Este documento presenta una introducción a Azure y diferentes modelos de computación en la nube. Explica los modelos IAAS, PAAS y SAAS y cómo Azure ofrece capacidades IAAS y PAAS híbridas. También describe cómo los clientes pueden implementar sus propias imágenes virtuales en Azure y automatizar implementaciones con plantillas ARM.
2. Agenda
-Bienvenida y Guidelines comunidad para nuevos
-On Premise – La manera clásica
-Modelos Cloud Computing
-IAAS
-PAAS
-SAAS
-Azure
-IAAS-PAAS-Modelo híbrido
-Demos
3.
4.
5.
6. Este escenario es funcional para grandes y
medianas empresas con varios
departamentos de TI a su disposición,
donde cada uno puedo administrar y
mantener las diferentes capas de manera
óptima. Además de esto tienen
componentes críticos que por
seguridad/legislación no pueden estar en
la nube.
7.
8. • Si distribuyéramos nuestro software
bajo un proveedor de
IAAS(infraestructure as a service,
infraestructura como servicio),
debemos hacer lo siguiente:
• Nosotros decidimos que sistema
operativo instalar
• Instalamos el software
necesario(frameworks, bases de datos,
librerías, runtime) para que funcione
nuestra aplicación
• Finalmente, instalamos nuestra
aplicación
9. Acá delegamos la parte de
administración de equipo físico y
nuestro proveedor IAAS se encarga
de esto, nosotros empezamos a
controlar a partir del tipo de
sistema operativo que deseamos.
Este modelo es usado por startups y
empresas de mediano y gran
tamaños comúnmente.
10.
11.
12. Este modelo es comúnmente
utilizado por startups que
necesitan lanzar sus productos de
manera ágil y rápida con el
enfoque en el desarrollo de sus
productos y no de mantener
middleware e infraestructura.
13.
14.
15.
16.
17. Galería de Imagenes Virtuales
Windows Server 2012 R2 Ubuntu Server 14.04 LTS CentOS 6.5
SUSE Linux
Enterprise Server Oracle Linux 6.4.0.0.0
Windows 8.1 Enterprise
SQL Server 2014 Standard Oracle Database 11g R2 BizTalk Server 2013 SharePoint Server Farm
Microsoft Dynamics
GP 2013
Zulu 8
SAP HANA
Developer Edition Puppet Enterprise 3.2.3 Barracuda Web Application
Oracle WebLogic
Server 12.1.2
Visual Studio Ultimate 2013
openSUSE 13.1
18. CloudOn-Premises
• Preparar el VHD
• Opcional – generalizer el VHD usando SysPrep/waagent
• Subir el VHD a Azure Storage
• Preparar los recursos de red
• Crear la VM a partir del la imagen generalizada subida
VHD
Subir nuestras propias imágenes
virtuales
19. Deployment con ARM Templates
• Declarative deployment
• Maintain resources with
the same lifecycle within a
resource group
• Configure parameters for
input/output
• Specify resources &
dependencies
• Leverage Quickstart
Templates or export
existing resources
20.
21. Azure App Service Family
Web Apps
Web apps that scale with
your business
Mobile Apps
Build mobile apps for any
device
Logic Apps
Automate business
processes across SaaS and
on-premises
API Apps
Build and consume APIs in
the cloud
22. Azure Web Apps
• Support a variety of languages and platforms
• .NET, Java, Node.js, PHP, Python, and more
• Support scaling (manual or auto) and load balancing
• Support slots for staged deployments and A/B testing
• Support continuous integration
Global Scale
Scale up and down as
needed, manually or
automatically
Enterprise Grade
ISO-, SOC2-, and PCO-
compliant with enterprise-
level SLAs
Familiar and Fast
Leverage existing skills, plus
languages, frameworks, and
tools you're familiar with
24. Scaling Up vs. Scaling Out
Scale Up
Vary the VM size
1 Core w/ 1.75 GB RAM
2 Cores w/ 3.5 GB RAM
4 Cores w/ 7 GB RAM
Scale Out
Vary the VM count
Max 3* instances
Max 10 instances
Max 20/50** instances
25. Deployment Slots
• Use a Deploy-Confirm-Promote workflow
• Promote via “swap” through Azure portal
• http://sitename-slotname.azurewebsites.net
26. Continuous Integration
• Web apps can be deployed manually via FTP or WebDeploy
• Automate deployment using 3rd party source-control providers
• Can also use a local Git repository from Azure Portal
DropBoxBitBucketGitHubCodePlexVisual Studio
Team Services
Git
27.
28. Virtual Networks
• “Bring your own network”
• Provides security and isolation
by creating a private network
inside of Azure
• Supports:
• Defining subnets
• “Peering” with other non-
overlapping VNETs in the same
region
• Defining Network Security Groups
(ACL rules)
• Allows you to create complex
and/or sophisticated network
topologies around your VM’s
29. Other Network Resources
• Reserved Public IP Addresses
• Internal or External Load Balancers
• Application Gateways
• Application Gateway Web Application Firewall (Preview)
30. Connecting to On-Premises Networks
Azure VPN Gateway
• Connects your on-prem resources to Azure
• Includes Point-to-Site and Site-to-Site connections
• Can also be used to connect multiple VNETs in Azure
ExpressRoute
• Create private connections between Azure datacenters and
on-premises or partner/colocation host environments
• Connections do *not* go over the public Internet.
• Connectivity is faster, more reliable, and more secure than
Internet-based connections.
Objective: To illustrate a sampling of the array of different kinds of VM images available in the VM Gallery.
Notes:
One of the ways a VM can be provisioned is by selecting a predefined image from the VM Gallery, which offers a wide variety of vendor/partner-provided pre-configured VM images that you can choose from.
Examples include
Windows Server versions/editions or Linux Servers
SQL Server database or Oracle database
MSDN subscribers also get access to Windows images pre-populated with Visual Studio and Windows Client OS versions for use in DevTest scenarios
Objective: To show another option for deploying VM’s – via uploading a custom image.
Notes:
One unique thing about Azure is its Hybrid nature – VM exchange isn’t strictly uni-directional, VHD’s can be moved from Azure to on-prem.
A “generalized” image is one which is intended to be used to create multiple new VM’s - it has all personal information & state removed via SysPrep (Windows) or waagent (Linux)
A “specialized” image is one which is intended to be used “as is” in Azure
Objective: To show another option for deploying VM’s – via ARM templates.
Notes:
Another deployment option is to use ARM Templates
ARM Templates are declarative files that define the resources to deploy and the inter-relationships between deployed resources
Specify input parameters and variables, use expressions
Use Azure Quickstart templates, with source in GitHub
Edit in Azure online editor, use Visual Studio tooling, use Visual Studio Code
They can be checked into source control in order to simplify deployment management
Azure App Service is a PaaS offering that comprises four separate (but related) services:
Web Apps is a fully managed compute platform optimized to host Web sites and Web applications
Mobile Apps provides infrastructure for hosting back-ends for mobile apps -- for example, it provides infrastructure for sending push notifications not only to Windows clients, but to iOS and Android clients as well
API Apps makes it easy to host APIs in the cloud, features integrated support for Swagger (http://swagger.io/), and offers a built-in authentication service for restricting access to APIs
Logic Apps allows you to automate business processes and workflow -- for example, automatically finding negative tweets about your company and sending notifications to a Slack channel
Together, these services comprise a ready-made solution to many of the challenges involved in publishing Web sites, Web apps, Web services, mobile apps, and more.
