Architecting and Building Hybrid Cloud Apps for Azure and Azure Stack
Okay. Happy oh. All. Right. Welcome. Everybody. A good, afternoon. Hope. You enjoyed the lunch if. You didn't it's now our fault so don't put in the review yeah, yeah, don't don't don't don't do that. So. You, know sessions, after lunch is always a challenge to keep you guys entertained and make sure that you don't, fall. Into asleep. And. My, name is Ricardo and together, with, hi, people. Filippo, we will be talking about how. You go, and. Act at. Solutions. That, expands. As, your entire stack so. That's that's the plan for the next, hour all. Right take it away you, see he just came, for the introductions, and the selfie. Crazy. Right. That's what you do when you look good you know all. Right all right so, you. Know I think that. Question. How. Many of you actually have hands-on experience with laser tag. Okay. So. For those that did. Not raise your hand. How. Many of you actually like. Have. No idea about what or whatever stack is. Okay. So. In, the next. 73. Minutes to two seconds I'm. Going to give you a quick overview, of what a stack is. They. Wrote a title tag place and how, we can build solutions, on that for those of you that already use, Azure stack. Hopefully. The. Concepts, are you bring to you and some of the demos are things that you can actually take. Home and and start. Working. For. Those of you did not raise your hand on neither. Of the questions I assume. You is going to stay here and watch, the presentation so, I'll do my best to. Provide you insights, as well all right guys one. Thing you have to keep, in mind is that your stack is about a short it's a sure that you run on your data center, okay so. With, that said let's. Look at you, know some of the key. Tenants. Of. Ezra Ezra, provides you a. Broad. Reach, across, the globe, very, productive. A set. Of services. You. Can. Leverage a, sure, to. Be to not only you, know create. Your. Applications. But also make. Your applications, integrate, with all, the Microsoft, services, we, talk a lot about the Microsoft, graph for. Example. In. Yesterday. And, today which. Means that you can really use. The cloud as, you know that brain of your applications. With the advantage. Of having. A broad reach, across. The globe. Azor. Is trusted. And. Secure which. Means that you have a very solid basis. To. Start. Creating. Your applications. Another. Very important, aspect. Of. Android, is, really. A, sure, is hybrid. So. There are many flavors, of agile. And, when I say flavors that is the public header that. You hit when you go to Porto Ercole. There. Is government as there. Is in. Some. Specific geographies. And that is that a sure that you take to your data center, which is called as. Your stack. All. Those different flavors, of azure they share some common tenants. A. Identity. Platform, that. Is. Shared. Across. Asia. And. There. Are that can also be used, across, other, Microsoft. Services. I. Also. Share, a unified. Development. Experience. With. A great, support, of tooling all. The, tools that you. Used to use and you love to use, either. Microsoft. Tools or open-source. Tools provides. A. The. Ability for you to develop in pretty. Much any. Of the major, existing. Languages, and IDs today, so it really provides a great, development. Experience. And. Also a. Secure. Infrastructure. For your applications, and. A. Way, for you to manage your resources, from. A integrate. Point either from the azure. Portal or, through. The. Diverse, set of api's, that. Edge, provides. And, that's. True for publication. And Azure stack so. With that said the. Combination, of azure stack and azure provides. You real. Hybrid. Capability. And. When, we start looking at the specifics. Of azure of azure stack the. Fact that we have that we share as. A resource, manager, as a resource, manager, it is the. The. Foundation. Of the. Resource, lifecycle. Manager so, as a resource, manager, controls. The. Lifecycle, of your resources. Right the, same, absolutely. The same as, a resource. Manager, that, you encounter in a public, editor is the azure resource, manager that you encounter, in Azure stack and the, other retro clouds which means that your templates, and scripts, they. Can. Be. Out or, in a way that. The, final location of, your artifact.
Being A VM or a website. Or a service. Function. Is. Pretty, much a configuration. Of, your, deployment. Automation. And. At. The, key at, the heart of this is really the consistency. And is the consistency, between the. Two, area. And Azure stack that, allows you to, basically. Choose, where, to put your your. Artifacts. On. Consistency. Is something that I'm going to talk a, lot, during this talk. And. It. Is it is the foundation for you to create hybrid apps because. When. You do have a level of consistency between, the. Different, cloud the different. Clouds you, can then create. Your applications. In a way that, part. Of your data may reside, on Prem for example, with Azure stack and. Then for scale you may be used, a sure it, allows, scenarios. Like AI. In, the edge, artificial. Intelligence on the edge where you you know train your models at scale in, the, public cloud, develop. And train your models in the public cloud and then score those models, in. The location, where the, action, happens with. Azure stack. And. I think, you know the best way to show. This. For. A quick, demo right I do. Have 78. Slides. No. I don't. Can. You imagine, 78. Slides with. Brazilian. Accent, and an Italian, accent coming soon. No. All. Right is. There any Brazil I'm Brazilian so, is there any Brazilian here no okay. I'm not going to aggressive data Italians, you, can ask that later all. Right so, consistency. What. I have here I'm connected, to one of my. Demo. Environments, and, you, are looking at the. Azure. Portal. In. Azure stack and I say azure portal because again if if, you look at the. Portal. User stack and we. Switch to. Asia. Really, the clue that you have that you are in, answer, Roger stack is the. Logo, right, they. Log on the top corner right now. So you can confirm that by the URL, all, right so, this is agile and. This. Is Ezra, stack all right not not super exciting, right I mean you. Kind. Of obvious but the, reason bringing this up is. This. Very subtle. Consistency. Factors. Really. Allows you to focus on designing your apps other than, learning. Specific, languages. Or tools or worse. Than that having. Different code bases right, in, the past what would happen, is if you were targeting, if. We're creating a solution to the public cloud it would be one code base the, solution, to run. On your data center would be a different code base indeed. With Azure stack we bring ashore. Including. As a resource, manager the tooling tree or data center great we, look at the portal and I could go through the portal. Experience, but I will save you from that you can try our self or the the. Ones here they do not try yet so. This is only one. Level. Of consistency. So. Let's take a look at, what. That means, for. An. Application. Developer. So. Here's what I'm going to do, right. Now we are looking, at my actual stack Porto, and, let. Me look at my resource, groups here I have a few resource groups. Five. And. What. I like to do is I like to switch, to PowerShell.
