(energetic music) – Welcome to Microsoft Mechanics Live! (audience applauds) Woo! (applause continues) Coming up whether you’re
on-prem in the cloud, CVP Erin Chapple shares her perspective on what you should know about when moving and operating your infrastructure and apps in the cloud. We’ll take a look at
real-world best practices and the latest tools and services that can help you to be successful and avoid the most common pitfalls. So please join me in welcoming Erin Chapple to the show. – Thanks Matt, it’s great to be on. (audience applauds) – It’s good to have you. Now most people know
you as the former leader of the Server Infrastructure Team so I think that you can empathize
with some of the audience that may still be trying
to get their head around the best ways to use the cloud and just looking for ways to improve what they have running now. – Yeah, I absolutely do empathize. I think, you know, having
run the windows server and now being in Azure Compute, I’ve made my own migration to the cloud. And like many of you,
I’ve been figuring out the path to connect the
two worlds of on-premises and the cloud where it makes sense. And I think it’s a normal
inclination to think that you need to take the
cloud in its entirety. Like, it’s just a binary thing
that I’m moving to the cloud. And that can be intimidating
because it’s different than what you have on-premises. But it’s not an
all-or-nothing decision, Matt. You know, you probably aren’t gonna move everything to the cloud. You’ll have things that are
gonna be running on the edge, in your data center, and remote offices, branch offices, et cetera. And so the cloud is really
a tool box in many ways. Both in terms of the services that it has but also the tools that it provides for you to be able to consume. And so you can use what you need and it’s very about being thoughtful about how you can engage with the cloud and where you choose to use it. – Now this is an interesting vantage point because you of all people
understand what it takes to make on-prem operations
successful, and now cloud. So where should people start? – Yeah well, as I mentioned, shifting to the cloud isn’t binary. It’s not a binary decision. And also the good news that
I know from my experience is that running, you know, the Server Compute and now Azure Compute, is that there’s a set of
expertise that all of you have in what it takes to
deliver infrastructure, and management and security
that is completely transferable. So let me kind of talk
about what I mean by that. How many of you are familiar
with the Windows Admin Center? Right. Awesome. Great tool if you aren’t
familiar with it go check it out. Jeff Woolsey I know did a
great session on it earlier. But that’s a great way that
you can take a small step to start to leverage the cloud and then use Azure as your end point. Right, so you can get into this
WAN from any server in Azure and use the hybrid services that you need. So here, let’s take a look. We have the Windows Admin Center here. Here’s the Azure hybrid services. I’m gonna click on
Discover Azure services. You can see I have all of
these Azure services integrated so I can connect my network
using the Azure Network Adapter. I have Monitor; I can use
Azure Monitor from right here. I can use Azure Update Management, integrate that into my
on-premises for patching. I can simplify with Azure backup. And then what’s not in
here and not shown today is that we actually have Azure Arc as well that’s been integrated into WAC in the GA version that just
went live earlier this week. – Yeah, so we’ve seen file sync,
we’ve seen security center. All sorts of great integrated
capabilities through. And I’m glad you show this
Windows Admin Centers, it’s an amazing cross-cloud
and infrastructure environment for managing Windows servers anywhere. On-prem, in the cloud,
virtual, physical, well. It’s a great example of how you can start to incrementally leverage those key capabilities in Azure. And we encourage everyone here, as you called out rightly there, to check out the show that
we did a few days back with Jeff Woolsey on the Admin Center. Now what are some of the things that people need to be cognizant of then as they take those first
steps toward the cloud? – Yeah, well, I just
showed you how you can extend what you have with Azure. And in fact you have
more options than ever. Whether you want to expand
upon what you have on-premises or have Azure come to you. And we’ll talk about
Azure Arc a little later. So the first tip that I will say is don’t treat your distributed
infrastructure as islands. You need to find ways to
connect what you’re doing so you can extend and evolve. – So how do people solve for that? – Well, if you already
have your own data centers, think of it as another site that you need to connect your resources to. This means thinking about
connecting things bidirectionally so that you can bring Azure capabilities into your data center. Now, foundational to all these bidirectional capabilities is networking. Even if you have just one percent of your network in the cloud, you’re redefining that perimeter. And so here’s how our network in Azure can become your network. You know if you think about your on-premises data centers and across Azure how we have a global footprint of regions and edges and sites, now we can literally
connect your WAN for you. And as you start to build that
bidirectional connectivity, this gets you out of the expense and the complexity of
running your own WAN. You can really take advantage
of Azure’s backbone, our network backbone, and use Azure’s global fabric Azure WAN so that you only have to pay for that last mile connection into Azure. And there are lots of options
and ways to do this, right? ExpressRoute allows you
to establish your own resilient and secure private connection to Azure for your main sites. This also gives you the ability to leverage Azure’s global network and connect your sites together. You can also connect to
thousands of branch offices by automating the
configuration and connectivity of your branch and sites at scale with the Azure’s Virtual WAN service. – And we often take the network
connectivity for granted, but it’s not actually gonna
take that much time to set up… – I think you’re gonna show us. – I’m gonna try my best. Thank you, no pressure here.
– (laughing) – So here we are in the Admin portal. This is the foundation, the network is the foundation, for all things cloud experiences. So here we are in the Admin portal. And if I click on Virtual Networks and we scroll down to find
one that I prepared earlier, ContosoAzureVNET the famous company, and we’ll immediately see a
big list of network devices, network interfaces, NICs, that are attached to this particular VNET. And you’ll also see things like Virtual network gateways
and application gateways where we start to integrate
with our on-prem network. And if we scroll back up and across here and look at DDoS protection, this is incredibly important
because Microsoft runs and protects some of the largest online services in the world
like Xbox Live, Microsoft 365, and as a result you can
benefit from the same levels of protection and scale
for your virtual networks. Now basic DDoS protection’s
on automatically but you can switch to standard to provide additional mitigation capabilities that are tuned specifically to Azure Virtual Network Resources. So awesome stuff. Now let’s take a look at security. Quite important I’d say. And then when we click on
it you’ll see immediately there’s a and number of recommendations directly associated to the network. So it’s telling me here that I should be locking down my internet facing VMs and I should be adding those
to Network Security Groups. Seem like a good idea. And if we drill into one of
these particular recommendations around subnets associated with an NSG you’ll see it’s providing
me with guidance around what we’re going to be protecting against, specific threats, and how
I can start to remediate. Now if I click on the Take action button in the bottom left corner here, I’m presented with some of the controls that I can use to make those
appropriate adjustments. Now one other area that’s important to talk about here is Firewall. And we could have configured
an individual firewall for this VNET but we’d like
to do this all centrally. And something we just
announced in Public Preview is Azure Firewall Manager. As you accumulate more
networks and firewalls, this Public Preview is gonna enable you to centrally deploy and configure multiple Azure Firewall instances that span different Azure
regions and subscriptions. You can create secured hubs, as we’ll look into in a minute, to essentially define and
control network traffic destined for private IP addresses, Azure Path Services, and the internet. And traffic’s routed to
the firewall automatically so there’s no need to
create user defined routes. And you’ll see here there
are three simple steps to get started. And so we’re gonna dive
into what it looks like to create one of these
secured virtual hubs. It actually builds on
what you said earlier around the Azure Virtual WAN. Because this is essentially
an Azure Virtual WAN with associated security
and routing policies configured by Azure Firewall Manager. And we use these to easily create Hub-and-Spoke and transitive architectures with native security services
for traffic governance and protection. Now all I need to do is
provide some basic information, choose a resource group, give
it a name, an address space, and I can choose whether or not to utilize an existing WAN that we created already or create a new one here. I can associate Azure Firewall policies. I’ve not got any just yet. We’ll go through those in a second. And I can also integrate with
Trusted Security Partners for familiar, best in breed,
third-party security offerings to protect internet access for users. Now with this Secured virtual hub created I can then start to create
my firewall policies that I’m gonna apply across
a broad range of services within my environment. So all I need to do here is again, provide some basic information, name, select a resource group, and then I can go into what should be familiar to many of you out there who have managed firewalls
within your environment. So we go into rule collection here. And you’ll see all I need to provide here is some very basic information; name, the collection types. So whether it’s gonna be a, I’m just typing a name here. The collection type, the priority, highest priority obviously. Network application specific rules. And then I mean to just allow or deny and choosing the specific
rules that I wanna define, of which I can define many
as part of this collection. And finally once I’ve
finished this particular step and defined these particular rules, I can then start to configure
the routing of traffic to my secured hub for
filtering and logging. So you see very quickly we’ve configured this virtual network and the
surrounding infrastructure for a solid foundation to build on as you do more in Azure. And now that we’ve built the
foundation and the house, what’s your perspective
on building out services and migrating services
within the environment? – The first common mistake that I see is that people take and
apply their existing notion of what it takes to run
on-premises infrastructure and apply that to the cloud.
– Right. – So if you’re coming from
an on-premises mindset the first inclination
you will typically have is that you’ll wanna over-provision applications, servers, et cetera, because things aren’t elastic on-premises. You know, it takes you time
to roll out that new server and you don’t wanna get that 3 AM alert that a service is down.
– I don’t. – Yeah, I don’t either.
– (laughing) – And so you’ll likely
need less infrastructure when you think about
that move to the cloud. And you’ve primarily architected things for that on-prem world. So my second tip is to really assess your environment for the cloud. Now we have a free tool that you see here that’s called Azure Migrate to help you figure out the right configuration
for your cloud world. You could also use Azure
Migrate to integrate with the most popular third-party tooling, things that you might be familiar with, as you go through the steps
of assessment and migration. And as you bring more and more of your mission critical workloads
like SAP to Azure, you can scale out. That’s one of the things
the power of the cloud does and we just launched the largest sized VMs with 12 TB of RAM. – That’s huge. – Pretty amazing.
– Yeah. Now once you’re in the
cloud or if you’ve got a hybrid setup running for
a few apps and workloads, have you got any tips
about how to feel good about the operational state
and how you manage costs? – Yeah so one thing you see a lot, both on on-premises and in the cloud is once a workload has been
brought over and running, you have the tendency to
just declare victory, right? – Yep, I’ve made it. – And I’m not saying don’t celebrate. You know, it’s exciting. You’ve made the move, you’ve
gone through that migration. But it’s important to capitalize on all the cloud-native capabilities where they make the most sense. – Right and one of those
benefits of the cloud is that is does make it easier
to optimize what you’ve got. But this is a huge
surface area to explore, so practically speaking,
where should people start? – Well, Matt, the answer
typically is it depends. There’s infinite
optimization opportunities and there’s lots that you can do with your data, for example,
with advanced analytics and AI, and tons of dev opportunities once you’ve advanced your footprint and
connectivity in the cloud. That being said I’m gonna keep these tips scoped to the compute area. And so here if you have
apps that have those fluctuating capacity, which are perfect in
the cloud environment, and you might wanna look at containers. Containers and Kubernetes open up a lot of optimization opportunity here and especially if you like things like HA clustering for servers, this takes it to a new level. And plus if we’re used to VMs, the efficiency of containers
is much, much better. And then on the process side, you can leverage DevOps
to be more flexible and provide flexible deployment and develop in environments. – Right. – Imagine a world where you
have no maintenance windows and you can make those changes and roll them back
without breaking anything. – And that sounds like a nice place to be. And with cloud-native and
elastic infrastructure like Kubernetes, as you mentioned, the agility of apps and services, it’s on a new level, too. I’m gonna show people here
just what that looks like. So what we’ve got on my screen
here is Visual Studio Code at the bottom half of my screen, and I’m gonna launch Cube Control to list the nodes within my environment. Now, if you’re not familiar, nodes are essentially workers, and in our case they are VMs
but they could be physical, and I’ve got three of them. And then we’re gonna enumerate the pods within my environment, which is a higher level structure containing one or more containers. And then we list the services here and we’ll see what
we’ve got going on here. Now you’ll notice here
if I go back to pods I’ve got four running. Three for the front-end
of our application. One for the back-end. If you look at these services
the middle one’s the key here because that’s our LoadBalancer that we’ve got within our environment that’s used for essentially
distributing traffic to the front-end pods. Take a note of that IP address there. That’s the external IP address of our particular application, our web application. I’m gonna bring that up in the browser. So I’m gonna go to that
particular web address there. And this is our Contoso
Freight application. Built it this morning myself. A lot of work. (talking over one another) But we’re going to actually
upgrade that application. We’re gonna refresh it now in real-time while users are using it. So what we need to do is firstly, I’m gonna drag down in
Visual Studio Code here, and I’m going to point
this particular app, this particular environment
at a new indexed HTML page. So I’ve made some edits to
this front-end previously. I’m gonna save that, and I’m gonna use a number of git commands to actually start to merge that code with what we’ve got at the
back-end in our repose. So I’m going to do a git add to merge, I’m gonna do a commit with
the message of “updating UI” so you’ll see that in a
bit more detail later on, And then gonna push it to github. So I’ve got a private repo up in github where this is all gonna be stored. You’ll see that’s been
pushed up now very quickly. And that’s all done. So, what I’m going to do now is establish essentially a monitor that’s gonna watch the changes to the pods
as things are happening. So while that’s happening
in the background, let’s open our github. Let’s go to our repo
for the Contoso Freight. You’ll see the four pods
running at the bottom there so nothing changing just yet. But not everyone realizes that github’s more than just a repo. It actually has workflow, build processes, actions in there. And what you’ll see here
in this pipeline view is we’ve actually started the actions that are gonna kick off based on that push that we’ve made. So we see things happening in github. As we refresh we see things happening at the bottom here with the pods. Things are just starting to kick off so let’s just refresh the page, and all of the build jobs
are now actually kicking off. So because of that push we’re redeploying additional containers. We’re gonna replace the
ones that are there. So as we see, things happening
in the background there. A lot’s happening at the bottom there. Containers are being created, previous containers are
being removed and replaced, and as we continually
refresh the page here, so we’ll continue to
refresh our web front-end. Remember, we’re replacing
this in real-time while users are using it. Here we go, boom. We’ve now updated the
front-end of the application, straightforward, easy, and those containers and
those pods have been replaced all through that push command
that we published to github. So Kubernetes, an incredible solution. It extends obviously to
on-prem and other clouds, it’s not just in Azure. And we’ve been hearing a lot
this week about Azure Arc. So how does that help all of this? – Well, Azure Arc really
brings us full circle. Earlier we talked about ways
to extend on-premises to Azure, now Azure Arc enables you to extend the Azure control plane on-premises to deliver that cloud
agility and management in your on-premises environment. And so it provides a consistent management and services
layer that applications can then layer on top of. And it provides you the more is choice in terms of where you want to run your workloads applications, whether they be
on-premises or multi-cloud. – Awesome. Well, there’s some great tips here whether you’re just
beginning your cloud journey or whether you’re looking to
expand on what you’ve got. So, where can we learn more? – Well of course, check out azure.com, it helps you get to the right place and explore the information you need. It’s also your source for
great technical documentation. And I want to call out azure.com/Migrate which is our central migration
portal that gives you all of the guidance around
migration and tooling for you to start your
journey to the cloud. – Yeah, lots of amazing resources there. And of course keep watching
Microsoft Mechanics for all the updates. Subscribe and follow us on Twitter. Thanks so much for watching. Bye for now. (audience applauds) (energetic music)

3 things you wish you knew about before moving to Azure (Microsoft Ignite)
Tagged on:                                                                                                     

Leave a Reply

Your email address will not be published. Required fields are marked *