Time (SGT) Topic Speaker

12.00pm - 12.05pm (5mins) Introductions and Agenda Discussion Saranya Sriram

(Asia Azure Partner Technical Lead)

12.05pm – 12.15pm (10mins) Kick off and Welcome Address Steve Luper
(WW Partner Technical Lead)

12.15pm – 12.30pm (15mins) Introduction to 8 week course format and

specifics
12.30pm-12.45pm (15mins) Introduction to Azure : Saranya Sriram
(Asia Azure Partner Technical Lead)
-Tale of two portal,
- Tale of two Management APIs
12.45pm-1.00pm (15mins) De Myths of Security and Compliance concerns Jay Swaminathan
when deploying to Microsoft Azure (APAC Asia Security & Compliance Expert)

1.00pm – 1.30pm (30mins) Azure IaaS Virtual Machines - Quick Intro

Saranya Sriram
1.30pm – 1.45pm (15mins) Review of links and assign reading materials and (Asia Azure Partner Technical Lead)
homework
1.45pm – 2.00pm (15mins) Q&A and closing
 Virtual Machines Cloud Services App Services
Windows Store
Windows Phone
iOS
iOS
Android
Android
HTML5/JS
Nokia X

GALLERY DEPLOY

YOUR
CODE
Load Balancer
Load Balancer Gallery

Windows WEB ROLE Load Balancer

VIRTUAL MACHINES INSTANCES

APP
Linux INSTANCES

QUEUE
VIRTUAL
NETWORK
SQL
CACHE TYPE X TYPE Y APP
TYPES
…
API APP LOGIC APP WEB APP MOBILE APP

Database Blobs/Files Tables/NoSQL API MARKETPLACE…

STORAGE BLOBS / FILES (Virtual Disks) STORAGE SOLUTIONS

COMPUTE NETWORKING IDENTITY & ACCESS MEDIA & CDN

Virtual Cloud Batch Scheduler Remote App Virtual Express Traffic Active Multi-Factor Media Content Delivery
Machines Services Network Route Manager Directory Authentication Services Network (CDN)
Get full control over a server in the Managed Virtual Machines with For running large scale parallel and Create jobs that run reliably on Access Windows apps that run Provision and manage VPNs in Connect on-premises and cloud Load-balance incoming global Identity and access management Safeguard access to data and apps Range of services that support Cache content for your apps at
cloud and maintain it as your specific web and worker roles that high performance computing simple or complex schedules to within the Service on VM’s from Azure and securely link to your on- data centers directly through traffic across multiple services for cloud applications and ability to with additional physical layer of video on-demand and live 100’s of edge locations to improve
business requires. are stateless (HPC) applications invoke any type of service. any device and any location. premises IT infrastructure. dedicated, non-internet lines. running in multiple data centers. link to on-premises Server AD. security control. streaming workflows. user experiences.

WEB & MOBILE ANALYTICS

Web Apps Mobile API Logic API Notification HDInsight Machine Stream Data Event Mobile
Apps Apps Apps Management Hubs Learning Analytics Factory Hubs Engagement
Managed web platform, get Add backend capabilities to mobile Create and surface your app logic Build/execute business processes Publish and Manage APIs to Deliver millions of cross platform Big Data (based on Apache Mine historical data with compute Process data streams in real-time Ingest data from multiple sources Ingest, persist, process millions of Ingest, persist, process millions of
started for free and scale as you apps, with native client support on as APIs for other services and apps by linking your own custom API’s developers, partners and push notifications from any Hadoop) analytics that integrate power to predict future trends or to discover and react to trends. to combine into a cloud based events per second from millions of events per second from millions of
go using many tools/ languages. most device platforms. to consume. with an API Gallery/Marketplace employees securely and at scale. application backend, anywhere. easily with Microsoft Office. behavior. Data Warehouse. devices. devices.

STORAGE & BACKUP DATA DEVELOPER SERVICES

Storage Blobs Backup Import/Export Site StorSimple SQL DocumentDB Redis Search Tables Visual Studio Application
& Files Recovery Database Cache Online Insights
Store binary application data and Managed service that handles For massive data transfer – ship Coordinate replication and Automated, policy driven solution Managed relational database Store/retrieve millions of JSON Make applications scale and be Managed, scalable search service Massive scale for semi-structured Store code, plan and track Analyze app usage, availability and
web content – store for dedicated backup/restore of Windows Server encrypted disks to move data recovery of System Center private to extend on-premises primary service with high availability and objects from a highly scalable more responsive under load by for your apps, create tunable key/value type data in this projects, build, deploy and test performance to detect issues and
and shared virtual disks for VM’s machines/backup agent. in/out of blob storage. clouds storage for backup / DR. selectable performance levels. NoSQL document database. keeping data closer to app logic. search results and ranking models. schema-less NoSQL store. apps in the cloud collaboratively. solve problems proactively.

