing is flexible; it offers many options including public, private and hybrid
cloud environments. It can be tailored and scaled to almost every business need. My
professional services company just completed an engagement with a large, global
insurance company that moved actuarial workloads into the cloud. They now run at
three times the speed while the IT organization can claim 60 percent savings. Cloud
solutions running on Azure also enabled this insurer to launch a new mobile app
within two months instead of a year or more. Meanwhile, Microsoft keeps
accelerating the speed of its release schedules for Azure. We are now talking days,
and no longer months or years before updates happen.
Maybe this new, incredibly fast pace of change in the cloud is the biggest transition
that everyone in IT has to get used to. We no longer have to wait for product release
schedules. Cloud vendors release updates quite literally weekly. The cloud
computing train is leaving the station. If you’re not on it yet, then it’s high time to get
on because it will keep accelerating and it’s important to get experience now.
We’re not trying to be scare mongers here. It’s simply the new reality. My own
businesses are in a process of transformation because of the cloud, and I’ve become
a SaaS entrepreneur almost overnight with our cloud governance portal. But the
cloud is not limited to my needs. You can enable a multitude of diverse IT scenarios
in the cloud, and you can do so at a pace that fits your own organization’s needs.
In this book, we provided an introduction to Azure and outlined a number of high
value scenarios that make a move to the cloud worthwhile by starting with the low-
hanging fruit.
www.IGCM.com/eBook 33
Building Your Cloud Infrastructure with Microsoft Azure
www.IGCM.com/eBook 34
Building Your Cloud Infrastructure with Microsoft Azure
8. Appendix
About the Author
Brian Bourne
When he isn’t being a geek around computers, Brian is either burning gasoline in
some sort of motorized vehicle or pretending to be a triathlete.
www.IGCM.com/eBook 35
Building Your Cloud Infrastructure with Microsoft Azure
Clients value maintaining ownership and control over their information technology but
are also interested in leveraging the business opportunities that best practice system
management provides. Infrastructure Guardian services can be hosted in your own
data center, or the cloud, 24 hours a day, 7 days a week.
The IG team works hand in hand with the internal IT teams to allow clients to fully
leverage and operationalize their System Center and Cloud deployments. By
providing enterprise-grade systems management best practices, IG help businesses
keep their internal resources focused on innovation and project work for the
business.
Infrastructure Guardian Cloud Management (IGCM) for public, private and hybrid
cloud environments. IGCM makes it easy for clients to govern their cloud spend and
manage the health and performance of their IT infrastructure across data centers,
end-points and the cloud. Organizations with a Microsoft Enterprise Agreement can
use the IGCM Portal for free to control and manage their Azure subscriptions and
usage. Find out more at www.igcm.com or sign up right now at portal.igcm.com.
www.IGCM.com/eBook 36
Building Your Cloud Infrastructure with Microsoft Azure
About TAG:IF
www.IGCM.com/eBook 37
Building Your Cloud Infrastructure with Microsoft Azure
References
1 Press release: Worldwide Cloud IT Infrastructure Market Growth Expected to Accelerate to
21% in 2015, Driven by Public Cloud Datacenter Expansion, According to IDC at
http://www.idc.com/getdoc.jsp?containerId=prUS25576415 (accessed May 2015)
2 David Senf, quoted in press release: Infrastructure Guardian launches free Cloud
News at http://www.computerdealernews.com/news/cloud-remains-a-mystery-for-canadian-
execs-survey/37307 (accessed May 2015)
5 Peter Mell and Timothy Grance: The NIST Definition of Cloud Computing at
http://brianbourne.ca/2014/03/03/concise-definition-for-public-private-and-hybrid-cloud/
(accessed May 2015)
7 Rob Marvin: IDC’s Top 10 technology predictions for 2015; SDTimes at
http://blogs.technet.com/b/kevinremde/archive/2011/04/03/saas-paas-and-iaas-oh-my-quot-
cloudy-april-quot-part-3.aspx (accessed May 2015)
9 What is Microsoft Azure at http://azure.microsoft.com/en-us/overview/what-is-azure/
http://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-
scenarios/#application-types-and-scenarios (accessed May 2015)
17 What is Azure Multi-Factor Authentication? at http://azure.microsoft.com/en-
http://www.thestreet.com/story/13125256/2/microsoft-msft-earnings-report-q3-2015-
conference-call-transcript.html (accessed May 2015)
www.IGCM.com/eBook 38