Beruflich Dokumente
Kultur Dokumente
Module 1
Application Architecture Patterns
in Azure
Module Overview
1
4/27/18
• Why Patterns?
• Microsoft Patterns & Practices
• Azure Architecture Center
Why Patterns?
2
4/27/18
3
4/27/18
https://github.com/mspnp
https://github.com/mspnp/microservices-reference-
implementation
https://docs.microsoft.com/azure/architecture/
4
4/27/18
https://docs.microsoft.com/azure/architecture/guide/
• Stateless Applications
• The Valet Key Pattern
5
4/27/18
Stateless Applications
Partitioning Workloads
Virtual Machine
Web Front-End
SignalR Hub
Image Processor
Thumbnail Storage
6
4/27/18
Partitioning Workloads
Partitioning Workloads
Thumbnail
Signal-R Storage Web Front- Image
Hub and End Processing
Retrieval
7
4/27/18
8
4/27/18
CQRS Pattern
The Problem
CQRS Pattern
9
4/27/18
Throttling Pattern
The Problem:
• Load on a cloud application varies:
• By Time
• By Quantity of Users
• By Specific User Activities
• By Performance of Actual Underlying Hardware
• Handling load correctly for one user/client may “starve”
other clients of resources
• Solutions must be able to handle sudden bursts of usage
Throttling Pattern
10
4/27/18
Discussion
• Transient Errors
• The Retry Pattern
• Queues
11
4/27/18
Transient Errors
12
4/27/18
13
4/27/18
14
4/27/18
Queues
Queues
15
4/27/18
Discussion
16
4/27/18
• Asynchronous Messaging
• Cached Data Consistency
• Load Balancing
Asynchronous Messaging
17
4/27/18
• Example:
• Application caches a list of the 10 latest records
• Whenever a new record is added, the list is officially stale
• Do you re-query the database constantly?
• Do you skip using a cache to have real-time data?
18
4/27/18
Cache-Aside Pattern
Cache-Aside Pattern
19
4/27/18
Static Content
20
4/27/18
Load Balancing
21
4/27/18
Discussion
• Redis Cache
• Database Partitioning
22
4/27/18
Redis Cache
Database Partitioning
23
4/27/18
Sharding Pattern
24
4/27/18
25
4/27/18
Discussion
• Review Questions
26
4/27/18
Module 2
Deploying Resources with
Azure Resource Manager
Module Overview
• ARM Templates
• Role-Based Access Control (RBAC)
• Resource Policies
• Security
• Building Blocks
27
4/27/18
28
4/27/18
https://github.com/Azure/azure-quickstart-templates
Deploying Resources
• PowerShell
• Cross Platform Command-Line Interface
• Client Libraries
• Visual Studio
• Portal template deployment
29
4/27/18
JSON
What is JSON?
30
4/27/18
{
"$schema":
"http://schema.management.azure.com/schemas/2015-01-
01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
},
"resources": [
],
"outputs": {
}
}
Template Complexity
31
4/27/18
Parameters
Resources Output
Variables
32
4/27/18
Discussion
33
4/27/18
Roles
34
4/27/18
Role Assignment
Resource Scope
35
4/27/18
Discussion
36
4/27/18
Policy vs RBAC
Permissions
To define requires:
Microsoft.Authorization/policydefinitions/write
To apply requires:
Microsoft.Authorization/policyassignments/write
37
4/27/18
Built-In Policies
Policy Definition
How to define:
• Use All Mode
• Use Parameters
• Policy Rule contains simple if and then blocks
{
"if": {
<condition> | <logical operator>
},
"then": {
"effect": "deny | audit | append"
}
}
38
4/27/18
Policy Assignment
• Using PowerShell
• GUI through Azure Portal
Policy Assignment
• Using PowerShell:
39
4/27/18
Policy Assignment
40
4/27/18
• Pattern:
{
"if": {
"not": {
"field": "name",
"match": "contoso??????"