HYBRID INTEGRATION MANAGEMENT COMMERCE

Storage Biztalk Hybrid Service Automation Portal Key Operational Store / VM Depot
Queues Services Connections Bus Vault Insights Marketplace
Simple message queue for Build EDI and Enterprise App Connect apps in Azure with on- Messaging capabilities (pub/sub, Run durable PowerShell scripts to Web based experience to Safeguard and control keys and Analyze and troubleshoot on- Find and manage other services Find free open source VM images
application de-coupling Integration (EAI) solutions in the premises resources without a VPN queues) and on-premises to cloud automate frequent, long running, provision, control and monitor all secrets in cloud scale hardware premises IT infrastructure without provided by third parties. that you can download and run in
architecture for scale out. cloud. or dedicated line. connectivity solution. complex Azure tasks. Azure services. security modules. using instrumented code. Azure Virtual Machines.
steve.luper@microsoft.com
Help Microsoft Azure Partner community study
for and prepare to take the Azure 70-533
certification exam by 30th Nov 2015
1) Help you determine how to prepare for Exam 70-533

2) Help you find areas that you need to brush up on prior to taking
the exam

3) Learn how to utilize the right study materials

4) Drive community and collaboration of all Partners attempting to

pass the exam…

5) Learn IaaS deployment on Azure and latest announcements

1) A replacement for putting in the work or Self Study

2) Recreating new training materials.

Sun Mon Tues Wed Thurs Fri Sat Sun Mon Tues Wed Thurs Fri Sat

27 28 29 30 1 2 3 1 2 3 4 5 6 7

4 5 6 7 8 9 10 8 9 10 11 12 13 14

11 12 13 14 15 16 17 15 16 17 18 19 20 21

18 19 20 21 22 23 24 22 23 24 25 26 27 28

25 26 27 28 29 30 31 29 30

Oct 2015 Nov 2015

Homework
• To be completed prior to each session
• 4-5 hours worth of homework per session

Each Session
• 45 mins - Presentation /Demos on the topic
• 15 mins - exam cram tips on topic area
• 40 mins - Office Hours / Q&A
• 20 mins - Assign next session’s homework
 Implement Websites
Implement Virtual 16%
Networks
19%

Implement Virtual Machines

17%
Implement Azure AD
16%

Implement
Storage Implement Cloud Services
16% 16%

https://www.microsoft.com/learning/en-us/exam-70-533.aspx
 Platform Services

Security & Hybrid

Management Cloud Service
Operations
Web Apps API API
Services Fabric Management Visual Studio Azure SDK
Apps
Portal Azure AD
Connect Health

Batch Mobile Logic Notification

Remote App Team Project Application
Apps Apps Hubs
Active Insights AD Privileged
Directory Identity
Management

Multi-Factor
Authentication Backup

Storage Biztalk
Queues Services
Automation HDInsight Machine SQL SQL Data
Learning Database Warehouse Operational
Insights

Hybrid Service
Connections Bus
Key Vault Data Event Redis Import/Export
Cache Search
Factory Hubs

Store /
Marketplace Site
Stream Mobile Recovery
DocumentDB Tables
Analytics Engagement
Media Content Delivery
VM Image Gallery Services Network (CDN) StorSimple
& VM Depot

Infrastructure Services
 Azure

On-Premises Datacenter
Operational
cost model
 ~10x normal load
~4x normal load
(Tax season)
(Holiday shopping)
Operational Rate of
cost model Innovation
Azure Site Recovery: Protect VMWare and Physical Servers
in Public Preview
Azure Backup Generally Available
Azure API Management Premium simplifies high availability and
massive scale for APIs
ExpressRoute for Office 365
Azure Active Directory Dynamic Membership For Groups
Automatic Password Change for Social Media Shared Accounts
Compute-Intensive A10 and A11 Virtual Machine Instances
Remote Desktop app for Windows Phone support for Gateway
and Remote Resources
Informatica Cloud Agent availability in Linux and Windows Virtual
Machines
Azure DocumentDB Hadoop Connector
Azure HDInsight support for more VM sizes
Enterprise-Grade Array-Based Replication and Disaster Recovery
Operational Rate of Global
cost model Innovation coverage
 Azure datacenter
regions
Azure
footprint
 Virtual Networks
Forced Tunneling
RBAC

Trust and Control

Multiple vNICs
IP ACLing
Subnet ACL’ing
Security, Privacy, Control and
Compliance in the Cloud
Microsoft Azure
Cloud is becoming integral to business transformation
The secure pathway to innovation

