1. Azure Solution Alignment Workshop
9/10/2018 4:55 PM
Azure Solution Alignment Workshop
Overview and Approach
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. Why are we all here today?
Purpose of this meeting
Set the stage for the Azure Architecture and Security Workshop Series
Objectives
Establish a common understanding of the purpose, goals and approach to determine the requirements for the Azure foundational infrastructure design.

3. Why are we all here today?
Expected Results from this Meeting
Participants will have a clear understanding of the purpose, approach, topics, and expected outcomes of the Azure technical workshops as well as next steps

4. Agenda Introductions Workshop Series Overview & Approach
Example Requirements (Good & Bad)
Review the details of each workshop
Set Public Cloud expectations
Review the Azure Reference Architecture
Determine Azure Reference Architecture Approvers
Next Steps – Actions for you

5. 9/10/2018 4:55 PM
Introductions
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. Microsoft Services Azure Project Delivery Team
9/10/2018 4:55 PM
Microsoft Services Azure Project Delivery Team
<replace with Microsoft team>
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Azure Workshop Series Overview & Approach
9/10/2018 4:55 PM
Azure Workshop Series Overview & Approach
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Azure Design Workshops
9/10/2018 4:55 PM
Azure Design Workshops
Workshop
Duration
Dates and Time
Meeting Location
Azure Architecture and Security Workshop 1
Azure Architecture and Security Workshop 2
Azure Subscription Model Workshop
Azure Naming Standards Design Workshop
Azure Network Security Design Workshop
Azure Information Security an Data Protections Workshop
Azure Identity Design Workshop
Azure Storage Design Workshop
Azure IaaS Compute Design Workshop
Azure PaaS Compute Design Workshop
Workload Migration Planning Workshop
EXAMPLE
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Why do we need the workshops?
Build our partnership
Validate requirements and design
Develop a foundation for application migration to the public cloud
Develop a secure solution
Develop the guidelines and approach to make future decisions

10. Azure Design Workshop Flow
9/10/2018 4:55 PM
Azure Design Workshop Flow
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11. 9/10/2018 4:55 PM
Workshop Approach
Requirements based design, not based on current implementation
Combined presentations and whiteboard
Decision makers attendance are key to being successful
Design based on technology available, but will also account for futures
Each workshop results in a set of design decisions that flow into the next workshop
The Azure workshop series will result in the Azure Reference Architecture that will be used to implement the Azure Foundational Infrastructure
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. What to expect from the workshops?
9/10/2018 4:55 PM
What to expect from the workshops?
Iterative process
Used to establish a design and design guidelines
Use sample workloads/scenarios to validate the design
Provides topic introduction early and drill downs into topics as the series progress
Each workshop builds on the next
A later workshop might require a change to an earlier decision if a new requirement surfaces
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. What we expect from participants?
Show up and participate
Ask questions
Silence = agreement with design
If you do not agree say so, better to get consensus during the workshop

14. How to make workshops efficient?
Prepare requirements to bring to the workshops
Stay on topic
Stay on schedule

15. Requirements

16. Subscription Design Requirements
Workloads
Management Approach
Organization
Subscription Design
Billing
Environments
Network
Security
…..
Compliance
Outsourcing
Limits

17. Network Design Requirements
9/10/2018 4:55 PM
Network Design Requirements
Workloads
Management Approach
Organization
Network Design
Addressing
Environments
Name resolution
Security
Costs
Compliance
Connectivity
Limits
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18. Good Requirements
Each application team needs to be able to create new resource groups as part of the provisioning of a new application
Dev, Test, Cert, and Prod need to be network isolated from each other
We need to be able to audit changes to Azure resources

19. Bad Requirements
We implement X today using Y solution, we have to use the same in Azure
Provide the requirement that drove you to that X and Y, maybe Azure does that natively
We have to load V agent on the server to accomplish Z
What requirement is the agent fulfilling?

20. Workshop Details

21. 9/10/2018 4:55 PM
AZ2 - Azure Architecture & Security Workshop Series Overview and Approach Session
Purpose & Objectives
Agenda (2 Hours)
You Are Here
Purpose:
Set the stage for the Azure Architecture and Security Workshop Series
How will we know if the workshop is successful?
Participants have a clear understanding of the purpose, approach, topics and expected outcomes of the Azure technical workshops as well as next steps.
Objectives:
Establish a common understanding of the purpose, goals and approach to determine the requirements for the foundational Azure Environments (i.e., Dev, Test, Cert & Prod).
Describe Azure Architecture and Security Workshop Series approach
Requirements driven
Agile approach
Detailed technical design and planning discussions
Overall goal of the Azure workshop series
Discuss Public Cloud expectations and level setting
Outputs
Attendees
Deliverables:
No deliverables
Outcomes:
Participants will have a clear understanding of the purpose, approach, topics and expected outcomes of the Azure technical workshops as well as next steps.
All stakeholders, decision makers and contributors who can help to define the requirements for Phase 1 Azure Foundational Environments including for Azure Subscriptions, Networking, IaaS, PaaS, Resource Management, Identity, Operations, Security, Cloud Deployment Automation
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22. AZ1 – Customer Architecture & Security Intro Session
Purpose & Objectives
Agenda (1 Hour)
Purpose:
Identify Target Workloads for the Azure IaaS Pilot Migration
How will we know if the workshop is successful?
Target workloads for the Azure IaaS Pilot migration are agreed upon.
Objectives:
Select the target workloads for the Azure IaaS Pilot migration.
High-level overview of existing IT environment
Review Azure IaaS workload candidates
Select workloads for Azure IaaS Pilot migration
Outputs
Attendees
Deliverables:
List of target workloads for the Azure IaaS Pilot Migration
Outcomes:
IaaS Pilot Migration Workloads are identified and will drive the requirements for the Azure Architecture and Security Workshop Discussions.
Personnel who can provide an overview of the existing IT environment
Personnel who can describe the Azure IaaS workload candidates and select the target workloads for the Azure IaaS Pilot migration

23. AZ3 - Azure Subscription Model Design & Planning Workshop
Purpose & Objectives
Agenda (2 Days)
Purpose:
Develop the foundational Azure Subscription Design
How will we know if the workshop is successful?
Azure Subscription Design document is signed-off.
Objectives:
Develop the Azure subscription design.
Regions
Subscription design patterns
Application considerations
Subscription patterns
Application consumption show back
Incubation subscriptions
Gateway subscription
Management models
Environment models
ASM (Azure Service Management) vs. ARM (Azure Resource Manager)
ASM objects
ARM objects
Resource Groups
Resource Locks
Resource Policy
Considerations and limitations
Role based access control (RBAC)
Outputs
Deliverables:
Azure subscription design doc
Outcomes:
Decisions:
Subscription requirements and design to support Azure IaaS Pilot migrations
Regional approach for DR (Disaster Recovery)
High level Azure RBAC (Role Based Access Control) approach
Azure Resource management approach
Attendees
Decision makers will be responsible for Azure Subscriptions, Networking, IaaS, PaaS, Azure Resource Management, Identity, Operations, and Cloud Deployment Automation
Participants should have attended the AZ2 workshop.

24. AZ4 - Azure Naming Standards Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop the foundational Naming Standard for Azure objects
How will we know if the workshop is successful?
Naming Standard for Azure Objects document is signed-off.
Objectives:
Develop and document an foundational naming standard for Azure objects to support buildout of the Azure foundational environments, showback reporting, etc.
Naming limitations in Azure
Naming versus tagging resources
Naming standards development
Outputs
Attendees
Deliverables:
Azure Naming Standard document
Outcomes:
Decisions:
Naming Standard for Azure objects defined and documented.
Decision makers who will be responsible for Azure Subscriptions, Networking, IaaS, PaaS, Resource Management, Identity, Operations and Deployment Automation
Participants should have attended the AZ3 workshop.

