46. 46
Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System
http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-create-upload-vhd-windows-server/?fb=ja-jp
※ 仮想マシンを作る場所に配置
47. イメージ管理
プラットフォーム
イメージ
Windows Linux
Oracle
VM DEPO コピー
マイイメージ
Microsoft
手元にある
Generalize 済み
Azure VHD ファイル
VM
作成
仮想マシン
インスタンス
Blob
ストレージ
イメージ化
85. 85
Property Static Routing VPN gateway Dynamic Routing VPN gateway High Performance VPN gateway
Site-to-Site connectivity (S2S) Policy-based VPN configuration Route-based VPN configuration Route-based VPN configuration
Point-to-Site connectivity (P2S) Not supported
Supported (Can coexist with site-to-site
connectivity)
Supported (Can coexist with site-to-site
connectivity)
Authentication method Pre-shared key
•Pre-shared key for site-to-site
connectivity
•Certificates for point-to-site
connectivity
•Pre-shared key for site-to-site
connectivity
•Certificates for point-to-site
connectivity
Maximum Number of Site-to-Site (S2S)
connections
1 10 30
Maximum Number of Point-to-Site (P2S)
connections
Not supported 128 128
Active Routing Support (BGP) Not supported Not supported Not supported
Microsoft Azure グローバルサイト:
http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx
日本独自の情報:
http://msdn.microsoft.com/ja-jp/windowsazure/dn132612.aspx
86. 86
Microsoft Azure
<subnet 1> <subnet 2> <subnet 3>
専用の仮想ネットワーク
DNS
Server
Gateway
Static &
Dynamic
Routing
リージョン仮想ネットワークの登場
112. Active Directory
ドメインコントローラ
(Medium)
SharePoint
フロントエンド
(Large)
SharePoint
アプリケーション
SharePoint
サーチサービス
(Large)
(Large)
SQL Server
(A6)
実運用ではカスタムドメインを取得して
DNSのCNAMEでマッピング
オンプレミス
データセンター
Active Directory
ドメインコントローラ
ユーザ
Windows Azure
ゲートウェイ
VPNルータ
IPSec VPN
仮想ネットワーク
LAN
ロード
バランサ
https:/xxx.cloudapp.net (SSL)
209.xxx.0.0/16 HTTPS Proxy
Port 443
へのACL 登録
(PowerShell)
112
113. Cloud Service
Front End (App) Tier
Middle (Logic) Tier
Virtual
Network 1
Virtual
Network 2
Subnet ACL 10.0.0.4
Subnet ACL 10.0.0.5
Internet
Backend (Database) Tier
Virtual
Network 3
On-Premises Datacenter
VPN ACL 10.0.0.6
113
114. Grouping of Network traffic rules as
security group
Security groups associated with
Virtual machines or virtual subnets
Controlled access between machines
in subnets
Controlled access to and from
Internet
Network traffic rules updated
independent of Virtual machines
Internet
Microsoft
Azure
Virtual Network
114
123. ・最適なコストで高度な災害対策システムを構築可能
・2 つのシナリオを利用可能
123
Microsoft Azure
Site Recovery
制御のみの利用
Hyper-V
レプリカ
本番
サイト
Windows
Server
災対
サイト
Windows
Server
Microsoft Azure
Site Recovery
災対サイトとして利用
メイン
サイトWindows
Server
メイン
サイト
災対
サイト
127. SAN
Take advantage of SAN
Replication capabilities
Replication
provided by enterprise
storage partners, across
both FC & iSCSI storage
Supports asynchronous
replication for flexibility or
synchronous replication for
the lowest RPO/RTO
Integration with SAN via
SMI-S – VMM will discover
and enumerate existing
storage.
VMM provides
comprehensive SAN
management capabilities
within console
Partner
Integration
On-premises to On-premises protection
Microsoft Azure
Site Recovery
Communication
Channel
SAN Replication
Primary
Site
Recovery
Site
Windows
Server
Windows
Server
127
128. EMC With Preview
VMAX
VNX & VNX/e
NetApp With Preview FAS (8.2 C-MODE)
HP With Preview 3PAR
HDS In Development VSP
Fujitsu In Development Eternus
Dell In Development Compellent
Huawei In Development OceanStor
IBM In Development XIV
128
136. 136
Hyper-V & System Center にしたい
と思っていただけたなら!!
Microsoft Virtual Machine Converter 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=42497
137. ② Azure Site Recovery Site to Azure
① Azure Site Recovery Site to Site
③ Azure Site Recovery + InMage
(インマージ)
Azure 復旧サービス
137
141. Automation investments over time
• Automate the creation, deployment, monitoring, and maintenance of resources
• Rich workflow consistency through PowerShell Workflow based runbooks
• One automation solution for Azure, on-premises and Service Providers
• Cloud first investment enables hardened scenarios and capabilities on-premises
141
142. One Automation Solution for Azure and On Premises
User Interface
• Web portal
• Access Permissions (RBAC)
Authoring
• Graphical Authoring
• PowerShell Authoring
• Visualize end-to-end orchestration
• Gallery
• Service Administrator can create runbooks to automate all aspects of cloud infrastructure, plan delivery, and
maintenance activities
Runbook Engine
• Highly available
• PowerShell Workflow based engine
Integration
• PowerShell Module based integration
• Use existing PowerShell modules for Microsoft and 3rd party systems
• Create PowerShell modules for additional resources/systems
Tools
• Tools to convert SCO Integration Packs and runbooks
142
143. Published apps
RemoteApp Service
Microsoft
account
Identity options
RDP
Elastic runtime
…
DirSync/Federation
(optional)
Persistent user data
(50GB per user)
Custom template image or
prebuilt with Office
On-premises network
Windows Server
Active Directory
Azure Active
Directory
Authentication
User
143
144. RemoteApp Service
Identity options
RDP
Authentication
Domain
Joined
Subject to IT policy via
GP, System Center, or
other enterprise
management tools
On-premises network
Corporate Apps
DirSync
User
Persistent user data
(50GB per user)
Elastic runtime
…
Azure VPN
Custom template image
Maintained via Azure Portal
Corporate apps
Azure Active
Directory
144
Security features include:
All communication to Azure Site Recovery is encrypted
For site-to-site, only Virtual Machine Manager communicates with Microsoft Azure
Proxies are supported and only outbound http is required
Workload data at rest in Azure is encrypted at the customer’s discretion