Contenu connexe Similaire à SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud (20) SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud2. 2
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Overview
Introduction
Why Cloud?
Workload Considations
Amazon Web Services Overview
Azure Overview
Azure Pack - Private Cloud
Office 365 Considerations
Hybrid Solutions
3. Who am I?
Dan Usher
Lead Associate
Booz Allen Hamilton
usher@binarybrewery.io
http://www.sharepointdan.com
4. 4
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Who are you?
SharePoint On-Prem?
SharePoint Online?
Developers?
Designers?
Administrators?
Architects?
End Users?
5. 5
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
IT Agility
The ability to instantly provision new hardware for new
opportunities or respond quickly to business demand can be
a competitive advantage.
Focus
Focusing less on infrastructure leaves more time for
improving the success of the business through better IT.
More on Innovation and less on Infrastructure.
Economics
Cloud Computing lowers the cost of delivering IT and
increases the utilization and efficiency of your data center.
Why Cloud™?
6. 6
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
cloud types
moving out from corporate IT data center and private clouds
hosting, building, consuming
flexibility in scale
7. 7
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
environments to consider
production
staging
user acceptance
test
development
8. 8
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
security and compliance
Azure Public Community Cloud
FedRAMP JAB P-ATO
http://www.microsoft.com/en-us/news/press/2013/sep13/09-
30fedramppr.aspx
AWS
GovCloud - FedRAMP 3PAO ATO
http://aws.amazon.com/govcloud-us/
9. 9
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
services we wish we could utilize
AWS RDS SQL instance
http://aws.amazon.com/rds/sqlserver/#details
Azure SQL Database
http://www.windowsazure.com/en-us/services/data-management/
Spoiler Alert…
Neither support FILESTREAM
Neither can be domain joined
10. 11
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure SQL Database Instance
Available to connect through SQL Server Management Studio
SQL AuthN (no IWA AuthN)
Unable to access or manipulate instance properties
Limited functionality
Unable to configure MDOP
Not usable for SharePoint 2013…
11. 12
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS RDS SQL Server Guidance and
Limitations
Primer:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html
Supported in 2008 R2 Database Not Supported in 2008 R2 Database
Core Database engine features Maintenance Plans
SQL Server development tools (VS, Intellisense) Database Mail
SQL Server Management Tools Distributed Queries
Safe CLR Transparent Data Encryption
Full-text Search Database Log Shipping
SSL Database Mirroring
Spatial and location features Windows Authenticatoin
Distribution Transaction Coordinator (MSDTC) Replication
WCF Data Services SQL Server Audit
FILESTREAM Support Performance Counter Collector
Policy Based Management Additional T-SQL endpoints
Ability to run Reporting, Analysis, Integration Services against same server as the DB instance
12. 13
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS RDS SQL Instance
Not usable for SharePoint 2013…
Available to connect through
SQL Server Management Studio
SQL AuthN (no IWA AuthN)
Unable to access or manipulate
instance properties
Limited functionality
Unable to configure MDOP
13. 14
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
things to remember…
SharePoint Server 2010 and 2013 supports virtualization
within Azure (and sysprep…)
Microsoft products virtualized on Hyper-V
http://support.microsoft.com/kb/957006
http://support.microsoft.com/kb/2721672
Microsoft products virtualized on VMware
http://support.microsoft.com/kb/897615
Licensing
http://technet.microsoft.com/en-us/library/ff607936(v=office.14).aspx
http://technet.microsoft.com/en-us/library/ff607936.aspx
Not all Clouds are created equal…
14. 15
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SQL Workloads in the cloud
SQL housed within cloud based VM
Provides greatest flexibility
Supports Always On scenarios
Support for configurable Disaster Recovery
Works with SharePoint
SQL DB services
Support for fast scalability
Requires very little SQL maintenance
Great for hosting databases for structured data outside of SharePoint
15. 16
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint Workloads
SharePoint for Internet Sites (FIS)
Public facing, anonymous access sites
Developer, Test and Staging Environments
Quickly provision and un-provision entire environments
Hybrid Applications
Applications that span your data center and the cloud
Disaster Recovery
Quickly recover from a disaster, only pay for use
16. 17
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Active Directory Workloads
AD DS, AD FS, AD CS hosted within cloud based VMs
Complete flexibility and control of replication to on premise resources
Windows Azure Active Directory
Useful for cloud based applications
Can’t run your data center off of WAAD
Connectors to provide for AD FS like functionality
3rd Party Identity Provider in the Cloud
Provides for externalized virtual directories for consumption by cloud
services
18. 19
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS Images Available
20. 21
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint in AWS EC2
Reference Architecture Document - http://go.spdan.com/aws-sp-ref-pdf
21. 22
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Using AWS to Deploy…
Quick Deployment method using Cloud Formation scripts…
License Mobility
23. 24
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS Supported VPN Device List
Cisco
Platform OS Family Examples
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.2+
5505, 5550
ISR Series Integrated
Services Routers
IOS 12.4+ 2801, 2901,
2911
Juniper
Platform OS Family Examples
SRX Series Routers JunOS 9.5+ 210, 650
J Series Routers JunOS 9.5+ 4350
ISG Series Routers ScreenOS 6.1+ SX2
SSG Series Routers ScreenOS 6.1+ 550
Generic VPN devices must support
• IKE v1, IPSec in Tunnels Mode
• AES 128
• SHA1
• Diffie-Hellman Perfect Forward Secrecy in “Group 2
mode”
Other Solutions
• Microsoft Windows Server 2008 R2
• Yamaha RTX1200
http://aws.amazon.com/vpc/faqs/#C2
24. 25
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS PowerShell Commandlets
http://aws.amazon.com/powershell/
26. 27
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
AWS Command Line
http://aws.amazon.com/cli/
31. 32
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure Images Available
32. 33
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Windows Azure
Comprehensive set of services
that enable you to quickly build,
deploy and manage applications
across a global network of
Microsoft-managed datacenters
33. 34
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint Support on Windows Azure
Product Support
FAST Support
36. 37
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure Cloud Services, Roles and Instances
Management, Configuration, Security, Networking and Service Model boundary
37. 38
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure Cloud Services with Virtual
Machines
Multiple Virtual Machines can be hosted within the same cloud service
40. 41
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure Protocols and Endpoints
UDP Traffic Supported in Azure
Support for All IP-Based Protocols (VM to VM)
Port Forwarded Endpoints
Custom Load Balancer Health Probes
41. 42
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Overview: Existing Connectivity in Azure
LB
VIP:Input Endpoint
Internal Endpoint
Loadbalanced endpoint. Stable VIP per service.
Single port per endpoint
Supported protocols: HTTP, HTTPS, TCP
Input Endpoint
Instance-to-instance communication
Supported Protocols: TCP
Port ranges supported
Communication boundary = Deployment boundary
Internal Endpoint
Windows Azure-provided DNS service for service-level
name resolution
Runtime APIs for instance identification
Name Resolution
foo.cloudapp.net VIP
42. 43
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Cloud Connectivity Options
Data Synchronization
Application-Layer
Connectivity & Messaging
Secure Machine-to-Machine
Network Connectivity
Secure Site-to-Site
Network Connectivity
Secure Site-to-Site
Network Connectivity
43. 44
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Virtual Network Features
Customer-managed private virtual networks within
Windows Azure
“Bring your own IPv4 addresses”
Control over placement of Windows Azure Roles within the network
Stable IPv4 addresses for VMs
Hosted VPN Gateway that enables site-to-site
connectivity
Automated provisioning & management
Support existing on-premises VPN devices
Use on-premise DNS servers for name resolution
Enables you to use your on-premise DNS servers for name resolution
Enables VMs running in Windows Azure to be joined to your corporate domain(s) running
on-premise
44. 45
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint in Windows Azure
Internet
Persistent VM Role
SharePoint
FrontEnd
Persistent VM Role
SharePoint
FrontEnd
Persistent VM Role
Search and Indes
Persistent Desk
Persistent VM Role
DC DNS
Server Account
Persistent VM RoleSQL
Persistent VM Role
SQL
Local DNS
SQLMirroring
Windows Azure Virtual Network
Use Accounts
On
Premises
DC DNS
10.8.8.x
Domain Joined to On-Premises
Network
46. 47
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Azure Supported VPN Device List
Cisco
Platform OS Family Examples
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.4+
5505, 5550
ASR 1000 Series
Aggregation Services
Routers
IOS XE 2.1+ 1002
ISR Series Integrated
Services Routers
IOS 12.2+ 2801, 2901,
2911
Juniper
Platform OS Family Examples
SRX Series Routers JunOS 10.2+ 210, 650
J Series Routers JunOS 9.4+ 4350
ISG Series Routers ScreenOS 6.2+ SX2
SSG Series Routers ScreenOS 6.2+ 550
Generic VPN devices must support
• IKE v1
• AES 128, 256
• SHA1, SHA2
Soft VPN Gateway
• CheckPoint
• Fortinent
• OpenSwan
47. 48
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
scripting it out
Paul Stubbs has a great Tech Ed talk walking through showing and
explaining this.
http://blogs.msdn.com/b/pstubbs/
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/AZR327
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B213
Hands on Labs on github
https://github.com/WindowsAzure-TrainingKit/HOL-
DeployingSQLServerForSharePoint
https://github.com/WindowsAzure-TrainingKit/HOL-DeploySharePointVMs
https://github.com/WindowsAzure/azure-sdk-tools-samples/wiki/Automated-
Deployment-of-SharePoint-2013-with-Windows-Azure-PowerShell
48. 49
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Migration Types
Forklift Migration
Bring entire application and all dependencies
Hybrid Migration
Bring portion of application to the cloud while some
resources stay on-premises
IaaS to PaaS Migration
Migrating application to web or worker roles with
dependencies that work better on a VM
49. 50
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Private Cloud - Azure Pack
Builds on Windows Server 2012 R2 and Systems Center 2012 R2
Uses:
Hosting critical workloads on-
premise
Data and Information security
requirements
Move VHDs through VMM
moving Images to / from Azure
Provides for:
Web Sites
Service Bus
Virtual Machines
Tenant Portal
Management Portal
50. 51
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Reasons to use Office 365
Software as a Service
Per user / per month
Licensing included
Identity Integration through
Windows Azure Active Directory
Tenant Administration
Full Apps Model Support
Disaster Recovery
Reduced O&M and Administration
51. 52
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint 2013 and Office 365 Search
Authentication
Topologies
Supported Functionality
One-way outbound SharePoint Server 2013 Search services can query SharePoint
Online site collections and return federated results to
SharePoint Server 2013 Search
One-way inbound SharePoint Online Search services can query SharePoint Server
2013 site collections and return federated results to SharePoint
Online Search
Two-way (bidirectional) Both SharePoint Server 2013 and SharePoint Online Search
services can query site collections in the other environment and
return federated results
52. 53
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
SharePoint 2013 and Office 365 Search
On-premises AD DS domain in a forest that has a Windows Server 2008/Windows
Server 2008 R2/Windows Server 2012 forest functional level
An on-premises server for
AD FS 2.0
Microsoft Online Services Directory Synchronization tool
An operational on-premises SharePoint Server 2013 farm that has each of the
following:
An Enterprise Search site collection configured with a public external URL
An SSL certificate issued by a public root authority
An App Management Service Proxy
A Subscription Settings service application
A Search service application
An Office 365 Enterprise plan (E1/E3)
A reverse proxy device with an Internet connection that permits unsolicited inbound
traffic
An Internet domain and access to DNS records for the domain
53. 54
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Reverse Proxy Requirements
The device must support
Certificate authentication using a wildcard or SAN X.509 certificate as the client
certificate
Allow pass through of OAuth 2.0 redirection-based authentication
Preservation of request headers
If the internal and external URLs of your on-premises SharePoint
Server 2013 are different, the device must support path mapping and
link translation.
Forefront Threat Management Gateway (TMG)* 2010 is the only
reverse proxy device for which specific configuration guidance is
available.
Microsoft Unified Access Gateway (UAG)** is not supported for use
as a reverse proxy device in hybrid environments that require
certificate authentication.
55. 56
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Review
Introduction
Why Cloud?
Workload Considations
Amazon Web Services Overview
Azure Overview
Azure Pack - Private Cloud
Office 365 Considerations
Hybrid Solutions