Chapter 3 Public cloud

Public cloud refers to large scale cloud services delivered by an organization such as Microsoft. Unlike private cloud, where organizations own and operate the infrastructure, public cloud enables organizations to consume cloud services and capacity on-demand. Microsoft provides a large portfolio of both consumer and enterprise cloud services such as Office 365 and Windows Azure. In a hybrid cloud infrastructure, Windows Azure delivers the public cloud infrastructure and Platform as a Service (PaaS) capabilities required for a robust hybrid infrastructure

Windows Azure overview

Windows Azure is the public cloud solution from Microsoft for Infrastructure and Platform as a Service. Windows Azure is one of the largest investments in the history of Microsoft considering the massive datacenter, compute, storage, and network capacity in addition to research and development of the various Windows Azure services

Windows Azure is a global service hosted in a Microsoft world class datacenter infrastructure. Many of the Windows Azure services provide a financially backed service level agreement (SLA) and all Windows Azure services use a pay for consumption model where the user is billed based on how much capacity they utilize. Windows Azure enables an organization to host their workloads and applications in the cloud while also connecting to on-premises resources in a hybrid cloud model.

Windows Azure is built using the same Windows Server and Hyper-V foundation as the Microsoft private cloud solution described in the previous chapter. This foundation enables virtual machine portability between the private cloud and the public cloud. Adding Windows Azure to the hybrid cloud infrastructure provides an effectively unlimited amount of capacity distributed across geographically separated datacenters. For both large and small organizations, this can be a significant benefit.

This section will provide a brief overview of all of the major Windows Azure services so you have awareness of the large and growing set of capabilities in Windows Azure. Additional information can be found at http://www.windowsazure.com.

Windows Azure compute services

Windows Azure currently includes the following compute services:

• Virtual Machines
• Web Sites
• Mobile Services
• Cloud Services

A summary of each of these is derived from Windows Azure documentation (http://www.windowsazure.com/en-us/documentation/).

Virtual Machines

Windows Azure provides a wide range of Infrastructure as a Service (IaaS) features such as virtual machines, storage, and network resources. Creating a new virtual machine (or many virtual machines) typically takes no longer than five minutes and is performed via the Windows Azure portal or through REST APIs or Windows PowerShell. Windows Azure IaaS virtual machines are offered with the specifications listed in Table 3-1 with a correspondingly higher price for virtual machines with more cores or RAM.

Windows Azure supports a wide range of virtual machine operating systems including Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Windows Azure also supports Linux virtual machines including Ubuntu, CentOS, Suse, and Oracle Linux. In addition to virtual machines with just an operating system, Windows Azure also provides virtual machines with applications such as SQL, Microsoft SharePoint, as well as Oracle database and other applications. Finally, Windows Azure also allows users to upload their own custom virtual machine images (such as a reference virtual machine created in Hyper-V and uploaded to Azure).

Web Sites

Windows Azure Web Sites allow rapid deployment of web applications and integration with various Microsoft and third-party or open source development frameworks. Windows Azure Web Sites are elastic and scalable with the ability to scale out a web application to additional virtual machines on demand or automatically based on autoscaling policies. Windows Azure includes a number of different web applications (such as blog/CMS platforms, development frameworks) which can be deployed into Windows Azure Web Sites from the gallery.

Mobile Services

Mobile Services enables mobile application development by providing features to structure storage, authenticate users, and send push notifications. Mobile Services provides SDKs for Windows, Android, iOS, and HTML as well as a flexible REST API. Mobile Services lets you to build connected applications for any platform and deliver a consistent experience across devices.

