#AzureStack & Storage Space Direct (#S2D)

#AzureStack & Storage Space Direct (#S2D)

How Does Azure Stack Utilize S2D?

Just a brief on where and how S2D was fit into Azure Stack box!

Azure Stack uses S2D in the hyper-converged mode. In addition, Microsoft made the following design choices for Azure Stack and S2D:

Let’s start with File System and will be Clustered Shared Volume File System (CSVFS) with Resilient File System (ReFS).

    • Cluster-wide data access
    • Fast VHDX creation

Storage Spaces will be Single storage pool utilizing all available drives (except boot drives). In Azure Stack: 

Two virtual disks created per node in the Azure Stack deployment. One for tenant storage and another for ephemeral storage such as pagefile blobs for virtual machines.

Storage Bus Cache will be SMB3 and SMB3 direct

Storage in Servers with locally attached disks are listed below:

    • Serial ATA (SATA)
    • Serial Attached SCSI (SAS)
    • Non-volatile Memory Express (NVME)
Answers for 1st Quiz on #AzureStack

Answers for 1st Quiz on #AzureStack

Question: You architect a hybrid solution for a company that includes Azure Stack. You need to allocate teams to each role. Which person is responsible for allocating tenant subscriptions?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Answer: The Azure Administrator is responsible to manage (create, update, and remove) user subscriptions in the cloud, including who can access them and the actions that can be performed on the subscriptions.

Question: Which following role is best described as the persona to consume resources offered in an Azure Stack cloud environment?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Answer: The developer persona is responsible for managing the deployment and configuration of resources consumed in Azure Stack from a user perspective.

Question:  An Azure Stack user would like to download the latest solution built and published for Azure from a third-party vendor on the public Azure Marketplace. What should you, as the Azure Stack Operator of the Azure Stack environment, do?

  • Install Active Directory Federation Services (AD FS) with the deployment.
  • Enable DevOps for the deployment.
  • Promote the tenant to cloud administrator.
  • Enable Marketplace Syndication for the deployment.

Answer: Marketplace Syndication can be used to allow Azure Stack Operators to download solutions from the Azure Marketplace.

Question: By default, which two Azure services can be used with Azure Stack?

  • Cognitive Services
  • Machine Learning
  • Networking (virtual network, load balancer, VPN gateway)
  • Blob Storage

Answer: Azure Stack offers a subset of Azure services that are available on public Azure. The following Azure services are available in default Azure Stack deployment: virtual machines, VM scale sets, Virtual network, Load balancer, VPN gateway, Storage, Blob, Tables, Queues, and Key Vault. Azure App service, SQL and MySQL RPs can be deployed by users onto their Azure Stack environment after the initial deployment.

Question: A company is developing a solution that processes sensitive data. The cloud strategy dictates stringent data handling. Which persona is responsible for meeting the data protection requirements?

  • Developer on Azure
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Answer: The Azure solution architect persona is responsible for the design of the cloud from a strategic perspective to ensure it meets the needs of the business. The other persons are responsible for executing and implementing this strategy.

Question: You are developing a solution that processes sensitive data. The customer decides that the solution must run on On-Prem cloud infrastructure due to regulatory requirements. For which three use cases should you implement Azure Stack?

  • leverage the cloud application model for their on-premises environment
  • edge and disconnected scenarios
  • having Microsoft manage the complete infrastructure
  • having everything updated as soon as possible
  • cloud applications that meet varied regulatory requirements

Answer: Azure Stack is an extension of Azure, and it unlocks innovation with hybrid cloud applications. It addresses latency and connectivity requirements in edge and disconnected solutions. Customers can develop and deploy applications in Azure and on-premises with Azure Stack to meet their regulatory or policy requirements. Customers can also update and extend legacy applications with modern Azure services and deploy on-premises with Azure Stack.

Question: You architect a hybrid solution for a company that includes Azure Stack. You need to allocate teams to each role. Which person is responsible for consuming and managing resources offered by the Azure Stack environment?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Answer: The developer persona is responsible for managing the deployment and configuration of resources consumed in Azure Stack from a user perspective.

Question: You are designing a hybrid cloud solution for a company. You need to decide if Azure Stack is an appropriate platform for the solution. Which two Azure services does Azure Stack offer out of the default deployment?

  • application insights
  • app service
  • Networking (virtual network, load balancer, VPN gateway)
  • Azure machine learning
  • Cosmos DB
  • virtual machines and VM scale sets

Answer: Azure Stack offers a subset of Azure services that are available on public Azure. The following Azure services are available in default Azure Stack deployment: virtual machines, VM scale sets, Virtual network, Load balancer, VPN gateway, Storage, Blob, Tables, Queues, and Key Vault. Azure App service, SQL and MySQL RPs can be deployed by users onto their Azure Stack environment after the initial deployment.

Question: You are managing an Azure Stack environment. Which portal should you use for each scenario?

  • Azure Stack Operators to manage and maintain the Azure Stack environment
  • View and manage the cloud resources.

Azure Stack Admin Portal?

Azure Stack Tenant Portal?

Answer: Upon completion of deployment, Azure Stack solution comes with two separate portals, one for Azure Stack Operators to manage and maintain the Azure Stack environment and another for Azure Administrators, developers and other users to request, create, manage and maintain the cloud resources that are allocated for them under their subscription.

  • Azure Stack Operators to manage and maintain the Azure Stack environment

Azure Stack Tenant Portal

  • View and manage the cloud resources.

Azure Stack Admin Portal

Question: In today’s cloud environment, customers have choices of deploying and leveraging various types of cloud computing technologies, for example, public cloud, hybrid cloud, community cloud, and private cloud. Which of the two answers below best define the type of cloud that Azure Stack is?

  • community cloud
  • hybrid cloud
  • private cloud
  • public cloud

Answer: Azure Stack enables deployment and management in a hybrid cloud environment or in a private cloud scenario.

Question: You plan to deploy an Azure Stack environment. You are trying to map various user/job roles to their corresponding responsibilities in a hybrid cloud environment. Select the best matching role for the following responsibilities:

  • The user who is responsible for day-to-day operations of an Azure Stack deployment
  • The user who is responsible for managing Azure Stack subscriptions
  • The user who is responsible for configuring individual subscription services

Chose a right option from below:

  • Azure Administrator
  • Azure Solution Architect
  • Azure Stack Operator
  • Developer

Answer: The Azure Solution Architect is the persona that is responsible for the overall cloud strategy in a company. The Azure Stack Operator manages day-to-day operations for the Azure Stack deployment. The Azure Administrator can manage the subscriptions for a user. The developer persona consumes the cloud resources offered by clouds and can manage their own resources within a subscription.

#Microsoft #Azure #AzureStack #MSFT #MSFTADVOCATE #Settechie

 

1st Quiz on #AzureStack

1st Quiz on #AzureStack

#Microsoft #AzureStack #MSFTAdvocate #MSAzureStack #BrianStorming

Please try to answer questions, these will help you to decide the functions and roles of Azure Stack operations.

Question: You architect a hybrid solution for a company that includes Azure Stack. You need to allocate teams to each role. Which person is responsible for allocating tenant subscriptions?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Question: Which following role is best described as the persona to consume resources offered in an Azure Stack cloud environment?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Question:  An Azure Stack user would like to download the latest solution built and published for Azure from a third-party vendor on the public Azure Marketplace. What should you, as the Azure Stack Operator of the Azure Stack environment, do?

  • Install Active Directory Federation Services (AD FS) with the deployment.
  • Enable DevOps for the deployment.
  • Promote the tenant to cloud administrator.
  • Enable Marketplace Syndication for the deployment.

Question: By default, which two Azure services can be used with Azure Stack?

  • Cognitive Services
  • Machine Learning
  • Networking (virtual network, load balancer, VPN gateway)
  • Blob Storage

Question: A company is developing a solution that processes sensitive data. The cloud strategy dictates stringent data handling. Which persona is responsible for meeting the data protection requirements?

  • Developer on Azure
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Question: You are developing a solution that processes sensitive data. The customer decides that the solution must run on On-Prem cloud infrastructure due to regulatory requirements. For which three use cases should you implement Azure Stack?

  • leverage the cloud application model for their on-premises environment
  • edge and disconnected scenarios
  • having Microsoft manage the complete infrastructure
  • having everything updated as soon as possible
  • cloud applications that meet varied regulatory requirements

Question: You architect a hybrid solution for a company that includes Azure Stack. You need to allocate teams to each role. Which person is responsible for consuming and managing resources offered by the Azure Stack environment?

  • Developer
  • Azure Stack Operator
  • Azure Administrator
  • Azure Solution Architect

Question: You are designing a hybrid cloud solution for a company. You need to decide if Azure Stack is an appropriate platform for the solution. Which two Azure services does Azure Stack offer out of the default deployment?

  • application insights
  • app service
  • Networking (virtual network, load balancer, VPN gateway)
  • Azure machine learning
  • Cosmos DB
  • virtual machines and VM scale sets

Question: You are managing an Azure Stack environment. Which portal should you use for each scenario?

  • Azure Stack Operators to manage and maintain the Azure Stack environment
  • View and manage the cloud resources.

Azure Stack Admin Portal?

Azure Stack Tenant Portal?

Question: In today’s cloud environment, customers have choices of deploying and leveraging various types of cloud computing technologies, for example, public cloud, hybrid cloud, community cloud, and private cloud. Which of the two answers below best define the type of cloud that Azure Stack is?

  • community cloud
  • hybrid cloud
  • private cloud
  • public cloud

Question: You plan to deploy an Azure Stack environment. You are trying to map various user/job roles to their corresponding responsibilities in a hybrid cloud environment. Select the best matching role for the following responsibilities:

  • The user who is responsible for day-to-day operations of an Azure Stack deployment
  • The user who is responsible for managing Azure Stack subscriptions
  • The user who is responsible for configuring individual subscription services

Chose a right option from below:

  • Azure Administrator
  • Azure Solution Architect
  • Azure Stack Operator
  • Developer

 

I will publish answers by Thursday 🙂

#set-techie #lingarajbenni

Azure Resource Manager Templates in Azure Stack!

Resource Manager templates are one of the key features in Azure Stack. They provide the ability to deploy an application including all its dependencies in a single operation. we also can redeploy templates to update an application or service when required. Example, there is a Resource Manager template that we can use to deploy a Dev SFB Infra that includes the following:

    • Virtual Networking
    • Storage Accounts
    • Virtual Machine configured with Active Directory Domain Services (AD DS)
    • Virtual Machine configured with SQL Server
    • Virtual Machine configured with a single machine instance of an SFB server with multi roles.

We can create templates by using JavaScript Object Notation (JSON) and then import them into Resource Manager when creating a new template. In addition to the SFB template mentioned, there are numerous other templates available on GitHub.

To view and download the Azure Stack Resource Manager templates from GitHub, go to the following website.

Azure/AzureStack-QuickStart-Templates

https://aka.ms/moc-10995A-az01

Other templates that are available include:

    • AD DS
    • SQL Server
    • Simple Virtual Machine

We can deploy templates by using the Azure Stack Portals, Windows PowerShell, Microsoft Visual Studio, or the Azure Command Line Interface (CLI).

How #AzureStack Enables #DevOps?

Cloud technology and Azure Stack can help to adopt of practices that enable DevOps. Like, self-service in a cloud allows for quick deployment of application(Software package) utilizing what is known as Infrastructure as Code (IaC). By using Azure Resource Manager (ARM) templates in #AzureStack, we can define reusable deployment configurations that we can use to quickly deploy application infrastructure with a predictable method that works every time. This is known as idempotent. The integration between ARM Templates and Desired State Configuration (DSC) enables you to also ensure the application is configured correctly when it is being deployed.

To further understand how Azure Stack enables DevOps, review the following common DevOps workflows that take place with the development of on-premises applications:

    1. Developers write the application and share their infrastructure requirements to the operations team.
    2. The developers currently use their staging environment to develop the application further.
    3. This leads to infrastructure requirement changes.
    4. The application is deployed to the staging environment successfully.
    5. When the application is deployed to the preproduction environment, it fails because the infrastructure has not been updated to meet the new requirements.

The issues noted in the preceding scenario can also be duplicated when we move the application from the preproduction environment to production. These issues fall into three main areas:

    1. The infrastructure required for the application is defined separately from the application.
    2. There are several hand-offs between development and operations.
    3. The definitions for deployment are platform-specific.

This can also mean that the deployment of the application to the cloud will also be problematic due to the infrastructure requirements. With Azure Stack and Azure, the workflow of the development process changes as shown in the following process:

    1. The application and infrastructure code are developed at the same time and stored in the same repository.
    2. The application is configured to run in the staging, preproduction, and production environments regardless of whether that is on-premises (Azure Stack) or in the public cloud (Azure).

This workflow has the following benefits:

    1. The infrastructure required for the application is defined as a code (IaC), which implies fewer errors.
    2. Deployment times are faster providing end users with more value from their applications.
    3. Requirements can be defined for on-premises, off-premises, or both.

 

Introduction to #AzureStack & Deployment Cases

In its simplest form, #AzureStack as #Microsoft #Azure for your datacenter. #AzureStack enables users to deploy and manage Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) applications from a provider’s data center in a hybrid cloud environment, or in a private cloud scenario.

While Azure offers many services, at the time of writing, #AzureStack offers fewer in comparison. Currently, the following services are available with #AzureStack:

    • Compute: Including Windows and Linux virtual machines and virtual machine extensions.
    • Storage: Including blobs, tables, and queues.
    • Networking: Including virtual networking, load balancers, and virtual private network (VPN) gateways.
    • PaaS: Including web applications, mobile applications, functions, databases, and API applications.
    • Security: Including Key Vault.

Further information relating to these services is provided later in this course. #AzureStack services are multi-user. This means that as the hosts (or providers) of #AzureStack, you can offer the same service to multiple users while isolating the resources that the users consume from other user resources. For service providers, Azure Stack can be implemented and used where multiple customers need access to cloud-based resources. Azure Stack can also be used by large organizations who want to offer services to multiple departments while maintaining isolation between them.

Azure Stack also provides automated deployment of applications and services with reusable templates through Azure Resource Manager. You can use one of the following tools to deploy resources in #AzureStack:

    • Azure Stack Administrator Portal
    • Azure Resource Manager
    • Visual Studio
    • Azure PowerShell
    • Azure Command Line Interface (CLI)
    • Direct REST API interaction

You can use the CLI to manage #AzureStack on Windows, Linux, and Mac operating systems.

Deployment Cases:

#AzureStack has various deployment scenarios for organizations like service providers to enterprises. Service providers can offer #AzureStack-based services, similar to Azure services, to their customers from locations where #Azure is not. or even where Azure is, but may offer varying levels of service or allow a customer to meet their compliance requirements.

Enterprise organizations can choose to deploy Azure Stack in their own datacenters and take advantage of the Azure services within their own datacenter. This can allow them to utilize a cloud model while maintaining their compliance and security requirements.

You can deploy #AzureStack in a fully disconnected situation where Internet access is not available. Examples include a secure government location where Internet access is prohibited or on a cruise ship where Internet access is either not available, very expensive, or unreliable. The ability of Azure Stack to utilize Active Directory Federation Services (AD FS) for its identity management enables you to implement Azure Stack in such situations.

#AzureStack can use Azure Active Directory (Azure AD) or AD FS for its identity management. When #AzureStack is connected to the Internet, it is possible to use Marketplace Syndication. This allows a cloud operator to download solutions from the Microsoft Azure Marketplace and make them available to users on their Azure Stack instance.

AAD Pass-through OR Password Hash OR Office 365 modern authentication ?

AAD Pass-through OR Password Hash OR Office 365 modern authentication ?

Hi All,

We all know that there are multiple ways of authentication setup when we think of office apps or Azure or office365. But when we want to evaluate, we should know what exactly these process or authentication types provide as services and most importantly we should know on the suitability of needs and compliance of the organization on the authentication process.

As I know, major enterprises will not go with Password hash due to needs of controlling rights requirement at on-premises level. But its good option to choose if you keeping your office365 auth separate from ADFS. This will help to reduce the CAPEX and OPEX costs to companies.

** Again, its individual company decision to choose one.

Below is the summary of three different authentication process available and I have provided some of the links at the end if you require deep dive.

AAD Pass-Through

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience – one less password to remember and reduces IT help-desk costs because your users are less likely to forget how to sign in. When users sign in using Azure AD, this feature validates users’ passwords directly against your on-premises Active Directory.

AAD passthrogh

This is a process which depends on the Domain Controller on premises and needs its availability.

Password Hash / Password Synchronization:

This is a process in which AD connect is in place and stores a password in an encrypted way in Azure AD with the secure channel. This sync will happen every two minutes between AD domain controller and Azure AD, this has the option right back and administrator should be using Azure portal not the Office portal if this solution is in place.  This is something we can opt for a solution at DRC.

password hash

Supported scenarios by Pass-through:

  • User sign-ins to all web browser-based applications
  • User sign-ins to Office applications that support modern authentication(Below Explained): Office 2016, and Office 2013 with modern authentication
  • User sign-ins to Skype for Business that support modern authentication, including Online & Hybrid topologies.
  • Azure AD domain joins for Windows 10 devices
  • Exchange Active-sync support

What is modern authentication?

Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party Identity Providers with Office client applications, smart card, and certificate-based authentication, and it removes the need for Outlook to use the basic authentication protocol.

Unsupported scenarios:

  • User sign-ins to legacy Office client applications: Office 2010, and Office 2013 without modern authentication. Organizations are encouraged to switch to modern authentication, if possible. Modern authentication allows for Pass-through Authentication support. It also helps you secure your user accounts by using conditional access features, such as Azure Multi-Factor Authentication.
  • User sign-ins to Skype for Business client applications without modern authentication.
  • User sign-ins to Power-Shell version 1.0. We recommended that you use Power-Shell version 2.0.
  • App passwords for Multi-Factor Authentication. • Detection of users with leaked credentials.
  • Azure AD Domain Services needs Password Hash Synchronization to be enabled on the tenant. Therefore tenants that use Pass-through Authentication only don’t work for scenarios that need Azure AD Domain Services.

Important: As a workaround for unsupported scenarios only, enable Password Hash Synchronization on the Optional features page in the Azure AD Connect wizard.

Note: Enabling password hash synchronization gives you the option to fail-over authentication if your on-premises infrastructure is disrupted. This fail-over from Pass-through Authentication to Active Directory password hash synchronization is not automatic. You’ll need to switch the sign-in method manually using Azure AD Connect. If the server running Azure AD Connect goes down, you’ll require help from Microsoft Support to turn off Pass-through Authentication.

Happy Reading

Cheers

Below are some links, which will give you a deep dive: