Catalog existing applications (i.e. first 20) Define criteria for moving to or starting applications in the cloud Architect core infrastructure components for cloud integration: Identity Networking Security Acquire cloud development skills Invest in application lifecycle management Take a systematic and disciplined approach to security and compliance
SaaS Microsoft Dynamics CRM 1 Taking advantage of productivity workloads provided in the cloud is a first step for many enterprise organizations. Azure PaaS Windows Intune 2 New development and modern applications move to PaaS. New applications are optimized for cloud computing. Focus is on functionality rather than infrastructure. Your PaaS application Web and mobile backend Data and advanced analytics Event streaming and messaging Your business logic, and code Compute and integration Media and content delivery App (build, deploy and manage) 3 Existing applications move to IaaS Existing applications are moved to IaaS virtual machines using one of two approaches: Lift and shift existing virtual machines are shifted to the cloud. Build in the cloud applications are prebuilt in Azure and traditional methods are used to backup and restore data. Azure IaaS Your virtual network Cloud Service Active Directory & DNS Cloud Service Your Line of Business application
Public cloud SaaS Office 365, OneDrive, Yammer, Dynamics Online,... PaaS New development Efficiency increases IaaS IaaS virtual machines traditional applications Private cloud Private cloud datacenter Core network services remain on premises: Active Directory Domain Services (AD DS) Domain Name System (DNS) Windows Server Update Services Microsoft System Center 2012 Configuration Manager Microsoft IT s hybrid cloud infrastructure Even though a complete migration to the public cloud is the goal, retaining core network services in traditional datacenters for the near future results in a hybrid cloud.
Legacy 37,000 Azure EOL 60% Private cloud Current state (Legacy) 0 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 2013 2014 2015 2016 2017 2018 Future state
180K+ end users Simplification efforts reducing app portfolio at 5% per year Servers, user PC's and mobile devices 29K devices with Intune, 400 apps in company portal Presence in over 119 Countries Migration planned for 73 organizations Using big data to secure the company 120K+ Employees 1.3K+ Line of Business applications 1.2M Devices hit the Microsoft network 150K Devices enrolled in Exchange Active Sync 513 IT supported Site locations 80K+ Users on CRM Online over next 24 months 7B Security monitoring events recorded daily All new development + next gen apps in PaaS 170K Windows 8.1 managed devices 65% Virtualized server environment Migration pace of 3K users per month 40K active in over 700 external networks monthly Online sites growing 4% On-Prem declining at 25% Sales team works 60% mobile 22% LOB apps using IaaS or PaaS, hybrid cloud environment 40K Managed Windows 10 Systems 330K System Center managed devices 220K Users on Office 365 Exchange 90K Employees participate on Yammer each month 270K 97% SharePoint sites in the cloud 7.9M Lync calls/month
300000 250000 200000 150000 100000 On-Prem 50000 0 FY13 FY14 FY15+ Rethink our Experience in the Cloud Understand the Ecosystem Create Shared Services Cloud Foundation Drive Cloud Adoption Utility Sites Migration to Cloud Custom Workload Migration
Post-migration
High MOVE TO CLOUD NOW MOVE TO CLOUD LATER Low Mission Critical Regulatory Exposure Security Requirement Cross- Premises Monitoring Needs Custom App Integration Database Storage BUSINESS FACTORS TECHNICAL FACTORS
Connectivity Cloud-strategy approach CLOUD STRATEGY (Cross Discipline Team) SaaS SaaS Business-architecture led Hybrid cloud IaaS IaaS lift and shift; IaaS and PaaS new deployments New development PaaS Leveraging all cloud paradigms FY12-FY13 Infrastructure Microsoft Bing Xbox Live Windows Live Office 365 SharePoint Online Exchange Online SkyDrive Pro Line of business (LOB) Dynamics CRM Third-party solutions Yammer, Skype Engineering and operations enabling Windows Intune Team Foundation Service VMs HW IaaS PaaS IaaS IaaS IaaS PaaS PaaS SaaS SaaS Building on FY12 destination SaaS strategy {Engineering}
Moving Microsoft IT apps to the Vast majority of Microsoft IT s LOB apps are moving to the cloud 3% 90% of Microsoft IT s 1,100+ production apps meet requirements to move to IaaS or private cloud environments 7% of apps are migrated to the PaaS environment 3% will remain on dedicated hardware IaaS and Private Cloud PaaS Dedicated Hardware
NETWORKING, COMPUTE, STORAGE, APP SERVICES, AUTOMATION, DISASTER RECOVERY, DEV, TEST, UAT, etc. as a SERVICE NETWORKING & AUTOMATION SERVICES Virtual network Availability Set Azure load balancer Autoscale Traffic Manager Automation CDN COMPUTE SERVICES DATA SERVICES On Premises Private Cloud APPLICATIONS & SERVICES Health Monitoring Automation Site-to-Site VPN Point-to-Site VPN Virtual Machines Azure Mobile Services TFS or VS Online + GIT storage blob storage table storage queue StorSimple Cloud Integrated Storage Azure Web Site web roles worker roles VHD VHD data disk Gallery OS images VIRTUALIZATION COMPUTE, STORAGE & NETWORKING Server Group #1 Server Group #2 Express Route APP SERVICES Azure AD Multi-Factor Auth Azure Cache StorSimple Virtual Appliance Backup Service Azure Site Recovery SAN Storage Spaces/SMB Provisioning Access Control BizTalk Services Media Services SQL Database SQL Data Sync MySQL database DEVICES & FACILITIES Physical Infrastructure (Servers/Storage/Networking Monitoring Automation & Self Service Application Insight Service Bus Notification Hub Scheduler HDInsight (Hadoop) IT Service Management * Not meant to be a comprehensive list of all services, for a complete list please visit azure.microsoft.com
Azure Security and Compliance Secure development, operations, and threat mitigation practices provide a trusted foundation Private fiber connections to access compute, storage and more using ExpressRoute ExpressRoute Peer INTERNET THREAT DETECTION: DoS/IDS Layer Cloud Access & Firewall Layer Customer Environment Clients / End Users Microsoft Azure No internet access by default Intrusion detection and DoS prevention measures Customer can deploy additional DoS/IDS measures within their virtual networks Penetration testing 443 Azure s certification process is ongoing with annual updates and increasing breadth of coverage. Azure manages compliance with: ISO 27001 SOC1 / SOC2 HIPAA BAA DPA / EU-MC UK G-Cloud / IL2 PCI DSS FedRAMP DOS/IDS Layer Application Tier 443 Azure Storage Azure provides a number of options for encryption and data protection. DOS/IDS Layer VPN Logic Tier DOS/IDS Layer SQL Database Computers Behind Firewalls Enables connection from customer sites and remote workers to Azure Virtual Networks using Site-to-Site and Point-to-Site VPNs Remote Workers Database Tier Isolated Virtual Network Azure Platform Logical isolation for customer environments and data Centralized management via SMAPI or the Azure Portal