Cloud Services

Windows Azure Cloud Services enables rapid deployment of highly available web applications. Rather than creating and uploading virtual machines, with Cloud Services you upload your application and Windows Azure executes the deployment details such as provisioning, load balancing, and health monitoring. Cloud Services are key

Windows Azure storage and data services

Windows Azure currently includes the following storage and data services:

• Storage
• SQL Database
• HDInsigh
• Cache
• Backup
• Recovery Manager

A summary of each of these is derived from Windows Azure documentation (http://www.windowsazure.com/en-us/documentation/)

Storage

Windows Azure Storage provides a robust, distributed storage architecture for data and virtual machine storage. Windows Azure Storage provides three storage constructs: blobs, queues, and tables. Blobs store unstructured binary and text data. Queues store messages that a client can access. Tables store nonrelational structured data. For Windows Azure virtual machines, unlike on-premises virtual machines where the virtual machine’s VHD file is stored on a disk or LUN, a virtual machines VHD file is stored in Windows Azure blob storage which is an extremely high availability service where each blob is replicated to three locations within one datacenter and three locations in a geographically separate datacenter by default.

SQL Database

Windows Azure SQL Database is a fully managed relational database service that delivers flexible manageability, includes built-in high availability, offers predictable performance, and supports massive scale-out. With Windows Azure SQL Database, developers have direct access to a managed SQL capability without have to create and maintain virtual machines running SQL server

HDInsight

HDInsight is a Hadoop-based service from Microsoft that brings a 100 percent Apache Hadoop solution to the cloud. This platform manages data of any type, whether structured or unstructured, and of any size. With HDInsight you can seamlessly process data of all types through the Microsoft data platform, which provides simplicity and ease of management. You can analyze Hadoop data with PowerPivot, Power View, and other Microsoft Business Intelligence (BI) tools through integration with Microsoft data platform.

Cache

Windows Azure Cache is a distributed, in-memory, scalable solution that enables developers to build highly scalable and responsive applications by providing super-fast access to data.

Backup

Windows Azure Backup helps you protect important server data off-site with automated backup to Windows Azure. Backups are encrypted before transmission and stored encrypted in Windows Azure. These backups are off-site protected by reliable Windows Azure storage, reducing the need to secure and protect on-site backup media. Cloud backups can be managed from the backup tools in Windows Server, Windows Server Essentials, or System Center Data Protection Manager.

Recovery Manager

Windows Azure Hyper-V Recovery Manager can help protect important services by coordinating the replication and recovery of Hyper-V and System Center 2012 R2 private clouds at a secondary location.

System Center 2012 Virtual Machine Manager (VMM) clouds can be protected through automating the replication of the virtual machines that compose them at a secondary location. The ongoing asynchronous replication of each VM is provided by Windows Server 2012 Hyper-V Replica and is monitored and coordinated by Hyper-V Recovery Manager.

Windows Azure network services

Windows Azure currently includes the following network services:

• Virtual Network
• Traffic Manager

A summary of each of these is dereived from Windows Azure documentation (http://www.windowsazure.com/en-us/documentation/).

Virtual Network

Windows Azure Virtual Network enables you to create a logically isolated section in Windows Azure and securely connect it to an on-premises datacenter or a single client machine using an IPsec connection. Virtual Network makes it easy for you to take advantage of scalable, on-demand infrastructure of Windows Azure while providing connectivity to data and applications on-premises.

Windows Azure virtual machines can take advantage of a number of advanced networking capabilities such as isolated virtual networks per subscription, virtual private network (VPN) connectivity between an on-premises datacenter network and Windows Azure, as well as a number of other features such as load balancing, DHCP, port ACLs, and many others.

Windows Azure IaaS provides an easy on ramp to public cloud by supporting a wide range of virtual machines and workloads that can be moved from on-premises hosting to Windows Azure.

Traffic Manager

Traffic Manager allows you to load balance incoming traffic across multiple hosted Windows Azure services whether they’re running in the same datacenter or across different datacenters around the world.

Windows Azure application services

Windows Azure currently includes the following application services:

• Active Directory
• Media Services
• Content Delivery Network
• Service Bus
• Multi-Factor Authentication
• Scheduler
• Notification Hubs
• Visual Studio Online
• BizTalk Services

A summary of each of these is derived from Windows Azure documentation (http://www.windowsazure.com/en-us/documentation/).