The focus of this presentation is Azure Web Apps (https://azure.microsoft.com/en-us/documentation/articles/app-service-web-overview/). This service supports multiple languages and frameworks, including ASP.NET, Node.js, Java, PHP, and Python, so you can "use what you know" to begin leveraging it quickly. It supports scaling (manually or automatically) so capacity can grow as demand grows. It supports deployment slots for staged deployments -- for example, publish to staging, test your changes there, and then swap it into production only after you're confident it is ready. And it supports continuous integration, enabling you to be agile and aggressive in fixing bugs, adding features, and doing everything else needed to keep your site fresh and up to date.
Deploy a Web app on a single server and you'll hit a wall when the demand on that server reaches a certain level. Deploy it in Azure, however, and you can handle bursts through auto-scaling or steady growth through manual scaling.
With a traditional server farm, there are two ways to scale to meet demand:
Scale up by beefing up the servers (more RAM, more cores, etc.)
Scale out by adding servers
The same holds true for virtual server farms. In App Services, scale up is a choice between B/S/P 1-3, where 1 = 1 Core, 1/75 GB RAM, 2 = 2 Core, 3.5 GB RAM, 3 = 4 Core, 7 GB RAM. You can also scale up/down between tiers (B/S/P), which impacts local HDD storage (10/50/250 GB) as well as the cap on number of instances (3/10/50).
* For 3 instances on Basic, only manual scaling is supported
** For Premium Tier, there is a max of 20 if not using ASEs, and 50 if using ASE’s
When you deploy an Azure Web App, you can deploy to a separate deployment slot instead of the default production slot when running in the Standard or Premium App Service plan mode. Deployment slots are actually live web apps with their own hostnames. Web app content and configurations elements can be swapped between two deployment slots, including the production slot. Deploying your application to a deployment slot has the following benefits:
You can validate changes in a staging deployment slot before swapping it with the production slot.
Deploying a web app to a slot first and swapping it into production ensures that all instances of the slot are warmed up before being swapped into production. This eliminates downtime when you deploy your web app. The traffic redirection is seamless, and no requests are dropped as a result of swap operations. This entire workflow can be automated by configuring Auto Swap when pre-swap validation is not needed.
After a swap, the slot with the previously staged web app now has the previous production web app. If the changes swapped into the production slot are not as you expected, you can perform the same swap immediately to get your "last known good site" back
For more information, see https://azure.microsoft.com/en-us/documentation/articles/web-sites-staged-publishing/.
Continuous integration means deploying updates to your Web app as often as needed -- even several times a day. Azure supports many different deployment methods, including FTP, Git deployment (publishing from a local Git repository to Azure), and WebDeploy, which supports diff-deployment, database creation, and more. Visual Studio has integrated support for all three. Teams can also publish via third-party source-control providers such as Kudu (https://github.com/projectkudu/kudu/wiki/Deployment), which supports deployments from OneDrive and Dropbox, as well as repository-based deployments from GitHub, BitBucket, VSTS, and local Git repositories. For more information, see https://azure.microsoft.com/en-us/documentation/articles/web-sites-deploy/.
Objective: To introduce the concept of Virtual Networks (VNETs) in Azure
Notes:
A VNET is “your private network within the overall Azure network”
Along with the VNET, you can leverage other tools like Load Balancers, Network Service Gateways, Application Gateways, Public IP Addresses, etc.
Peering (new feature) allows 2 VNETs to be maintained as separate resources, but VMs in those VNETs can communicate with each other directly via IP Address.
VNETs can define Network Security Groups, which contain ACL rules that allow or deny traffic to VM instances in a VNET.
NSG’s can be associated with subnets or individual VM instances
Illustration source: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-overview/
Objective: To introduce some other Azure Networking resources that often complement VNETs.
Notes:
Reserved Public IP Addresses
Can be dynamic or reserved IP addresses
Load balancers act as a NAT
Public IP address can be associated to it (public), private is assigned an address in the subnet (and is accessed via that address)
Private load balancers are usually found in multi-tier apps/deployments, where only one (front) tier is internet-facing.
