Announcing U.S. TechNet on Tour Events for Fall, 2015

You are invited to join us for free, interactive events led by Microsoft Technology Evangelists.

image

Cloud is making DR a feasible solution, technically and financially, for companies of all sizes by utilizing a cloud solution provider, i.e. someone else’s infrastructure. In these deliveries, attendees will learn the fundamentals of cloud and see how to employ Microsoft Azure as part of a wider disaster recovery (DR) plan! This is an opportunity to learn, experience and gain technical depth of DR, and network with IT pros in your areas and grow together.

Attendees will receive a free Microsoft Azure pass and spend most of the day in a hands-on lab environment. Customers should attend the event to learn:

Who should attend: The event is technical by nature and is aimed at IT pros who get hands-on with technology as part of their day to day jobs.  Previous experience of Microsoft Azure is beneficial but not essential. Here are the city registration links, dates and presenter. And we are looking forward to meeting you all.

 

City State Event Date Presenters
Seattle WA 9/1/2015 Jennelle Crothers and Brian Lewis 
San Francisco CA 9/3/2015 Jennelle Crothers and Yung Chou 
Houston TX 9/22/2015 Kevin Remde and Yung Chou 
Charlotte NC 9/29/2015 Tommy Patterson and Yung Chou 
Philadelphia PA 9/30/2015 Dan Stolts and Blain Barton 
Indianapolis IN 10/6/2015 Brian Lewis and Yung Chou 
Tampa FL 10/7/2015 Blain Barton and Tommy Patterson
New York NY 10/8/2015 Dan Stolts and Kevin Remde 
Irvine CA 10/14/2015 Jennelle Crothers and Yung Chou 
Dallas TX 10/16/2015 Kevin Remde and Yung Chou 

Get a head start with Azure today:

Try It Yourself – Configure a Point-to-Site VPN Connection to a Virtual Network (3-Part video Series)

This connection is very easy to understand and implement. Point-to-Site (or P2S) here refers as a connection between a single device (namely a connection point) and an Azure virtual network (vnet) site.

A P2S connection requires a subnet defined within the target Azure vnet site. If to examine from a connected Azure vnet site, a connecting device automatically allocates an IP within the defined P2S subnet and connects to the site via a VPN connection.

Technically, a P2S connection is specific to, not the physical but logical device which is the OS instance which a connecting physical device is running on, since the connection is based on a-private-and-a-public key pair generated with the OS. At this time, Azure P2S supports only self-signed certificates, and the x.509 certificate (i.e. a public key) of an employed key pair resides in a target Azure vent site, while the certificate of PFX format (i.e. a certificate exported with a private key) should be installed at a connecting device. An administrator can configure an Azure P2S connection by:

  1. First enabling P2S connectivity and defining a P2S subnet associated with a target Azure vnet site
  2. Generating an x.509/PFX certificate pair
  3. Uploading the x.509 certificate to the site
  4. Distributing to and installing the PFX certificate on intended (logical) devices
  5. Initiating a connection from a logical device

Although one x.509-and-PFX-certificate-pair is sufficient to establish a P2S connection between an Azure vnet site with multiple devices by uploading an x.509 certificate to a target Azure vent site and employing/installing the associated PFX file on all connecting devices. The best practices is to employ a unique certificate pair for each connecting device to better secure the P2S environment.

Here are the Azure documentation page and complementary videos to walk through the processes and operations to

  1. Create a virtual network and a VPN gateway (video)
  2. Create your certificates (video)
  3. Configure your VPN client (video)

A Memorandum to IT Pros on Imperative vs. Declarative Scripting Models

One noticeable difference of Azure Infrastructure Services (IaaS) V2 from Azure IaaS V1 (or classic Azure IaaS as I call it) is the employment of  Azure “Resource Group” templates. A resource group not only is a newly introduced artifact in Azure, but denotes a fundamental shift on automating, deploying, and managing IT resources. This change signifies the arrival of a declarative programming/scripting model for the better. I will walk through an application deployment with Azure resource group templates in an upcoming post. In this memo, the focus is on distinguishing these two programming/scripting models.

Imperative vs. Declarative

Traditionally, within a logical unit of work (or simply a transaction) the conventional wisdom is to define how to implement a business logic by programmatically referencing parameter values, verifying the dependencies, examining variables at runtime, and stepping through a predefined data flow accordingly. This is a so-called imperative programming model which uses assignments, conditions/branching and looping statements to serialize operations for establishing the state of a program at runtime, i.e. an instance. An imperative programming model is to describe virtually “how” to reach “what.” A vivid example is that C-family programming languages are based on an imperative model. An imperative model like the following pseudo code specifies the steps (i.e. how) to ensure the operability of attaching a database to a SQL server (in other words, what) by ensuring the SQL server is first up and running, i.e. ready, before attaching an intended database. The implementation logic is to repeated a routine of waiting for a specified period of time, checking the status of a target resource, until the target resource is ready for an intended operation.

Wait 30 seconds and check the SQL server status again, till it is up and running

Then attach the database

At the same time, a declarative programming model is to describe business logic based on ‘what it is and not how to do it.’ For instance, rather than programming a loop to periodically check the status of if a target SQL server is up and running like what an imperative model does as depicted by the above example, a declarative model will simply state the dependency on a target SQL server, i.e. what the state must meet, before attaching an intended database and let the system (here I use the system as an umbrella team of other components) to implement how to enforce this pre-requisite. The following illustrates a declarative approach.

This database has a dependency of the hosting SQL server

The above states the dependency, i.e. what it is, and delegates the implementations carried out later.

What vs. How

Notice that an imperative model is to specify both the what and the how of a deployment. At the same time, a declarative model implies a logical separation and focuses on the what and leave the how later.  In layman’s term, imperative vs. declarative is simply an approach of how vs. what, respectively.

Why Declarative

For simple operations, one may not be advantageous over the other. For large amount of operations or tasks with high concurrency and noticeable complexities, the orchestrations can be too overwhelming to productively implement with an imperative model. This is increasingly what IT pros are facing in a cloud setting where operations are intermittent, concurrent, and carried out on hundreds or thousands of various application instances with inter- and intra-dependencies among themselves at an application layer and a system level.

A declarative model states what a target state is and the system will make it so, i.e. enforce it as stated. Employing an declarative model will fundamentally simplify how an administrator carries out application deployment and automation with increased consistency, persistency, and predictability.

As IT is transitioning into cloud computing, the number of VMs will continue to increase while the deployment environment is likely becoming hybrid and complex, adopting a declarative programming model is, in my view, critical and inevitable.

Essentially, IT has become such a highly integrated and increasingly complex environment, which is particularly true in an emerging IT model where cloud computing combined with hybrid deployment scenarios. Programmatically describing how to establish a state in runtime can quickly overwhelm programming logic and make an implementation based on imperative model very costly to develop and maintain. Shifting to a declarative programming model is strategic and becoming “imperative” for IT.

Call to Action

Recognizing the presented opportunity, IT pros should make this shift from imperative to declarative scripting models sooner than later. Employ a declarative model as a vehicle to improve the capabilities and productivity of application deployments, to facilitate and maximize ROI of transitioning to cloud in an IT organization. To get started, there are already abundant information of Azure IaaS V2 available including:

In addition, those who are new to Azure IaaS may find the following resources helpful:

And for those who would like to review cloud computing concepts, I recommend:

Application Deployment as a Service, A Sample Implementation of with Microsoft Azure PowerShell

This is a lab delivered in the spring of 2015 for Microsoft US IT Camps, Extend Your Datacenter to Azure, which is a whole day event with hands-on experience on deploying and migrating workloads to Azure. This lab is specifically for IT pros to experience an automatic deployment of a business function/application, instead of deploying just VMs. The ability to deploy VMs are important and essential. Deploying VMs are however not the ultimate goal of moving to cloud. As I have addressed elsewhere, cloud goes way beyond virtualization and deploying VMs, instead it is about the anytime readiness and on-demand abilities to grow and shrink resource capacities based on demands, i.e. being elastic. And this lab does just that to prove this concept using Azure and PowerShell.

The script is published in github and one can run the script as it is and without making changes. In the recording below, I walked through the steps to acquire and run the script. The intent is to run it as a service, i.e. on demand, to deploy application instances from zero to running instances. Notice this script is for learning and testing Microsoft Azure and PowerShell. It does hard-code and not encrypt employed password, has very limited error handling, is not intended for production use.

image

For those who are not familiar with the essentials of Microsoft Azure Infrastructure Services, compliance, pricing, and cost structure, here are additional resources:

Windows Azure Pack Express Installation

This is a project for Microsoft Virtual Academy that I had the pleasure to work with Shri (Shriram Natarajan, a Program Manager in Windows Azure Pack team) and had a wonderful time and learned much from him.

Windows Azure Pack, one of my favorite subjects on transforming your private cloud into a customer-centric IT as a service hub. The idea is to offer customers a solution platform such that they can self-serve on consuming, establishing, and managing IT capabilities including network, storage, and compute on demand regardless if resources are on-premises, deployed in Azure, or hosted in a 3rd party facility. The enabler, Windows Azure Pack, places an abstraction to present VMM-based private cloud with a Azure-like interface and experience, while integrating and consolidating at the middleware layer to enable on-premises, Azure, and 3rd-party resources to be managed with a consistent experience.

The first step in this strategic approach is to experience and asses Windows Azure Pack relevant to your unique IT environment. Which is what this project is about.

image

Essentials for Realizing Azure Baseline Costs

Subscription and Service Limits, Quotas, and Constraints (http://aka.ms/Limits)

This is a must-bookmarked page to find out, for instance:

  • Total cpu cores a subscription can consume
  • The number of endpoints a VM can have.
  • The bandwidth an Azure website may provide.
  • Total VMs a virtual network may host.
  • Total TB per storage account
  • Maximum of objects in Azure Active Directory

Azure Pricing Model (http://aka.ms/AzurePricing)

This is where to find detailed Azure pricing information of Azure services with options like pay-as-you-go, Microsoft resellers, and enterprise agreements. A good reference this is. Keep it handy.

Azure Pricing Calculator (http://aka.ms/Calculator)

This is a what-if analysis tool. How will the costs be different when changing your deployment plan from 3 small Linux VMs to 2 Large ones, deploying Oracle Weblogic server with A5 instead of A8, and replacing locally-redundant storage with geo-redundant storage? Just drag the slide bar on each category and one can realizing the combined baseline costs form the number shown under full calculator.

image

There is also a VM calculator (http://aka.ms/AzureVMCalculator) to better understand the cost implementations on VM, bandwidth, support, etc. with Azure Infrastructure Services.

image

Azure SLAs (http://aka.ms/AzureSLAs)

imageDo examine the SLAs from a cloud vendor including those of Microsoft’s. Cloud computing is emerging and the business model continues evolving. SLAs are not all created equal. Pay attention to the fine print. Understand what does and what does not count as an outage and when there is one how a subscriber is compensated. Following your flow of data, the overall SLA is the service with the lowest SLA along the path.

Azure Support Options (http://aka.ms/AzureSupportOptions)

imageSupport costs will have impact on the business values of an application throughout the lifecycle. Not just the support subscription costs, but also the associated activities to initiate, monitor, manage, and document support activities.

Azure Compliance Page (http://aka.ms/AzureCompliance)

For some industries, if it is not compliant, there is really no point of investigating the cost of a solution. If compliance is a requirement, investigate early. For Azure, this page lists out all the achieved certificates. Pay attention to those referenced links like Azure HIPAA Implementation Guidance. Some specifically document the implementations for a cloud applications to become compliant.

image

Closing Thoughts

Cloud is about the ability to deliver instant gratification, and grow or shrink the capacity based on demand. Those days of rolling out a patch in 6 weeks, deploying a branch office in 3 months, building a cluster in two weeks, are long gone. The delivery needs to be on demand, in the next hour, within a half-day, or something relatively quick.

At the same time, cloud is not an one-size-fits-all platform. And there are legitimate reasons not to deploy resources in cloud. Get all the facts, learn how cloud works, and assess the risks. Know what you pay for, set a realistic expectation, then cloud responsibly and happily.

So where to start? Learning by practicing is what I recommend. For those who do not subscribe MSDN which offers Azure monthly usage credit, sign up a 30-day free trial at http://aka.ms/Azure200 and follow http://aka.ms/Azure101Series and http://aka.ms/Azure102Series to start making cloud work for you. Use Azure as your datacenter, your global networks, and your colossal storage drive in cloud.