}
},
"then": {
"effect": "deny"
}
}
Discussion
41
4/27/18
Lesson 4: Security
42
4/27/18
43
4/27/18
Discussion
44
4/27/18
https://github.com/mspnp/template-building-blocks/
Supported Resources
45
4/27/18
46
4/27/18
• Template Output
Discussion
47
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
48
4/27/18
Lab Review
• Review Questions
49
4/27/18
50
4/27/18
Module 3
Building Azure IaaS-Based Server
Applications
Module Overview
• High Availability
• Templated Infrastructure
• Domain-Joined Virtual Machines
51
4/27/18
• Azure Availability
• Availability Sets
• Availability Zones
Azure Availability
52
4/27/18
Stand-Alone VMs
Availability Sets
53
4/27/18
Availability Sets
Availability Zones
54
4/27/18
Discussion
• Templated Infrastructure
• Virtual Machine Scale Sets
• Virtual Machines vs. Virtual Machine Scale Sets
• Virtual Machine Scale Set Considerations
55
4/27/18
Templated Infrastructure
•
•
•
•
•
56
4/27/18
57
4/27/18
• Managed Disks
• Marketplace images scale to 1,000 VMs
• Custom images scale to 300 VMs
• Ensure available IP addresses in subnet
• Ensure your compute limits are high enough
• Fault Domains relate to a single placement group
58
4/27/18
Discussion
59
4/27/18
Hybrid Connectivity
• Azure AD Connect
• Active Directory Federation Services
• AD Connect Passthrough
• Deploy AD DS to an Azure VM
60
4/27/18
Azure AD Hybrid
Azure AD Hybrid
61
4/27/18
Discussion
62
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
63
4/27/18
Lab Review
• Review Questions
64
4/27/18
65
4/27/18
Module 4
Creating Managed Server Applications
in Azure
Module Overview
66
4/27/18
67
4/27/18
68
4/27/18
69
4/27/18
Discussion
70
4/27/18
71
4/27/18
72
4/27/18
Azure Batch
Azure Batch
73
4/27/18
Discussion
74
4/27/18
Discussion
Lesson 3: Migration
• Migration
• On-Premises Lift and Shift
• Migration from Classic IaaS
• Migration from Cloud Services
75
4/27/18
Migration
76
4/27/18
On-Premises Migration
Two options:
• To IaaS – little code changes – need to manage the OS
• To PaaS – rewrite the code but no OS management required
77
4/27/18
Discussion
78
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
79
4/27/18
Lab Review
• Review Questions
80
4/27/18
81
4/27/18
Module 5
Authoring Serverless Applications in
Azure
Module Overview
82
4/27/18
• Web Apps
• API Apps
Web Apps
• Web Apps:
• Near instant deployment
• SSL and Custom Domain Names available in some tiers
• WebJobs provide background processing for independent
scaling
• Can Scale to larger machines without redeploying
applications
• Virtual Machines:
• Need Availability Sets or Load Balancers to prevent
simultaneous restarts for maintenance or hardware failures
• Additional machines needed for background processing
83
4/27/18
• Create Packages:
• Continuous Delivery with VSO or GitHub
• Can use Team Foundation Version Control (TFVC) or Git for
source control
• Deployment Slots:
• Can create slots such as: Staging, Production, Testing
• Web Deploy:
• Older IIS Extension method to Export and Import
• FTP Deployment
84
4/27/18
Container Orchestration
• Docker Hub:
• Deploy images already shared on Docker Hub
• Deploy the most popular official images
• Private images are available on Docker Hub
API Apps
• Quickly implement
Custom APIs:
• Publish to External,
Partner and Internal
developers
• Extend Operations for
data and services:
• Each API can have 1 or
more operations
• API Apps can be
integrated into Logic
App workflows
85
4/27/18
Mobile Apps
X-Plat SDKs
Facebook Twitter Microsoft Google Azure
Azure Active
Active
Directory
Directory
Node.js
Express
.NET
Web API
Discussion
86
4/27/18
• Serverless Processing
• Event-Based Triggers
Serverless Processing
87
4/27/18
Serverless Services
Azure Functions
• Azure Functions:
• Build on WebJobs Technology
• Available in Consumption and App Service Plan billing
modes
• Can be deployed using Scripts or Pre-Compiled
• Managed and Edited directly in the portal:
• Supports CI from GitHub or VSO if preferred
88
4/27/18
Event-Based Triggers
89
4/27/18
Messaging Triggers
Discussion
90
4/27/18
Lesson 3: Integration
• API Management
• Logic Apps
API Management
91
4/27/18
Logic Apps
92
4/27/18
• Workflow:
• The business process described as a series of steps
• Triggers:
• The step that invokes a new workflow instance
• Actions:
• A individual step in a workflow, typically a Connector or
custom API App
• Connectors:
• A special case of an API App that is pre-built and ready to
integrate with a specific service or data source:
• For example: Twitter and SQL Server Connectors
93
4/27/18
Discussion
94
4/27/18
• Best Practices
• Basic Web Application
• Scaling
• Traffic Manager
Best Practices
95
4/27/18
Resource group
Scaling
96
4/27/18
Scaling
Redis cache
Web App API App Web Job
Azure
Search
Resource
group
Edge
servers
Traffic Manager
97
4/27/18
Traffic Manager
Multi-Region Model
98
4/27/18
Multi-Region Model
Active region
Azure Active
D irectory Redis cache
Web App API App Web Job
Az ure
Authentication S earch
Q ueue static
content CDN
Standby region
Traffic
Manager App Service
Plan
App Service Plan
Redis cache
Web App API App Web Job
Az ure
S earch
Q ueue
Discussion
99
4/27/18
100
4/27/18
101
4/27/18
Customer Inventory
Customer Goals
Dispatch:
Location:
Tracking:
102
4/27/18
Customer Needs
Customer Objections
103
4/27/18
Call to Action
• Target Audience
• Solution Architecture
• Benefits
104
4/27/18
Target Audience
Solution Architecture
Mobile Apps
Web Apps
105
4/27/18
Benefits
• Authentication:
• Drivers can use Microsoft, Facebook, Twitter or Google
credentials
• Notifications:
• Broadcast device notifications can be sent to each driver
• Offline Data:
• Data is cached in the app to work when devices are out of
signal range
• Custom Back-end Services:
• Custom REST APIs can be hosted by Mobile Apps using Web
API
106
4/27/18
Benefits
• Front-end Website:
• Web Apps can host the secure website for dispatchers
• Scaling:
• Autoscale can be configured to automatically adjust
instance count to match usage
• Back-end Jobs:
• WebJob processes data on a schedule and outputs to SQL
Database for reports
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
107
4/27/18
Lab Scenario
Lab Review
108
4/27/18
• Review Question
Module 6
Backing Azure Solutions with
Azure Storage
109
4/27/18
Module Overview
• Pricing
• Blob Storage
• Files
• StorSimple
Lesson 1: Pricing
• Azure Storage
• Storage Account Security
• Storage Account Replication
• Storage Performance & Pricing
110
4/27/18
Azure Storage
111
4/27/18
112
4/27/18
Discussion
113
4/27/18
• Blob Storage
• Un-Managed Disks
• Managed Disks
• Deployment Considerations
Blob Storage
114
4/27/18
Un-Managed Disks
115
4/27/18
Managed Disks
116
4/27/18
Deployment Considerations
Discussion
117
4/27/18
Discussion
Lesson 3: Files
• Azure Files
• Azure File Sync
118
4/27/18
Azure Files
• Azure Files
• Azure IaaS VM File Share
• Azure File Sync for Hybrid and DR
119
4/27/18
Components
120
4/27/18
Discussion
121
4/27/18
Lesson 4: StorSimple
• StorSimple
• Data Tiering
StorSimple
122
4/27/18
Architecture
Features
123
4/27/18
Data Tiering
Discussion
124
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
125
4/27/18
Lab Review
• Review Questions
126
4/27/18
127
4/27/18
Module 7
Comparing Database Options
in Azure
Module Overview
• Relational Databases
• NoSQL Services
• Azure Cosmos DB
• Data Storage & Integration
• Data Analysis
• Web Apps & SQL Case Study
128
4/27/18
• SQL-as-a-Service Offering:
• Fully managed
• Automatically replicated
• Compatible with existing TDS-capable software:
• Visual Studio
• SQL Server Management Studio
• Entity Framework
• Managed using existing tools, the CLI, PowerShell or the
Portal
• Performance measured in a predictable manner:
• Database Throughput Units (DTUs)
129
4/27/18
Tiers
• • •
• • •
• • •
• • •
• •
Stretch Database
130
4/27/18
Elastic Scale
131
4/27/18
Discussion
• Azure Storage
• Azure Search
132
4/27/18
Azure Storage
Storage Architecture
Partition Layer
Stream Layer
133
4/27/18
Storage Tables
Migration to Cosmos DB
134
4/27/18
Azure Search
• Search-as-a-Service:
• Delegates server and infrastructure management to
Microsoft
• Immediately ready-to-use service that you populate with
search data, and then access from your application:
• Accessible via REST APIs or Client SDKs
• Standard search is fully scalable, with options to increase
storage or service replicas for handling larger query loads
135
4/27/18
• Cosmos DB
• Consistency Levels
136
4/27/18
Cosmos DB
SQL
Azure Cosmos DB
Key-Value Column-family Documents Graph
Global distribution Elastic scale out Guaranteed low latency Five consistency models Comprehensive SLAs
Global Distribution
137
4/27/18
APIs
Column-family
Key-Value
Graph
Documents
SQL
Consistency Levels
138
4/27/18
Throughput
Discussion
139
4/27/18
140
4/27/18
141
4/27/18
Azure Storage
142
4/27/18
Data Lake
Data Lake
Analytics
U-SQL
YARN
WebHDFS
Storage
143
4/27/18
Data Lake
Data Integration
144
4/27/18
Data Factory
Data Factory
Connect &
Collect
Transform
& Enrich
Publish
Monitor
145
4/27/18
Data Factory
146
4/27/18
Analysis Services:
• Enterprise BI-as-a-Service
• Increases efficiency of queries:
• Complex raw data is optimized “behind the scenes” for search and
processing
• DirectQuery-caliber speeds are achievable on many data sources
• Easier for users to surface data:
• Data is surfaced in user-friendly business models
• Users can use well-known tools, like Excel or Power BI, to query the
models
Analysis Services
SQL Database
Security
SQL Data Warehouse In-Memory
Cache Power BI
Data Lake Data
Modeling
HDInsight/Spark
Other
Azure Analysis Services Third-Party
Power BI Desktop
Lifecycle
Business Logic
SQL Server/Oracle Management Excel
& Metrics
Other
147
4/27/18
HDInsight
HDInsight
148
4/27/18
HDInsight
Shape
Experiment Query
HDInsight
Lightweight
Low cost to extend Breadth of Clients (Java, JS, .NET, etc.)
Scenario oriented
Connectivity
Programmability
Consistent REST API’s Security
Loosely coupled
149
4/27/18
HDInsight
• Sentiment Analysis
• Clickstream Processing
• Machine/Sensor
• Server Logs
• Geo-Location
HDInsight
Azure HDInsight
150
4/27/18
Data Catalog
Data Catalog
• Search
Understand • Data Assets
Contribute
• Browse • Metadata • Familiar Tools • Tag
• Filter • Experts • Existing • Document
• Context Processes • Publish
Discover Consume
151
4/27/18
152
4/27/18
• Data-center:
• As of 2009, most IT infrastructure is located in an on-site
datacenter (Provo, Utah)
• Also has servers hosted in a third-party collocated
datacenter
• Costs USD $30,000 - $40,000 per month
• Servers located throughout the United States
• Capacity:
• Most applications and databases run on underutilized
hardware
• Data scattered throughout multiple geographic locations
153
4/27/18
• Other Brand:
• Tailspin
• Goals:
• Upcoming hardware refresh = significant capital
expenditure
• Looking to eliminated the costly and risky refresh cycles
Customer Inventory
• Existing Applications
154
4/27/18
Customer Goals
Migration:
Performance:
Ease of Use:
Customer Needs
155
4/27/18
Customer Objections
Customer Objections
• Business Continuity:
• How can we certain our data will survive in the event of a catastrophe in
a certain part of the world?
• We need to be able to recover from mistakes made by administrators
that accidentally delete production data (we know they happen, we
would love an “undo”)
• Do we need to have multiple web server instances for each property to
have a high SLA?
156
4/27/18
Customer Objections
• Tool Familiarity:
• Will we need to learn new tools to develop for Azure Websites and SQL
Database?
• What about diagnosing problems? Are there new tools we need
purchase and learn?
• Connectivity:
• Some of our enterprise web services need to access data and other
services located on-premises, is this supported?
• How can we ensure we are delivering the lowest latency possible to our
website visitors?
• We need to ensure that if we have multiple web servers backing a given
website, that no one web server gets all the traffic
Customer Objections
• Management:
• We would prefer not to have to manage patching of web servers and
databases
• With all of our websites and databases around the world, how do we
keep tabs on which is up and which is down and which is struggling?
• We need a simple solution to schedule and automate backup of the
website and database
157
4/27/18
Customer Objections
• Security:
• Is it possible to allow our visitors to use a mix of legacy and modern
browsers and still provide for secure transactions?
• What does Azure offer to help us with auditing access to our web
servers and databases?
• Our staff is accustomed to accustomed to a single sign-on experience —
will this still be possible?
Call to Action
158
4/27/18
• Target Audience
• Potential Solution
• Benefits
• Customer Quote
Target Audience
159
4/27/18
Potential Solution
Potential Solution
160
4/27/18
Benefits
Benefits
161
4/27/18
Benefits
Customer Quote
Hayley Leigh
Manager of Solution Development
Adventure Works Cycles
162
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
163
4/27/18
Lab Review
• Review Question
164
4/27/18
Module 8
Networking Azure Application
Components
Module Overview
• Virtual Networks
• Load Balancing
• External Connectivity
• Secure Connectivity
• Networking Case Study
165
4/27/18
166
4/27/18
167
4/27/18
• Networking Topology:
• Define 1 or more VNets within an Azure Region, and configure an address
space for each
• Define 1 or more SubNets within a VNet, and configure address space
within the VNet range
• VNets and SubNets are using CIDR notation (x.x.x.x/24, x.x.x.x/16,…)
• Configure Network Security Group settings on VNet level
• Attach a NIC to a SubNet
• SubNet IP Addressing:
• IP-address gets allocated to a NIC during provisioning of the NIC
• First available IP-address in a SubNet range is x.x.x.4
• Azure SubNets support dynamic (=default) and static IP addressing
• Public IP-addressing:
• Used for all public internet-facing
communication
• Required parameter when creating
a VM from the portal
• Private IP-addressing:
• Used for all inter-VNet
communication
• Used for all communication
between an Azure VNet and
an on-premises VNet
168
4/27/18
Discussion
169
4/27/18
170
4/27/18
10X
Up to 100 backend
instances
Non-zonal frontend
NSG optional
Free
171
4/27/18
You can use Load Balancer Standard for TCP & UDP
scenarios with:
• Larger scale Standard
• Greater flexibility Up to 1000 backend
• HA Ports instances
Zone-redundant frontend
• New metrics
Zonal frontend
• Availability zones Availability Sets not
required and Availability
Zones
Integrated Frontend and
Backend health metrics
Supports HA Ports
NSG required
172
4/27/18
URL-based Routing
173
4/27/18
SSL Termination
Internet (www.domain1.com)
(www.domain2.com)
Application GW
http://www.domain1.com https://www.domain2.com
http://www.domain2.com =>
https://www.domain2.com
174
4/27/18
175
4/27/18
176
4/27/18
Connectivity Options
Connectivity Benefits
ExpressRoute • ExpressRoute as primary cross-premises connectivity
• Multiple circuits for redundancy & better routing
• ExpressRoute-VPN co-existence for highly available,
redundant paths
Site-to-Site VPN • S2S VPN over Internet for remote branch locations
• BGP & active-active configuration for HA and transit
Point-to-Site VPN • P2S VPN for mobile users & developers to connect from
anywhere with macOS & Windows
• AD/radius authentication for enterprise grade security
177
4/27/18
Scenarios:
• High throughput, hybrid workload over VPN tunnels
• Failover from ExpressRoute circuits to S2S VPN tunnels
• P2S for dev/test connectivity from anywhere
VNET Peering
178
4/27/18
VNet Peering
179
4/27/18
Forced Tunneling
• Challenges:
• IaaS services accessible through internet
• Customers may require their VMs to be only accessed from
on-premises VNET
• Solution—Forced Tunneling:
• IaaS services only accessible from a VNET
• Site-to-Site VPN
• Or ExpressRoute
180
4/27/18
Forced Tunneling
• Challenges:
• PaaS services accessible through internet
• Customers may require their services endpoints
to be only accessed from their VNETs
181
4/27/18
Discussion
182
4/27/18
183
4/27/18
SOURC DESTINATION
NAME PRIORITY SOURCE IP DESTINATION IP PROTOCOL ACCESS
E PORT PORT
ALLOW AZURE
LOAD AZURE_
BALANCER 65001 * * * * ALLOW
LOADBALANCER
INBOUND
DENY ALL
INBOUND 65500 * * * * * DENY
DESTINATION
NAME PRIORITY SOURCE IP SOURCE PORT DESTINATION IP PROTOCOL ACCESS
PORT
ALLOW
INTERNET 65001 * * INTERNET * * ALLOW
OUTBOUND
DENY ALL
OUTBOUND 65500 * * * * * DENY
184
4/27/18
185
4/27/18
• Fabrikam Residences:
• National Real Estate Services Group:
• Rapid growth slowed by expensive and unresponsive datacenter
infrastructure
• “We are a national real estate firm, we want to make
investments that support our core business, and buying and
managing servers is not our core business.”
-Craig Jones, CIO
• DOS Strategy:
• “Don’t own stuff”
• Focus on investments directly relevant to core business
• Avoid being an asset-intensive organization
Customer Inventory
• Existing Applications
Misc. servers
California Virginia
distributed
Datacenter Datacenter
geographically
186
4/27/18
Customer Goals
Migration:
CRM:
Scale to usage:
Customer Needs
187
4/27/18
Customer Objections
Customer Objections
188
4/27/18
Call to Action
• Target Audience
• Potential Solution
• Benefits
• Customer Quote
189
4/27/18
Target Audience
Potential Solution
190
4/27/18
Potential Solution
Potential Solution
191
4/27/18
Benefits
• Security/Privacy:
• Request are isolated using industry-standard VLANs.
Requests do not traverse the public internet
• Network Performance:
• Predictable network performance since you are not
competing with other traffic
• Public Peering:
• Private connectivity between Azure services
• Cross-Region Connectivity:
• Connect multiple virtual networks using the same
ExpressRoute circuit
Benefits
192
4/27/18
Customer Quote
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
193
4/27/18
Lab Scenario
Lab Review
194
4/27/18
• Review Questions
195
4/27/18
Module 9
Managing Security & Identity
for Azure Solutions
Module Overview
• Security
• Identity
196
4/27/18
Lesson 1: Security
• Platform Security
• Securing the Azure Platform
Platform Security
197
4/27/18
Customer A Customer B
198
4/27/18
Microsoft Azure
199
4/27/18
200
4/27/18
• Azure SQL-as-a-Service:
• Apply RBAC to limit SQL Resources Admin-level access
• Be cautious with the “Allow Azure Services” access
• Features:
• SQL Database Encryption At Rest (TDE)
• SQL Database Encryption In Transit
• SQL Auditing & Threat Detection
• SQL Dynamic Data Masking
• SQL Row Level Security
• SQL Vulnerability Assessment
201
4/27/18
• Azure Networking:
• Isolate VM traffic by deploying multiple VNETs and
separate Subnets within
• Use Network Security Groups to limit traffic allow/deny
• Integrate Forced Tunneling, User Defined Routing to control
traffic outside from the default Azure Routes
• Explore Azure Marketplace Virtual Appliances:
• Load Balancers
• Firewalls
202
4/27/18
Developer accesses
Microsoft the Keys using URI
Azure request
Lesson 2: Identity
203
4/27/18
Microsoft Azure
Active Directory
=>
Windows Server
Active Directory User identities from
multiple repositories Hybrid
identity
LDAP v3
LOB App On-Premises
Servers ADDS
Windows Windows Server
LOB Web File Shares,
PowerShell Active Directory
Servers Printers,…
Web services
(SOAP, Java, Generic SQL
REST) via ODBC
Cloud Authentication
Authentication Agent
204
4/27/18
Single Sign-On
3rd Party
Web Applications
Cloud Applications
Intranet Windows 10
Azure AD Applications Desktop
Implement
SSO
Everywhere
Directory Sync
Mobile
IoT Devices
Applications
STS (Trust)
Security Token
DMZ
205
4/27/18
Azure AD Connect
Microsoft Azure
Active Directory
User Identity +
Password Hash synchronization
206
4/27/18
Azure AD Connect
Microsoft Azure
Active Directory
User Identity
synchronization
Azure AD Connect
Microsoft Azure
Active Directory
User Identity
synchronization
Pass-through Seamless
authentication SSO
Authentication passed to
Windows Server Active Directory
via Pass-through authentication
Pass-through authentication
agent
207
4/27/18
Azure AD Connect
Seamless SSO is now enabled for the 1st option, too: Identity + Password (Hash) synchronization
Microsoft Azure
Active Directory
User Identity +
Password Hash synchronization
Azure AD Connect
User
Seamless Identity
ADFS Seamless synchronization
SSO SSO
208
4/27/18
Hybrid Identity
• Consolidated deployment
assistant for your identity
bridge components
• All currently available sync
engines will be replaced by the Azure Active
DirSync Directory Connect
sync engine included in the
Connect tool Azure Active Directory
Sync Sync engine
• Assisted deployment of ADFS
will be available through Azure
FIM+Azure Active
Directory Connector
209
4/27/18
Azure AD B2B
Azure AD B2C
210
4/27/18
Multi-Factor Authentication
• What is it?:
• An authentication method, which requires an additional
validation item, besides your username and password
combination:
• Text message
• Azure Authentication App
• How does MFA work?
• Requires 2 or more (configurable) account validation
options:
• Something you know (typically user/password combination)
• Something you have (Mobile authenticator app)
211
4/27/18
212
4/27/18
• Key Characteristics:
• Provides a compatibility layer for Active Directory
integrated applications, on top of Azure AD
• Takes resources from Azure AD to “emulate” an Active
Directory domain (users, groups, memberships, passwords,
limited GPOs)
• One AAD DS per Azure AD
• High Availability built-in
Azure
Azure AD
Domain Services
Azure AD
Azure ADDS
domain joined
213
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
214
4/27/18
Lab Review
• Review Question
215
4/27/18
Module 10
Integrating SaaS Services Available on
the Azure Platform
Module Overview
• Cognitive Services
• Bot Services
• Machine Learning
• Media Processing
216
4/27/18
• Cognitive Services
• Intent Detection
• Cognitive APIs
Cognitive Services
People
217
4/27/18
Cognitive Services
Cognitive Services
Vision
Computer Vision | Content Moderator | Emotion | Face | Video |
Video Indexer | Custom Vision Service
Speech
Bing Speech | Custom Speech Service | Speaker Recognition
Microsoft Language
Bing Spell Check | Language Understanding | Linguistic Analysis |
Cognitive Text Analytics | Translator Text & Speech | Web Language Model
Knowledge
Services Academic Knowledge | Entity Linking | Knowledge Exploration |
Recommendations | QnA Maker | Custom Decision Service
Search
Bing Autosuggest | Bing Image Search | Bing News Search | Bing Video
Search | Bing Web Search | Bing Custom Search
Labs
Project Prague | Project Cuzco | Project Johannesburg | Project Nanjing |
Project Abu Dhabi | Project Wollongong
218
4/27/18
Intent Detection
219
4/27/18
Linguistic Analysis
Train by providing
examples
Deploy to an HTTP
Create your endpoint and
own LU model activate on any
device
220
4/27/18
Remind me to
Book me a Order me 2 Where is the
call my dad
flight to Cairo pizzas nearest club?
tomorrow
221
4/27/18
Pre-built Domains
Pre-built Entities
Phonenumber
(US) Temperature Url
222
4/27/18
Cognitive APIs
Face API
223
4/27/18
Face API
Face
location
Submitted
faces
Metadata
about face
Face API
• Face Verification:
• Authentication using a face
• Finding Similar Faces:
• Find faces that look most similar
• Face Grouping:
• Groups faces based on similarities
• Face Identification:
• Detect a face based on a “known people” database
224
4/27/18
Speech Translation
Speech Translation
TrueText
Automatic
Speech
Recognition
Machine
Translation
225
4/27/18
Speech Translation
TrueText
Automatic
Speech
Recognition
Machine
Translation
Discussion
226
4/27/18
• Bot Services
• QnA Maker
Bot Services
227
4/27/18
Bot Framework
Bot Framework
HTTP
AI
{ Your Code }
REST Endpoint
Intelligent Tools
SDK
228
4/27/18
Bot Services
Bot Services
229
4/27/18
230
4/27/18
QnA Maker
QnA Maker
231
4/27/18
• Machine Learning
Machine Learning
How can we
make it
happen?
What will
happen?
Why did it
happen?
Value
What
happened?