Start with a trusted &

Reshape how you engage with customers
resilient foundation

Leverage economies of
Enable more productive work
scale and expertise

Use the cloud to drive Drive new and more rapid

business strategy sources of innovation

33
Cybersecurity concerns persist
Global attacks are increasing and costs are rising
Cybercrime extracts between 15% and 20% of the value
created by the Internet.1

In the UK, 81% of large corporations and 60% of small

businesses reported a cyberbreach in the past year.2

Total financial losses attributed to security compromises

increased 34% in 2014.3

Impact of cyber attacks could be as much as $3 trillion in

lost productivity and growth.4

34
But cloud momentum continues to accelerate
“If you’re resisting the “The question is no longer: “By 2020 clouds will stop
cloud because of security ‘How do I move to the being referred to as ‘public’
concerns, you’re running cloud?’ Instead, it’s ‘Now and ‘private’. It will simply
out of excuses.” that I’m in the cloud, how be the way business is
do I make sure I’ve done and IT is provisioned.”
optimized my investment
and risk exposure?’”

35
The Microsoft Trusted Cloud
200+ cloud services,
300+ million
3.5 million
1+ million servers, 240+ million active users
users per month

$15B+ infrastructure
user accounts in Azure Online
Active Directory from over
127 countries
investment 5.5+ billion
worldwide queries
each month

1 billion customers,
1.2 billion
20 million businesses, worldwide users 48+ million
450+ million
unique users each month
users in 47 countries
89 countries worldwide

36
Microsoft Azure – a trusted foundation
Privacy and
Security Compliance Transparency
Control

37 37
 Security practices

Customer knows how we help secure your data

• Build security into software code (SDL)
• Ensure Azure infrastructure is resilient to attack
• Safeguard user access to Azure environment
• Keep customer data secure through encrypted communications

38
Infrastructure protection

24-hour monitored Antivirus/Antimalware

PHYSICAL SECURITY PROTECTION

Centralized Red Teaming

MONITORING AND PENETRATION
ALERTS TESTING

Update
MANAGEMENT FIREWALLS

39
Prevent and assume breach
Prevent breach – A methodical Secure
Prevent and assume breach Development Lifecycle and Operational Security
minimizes probability of exposure
Security monitoring and response
Assume breach – Identifies & addresses potential
Prevent breach gaps:
• Secure Development Lifecycle • Ongoing live site testing of security response plans
improves mean time to detection and recovery
• Operational Security
• Bug bounty program encourages security
researchers in the industry to discover and report
vulnerabilities
Assume breach • Reduce exposure to internal attack (once inside,
• Bug Bounty Program attackers do not have broad access)
• War game exercises
Latest Threat Intelligence to prevent breaches
• Live site penetration testing and to test security response plans
State of the art Security Monitoring and
Threat intelligence Response

40
Physical security of datacenters
Barriers Fencing

Perimeter

Seismic Security 24X7 Days of

bracing operations center security staff backup power

Building

Two-factor access control:

Cameras Alarms
Biometric readers & card readers

Computer room
41
Threat protection
Azure
• Performs big data analysis of logs for Internet End Users
intrusion detection & prevention for the THREAT DETECTION: DOS/IDS Capabilities
platform
• Employs denial of service attack Microsoft Azure
prevention measures for the platform
Cloud Access & Firewall 443

• Regularly performs penetration testing

Customer Environment
Virtual network

Customer 443

Application tier
Corp 1
• Can add extra layers of protection by
VPN
deploying additional controls, including
DOS, IDS, web application firewalls Logic tier

• Conducts authorized penetration testing

of their application Database tier

42
DDoS system overview
SUPPORTED DDOS ATTACK PROFILES
Internet
• TCP SYN
• UDP/ICMP/TCP Flood
Routing Updates Profile DB
MSFT Routing Layer
Flow Data
DETECTION PROCESS
Detection Pipeline
• Traffic to a given /32 VIP Inbound or Outbound is tracked,
Attack Traffic recorded, and analyzed in real time to determine attack
behavior
Scrubbed Traffic

Scrubbing Array
MITIGATION PROCESS
SLB
• Traffic is re-routed to scrubbers via dynamic routing updates
• Traffic is SYN auth. and rate limited
Application

43
Customer data
When a customer utilizes Azure, they own their data.

Control over
Customers choose data location and replication options.
data location

Control over access Strong authentication, carefully logged “just in time”

to data support access, and regular audits.

Encryption key Customers have the flexibility to generate and manage

management their own encryption keys.

Control over When customers delete data or leave Azure, Microsoft follows
data deletion procedures to render the previous customer’s data inaccessible.

