Microsoft moves IT infrastructure management to the cloud with Azure

Similar documents
Optimizing resource efficiency in Microsoft Azure

Adopting Azure Resource Manager for efficient cloud infrastructure management

Microsoft FastTrack For Azure Service Level Description

Steve Bryant-Brown Technology Mayank Nayar Program Manager, Azure Site Recovery. Will Rowley Cloud

Make the most of the cloud with Microsoft System Center and Azure

COURSE OUTLINE: Course 20533C- Implementing Microsoft Azure Infrastructure Solutions

MICROSOFT OPERATIONS MANAGEMENT SUITE (OMS): BEHIND THE CURTAIN

WHITEPAPER WHITEPAPER. Processing Invoices in the Cloud or On Premises Pros and Cons

An Overview of the AWS Cloud Adoption Framework

Microsoft Monitoring and Operating a Private Cloud

Operations Management Suite

How to sell Azure to SMB customers. Paul Bowkett Microsoft NZ

Creating an integrated plug-and-play supply chain with serverless computing

RELEASING HIGH-QUALITY APPLICATIONS AND INFRASTRUCTURE FASTER WHITE PAPER OCTOBER 2017

Prepare for GDPR today with Microsoft 365

AVANTUS TRAINING PTE LTD

Digital Transformation Checklist

Expert Reference Series of White Papers. Microsoft Service Manager Simplified

MCSE: Private Cloud Training Course (System Center 2012)

Quick Reference Guide

A Cloud Migration Checklist

How to make money in the cloud. Richard Bowes Partner Development Manager

SAP Business ByDesign A Solution for Midsize Companies

Migrating to. Microsoft Azure

Executive Summary WHO SHOULD READ THIS PAPER?

Microsoft Dynamics 365 and Columbus

Deep Dive. Into MS Operations Management Suite. Pete

Design, Install and Manage System Center 2012 Operations Manager

UForge AppCenter 3.8. Introduction March Copyright 2018 FUJITSU LIMITED

Tech Mahindra s Cloud Platform and PaaS Offering. Copyright 2015 Tech Mahindra. All rights reserved.

Understanding the Business Value of Docker Enterprise Edition

Supporting Cloud Computing with Professional Services

The End of Legacy: An Easier, More Agile Alternative to BMC

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Elevate your organization. To reach the Cloud.

White paper Accelerating the Digital Transformation With Atos alien4cloud and Cloudify

Program Guide. Server and Cloud Enrollment (SCE)

Is SharePoint 2016 right for your organization?

I D C M A R K E T S P O T L I G H T. S i l o s a n d Promote Business Ag i l i t y

Program guide. Server and Cloud Enrollment

Agile Infrastructure Monitoring for the Application Economy

Accenture Architecture Services. DevOps: Delivering at the speed of today s business

User Virtualization. What if you could truly manage users and not desktops?

TRANSFORM YOUR ENTERPRISE WITH HYBRID CLOUD

MIGRATING AND MANAGING MICROSOFT WORKLOADS ON AWS WITH DATAPIPE DATAPIPE.COM

Audit Analytics. Delivered. Why Work With Us? CONSULTING. Leading analytics software. Fast, reliable service. We speak your language

NTT DATA Service Description

Six Keys to Microsoft Azure Migration Success

Service Catalog ATTOSOL TECHNOLOGIES.

Azure IoT Suite. Secure device connectivity and management. Data ingestion and command + control. Rich dashboards and visualizations

IT Service Management with System Center Service Manager

Automating Your Way to Simplified Application Management

Cloud Automation a beginner s guide

Communications in the Cloud:

Laying the ground work to grow cloud opportunities

Innovate with Oracle Public Cloud Platform & Infrastructure Services

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

ACCENTURE TECHNOLOGY VISION FOR ORACLE 2017 THE ACCENTURE ORACLE BUSINESS GROUP FIT

Delivering Governed Self-Service BI across the Enterprise

"Charting the Course... MOC A: Architecting Microsoft Azure Solutions. Course Summary

New Technology: Mission Impossible?