Difficulty
232
4/27/18
Machine Learning
Machine Learning
• Example of Algorithms:
• Classification: Assign a category to each item
• Regression: Predict a real value for each item
• Ranking: Order items according to some criterion
• Clustering: Partition items into homogeneous groups
• Dimensionality reduction: Transform an initial
representation of items into a lower-dimensional
representation while preserving some properties
233
4/27/18
Machine Learning
Data set
Data cleaning
Algorithm Split
Training data
Test data
Train model
(Another model)
Score model
Evaluate model
Discussion
234
4/27/18
• Media Services
• Computer Vision API
Media Services
235
4/27/18
Media Services
Partner CDNs
Secure Encoding On-Demand Live Ingest Live Origin Advertising
Media Ingest Origin
Azure CDN
Media Job Static/Dynami Content Live Encoding Analytics Identity
Scheduling c Packaging Protection Management
Media Services
• Video Processing
Ingest
• Video-on-demand
Encode
• Video analytics
Package
Encrypt
Deliver
236
4/27/18
Live Streaming
237
4/27/18
Video Indexer
238
4/27/18
239
4/27/18
Image Tagging
'tags': [
{
"name":"grass",
"confidence":0.999999761581421 },
{
"name":"outdoor",
"confidence":0.999970674514771 },
{
"name":"sky",
"confidence":999289751052856 },
{
"name":"building",
"confidence":0.996463239192963 },
{
"name":"house",
"confidence":0.992798030376434 },
{
"name":"lawn",
"confidence":0.822680294513702 },
{
"name":"green",
"confidence":0.641222536563873 },
{
"name":"residential",
"confidence":0.314032256603241
},
]
Description Generation
"description": {
"captions": [
{
"type":"phrase",
"text":"a black and white photo of
a large city",
"confidence":0.607638706850331
},
{
"type":"phrase",
"text":"a photo of a large city",
"confidence":0.577256764264197
},
{
"type":"phrase",
"text":"a black and white photo of
a city",
"confidence":0.538493271791207
}
],
"tags": {
"outdoor",
"city",
"building",
"photo",
"large"
}
}
240
4/27/18
Color Schemes
White, Black,
Black White
Green
241
4/27/18
Discussion
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
242
4/27/18
Lab Scenario
Lab Review
243
4/27/18
• Review Question
Module 11
Integrating Azure Solution
Components Using Messaging
Services
244
4/27/18
Module Overview
• Event Messaging
• Integration
• Internet of Things (IoT)
• Storage Queues
• Service Bus
• Event Grid
245
4/27/18
Storage Queues
• Create/Delete Queue
• Measure Queue Length
• Insert Message into Queue
• Retrieve the Next Message
• Extend Message Lease
• Peek at the Next Message
• Update a Message
• Delete a Message
246
4/27/18
Service Bus
247
4/27/18
Web App
Service Or
Mobile App Queue
Application
Service
248
4/27/18
Service Application
Send/Receive
Service Bus
Relay
Client Client
Application Application
Event Grid
249
4/27/18
• Automate Operations:
• Event Grid can publish ARM events including:
• Resource creation
• Resource modification/deletion
• Deployment of multiple resources to a resource group
• Creation or deletion of a resource group
• Azure services can respond to an Event Grid resource-based
event by performing automation actions:
• A Logic App can modify a newly created database
• Azure Automation can manage a new VM
• Metadata about a resource deployment can be stored in
Azure Storage using an Azure Function
Discussion
250
4/27/18
Lesson 2: Integration
• Serverless Integration
• Notification Hubs
Serverless Integration
251
4/27/18
Logic Apps
252
4/27/18
Azure Functions
Apps
eCommerce Digital Global Presence Custom Apps LOB API / Services / ISV
App Service
Azure Functions
• Methods of Execution:
• Triggers
• WebHooks
• Language of Choice:
• C#, F#, Node.js, Python, PHP, batch, bash, Java
• Pricing Options:
• Dynamic (pay-per-use)
• App Service Plan
• Integrations:
• DocumentDB, Event Hubs, Mobile Apps (tables),
Notification Hubs, Service Bus, Storage
• GitHub (webhooks), On-premises (using Service Bus)
253
4/27/18
254
4/27/18
Notification Hubs
Benefits
• Managed Infrastructure:
• You don’t have to worry about scaling your application
yourself
• You can focus on messages and templates, not the
mechanics of your service
• SDKs available for major platforms
• Template support
• Support for filtering recipients by tag
255
4/27/18
Platform
Retrieve Handle
Send Message
Discussion
256
4/27/18
• Event Hubs
Event Hubs
257
4/27/18
Event Hubs
• Input Streaming:
• Receives high-velocity message streams in a
multi-consumer group
• Isolated Read:
• Stores “pointers” for each reader so they can resume at a
specific point-in-time in reading time-based messages from
the queue
• Open Protocols:
• Supports AMQP 1.0
• REST API for management
HTTP
AMQP
258
4/27/18
IoT Hubs
IoT Hubs
2
RTOS, Linux, Windows, Android, iOS
Protocol
Adaptation
1. Direct connection (HTTP, AMQP)
2. Cloud Protocol Adaptation (e.g.
Devices
3
MQTT)
Field Protocol 3. Field Protocol Adaptation (e.g.