Active Directory

Windows Azure Active Directory is a comprehensive identity and access management cloud solution. It combines core directory services, advanced identity governance, security, and application access management. Windows Azure Active Directory also offers developers an identity management platform to deliver access control to their applications, based on centralized policy and rules. For enterprises with more demanding needs, an advanced offering, Windows Azure Active Directory Premium, helps complete the set of capabilities that this identity and access management solution delivers.

Media Services

Media Services offer the flexibility, scalability, and reliability of a cloud platform to handle high quality media experiences for a global audience. Media Services include cloud-based versions of many existing technologies from the Microsoft Media Platform and our media partners, including ingest, encoding, format conversion, content protection, and both on-demand and live streaming capabilities.

Content Delivery Network

The Windows Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia, and South America.

Service Bus

Windows Azure Service Bus provides the messaging channel for connecting your cloud applications to your on-premises applications, services, and systems.

Multi-Factor Authentication

Windows Azure Multi-Factor Authentication reduces organizational risk and helps enable regulatory compliance by providing an extra layer of authentication, in addition to a user’s account credentials, to secure employee, customer, and partner access. Windows Azure Multi-Factor Authentication can be used for both on-premises and cloud applications.

Scheduler

Windows Azure Scheduler allows you to invoke actions-such as calling HTTP/S endpoints or posting a message to a storage queue-on any schedule. With Scheduler, you create jobs in the cloud that reliably call services both inside and outside of Windows Azure and run those jobs on demand, on a regularly recurring schedule, or designate them for a future date.

Notification Hubs

Notification Hubs provide a highly scalable, cross-platform push notification infrastructure that enables you to either broadcast push notifications to millions of users at once or tailor notifications to individual users.

Visual Studio Online

Host code, plan and track projects, and collaborate with team members to ship better software with Visual Studio Online. With Visual Studio Online, you get an end-to-end, cloud-based Application Lifecycle Management (ALM) solution that handles everything from hosted code repos and issue tracking to load testing and automated builds.

BizTalk Services

Windows Azure BizTalk Services is a simple, powerful, and extensible cloud-based integration service that provides Business-to-Business (B2B) and Enterprise Application Integration (EAI) capabilities for delivering cloud and hybrid integration solutions. The service runs in a secure, dedicated, per-tenant environment that you can provision on demand.

The next two sections discuss how to extend the on-premises datacenter fabric to include Windows Azure infrastructure services as well as extending fabric management to include managing Windows Azure.

Extending the datacenter fabric to Windows Azure

A key attribute of the Cloud OS strategy is delivering a hybrid infrastructure spanning private cloud, Windows Azure, and service provider clouds. This section covers extending the private cloud fabric (compute, storage, and network) to Windows Azure. Subsequently, we’ll cover extending fabric management to resources hosted in Windows Azure.

Extending the datacenter network to Windows Azure

The first step in extending the fabric to Windows Azure is establishing secure network connectivity between the private cloud datacenter and Windows Azure. Windows Azure provides several methods for establishing secure VPN connectivity between a private cloud datacenter and Windows Azure.

Windows Azure Virtual Network

The “Windows Azure overview” section provided a brief overview of Windows Azure Virtual Network. With Virtual Network, you can create private networks in Windows Azure and specify your own private IP address ranges to be used in your virtual network. Resources placed in a virtual network, such as virtual machines, can only be accessed from other resources within the virtual network or over administrator specified publically accessible endpoints which can be configured with access control lists (ACLs).

A second key feature of Virtual Network is that it can be used to create a secure, cross-premises VPN connection between Windows Azure and your datacenter. This is what we refer to as extending your datacenter fabric to Windows Azure as you can extend your network to include Virtual Networks you’ve established in Windows Azure, use a common IP addressing scheme (e.g. 10.x.x.x or 192.x.x.x) across the private and public cloud resources and even set up your own DNS servers either in your Virtual Network or on-premises.

Within a Windows Azure Virtual Network, you can establish multiple virtual machines and cloud services which can all communicate using that network. Again, you can determine if you want to allow any external connectivity from outside the virtual network. The Windows Azure Network Security (http://go.microsoft.com/fwlink/p/?linkid=389558&clcid=0x409) whitepaper provides depth on some of the topology options and security considerations.

When establishing VPN connectivity to Windows Azure, there are two primary options. The first is targeted toward individual users such as developers who may need to connect to your Windows Azure Virtual Networks from the Internet or arbitrary networks (such as a developer who moves between locations). In this case, the Windows Azure “point-to-site” capability can be utilized which consists of downloading a VPN connection profile from your Windows Azure Virtual Network that the developer installs on their workstation enabling them to use the VPN client built into Windows to connect to the Windows Azure Virtual Network. The point-to-site capability does not require a VPN device or special hardware. Point-to-site connectivity utilizes Secure Sockets Tunneling Protocol (SSTP).

The second method of establishing connectivity is the site-to-site VPN capability of Windows Azure Virtual Network. The site-to-site capability requires the installation and configuration of a VPN device (or Windows Server 2012 R2 Routing and Remote Access Server) in your datacenter to connect to a Windows Azure Virtual Network Gateway you configure on your Virtual Network. Microsoft provides a list of VPN devices that have been tested for compatibility with the site-to-site VPN capability described at http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx. Figure 3-1 illustrates the site-to-site VPN connectivity for Windows Azure Virtual Network adapted from this diagram on Microsoft TechNet.

Currently, Windows Azure Virtual Network only supports connecting your virtual network to one on-premises site or VPN device. You can have multiple Virtual Networks and connect them back to one or more sites, but there currently can only be a one-to-one relationship between a given Virtual Network and on-premises site. Site-to-site connectivity uses IPSec and IKEv2.

Windows Azure ExpressRoute

Windows Azure ExpressRoute enables you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Windows Azure can also yield significant cost benefits.

With ExpressRoute, you can establish connections to Windows Azure at an ExpressRoute location (Exchange Provider facility) or directly connect to Windows Azure from your existing WAN network (such as a MPLS VPN) provided by a network service provider. The diagram in Figure 3-2 illustrates the two options adapted from this diagram on Microsoft TechNet (http://www.windowsazure.com/en-us/services/expressroute/).

Note that in both cases, traffic between the customer site and Windows Azure does not traverse the public Internet. Unlike Windows Azure Virtual Network, which can be configured by an on-premises administrator, ExpressRoute requires collaboration with a service provider. At the time of publication these included AT&T, Equinix, and Level(3). More information on ExpressRoute can be found here: http://www.windowsazure.com/en-us/services/expressroute/.

These two options enable the ability to extend your private cloud datacenter network to Windows Azure. This opens a variety of scenarios such as extending your Active Directory into Windows Azure or using your on-premises System Center infrastructure to manage and monitor your resources in Windows Azure.

Extending datacenter storage to Windows Azure

There are several approaches to extending your private cloud storage infrastructure to Windows Azure for effectively unlimited storage capacity. As discussed in the ”Windows Azure overview” section, Windows Azure provides highly available storage through three foundational storage constructs: blobs, tables, and queues. A wide variety of storage solutions can be built using these constructs such as applications exposing blob storage as shares, drives, or other common storage access scenarios. Solutions exist from both an IaaS and a PaaS perspective.

StorSimple

Cloud-integrated storage from Microsoft StorSimple provides primary storage, backup, archive, and disaster recovery, combined with Windows Azure. As discussed briefly in Chapter 2, StorSimple couples an on-premises storage appliance with Windows Azure blob storage. The on-premises appliance can provide two tiers of storage: hard disks (HDD) and solid-state disks (SSD). Windows Azure storage is a logical third tier of storage. Policies configured by the administrator determine when and what type of data is kept on SSD, which is put on HDD, and which is moved to Windows Azure. This is commonly referred to as storage tiering, where the most frequently accessed or important data is kept on the highest speed (but typically more costly) storage while less frequently accessed or important data is moved to less expensive storage such as Windows Azure. StorSimple also enables interesting backup and disaster recovery scenarios because StorSimple devices in different datacenters can be used to access snapshots and data in Windows Azure for rapid recovery.

Figure 3-3 illustrates a multiple-tier storage infrastructure for extending the datacenter storage fabric to Windows Azure that uses all of the elements described in this book. The highest performance tier is the Windows Scale-out File Server cluster infrastructure on-premises using SAS JBOD with SSD/HDD. While this infrastructure itself can be configured with multiple tiers, for simplicity it is illustrated as a single tier. This tier is ideal for virtual machine storage, high IO databases, etc. The Microsoft StorSimple appliance provides the point of access for the next three tiers. Tiers two and three represent the HDD and SSD tiers local to the StorSimple appliance also on-premises. These intermediate tiers are optimal for application and file data. The final tier is also accessible through the StorSimple appliance, however, the data is stored in Windows Azure. All of the StorSimple tiers, including the Windows Azure tier, are presented on-premises as iSCSI targets meaning nearly any storage client can access them because iSCSI is widely supported in all operating systems.

PaaS storage

In addition to the IaaS approaches to utilizing Windows Azure storage, there are a variety of mechanisms from a PaaS perspective to store data in Windows Azure. Windows Azure storage can be accessed via the Windows Azure APIs from any application with connectivity to the Internet. A wide range of third-party applications and solutions can also be utilized to access Windows Azure storage. While the PaaS scenarios are beyond the scope of this book, it is important to realize the flexibility that the PaaS methods provide to applications and developers.

Extending datacenter compute to Windows Azure

Extending the datacenter compute fabric to Windows Azure entails using services such as virtual machines and HDInsight to augment your compute capacity with the effectively unlimited capacity of Windows Azure.

Windows Azure Virtual Machines

Windows Azure Virtual Machines, both IaaS and PaaS, enable you to deploy your workloads in Azure, burst to Windows Azure for extra capacity, or use Windows Azure as a backup or disaster recovery capability. Virtual Machines provide a wide range of scenarios for augmenting your on-premises compute capacity and over time Windows Azure will likely become the primary option for many, if not all, workload deployments.

HDInsight

A second scenario for extending a compute fabric to Windows Azure is in the area of big data, analysis, and high performance computing. Most organizations can benefit from the advances in big data, business intelligence, and related capabilities but purchasing, implementing, and managing large scale data solutions on-premises is cost prohibitive for many organizations. Windows Azure enables on-demand solutions for these topics through HDInsight which provides Apache Hadoop capability. In addition, Windows Azure provides the capability of Windows Server 2012 R2 High Performance Computing (HPC) clusters to be built in Windows Azure. The key feature is that very large clusters can be created by any organization and they only incur cost during the time they are utilized, then they can be easily de-commissioned.

The ability to extend the datacenter network, storage, and compute fabric to Windows Azure affords any organization access to world class datacenters and associated cloud services. Utilization-based pricing provides an easy on-ramp to capabilities that many organizations would otherwise be unable to utilize. The next section discusses how to enable a seamless management capability across the private cloud and Windows Azure.

Extending datacenter fabric management to Windows Azure

Once the network, storage, and compute fabric has been extended to Windows Azure, the next step is extending the fabric management capability of Microsoft System Center to encompass all of the resources hosted in Windows Azure. In addition, Microsoft has introduced new cloud-based management services that are hosted in Windows Azure called Windows Intune and System Center Advisor, which are management systems that are operated by Microsoft but can manage customer devices and infrastructure.

Self-Service

Microsoft provides two solutions for IaaS Self-Services. The first is System Center 2012 R2 App Controller. The second is the combination of the Windows Azure management portal and the Windows Azure Pack.

System Center 2012 R2 App Controller

System Center 2012 R2 App Controller provides a single self-service experience to configure, deploy, and manage virtual machines and services. App Controller enables a single self-service portal to span VMM-based private clouds, Windows Azure, and Microsoft service-provider partner clouds. App Controller provides an example of the design goal of the Cloud OS providing capabilities which span the three clouds.

Windows Azure Pack

The Windows Azure Pack integrates with System Center and Windows Server to help provide a self-service portal for managing services such as websites, virtual machines, and service bus. Windows Azure Pack also provides a portal for administrators to manage resource clouds, scalable web hosting, and more. Windows Azure Pack effectively provides a copy of the Windows Azure management portal which can be run in a private cloud datacenter or a service provider datacenter. Unlike App Controller, which is a single portal able to connect to all three clouds, Windows Azure Pack provides the same user interface as Windows Azure but is a separate portal. In the Cloud OS, the same user interface is provided across all three clouds but through three distinct portals. Over time continued convergence and commonality between Windows Azure, private cloud, and service provider cloud is expected.

Updating and update management

For scenarios in which granular update management is not required (where the update policy in effect is to utilized the built-in policies, such as download and apply all updates), the standard Windows or Microsoft Update that is available over the Internet can be utilized by Windows Azure virtual machines. An example of where this might apply is development or test in the cloud, or other cases in which granular management via WSUS or Configuration Manager is not required.

Windows Server Update Services

Windows Server Update Services (WSUS) enables IT administrators to deploy the latest Microsoft product updates. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. The WSUS server provides the features that administrators need to manage and distribute updates through a management console. In addition, a WSUS server can be the update source for other WSUS servers within the organization. The WSUS server that acts as an update source is called an upstream server. In a WSUS implementation, at least one WSUS server in the network must connect to Microsoft Update to get available update information. WSUS can be deployed either on-premises or in Windows Azure. Keep in mind that network traffic egressing Windows Azure incurs cost while traffic into Windows Azure does not.

System Center 2012 R2 Configuration Manager

System Center 2012 R2 Configuration Manager supports two scenarios for managing hybrid environments. The two supported scenarios are described in http://support.microsoft.com /kb/2889321 . The first is using an on-premises deployment of Configuration Manager to manage virtual machines both locally and in Windows Azure over the site-to-site VPN capability described in previous sections. The second is a single-server, primary site deployment of Configuration Manager in a Windows Azure virtual machine to manage the other Windows Azure-hosted virtual machines.

Another use case for System Center 2012 R2 Configuration Manager and Windows Azure is cloud-based distribution points. You can use a cloud service in Windows Azure to host a distribution point. When you use a cloud-based distribution, you configure client settings to enable users and devices to access the content, and you specify a primary site to manage the transfer of content to the distribution point. Additionally, you specify thresholds for the amount of content that you want to store on the distribution point and the amount of content that you want to allow clients to transfer from the distribution point. Based on these thresholds, Configuration Manager can raise alerts that warn you when the combined amount of content that you have stored on the distribution point is near the specified storage amount or when transfers of data by clients are close to the thresholds that you defined.

Monitoring and alerting

In hybrid cloud architectures, there is a choice in terms of where management servers and services are hosted (on-premises or in the cloud) and whether the same management infrastructure is utilized for both on-premises and cloud-hosted resources.

System Center 2012 R2 Operations Manager

As with Configuration Manager, System Center 2012 R2 Operations Manager can be deployed in several scenarios for monitoring both on-premises and Windows Azure resources. The Operations Manager infrastructure can be deployed on-premises and is used to monitor both on-premises servers and virtual machines, as well as the Windows Azure IaaS-hosted resources, such as virtual machines and storage, by extending the datacenter network to Windows Azure using site-to-site VPN. Alternatively, a dedicated deployment of Operations Manager can be deployed in Windows Azure for managing and monitoring the Windows Azure-hosted resources.

When utilizing Operations Manager to manage Windows Azure-based resources, there are two levels of management capability. The first is using the Windows Azure management APIs in conjunction with the Windows Azure Fabric Management Pack for Operations Manager.

The Management Pack for Windows Azure Fabric enables you to monitor the availability and performance of Windows Azure fabric resources that are running on Windows Azure. The management pack runs on a specified proxy agent and then uses various Windows Azure APIs to discover and collect instrumentation information remotely about a specified Windows Azure resource, such as a cloud service, storage, or virtual machine. The Management Pack for Windows Azure Fabric offers the following functionality:

• Discovers Windows Azure Cloud Services.
• Provides status of each role instance
• Collects and monitors performance information per role instance.
• Collects and monitors Windows events per role instance.
• Collects and monitors the .NET Framework trace messages from each role instance.
• Grooms performance, event, and the .NET Framework trace data from Windows Azure Storage.
• Changes the number of role instances.
• Discovers Windows Azure Virtual Machines.
• Provides status of each role instance of the Virtual Machines.
• Discovers Windows Azure Storage.
• Monitors availability and size of each Storage and optionally alerts.
• Discovers relationships between discovered Windows Azure resources, to see which other resources a particular Windows Azure resource uses. This information is then displayed in a topology dashboard.
• Monitors management and cloud service certificates and alerts if the certificates are about to expire.
• Includes a new Distributed Application template that lets you create distributed applications that span Windows Azure as well as on-premises resources, for hybrid monitoring scenarios.
• Includes a set of dashboards for the hybrid monitoring scenarios.

This first level of management capability provided by Operations Manager and the Windows Azure Fabric Management Pack does not require the deployment of agents or code into the virtual machines and thus can function against any supported Windows Azure resources.

The second level of management capability using Operations Manager entails deploying operations manager agents into the Windows Azure-hosted virtual machines in the same fashion as on-premises hosted resources. This requires implementation of the site-to-site VPN capability

The combination of the two approaches enables seamless management and monitoring of both private cloud and Windows Azure resources using Operations Manager.

System Center Global Service Monitor

System Center Global Service Monitor is a cloud service that provides a simplified way to monitor the availability of external web-based applications from multiple locations around the world. More importantly, Global Service Monitor monitors applications from the perspective of the customers who use them. Because Global Service Monitor monitors from locations that are correlated to customer geographies, application owners can gain insight into customer experiences in addition to the separate problems that relate to external factors-such as Internet or network problems-from application or service problems.

Global Service Monitor integrates with the Operations Manager console, so that you can monitor external and internal-facing web applications in the same place that you monitor other applications. Using Global Service Monitor, the Operations Manager console integration lets you monitor web applications from both internal and external locations. In Global Service Monitor, you can use your management group and obtain access to agents in the cloud that are provided by Microsoft. This lets you monitor web applications from 15 locations and then report to your management group. You can also use your own agents as watcher nodes to monitor internal locations and applications.

Windows Azure Diagnostics

Primarily utilized in PaaS scenarios, Windows Azure Diagnostics ( http://msdn.microsoft.com /en-us/library/gg433048.aspx ) enables you to collect diagnostic data from an application that is running in Windows Azure. You can use diagnostic data for debugging and troubleshooting, measuring performance, monitoring resource usage, traffic analysis and capacity planning, and auditing. After the diagnostic data has been collected, it can be transferred to a Windows Azure storage account for persistence.

Orchestration and automation

Microsoft provides two solutions for orchestration and automation. The first is Windows Azure PowerShell and the second System Center 2012 R2 Orchestrator.