Heritage of security and compliance First Microsoft Datacenter Microsoft Security Response Center Active Directory Trustworthy Computing Initiative Malware Protection Center Federal Desktop Core Configuration SAS 70 SOC 1 SOC 2 Office 365 for Government CJIS 1989 1996 2000 2005 2010 2012 2014 Windows C2 Defense Messaging System Windows Update Security Development Lifecycle Digital Crimes Unit ISO/IEC 27001:2005 FISMA ATO HIPAA/ HITECH FedRAMP ATO Operations Security Assurance IRS 1075
HYBRID CLOUD SAMPLE ARCHITECTURES
Hybrid Cloud Scenarios Encrypted Backup VPN Windows Backup SC Data Protection Manager Recovery Microsoft Azure Site A System Center Virtual Machine Manager Replication Recovery Site B Microsoft Azure Recovery plan Manage Microsoft Azure Health Monitor Site A System Center Virtual Machine Manager Hyper-V Replica Site B System Center Virtual Machine Manager Orchestrated Recovery in case of outage VPN Admin Remote Users
Hybrid Cloud Scenarios Developers Microsoft Azure SDK VPN Tier 1 Availability Set Tier 2 Availability Set Tier 3 Availability Set VPN Microsoft Azure Microsoft Azure AD Load Balancing Auto Scaling Web Site Virtual Machines VHD Auto SharePoint Scaling Mobile Service Analytics & Reporting SQL Azure Azure Storage HDInsight (Hadoop) Microsoft Azure CDN Microsoft Azure Cache Storage BLOB Storage Table Notification Hub Users On Premises Storage Queue INGRESS NODES ANALYTICS NODE CONSUME Collect / Decode Record Filter / Analyze / Aggregate Reporting / BI Connected Devices Microsoft Azure Load Auto Worker Balancing Scaling Roles Azure Storage Auto Worker Scaling Roles Analytics & Reporting SQL Azure Azure Storage
Hybrid Cloud Scenarios Enterprise Mobility Suite Hybrid Identity Management Mobile Device Security& Management Mobile Application Management Strong Authentication & Access based Information Protection Encrypted Synchronization Microsoft apps PCs and devices Microsoft Azure AD Consumer identity providers Custom LOB apps ISV/CSV apps 3rd party clouds/hosting Multi-Factor Authentication Server On Premises Applications ADFS / SAML Corporate devices.net, Java, PHP, Microsoft Azure AD Multi-Factor Authentication Server BYOD / Personal devices Built-in SDK for integration Strong multi Factor Authentication Real Time Fraud Alert Reporting, Logging & Auditing Enables compliance with NIST 800-63 Level 3, HIPAA, PCI DSS, and other regulatory requirements
SQL Server Hybrid Cloud Scenarios Management Portal VPN Publish Compare Sync Import / Export Register / Unregister Microsoft Azure Dispersed Teams Management Portal VPN / Encrypted Data SQL Backup tool for legacy Manual Console Backup Managed Backups Microsoft Azure Primary Asynchronous Commit VPN Console 2014 / Scripts 2012 Backup Availability Groups Periodic Snapshots Geo Replication Secondary Disaster Recovery Powering BI Apps Microsoft Azure
SAP on Microsoft Azure On-Premises SAP certifications On-Premises Servers On-Premises VPN Device Azure VPN Gateway Windows Server & SAP (C:) Shared Pool (D:) Windows Server (C:).vhd file.vhd file.vhd file Microsoft Azure is certified for the following SAP products, with full support from Microsoft and SAP. http://azure.microsoft.com/en-us/campaigns/sap/ SAP Product SAP Business Suite Software SAP Business All-in-One SAP NetWeaver Application Server ABAP 1 Guest Operating System Windows Windows Windows RDBMS SQL Server SQL Server SQL Server Virtual Machine Types A5 A5 A5 Shared Pool (D:) SQL Server (E:).vhd file.vhd file SAP HANA Developer Edition (including the HANA Client software comprised of SQLDBC, ODBO (Windows only), ODBC, AND JDBC drivers), HANA Studio, and HANA Database) 2 SUSE, Linux N/A A7, A8 Virtual Network 1 Only NetWeaver 7.00 and later SAP releases of NetWeaver are supported for deployment in Azure. 2 Customers can try SAP HANA Developer Edition on Azure using the SAP Cloud Appliance Library.
ATM Manufacturer Quickly Creates ATM Management Solution Using Cloud Resources. Headquartered in North Canton, OH, Diebold is a financial self-service, security and services corporation that is engaged primarily in the sale, manufacture, installation and service of self-service transaction systems, electronic and physical security products, and software and integrated systems for global financial and commercial markets. Diebold is the largest U.S. manufacturer of ATMs. Their top products and services include ATMs and Self-Service, Electronic Security, Assisted Transactions and Barrier, Managed Services, Maintenance Services, and Professional Services. They are using Azure for their smart banking initiative. The Washington Post Builds "Truth Teller" App with Cloud-Based Speech-to-Text Service. One way that The Washington Post is driving innovation on the Internet is through Truth Teller, a software-based, political fact-checker that uses Microsoft Azure Media Services Indexer speech-to-text service. With Indexer, The Post can more easily share its political expertise, has saved hundreds of thousands in development costs, and has made search results more useful to website visitors. SAT is In charge of all of Mexico s tax-related transactions and needed to transform to receive and validate electronic invoices, as well as deploy new portals for taxpayers to manage their electronic bills & electronic billing, an on-premises solutions was quoted to take a full year & cost US$1 million which was too much for SAT at the time. We built in 4 months a solution that manages 2 Billion+ documents annually, with 200+ documents/sec and avoided a large investment associated with redundant datacenters setup, storage, bandwidth, hardware, software.
NBC provides continuous coverage for live events on mobile devices Reimagining global media and entertainment delivery April 9, 2013, Microsoft Corp. and NBC Sports Group announced they are partnering to use Microsoft Azure Media Services across NBC Sports digital platforms, including NBCSports.com, NBCOlympics.com and GolfChannel.com. Goal Deliver more than 1,000 hours of live streaming sports to millions of viewers on multiple devices and operating systems We are pleased to be working once again with Microsoft, and we are confident that Microsoft Azure Media Services will help us provide the most robust streaming experience ever for a Winter Olympics. Richard Cordella, Senior Vice president & General Manager of Digital Media, NBC Sports Group Tactics Uses the Microsoft Azure cloud platform to encode, transcode, and stream live footage from the Olympics (and other high-profile events) to its customers Results First in history to provide continuous live streaming footage entirely from the cloud The largest-ever audience on an authenticated stream for any sporting event Enabled access to all 98 sporting events online through a platform that scales up and down to meet actual demand 100+ MILLION FANS AND GUESTS THROUGH SOCHI2014.COM ON Microsoft Azure
Platform Application AdHoc Managed Service Oriented Capability Access / Security Multiple ID s Consolidation Federation Current Application Catalogue Front End Multiple Web Consolidation / Integration Applications Data Monolithic Data Silos Distributed Data Integration Data Warehouse Dynamic Integration & Scaling Big Data Enterprise Content Management Silo-ed Architectures Leveraged Infrastructure Service Oriented OS Servers Storage Monolithic OS Segregated Platforms Segregated Storage Distributed Processing Server Farms Clustering Storage Management Virtualization Resource Pooling Metering + Aggregation Resource Pooling Massive Storage Scaling Commoditization App 1 On Premises Legacy App 2 Leveraged Infrastructure On Premises Private Cloud App 3 Off Premises IaaS SaaS - PaaS Networking MB/GB Load Balancing Network Virtualization Facilities 0.9999 Availability Colocation Container Evolving to Modular Platform / Architecture Platform Silos Virtualization On Premise Private Cloud Public Cloud (IaaS, SaaS, PaaS)
Triggers New Application Project / Business Initiative Tech Refresh Workload Capacity Growth Hosting Enhanced SLA High Availability / Disaster Recovery Lower Operational Costs Objectives Scenarios Build Deploy Needs Discovery of capabilities Selection of potential scenarios: App/Workload Consolidation Disaster Recovery / Backup Storage / Archiving Cloud Identity Content Delivery Media Hosting Databases BI Web Hosting Infrastructure Hosting E-Commerce HPC Architectural Design Application / Workload Architectural Design Identity Security Compute, Storage, Networking, Applications Services Networking / Connectivity Compliance Data Archival DevOps Build Test Configure Deploy Measure Consumption Monitor / Manage Scale Common Process Patterns & Practices Build Pilot Architecture Checklist: Identity, Security, Networking, Compliance, DevOps Test Validate with Data Validate Scaling and Resiliency Service Management Self Service SLA Scaling Resiliency Cost evaluation Deploy Deployment guidance Deployment resources & team Promotion to production with Identity, Security, Compliance and DevOps considerations Continuous Enablement Cloud cost management Cloud Reference Model and Standard Setting