25. AZ5 - Azure Networking Design & Planning Workshop
Purpose & Objectives
Agenda (2 Days)
Purpose:
Develop the foundational Azure Networking Design
How will we know if the workshop is successful?
Azure Networking Design document is signed-off.
Objectives:
Identify and document foundational Azure networking requirements and design decisions.
Virtual networks
Gateways
ExpressRoute
Site-to-Site VPN
DNS
DHCP
IP Addressing
Load Balancing
System Routing
Static versus Dynamic addressing limitations
Outputs
Attendees
Deliverables:
Azure Networking Design document
Outcomes:
Decisions:
Networking design
IP Address Space design
DNS design
Decision makers responsible for Networking (IPAM, DNS, DHCP, Firewalls, load balancing, etc.) including Azure inbound/outbound connections (ExpressRoute, Site-to-Site VPN, etc.) and Azure virtual networking
Participants should have attended the AZ4 workshop.

26. AZ6 - Azure Network Security Design and Planning Workshop
Purpose & Objectives
Agenda (2 Days)
Purpose:
Develop foundational Azure Network Security Design
How will we know if the workshop is successful?
Azure Network Security Design document is signed-off.
Objectives:
Identify and document Azure network security requirements and design decisions.
Default communication capabilities
Network Security Groups
User Defined Routing
Virtual Appliances
Internet Access
Forced Tunneling
Public peering
Control plane versus Data plane logging
Outputs
Attendees
Deliverables:
Azure Network Security Design document
Outcomes:
Decisions:
Network Security zone design
Virtual Appliances requirements
Logging requirements
Decision makers responsible for Network Security, Firewalls, Routing, Ingress/Egress, and Network Operations
Participants should have attended the AZ5 workshop.

27. AZ7 - Azure Information Security and Data Protection Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop foundational Azure Information Security and Data Protection Design
How will we know if the workshop is successful?
Azure Information Security and Data Protection Design document is signed-off.
Objectives:
Identify and document Azure Information Security and Data Protection requirements and design decisions.
Compliance
Encryption at rest
Encryption in transit
Access restrictions
Key Vault
Admin security
Auditing
Antivirus
Outputs
Deliverables:
Azure Information Security and Data Protection Design document
Outcomes:
Decisions:
Encryption design
Admin security approach
Auditing approach
AV approach
Compliance requirements
Attendees
Decision makers responsible for Information Security planning, compliance, certificates, monitoring and Management, Data Protection, BC/DR and Antivirus
Participants should have attended the AZ6 workshop.

28. AZ8 - Azure Identity Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop foundational Azure Identity Design
How will we know if the workshop is successful?
Azure Identity Design document is signed-off.
Objectives:
Identify and document Azure Identity requirements and design decisions.
Azure Active Directory (AAD)
AD versus AAD
SSO
Federation
Security
MFA
AD in Azure
AAD Reporting
Outputs
Deliverables:
Azure Identity Design document
Outcomes:
Decisions:
AAD (Azure Active Directory) approach for subscription access
AD (Active Directory) approach and placement
MFA (Multi-Factor Authentication) option
Federation approach
Security approach
Attendees
Decision makers responsible for Identity planning and management (e.g., Active Directory, ADFS, SSO, etc.), Identity Operations and Security Auditing
Participants should have attended the AZ7 workshop.

29. AZ9 - Azure Cloud Storage Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop foundational Azure Storage Design
How will we know if the workshop is successful?
Azure Storage Design document is signed-off.
Objectives:
Identify and document Azure Storage requirements and design decisions.
Azure storage (standard vs. premium)
IOPS requirements
VHD, Blob, Queue, Tables
Keys and SAS
Data Replication
Disaster Recovery
Design considerations
SQL in Azure
Outputs
Deliverables:
Azure Storage Design document
Outcomes:
Decisions:
Storage approach for compute
Storage approach for applications
Attendees
Decision makers responsible for Storage capacity planning, management and monitoring (e.g., NAS, SAN, File Servers, Cloud Storage, etc.)
Participants should have attended the AZ8 workshop.

30. AZ10 - Azure IaaS Compute Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop foundational Azure IaaS Compute Design
How will we know if the workshop is successful?
Azure IaaS Compute Design document is signed-off.
Objectives:
Identify and document Azure IaaS Compute requirements and design decisions.
Virtual Machines
Deployment considerations
Extensions
Images
Availability
Patching
RBAC
ARM enhancements
Backup/Restore
BC/DR
Outputs
Deliverables:
Azure IaaS Compute Design document
Outcomes:
Decisions:
Image approach
Deployment approach
BC/DR approach
Attendees
Decision makers who will be responsible for Azure IaaS planning, deployment, operations, patching, connectivity, automation, monitoring and configuration management
Participants should have attended the AZ9 workshop.

31. AZ11 - Azure PaaS Compute Design & Planning Workshop
Purpose & Objectives
Agenda (1 Day)
Purpose:
Develop foundational Azure PaaS Compute Design
How will we know if the workshop is successful?
Azure PaaS Compute Design document is signed-off.
Objectives:
Identify and document Azure PaaS Compute requirements and design decisions.
Management approach
PaaS services
Connectivity
Deployment
RBAC (Role Based Access Control)
Visual Studio integration
Web services
Azure SQL
Caching Services
Azure Service Bus
App Insights, Data Insights, Operational Insights
Outputs
Deliverables:
Azure PaaS Design document
Outcomes:
Decisions:
PaaS services in scope
Connectivity design
Attendees
Decision makers who will be responsible for Azure PaaS planning, application reengineering, deployment, connectivity, operations, automation, monitoring and configuration management
Participants should have attended the AZ10 workshop.

32. AZ12 – Azure Cloud Automation Design & Planning Workshop
Purpose & Objectives
Agenda (1/2 Day)
Purpose:
Develop foundational Azure Automation Design
How will we know if the workshop is successful?
Azure Automation Design document is signed-off.
Objectives:
Identify and document Azure Automation requirements and design decisions.
Azure Automation
Hybrid scenarios
Access restrictions
APIs and REST interfaces
ARM Templates vs. PowerShell
Desired State Configuration (Push vs. Pull)
Outputs
Deliverables:
Azure Automation Design document
Outcomes:
Decisions:
Automation approach
DSC approach
Attendees
Decision makers who will responsible for deployment automation of all Azure components, configuration management and automation interfaces
Participants should have attended the AZ11 workshop.

33. AZ13 – Azure Workload Migration Planning Workshop
Purpose & Objectives
Agenda (2 Days)
Purpose:
Develop Migration Plan for the Azure Pilot Migration
How will we know if the workshop is successful?
Azure Pilot Migration Plan document is signed-off
Objectives:
Identify and document the approach for the Azure Pilot migration
IaaS vs. PaaS
IaaS Lift and Shift migration
Application Redeploy
Application Redesign for migration to Azure PaaS
Application Remediation
Azure Service Management (ASM) to Azure Resource Manager (ARM) migration considerations
Outputs
Deliverables:
Azure Pilot Migration Plan document
Outcomes:
Decisions:
Migration approach for Azure Pilot migration
Attendees
Decision makers who will be responsible for Azure Pilot workload migration, owners of workloads targeted for Azure Pilot migration
Participants should have attended the AZ12 workshop.

34. Azure Reference Architecture - Approvers
9/10/2018 4:55 PM
Azure Reference Architecture - Approvers
Azure Design Area
Person(s) Responsible for Design Approval
Azure Subscription Design
Naming Standard for Azure objects
Azure Networking Design
Azure Network Security Design
Azure Information Security and Data Protection Design
Azure Identity Design
Azure Storage Design
Azure IaaS Compute Design
Azure PaaS Compute Design
Azure Automation Design
Azure Pilot Workload Migration Plan
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35. Azure Reference Architecture
The Reference Architecture Includes…
Azure Requirements
Azure Subscription Design
Naming Standard for Azure objects
Azure Networking Design
Azure Network Security Design
Azure Information Security and Data Protection Design
Azure Identity Design
Azure Storage Design
Azure IaaS Compute Design
Azure PaaS Compute Design
Azure Automation Design
The Reference Architecture will be used to build customers foundational Azure infrastructure

36. 9/10/2018 4:55 PM
Actions for you…
Document your current requirements and bring them to the design workshops
Bring challenging scenarios to vet the design against
Bring questions
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37. 9/10/2018 4:55 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38. Public Cloud

39. Why Organizations move to the Cloud
Innovation
Move away from Outsourcing models
Shadow IT is here to stay
Datacenter is at capacity
Cost – pay for use
It is an industry trend
… and more

40. Cloud innovation presents challenges for IT
Build 2012
9/10/2018
Cloud innovation presents challenges for IT
How do I integrate with my existing IT investments?
What about my heterogeneous, complex IT landscape?
But as you think about using the public cloud, there are some top of mind issues you have to reckon with.
If you’re like most organizations, you have your existing servers and IT infrastructure (either on- premises in your own datacenters or in 3rd part colocation facilities). You also have an IT staff to manage these assets. So as you think about using the public cloud, you’re not thinking of it in a silo – ideally where possible you’d want to integrate the public cloud with existing IT, manage it no differently, and even have applications with parts running on and off-premises. Latest IDC findings show 40% of enterprises are already adopting hybrid clouds today (source -
You’re also probably running a variety of OSs, databases, middleware and toolsets from multiple IT vendors. Your developers are proficient in multiple languages and your apps are written in multiple languages and frameworks. In other words, your IT environment is complex and heterogeneous. And you want to make sure the  cloud you choose is able to handle your heterogeneous needs.
Next you have to abide by a bunch of security and compliance initiatives. The rest of the business trusts your IT org to run apps in a secure and reliable manner. So you want to make sure the public cloud platform and the vendor who provides the service is using is trustworthy, i.e. has the right experience and expertise, and has necessary SLAs, and security controls in place.
What about security and compliance?
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41. Cloud Models Traditional IaaS PaaS SaaS You Manage You Manage
Storage
Servers
Physical Network
Operating System
Middleware
Virtualization
Data
Applications
Runtime
You Manage
IaaS
Storage
Servers
Physical Network
Operating System
Middleware
Virtualization
Data
Applications
Runtime
Managed by Microsoft
You Manage
PaaS
Managed by Microsoft
You Manage
Storage
Servers
Physical Network
Operating System
Middleware
Virtualization
Applications
Runtime
Data
SaaS
Managed by Microsoft
Storage
Servers
Physical Network
Operating System
Middleware
Virtualization
Applications
Runtime
Data
Software Network
Windows Azure Virtual Machines
Windows Server Hyper-V
Office 365
Dynamics CRM
Windows Server
Windows Azure PaaS Services

42. Cloud Organizational Challenges
9/10/2018 4:55 PM
Cloud Organizational Challenges
The cloud is a multitenant datacenter
Chargeback and or showback
Requires process & organizational maturity
IT must become a Service Provider
Enable innovation with Lifecycle Management
Adopting Automation if not already a core competency
Cloud Consumers/Customers new responsibilities; tenant ownership, service relationship management, service catalog
Provisioning and managing resources versus managing the OS and App
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43. Resource Management is Flexible
Subscription owners can create any resource
Resource group owners (RGO) can create any resource in the resource group
RBAC can be used to limit what resources a RGO can create

44. Public Cloud Rapid Lifecycle
Azure is on a 6 month design cadence
Features are designed, tested and released within the 6 month window
Features are released
Private Preview – limited customers
Public Preview – all customers no support
General Availability (GA) – all customers with support
Features that are GA might be implemented by region

45. Public Cloud Reality and Benefits
Public Cloud is multitenant and software defined
Customers get to take advantage of the cost savings from those services and multiple global datacenters
Public Cloud owns and manages the fabric, infrastructure, and the PaaS services provided
Customers do not have to spend time or manpower to manage these pieces and can focus on the applications
Customers will not get access to the Public Cloud fabric or fabric management systems
Customers do not have to worry about other customers impacting their environments
Customer data security and isolation will take precedence over information access
Microsoft maintains multiple regulatory and industry standard practices for managing our datacenters.