To the cloud! This phrase seems to come up more and more often for organizations looking to reduce their SharePoint footprint in their data center. In this session Dan and Scott will give a brief overview of a few of the premier Infrastructure as a Service hosting providers for SharePoint, how SharePoint in the cloud stacks up against Office 365, and how to script an install on the Azure platform for development purposes.
You will learn:
•The core cloud concepts of IaaS, SaaS and PaaS
•How Azure and AWS EC2 differ and are similar in their product offerings as well as interfaces to the providers
•How to setup a SharePoint environment through script and web interfaces
3. Who are we?
Scott Hoag
@ciphertxt
Applied Information
Sciences
Infrastructure Consultant
scott.hoag@appliedis.co
m
Dan Usher
@binarybrewery
Booz Allen Hamilton
Incorporated
Lead Associate
usher_daniel@bah.com
5. Why Cloud™?
IT Agility
The ability to instantly provision new hardware for new
opportunities or respond quickly to business demand can
be a competitive advantage.
Focus
Focusing less on infrastructure leaves more time for
improving the success of the business through better IT.
More on Innovation and less on Infrastructure.
Economics
Cloud Computing lowers the cost of delivering IT and
increases the utilization and efficiency of your data
6. cloud types
moving out from
corporate IT data center
and private clouds
hosting, building,
consuming
flexibility in scale
8. security and compliance
Azure Public Community Cloud
FedRAMP JAB P-ATO
http://www.microsoft.com/en-us/news/press/2013/sep13/0930fedramppr.aspx
AWS
GovCloud - FedRAMP 3PAO ATO
http://aws.amazon.com/govcloud-us/
9. services we wish we could utilize
AWS RDS SQL instance
http://aws.amazon.com/rds/sqlserver/#details
Azure SQL Database
http://www.windowsazure.com/en-us/services/data-management/
Spoiler Alert…
Neither support FILESTREAM
Neither can be domain joined
http://blogs.msdn.com/b/windowsazure/archive/2012/06/26/data-series-sql-server-in-windows-azure-virtual-machine-vs-sql-database.aspx
10. Azure SQL Database Guidelines and
Limitations
Primer: http://msdn.microsoft.com/en-us/library/ff394102.aspx
General Guidelines and Limitations
Tools, Visual Studio Support, Data migration support, SQL server agent
support, etc.
Security Guidelines and Limitations
Firewalls, Encryption, AuthN, Logins and Users
SQL Server Feature Limitations
Feature support not available
Federation Guidelines and Limitations
Several limitations of federated tables
11. Azure SQL Database Instance
Available to connect through
SQL Server Management
Studio
SQL AuthN (no IWA AuthN)
Unable to access or
manipulate instance
properties
Limited functionality
Unable to configure MDOP
Not usable for SharePoint 2013…
12. Azure SQL Database Instance
Available to connect through
SQL Server Management
Studio
SQL AuthN (no IWA AuthN)
Unable to access or
manipulate instance
properties
Limited functionality
Unable to configure MDOP
Not usable for SharePoint 2013…
13. AWS RDS SQL Server Guidance and
Limitations
Primer:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html
Not Supported in 2008 R2 Database
Supported in 2008 R2 Database
Core Database engine features
Maintenance Plans
SQL Server development tools (VS, Intellisense)
Database Mail
SQL Server Management Tools
Distributed Queries
Safe CLR
Transparent Data Encryption
Full-text Search
Database Log Shipping
SSL
Database Mirroring
Spatial and location features
Windows Authenticatoin
Distribution Transaction Coordinator (MSDTC)
Replication
WCF Data Services
SQL Server Audit
FILESTREAM Support
Performance Counter Collector
Policy Based Management
Additional T-SQL endpoints
Ability to run Reporting, Analysis, Integration Services against same server as the DB instance
14. AWS RDS SQL Instance
Available to connect through
SQL Server Management
Studio
SQL AuthN (no IWA AuthN)
Unable to access or
manipulate instance
properties
Limited functionality
Unable to configure MDOP
Not usable for SharePoint 2013…
15. AWS RDS SQL Instance
Available to connect through
SQL Server Management
Studio
SQL AuthN (no IWA AuthN)
Unable to access or
manipulate instance
properties
Limited functionality
Unable to configure MDOP
Not usable for SharePoint 2013…
16. things to remember…
SharePoint Server 2010 and 2013 supports virtualization
within Azure (and sysprep…)
Microsoft products virtualized on Hyper-V
http://support.microsoft.com/kb/957006
http://support.microsoft.com/kb/2721672
Microsoft products virtualized on VMware
http://support.microsoft.com/kb/897615
Licensing
http://technet.microsoft.com/en-us/library/ff607936(v=office.14).aspx
http://technet.microsoft.com/en-us/library/ff607936.aspx
Not all Clouds are created equal…
17. speaking of SysPrep on Azure…
Creating a Generalized image is broken
Unable to create image with Reboot
http://bit.ly/azuresysprep
18. SQL Workloads in the cloud
SQL housed within cloud based VM
Provides greatest flexibility
Supports Always On scenarios
Support for configurable Disaster Recovery
Works with SharePoint
SQL DB services
Support for fast scalability
Requires very little SQL maintenance
Great for hosting databases for structured data outside of SharePoint
19. SharePoint Workloads
SharePoint for Internet Sites (FIS)
Public facing, anonymous access sites
Developer, Test and Staging Environments
Quickly provision and un-provision entire environments
Hybrid Applications
Applications that span your data center and the cloud
Disaster Recovery
Quickly recover from a disaster, only pay for use
20. Active Directory Workloads
AD DS, AD FS, AD CS hosted within cloud based
VMs
Complete flexibility and control of replication to on premise resources
Windows Azure Active Directory
Useful for cloud based applications
Can’t run your data center off of WAAD
Connectors to provide for AD FS like functionality
3rd Party Identity Provider in the Cloud
Provides for externalized virtual directories for consumption by cloud
services
21.
22. AWS Images Available
1568 Amazon Machine Images
19 Amazon Web Services Windows Servers
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008 SP2
SQL Server 2012 Standard / Web / Express
SQL Server 2008 Standard / Web / Express
4 Microsoft Windows Servers
Media Services
Hosting WebMatrix
SQL Server 2008 R2 SP1-Q4
Several Linux varieties
Ubuntu, Cent OS, Amazon Linux, Fedora,
Genoo, Debian, Red Hat, OpenSUSE
OpenSolaris
Oracle Linux (11g, 10g)
26. AWS Supported VPN Device List
Cisco
Juniper
Platform
OS Family
Examples
Platform
OS Family
Examples
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.2+
5505, 5550
SRX Series Routers
JunOS 9.5+
210, 650
ISR Series Integrated
Services Routers
IOS 12.4+
2801, 2901,
2911
J Series Routers
JunOS 9.5+
4350
ISG Series Routers
ScreenOS 6.1+
SX2
SSG Series Routers
ScreenOS 6.1+
550
Generic VPN devices must support Other Solutions
•
•
•
•
IKE v1, IPSec in Tunnels Mode
AES 128
SHA1
Diffie-Hellman Perfect Forward Secrecy in
“Group 2 mode”
• Microsoft Windows Server 2008 R2
• Yamaha RTX1200
http://aws.amazon.com/vpc/faqs/#C2
29. AWS Command Line
http://aws.amazon.com/cli/
Create a config file at c:usersUSERID.awsconfig
Run the aws CLI with the service and associated command
aws ec2 describe-regions
Create a Security Group
aws ec2 create-security-group --group-name SPLiveKeyPair.pem
Create a Security Group
aws ec2 create-security-group --group-name SPLiveGroup --description
"SP Live Security Group“
Assign a policy to the Security Group
aws ec2 authorize-security-group-ingress --group-name SPLiveGroup -protocol tcp --port 3389 --cidr 0.0.0.0/0
30. AWS Command Line continued
List out information about the security group
aws ec2 describe-security-groups --group-names SPLiveGroup
Launch a Windows Server 2012 instance within an m1.medium
aws ec2 run-instances --image-id ami-173d747e --count 1 --instancetype m1.medium --key-name SPLiveKeyPair -security-groups
SPLiveGroup
Get the instance status
aws ec2 describe-instance-status
Get a cup of coffee
Get the instance status again
aws ec2 describe-instance-status
31. AWS Command Line continued
Decrypt your password through the portal with your keypair
Login to your IaaS VM and begin configuring SharePoint
32. Cloud Formation Scripts
Ability to build an entire farm from private AMIs and configuration scripts
Leverages JSON for configuration files
Deploying a SharePoint Farm in 6 Steps
http://aws.amazon.com/articles/9982940049271604
4 Cloud Formation Templates available
Creates fully featured farm with domain controllers, etc.
Requires a bit of editing - similar to say autospinstaller
35. Azure Images Available
44 images available
33 Windows Server Datacenter images
Windows Server 2008 R2 SP1
Windows Server 2012
Windows Server 2012 R2
SharePoint 2013
SQL Server 2014 CTP / 2012 SP1 / 2008 SP2
BizTalk
11 Linux images
Oracle Database Server, Oracle WebLogic, Java, OpenSUSE, SUSE
36. Windows Azure
Comprehensive set of
services that enable you
to quickly build, deploy
and manage applications
across a global network
of Microsoft-managed
datacenters
37. SharePoint Support on Windows Azure
Product Support
SharePoint Server 2010 supports the hosted virtualization solution of
Microsoft, as well as required technologies, such as Microsoft SQL
Server, when these products and technologies are deployed on the
Windows Azure platform.
FAST Support
Nope…
44. Azure Protocols and Endpoints
UDP Traffic Supported in Azure
Load-balanced incoming traffic and allows outbound traffic
Support for All IP-Based Protocols (VM to VM)
Instance-to-instance communication
TCP, UDP and ICMP, dynamic ports
Port Forwarded Endpoints
Direct communication to multiple VMs in the same cloud app
Custom Load Balancer Health Probes
Health check with probe timeouts
HTTP based probing, allowing granular control of health checks
45. Overview: Existing Connectivity in Azure
Input Endpoint
VIP:Input Endpoint
LB
Loadbalanced endpoint. Stable VIP per service.
Single port per endpoint
Supported protocols: HTTP, HTTPS, TCP
Internal Endpoint
Instance-to-instance communication
Supported Protocols: TCP
Port ranges supported
Communication boundary = Deployment boundary
Name Resolution
Internal Endpoint
foo.cloudapp.net VIP
Windows Azure-provided DNS service for service-level
name resolution
Runtime APIs for instance identification
47. Virtual Network Features
Customer-managed private virtual networks within
Windows Azure
“Bring your own IPv4 addresses”
Control over placement of Windows Azure Roles within the network
Stable IPv4 addresses for VMs
Hosted VPN Gateway that enables site-to-site
connectivity
Automated provisioning & management
Support existing on-premises VPN devices
Use on-premise DNS servers for name resolution
Enables you to use your on-premise DNS servers for name resolution
Enables VMs running in Windows Azure to be joined to your corporate domain(s) running
on-premise
48. SharePoint in Windows Azure
Windows Azure Virtual Network
10.8.8.x
On
Premises
DC
DNS
DC
DNS
Local DNS
Use Accounts
SharePoint
FrontEnd
Persistent VM Role
Server Account
SQL
Persistent VM Role
Persistent VM Role
Search and Indes
Persistent VM Role
Persistent Desk
Persistent VM Role
Internet
Domain Joined to OnPremises Network
SQL
Persistent VM Role
SQL Mirroring
SharePoint
FrontEnd
50. Azure Supported VPN Device List
Cisco
Juniper
Platform
OS Family
Examples
Platform
OS Family
Examples
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.4+
5505, 5550
SRX Series Routers
JunOS 10.2+
210, 650
ASR 1000 Series
Aggregation Services
Routers
IOS XE 2.1+
1002
J Series Routers
JunOS 9.4+
4350
ISG Series Routers
ScreenOS 6.2+
SX2
ISR Series Integrated
Services Routers
IOS 12.2+
SSG Series Routers
ScreenOS 6.2+
550
2801, 2901,
2911
Generic VPN devices must support
• IKE v1
• AES 128, 256
• SHA1, SHA2
51. scripting it out
Paul Stubbs has a great Tech Ed talk walking
through showing and explaining this.
http://blogs.msdn.com/b/pstubbs/
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/AZR327
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B213
Hands on Labs on github
https://github.com/WindowsAzure-TrainingKit/HOLDeployingSQLServerForSharePoint
https://github.com/WindowsAzure-TrainingKit/HOL-DeploySharePointVMs
https://github.com/WindowsAzure/azure-sdk-tools-samples/wiki/AutomatedDeployment-of-SharePoint-2013-with-Windows-Azure-PowerShell
52. Migration Types
Forklift Migration
Bring entire application and all dependencies
Hybrid Migration
Bring portion of application to the cloud while some
resources stay on-premises
IaaS to PaaS Migration
Migrating application to web or worker roles with
dependencies that work better on a VM
54. Who are we again?
Scott Hoag
@ciphertxt
Applied Information
Sciences
Infrastructure Consultant
scott.hoag@appliedis.co
m
Dan Usher
@binarybrewery
Booz Allen Hamilton
Incorporated
Lead Associate
usher_daniel@bah.com
Notes de l'éditeur
Hoag
ForVMWare - Windows Server 2012 isn’t yet supported by one of the VM providers, but Server 2008 R2 is.
Oh but they’re still only development, staging and testing - not yet a General Availability - not appropriate for dedicated.SharePoint 2013 - Apps Model - host workloads in a separate VM or in the Azure Service
Slide Objective:Show currently supported VPN devicesList above is just what we go to preview with. List will grow with time. Partners tested device against our solution.Any industry standard VPN will work.
Slide Objective:Compare and contrast existing VM Role vs. new persistent virtual machines
Slide Objective:When there are multiple VMs in the same cloud service they can communicate directly as they are on the same network.
Slide Objective:When there are multiple VMs in the same cloud service they can communicate directly as they are on the same network.
Slide Objective:Explain workflow for provisioning VMs in the cloud Notes:Cloud First Provisioning means exactly what is says. Building a VM in the cloud first. You have three methods of starting this process: Build a VM from the portal, from the command line OR programmatically calling the REST API. Once your choice of provisioning is made you will need to select the image and instance size to start from. The newly created disk will be stored in blob storage and your machine will boot.
Slide Objective:UDP is now a supported protocol in WA (previously wasn’t). Discuss that by default with virtual machines there is an internal endpoint defined with protcol=“all” so essentially all traffic is open between virtual machines. Windows Server firewall and Linux firewall will still need to be configured to allow traffic.Health probes allow the load balancer to check a custom HTTP path that tells the LB whether the server is healthy or not. For TCP endpoints no http path is required just the port to connect to.
Slide Objective:This slide talks about connectivity options supported in SDK1.6. This slide does not include any of the new features. Notes:Cloud Service gets a VIP assigned for a deployment slotNo ports opened up by defaultNeed to define endpoints to open up portsInput endpoint is a portIt is loadbalancedMapped across all role instancesPort maping is supportedInternal endpoint enables inter-role-instance communicationPorts for inter-vm communication are closed by defaultNeed to define an internal endpoint for communicationInternal endpoints can be port rangesDNS resolution is onlyOnly service-level name resolution is supportedNeed to use runtime APIs for instance name resolution.
Data Synchronization - Azure SQL Data SyncApplication-Layer Connectivity & Messaging - Azure Service BusSecure Machine-to-Machine Network Connectivity - Azure Windows Azure ConnectSecure Site-to-Site Network Connectivity - Azure Windows Azure Virtual NetworkAmazon - Virtual Private Connection back into your network - similar to how Azure has connectivity through specific VPN endpoints to accomplish these needsSlide Objective:Microsoft stack to provide connectivity between on-premise and cloud.Notes:Servicebusvs connect – SB requires app code change, Connect/Virtual Networks do not. Virtual Networks are the net new here. They provide site to site connectivity where Connect provided server to server connectivity.Virtual Networks are the more flexible and powerful option.
Slide Objective:VNET Feature OverviewNotes:BYO IPv4 space. Only proviteIps in a VNetCarve out IP subnets with a vnetNo overlapping subnetsIP address stays with the VM for it’s lifetimeWe manage SW gateway. Run in active / passive mode for high availability.DNS + IP address persistence is key to enable many new scenarios (AD, DNs, …)
Slide Objective:Show how SharePoint could be deployed in a hybrid approach
Slide Objective:Show currently supported VPN devicesList above is just what we go to preview with. List will grow with time. Partners tested device against our solution.Any industry standard VPN will work.