2. Port your AWS knowledge to Azure
Dan Patrick
Chief Cloud Strategist
Opsgility
@deltadan
Session Synopsis:
Customers are considering a multi-cloud strategy for reasons that range from hedging their bets to getting best of both worlds.
Whatever may be the reason, we want to support our customers and also empower our community to leverage their current knowledge for this purpose.
This session will help you in mapping some of that existing AWS knowledge to Azure.
Given the breadth and depth of this topic, we aim to get you started (focusing on Compute, Networking, and Storage) and give you a roadmap for next steps to learn more, with an outcome that’ll make you more valuable to your customers and stakeholders. 

3. Microsoft Azure Application innovation Data and intelligence
Accelerate innovation with the cloud
Data and intelligence
Power decisions & apps with insights
Microsoft Azure
Openness and flexibility
Build freely, deploy anywhere
Before diving in to the mapping of AWS to Azure concepts, I would like to provide some background on Azure focusing on Microsoft’s 4 core cloud pillars and I’ll give quick examples of each.
Microsoft Azure is our cloud platform for digital transformation across your business. Our strategy to this end is to provide a platform of technologies that:
1. Accelerates app innovation through rapid app development and agility in the cloud.
2. Delivers integrated data and intelligence—data for rich insights to intelligence embedded within apps.
3. Is open and flexible, where you can use the tools and technologies you already have and want to use.
4. Is trusted to protect your business assets. As more customers expect digital experiences, they expect the data they share with an organization to be protected. We help you do that.
Let’s discuss these areas in more detail.
Trust
Protect your business

4. Build apps faster and easier
Build on PaaS
Existing frameworks
Serverless Compute
Web and mobile
Microservices
Is Adult Content: False
Categories: people_swimming
Cognitive Services
Bot framework
Azure IoT Suite
Azure Marketplace
Building apps faster and easier means using the right building blocks for the job.
Starting from the bottom left, our core building blocks are storage, computing, and networking, or Infrastructure-as-a-Service, which provides customers with agility and cost savings.
When you add our integrated platform services, which run IaaS on the back-end, customers accelerate that agility. A recent study showed that customers using our platform as a service for app dev estimate 466% ROI than on just IaaS alone. This includes services across apps both small and internet-scale, data, integration, and so on.
In the middle, we’re packaging up services and capabilities to deliver preconfigured solutions such as with Azure IoT Suite. IoT is not a new concept in our industry, but it is extraordinarily difficult to deliver and maintain. In the past several years, the technology required to facilitate IoT solutions has improved dramatically, making it more accessible across industries and scenarios. Our IoT preconfigured solutions aim to further amplify that momentum, allowing companies to get to a working proof of concept in a fraction of the time than if they were building with individual components from scratch.
Finally, you can leverage full templates for web, mobile, containers, etc.--both first and third party--to get started in minutes rather than hours and days, through the Azure Marketplace. The screenshot here is our gallery of container templates, ranging from Docker to Mesosphere.
Build on IaaS
Virtual machines
Storage
Networking

5. Build and run open source solutions
Any tool, application, framework
Infrastructure
Containers
Databases & middleware
Frameworks
DevOps
Applications
We’re heavily invested in open-source technologies and partnerships, as evidenced on this slide. Nearly one in three Azure virtual machines are now running Linux, and we support Linux as a first class citizen.
Why is this important to Microsoft? Because it’s in the best interest of our customers. In fact, over 40% of CIOs are using open source as their primary strategy heading into We support our customers’ computing, whatever it is and wherever it is.
Finally, we contribute to the open source community as well as build some of our services on open source technology, like HDInsight and Azure Container Service. This also helps us scale to our customers’ needs as we rapidly release cloud solutions.

6. Port your AWS Knowledge and Experience
With that being said – let’s take a bit of a closer look on how you can leverage some of your existing AWS knowledge to become familiar and leverage Azure.

7. https://azure.microsoft.com/en-us/regions/
Azure Regions
38 Regions Worldwide, 30 Online…huge capacity around the world…growing every year
The security controls we apply to development, infrastructure, operations, and compliance apply to our global customer base.
Customers can explicitly choose which regions to deploy and store their data according to local privacy, security, or compliance requirements.
On this slide you can see the 38 regions where we operate (30 are active), including:
Public cloud regional datacenters with geographic diversity. Customers can deploy two identical workloads in different regions with an Active/Active failover model. This can ensure business continuity in the event of a local disaster.
Local and sovereign cloud. In-country Microsoft datacenters address data residency requirements, and we’re using a combination of technology as well as a legal framework to legally isolate certain regions of the world according to local sovereignty, governance, and rule of law, all the while providing the same exact up to date set of services in those regions.
There are four sovereign clouds today and four more planned, including Germany for example, as well as:
US Gov (2)
China North Beijing
China South Shanghai
Planned:
Germany Central
Germany Northeast
US DoD East
US DoD West
100+ datacenters
Top 3 networks in the world
Second Largest Dark Fiber Network
China Operated by 21Vianet
Germany Operated by Deutsche Telekom
2.5x AWS, 7x Google DC Regions
Operational
Announced/Not Operational

8. AWS Regions and Availability Zones
18 Regions Worldwide, 16 Online…Comprised of 47 Availability Zones, 42 Online
The AWS Cloud infrastructure is built around Regions and Availability Zones (“AZs”). A Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities.
These Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center. The AWS Cloud operates 47 Availability Zones within 16 geographic Regions around the world.

9. Azure (38 regions, 30 online)
Azure & AWS Regions
Azure (38 regions, 30 online)
Region pairs in a geo-political area for cross-region DR scenarios
A region is a massive Microsoft owned and purpose built Data Center (DC)
DC’s have multiple layers of hardware andsoftware redundancy for HA
Region to Region traffic over Microsoft backbone
AWS (18 regions, 16 online)
No geo-political region pairs, regions are not disaster proof
A region is a collection of smaller owned and Colo DC’s called Availability Zones (AZ’s) – 47 in total
AZ’s are well connected across flood plains and within a short car journey for HA
Region to Region traffic over public internet
A Region in Azure is one Datacenter. This means that all data and services are located in the same facility “MEGA” Sized Datacenter. Each Region is “Paired” with another region and this allows for services such as Geo-Replication of Storage Data and duplication of Azure Recovery Services Vaults.
These Pairs are always within Geo-Political Area of the world.
This is different from AWS where a region is made up of multiple buildings, which are in relatively close proximity to each other allowing for the “Availability Zone” (AZ for short).
Using Multiple regions to Geo-Distribute Services is benefit both clouds can provide to their customers. One major difference here is that network traffic between regions in Azure goes over the Microsoft backbone while AWS traffic would go over the Internet.

10. Terminology Mapping Description Microsoft Azure Amazon Web Services
Billing container
Subscription
Account
Security Principal
Subscription/Account Admin
Root Account
Access Control
Role Based Access Control (RBAC)
Identity and Access Management (IAM)
Directory Service
Azure Active Directory (AD)
AWS Directory Service
Geo locations
Region
User Interfaces
Management Portal
Management Console
Management & Monitoring
Azure Diagnostics + App Insights
Cloud Watch
Infrastructure as Code
Azure Resource Manager
Cloud Formation
Grouping Mechanism
Resource Groups
Metadata
Tags
Automation
Azure SDK, PowerShell + CLI
AWS SDK, PowerShell + CLI
By no means is this a complete list of terms/concepts that map to each other, but here we see how some basic concepts line up when thinking about things you already know about AWS.
Amazon and Microsoft are pretty similar in their approach, but Microsoft has a huge advantage over AWS with respect to Azure Active Directory.
You can even use Azure AD to extend the functionality of AWS services if you wish!
Microsoft and Amazon have a very close approach to the management, reporting and monitoring of clouds. Cloud formation is more mature than Azure Resource Manager, but
Microsoft will catch up quickly.
MS is putting huge investment into this and ultimate will have another large advantage over Amazon. With the introduction of Azure Stack MS will be able to lavage all of the functionality that is a part of Azure in a customers datacenter and have a truly integrated hybrid experience end to end.

11. Available Services in Azure GovCloud
Backup
Hybrid operations
Active
Directory
Multi-Factor
Authentication
StorSimple
Automation
Portal
Security & management
Key Vault
Compute
Cloud
services
Batch
Media
Services
SQL
Database
Redis
Cache
Tables
Data
Integration
Service
Bus
Storage
Queues
Platform services
Azure SDK
Developer Services
Notification
hubs
Web & mobile
Mobile Apps
Azure App
Azure Site
Recovery
Fabric
HD Insight
Azure
Monitoring
Log Analytics
Datacenter infrastructure
Compute
Storage
Networking
Virtual Machines
Infrastructure services
Azure files
Premium
VM Storage
Express Route
Load Balancer
Virtual Network
Traffic Manager
VM ScaleSets
BLOB Storage
US Gov. IA
US Gov. VA
US DoD Central
US Gov. AZ
US DoD East
US Gov. TX
Azure GovCloud Supported Services:
GovCloud does now Support Azure Resource Manager, Premium Storage and many more services. There are some gaps between commercial Azure and GovCloud, so be careful when deciding where to deploy. If the application doesn’t specifically call for GovCloud due to regulation or datacenter accreditation, it might be best to defer to the Commercial Azure Cloud first. And, this is also true for AWS.
Microsoft has aggressive plans for GovCloud in 2017, but those have not been made public yet.
Operational
Announced/Not Operational 11

12. AWS GovCloud Available Services
Datacenter infrastructure
Compute
Storage
Networking
Infrastructure services
Direct
Connect
VPC
EC2
Auto Scale S3
Glacier
ELB
Import/Export Snowball
Ebs
Hybrid operations
Security & management
Compute
Media
Data
Integration
Platform services
Developer Services
Web & mobile
SNS
SQS
SWF
EMR
Dynamo DB
ElastiCache
RDS
RedShift
IAM
Cloud HSM
AWS KMS
Cloud Watch
Cloud
Formation
Management
Console
SDK
AWS GovCloud Supported services are found here. You will notice that there aren’t quite as many services, but the main services used for most standard deployments are available. Some of the newer services are coming online like Kinesis etc.
Cloud
Trail

13. Comparing Purchasing and Billing
Azure
AWS
Global availability and Billing support in 24 Currencies
Billing for Azure Services is Per Minute
All Data going into an Azure Datacenter is free, while Egress Data has a fee
Subscription Types: Pay-As-You-Go, Compute Pre-Purchase with EA, Cloud Solution Providers.
Azure Hybrid Use Benefits allows for running Windows VMs on Azure for Base Computing Price if Customer has Software Assurance
Global availability, with some billing support in other currencies, but can only be paid via credit card
All Data going into an Azure Datacenter is free, while Egress Data has a fee
Four Ways to pay for EC2: On- Demand, Reserved Instances, Spot Instances or Dedicated Hosts.
On-Demand is billed Hourly, Reserved Instances discounted based on term, Dedicated Host provide software savings (On-Demand or Reserved Instances)
“On average, compute resources represent 75% -80% percent of your cloud spend.” – Rightscale
Azure and AWS are available in many countries all over the world.
Purchasing in Azure there are many ways, but it tends to focus on the overall usage of Azure, where as AWS tends to focus more on each workload.
One thing that really sticks out is Azure Bills by the Minute where as AWS bills by the hour.
Microsoft has some creative ways to only spend on the compute and leverage your current spend on software. AWS does this via Dedicated Hosts, but once again it’s more focused on individual workloads, so the teams have be really precise when looking at their workloads. Spot Instances in an area where AWS allows you to bid on Spare EC2 compute capacity.
It wouldn’t be surprising to see Microsoft introduce Spot Instances and Reserved Instances at some point.

14. https://azure.microsoft.com/en-us/pricing/calculator
Pricing Calculators
This slide was added based on feedback from a recent event.
There are pricing calculators for each service, with prices changing all the time.
-- also, you must do the math on how the price breaks down (per day, based on a 31 day month etc)
-- the prices on the calculator only show the pay-as-you-go model and do not take into consideration discounts through enterprise agreements, MSDN, or other offers.

15. Comparing Identity Azure AWS Azure Active Directory
Multi-tenant PaaS solution for Identity
Integrated with Microsoft etc.)
Multi-factor Authentication Available
Rich support for SaaS application integration
Free tier supports up to 500K Objects
(paid tiers unlimited)
Azure
AWS
Identity Access Management
Manage Users, Groups, Roles, Polices
Multi-factor Authentication Available
Roles are assigned to Resources
AWS Directory Service (for AD Integration)
Supports 50K Users | 200K Objects
Before getting into Compute, Networking, and Storage, let’s talk a little bit about Identity
AWS
Polices (which defined what can be done to the resources) can be assigned to Users, Groups, or Roles

16. Modern Identity with Azure Active Directory
BENEFITS
Users only have to manage one identity
One identity to manage from one location
Custom
LOB Apps
Enterprise
Office 365
Single Identity
Using Azure AD and Active Directory together Microsoft has an Enterprise grade turn key solution to these issues.
<click><click>
Now corporations can provide access across thousands of website or corporate apps using just the credentials provisioned or removed from Active Directory.
<click><click><click><click>
Obvious benenfits here include:
- Users only having to manage one identity
- The management of the single identity is done from a single location
Synchronize Identities
Azure AD

17. https://aws.amazon.com/console/
Azure & AWS Management
This is an image of the Azure & AWS Consoles.
There are huge number of services in both and we could spend all day trying to map each item to it’s equivalent component(s) in Azure.
We will narrow the focus to the three base components…<click>

18. Azure & AWS IaaS Services
Networking
Compute
Storage
<click>
Compute
Storage
Networking

19. Networking

20. Elastic Load Balancing Azure Content Delivery Network
Networking at a glance
Azure Virtual Network
Elastic Load Balancing
** Part of Compute in AWS
VPC
Azure Load Balancer
Application Gateway
Azure Content Delivery Network
CloudFront
99.95% SLA for ExpressRoute
Network Security Groups
Control network flow at VM and Subnet level
Internet accessibility available by default
No need to create/update IG & Routing Tables
Azure Express Route
AWS Direct Connect
Amazon VPC
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
This maps back to an Azure Virtual Network
Amazon Route 53
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. 
This actually maps back to Azure DNS as well Azure Traffic Manager
AWS Direct Connect
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud and Amazon Virtual Private Cloud, bypassing Internet service providers in your network path. 
In Azure, this is handled with Azure Express Route
Elastic Load Balancing – which is also listed under Compute in AWS
Elastic Load Balancing automatically distributes your incoming application traffic across multiple targets, such as EC2 instances. It monitors the health of registered targets and routes traffic only to the healthy targets. Elastic Load Balancing supports two types of load balancers: Application load balancers and Classic load balancers.
In Azure the functionality is handled by Azure Load Balancer as well as the Azure Application Gateway
Azure Traffic Manager
Azure DNS
Amazon Route 53

21. VPC & Virtual Network Comparison
Azure – Virtual Network
AWS – Virtual Private Cloud
Private subnets, routing tables, SNAT is automatic vs Internet Gateway, but you can provide your own via routing
KEY CAPABILITIES
Custom Routing
Network Security Groups (Subnet or VM)
Hybrid Connectivity with IPSEC VPN, PPTP (point-to-site), Peering, and ExpressRoute
Bring your own DNS at virtual network or VM
More traditional approach with Public and Private Subnets along with an Internet Gateway, NAT Instance and Routing Tables
KEY CAPABILITIES
Custom Routing
Security Groups (Subnet)
ACLs (VM)
Hybrid Connectivity with VPN/VPN Peering, and Direct Connect
Bring your own DNS, NetBIOS, NTP with DHCP Option Sets
At a high level AWS and Azure networking stacks are very comparable. A few key differences to note:
In AWS you must provision an internet gateway for outbound traffic, this is automatic for you in Azure.
For VPN to VPN connectivity in the same region AWS supports peering – this is now also supported in Azure.
Point-to-site doesn’t exist in AWS without bringing your own appliance.
CloudHub is where AWS can allow routing from on-prem to AWS to on-prem where AWS is the hub allowing transitive routing.
This doesn’t exist (yet) in Azure.
Both clouds support BYODNS by assigning options via DHCP Option Sets on AWS or by assigning DNS on the VM or the VNET for Azure.

22. Network Security Groups
Backend
10.3/16
Mid-tier
10.2/16
Frontend
10.1/16
Internet
On Premises 10.0/16
S2S
VPNs √
VPN Gateway
Enables network segmentation & DMZ scenarios
Custom Inbound/Outbound Rules
Default Inbound/Outbound Rules
Filter conditions with allow/deny
Individual addresses, address prefixes, wildcards
Choose Service or Custom Protocol/Port
Associate with virtual machines or subnets
Configure via Portal, PowerShell or ARM
To secure your network traffic in Azure, you would leverage Network Security Groups (in a traditional networking sense, you can relate Network Security Groups to Firewall rules and Router ACLs).
By leveraging Network security groups, you can restrict the flow of network traffic on either a virtual machine’s network interface or at the subnet that the interface is connected to.
Defining rules is simple and the very customizable, where you can restrict based on protocol, individual address, wildcards etc.
These configurations are possible in the portal, as well as scriptable (with PowerShell, the CLI or ARM Templates)
AWS using two methods to secure network traffic: Security Groups (Stateful) for Instances and Network ACLs (Stateless) for Subnets.
Virtual Network

23. Comparing VPN Connectivity Options
Azure
AWS
VPN Gateway that connects to on-premises device or appliance for private IP connectivity
ExpressRoute for Permanent & Private
VNET to VNET (VPN Gateway)
Connectivity to other VNETs in the same or other regions using IPSEC VPN Gateways
Uses Microsoft backbone for connectivity so disabling encryption is supported
VNET to VNET Peering
Connectivity to other VNETs in the same regions
Point-to-Site
Connectivity from a single machine to a VNET using PPTP
On-Premises-to-VPC
VPN Gateway that connects to on-premises device or appliance for private IP connectivity
DirectConnect for Permanent & Private
VPC to VPC (VPN Gateway)
Connectivity to other VPCs in the same region or other regions using IPSEC VPN gateways.
Uses public Internet for connectivity
VPC Peering
Connectivity to other VPCs in the same region
VPC Endpoints
Connectivity to S3 via a private non-Internet connection
Both Azure and AWS have very rich options for VPNs.
Microsoft’s Direct connection product is known as ExpressRoute and this aligns with DirectConnect from AWS. They both provide secure, fast connections to the respective public clouds.
Connecting to VNETs in Azure and VPCs in different regions is done via IPSEC VPN. With Azure this network traffic never touches the internet as it stays on the MS backbone. With AWS the VPN traffic transverses the Internet.
Connecting VNETs and VPCs within the same Region is done via Peering. This means that the networks are connected and traffic can be sent to nodes on either network.

24. Global connectivity over Microsoft’s network
Microsoft Ignite 2016
12/3/2017 8:57 PM
ExpressRoute
Atlanta
Chicago
Los Angeles
Seattle
Silicon Valley
Washington DC
Amsterdam
Dublin
London
Sao Paulo
Chennai
Hong Kong
Mumbai
Melbourne
Osaka
Singapore
Sydney
Tokyo
Las Vegas
Toronto
Montreal
Quebec City
New York City
Dallas
Newport, Wales
Paris
Beijing
Shanghai
Berlin
Frankfurt
Dallas
Washington DC
New York
Chicago
US Government
Germany
China
35 ExpressRoute locations
Nearly doubled peering locations and partners
More than any other cloud
There are many ExpressRoute locations to connect through. Microsofts policy is that there will be an ER location near each Azure region, and so the location are growing. This is very Enterprise-centric as the largest consumers of ExpressRoute are enterprises. Note there more of these private connection points than any other cloud provider provides, and they are all over the world.
<click> These are the locations available today, which connect into standard Azure regions.
<click> There are also ER locations near the gov-cloud and national cloud regions, extending private, robust connectivity for customers using these specialized Azure regions.
Global connectivity over Microsoft’s network
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25. Demo Networking Dan Patrick
-- Update NSG so that we can get http traffic
-- VNET Peering between VNETs of the VMs (should be GA by Conference Time)

26. Environment Virtual Network Address Space: 10.0.0.0/16
Allowed via “WebNSG”
Subnet Apps: /24
WEB-NSG
SRC ADDRESS PREFIX: INTERNET
SRC PORT RANGE: *
DEST PORT RANGE: 80
DEST ADDRESS PREFIX: /24
SQL-NSG
SRC ADDRESS PREFIX: /24
DEST PORT RANGE: 3306
DEST ADDRESS PREFIX: /24
Azure Load Balancer
Allowed via “SQL-NSG”
Ok, so during this talk we are going build out an IaaS Web Deployment.
-First will be the Virtual Network
<click>
with two Subnets and (FrontEnd & BackEnd)
<click><click>
Next we are going to Build a Network Security Group to allow the traffic into the appropriate subnets.
<click><click><click>
Then an Azure Load Balancer will be provisioned, but we won’t configure it until we add the VMs.
Subnet Data: /24

27. Compute

28. AWS Server Migration Service Azure Container Service
Compute at a Glance
Azure Functions
Web Jobs
Logic Apps
Azure Virtual Machine
EC2
Lambda
AWS Server Migration Service
**recently added & moved over to DMS
Azure Container Service
EC2 Container Service
Azure Site Recovery
Azure Backup
Azure Web Apps
Elastic Beanstalk
You can specify username/password
You can specify machine name
VMs support VHD format
VM Publicly accessible by default
No need to create/update IG & Routing Tables
DOUBLE CHECK MAPPING ON NEW SITE
Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable computing capacity—literally, servers in Amazon's data centers—that you use to build and host your software systems.
This maps to a Microsoft Virtual Machine
There are various components to map under these main topics like:
Standard Storage VHDs in Azure = EBS Volumes
Premium Storage = EBS Volumes with Provisioned IOPS
VM Extensions = User Data Scripts
Amazon ECS
Amazon EC2 Container Service (Amazon ECS) is Amazons container management service that makes it easy to run, stop, and manage Docker containers on a cluster of Amazon EC2 instances.
This maps back to Azure Container Service
AWS Elastic Beanstalk
With AWS Elastic Beanstalk, you can quickly deploy and manage applications in the AWS cloud without worrying about the infrastructure that runs those applications. You simply upload your application, and AWS Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
In Azure, this maps back to the Azure Service Fabric and Azure Web Apps
AWS Lambda
AWS Lambda is a zero-administration compute platform for back-end web developers that runs your code for you in the AWS cloud. AWS Lambda runs your back-end code on its own AWS compute fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances across multiple Availability Zones in a region, which provides the high availability, security, performance, and scalability of the AWS infrastructure.
In Azure, there are three services that actually handle similar functionality, used alone or in combination with each other or other services for that matter
AWS Server Migration Service will automatically replicate live server volumes to AWS and create Amazon Machine Images (AMI) as needed.
Azure Marketplace
Lightsail
**recently added

29. Comparing Azure and EC2 Virtual Machines
Virtual Network
Public IP
Virtual Private Cloud
Elastic IP
Azure Load Balancer (external)
Elastic Load Balancer (external)
Subnet
AV Zone
AV Zone
Subnet
Network Security
Group
Auto Scaling
Group
Security
Group
Scale Set
Elastic Load Balancer (internal)
Azure Load Balancer (internal)
AV Zone
AV Zone
Subnet
Subnet
Network Security
Group
Security
Group
The architectures of Cloud IaaS implementations are very simiar between Azure and AWS. The terms, specs and limits are for the most part where knowledge has to be aligned.
For example on the Network security group that provides both instance as well as subnet network traffic rules where as in AWS that is completed by two items: Security Groups and Network ACLs.
Also, Azure Storage is limited to 1TB disks currently, but there will be more to come in this area from MS in 2017.
Availability Set
Azure Storage: Premium (SSD) or Standard
Disk Format: Fixed VHD – Max 1 TB per disk
Span disks for larger volumes (up to 64 TB)
EBS Volumes: Provisioned IOPs, General Purpose SSD, or magnetic.
AMI Format, up to 16 TB per Volume

30. Azure & AWS VM Sizes Instances are Purpose Built Disk types
VM Series
Processor
Purpose
Disk
Network
AWS VM A
Xeon T2
A & D
Ivy Bridge M3 D
Haswell M4
DS & H C3 F X1 C4
D & G R3 NV
Sandy Bridge G2 NC
Broadwell P2 G I2 D2 B G
- Balanced Compute/Memory
- GPU Video S G H B C M E D C S
- Compute Optimized
- Storage M
- Memory Optimized
Disk types S
- SSD H
- HDD
AWS VMs are more purpose built meaning they are designed for specific types of workloads. This slide helps us to understand how the various VM “families” from AWS map to Azure VMs.
For Example using the areas of Purpose, Disk and Network mappings we can see that a C4 AWS Instance is built for the purpose of Compute, leverages only Elastic Block Storage and has Enhances Networking capabilities. These map to Version 2 D Series VMs in Azure in the Standard Tier.
Network capabilities D
- Default (speed varies) E
- Enhanced Networking

31. Demo Compute Dan Patrick
Create Windows & Linux VM (leveraging custom script for web server)
-- Create VMs in the SAME region
-- Create on VM in the portal – create 2nd VM with CLI
-- While creating, use specific AWS terms for what is happening in Azure
-- Tour of Azure Portal (while they are building)
-- Once VMs are built, browse the components that are built – try to browse to PublicIP – which will fail (but leave for next section)

32. Environment Virtual Network Address Space: 10.0.0.0/16
Allowed via “WEB-NSG”
Subnet Apps: /24
WEB-NSG
SRC ADDRESS PREFIX: INTERNET
SRC PORT RANGE: *
DEST PORT RANGE: 80
DEST ADDRESS PREFIX: /24
SQL-NSG
SRC ADDRESS PREFIX: /24
DEST PORT RANGE: 3306
DEST ADDRESS PREFIX: /24
WEBVM1
WEBVM2
Azure Load Balancer
Allowed via “SQL-NSG”
Now, in the Networking section we built out our network. Now let’s add some compute to make the solution come to life.
<click>
First we will build two Linux Web VMs (One from the Portal and One from Azure CLI. We will also leverage the Linux Custom Script extension to configure the machine during provisioning. This will install apache, php and connect it to our MySQL Server.
The Linux MySQL Server will also be built using some command via the Azure CLI Tool.
Once these VMs are built then we go back and configure the Azure Load Balancer to allow for traffic from the Internet to hit the servers.
Subnet Data: /24
MYSQLVM

33. Storage

34. Azure Import/Export Service
Storage at a glance
Azure Blob Storage S3
Azure Import/Export Service
Snowball
Azure File Storage
EFS
S3 Natively supports static website
Technically possible in Blob Storage
No way to define default document
EFS uses NFS (Linux Only)
Azure File Storage uses SMB 3.0
Azure Backup
Azure Cool Storage
Glacier
Amazon CloudFront
Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets. It integrates with other Amazon Web Services products to give developers and businesses an easy way to accelerate content to end users with no minimum usage commitments.
This maps to Azure Content Delivery Network
Amazon Elastic File System
Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. Amazon EFS is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.
When mounted to Amazon EC2 instances, an Amazon EFS file system provides a standard file system interface and file system access semantics, allowing you to seamlessly integrate Amazon EFS with your existing applications and tools. Multiple Amazon EC2 instances can access an Amazon EFS file system at the same time, allowing Amazon EFS to provide a common data source for workloads and applications running on more than one Amazon EC2 instance.
This maps back to Azure File Storage
Amazon Glacier
Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. Customers can reliably store large or small amounts of data for as little as $0.007 per gigabyte per month, a significant savings compared to on-premises solutions. To keep costs low, Amazon Glacier is optimized for infrequently accessed data where a retrieval time of several hours is suitable.
Amazon S3
Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable cloud storage. Amazon S3 is easy to use object storage, with a simple web service interface to store and retrieve any amount of data from anywhere on the web. With Amazon S3, you pay only for the storage you actually use. There is no minimum fee and no setup cost.
This maps back to Azure Blob Storage
AWS Import/Export Snowball
Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can be as little as one-fifth the cost of high-speed Internet.
AWS Storage Gateway
The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. The service allows you to securelystore data in the AWS cloud for scalable and cost-effective storage. The AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It provides low-latency performance by maintaining frequently accessed data on-premises while securely storing all of your data encrypted in Amazon Simple Storage Service (Amazon S3) or Amazon Glacier.
This maps back to Azure StorSimple
A note about Storage – S3 supports static websites by default. Although possible with Azure blob storage (there is currently no way to specify a default document)
Azure StorSimple
Storage Gateway

35. Blob Storage Concepts Container Blob Account Blob Type
Container
Account
Blob
PIC01.JPG
images
contosostorageaccount
Blob Type
Block
Page
PIC02.JPG
videos
AWS supports two types of URL types
Virtual-Hosted-Style:
Path-Style:
VID1.AVI
Bucket
Object
Path-style URL
Virtual-hosted-style URL

36. Azure Storage Durability
Locally Redundant Storage (LRS)
Stores 3 replicas of the data within a single zone (facility) in a single region
Provides data durability for disk, node and rack failures
Zone Redundant Storage (ZRS)
Stores 6 replicas of the data across datacenters within region
Geo Redundant Storage (GRS)
Stores 6 replicas of the data across two regions (3 in each region)
Provides additional durability to protect data against major regional natural disasters
Updates across regions are performed asynchronously
Geo Redundant Storage with Read Access
Amazon Elastic Block Store (Amazon EBS) provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud.  Each Amazon EBS volume is automatically replicated (2-disk mirror) within its Availability Zone to protect you from component failure, offering high availability and durability.
S3 is an object store that can be accessed from the Internet.
Need to update slide with Zone Redundant Storage

37. Azure Premium Storage
Consistent low latency SSD based with predictable IO throughput
Suitable for high-performance IO- intensive database workloads
Single digit milliseconds latencies
Supports up to 1 TB blob/disk size
Stripe up to 32 disks for a total of 32TB and more than 80,000 IOPS
Premium Storage Disks work in with any VM Size with S in the Name (FS, DS, GS)
DS and GS instance sizes are
similar to EC2 optimized instances.
Disk Types
Disk Size
IOPS per Disk
Throughput per Disk
P10
128 GB
500
100 MB/sec
P20
512 GB
2300
150 MB/sec
P30
1024 GB
5000
200 MB/sec
Provisioned IOPs vs Standard and Premium

38. Demo Storage Dan Patrick
Now, we have our functioning MySQL Server, but what if we decided that the server would be more performant if we added another drive to the box. By, doing this we could reconfigure MySQL separate the DATA Files from the LOG file.
Let’s add another drive to the MySQL Server using the Azure Portal.

39. Environment Virtual Network Address Space: 10.0.0.0/16
Allowed via – “WEB-NSG”
Subnet Apps: /24
WEB-NSG
SRC ADDRESS PREFIX: INTERNET
SRC PORT RANGE: *
DEST PORT RANGE: 80
DEST ADDRESS PREFIX: /24
SQL-NSG
SRC ADDRESS PREFIX: /24
DEST PORT RANGE: 3306
DEST ADDRESS PREFIX: /24
WEBVM1
WEBVM2
Allowed via “SQL-NSG”
This is the Example Environment that we will build today.
-First will be the Virtual Network with two Subnets and
Build Virtual Network with Two Subnets (FrontEnd & BackEnd)
<click>
Create Two Linux Web VMs (One from the Portal and One from Azure CLI leveraging custom script to install apache)
Build Linux MySQL Server CLI
Build
-- Create VMs in the SAME region
-- Create on VM in the portal – create 2nd VM with CLI
-- While creating, use specific AWS terms for what is happening in Azure
-- Tour of Azure Portal (while they are building)
-- Once VMs are built, browse the components that are built – try to browse to PublicIP – which will fail (but leave for next section)
Subnet Data: /24
MYSQLVM
Additional
Data Disk

40. Business Continuity and Disaster Recovery (BCDR)

41. Microsoft Hybrid Cloud Management
Microsoft System Center
WINDOWS
LINUX
VMWare
HYPER-V
On-premises datacenter
Microsoft Operations Management Suite
HYPER-V
LINUX
WINDOWS
VMWare
Public and hosted clouds
Azure or AWS
Azure Site Recovery or ASR allows for using Azure for your Disaster Recovery needs.
You can recover Datacenter to Datacenter using your own facilities and Azure is the Orchestrator or you can use Datacenter to Azure Failover and Azure will be come your secondary site.
ASR Supports
<click>
Hyper-v
Vmware
And even Physical Servers
Operations Management + Security

42. Disaster Recovery in AWS
AWS Supports "Pilot Light" style disaster recovery
This is where part of the solution runs in AWS and is available to scale up if needed for a failure
Another approach is a full environment on standby as a hot failover
The term pilot light is often used to describe a DR scenario in which a minimal version of an environment is always running in the cloud.
The idea of the pilot light is an analogy that comes from the gas heater. In a gas heater, a small flame that’s always on can quickly ignite the entire furnace to heat up a house.
Azure has rich story for DR using Azure Site Recovery.
In both scenarios, automation replication and connectivity changes to make this type of failover work are left to the User - In other words it is a “Manual” Process.

43. Using Microsoft Azure for Disaster Recovery
Solution Protection
Microsoft Azure Site Recovery
Datacenter to Datacenter Replication & Failover
Datacenter to Azure Replication & Failover
Azure Site Recovery or ASR allows for using Azure for your Disaster Recovery needs.
You can recover Datacenter to Datacenter using your own facilities and Azure is the Orchestrator or you can use Datacenter to Azure Failover and Azure will be come your secondary site.
ASR Supports
<click>
Hyper-v
Vmware
And even Physical Servers

44. Fully Featured & Workload Aware
N-Tier Application Consistency
Detect and stage multi-tier applications and restore them as a group
Application Replication Support
Benefit from using SQL AlwaysON and Active Directory replication when your databases and infrastructure components need the least possible RTO
No Impact Recovery Plan Testing
Perform periodic DR drills and testing without any impact to the production or recovery virtual machine
Microsoft works closely to ensure that major vendors workloads are supposed by ASR.
<click>
Complex N-Teir applications can be restored in the correct order, so that they come and ready for users after an outage.
Replication of Data tiers such as SQL Server Always On is supported and Active Directory is also supported.
With just a few clicks customers can test their DR plans to see if they work without causing any downtime. Also these tests can be done during the day which is much easier to schedule and sure that the tests take place as a part of normal business operations.

45. Approaches to Backup Azure AWS
Rich suite of backup services and devices and 3rd parties with different capabilities, while providing a more general approach to cloud storage
Azure Backup
Agent, Fabric, and Server for application support + DPM integration
StorSimple
Hybrid physical and virtual device that provides on-premises and cloud based storage
All Backed by Azure Blob Storage
3rd party application eco-system supports blob storage as a target
Mature Storage services for different use cases with the backup services and devices from 3rd party providers S3
General storage
Glacier
Cheap storage that is optimized for infrequently accessed data
Storage Gateway
Service that provides on-premises and cloud based storage
3rd party application eco-system supports storage services
AWS and Microsoft both have a rich set of servers for Backup to their cloud.
Microsoft has a more integrated full experience for Windows products which makes sense.
AWS has more open cloud based approach that is applicable to numerus scenarios.

46. AWS doesn’t have true backup Service, but rather relies on admin automation of snap shots and use of S3.
Azure Backup
First Party SaaS Service running in Azure
Cost efficient Offsite data protection in Azure for Long Term (99+ years) retention
Application aware backups for on-premises servers and Azure VMs
Support for offline seeding and import through the Azure Import/Export service
Backup workloads including SharePoint, Exchange, SQL Server, and VMWare and Hyper-V hosts
Comes with free Azure Backup Server for both Azure IaaS & On-Prem
Azure Backup is a true Backup and Recovery SaaS service that is hosted in Azure.
You can backup and restore from both VMs running in Azure or VMs, Hosts and Servers running On-Prem.
The Service can be seeded using the Azure Import/Export Service if you have large backup volumes that need to be moved to Azure via disk.
It is application aware meaning that you can backup SharePoint, Exchange, SQL Server, Vmware ESX hosts and Hyper-V Hosts.

47. More Resources
Getting started Tutorials for Azure Scenarios
Free Microsoft Training at Microsoft Virtual Academy
Over 1400 sessions from recent Ignite event
Azure Training from Opsgility (use Discount Code TRYOPSGILITY)
Get started with Azure for free
Training and certification for Azure
Azure Documentation
Ignite Videos to go deeper into Compute, Networking, and Storage
Discount Code – TRYOPSGILITY

48. Questions? We want your feedback — please submit evaluations!