And. I. Won't. Go into much details, of what this particular. Script does. But. Basically, if. You, look at, all. The way to the end of the script here. There. Is a deployment call. Alright, a new error RM resource group deployment, my. Goal here is not to teach, you PowerShell, or as. Your SDK. For PowerShell. It's. Just to highlight the. Key concept, which you, enter you interface, with Azure. And, Azure stack through the same SDK, right so if you are doing a resource group deployment, and you use PowerShell we do a, new, error RM resource group great, deployment. And, what's. Happening, here. It's. Invoking. A template, that is in, github and. Performing. The deployment, this is a very simple templates, part of the quick starts and it, just creates a VM. Alright. I won't go into the specifics of, the template here so what. I like to do is. You. Know we'll go ahead take a look at this code here and. I've, set a breakpoint. Exactly. Where the. Subscription. Where. I get, my my subscription, and. You can see the comma command again, as RM subscription, great so, what I would do now is let, me double, check up, here. You'll. Notice I just, said a handy. Variable. Says, deploy, tree stack which can be either true or false in, this, case I want to deploy this, template to Azure. Stack and by the way how. You would do these different. Folks. Have different programming styles, right this, is just, the way I. Structure. My code but bottom line is I have a variable that control, that says whether or not I'm targeting, astronaut, Roger stack and the difference, you. Know if we take a. Close. Look at, the code is that. What. I would do. If. I'm deploying to Azure stack I. Perform. Some calls that specify, some. They. Are main points which, are custom, because as restack is running on your data center so the, the endpoints are. Not necessary public or if. I'm deploying to. Assure. The. End points are well known so I don't need to specify an, end point the only thing I. Go, ahead and do is a, login. As RM account but, keep in mind that is the same SDK, the only real difference is. The. End points of arm, as a resource, manager, change so, in my code I have a provision for that and of course this is a powershell example, could be CLI, there, are many other ways to do that all right so, let's run this thing and see what happens. So. I just hit, hit, run here, and. We. Did set a breakpoint, in. The subscription, call. So. We'll go ahead and do, a. Step. Over it and. Then. What happens, is we. You. Get a subscription, so. Okay. Notice. PowerShell. Is reporting, that I have a, subscription, with a given, subscription. ID. Reports. The environment, in this case a stack user and again environments. The concept of our of the. Tooling which, is basically. Whether. You are wanted to target the public cloud, or. The. Sovereign clouds or Azure or every. Stack you, specify, the endpoints, great so what I did the only thing I did is I specify. The endpoints for my address tag now. The output of the the, command is exactly the same the objects are the same because indeed the SDK, is the same great. So, what I would what.
I Would do now is I'll, just go ahead and. Let. This thing run and a. New resource group was created. Resource. Group, OSS. CFR, RG. 278. And. Clearly. You see that I'm not good at naming things. Go. Ahead treasure stack. You. Can see that a new resource group was just created, and. If, I go ahead and click there. These stables is deploying right, so. I leave, the these, resources, should be created. And. I'm going to switch to another PowerShell. Window, right, and, in, this powershell, we know what i'm going to do is. I'm, going to set. That variable deploy, to stack equals, false which means that my quote now you, target. Asier and. I will do exactly the, same thing, we were just a set a breakpoint here. And. What's, going to happen is. We'll. Go through the same. The. Same flow. And. You step over and. You. Can see that my environment, now. Is. Azure, cloud and I, have subscription. ID the same constructs. That I, had, on the prior call. But. Guess what the endpoints are different, now I'm my. PowerShell. Environment, is pointing, to the publication so, the deployment, is happening, in. Azure with the same template. So. If that said I, would. Just go ahead and. Continue. Running, this I. Need. To create a new resource group the resource group is. 457. Right. So let's do this let's go to publication. Now. And. Let's. Filter. My. Resources. And. To. Make it easy and if you to buy OSS. 4:57. Is here I just created the, status, is, deploying. She. Means that you know that deployment is going home so. Why, this is important, and again super, simple demo the. Goal was not to. Turn. You with. How. Easy, is, to write a script to deploy something but it's to highlight that, the. Templates is the same because arm is the same as a resource, manager is the same the, script is the same because I use, one SDK, which is the PowerShell Desert, SDK. For PowerShell, I could. Be using CLI, as well or. I, could be using, one of the SDKs, for. Languages. Like Python. Ruby, dotnet. And others the, bottom line is the, consistency, allows you to. Create. Your resources, and then. Choose. Where, you place, those. Resources, all, right and not for consistency. So. Let's. Take a look at some other concepts, and how we can use this consistency, to. In, reality, create, hybrid, applications. So. Let me switch my. Screen here. So. Again. Always, keep in mind the importance, of asier. As. The. Azure. Stack being an extension, of azure right. When. You use this consistency, on your favor you, indeed. Can create applications that, take, the, best out of the. Resources you have on Prem and at the same time. Realize.
The Potential, of the, azure presence. Worldwide. So. What. Customers, have been doing, in, terms of hybrid. And. We. Spend, a consumer, amount of time meeting, with customers all over the world, during. The in SAP better stack and. With. The help of those customers, and customers. Interview, interviews. And, requirement, gay trans gay gay gay during, we. Come to. Few. Pillars of what. A. Hybrid. Application would. Look like right so. Consistency, and I allude to consistency. Briefly. In the demo, you know this flexibility. That being. Able to create, your resources, and place. In. Either clouds, is. Very, very. Helpful. Then. Having, the ability of. Leveraging. The azure services available. On premises, is, also some something, that customers, find. Very. Very helpful and. Finally, all. Of that on. Leveraging. A integrate, the different experience, where customers, can basically. Get. An appliance rollout on the data center press, a button blog, power and. Networking, and then, they have that mini, Azure to. Run you. Know the modern, clouds, the same type of modern. Apps. The, same times of apps that they will be running in the public cloud. So. With that said if we, look at a. Little, more. Drill. Down on those. Scenarios. Age, and, disconnected. And you. Know if you. If. You're watching. Such. As keynote PG, talking to scenarios, of, bringing. A shirt to, the edge bringing. Ashore to places, like ships. In the middle of the sea. Oil. Drilling. Platforms. Or, even. In scenarios, where you, know you have vehicles. Performing. Any kind, of maintenance, in the field all, those things it's, about, running. Your application, and. Designing. And running your applications, in one. Model which is the azure model. And running. Those applications. Where, the. Action. Coding code happens. Now. Regulation. Across. The world business. Faces. Different. Types of regulations. And some regulations, require you to store. Data in a given location right. And. That. Can be accomplished, in many different ways, but. If you are designing. Developing and. Managing. Your applications, in Azure it's. Very, helpful to be able to use the same model the, same operation, although while. Maintaining. Data. Or, artifacts. Where they are needed, so. That's another very, common. Scenario. And. Finally. Being. Able to run modern. Apps. On. Premises. And being. Able to integrate, those modern apps with, existing, systems. For. Example. You. May have. Factory. Floor systems. That. You like to, integrate. While, designing. A. Application. Based on functions, service, computing, or API, apps so. If you have Ezra stack on pram you can do that address, tag. Has. App, services, for example with, functions, with websites. API, app so you can design our more modern application. And have. That modern application. Talking. With on-premise. Assistance. Now. With. Those, three. Pillars let's. Take a look a little bit more, on what. Such. Dealer. Would, look like. So. For example, what, can I really do, imagine. Disconnected. You, know one example is I can, use. The public cloud to. Do data aggregation, and then. Use. The public cloud to, do data collection, and then. Use. The. Azure. Stack, or miniatures. Tax. To. Perform. What, AI. Scoring. On my, AI models, or, do. Some kind of data processing and. Keep. Data. Local, while. Exer, facing. Some. Part of the data to. The public cloud so the borderline. Of agent disconnect, is you can look at you, leverage, the broad Asscher, to. Basically, do the. Training of your models, and the large-scale, data, collection. And. Then you use agile stack. To. Basically, treat, the. Data in the processes, that need to keep, on prime and keep, in mind the limited, or no connectivity. Disconnect. Is a very. It's. A very. I. Think, strong, word, to. Describe you. May have entered me intermittent. Connectivity, what. Intermittent, connectivity is, you may have sensors, on the field and, sometimes. Those sensors help. On activity, sometimes those sensors don't have connectivity right so then you. Can take, a scenario like that where you, use Azure stack to, basically maintain. That. Data y/o connectivity. Doesn't exist and when connectivity. Is established, you, can you. Can integrate, with assistance. In. The public cloud so that's one example of, edge. And. Disconnected. Solutions, now. How. This, ties. To, the X to the demos I presented, early where.
We Saw the consistency. Again. Having. The consistency between the clouds means that you cannot attach, your solutions, in a way that you. Can deploy the, different pieces of the application, where. You. Really need it. All. Right. So. How. About regulations. You. Know we have a, one. One. Of my, customers, does. Health. Care solutions in. A high, regulated. Geography. So. They. Do. Require, that. To. Keep data on. Premise. And. In specific, countries. So. How can they use Azure stack for that again. They. Can store the PII data in. Azure stack using things like. The. Capabilities, we have for blob tables, queues also, see Co and my sequel resource providers, and then. For. The data that is not required, on pram they. Can leverage. Address. Tag for the modeling, of big. Data, and. The other thing that surfaces. In this kind of example, is that. Not. Only, you. Can go. To the public cloud. To. Do, big, data modeling, ai as, I mention as, I have mentioned before but, you can also go to the public. Cloud for, scenarios. Like cloud births so you keep, your, data on prams on, pram but you are able to leverage. The cloud to. Birth some of the capabilities, so. This is some. Of the examples, of use cases, we. Encountered. When. We talked, with, different. Customers, so. I think that the best way for us to. Explore. That is looking. At the era demo, right, so I, was. Thinking on, different, ways we could do a hybrid, solution and. And. That. Reminds, me this morning, of another customer. This. Customer they. Have, to ingest a large volume of files. In. Different, ingress. Points all, over the world now. Those files end up. Part. Of the information of those files end up being having. To be processed, on Prem by the way they do large-scale printing. Neither. The. Type of printing, you do at. Home but the really the large-scale, operation, which requires. Some. Football-sized. Infrastructure. So, how to solve the problem, of. Easily. Ingest documents, from all over and, then basically. At. Some, point in. Bringing. Those though, that. Data on Prem with. The same programming, model, so. That's the challenge that, I I. It. Remind me this morning and I like to, walk you through that so. Let's switch. To the demo environment. All. Right. Okay. So. I like, to concentrate to concentrate. On Azure stack. So. Let's, switch. My screen here great. So. First of all if you, are a if. You're developing a hybrid, solution or you are about to develop you, know the, first thing, you ask is. What. Is available for, me to use. Because. Personally. I try to write. The. Least amount of code that I can, so. Let's take a look at this particular. Address, that environment, and see, what, type of capabilities. I have, available, all. Right, so. If, I look at my resource, groups actually there are different, ways I can do that so let's, go to the marketplace. And. Uh you. Know let's, take a look here do, I have a sequel server. Yes. I can create a sequel database, I. Can also. Create. A my sequel, database, if I want so, basically, these. Two these. Are two of our resource, providers, Seco and my Seco. Another. Option, that I have is let's. Say I want to create a function. Here. I have, a function app, and. Is exactly the same function, app that, you are used to. In. Azure. Because. It's. The. Same resource. Provider that exists. Here so, Web Apps function, apps so, the API. Apps, etc. Awesome. There, are some other things here that if, I look at my, marketplace if I, search. Again for my Seco, I can either create, a my sequel database. Using. The my. Sequel resource provider or if I want I can create a my. Sequel, VM using, a. Marketplace. I know from bitNami, bear, in mind this marketplace island is exactly the same it, comes from Lasher so the address that the ever stack marketplace, is. Has. The ability to syndicate, iris, fromage, room so. What I'm highlighting. To you is the, different capabilities that, we have out of the box, also. You, know when we talk about hybrid. Solutions. I cannot. Miss. One. Of the announcements, we. We. Did yesterday. So. We have the, marketplace. Island that creates a kubernetes, cluster, that's. In preview that was announced again. We just announced this today, I'm, sorry yesterday, and the, same thing. For. All the. For. All the technologies. Right, so, service. Fabric, it's another capability. That we hear all the time from our, customers, so we do have a marketplace island that, enables. You to create. Service. Fabric clusters, can, this was we, just announced, this yesterday now. Bear in mind this is not the. Service. Fabric, resource, provided, the managed service this. Is not IKS, the, azure kubernetes. Services, the managed service these, are marketplace, islands, they. Creates. Those. Good. Bananas or service fabric clusters.
For You the. Key difference, here is the. Azure version, is a fully managed service, in. Ezra stack it's, a marketplace item that will basically automate the creation of, those, clusters relying, on is, infrastructure, anyway, this. Is just to give an idea of the current capability, so everything, that I show you is a current. Capability, great, so, let's go back let's, not deviate, from our goal, and our goal was to. Ingest. Data in, a large scale using, Azure and. Persist, that data in. On. A, own. Pram system, great, so. How do we accomplish that so if I look at the resource groups you. Know some of the deployments, some of the resources. I had deployed ahead, of time for obvious, reasons so if, I look at this. This. Resource group here I have a. Sequel. Database, there. Was provision, using, the, sequel. Resource provided. So. I have, a sequel database an. Existing, sequel database, which. By the way just to highlight. This. Is what it looks like so here I have a simply. Open source. Tool. That brings. Data from different databases, so. What you are seeing is again a connection, to a sequel, instance, and. Just to show you that that I have some data there I have a table with. A couple of columns again some, abstraction, is needed for this demo so assume, that you, know we are starting data on cycle server and this data we will eventually flow into. A home pram system, so our end goal again, is to ingest, large large, amount of files and. Bring this down here now this, Seco database, is running as your stack. How. Can we bring data to it there are different, ways I, personally. Love functions. Serverless. Functions, basically. Are the the. Biggest, bang. For the butts, it, allows you to create. Processing. Bays on many languages, in this case I create a simple function using, c-sharp, it, allows you to either, having. Fully you. Know development, experience, using Visual Studio and everything, compiling, your code all, those things or, allows. You to just write i know. Basically. Scripts. And compile. At runtime which. Saves, some time so for the purpose of the demo that's what i did i, create, a function. A very straightforward it just receives. An i10 and rights to a sequel database, i'm going to the details of the, code again very straightforward, uses, the, the. Seco client, classes, and what. Happens, is, this.
Function, When, this function runs it. Will you write a record. To. That sequel. Database, right. And here you see our, lawfully. Sequel. Statement, alright, and, again i'm, alluding, to maybe an existing, sequel. Assistant. That you are already head or pram something, like that so, we have a function that basically. When. It's called, persist. Data on sequel server great, we. Have a challenge, here actually you have many challenges. So. The first challenge is I like, to ingest, data using. Azure using. The global reach of azure okay. How. Can we do that, how. We ingest, data using. Azure. They're. Probably like ten different ways right is, one. Way, one. Of the ways I. Or. Chiheb yes but you, know I thought, about that. But. How about let's try to do something even simple, if it's. A file, what. An user would probably, doing, onedrive. Seems, a pretty, neat way to ingest. Files right and again this is this. Is not a. Architecture. A session. In the same shop don't, get this cold and rain production, it's just let's be creative so I'm going to leverage onedrive. The. Scale of onedrive to ingest files, and. Then have. A short stack a processing, Ezra stack to run every time a file happens FIO is ingesting onedrive. So. Here's. Another challenge, how, do we connect our function. To. A processing. Azure. Different. Ways I. Can. Think of I will. Stab lished VPN, right. Could. Be one way I. Could, have Express, route yeah that's cool like the biggest pipe ever all, right, guys. Every. Single serving error or the majority. Of them they, have public, endpoints, right so. Let's leverage the public endpoints, for the sake of this demo so what I'm doing is, if. If you, look at my function configuration. Now things get get. Pretty interesting, right if. I go to my application. Settings. What. I will have is I. Have. A connection string. It's. My storage connection, string. Notice. How this is a as your, cue connection. String, okay. Great. Now. If I look at my function. You. See that I have a binding, to. The connection, string and. To. A kilning, demo. One. Alright. So. If. We, go to a sure now and bear with me it's easy to get lost in. This demo, I. Know. A lot of, screen. Changes. So. If I go to my storage account and look at my.
Kiehl's. In. That storage account, I, need. Have demo, one. Alright. And. Here's. The demo one cue. So. Here's what happens. Using. Functions, in Azure stack I bound. My function, to a public, endpoint, in yeah sure my. Function will, kick. Off every, time I new I think comes. To that to. That queue it will, read the message and then, we. Have that a, very small C short code that writes, data to the database right, is it, the only way to do hybrid of course no I mentioned, VPN, Express. Route there are different ways this. Is just a quick and dirty way all, right. Everything. Is almost ready except, one thing what, is missing here what. Is missing is how we, ingest the files. So. For that. Flow. Okay. Ahead, of time I went, and create a flow. That. Reads. Read, files from, a folder, named build demos. And. Write. A file content, to a queue. Okay. All. Right so, what I'm going to do here is. Let's. Create a file. Let's, save this guy. Should. Have done this ahead of time. Apologize. For that so I will. Now move. To the folder. Alright, so here's what's going to happen. Remember. My function, is stopped because I want to ensure. That you. You, see it happening. That. Fire will be ingested. After. The fire is ingested. It. Will go. Through the queue it, will, stay on the queue until my. Function, picks, up and then when, the friction function. Picks, up what's. Going to happen is it. Will write you as your stack so. Let's go, ahead and enable, the function and. Before. I do that. This. Is the data my sequel database I only have seven rows right so we'll go ahead and. And. Enable. The function. And. We. Should, have the data. Flowing. To sequel server. All. Right so. What will you do now is it, will take a while. For. That. File, to end up on the queue so we'll, leave it running and then. After. This happens. We. Will see the. Data flowing. To. The. Database so I'll let this sit up I, was actually quick okay. Clearly, my spelling. Skills. Are not the best but you see hello build which. Was what. We wrote in the file, could. This be IOT, hub yes, would. Be a more, real-world. Example. Yeah, you. Know IOT. Is one of the key scenarios that we be engaging with customers but. You know what why I like, this this, scenario I mean. I just wrote it right so I know that, that's one thing but besides, that. You. Know when we hear things like the Microsoft, graph the. Different, services, not only in the Azure but, the different services we gene Microsoft. That's. Power, right I use something as flow, flow is like the most and. User-friendly. Thing that exists, you, can integrate flow, with, Azure now, take on the possibilities, of the type of applications. You can create right. And this, is Rio Hybrid so I have as you're, doing the data ingestion. I have, hashtag, handling. The. On pram and the integration with my sequel. Database. So, this was to give an idea of, how. A hybrid. Solution can be created, so. Let's. Switch. Back to the slides, and. Drill. Down a little bit more or. Some. Of those scenarios. First. Of all hybrid, has many means right, that's, every. Time that I bring this is light up about, developing, hybrid solutions. I realize, that folks, have, different. Interpretations of. What. Is really, hybrid, I. Do. Have. Basically. Three, the. Way III I. Describe. Hybrid, is three. Ways, matching. Resources, in. Both cloud so what does that mean remember. My first example, the consistency. The, consistency. Example, was exactly, that what I did I did the deployment, on both clouds, okay. Where. Can I use. Where. That type of deployment, is applicable. Many. Instance, for example. You. Develop, solutions for many customers, some. Of those customers, will get your solution and running. After some, customers, will ask you to run the same solution, on. Brand so you can get the same set of resources templates, scripts etc, and. Allow. Your customers to deploy and then you can in that scenario you can leverage the error marketplace. To. Basically create. A package that shows up on the marketplace etc. Another. Example. Of, matching. Resources, in both clouds is Devon test right Devon test across the globe you have.
Many. Development, teams working. Across the globe. Anyone ensure that all of them have, the latest, version. Of your application, to test so what, you do is you can do testing, as you're deploying your app for testing yeah sure and then, deploying. In, Azure stack that's one a couple. Of examples on matching resources, on both clouds now. The things really get interesting, when. We, look at the bar on two examples, right when, you have some type of connectivity. Between. Aaron, and Azure stack and some. Type of connectivity, can be something simple as we did today. We leverage, a as. Your, cue and point or. Something. More. Elaborate. As, VPN. Express, route which you allows you which will. Allow your workload. To basically. If. You have a VM running one of the own of in a data stack that is VPN, to Azure that. The M has access to the resources on. The. V net in Azure and this vice, versa right so. Connectivity. Definitely. Enables. You to spread. Your workloads. Around, okay. Let's. Take, a look at, some. More. Details on that so my. G has. Been. It has been spending a lot. Of time. Creating. Guidance. For. Customers, to create such, hybrid. Applications. And. As. Part, of, everything. We announced yesterday. I. Show you some of those things you, know the kubernetes, service. Fabric etc. We. Also announced, the. Launch of, a hybrid patent, so if. You go to the azure stack, documentation. You. Start, to see, guidance. To create add search. Patterns, and. Then let me talk about some. Of those, patterns, that. Are really key, so. In terms of foundation. Right. What. We have is there be the, ability to provide, connectivity so. Again connectively. To Azure between. Analyzer stack can be accomplished, through, different. Ways and. When. You have that connectivity, established, you, can either leverage, public, endpoints, or actually, have. There be to go through both. Agile and Azure stack if you have VPN. And/or. Express, route now. It's. Very important. To. Highlight that. If. You, have different, as your resource, managers, right so. The. Resources, that you place in addressed. Stay, with retro stack the. Resources, you place in Azure stay, with Azure. As. A resource, manager, in. Azure. Is, a, different. Instance, than Azure stack which means that for, you to orchestrate. Those resources, you. Need, you. Need to leverage, some. Kind of automation, that. Can be as simple as, the example, Y demo, to. You at the beginning of this session where, you have a powershell script that does deployment, both both, places or something. More evolved as, what. I described, on the right side of the screen which is a CI. Cg, pipeline, that, takes in consideration both. Clouds, another. Announcement. I'm full, of announcements, sorry these. Are all news another. Announcement we did yesterday the, VSDs chain release. The. Vs, TS tests, for Escher stack where. You can deploy app, service. You, can deploy arm. Templates, or perform. Storage. Operations, from vs, yes what. That allows you to do is one. Single pipeline, target. Targeting, the different clouds and by. The way I have a list of the, related. Sessions but tomorrow, on. J from, Aichi we'll, be presenting all. Development. Tools and their hubs and one of the things is going to show is how you can, accomplish a single, integrated pipeline, with. Virtualization stack I highly. Recommend, you attend in that session I have. The link for the session, at. The end of these lights, good. So. What else. Can. Be done right. So. When you have such. Capability. You. Can do. Things like. Birth. To assure, this. Was a prototype we design with, one of our customers, and, that. Particular, customer has. A very. Short. Time. To acquire, business, for customers, to actually. Use their service, that, is a signer period, that, is very short on the year at the end of the year and. At the same time they. Have, to keep some, data on pram great. So. In. This prototype, we we, design with this particular customer. We. Leverage AB service. We. Leverage. The. Sequel resource provider as I I. Using. My demo as well, to. Build. Both. The, user. Experience. Through web apps and functions, as. Well as the data cheer on pram, and. Then. For, the. The. Front-end, here, what. We do is at. Sign. Up times. Those, times of the year where the. Amount. Of people accessing, the, front-end.