Middleware Modernization: lay the foundation to your digital success

SAM Infrastructure Optimization

What's Shaping the Future of Enterprise Content. Management? JOHN O MELIA

Turn Your Business Vision into Reality with Microsoft Dynamics SL

Application Lifecycle Management (ALM) Octane

Microsoft Azure Essentials

Oracle Cloud Blueprint and Roadmap Service. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

At the Heart of Connected Manufacturing

Azure vs. AWS. How to Decide Between Microsoft Azure and Amazon Web Services

AvePoint Online Services vs Office 365 Sites, Files, s, and Groups Backup, Management and Archiving

DevOps Guide: How to Use APM to Enhance Performance Testing

Kubernetes for the enterprise

Dell EMC Native Hybrid Cloud, Powered By Intel: Jump- Start Your Adoption of the Cloud-Native Model

Reengineering your core processes and service layer A critical digital ecosystem enabler

The final barrier to cloud adoption

Transitioning Guide. Important information to help you transition to Microsoft Dynamics 365 from Dynamics CRM THE MICROSOFT SUITE CONSISTS OF.

Modernize Application Development to Succeed as a Digital Business

2 Business Processes and Forms with Office SharePoint Server 2007

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

Wonderware System Platform 2017 Real-time Operations Control Platform for Supervisory, HMI, SCADA and IIoT

UNDERSTANDING THE NEED FOR A HELP DESK SOLUTION. How to select the right help desk solution for your organization

Dell Service Description

Hospitals and Health Systems: Beginning the Journey to the Cloud with Medical Imaging

Exam /Course 20332B Advanced Solutions of Microsoft SharePoint Server 2013

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Free On-Line Microsoft PDF

ENTERPRISE OPERATIONS SERVICES

I.T. s New Mission: Be a Catalyst for Change and Strategic Partner to the Business

ABB Ability Ellipse APM

Five Stages of IoT. Five Stages of IoT 2016 Bsquare Corp.

Landscape Management (LaMa 3.0) Kishan Vimalachandran, Digital Business Services, SAP

Synoptek Managed AWS: Cloud Optimization & Risk Mitigation

Microsoft Dynamics ERP. Success for your business. Success for you.

Modernize Your Device Management Practices Using The Cloud

Better Together with Microsoft Dynamics CRM

Article from: CompAct. April 2013 Issue No. 47

Secure information access is critical & more complex than ever

Cloud service models

Windows Server 2003 migration: Your three-phase action plan to reach the finish line

Transcription:

Microsoft IT Showcase Microsoft moves IT infrastructure management to the cloud with Azure At Microsoft Core Services Engineering and Operations, formerly Microsoft IT, we re embracing digital transformation and the culture changes that go with it. With over 90 percent of our IT infrastructure in the cloud, we re adopting Microsoft Azure monitoring, patching, backup, and security tools to create a customer-focused self-service management environment centered around DevOps and modern engineering principles. As we continue to benefit from the growing feature set of Azure management tools, we ll deliver a fully automated, self-service management solution that gives us visibility over our entire IT environment. The result? Business groups at Microsoft will be able to adapt IT services to best fit their needs. Digital transformation at Microsoft We re a global IT organization that strives to meet Microsoft business needs. Azure is the default platform for our IT infrastructure. We host 90 percent of our IT infrastructure in the cloud. Here are a few details: 124,000 employees 587 locations 1,200 Azure subscriptions 1,600 Azure-based applications 11,000 Azure infrastructure-as-a-service (IaaS) virtual machines 384,000 managed devices Like most IT organizations, we have our roots in the datacenter. In the past, our traditional hosting services were mostly physical, on-premises environments that consisted of servers, storage, and network devices. Most of the devices were owned and maintained for specific business functions. Technologies were very diverse and needed people with specialized skills to design, deploy, and run them. Our achievements were limited by the time required to plan and implement the infrastructure to support the business. As technology evolved, we began to move out of the datacenter and into the cloud. Cloud-based infrastructure created new opportunities for us and has transformed the IT infrastructure we manage. We continue to grow and adapt in a constantly changing IT landscape. Traditional IT technologies, processes, and teams Our traditional datacenters were managed by a legion of IT pros, who supported the diverse platforms and systems that made up our infrastructure. Physical servers, and later virtual servers, numbered in the tens of thousands, spanning multiple datacenters and comprising a mass of metal and silicon to be managed and maintained. Platform technologies ranged from Windows, SQL Server, BizTalk, and SharePoint farms to third-party solutions such as SAP and other information security related tool sets. Server virtualization evolved from Hyper-V to System Center Virtual Machine Manager and System Center Orchestrator. To provide a stable infrastructure, we used structured frameworks, such as IT Infrastructure Library/Managed Object Format (ITIL/MOF). Policies, processes, and procedures in the framework helped to enforce and control security and availability, and to prevent failures. Microsoft product engineering groups that used hosting services had a similar adoption process for their application and service needs, which were based on ITIL/MOF. This model worked well for traditional IT infrastructure, but things began to change when cloud computing and Azure began to influence the IT landscape.

