Azure Stack: Hybrid, Compliant and Consistent by design.

Azure Stack is a Hybrid Cloud platform, the only one of its kind that empowers organizations to deliver Azure Services in their own datacenters. Azure Stack’s unique approach is intended to give organizations the flexibility and capacity they require to envision their journey to the cloud at their own pace. Azure Stack is deployed in an organization’s datacenter as an integrated system with 4-12 identical configurable nodes (varies as per choice of OEM) tailor-made to run Azure Stack by Microsoft’s strong network of OEM partners like HPE, Dell EMC, Lenovo, Huawei and more. Azure Stack also comes in a single node deployment flavor called the Azure Stack Development Kit. This deployment doesn’t demonstrate Azure Stack’s full capabilities but is a handy, less resource intensive option to evaluate and learn about the Azure Stack experience.

The full version of Azure Stack can be deployed in multiple ways (covered later), but it tends to deliver most value in a hybrid deployment scenario that lets the user combine the flexibility of a hyperscale public cloud like Azure and the low latency performance and control one gets in their own datacenters. Azure Stack can also be a perfect fit for workloads in premises that face sporadic connectivity to the internet. Process data locally on the Azure Stack integrated system and once connectivity is restored, seamlessly run analytics or other PaaS offerings on the cloud with that processed data. Azure Stack integrated systems have completely locked down infrastructure from a permissions and networking perspective and can be deployed disconnected from the public cloud. This kind of deployment is ideal in organizations with strict data regulation policies and where data sovereignty is of utmost concern. Not to mention even in a connected deployment, organizations can harness Microsoft’s vast range of security offerings on the world’s most compliant public cloud platform.

As mentioned earlier, Azure Stack integrated systems can be deployed connected or disconnected from the public cloud. These deployment modes are options provided to clearly define the pricing models, identity stores and in turn, the usage scenarios of the integrated systems. Say an organization deploys Azure Stack that can connect to the Azure public cloud as and when required. This gives the organization the option to choose between Azure Active Directory (AAD) and Active Directory Federation Services (ADFS) as their identity store. A connected deployment mode also gives the option to choose between a pay-as-you-go billing model or a capacity-based billing model. The pay-as-you-go model, as the name suggests is like buying an Azure Subscription, enabling the organization to be charged only for the resources they use. In a capacity-based billing model, the organization is required to purchase an Azure Stack capacity plan SKU whose price depends on the configuration of the integrated system they intend to deploy. Disconnected deployments of Azure Stack fit in when organizations intend to use the integrated system in a private cloud solution. In these deployments, ADFS is the only possible identity store but this doesn’t mean that the organization forfeits the choice to connect to Azure in the future.

As of 2018, the latest version of Azure Stack offers all the Azure infrastructure services like Virtual Machines, Scale Sets, Azure Storage, Azure Networking and Key Vault. Current PaaS offerings include the Azure App Service, Container Service (including Docker Swarm, Mesosphere and Kubernetes management templates), Azure Functions and SQL server resource provider. Besides this out of the box functionality, Azure Stack also provides users a plethora of services and IaaS/PaaS solution templates ready to deploy from Azure Marketplace and it also gives users the option to integrate their existing DevOps tooling (Jenkins, PowerShell, Visual Studio, etc.) with Azure Stack.

To conclude, moving to the cloud is an inevitability, and Azure Stack makes the journey of organizations that are currently on-premises to the cloud much more streamlined by giving them the flexibility of the hybrid operating model. Azure Stack enables organizations to generate simplicity and deliver results through truly consistent user experiences that form the backbone to any successful hybrid cloud model. Be it management and monitoring portals, IaaS & PaaS offerings or PowerShell and DevOps tools, Azure Stack on-premises looks and works exactly like Azure making it fit to be named an extension of Azure.

Get started with Azure Stack

Build Smart Solutions using Big Data Stack on Microsoft Azure Platform – Build HDInsight Cluster

We have discussed about the following components so far:

  • Azure Data Factory  -> It’s a transformation service for the Big Data Stack on Azure
  • Azure Data Lake Store –> It’s a storage to store any types of any file formats on Azure
  • Azure Data Lake Analytics –> It’s a compute which process the data on Azure

Now, let’s talk about next managed service know as Big Data Cluster as a Service. For ADLA, we just write the query , select the parallelism and execute the query – without worrying about what’s happening underneath. For HDInsight cluster, you will get virtual machines for RDP where you could write your hive or pig queries and manage within preselected sources.

Let’s see how to create this cluster:

image

 

Just write HDinsight in the search textbox and option to create HDInsight cluster will appear.

image

Select the option Hadoop from the drop down and choose appropriate options. One of the main screens is:

image

selecting the number of worker nodes. Based on the compute requirement, you could select worker nodes. Once rest of the inputs are completed, click create and it’ll roughly take around 20 minutes to setup your cluster.  you could further check the progress by checking the below options from the portal:

image

 

HTH!

Configure Point-to-Site connectivity for Windows Azure VMs

As a DBA generally, we have networking as a gray area. I have been trying my hands on little bit of networking while learning Azure. I wanted to share it so that, it can help you whenever required. Before we start getting into point-to-site connectivity configuration, It’s important to understand the usage . It’s generally used to access the Azure resources from you on-premise machine.

Point to site connectivity is meant to be used for small operations because of the limitation of the gateway bandwidth upto 80Mbps.It can be used for small operations like troubleshooting and monitoring etc. It’s something like our office VPN , which we use to connect to office infrastructure from anywhere. When you want to connect you Azure infrastructure to your local local datacenter, you need to use site-site-connectivity e.g. if the machines need to be connected to Azure resources all the time where the download and upload will be really high. For that solution, you need to a VPN device to support that bandwidth or optionally can use Windows 2012 RRAS feature .

Lets discussion how we can access Azure resources from on-premise machine to Azure virtual machine resources using point-to-site connectivity:

1. Create a network:

image

2. Enter the IP address for the DNS server and click on point-to-site connectivity:

image

3. Click on Add gateway subnet – it will provide the IP address to the VPN client used by the on-premise machine:

image

4. Once the Network is created, click on the network name and the dashboard will look like this:

image

5. Create the gateway for the VPN connectivity: Click on create gateway:

image

Once that is done , the color will change 🙂 :

image

6. Now, it’s time to create the certificates for the VPN connectivity. If you click on the certificate tab as see the above picture , it will ask you for:

image

Let’s create certificates to upload here:

Create self-signed root certificate – to be uploaded to the site:

makecert -sky exchange -r -n “CN=dbcouncil” -pe -a sha1 -len 2048 -ss My  c:\work\dbcouncil1.cer

image

image

7. Create Client certificate: It will be kept on the client which needs VPN connectivity:

makecert.exe -n “CN=dbcouncil” -pe -sky exchange -m 96 -ss My -in “dbcouncil” -is my -a sha1

image

8. Once the certificate is uploaded , download the VPN client:

image

9.  Once you install the client, you can find it under connections on your system like this:

image

10. Once you click on it, you will get a connect option – just connect to it:

image

11. Once the connection is established, it looks like:
image

HTH!