Is. Greater, than the capacity they have on pram they. Rely on. App. Services, in Azure, now. How. The traffic, is redirected. That's. Another challenge that you you, encounter, or hybrid systems there. Is something, called as your traffic, manager, so. As your traffic manager, provides, you an ingress point in Azure and based on rules it, can redirect, you, right. So then with a combination of agile Traffic Manager and VPN. This. Particular. Solution were able to burst. To the cloud when. Needed and. When. Traffic. Died, down traffic. Would get redirected to. The. The front-end on, the internal. Network by. The way this is one of the patterns that we actually have. Have. Documented. Many, years of variable, or on our documentation, so again it's, very powerful and all of this glue by CI, CG pipeline, again the ability of. Rev new, versions, etc, either. In a garage track, through, a single, process, in that particular case of V SGS. You. Know another example is, keeping, data local we just did that on, our simple, demo right we. Leveraged. Storage, in Azure stack and we. Did all the ingress in, Azure and we kept data local. This. Is one of the. Scenarios. I like the most and. We've. Been working with customers. That. Do. A lot of. AI. And, AI OTE. At the edge the. Plants. In remote areas or. As. I mention early in, the session you know drilling. Rigs. In the middle of the ocean that, need to score, data. Locally. So basically. Rely. On Azure stack to do the scoring while, all the training aggregation. Happens, in Azure, for. This particular. Scenario. We. Did a prototype. Relying. On. Machine. Learning York benching, Azure to create your models and train your models the, output, of that is actually, a container you, can grab the container and ran. In a tree statue to this cording so when. We start looking at either stacking, such scenarios, it, really brings. You all, the. Advantages. Of having as, a common, programming, model, and a model where you manage. Your solution. On-prem, while. Relying, on the, large scale, of. Asia. And. Finally. The. Other. Pattern, I like to, disk. Share with you is, the power. Of having something. Like a so traffic, manager and leveraging. Azure to do your ingress, so. What you can do with that is again you Angra your ingress point can, be anywhere, in the world and then. Through as a traffic. Manager you can redirect to address tag now there's a caveat here, right the. Caveat is for, traffic. Manager, to redirect, traffic to address, tag. Couple. Of things need to happen, you, either have, your. Address, tag, with. You know inbound connectivity, allowed or you, establish, VPN, right. So. We establish VPN treasure and then traffic manager can redirect. The traffic so, this, is very powerful because again, you, can have. Ingress, point all over, the world Brazil, Italy. And. Then have have your processing. In. A specific place now. Not. Necessarily this. Scenario. Like that requires. Traffic, management in VPN if you think about it the, demo we saw with in jet ingesting, data in, onedrive I do not rely on traffic manager general rely, on own, traffic manager, but I did rely on the ability of Azure, services to have you, know public endpoints, so. There. Are different, ways to accomplish hybrid, I, think, the great, thing is a, short stack provides you the foundation to do that so. This. Is all great. At least, this. Is very excited, exciting. And every day that I look I hear, about customers, designing these apps. It's. Super exciting now. How. About how, we keep, those apps. Secure. Or in, other words you, know how, to take, some, of the security, a, worries. Out, of your hands, right how can we do that with, that said I. Have, filippo to. Give an overview of how. Azor stack, handles. Security and, what it means for you developing. Those hybrid, applications, filippo the floors is yours all right thank, you. I may. Come back I'm not going away yet. What. Is there a week that's a good sign yes, yes, good job on that one or so. Guys, one. Of the reason why a lot of customers, wanna, users are stack and they actually using Azure stack is because. They want to use the public cloud technologies. But they understand, that sometimes going to the public cloud faces. Some constraints. Like compliance. Constraint or security, concerns their. Organization, may or may or may not have, so, you, Ricardo, gave you a good example of, patterns. That. You can use to, create your application your hobby application, for example you keep your data local, because, let's say you have a compliance, regulation, and prevents you from putting your customer, PII. Data to, the public cloud right and depending which region, that can happen fairly often so you. Have to keep it a dear local but, if your data, stored. In Azure Sox secure if you. Have gone downstairs to the booth of azure stack you will see as your stack comes as a physical, hardware, appliance, so.
Can You trust it can, you trust as your stack to, create your application to, put your very most. Private, data most sensitive data or your most sensitive application, and logic and all, the good. Intellectual. Property, you have on, Azure sack as a. Head of the azure stack security mobile say yes absolutely but. Don't take. My word for it so I'm going to walk you through the. Address. Execute, posture and the, compliance for Azure stack so, that you will be able to make your decision, where the as extract is worth, your. Trust for, when, it comes to security and compliance. So. This. Is the our key to Azure stack architecture a lot of blue box a lot of connection. Cool, stuff good. News is you don't have to know, it as your. Stack architecture, is. Internal. And internals. Are internal. Meaning. That you have no control on that you. Don't have to understand, it you don't have to configure it you don't have to figure out which account talks, with which component. The, lifecycle of that account which, network, connection, you have to have how, are you encrypt the connection and so on and so forth all of that is done for you and so. When. You look at the azure stack security. O secures. Your stack the. Azure stack. Appliance. Comes. Secure. Comes pre harden for you and so. We designed, this acute posture of azure stack falling to principle, be hardened, by default and assume, breach and I'll walk you through those but. One point I want to make it clear is that, you or your azure, stack operator, will. Have to manage for example do this security. Monitoring of as, your sack and. Then. When, is really your responsibility is. The tenant layer your, application, your workloads, or your machines. Those. Are your, responsibility, to secure them unfortunately. We, from. The product group we, don't know what kind of application are going to deploy on top of it so we, provide best practices, which are very similar or we are the same as a sure but. At the end of the day you are responsible. To securing, those applications, but. The good news is you. Can focus on securing, only that part you don't have to spend your cycle, you don't have to spend your time trying to secure the infrastructure, the, infrastructure, come pre hardened out-of-the-box. I. Hope. I'll be able to finish this presentation because. This, floor sounds, squeaky. So. Highly by default what does it mean it, means that instead of and. You know my Azure stack and then here's the 600, or 1000, pages manual. Of all the hardening practice you have to do we. Opted to fast with. Azure stack, it's. Ready, to go you don't have to do anything, to secure I'm talking. About the blue, box we. Saw earlier the infrastructure, you don't have to do anything it comes pre secured which, means that, you. Don't have to spend cycle, figuring out how all those components work together and how to secure, them and why. We were able to do that is. Because. In agile stuck we control anything we. We design the hardware with, our own partners design meaning we respect, the hardware so we decide. Exactly what firmware, will driver which. Operating system what, the version were, everything, is deployed hireling is configure, and more, so how everything, is managed and by. Doing so we have full control of the whole experience so that we can seal, the. Infrastructure, because we know exactly how it's going to be accessed we know exactly the what's. Gonna go on inside, the infrastructure so they're put ours in a very strong position when, it comes to security virtually. For example a Windows Server regular. Operating system you have to deploy it and then it can be any unbounded. Number of, configuration. Between hardware, and software drivers. Application. You run on top of it in Azure stack we remove the complexity, we, remove the. Combination. And so we, exactly know hi words and. So. I said we control, the whole and to end from the hardware up so for the hardware, again. We could design Azure stack with our OEM.
Partners, And. One. Of the things that, we enforce. And we require our OEM, parts and to putting inside, every, single either stack node it doesn't. Matter which I am it doesn't matter which region, are the, TPM, 2.0 chips, there. Are very few Hardware out there, by a few servers that you can buy today with, the count with 2 p.m. TPM, 2.0, and they. Applies also if you buy as your second China it applies also if you buy as your sack in Russia, they will come with. Consistent. TPM. Coupon or chip they obviously will meet the regulation, for that country and. Then. Of course the secret secure, boot a you fi but that's no news that's really a much standard, but we obviously have, those as well. We. Also focus, on reducing the attack surface so the only and the only door opens, are the one that we want to be open so. We. Started from a very hard very, tough. Security. Baseline and, we. Basically pick the hardest we could possibly find which is the u.s., DoD Department defence, security. Baseline, which is called the DISA stick so, as your stack or every hyper-v, hosts and every virtual machines of their the infrastructure. Comes. With a military-grade. Security, baseline we. Remove all the components, that we, don't use from Windows and so on so, that the attacks surf is reduced and we. Also have, a lever all the windows security features one, other one I mentioned here specifically, is a cone integrity, code. Integrity, which, is part of the device guard, umbrella. Is. Basically. Allows, only, the, code. That, has been signed by the Microsoft, or our OEMs, to Ryan, as your sac so. If one of those many components, you saw in the architectural, diagram a second ago gets, compromised, for any reason the. Attacker will now be able to run mimic ads which, is a exploit. Tool to steal credentials they. Will not be able to run an arbitrary, PowerShell, or whatever, other language you like because. None, of those are signed by Microsoft therefore. They, will not be able to execute not, only that if they try to do to execute them it will be flagged as. With. An alert there for you detection, will, be much faster and, just, to give me an idea when we count we talk about detection the. Average industry, for detection of a compromise is six, months 180. Days, so. Your company could have been compromised, five months ago and you will well, be thin the, average of the industry so, we in Azure stack we're trying to push down than the value as much as we can by, leveraging the fact that we know exactly was supposed to run so. Any software is not designed, to run as a stock should not be run and if somebody tries to run it we flag it so you detect, a right away. We. Also disabled a lot of legacy protocol, here I just mention a couple them SMB one as a cell and we're working to the to, do more. About. The secrets, when. You talk about secrets, encryption, and so on and so forth, there. Is a lot of overhead that comes with it so. First of all these. Work compliance, also comes into play because in Azure sorry we, understand, we go in a lot of regulated environments, we go into the financial industry, don't we. Are going into the military, we go into the government we're going to insurance. Help, healthcare providers all of them are extremely heavily, regulated so. Therefore we've tried. To address that as much, as we could so the arrest encryption, if you take any standards, out there they all require the rest encryption so. It's enabled, by default in azure stack through, BitLocker. Network. Encryption, all those boxes that. You saw in the architectural diagram they. All communicate with TLS 1.2 only. There. For you all the encryption inside all the communication, inside the infrastructure, is encrypted, and. We. Manage the. Certificates, for encryption inside. The infrastructure, itself there is a certificate, authority so, all this certificate, rotation. Can, happen automatically, we actually provided a script you can run as much as you want as frequently, as you want and you rotate. All the secrets of the infrastructure. We. Also have, one. Of the accounts, I mean sorry the majority, accounts use what we call GMS a group, managed services account they. Are just regular, services, account, but. They are managed by the ad there is an internal ID inside as your sac those. Were account rotate pass through early 24, hours that's. A fastest, they, support it by ad so. If an attacker compromised, one of those accounts they have 24 hours to exploit after, that the password dates automatically. Boom. They are out again so, that's sort of like the a lot, of the infrastructure. Security, with pin in place. And. In. Terms of certificates. And the other's secrets, those that you have have, to run the, script. To. Rotate them the. Our North Star is to actually provide an autonomous, rotation, meanings that we put on a schedule internally, and a rotator as frequently as we can so. That even that overhead, is gone so you can focus and your team can focus on you on providing.
The Value which is the applications, not, so much dealing, with infrastructure, in, other words we want to give, you. Cloud. Like experience. Like, you have in Azure in Azure we don't go in Azure and rotate, the certificate, the azure infrastructure, that's done by Microsoft, so, we are trying to get there now our North Star is to get to the same position with Azure stack but. Run inside data center. They. Are the principal we follow for Azure stack is assumed breach. Assume. Breach is T I would. Call it a modern or the new, secure. Approach, or in a new approach of security, there's. Been basically. Put, forward by the industry, and Max as a champion on that and what. That basically says is let's. Be honest we. Can be. As good as we want and put. As much security, and hardness, we want but. If an attacker is well-funded. Enough and they. Have enough time they. Will eventually get in that's. Just the nature of the business. And. So. Instead. Of just focus on the hardening, of the perimeter, which, was the first day, previous. Approach, of security you put very beefy, firewall, on front and then you you have a very strong. Gate. Around, or, your fence around, your infrastructure. You. Actually do. The same inside, so, it's sort of like usually, typical. Metaphor. Is you, go from the castle with the huge high, walls to. The city when you have came as a door you have locks at the door you. Have the police running around and, so on and so forth so instead, of having the secured on the outside, you. Also have you have the security across the board and so, you focus not only in preventing, the breach also, in focus on the detection and mitigation. And. The. First enemy where, we have to defeat when, it comes to compromise. Is the admin privileges, I was. An RSA, conference, two weeks ago if any. Of you was there at the keynote they they. Gave. Us a very interesting number. 88%. Of. The. Compromise today, although actually. Both of the last year I think. Happened. Through one non credential, eighty. Eight percent that. Means credential. There has been stolen and, guess. Which one is the easiest way to steal your credential phishing. Attacks they, have 33 percent success, rate, making. A little bills easy. Math let's say I send you three emails it's, not exactly there but, let's.
Make. It easier three, emails and I get your credential, so. I'm three. Emails away from basically getting your. Domain. Admin credentials, and, when, I have that I can do whatever I want in your infrastructure I can steal any data that your application. Have installed, and at, that point you are done so. Natural sack we simply remove that credential you as, as, your stock operator we. As either, Microsoft, or do M we do not have any security sorry, any domain, admin credential, or any admin, credential. For that matter so, if they steal your credential, they. Only they steal our user credential, so, as your that can be managed, as a user. Account. It, does not require a domain, admin account it does not require an admin account as. A matter of fact we. Call it the operator, the Azure stack operator we don't call it the other stack admin and. This. Was possible because remember, when I say we we shrink down we only enable, the doors, that we want we, only open those as Jessica. Only has three three, doors one. Is the portal. We. Have two portals in our stack we have the tenant portal which is exactly the same as the, one that required. To show you which, is like. The same as Escher and then, we have the admin, portal which is an admin experience we, built for. Azure stack where. You can manage your infrastructure, we. Well define interactions. So. You that's, why you go for example to create to. Syndicate with a marketplace, to build quotas. To. Will offers. To. Bring more down more services, to, update. Azure stack so. If somebody steals your credential, yeah. They may be able to turn off either sack and do. A denial, service attack that way but. Sure enough if you don't detect the summary turn off your appliance, you have a bigger problem than the security itself right so. But. That to give you idea, that. That's where they go if you don't want to use the portal the admin portal, then. You go to the arm and you can use PowerShell. Command, line whatever you like, Python. You name it whatever you want you can use that that expose the same actions. The same functionalities. Of the admin portal as a matter of fact you have been portal calls arm to, perform the, action that exposes, the Pontic click experience. And. Third. Which. Is only for support cases. There. Is what we call the PowerShell this or the privileged endpoint which, leverages. Gia, PowerShell, gia and that. Is a whitelist, of the PowerShell. Library so we only expose about 20 commandlets which, are only able to bezel to get logs and perform. Some admin duties and to, a via, q factor auth between your operator and microsoft. There. Is a way to sort of open the hood of azure stack so get inside infrastructure, but again that's only through, a ticket. Support. We, I mean there with support, engineering and we. Are on the call with you and we will guide you through and then absolutely is scripted. So, transcript. Is so you will have it you. Will know everything happens those. Are the only way to interact with Azure, stack everything else is sealed. Weaken. Train blast radius. By. This. Privilege the account level I mention at the network a clink we iterate every month we make, it better we make it tighter and, we. Have rule base, interfaces. So. All those components you saw earlier they. All communicate ear to rest or through.
PowerShell Gyah and, so. That if one components, get compromised, they cannot do a WMI call and perform any arbitrary, action they want and. Again. If one I can't go compromise there. Is no logging into, hyper-v. Manager or cluster manager or service manager whatever you like there. Is only those three endpoints that I mentioned earlier. Auditing. Big, deal when it comes to security and monitoring. We. Centralized, collect. All the audits and we pre configures your stack whose prevailed the oldest you need and we have a syslog, client. We're, actually delivering next month, that. It, will make it very simple to integrate the any monitoring, platform in the market. So. That was super security, hopefully. I was able to give, you some idea. Of what we have done for Azure stack for. Compliance. One. Of the feedback was from customer, compliance, paperwork, number one they, had. To go to production. Obviously. For regulating environments so what we did in Azure sack since. Again we control, the hardware and software and, the. Entire infrastructure, we. Call up an, independent. Auditing. Firm to do a formal, assessment of, Azure stack, for. PCI, payment. Card industry so. If you use Visa MasterCard, American Express in your application, or anything else relate to that you, have to be PCI compliant, we. Have all the documentation, on how as, you're sucking from. Infrastructure. Means, the PCI the, applicable PCI, requirements. We. Also. You. Block me does, that block you yeah can you give me a one-click. Bagel. It's. My life slice so I'm good so. They last a second thing we did is we prefilled. The, cloud. Security alliance cloud control metrics which, is a framework. And meta. Mapping, of. To. About 30 different international, standards, which include HIPAA healthcare industry, FedRAMP. If you want to be a service provider for the US Gulf which, is also one of the most comprehensive, cloud. Provider standards, out there and ISO, 27001. Those. Are just there, are 30 more in there sorry these, documentation, both, the PCI and the classic, airline CCM metrics you, can download it for free from. The service transporter the link is here on the slide I last. Comment I wanna make just, want to make clear we are not certifying, Azure stack for. These standards this is a this, is a difference. Between a janitor, stack in, Azure markets. Or owns, and operates a, j''r therefore. We, can, address. And we can meet the controls, they are related to people, and processes a lot of this tender have a lot of controls, relate to people and processes in. Azure stack you, or your customer, own and, operate a sure stack therefore. They, have to the certified, respect what we have done it we have done a formal, assessment, and we provide all the documentation, so, to jumpstart, your certification. Process on how Azure. Stack. It's the applicable control. Related. To the azure stack infrastructure, which usually, falls into the technology, piece okay. So, you but, for companies they already regulated, people, that process are already done because it's the same across all the, application, they have so, real they the, real Delta is gonna be the application you develop and that's. It, doesn't matter when you run you will always have the Delta and. With. This I think we are over time so I. Want. To thank you for your attention I hope this. Was interesting and we are. Here for question if until, they kick us out otherwise we'll pick it from outside thank you.
2018-07-20 02:45
