Hybrid Cloud Strategies and

Management
Chris Seferlis
Senior Principal Architect
Pragmatic Works
cseferlis@pragmaticworks.com
@bizdataviz
Linkedin.com/in/cseferlis
Session objectives and takeaways
Answer this question:
How can my organization begin
using Hybrid Cloud today?
Hybrid Cloud Presents Great Opportunity

80% 58% 87%

Enterprises see themselves Enterprises have a hybrid Organizations are planning

operating hybrid clouds for cloud strategy up from to integrate on-premises
the foreseeable future 55% a year ago datacenters with public
cloud
Sources:
1. Microsoft Study, 2017
2. RightScale 2017 State of the Cloud report
3. Avanade research on IT modernization, April 2017
Hybrid cloud consistency
Azure Active Azure Management Azure Azure
Directory and Security Data Services Services

Common Management Data Unified

Identity & Security Platform Development

Windows Server On-premises SQL Azure

Active Directory Infrastructure Server Stack
Hybrid Identity with Windows
Server AD and Azure AD
Mobile-first, cloud-first reality
63%
Data breaches
63% of confirmed data breaches
involve weak, default, or stolen
passwords.
80% 0.6%
Shadow IT IT Budget growth
More than 80 percent of employees Gartner predicts global IT spend
will grow only 0.6% in 2016.
admit to using non-approved
software as a service (SaaS)
applications in their jobs.
The current reality
EC2
Identity is the new control plane

1000s of apps, Enable business Manage access Cloud-powered

1 identity without borders at scale protection

Azure Active Directory at the core of your business

Identity as the core of enterprise mobility
Azure Active Directory as the control plane

Partners
Customers
Windows Server
Active Directory

Other
directories Self-service Single sign-on

Azure SaaS

Public
cloud
Simple connection

On-premises Microsoft Azure Active Directory Cloud

1000s of apps, 1 identity

Single sign-on to any app

Other directories
Microsoft Azure

Web apps Integrated

SaaS apps
(Azure Active Directory custom apps
Application Proxy)
1000s of apps, 1 identity

Azure Active Directory Domain Services

Your domain controller as a service for lift-and-shift scenarios

Azure Lift-and-shift on-premises

apps to Azure IaaS
Your virtual
network

Azure AD
Domain Services Kerberos
Azure AD Connect
NTLM
Your Azure IaaS
workloads/apps LDAP Windows Server
Group Policy Active Directory

Azure
Active Directory On-premises
Better security starts at the OS

Security Datacenter
Protect identity Supporting
threats efficiency innovation
Protect the OS on-premises or in the cloud

Help secure virtual machines

Equifax Announces Cybersecurity Incident Involving
Consumer Information

Sep 07, 2017

ATLANTA, Sept. 7, 2017 /PRNewswire/ -- Equifax Inc. (NYSE:
EFX) today announced a cybersecurity incident potentially
impacting approximately 143 million U.S. consumers.
Criminals exploited a U.S. website application vulnerability to
gain access to certain files. Based on the company's
ATLANTA,
investigation, the unauthorized Sept.from
access occurred 7, mid-
2017 /PRNewswire/ -- Equifax Inc. (NYSE: EFX)
May through July 2017. The today announced
company has found no a cybersecurity incident potentially impacting
evidence of unauthorized activity on Equifax's core consumer
or commercial credit reporting databases.
approximately 143 million U.S. consumers…
The information accessed…The primarily includes names, Social
information accessed primarily includes names, Social Security
Security numbers, birth dates, addresses and, in some
numbers,
instances, driver's license numbers. Inbirth
addition,dates, addresses and, in some instances, driver's license
credit card
numbers for approximately 209,000 U.S. consumers, and numbers.
certain dispute documents with personal identifying
information for approximately 182,000 U.S. consumers, were
accessed. As part of its investigation of this application
vulnerability, Equifax also identified unauthorized access to
limited personal information for certain UK and Canadian
residents. Equifax will work with UK and Canadian regulators to
determine appropriate next steps. The company has found
no evidence that personal information of consumers in any
other country has been impacted.
Windows Server 2016 Built-in security
Shielded Virtual Machines
Host Guardian Service
Secure Boot for Windows and Linux
Virtualization-based Security (VBS)
Containers with Hyper-V Isolation
Containers in Shielded VMs
Windows Defender
Credential Guard
Just in Time Administration
Just Enough Administration
Control Flow Guard
Code Integrity
Enhanced Threat Detection
 Enable security at
cloud speed

Continuously assesses the security of your workloads even as they change

Creates policy-driven recommendations and guides users through the process of
remediating security vulnerabilities
Enables rapid deployment of build-in security controls as well as products and
services from security partners (firewalls, endpoint protection, and more)
Limit exposure
to brute force
attacks with
just-in-time
RDP and SSH
access to virtual
machines
Preview
Prioritized
recommendations
take the guesswork
out of security for
resource owners
 Integrate partner solutions

Recommends and streamlines provisioning of partner solutions

Integrates signals for centralized alerting and advanced detection
Enables monitoring and basic management with easy access to advanced configuration using
the partner solution
Leverages Azure Marketplace for commerce and billing
Easily
deploy security
solutions from
partners and
automatically
integrate logs
Monitor and
manage partner
security solutions
The world is changing
 Today, 80% of
AI inve stment
Data will grow to organ izations
increased by
44 ZB in 2020 adopt clou d-fir st
300% in 2017
strategies
 Today, 80% of
Data will grow to CLOU
organ izations
AI inve stment
D ATA
44 ZB in 2020 adopt clou d-fir st AI
increased by
D
strategies
300% in 2017
 D ATA AI
Organizations that harness data,
cloud, and AI outperform
CLOU
D
Organizations that harness data,
cloud, and AI outperform

Nearly double $100M in additional

operating margin operating income
They out-innovate
They rely on a modern data estate
 TRANSFORM YOUR BUSINESS
W I T H A M O D E R N D AT A E S T AT E

HYBRID

On-premises Cloud
Private cloud

Operational databases Operational databases

Data warehouses Data warehouses

Data lakes Flexibilit Data lakes

Reason over Security
y
any data, anywhere and performance
of choice
 1/10th the cost of Oracle

S Q L S E RV E R 2 0 1 7
I N D U S T RY- L E A D I N G P E R F O R M A N C E A N D S E C U R I T Y N O W O N L I N U X A N D D O C K E R

Choice of platform Industry-leading Most secure Only commercial DB End-to-end mobile BI

and language performance over the last 7 years with AI built-in on any device

200
180 $2,230

Vulnerabilities (2010-2016)
160

Self-service BI per user

140
120
1/10 100
80
T-SQL PHP 60 $480
Java Node.js 40
C/C++ Python $120
20
C#/VB.NET Ruby #1 OLTP performance
0 R and Python +
in-memory at massive scale Microsoft Tableau Oracle
#1 DW performance

B2

A
e
L
er

L
Q

Q
cl

AN
rv

D
yS

eS
ra
Se

H
M
O
M

gr

P
L

IB

st

SA
SQ

Po
#1 price/performance Native T-SQL scoring A fraction of the cost

In-memory across all workloads

Private cloud Most consistent data platform Public cloud

C L O U D - F I R S T A P P R O A C H B R E E D S F A S T E R I N N O VAT I O N

Continuous
enhancements

SQL SQL SQL SQL

 Azure SQL Database
Managed Instance
Seamless and reliable migration at scale

Lift and shift migration to the cloud with

Database
no code changes
Migration Ser vice

Maximize current on-premises

license investments with Azure Hybrid
Benefit
Azure Hybrid Benefit
for SQL Ser ver
 A Z U R E S Q L D ATA B A S E
T H E I N T E L L I G E N T C L O U D D ATA B A S E F O R A P P D E V E L O P E R S

Learns Scales Enables Works in your Secures

& adapts on the fly multi-tenant environment & protects
SaaS apps

Realize automatic Change performance Easily manage Develop your app Build security-enhanced
performance levels and storage multi-tenant apps with the tools and apps with industry-
improvements without downtime database isolation platforms you prefer leading compliance
S Y S T E M S O F I N T E L L I G E N C E O N S Q L D ATA B A S E

AZURE MACHINE LEARNING AZURE SQL INTELLIGENT RESPONSIVE APPS

D ATA B A S E

SQL
Realtime scoring

Azure Machine Learning Workbench

 THE MICROSOFT
COMMITMENT TO CHOICE IN
THE CLOUD
A Z U R E D ATA B A S E F O R
MYSQL AND POSTGRESQL

Wo r k i n t h e D B o f y o u r c h o i c e

Create with built-in high availability

Set up in minutes, scale on the fly

Sustain performance with adaptive improvements

Rest easy with unparalleled security

Standard tier
UNCOVER INSIGHTS WITH BIG
D ATA & A D VA N C E D A N A LY T I C S
 B I G D ATA & A D VA N C E D A N A LY T I C S

Ingest Store Prep & train Model & serve

Business apps Data Lake Data Lake Cosmos DB Web & mobile apps
Data Factory
Store Analytics SQL DB

HDInsight SQL Data

Blobs
Custom apps (Hadoop/Spark) Warehouse Operational reports

Machine Learning Analysis

Services
Event Hubs
Sensors and devices Analytical dashboards
Stream Analytics

Kafka on HDInsight

D ATA INTELLIGENCE ACTION

 MI CRO S O F T F OR Y O UR MO DE RN D ATA E S TAT E

LOB CRM Graph Image Social IoT

SQL Server HYBRID Azure Data Services

Easiest lift and shift
with no code changes

Industry leader 4 years in a row Operational databases Operational databases 70% faster

#1 TPC-H performance Data warehouses Data warehouses 2x the global reach

T-SQL query over any data Data lakes Data lakes 99.9% SLA

AI built-in | Most secure | Lowest TCO

Flexibilit
Reason over Security and
y
any data, anywhere performance
of choice
Azure File Sync
 $$$

What are your pains with Windows File Server?

Azure File Sync
Cloud Tiering
West US

File Share

!
HQ
Seattle
Azure File Sync
Cloud Tiering
West US

Multi-site sync
File Share

SMB Users
Work Folders
NFS
Applications

Branch Office HQ
New York Seattle
Azure File Sync PaaS
Azure Backup Vault

Cloud Tiering Iaa

S
SM West US
RE B
ST

Multi-site sync
File Share

Direct cloud access

Rapid file server DR

Integrated cloud backup Work Folders SMB Users

NFS
Applications

Branch Office HQ
New York Seattle
 file sync
Azure File Sync
Centralize file services in Azure storage
file

Branch
Cache in multiple locations for fast, local performance
sy
file sync

n c

Utilize cloud-based backup and fast DR

Branch

HQ Cluster
aka.ms/afs
Hybrid Protection
with Azure Site Recovery
Hurricane Harvey
2017
Causes of IT disasters
Operational Failures Natural Disasters Human-caused events

43%

31%

16% 15%
12% 13%
10% 9%
4% 3%
1% 1% 1% 1%
re

ke
e

ll
rm

er

er
d

r
re

re

re
re

m
ro

pi
an

oo
ilu

Fi
ilu

ilu
ilu

id

sid

ris
ua
to

er

ls
ric

ts
fa

Fl
fa
fa

fa

rro
hq
rs

in

ica
an

ou
ur
er

e
e

te

Te
us
rt

em
um
or
ar

ar

H
w

us
Ea
in

o
w

f tw
w
Po

ici
W

Ch
o
H
rd

et

ici

al
so
ha

al

M
IT

M
IT

Source: Forrester “The State of Business Technology Resiliency Q2 2014”, May 12, 2014
The impact of an outage on your digital business
Business continuity and data protection are critical

Impact of the outage itself Impact to your brand Impact to your IT career
IT challenges implementing business continuity
Business continuity and data protection
are critical issues for every organization

Coverage
Cost Complexity
and compliance

Data center cost Multiple data centers Need to retain data

Resource cost Restoring tape Need to provide service
Hardware cost Managing management Challenging to comply
software
How Microsoft Azure can help
Accelerate your business continuity strategy

Reduced Reduced Increased

cost complexity compliance
Backup and replication Moving to Cloud…
September 22, 2017

Sales of purpose-built backup appliances have dropped markedly, with year-on-year dips of
16.2 per cent by revenue and 14.9 per cent by capacity, according to analyst firm IDC's
Worldwide Quarterly Purpose-Built Backup Appliance Tracker for 2017's second quarter.

IDC's research manager for storage systems Liz Conner said: "The traditional
backup market is declining as end users and vendors alike explore new technology."
She mentioned "cloud-based backup tiers, hybrid flash arrays, emphasis on replication and
data recovery" as reasons for the market's decline.

http://www.theregister.co.uk/2017/09/22/idc_q2_2017_storage_trackers/
Business continuity strategy
You need all three
Primary site Primary site Secondary site Original Backup

DATA DATA

High availability Disaster recovery Backup

When your applications When your site has a When your data is
have a catastrophic failure, catastrophic failure, run corrupted, deleted or
run a second instance them in Azure or a lost you can restore it
secondary datacenter
Azure Site Recovery: The complete disaster recovery solution
Site to Site Any Cloud Site to Azure

AWS*
Physical/VMware to VMware

Hyper-V/VMM to Hyper-V/VMM VMware Hyper-V Physical

Windows Any OS Linux

Azure Stack
Accurately positioning Azure Stack
What it is What it isn’t
First consistent Hybrid Cloud Platform Virtualization-replacement play

Integrated system with IaaS & PaaS DIY infrastructure

Regularly updated for Azure-consistency Static system you deploy & forget

Cross Platform Hybrid Cloud Windows Only Cloud

Microsoft Azure: Only consistent hybrid cloud

Azure Active Azure management and Azure

Directory data services Azure services
security

Clouds

Integrated Unified
Common Consistent
Management Development
Identity Data Platform
and Security and DevOps

Active On-premises SQL Server Azure Stack

Directory infrastructure
Azure Stack is an extension of Azure
Only consistent hybrid cloud platform

Consistency
Azure Azure Stack
Azure services
everywhere
42 Azure regions 100s of service providers 1,000s of enterprises
Azure Services on Azure Stack: PaaS and IaaS
Web, Mobile, Serverless Microservices Container Pivotal and
and API apps computing platform orchestration Open source

Azure App Service Azure Functions Service Fabric Kubernetes Cloud Foundry

Virtual Machines Docker Containers Networking Storage Key Vault

Linux and Virtual network,

Linux and Blobs, Tables, Application keys
Windows load balancer,
Windows Queues, Disks and secrets
(including VM scale sets) VPN gateway
Integrated delivery experience

Integrated Fast to deploy Pay-as-you-use Integrated

systems support, broadly
available

Get up and running Extension of Azure model Consistent support

quickly experience, no
Receive one bill
matter who you call
Deliver 100s of VMs
initially (and grow Available in 46
over time) geos initially
Get going with Azure Stack

1 2 3
Develop Validate Deploy
applications in Azure Download Azure Stack Order Azure Stack integrated
Development Kit systems for production
deployment

Start your journey to be a certified Azure Stack operator today

Modern, Remote Windows
Server Management
Project “Honolulu”
What is Project “Honolulu”?
• Modern Management Platform
• Aggregate “in-box” tools (Server Manager/MMC)
• Manage On-Prem and Azure
What’s next for
Project Honolulu
A peek in the pipeline…
Login Sign-up
Day 0
Day 0
Honolulu FAQ
Cost Browse using Installs on Manages Connectivity

Free! Edge Windows Server, version 1709 Windows Server, version 1709 Azure not required
Windows Server 2016 Windows Server 2016 Internet not required
Chrome Windows Server 2012 R2* Windows Server 2012 R2
Windows Server 2012
Windows 10 Microsoft Hyper-V Server
AD not required

Security Configuration Positioning Feedback Extensions

HTTPS IIS not required Evolution of “in-box” Upvotes via UserVoice Early alpha SDK in
LAPS Agents not required tools private preview
Delegation SQL not required
Complementary to
WMF 5.1 required on RSAT, SC and OMS
WS 2012 and 2012 R2
Containers…
Where to start?
CONTAINERIZE EXISTING APPLICATIONS
Containerize for portability, efficiency and reliability

TRANSFORM MONOLITHS TO MICROSERVICES

New code and transforming existing code

ACCELERATE NEW APPLICATIONS

Agile cloud native app development
 Image2Docker
ConvertTo-Dockerfile `
-RemotePath \\192.168.1.5\c$ `
-OutputPath c:\newDockerFile `
-Artifact IIS

# escape=`
FROM microsoft/aspnet:windowsservercore-10.0.14393.693
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

RUN Remove-Website 'Default Web Site';

# Set up website: iis-env

RUN New-Item -Path 'C:\iis\iis-env' -Type Directory -Force;

RUN New-Website -Name 'iis-env' -PhysicalPath 'C:\iis\iis-env' -Port 8090 -Force;

EXPOSE 8090

COPY ["iis-env", "/iis/iis-env"]

Image2Docker
• Open Source PowerShell • Supported artifact types:
Script • Roles and Features
• Add/Remove Programs
• Targets
• Internet Information Services (IIS)
• WIM
• HTTP Handlers in IIS configuration
• VHD/VHDX Files • IIS Websites and filesystem paths
• Live Servers • ASP.NET web applications
• Microsoft SQL Server instances
• Apache Web Server

Image2Docker Available Here:

1. https://www.powershellgallery.com/packages/Image2Docker/
2. https://github.com/docker/communitytools-image2docker-win
 Session Objectives and Takeaways
• Start using Hybrid Cloud Today:
• Azure AD Connect
• Azure File Sync
• Project Honolulu
• Azure Site Recovery
• Embrace Containers
• Check out Azure SQL Server and Managed Instances
• IT Heroes are Hybrid Cloud Admins
© Copyright Microsoft Corporation. All rights reserved.
 Next steps

Deploy and explore

Join the Windows Evaluate Project
Windows Server 2016
Insiders program “Honolulu”
and Server 2019

https://www.microsoft.com/en https://www.microsoft.com/en
https://insider.windows.com/e -us/evalcenter/evaluate-windo -us/evalcenter/evaluate-windo
n-us/for-business/ ws-server-honolulu ws-server-2016
 Cloud Migration Accelerator
The Cloud Migration Accelerator uses Pragmatic Works’ cloud expertise to identify
applications and databases that are the best fit for the cloud. During this process we’ll:

• Remove limitations and frustrations by moving off legacy platforms (Oracle,

Teradata, Neteeza, Sybase, etc.)
• Create and optimize migration and deployment model
• Forecast an intelligent cost estimate
• Reduce migration time by up to 75%

Visit our table today for more information!

© Copyright Microsoft Corporation. All rights reserved.