Also, with VPNs, the ILB can ensure company resource are only available internally to other systems on the same VNET
Supports hashed distribution of traffic, as well as port forwarding, auto-reconfiguration (scaling), service monitoring (probes), source NAT
Application Gateways
Work at application layer compared to Load Balancer working at the transport layer (Layer 7 vs Layer 4)
Acts as a reverse-proxy…client connections are terminated and requests are then forwarded to back-end endpoints.
HTTP & HTTPS only
Differ from Load Balancer in that this is URL/content-based routing & load balancing
Web Application Firewall (recently announced/in preview)
Preconfigured to prevent OWASP core top 10 vulnerabilities
Custom rules coming soon
You can also stand up a virtual appliance – dedicated VM running 3rd party SW that provides layer-7 security (NSG is layer-4)
Objective: To introduce the networking options in Azure for extending connectivity of a VNET into your on –premises or other networks
Notes:
VPN Gateway – whereas Peering only allows non-overlapping VNET connection in same Region, VPN Gateway allows connections that span regions and even subscriptions (even different deployment models)
Point-to-Site VPN
Allows creating a secure connection to your VNET from an individual computer.
Cert-based
Used primarily for dev/test, small-scale deployments
Does not require dedicated VPN device, run software from the client computer
Connect to network from home/hotel
Can be used with S2S connections through the same VPN Gateway
Site-to-Site VPN
IPSec VPN tunnel connection
Requires a dedicated VPN device on-premises with a public IP address
ExpressRoute
Direct connection to the Azure networking infrastructure
Speed, security (avoids the public internet)
Azure Point-to-Site & Site-to-Site VPN
P2S is VPN Client to server connectivity, certificate-based connectivity
S2S
Network-to-network connectivity
VPN on premises (VPN appliance using IPSec)/leveraging appliance
P2S is limited to ~128 concurrent connections, no infrastructure
S2S – need infrastructure (software-based appliances, or true hardware appliances)
Private WAN connectivity with ExpressRoute
S2S & P2S go over the Internet
ExpressRoute goes direct – not over Internet
ExpressRoute is not limited to VNet access (can connect to all Azure services)
VPN gateway – connect VNETs either with or across regions
ExpressRoute – Leverage a high-throughput private Fiber connection to an Azure Data Center
Objective: To introduce the networking options in Azure for extending connectivity of a VNET into your on –premises or other networks
Notes:
VPN Gateway – whereas Peering only allows non-overlapping VNET connection in same Region, VPN Gateway allows connections that span regions and even subscriptions (even different deployment models)
Point-to-Site VPN
Allows creating a secure connection to your VNET from an individual computer.
Cert-based
Used primarily for dev/test, small-scale deployments
Does not require dedicated VPN device, run software from the client computer
Connect to network from home/hotel
Can be used with S2S connections through the same VPN Gateway
Site-to-Site VPN
IPSec VPN tunnel connection
Requires a dedicated VPN device on-premises with a public IP address
ExpressRoute
Direct connection to the Azure networking infrastructure
Speed, security (avoids the public internet)
Azure Point-to-Site & Site-to-Site VPN
P2S is VPN Client to server connectivity, certificate-based connectivity
S2S
Network-to-network connectivity
VPN on premises (VPN appliance using IPSec)/leveraging appliance
P2S is limited to ~128 concurrent connections, no infrastructure
S2S – need infrastructure (software-based appliances, or true hardware appliances)
Private WAN connectivity with ExpressRoute
S2S & P2S go over the Internet
ExpressRoute goes direct – not over Internet
ExpressRoute is not limited to VNet access (can connect to all Azure services)
VPN gateway – connect VNETs either with or across regions
ExpressRoute – Leverage a high-throughput private Fiber connection to an Azure Data Center
Iaas
Crear una maquina virtual en el portal
Conectarme a la maquina virtual
Crear una maquina virtual desde terminal
Conectarme a la maquina virtual
Paas
Crear un app service portal
Deployar sitio nodejs
Crear un app service terminal