Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deploying Complex and Large Scale Azure Environments –

Published byAugustus Moody Modified over 6 years ago

Similar presentations

Presentation on theme: "Deploying Complex and Large Scale Azure Environments –"— Presentation transcript:

1 Deploying Complex and Large Scale Azure Environments –
Microsoft Ignite 2016 4/18/2018 1:17 PM Deploying Complex and Large Scale Azure Environments – Tales from the Trenches CLD334a Aaron Saikovski Specialist Solution Architect – Microsoft Cloud Technologies Rackspace Australia E: © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Quick Intros Storage Large Scale Deployments Networking
4/18/2018 1:17 PM Agenda Quick Intros Large Scale Deployments Subscriptions Tagging Storage Networking Automation Monitoring Questions © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 4/18/2018 1:17 PM About me © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Large Scale Azure Deployments
4/18/2018 1:17 PM Large Scale Azure Deployments © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 4/18/2018 1:17 PM Subscriptions © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Subscriptions One Subscription per environment -> Dev, Test, Prod
4/18/2018 1:17 PM Subscriptions One Subscription per environment -> Dev, Test, Prod MSA and AzureAD Accounts -> subscriptions Enterprise Agreement (EA) - > Consolidated billing Restrict access to Prod (Yes Devs we are looking at you  ) TIP#1: Use named accounts (AzureAD) instead of MSA and use MFA!!! TIP#2: Use billing alerts at the subscription level to manage spend © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Subscriptions 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Key Subscription Limits
4/18/2018 1:17 PM Source: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 4/18/2018 1:17 PM Tagging © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Tagging Key:Value pairs -> name resources
4/18/2018 1:17 PM Tagging Key:Value pairs -> name resources Link resources -> cost centre, business unit etc Group common resources Resource -> 15 tags Max. Names -> Max. 512 characters Value ->Max. 256 characters. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Tagging..cont Examples: Azure “Classic” mode doesn’t support tagging
4/18/2018 1:17 PM Tagging..cont Examples: Environment: Dev, Test, Prod Build date Cost centre Owner Azure “Classic” mode doesn’t support tagging TIP#3: Automated shutdown of resources without tags. Save $$$ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 4/18/2018 1:17 PM Tagging Source: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 4/18/2018 1:17 PM Storage © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Quick Storage Recap 4/18/2018 1:17 PM
Source: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Storage Accounts Don’t overload storage accounts
4/18/2018 1:17 PM Storage Accounts Don’t overload storage accounts Plan Pricing Tiers -> Performance Premium storage -> Production workloads Avoid single storage accounts Standard storage -> MAX 500 IOPs per disk Premium -> MAX 5000 IOPS per disk (P30) TIP#4: Enable encryption when provisioning. Not after! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Storage Account Naming
4/18/2018 1:17 PM Storage Account Naming Naming of storage accounts -> Storage load balancing Eg. ‘devstorageacct001’, ‘devstorageacct002’ Traffic bound to a partition server -> Rebalance -> performance hit! Can have a big performance hit on VM workloads TIP#5: Prefix storage accounts with a 3 digit hash (Unique) Source: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Storage Account Naming
4/18/2018 1:17 PM Storage Account Naming Same cluster Unique cluster © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 4/18/2018 1:17 PM Networking © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 4/18/2018 1:17 PM Networking Planning!!! Overlapping IP ranges -> ExpressRoute, S2S VPN Deploy and Redeploy -> Iterate Keep it simple Single VNet vs VNet Peering GatewaySubnet -> /27 Address Space TIP#6: Avoid Network Security Groups (NSGs) at the NIC level © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Network Security Groups (NSGs)
4/18/2018 1:17 PM Network Security Groups (NSGs) Recommended!! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 4/18/2018 1:17 PM Automation © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Automation Automate everything -> ARM, PowerShell, CLI
4/18/2018 1:17 PM Automation Automate everything -> ARM, PowerShell, CLI No manual changes ARM is incremental Tag resources Resource groups & Tags for cost optimisation Layer the deployment © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Automation..cont Store ARM templates in a private repository
4/18/2018 1:17 PM Automation..cont Store ARM templates in a private repository Linked templates vs. layered ARM templates Azure Automation for scheduled tasks TIP#7: Keep your Azure PowerShell and SDK tools up to date TIP#8: Lock ResourceGroups with ‘CanNotDelete’ lock level TIP#9: Don’t store passwords in .param files -> use KeyVault!! Bonus Tip: Staggered Automation runbook schedules -> PowerShell © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Automation..Tips and Tricks
4/18/2018 1:17 PM Automation..Tips and Tricks Use "location": "[resourceGroup().location]" as default resource location Use subscription().id, resourceGroup().id for unique identifiers in variables Use listKeys for dynamic value lookups: …"[listKeys(resourceId('Microsoft.Cache/Redis', parameters('redisCacheName')), ' ').primaryKey © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Automation..Tips and Tricks..cont
4/18/2018 1:17 PM Automation..Tips and Tricks..cont Use outputs for debugging: "outputs": { "RedisSessionStateHost": { "type": "string", "value": "[concat(parameters('redisCacheName'), '.redis.cache.windows.net')]" } © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 4/18/2018 1:17 PM Monitoring © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Monitoring OMS (Log Analytics) -> default used by Rackspace
4/18/2018 1:17 PM Monitoring OMS (Log Analytics) -> default used by Rackspace Support -> subscription level Lots of metrics are captured Automated alerting -> Support ticket Example Key VM metrics Malware signatures update status Realtime protection CPU average greater than 95 percent average over 5 minutes Operating System Disk C = has less than 500 MB free space Recovery vault backup failures © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Monitoring..cont Include PaaS workloads – App Services, DocDB etc
4/18/2018 1:17 PM Monitoring..cont Include PaaS workloads – App Services, DocDB etc AppInsights -> URL monitoring -> multiple test locations Webhooks -> Azure Functions -> OMS Ingestion TIP#10: OMS has a 15 minute indexing interval © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 4/18/2018 1:17 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 OMS Query Samples ARM Deployments:
4/18/2018 1:17 PM ARM Deployments: Type:AzureActivity AND (OperationName="Microsoft.Resources/deployments/write" OR OperationName="Microsoft.Resources/deployments/validate/action") | measure count () by ResourceId, ResourceGroup Malware signatures out of date: Type=ProtectionStatus AND (ProtectionStatusRank=250) AND (TypeofProtection="System Center Endpoint Protection") © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 OMS Query Samples..cont 4/18/2018 1:17 PM SQL Azure: Average CPU utilization percentage greater than 80% over 10 minutes: Type=sqlazure_CL MetricName_s=cpu_percent | measure max(Average_d) as DBCPU by DatabaseName_s interval 10minutes | where DBCPU >=80 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Key Takeaways TIP#1: Use named accounts (AzureAD) instead of MSA and use MFA!!! TIP#2: Use billing alerts at the subscription level to manage spend TIP#3: Automated shutdown of resources without tags. Save $$$ TIP#4: Enable encryption when provisioning. Not after! TIP#5: Prefix storage accounts with a 3 digit hash (Unique) TIP#6: Avoid Network Security Groups (NSGs) at the NIC level TIP#7: Keep your Azure PowerShell and SDK tools up to date TIP#8: Lock ResourceGroups with ‘CanNotDelete’ lock level TIP#9: Don’t store passwords in .param files -> use KeyVault!! TIP#10: OMS has a 15 minute indexing interval