Gateway Adaptation
DDS)
4. Gateway-assisted (e.g. Bluetooth
LE)
4
Device
Connectivity & Management
259
4/27/18
Iot Hub
Device
Notification Hub
Logic App
MySQL DB
260
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
261
4/27/18
Lab Scenario
Lab Review
262
4/27/18
• Review Question
Module 12
Monitoring & Automating
Azure Solutions
263
4/27/18
Module Overview
• Monitoring
• Backup
• Automation
• Business Continuity Case Study
Lesson 1: Monitoring
264
4/27/18
265
4/27/18
266
4/27/18
Get the granular, up-to-date monitoring data you need—all in one place
267
4/27/18
Azure Advisors
Get the granular, up-to-date monitoring data you need—all in one place
Azure Advisors
268
4/27/18
Azure Portal
Personalized Service Health Dashboard
Azure Monitor
Service Health Alerts
- Service Issues
- Maintenance
- Advisories
http://status.azure.com
General Health Overview of all Azure Services
• Service Issues:
• Shows any ongoing problems in the Azure Platform, having
impact on YOU
• Planned Maintenance:
• Provides information on scheduled maintenance of YOUR
impacted Azure Resources
• Health History:
• Shares feedback of past issues with impact on YOUR Azure
Resources
269
4/27/18
270
4/27/18
Application Insights
271
4/27/18
Application Insights
• Application Map:
• Diagram of App Components and interactions between all
services
• Live Metrics:
• Real-Time Requests information
• Servers:
• Detailed Performance per Instance view
• Availability:
• Run scheduled tests for Uptime
Application Insights
272
4/27/18
Power BI
Embed
Connect to Get access to Simplify Mgmt,
interactive data
different data powerful expose IT data to
visuals and
sources, create dashboards, non-IT teams,
reporting
reports and data alerts and drill achieve
features into your
charts down for info compliance
apps
Power BI
273
4/27/18
Power BI Integrations
Lesson 2: Backup
• Azure Backup
• Backup Options
• Specialized Backup
• Site Recovery
274
4/27/18
Azure Backup
Backup Options
Microsoft Azure
Data Channel Backup Vault
Source: Windows OS
Public Internet or ExpressRoute
with Public Peering
275
4/27/18
Azure
Backup
Server
or DPM
Microsoft Azure
Data Channel Backup Vault
Source: VMware, AWS
& Physical Servers Public Internet or ExpressRoute
with Public Peering
276
4/27/18
Specialized Backup
277
4/27/18
278
4/27/18
NEW
Ship
279
4/27/18
Site Recovery
280
4/27/18
Config
Server
Process
Server
Microsoft Azure
Data Channel
Source: VMware, AWS
& Physical Servers Public Internet or ExpressRoute
with Public Peering
281
4/27/18
Azure
VM
Azure Site Recovery
Microsoft Azure
Same or different Region
Data Channel
Source: Azure
Azure Backbone
Lesson 3: Automation
• Azure Automation
• Automation Flow
• Configuration Management
282
4/27/18
Azure Automation
Features
• Process Automation:
• Author runbooks - PowerShell, scripts PowerShell
workflow, Graphical, Python2
• Hybrid Runbook Workers with Proxy support
• Configuration Management:
• DSC Configurations, Pull service
• Node Management & Reporting
• Change tracking & Inventory
• Update Management:
• Insights across a hybrid Environment
• Orchestrated updates and troubleshooting
283
4/27/18
Cross-Cloud
Third party
clouds
Microsoft Azure
Automation
On-premises Datacenters
Branch offices datacenters
Secured connection using the
Azure Automation Hybrid
Worker
Automation tasks are running on-premises, but
triggered from Azure Automation
Azure Stack
284
4/27/18
285
4/27/18
On-premises
Runbook
Environment
Azure
Automation
Microsoft
Mgmt
Agent
Operations
Hybrid Runbook Management
Worker Suite
286
4/27/18
Automation Flow
Azure Portal
Azure Automation
Webhooks Runbooks
PowerShell
A
Alerts
Run actions against
Azure Resources
Automation Flow
287
4/27/18
Configuration Management
Provision/ Manage
Infrastructure
Bootstrap Agents
Customize VM
Chef
Key Capabilities:
• Infrastructure as code
• Declarative interface to resource
• Policy based configuration management
288
4/27/18
Puppet
• Key Capabilities:
• Supports easy to read declarative language
• Enforces desired state on the system
• Puppet Forge supports many ready to use modules
Cloud Shell
289
4/27/18
290
4/27/18
• Specialty:
• Technical and Scientific Books
• Catered to Academic Authors for Years
• Extensive Historical Catalog of Technical and Scientific
Books
Customer Inventory
• Existing Applications
291
4/27/18
Customer Inventory
• Backup Workflow
Customer Goals
Disaster Recovery:
Budget Conscious:
Limited Resources:
292
4/27/18
Customer Needs
Customer Needs
293
4/27/18
Customer Objections
Customer Objections
294
4/27/18
Call to Action
• Target Audience
• Potential Solution
• Benefits
• Customer Quote
295
4/27/18
Target Audience
Potential Solution
296
4/27/18
Potential Solution
Benefits
297
4/27/18
Benefits
• Recovery Objectives:
• Site Recovery allows for planned, unplanned and test
orchestrated recovery operations
• Cost Effective:
• Eliminates upfront capital expenses normally related to
creating a secondary datacenter
• Security and Privacy:
• Data is encrypted during transit and at rest
• Non-Disruptive Testing of Disaster Recovery Solution:
• Can validated DR orchestration without disrupting
production environment
Customer Quote
298
4/27/18
Logon Information
Virtual machine: 20535A-SEA-ARCH
User name: Admin
Password: Pa55w.rd
Lab Scenario
299
4/27/18
Lab Review
• Review Question
300
4/27/18
Course Evaluation
301