44
Law enforcement requests
The Law Enforcement Request Report discloses
details of requests every 6 months.
Microsoft does not
disclose customer data Microsoft doesn’t provide any government with
to law enforcement direct or unfettered access to customer data.

unless as directed by
Microsoft only releases specific data
customer or required by mandated by the relevant legal demand.
law, and will notify
customers when If a government wants customer data it
needs to follow the applicable legal process.
compelled to disclose,
unless prohibited by law. Microsoft only responds to requests for specific
accounts and identifiers.

45
Extensive experience and credentials
CSA Cloud
Controls
Matrix HIPAA/
HITECH
AU IRAP Singapore
UK G-Cloud OFFICIAL Accreditation MCTS CDSA
SOC 1 SOC 2 CJIS

2010 2011 2012 2013 2014 2015

ISO/IEC FISMA FedRAMP ISO/IEC
EU Data PCI DSS
27001:2005 ATO P-ATO 27018
Protection Level 1
Operations Directive
Security
Assurance

46
 Azure Virtual Machine
C:\ E:\, F:\, etc.
OS Disk D:\
Temporary Disk Data Disks

Disk Cache (Contents can be lost)

Virtual Machine Storage
Defend against regional disasters

East DC > 400 miles West DC

Geo replication
 Huge infrastructure scale is the enabler
24 Regions Worldwide, 19 ONLINE…huge capacity around the world…growing every year

North Central US
Illinois
North Europe
West Europe
Ireland
Canada Central Netherlands
Central US Toronto Canada East
Iowa Quebec City
China North *
US Gov Beijing
Iowa
Japan East
China South * Saitama
Shanghai
West US East US
California Virginia Japan West
India Central
Pune Osaka
East US 2
South Central US Virginia India South
Texas US Gov Chennai
India West
Virginia
Mumbai East Asia
Hong Kong

SE Asia
Singapore

Australia East
New South Wales

Brazil South
Sao Paulo Australia South East

100+ datacenters
Victoria

 Top 3 networks in the world Operational
 2x AWS, 6x Google DC Regions Announced/Not Operational
 G Series – Largest VM in World, 32 cores, 448GB Ram, SSD… * Operated by 21Vianet
 Azure Virtual Machine
C:\ E:\, F:\, etc. G:\, H:\, etc.
OS Disk D:\ Data Disks SMB Share
Temporary Disk
Disk Cache
SMB 2.1
Shared settings, diagnostic share
Lift and Shift Applications

Azure VM Azure VM Azure VM

Up to 32 TB of storage per VM
>50,000 IOPS per VM
Less than 1ms read latency
Captures all disks attached
Best effort disk consistency
Re-deploy as a new VM
Sysprep and non-Sysprep
Highest value VM Size
A
Basic and Standard Sizes
General Purpose and High Memory
High Performance A8/A9 (RDMA)
D
60% faster CPU
Up to 112 GB Memory
Local SSD storage
Optimized for data workloads
G
Up to 32 CPU cores, 448 GB RAM,
6.5 TB local SSD
Latest generation Intel processor
 SLA High Availability
Hardware and Software
Windows and Linux

SLA 99.95
Internal and External
TCP/UDP
ACLs, Client Affinity

Custom HTTP Probe

 Internet

Customer Network
Interna
Public
IPl
IP

InternaVIP
Internal Back end
l
Front end IP
Define Subnets, Private IPs, DNS
SSL Based Connectivity
VPN Device Connectivity
Partner ExpressRoute
GW

On-premises

VPN
Azure

Automation
Operation Insights
Ops DevOps
Migration and DR
Identity
Automate Operation Tasks
PS runbooks and community
Triggered by schedule / event
Highly Available Engine
Manage, Search and Build Insights
Log Management and analysis
Monitor, troubleshoot, store
Direct DSC and PowerShell
Octopus Deploy
Visual Studio RM
Chef and Puppet
InMage Migration to Azure
Azure Site Recovery
Recovery Plan and Test Failovers
Create and Debug a VM
Launch MSDN specific images
33% to 99% savings
Docker on Linux
Docker Client and Docker Hosts
Docker Hub on Azure (Coming soon)
A Growing Marketplace
Ubuntu
Oracle Linux
SUSE
CentOS-Based
CoreOS
Community
 IaaS PaaS

App Service
Service
VM /
VMs Fabric /
Extensions Media
Batch
Services

Ultimate Rapid
Control Development
Implementing Microsoft Azure website
Microsoft Azure
Infrastructure Solutions
Exam Reference Book

(Optional)
Microsoft Virtual Academy
Architecting Microsoft
Azure Solutions & Azure
for IT Pros
Hybrid, Enterprise Grade, Hyper-Scale
Bringing our Cloud to you!
Agility, Time-to-Market, TCO
At any scale, at any time