fundamentals of managing and securing your sles workloads ... · fundamentals of managing and...
TRANSCRIPT
Fundamentals of managing and securing your SLES workloads on AzureScott Woodgate, Sr. Director, Product Marketing, Microsoft AzureShankar Sivadasan, Sr. Product Marketing Manager, Microsoft Azure
Welcome to City Power & Light
City Power and Light migration and modernization journey
App
Infrastructure
Data
Security | Management
Why Azure for SUSE workloads?
>95%of Fortune 500 use
Microsoft Azure
54Azure regions
Benefits of running SUSE workloads on Azure
Metrics Log
Optimized ExperienceAccess the latest and most advanced technologies– from Azure optimized SLES kernels to Cloud Application Platform with Azure Kubernetes service
Enterprise Support24x7 global, collaborative support.SLES for SAP and SLES for HPC are certified to run on Azure.
Flexible PricingBring your own license. Or use on-demand pay-as-you-go pricing. Or use Azure reservations for SUSE software appliance
Your choice at every level
Applications
Management
Databases andmiddleware
App frameworksand tools
DevOps
Step 1 - Rehost
Admin
Internet
Resource Group
Dev Subnet
Azure Virtual Machine
Virtual Network
PublicIP
On Premises Azure
Local Dev Box
Web Tier
API Tier
Data Tier
Demo- Rehost
Step 2 - Refactor
Admin
Internet
Resource Group
Dev Subnet
Azure Virtual Machine
Virtual Network
PublicIP
Cosmos DB(Mongo DB API)
Blob Storage
Redis Cache
Step 2 - Refactor
Admin
Internet
Resource Group
Dev Subnet
Azure Virtual Machine
Virtual Network
PublicIP
Cosmos DB(Mongo DB API)
Blob Storage
Redis Cache
Demo- Refactor
Challenges with moving to AzureBuilt-in Azure services options to keep your Azure and hybrid resources secure and well-managed
How do you set policies and control cloud spend?
How do you ensure that your environment is secure?
Governance in Azure
Development IT Governance
Traditional approach needs rethinking
Speed Control
Speed versus control
Built-in modern governance
Templates
Policies
RBAC
BlueprintsManagement
Groups
Cost Management
Resource Graph
Speed Control
Development IT Governance
Speed and control
Azure Cost Management
Native within Azure Portal, on by default with improved experience
Monitor cloud usage and spend in a single, unified view
Extend cost management to PowerBIor to your custom applications
Now available in preview on Azure portal for EA customers
Securing your Azure and hybrid resources
Unique Intelligence
Built-in Controls
$1B+ annual investmentsOver 3500 security expertsTrillions of diverse signals
Gain unmatched security
Simplify security management with Azure services
Microsoft Antimalwarefor Azure
Azure MonitorLog Analytics
Azure Security CenterVNET, VPN, NSG
Application Gateway(WAF), Azure Firewall
DDoS ProtectionStandard
ExpressRoute
Encryption (Disks, Storage, SQL)
Azure Key Vault
Confidential Computing
Azure Active Directory
Multi-Factor Authentication
Role Based Access Control
Azure Active Directory(Identity Protection)
+ Partner Solutions
Data protection
Network security
Threat protection
Identity & access management
Security management
Introducing Microsoft Azure Sentinel
Collect
DetectRespond
Limitless cloud speed and scale
Faster threat protection with AI
Bring your Office 365 data for free
Easy integration with your existing tools
Investigate
Cloud-native SIEM for intelligent security analytics for your entire enterprise
Security data across your enterprise
Rapidly and automate protection
Threats with vast threat intelligence
Critical incidents guided by AI
Azure Security and Azure Governance Demo
Challenges with moving to Azure
Governance Security
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Cost ManagementPolicy
Blueprint
Step 3 - Rearchitect
Admin
Internet
Resource Group
Mgmt Subnet
Jumpbox
Document DB(Mongo DB API)
Blob Storage
Redis Cache
Public Load
Balancer
SSH (whitelisted IP)
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
City Power and Light – Management Add-ons
Governance Security
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Cost ManagementPolicy
Blueprint
How do you know if you have architected it right?
Is there a way to create a repeatable and reliable process?
Resiliency
Delivering resilient applications in Azure
Azure Backup Availability Sets, Zones and Region Pairs Azure Site Recovery
Architecting for high availability in Azure
VM SLA99.9%
VM SLA99.95%
VM SLA99.99%
Regions54
Disaster recovery
Single VMProtection with Premium Storage
Availability setsProtection against failures within datacenters
Availability zonesProtection from entire datacenter failures
Site Recovery & Region pairsProtection from disaster with Data Residency compliance
AZs available across US, Europe and Asia… more regions coming soon
Industry-only High availability SLA
Automation in Azure
Simplify cloud management from the command line
Automation
Orchestrate
Runbooks & FunctionsUse functions, logic apps or runbooks to automate and deliver reliable and repeatable solutions
Script
Azure Cloud ShellUse PowerShell or Bash to operate your infrastructure and apps with scripts authored in languages including Python, Node.js and .NET
Azure Resource ManagerDeliver repeatable and consistent infrastructure as code with VM extensions and resource manager templates
Provision
Enable consistent delivery and operations of cloud quickly and easily
Automation and Resiliency Demo
City Power and Light – Management Add-ons
Governance Security
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Cost ManagementPolicy
Blueprint
Availability Zones
Backup
Azure Site Recovery
Resiliency Automate
ARM templates
Azure Cloud Shell
Jenkins
City Power and Light – Management Add-ons
Governance Security
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Cost ManagementPolicy
Blueprint
Availability Zones
Backup
Azure Site Recovery
Resiliency Automate
ARM templates
Azure Cloud Shell
Jenkins
How can you detect and troubleshoot issues?
Monitoring your applications and infrastructure
Azure Monitor
Metrics Log
Common Store
Built-in telemetryA common platform for all metrics, logs and other monitoring telemetry
Data driven insightsAdvanced querying and analytics powered by machine learning capabilities
Partner integrationRich ecosystem of popular DevOps, issue management, SIEM, and ITSM tools
Full observability for your infra, app and network
Metrics
Logs
Stores
Application Container VM Monitoring Solutions
Insights
Dashboards Views Power BI WorkbooksVisualize
Metrics Explorer Log AnalyticsAnalyze
Alerts AutoscaleRespond
Event Hubs Ingest & Export APIs
Logic AppsIntegrate
Application
Infrastructure
Network
Custom
Azure Monitor
Demo – Azure Monitor
City Power and Light – Management Add-ons
Governance Security
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Cost ManagementPolicy
Blueprint
Availability Zones
Backup
Azure Site Recovery
Resiliency Automate
ARM templates
Azure Cloud Shell
Jenkins
Monitoring
Azure Monitor
Azure Advisor
City Power & Light – Global, Scalable and Resilient
Resource Group (East US)
Mgmt Subnet
Jumpbox
Redis Cache
Public Load Balancer
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
Admin
Internet
Traffic Manager
Resource Group (West US)
Redis Cache
Public Load Balancer
Mgmt Subnet
Jumpbox
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
Cosmos DB App Storage CDN
Resource Group
Turn on Security and Management for your Azure workloadsMigrate with confidence
Azure Monitor
Azure Advisor
Azure Security Center
Azure Sentinel
Azure Firewall
Azure Key Vault
Policy
Cost Management
Blueprint
ARM templates
Azure Cloud Shell
Jenkins
Ansible
Resiliency Governance Security MonitoringAutomate
Availability Zones
Backup
Azure Site Recovery
© Copyright Microsoft Corporation. All rights reserved.
Thank you.
Appendix
Glo
bal
US
Gov
Indu
stry
Regi
onal
Azure: Trusted
54Azure regions
Migration and Modernization Journey
SaaSCloud-nativeRebuild/New Replace
Migration drivers
Migration drivers
Step 3 - Rearchitect
Admin
Internet
Resource Group
Mgmt Subnet
Jumpbox
Document DB(Mongo DB API)
Blob Storage
Redis Cache
Public Load
Balancer
SSH (whitelisted IP)
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
Towards the future - Multi region deployments
Resource Group (East US)
Mgmt Subnet
Jumpbox
Redis Cache
Public Load Balancer
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
Admin
Internet
Traffic Manager
Resource Group (West US)
Redis Cache
Public Load Balancer
Mgmt Subnet
Jumpbox
Web Subnet
Virtual Machine Availability Set
Virtual NetworkAPI Subnet
Virtual Machine Availability Set
Internal Load Balancer
Cosmos DB App Storage CDN
Resource Group