Windows Azure PowerShell

Windows Azure PowerShell is a powerful automation capability that you can use to control and automate the deployment and management of your workloads in Windows Azure. Windows Azure PowerShell can be used for provisioning virtual machines, setting up virtual networks and cross-premises networks, and managing cloud services in Windows Azure. Virtually all Windows Azure services can be managed using Windows Azure PowerShell.

System Center 2012 R2 Orchestrator

Using System Center Orchestrator 2012 R2, you can automate and orchestrate a wide range of activities. These activities can include direct Windows Azure management tasks, such as working with storage or virtual machines, but can also include scenarios such as orchestrating activities within virtual machines and services that are deployed in Windows Azure.

Orchestration in a hybrid cloud environment requires careful planning: there is a wide range of requirements and options. In hybrid cloud architectures, there is choice in terms of where Orchestrator management servers and services are hosted (on-premises or in the cloud) and whether the same management infrastructure is utilized for both on-premises and cloud-hosted resources.

Microsoft provides integration packs for each of the System Center components. This enables Orchestrator runbooks to automate a wide range of management tasks across physical, virtual, and application resources. The Integration Pack for Windows Azure is an add-on for Orchestrator in System Center 2012 R2 that enables you to automate Windows Azure operations that relate to certificates, deployments, cloud services, storage, and virtual machines by using the Windows Azure Service Management REST API.

Backup and disaster recovery

Microsoft provides two solutions for backup and disaster recovery. The first is Windows Azure Backup and the second is Hyper-V Recovery Manager.

Windows Azure Backup

Windows Azure Backup is a new feature in Windows Azure that seamlessly enables off-site file and folder backups from the on-premises Windows Server, Windows Server Essentials, or System Center Data Protection Manager to Windows Azure.

Using incremental backups, only changes to files are transferred to the cloud. This helps ensure efficient use of storage, reduced bandwidth consumption, and point-in-time recovery of multiple versions of the data. Configurable data-retention policies, data compression, and data-transfer throttling also offer you added flexibility and help boost efficiency. Backups are stored in Windows Azure and are “off-site,” reducing the need to secure and protect on-site backup media.

The backup data is encrypted prior to being stored in Windows Azure. The customer is responsible for managing encryption keys and backup of those keys. Customer data is never decrypted in Windows Azure; for restores, the data is decrypted on the on-premises client side by the customer

Hyper-V Recovery Manager

Windows Azure Hyper-V Recovery Manager can help you protect important services by coordinating the replication and recovery of System Center 2012 private clouds at a secondary location.

System Center 2012 R2 VMM private clouds can be protected through automation of the replication of the virtual machines that compose them at a secondary location. The ongoing asynchronous replication of each virtual machine is provided by Windows Server 2012 R2 Hyper-V Replica and is monitored and coordinated by Hyper-V Recovery Manager.

The service helps automate the orderly recovery in the event of a site outage at the primary datacenter. Virtual machines can be brought up in an orchestrated fashion to help restore service quickly. This process can also be used for testing recovery or transferring services temporarily. Windows Azure Hyper-V Recovery Manager provides the following functionality:

• Windows Azure-based portal and service that orchestrates DR operations:

  • Across two Virtual Machine Manager-managed data centers or private clouds
  • For Hyper-V virtual machines that are running on Windows Server 2012 and above

• Leverages Hyper-V Replica technology for replication

• Provides single-click at scale configuration of settings across sites

• Provides “Recovery Plan” feature to enable grouping, prioritizing, and sequencing of disaster recovery operations across a large number of virtual machines

• Leverages Windows Azure Portal to provide multisite DR operations from anywhere

Using System Center 2012 R2, a single solution for fabric management can be utilized both for the private cloud and Windows Azure hosted resources. In later chapters, we’ll see that this also can be extended to service provider clouds for a single management solution spanning the three clouds in the Cloud OS.