Page 2 Evolution of the hybrid cloud As IT infrastructure and services began to move to the cloud, the nature of the cloud and how we treat it changed. We ve now been hosting IT services in Azure for a long time, and as Azure has evolved and grown, so has our engagement with Azure services and the volume of our IT services hosted in Azure. Early Azure: IT-owned, IaaS, and lift-and-shift In the early years, Azure was IT-only. We had full control of cloud development, implementation, and management. We could create and manage solutions in Azure, but it was a siloed service. The infrastructure consisted primarily of IaaS virtual machines that hosted workloads in the cloud the same way that they hosted workloads in on-premises datacenters. Efficiency gains were small and infrastructure management still used the same tools sometimes hosted in the cloud, and sometimes hosted on-premises and connected to the cloud. It was very much a lift-and-shift migration from the datacenter to the cloud, and our management processes imitated the on-premises model in much the same way. The datacenter remained the focus, but that was changing. Azure evolves: PaaS, co-ownership, and cloud-first As Azure matured and more of our infrastructure and services moved to the cloud, we began to move away from IT-owned applications and services. The strengths of the Azure self-service and management features meant that a business group could handle many of the duties that we offered as an IT service provider which meant that they could build solutions that were more agile and responsive to their needs. Azure platform-as-a-service (PaaS) functionality matured, and the focus moved from IaaS-based solutions to PaaSbased solutions. Azure became the default target for IT solutions; datacenter decommissioning began as more solutions moved to or were created in Azure. Monitoring and management was becoming cloud-focused as we pointed more of our System Center Operations Manager (SCOM) and System Center Configuration Manager (SCCM) instances at the cloud. Azure-native management started to mature. Large-scale Azure: Service line owned, IT-managed, PaaS-first PaaS quickly became a focus for developers in our business groups, as they realized the agility and scalability they could achieve with PaaS-based solutions. Those developers shifted to PaaS for applications as we transitioned away from IaaS and virtual machine-based solutions. With the advent of Azure Resource Manager, which permitted a broader level of user control over Azure services, we saw service lines begin to take ownership of their solutions, and business groups started to manage their own Azure resources. The datacenter became an inconvenient necessity for apps that couldn t move to Azure. We still used SCOM and SCCM as the primary monitoring and management tools, but we had moved almost all our instances into IaaS implementations in Azure. Azure-native management became a mature product, and we started to consider and plan what a completely cloud-based management environment would look like. Azure in a DevOps culture: Service line managed, Internet-first, business-first We re nurturing a DevOps culture in IT DevOps has transformed the way that Azure solutions are developed and operated. Our Azure solutions offer an end-to-end view for our business groups. They re agile, dynamic, and dataintensive. Continuous integration and continuous development create a continual state of improvements and feature releases. The Azure solutions that our business groups use are designed to respond to their business needs. We actively seek and use Azure-native tools for control over and insight into IT environments, in Azure first but also back to the datacenter where required. We re a long, long way past managing a stack of metal. The modern workplace is here at Microsoft, and it changes every day.

Page 3 Realizing digital transformation In the modern workplace, the developers and IT decision makers in our business groups have an increasingly critical business role. Our business groups need the autonomy to make IT decisions that serve their business needs in the best way possible. With 90 percent of our IT infrastructure in Azure, we re increasingly looking to the agility, scale, and manageability that Azure provides. Using this scale, we solve business needs and provide the framework for a complete IT organization, from infrastructure to development to management. Managing the modern hybrid cloud Our modern hybrid cloud is 90 percent Azure and Azure is the primary platform for infrastructure and management tools. Azure is not only the default platform for IT solutions it is our IT solution. Just as PC sprawl occurred in the late 1990s and server sprawl did the same thing in the 2000s, cloud sprawl is a growing reality. Implementing new cloud solutions to manage the cloud environment and the remaining on-premises infrastructure is critical for our organization. Embracing decentralized IT Decentralized IT services are a big part of digital transformation. We need a management solution that offers us and our business groups what we need to manage our IT environments. We always want to maintain governance over security and compliance of Microsoft as a whole, but we also realize that decentralized IT services are the most suitable model for a cloud-first organization. By decentralizing services and ownership in Azure, we offer our business groups several benefits: Greater DevOps flexibility. A native cloud experience: subscription owners can use features as soon as they re available. Freedom to choose from marketplace solutions. Minimal subscription limit issues. Greater control over groups and permissions. Greater control over Azure provisioning and subscriptions. Business group ownership of billing and capacity management. Our goal in the management of modern hybrid cloud continues to be a solution that transforms IT tasks into selfservice native cloud solutions for monitoring, management, backup, and security across our entire environment. With this solution, our business groups and service lines have reliable, standardized management tools, and we can maintain control over and visibility into security and compliance for our entire organization. The areas where we retain oversight include: General IT and operational policy implementation, as approved by the subscription owner. Areas include compliance, operations, and incident management. Shared network connectivity over ExpressRoute, as needed. Visibility into infrastructure inefficiencies and self-service tool development. Our management solution has to be as agile as the solutions we manage, and we provide best practices, standards, and consulting for Azure management solutions to ensure that our business groups are getting the most out of the platform. Supporting digital transformation with Azure management tools Managing the hybrid cloud in Azure encompasses a wide range of services and activities. For our business groups to improve, they need to monitor their apps and solutions to recognize issues and opportunities. They need a patching

Page 4 and management solution that keeps systems up to date, manages configuration, and automates common maintenance tasks. We must protect data with a disaster recovery platform and ensure security and compliance for business groups and the entire company. We use the following tools in Azure to enable hybrid cloud management: Azure Monitor Application Insights Azure Automation Log Analytics Update Management Azure Backup Azure Policy Azure Security Center Azure Advisor Monitoring the hybrid cloud Monitoring is an essential task for our business groups and their service lines. They need to understand how their apps are performing (or not) and have insight into their environment. We ve used SCOM for monitoring at Microsoft for more than 10 years and a certain rhythm develops when you use a product for that long. To ease the transition from SCOM to Azure monitoring, we ve developed transition solutions that use native Azure functionality to recreate certain SCOM functions and views in Azure Monitor. The transition solutions consist primarily of PowerShell scripts and documentation. They give our business groups a familiar environment to work in while they become familiar with Azure monitoring. Our business groups can also start in a standardized environment with our built-in tested security and compliance components. This helps us maintain a centralized standard while allowing for decentralized monitoring. We maintain metrics for critical organizational services, but we leave operational monitoring to each business group. Our Azure monitoring is designed to: Create visibility. We re providing instant access to a foundation set of metrics, alerts, and notifications across core Azure services for all business units. Provide insight. Business groups and service lines can view rich analytics and diagnostics across applications, as well as compute, storage, and network resources, including anomaly detection and proactive alerting. Enable optimization. Monitoring results help our business groups and service lines understand how users are engaging with their applications, identify sticking points, develop cohorts, and optimize the business impact of their solutions. We re retiring our SCOM instances within the next three months, leaving Azure monitoring as the default for both cloud and on-premises monitoring. In the coming months, our transition will focus on: Automated installation and repair of the Microsoft Monitoring Agent using Azure Runbooks. Centralized visibility into comprehensive health and performance. Fully featured transition solution development to enable complete self-service monitoring in Azure. Complete transition from SCOM to Azure. Patching, updating, and inventory management We re piloting update and patch management in Azure for both cloud-based and on-premises infrastructure, and plan to roll out update management to the wider hybrid environment soon. As we've done for monitoring, we re

Page 5 using transition solutions to make it easier for business groups to transition from previously used on-premises tools to Azure. Our patching processes depend on our preexisting solutions as we work through the transition to Azure. SCCM and associated agents provide the bulk of our patching, software distribution, and management process, but we re moving to Azure in a phased approach as our Azure subscriptions become ready to transition to Azure monitoring and management. We ve built transition solutions for our business groups to help them transition from the SCCM platform and other legacy tools to the Azure update management patching service. We re maintaining and modifying these transition solutions as we re ready for Azure features to replace the on-premises functionality. From a patching and management perspective, we re focusing on: The transition of inventory management from Configuration Manager to Azure, including discovery, tracking, and management of IT assets. A software distribution feature comparison between Configuration Manager and Azure. This area is still maintained in Configuration Manager as we monitor the Azure feature set, to ensure that we create an Azurebased solution that fulfills the self-service requirements of our business groups. Continuing to transition our update processes to Azure Update Management for business groups. Enabling self-service patch management. We re developing an orchestrated deployment of operating system and application updates with Azure, including centralized compliance reporting. Creating and updating solutions to support the transition of the above areas, including Resource Manager templates, PowerShell scripts, documentation, and Azure Desired State Configuration. The design for patching and management, as with monitoring, is to provide an Azure-based self-service solution for our business groups that gives them control over their patching and management environment while giving us the ability to centrally monitor for compliance and security purposes. Ensuring recoverable data With Azure as the primary repository for business data, it s extremely important to have an Azure backup solution with which our business groups and service lines can safeguard, retain, and recover their data. Our data recovery solutions address the following major areas of concern: Recover business data from attacks by malicious software or malicious activity. Recover from accidental deletion or data corruption. Secure critical business data. Maintain compliance standards. Provide historical data recovery requirements for legal purposes. Our Azure data footprint is immense. We currently host 1.5 petabytes of raw data in Azure and use almost 9 petabytes of storage to back up that data. We re using Azure Backup as a self-service solution. It gives business groups more control over how they perform their backups and gives them responsibility for backing up their business data because each business group knows its data better than anyone else. We re using Azure Backup for virtual machine-level backup, and we re backing up some on-premises data to Azure using Azure Recovery Services vaults. We ve created a packaged solution for backup management in Azure that consists of scripts and documentation our business groups can use it to quickly and efficiently migrate to Azure Backup. As with other areas of enterprise management, we re evaluating new features for Azure Backup that will offer more backup capabilities to our business groups.

