SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud

SharePoint intersection
Session SP11
SharePoint and IaaS
The onPrem in the Cloud

2
© DEVintersection. All rights reserved.
http://www.DEVintersection.com
Overview
 Introduction
 Why Cloud?
 Workload Considations
 Amazon Web Services Overview
 Azure Overview
 Azure Pack - Private Cloud
 Office 365 Considerations
 Hybrid Solutions

Who am I?
Dan Usher
Lead Associate
Booz Allen Hamilton
usher@binarybrewery.io
http://www.sharepointdan.com

4
Who are you?
 SharePoint On-Prem?
 SharePoint Online?
 Developers?
 Designers?
 Administrators?
 Architects?
 End Users?

5
IT Agility
The ability to instantly provision new hardware for new
opportunities or respond quickly to business demand can be
a competitive advantage.
Focus
Focusing less on infrastructure leaves more time for
improving the success of the business through better IT.
More on Innovation and less on Infrastructure.
Economics
Cloud Computing lowers the cost of delivering IT and
increases the utilization and efficiency of your data center.
Why Cloud™?

6
cloud types
 moving out from corporate IT data center and private clouds
 hosting, building, consuming
 flexibility in scale

7
environments to consider
 production
 staging
 user acceptance
 test
 development

8
security and compliance
 Azure Public Community Cloud
 FedRAMP JAB P-ATO
 http://www.microsoft.com/en-us/news/press/2013/sep13/09-
30fedramppr.aspx
 AWS
 GovCloud - FedRAMP 3PAO ATO
 http://aws.amazon.com/govcloud-us/

9
services we wish we could utilize
 AWS RDS SQL instance
 http://aws.amazon.com/rds/sqlserver/#details
 Azure SQL Database
 http://www.windowsazure.com/en-us/services/data-management/
 Spoiler Alert…
 Neither support FILESTREAM
 Neither can be domain joined

11
Azure SQL Database Instance
 Available to connect through SQL Server Management Studio
 SQL AuthN (no IWA AuthN)
 Unable to access or manipulate instance properties
 Limited functionality
 Unable to configure MDOP
Not usable for SharePoint 2013…

12
AWS RDS SQL Server Guidance and
Limitations
Primer:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html
Supported in 2008 R2 Database Not Supported in 2008 R2 Database
Core Database engine features Maintenance Plans
SQL Server development tools (VS, Intellisense) Database Mail
SQL Server Management Tools Distributed Queries
Safe CLR Transparent Data Encryption
Full-text Search Database Log Shipping
SSL Database Mirroring
Spatial and location features Windows Authenticatoin
Distribution Transaction Coordinator (MSDTC) Replication
WCF Data Services SQL Server Audit
FILESTREAM Support Performance Counter Collector
Policy Based Management Additional T-SQL endpoints
Ability to run Reporting, Analysis, Integration Services against same server as the DB instance

13
AWS RDS SQL Instance
Not usable for SharePoint 2013…
Available to connect through
SQL Server Management Studio
SQL AuthN (no IWA AuthN)
Unable to access or manipulate
instance properties
Limited functionality
Unable to configure MDOP

14
things to remember…
 SharePoint Server 2010 and 2013 supports virtualization
within Azure (and sysprep…)
 Microsoft products virtualized on Hyper-V
 http://support.microsoft.com/kb/957006
 Microsoft products virtualized on VMware
 Licensing
 http://technet.microsoft.com/en-us/library/ff607936(v=office.14).aspx
 http://technet.microsoft.com/en-us/library/ff607936.aspx
 Not all Clouds are created equal…

15
SQL Workloads in the cloud
 SQL housed within cloud based VM
 Provides greatest flexibility
 Supports Always On scenarios
 Support for configurable Disaster Recovery
 Works with SharePoint
 SQL DB services
 Support for fast scalability
 Requires very little SQL maintenance
 Great for hosting databases for structured data outside of SharePoint

16
SharePoint Workloads
 SharePoint for Internet Sites (FIS)
 Public facing, anonymous access sites
 Developer, Test and Staging Environments
 Quickly provision and un-provision entire environments
 Hybrid Applications
 Applications that span your data center and the cloud
 Disaster Recovery
 Quickly recover from a disaster, only pay for use

17
Active Directory Workloads
 AD DS, AD FS, AD CS hosted within cloud based VMs
 Complete flexibility and control of replication to on premise resources
 Windows Azure Active Directory
 Useful for cloud based applications
 Can’t run your data center off of WAAD
 Connectors to provide for AD FS like functionality
 3rd Party Identity Provider in the Cloud
 Provides for externalized virtual directories for consumption by cloud
services

19
AWS Images Available















Demo
Provisioning AWS VMs through the EC2 Portal

21
SharePoint in AWS EC2
Reference Architecture Document - http://go.spdan.com/aws-sp-ref-pdf

22
Using AWS to Deploy…
 Quick Deployment method using Cloud Formation scripts…
 License Mobility


23
AWS Core Virtual Machine Sizes

24
AWS Supported VPN Device List
Cisco
Platform OS Family Examples
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.2+
5505, 5550
ISR Series Integrated
Services Routers
IOS 12.4+ 2801, 2901,
2911
Juniper
SRX Series Routers JunOS 9.5+ 210, 650
J Series Routers JunOS 9.5+ 4350
ISG Series Routers ScreenOS 6.1+ SX2
SSG Series Routers ScreenOS 6.1+ 550
Generic VPN devices must support
• IKE v1, IPSec in Tunnels Mode
• AES 128
• SHA1
• Diffie-Hellman Perfect Forward Secrecy in “Group 2
mode”
Other Solutions
• Microsoft Windows Server 2008 R2
• Yamaha RTX1200
http://aws.amazon.com/vpc/faqs/#C2

25
AWS PowerShell Commandlets
 http://aws.amazon.com/powershell/

26
AWS PowerShell Commandlets in Action

27
AWS Command Line
 http://aws.amazon.com/cli/









28
AWS Command Line continued










29
AWS Command Line continued



30
Cloud Formation Scripts








32
Azure Images Available

















33
Windows Azure
 Comprehensive set of services
that enable you to quickly build,
deploy and manage applications
across a global network of
Microsoft-managed datacenters

34
SharePoint Support on Windows Azure
 Product Support
 FAST Support

35
Hybrid Solutions
IaaS
PaaS
SaaS

36
virtual machine vs vm roles in Azure

37
Azure Cloud Services, Roles and Instances
 Management, Configuration, Security, Networking and Service Model boundary

38
Azure Cloud Services with Virtual
Machines
 Multiple Virtual Machines can be hosted within the same cloud service

39
Cloud First Provisioning
>_

Demo
Provisioning Azure VMs through the Management Portal

41
Azure Protocols and Endpoints
 UDP Traffic Supported in Azure
 Support for All IP-Based Protocols (VM to VM)

 Port Forwarded Endpoints
 Custom Load Balancer Health Probes


42
Overview: Existing Connectivity in Azure
LB
VIP:Input Endpoint
Internal Endpoint
Loadbalanced endpoint. Stable VIP per service.
Single port per endpoint
Supported protocols: HTTP, HTTPS, TCP
Input Endpoint
Instance-to-instance communication
Supported Protocols: TCP
Port ranges supported
Communication boundary = Deployment boundary
Internal Endpoint
Windows Azure-provided DNS service for service-level
name resolution
Runtime APIs for instance identification
Name Resolution
foo.cloudapp.net  VIP

43
Cloud Connectivity Options
Data Synchronization
Application-Layer
Connectivity & Messaging
Secure Machine-to-Machine
Network Connectivity
Secure Site-to-Site
Secure Site-to-Site

44
Virtual Network Features
 Customer-managed private virtual networks within
Windows Azure
 “Bring your own IPv4 addresses”
 Control over placement of Windows Azure Roles within the network
 Stable IPv4 addresses for VMs
 Hosted VPN Gateway that enables site-to-site
connectivity
 Automated provisioning & management
 Support existing on-premises VPN devices
 Use on-premise DNS servers for name resolution
 Enables you to use your on-premise DNS servers for name resolution
 Enables VMs running in Windows Azure to be joined to your corporate domain(s) running
on-premise

45
SharePoint in Windows Azure
Internet
Persistent VM Role
SharePoint
FrontEnd
Persistent VM Role
SharePoint
FrontEnd
Persistent VM Role
Search and Indes
Persistent Desk
Persistent VM Role
DC DNS
Server Account
Persistent VM RoleSQL
Persistent VM Role
SQL
Local DNS
SQLMirroring
Windows Azure Virtual Network
Use Accounts
On
Premises
DC DNS
10.8.8.x
Domain Joined to On-Premises
Network

46
Azure Virtual Machines


47
Azure Supported VPN Device List
Cisco
ASA 5500 Series (Adaptive
Security Appliances)
ASA Software
8.4+
5505, 5550
ASR 1000 Series
Aggregation Services
Routers
IOS XE 2.1+ 1002
ISR Series Integrated
Services Routers
IOS 12.2+ 2801, 2901,
2911
Juniper
SRX Series Routers JunOS 10.2+ 210, 650
J Series Routers JunOS 9.4+ 4350
ISG Series Routers ScreenOS 6.2+ SX2
SSG Series Routers ScreenOS 6.2+ 550
Generic VPN devices must support
• IKE v1
• AES 128, 256
• SHA1, SHA2
Soft VPN Gateway
• CheckPoint
• Fortinent
• OpenSwan

48
scripting it out
 Paul Stubbs has a great Tech Ed talk walking through showing and
explaining this.
 http://blogs.msdn.com/b/pstubbs/
 http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/AZR327
 http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B213
 Hands on Labs on github
 https://github.com/WindowsAzure-TrainingKit/HOL-
DeployingSQLServerForSharePoint
 https://github.com/WindowsAzure-TrainingKit/HOL-DeploySharePointVMs
 https://github.com/WindowsAzure/azure-sdk-tools-samples/wiki/Automated-
Deployment-of-SharePoint-2013-with-Windows-Azure-PowerShell

49
Migration Types
Forklift Migration
 Bring entire application and all dependencies
Hybrid Migration
 Bring portion of application to the cloud while some
resources stay on-premises
IaaS to PaaS Migration
 Migrating application to web or worker roles with
dependencies that work better on a VM

50
Private Cloud - Azure Pack
Builds on Windows Server 2012 R2 and Systems Center 2012 R2
Uses:
 Hosting critical workloads on-
premise
 Data and Information security
requirements
 Move VHDs through VMM
moving Images to / from Azure
Provides for:
 Web Sites
 Service Bus
 Virtual Machines
 Tenant Portal
 Management Portal

51
Reasons to use Office 365
Software as a Service
 Per user / per month
 Licensing included
 Identity Integration through
Windows Azure Active Directory
 Tenant Administration
 Full Apps Model Support
 Disaster Recovery
 Reduced O&M and Administration

52
SharePoint 2013 and Office 365 Search
Authentication
Topologies
Supported Functionality
One-way outbound SharePoint Server 2013 Search services can query SharePoint
Online site collections and return federated results to
SharePoint Server 2013 Search
One-way inbound SharePoint Online Search services can query SharePoint Server
2013 site collections and return federated results to SharePoint
Online Search
Two-way (bidirectional) Both SharePoint Server 2013 and SharePoint Online Search
services can query site collections in the other environment and
return federated results

53
SharePoint 2013 and Office 365 Search
 On-premises AD DS domain in a forest that has a Windows Server 2008/Windows
Server 2008 R2/Windows Server 2012 forest functional level
 An on-premises server for
 AD FS 2.0
 Microsoft Online Services Directory Synchronization tool
 An operational on-premises SharePoint Server 2013 farm that has each of the
following:
 An Enterprise Search site collection configured with a public external URL
 An SSL certificate issued by a public root authority
 An App Management Service Proxy
 A Subscription Settings service application
 A Search service application
 An Office 365 Enterprise plan (E1/E3)
 A reverse proxy device with an Internet connection that permits unsolicited inbound
traffic
 An Internet domain and access to DNS records for the domain

54
Reverse Proxy Requirements
 The device must support
 Certificate authentication using a wildcard or SAN X.509 certificate as the client
certificate
 Allow pass through of OAuth 2.0 redirection-based authentication
 Preservation of request headers
 If the internal and external URLs of your on-premises SharePoint
Server 2013 are different, the device must support path mapping and
link translation.
 Forefront Threat Management Gateway (TMG)* 2010 is the only
reverse proxy device for which specific configuration guidance is
available.
 Microsoft Unified Access Gateway (UAG)** is not supported for use
as a reverse proxy device in hybrid environments that require
certificate authentication.

55
Hybrid Solution

56
Review
 Introduction
 Why Cloud?
 Workload Considations
 Amazon Web Services Overview
 Azure Overview
 Azure Pack - Private Cloud
 Office 365 Considerations
 Hybrid Solutions

Questions?
Thank you!
Don’t forget to enter your evaluation
of this session using EventBoard!

SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud

Similaire à SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud (20)

Plus de Dan Usher

Plus de Dan Usher (20)

Dernier

Dernier (20)

SharePoint Intersections - SP11 - SharePoint and IaaS - The OnPrem in the Cloud