Critical steps one must consider about installing Windows Azure VMs in a hybrid IT environment
In today’s scenario where margins are getting diminished every day and the competition is getting cut throat, a majority of technology companies are migrating to the cloud. However, when you fact find the possibilities, you’ll soon find out that there are multiple ways to achieve the same and a chain of decision making that needs to be taken. Private cloud? Hybrid cloud? Public cloud?
1. Azure virtual machines function in the cloud
You can implement Azure virtual machines (VMs) in the Azure Service Infrastructure public cloud.The VMs function on Hyper-V and are saved as .vhd files. You can make new VMs from models provided by the service or make them yourself on your own locations and then upload the .vhd files to Azure.
2. On-premises network are extended by Azure Virtual network
You can attach your internal network to an Azure Virtual Network via an IPsec site-to-site VPN with an authorized VPN device and consider it like additional subnet on your network. You can create multiple Azure Virtual Networks with which your on-premises network is linked from a single point of presence. However, it doesn’t work in the reverse way– that is, you won’t be able to connect the same Azure Virtual Network with multiple on-site networks. You can’t direct connections between different Azure Virtual Networks with Azure, so if you want communication between them, you have fall back through the on-premises VPN with which they’re all connected.
3. Windows Azure Infrastructure Services permits hybrid IT
Microsoft is very serious about the infrastructure-as-a-service (IaaS) market, competing constantly with Amazon Web Services (AWS) with a pledge to match Amazon’s pricing. Windows Azure is about five years old, and the company has really invested in making an optimum performing service offering that it refers to “the most thoroughly tested product”.
Windows Azure Infrastructure Services (Azure Virtual Machines and Virtual Network) was introduced on April 16, and you can use it to make a hybrid cloud that performs for your organization. Here are some thoughts to keep in mind when installing this hybrid model.
You can attach your on-premises network to your virtual machines that are operating in the public cloud as portion of a hybrid IT model.
4. Azure VM: “It’s my way or highway”
Microsoft’s new service is elastic, where you can choose the appropriate hardware configuration (small, medium, large, or extra-large) for respective VM.
You can make a custom VM functioning Windows Server or a choice of different platforms, which includes Windows Server and Linux, which you choose from the platform image gallery. There is also aQuick Create function that makes it easy to make an Azure VM by feeding basic information (DNS name, platform image, password, and location).
5: Azure Virtual Networks utilize virtual IP addresses
In an Azure Virtual Network, the virtual IP address means the public IP address utilized by external computers to join the Azure virtual machines. The external computer attaches to the virtual IP address and the suitable port (UDP or TCP) and is then readdressed by Azure (if necessary) to the suitable virtual machine.
6: You can VMs into Azure Virtual Networks –well kind of
You can “transfer” a virtual machine from on-premises network to the Azure Virtual Network. When you implement this, you don’t have to bother about static addresses that were designated to the VM because Azure will automatically make a new NIC for the VM, which will be designated a dynamic address. Even though we are talking about moving the VM, we are basically re-creating it in a fresh VM on the Azure Virtual Network.
Even if you have got a virtual machine that was made to live somewhere else on a virtual network, you still can’t just transfer it onto your Azure Virtual Network. But once again, you can make a new virtual machine on the Azure Virtual Network utilizing the .vhd file for the existing Azure VM.
7: Azure service healing restores VMs to a running state
One major advantage of running virtual machines on Azure is that it can save your VMs obtainable even when there are glitches. When Azure notices a problem with a node, it dedicatedly moves the VMs to new nodes so they are reestablished to a running and available state.
This does make the virtual machine to shut down and restart, which you’ll see mentioned in the event log. When this occurs, the MAC address, processor, and DPU ID will be altered. (This shouldn’t impact your servers, including domain controllers, which we’ll discuss about more in the next section.) The really awesome news is that when your VMs are operating on an Azure Virtual Network, the IP address of the VM does not vary when the healing process happens.
Also note that storage on data disks is stubborn, so the files kept there will not be affected by the restart and move. That’s why, with domain controllers functioning on Azure Virtual Networks, you need to save the Active Directory DIT, logs, and sysvol files on data disks. Data disks can be made to store any files other than the central operating system files. OS disks use caching, and data disks don’t; in the latter case, the data is immediately printed to everlasting storage.
8: Virtualizing domain controllers is backed
If you’ve been in the network admin occupation for some time, you probably already know that in the past, running domain controllers on VMs was glared upon. One big reason for that was that reinstating VM snapshots could easily result in discrepancies in the Active Directory database, such as unpredictable attribute values, duplicated security principles, password problems, and even schema disparity. This could create a potential terrifying consequence.
Windows Server 2012, however, introduced a novel feature, VM Generation ID, that addresses this issue. Windows Azure Virtual Networks (the general availability version, released April 16) functions on the Windows Server 2012 stack, and thus will club with this feature, although the customer preview version has not.
This means you can make domain controllers (or “move” them from an on-premises network) in the Azure Virtual Network. Note that sysprep won’t function in this scenario. You need to transfer the .vhd file for your VM into Azure storage and utilize it to create a new VM. You can also make a brand new DC on the Azure Virtual Network and allow inbound replication.
9: Azure is secure
Security is always a primary issue with any cloud application, and it becomes more significant when some or all of your infrastructure is in the public cloud. A recent Gartner report found that most customers are dissatisfied about insufficient in security-related necessities in cloud providers’ contracts.
The Azure platform’s security controls are made in from the ground up, based on Microsoft’s Security Development Lifecycle (SDL). Azure utilizes identity and access management, physical and logical isolation, and encryption to provide privacy. It also uses best security practices, such as least privilege accounts for customer software and SSL mutual verification for communications between internal components. Reliability protection is provided through the design of the Fabric VM, and extensive redundancy provides for robust availability.
For more detailed discussion of Azure’s security mechanisms, download the PDF Azure Security Overview from the Microsoft web site.