40 Questions Microsoft Ignite 2016 4/18/2018 1:17 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Continue your Ignite learning path
4/18/2018 1:17 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings Head to the TechNet Eval Centre to download trials of the latest Microsoft products Visit Microsoft Virtual Academy for free online training visit © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 4/18/2018 1:17 PM Thank you Chat with me in the Speaker Lounge Find me or or at the Rackspace booth © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Deploying Complex and Large Scale Azure Environments –"

Similar presentations

Luke Notley Migrating from AWS to Azure Seamlessly CLD32 1.

Luke Notley Migrating from AWS to Azure Seamlessly CLD32 1.
Andrew Hennessy Automating Server Application migrations to the Cloud – Goodbye Server 2003. INF21 3.

Andrew Hennessy Automating Server Application migrations to the Cloud – Goodbye Server INF21 3.
Reid Purvis – DC & Cloud Infrastructure Tech Specialist Shivam Garg – Principal PM Manager Backing up applications born in the Cloud: Deep Dive on IaaS.

Reid Purvis – DC & Cloud Infrastructure Tech Specialist Shivam Garg – Principal PM Manager Backing up applications born in the Cloud: Deep Dive on IaaS.
James Bannan Freddy vs JSON: Azure Resource Manager CLD44 3.

James Bannan Freddy vs JSON: Azure Resource Manager CLD44 3.
Orin Thomas 30 Bad Habits of Server Administrators INF32 3.

Orin Thomas 30 Bad Habits of Server Administrators INF32 3.
Building a Microservices solution using Docker,

Building a Microservices solution using Docker,
Basil Apostolou & Craig Pringle The why and how of hybrid cloud CLD22 3.

Basil Apostolou & Craig Pringle The why and how of hybrid cloud CLD22 3.
James Bannan The Cloud That Chuck Norris Built: Resilient Architecture in Azure ARC44 3.

James Bannan The Cloud That Chuck Norris Built: Resilient Architecture in Azure ARC44 3.
Rick Claus Architect like a PRO for Performance and Availability of your Microsoft Azure VMs ARC43 6.

Rick Claus Architect like a PRO for Performance and Availability of your Microsoft Azure VMs ARC43 6.
A deep dive into Azure AD B2C

A deep dive into Azure AD B2C
3 Ways to Integrate Business Systems to Partners

3 Ways to Integrate Business Systems to Partners
Azure Stack and Hybrid Deployment

Azure Stack and Hybrid Deployment
Azure ARM Templates CLD321 Aaron Saikovski

Azure ARM Templates CLD321 Aaron Saikovski
Serverless in Office 365 Build services with Azure Functions

Serverless in Office 365 Build services with Azure Functions
Making of the Ignite Bot

Making of the Ignite Bot
What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.

What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.
Building ARM IaaS Application Environment

Building ARM IaaS Application Environment
30 Tips and Tricks for Managing and Running Ubuntu/Bash/Windows Subsystem for Linux WIN321B Orin Thomas.

30 Tips and Tricks for Managing and Running Ubuntu/Bash/Windows Subsystem for Linux WIN321B Orin Thomas.
Conversation As a Platform - Part 1

Conversation As a Platform - Part 1
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection

Similar presentations

Ads by Google