Page 6 Embedding security and compliance Decentralization gets the greatest scrutiny when it comes to security and compliance. We re responsible for security and legal compliance for the organization, so our security controls are the most centralized of all the cloud management solutions we implement. However, centralization does not directly affect day-to-day solution management for our business groups and their service lines. We leveraged a broad set of security and compliance practices and tools that are generally applied across all Azure subscriptions. The following imperatives govern the general application of security and compliance measures: Azure Policy. Using Azure Policy, we establish guardrails in subscriptions that keep our service engineers within governance boundaries automatically. Policy can help control a myriad of settings by default, including limiting the network configurations to safe patterns, controlling the regions and types of Azure resources available for use, and ensuring data is stored with encryption enabled. Automation gives us a chance to keep pace with the constantly changing cloud environment. DevOps is heavily centered on end-to-end automation, and we need to complement DevOps automation with automated security. Automated security saves significant time and cost for apps that are frequently updated, and we can quickly and consistently configure and deploy security. Empower engineering teams. In an environment where change is constant, we want to empower our engineering teams to make meaningful, consistent changes without waiting for a central security team to approve an app. Our engineers need the ability to integrate security into the DevOps workflow. They don t have to take extra measures to be secure, nor do they need to wait for a central security team to approve an app. Maintain continuous assurance. When development and deployment are continuous, everything that goes with them needs to follow suit including security assurance. The old requirements for sign-offs or compliance checks create tension in the modern engineering environment. We want to define a security state and track drift from that state to maintain a consistent level of security assurance across the entire environment. This helps ensure that builds and deployments that are secure when they re delivered stay secure from one release iteration to the next and beyond. Set up operational hygiene. We need a clear view of our DevOps environment to ensure operational hygiene. In addition to understanding operational risks in the cloud, DevOps operational hygiene in the cloud requires a different perspective. We need to create the ability to see the security state across DevOps stages and establish capabilities to receive security alerts and reminders for important periodic activities. Using the Secure DevOps Toolkit for Azure The Secure DevOps Kit for Azure is a set of tools that offer a security-focused development workflow for our DevOps engineering teams working in the cloud. The kit empowers our teams to build and use Azure-based solutions in a consistent, repeatable, and efficient manner with security integrated at every stage. We use the Secure DevOps Kit for Azure to approach cloud development security in the following areas: Subscription security. Ensures that a subscription is configured and provisioned with necessary security controls, including Azure Policy and appropriate logging. Secure development. Provides the ability to write secure code and spot-check secure configuration of cloud resources. Continuous integration and continuous deployment (CI/CD) extensions. Integrates security testing into CI/CD workflows. Continuous assurance. Helps ensure that the security state stays compliant and doesn t drift over time. Alerting and monitoring capabilities. Checks for security events and provides an effective remediation path for subscription and application security issues. Telemetry dashboards. Gets aggregate views of security patterns and trends to make concerted improvements.

Page 7 Looking forward At Core Services Engineering and Operations, our goal is a completely cloud-based, self-service management solution that gives our business groups concise control over their environments using Azure tools and features. We ll continue to offer updated Azure-based solutions, transitioning away from on-premises, System Center based management. As we continue to transition business groups to cloud-based monitoring, we re growing our feature set and making our Azure-based management even better. We envision a near future where our management systems will be completely cloud based, decentralized, and automated and our organization continuing to build our business in Azure. For more information Microsoft IT Showcase microsoft.com/itshowcase 2018 Microsoft Corporation. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback