What’s new in Hybrid IT Infrastructure Increasing efficiency

What’s new in Hybrid IT Infrastructure Increasing efficiency and scalability with Windows Server 2016 and Microsoft Azure Hybrid IT Innovation Series Dan Stolts #InnovateIT Chief Technology Strategist @ITProGuru http://ITProGuru.com [email protected]

Module 1 Datacenter Infrastructure Dan Stolts Chief Technology Strategist @ITProGuru http://ITProGuru.com [email protected] IT Innovation Series #InnovateIT

System Requirements Navigate to: http://aka.ms/lodtest All requirements and connectivity details are viewable at the link above. The requirements you will find on that page apply specifically to the computers students will run the labs on. The requirements specified are also applicable to students who bring their own device. Please send the link above to students prior to the class start day, so they can verify their ability to successfully launch labs from their own device and view system requirements. If students have any issues launching the test lab, please have them email [email protected] for assistance. To expedite assistance, ask students to reference Test Lab Launch in their support inquiry. From the LODS Test page, students can: Click Launch Lab (to test lab launch) Click View System Requirements (to view in depth requirement details) Students can also test their device on the day of the class. There is a launch link for a test

Class name: - What’s new in Hybrid IT ITI navigate to: https://aka.ms/iti Infrastructure The student Training Key for this class is: ITI1591 Lightning Bolt for Execute/Paste

Story. A Cab/Taxi Company Founded 2009 Launch 2010 How was this company’s success possible?

Eve ryth i n g. Another SHORT Story A Software Company Everything can change in a very short period of time and we in the IT business need to be able to change to keep up with it. 6

CEO Satya Nadella: “Microsoft Loves Linux”

Module agenda Shielded Virtual Machine Introducing Containers Introducing Nano Server Software-defined Storage Software-defined Networking Resources

Shielded Virtual Machine

A leader in Gartner magic quadrants x86 server virtualization 1 Microsoft only leader in all four magic quadrants Public cloud storage services 2 Cloud infrastructure as a service 3 Enterprise application platform as a service 4 [1] Gartner “x86 Server Virtualization Infrastructure,” by Thomas J. Bittman, Michael Warrilow, July 14 2015; [2] Gartner “Public Cloud Storage Services,” by Arun Chandrasekaran, Raj Bala June 25, 2015; [3] Gartner “Magic Quadrant for Cloud Infrastructure as a Service,” by Lydia Leong, Douglas Toombs, Bob Gill, May 18, 2015; [4] Gartner “Enterprise Application Platform as a Service,” by Yefim V. Natis, Massimo Pezzini, Kimihiko Iijima, Anne Thomas, Rob Dunie , March 24, 2015. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Emerging security threats Rising number of organizations suffering from breaches Cyberattacks on Espionage malware Cybercrime costs US 1 2 3 Increasing incidents Bigger motivation s Bigger risk the rise against US corporations 1 New York Times [2014] How hackers allegedly stole “unlimited” amounts of cash from banks in just a few hours Ars Technica [2014] 2 infects rafts of governments, industries around the world Ars Technica [2014] The biggest cyberthreat to companies could come from the inside Cnet [2015] 3 economy up to 140 billion annually, report says 1 Los Angeles Times [2014] Malware burrows deep into computer BIOS to escape AV The Register [September 2014] 3 2 Forget carjacking, soon it will be carhacking The Sydney Morning Herald [2014] 3

A privileged fabric Spread of virtualization has led to unexpected security implications 1 Fabric/virtualization administrators 2 Have the highest privileges, instead of the traditional model where domain administrators are the most trusted IT staff Virtualized domain 3 controllers 2 If DCs are virtualized and I’m a Hyper-V administrator, I can shut down the VM, copy the virtual disks for offline attacks, or install malware 3 Tenant Virtual virtual machin es Public cloud 4 Fabric administrators could potentially have full access to tenant VMs 4 Shielded Virtual Machines Strong separation between the fabric administrators and the workload administrators, implemented through encryption and protected secrets 1 Fabric/ virtualization administrator HyperV hosts

So what is a “Shielded Virtual Machine”? The data and state of a Shielded VM are protected against inspection, theft, and tampering from both malware and datacenter administrators1 1 Fabric admins, storage admins, server admins, network admins

Shielded VM Shielded VMs When you turn on a shielded VM Virtual TPM enables the use of disk encryption within a VM (e.g., BitLocker) VM configuration files and VM state are encrypted All live migration traffic is also encrypted without having to implement IPsec The host crash dumps are encrypted VM crash dumps are turned off by default, and they’ll also be encrypted if you enable them Fabric administrators have no access to VMs Can’t attach debuggers while they’re running (the hardened Hyper-V host VM worker processes that run each VM don’t allow it) Can’t access the content of BitLocker-protected VHDX files Can’t console connect to a VM VMs can only run on known and “healthy” (safe) hosts via the Host Guardian Service

much more AVAILABILITY VM Compute Resiliency VM Storage Resiliency Node Quarantine Shared VHDX – Resize, Backup, Replica Support Memory – Runtime Resize for Static/Dynamic vNIC – Hot-Add and vNIC Naming ROLLING UPGRADES Upgrade WS2012R2 - WS2016 with no downtime for workloads (VMs / SOFS) or additional H/W VM Integration Services from Windows Update OPERATIONAL EFFICIENCIES Production Checkpoints PowerShell Direct Hyper-V Manager Improvements ReFS Accelerated VHDX Operations

Lab Exploring Hyper-V in Windows Server 2016

Introducing Containers

Containers A new approach to build, ship, deploy, and instantiate applications Package and run apps within containers Applications traditionally built and deployed onto physical systems with 1:1 relationship Physical New applications often required new physical systems for isolation of resources Higher consolidation ratios and better utilization Virtual Physical/virtual Faster app deployment than in a traditional, physical environment Key benefits Apps deployed into VMs with high compatibility success Reduce effort to deploy apps Apps benefited from key VM features i.e., live migration, HA Lower costs associated with app deployment Further accelerate of app deployment Streamline development and testing Increase server consolidation

Containers Isolated runtime environment for hosted applications Dependencies Flexible Every application has its own dependencies which includes both software (services, libraries) and hardware (CPU, memory, storage) Differences in underlying OS and infrastructure are abstracted away, streamlining “deploy anywhere” approach Virtualization Container engine is a light weight virtualization mechanism which isolates these dependencies per each application by packaging them into virtual containers App A Bins/libraries App B Bins/libraries Fast Containers can be created almost instantly, enabling rapid scale-up and scale-down in response to changes in demand Container management stack Host OS with container support Shared host OS Container runs as an isolated process in user space on the host OS, sharing the kernel with other containers Container Server

Containers How do they differ from virtual machines? Virtual machine Dependencie s Each virtualized app includes the app itself, required binaries and libraries and a guest OS, which may consist of multiple GB of data Independent OS Each VM can have a different OS from other VMs, along with a different OS to the host itself Flexible VMs can be migrated to other hosts to balance resource usage and for host maintenance, without downtime App A App B Guest OS Guest OS Bins/Libraries Secure High levels of resource and security isolation for key virtualized workloads Hypervisor Server Bins/Libraries

Container use cases Workload characteristics Scale out Distributed State separated Rapid (re)start Distribute d compute 𝒇 (𝒙) Database s Deployment characteristics Efficient hosting Multitenancy Rapid deployment Highly automatable Rapid scaling Web Tasks Scale out

Container ecosystem Container runtime Container images Image repository Application Linux Application framework

Microsoft’s Container runtimes Windows Server container Hosting Highly automated Secure Scalable and elastic Efficient Trusted multitenancy Hyper-V container Shared hosting Regulated workloads Highly automate d Secure Scalable and elastic Efficient Public multitenancy

Modern app dev, flexible isolation Container Runtimes Hyper-V container PowerShell Application Framework Windows Container Images Docker Windows Server container Write once, deploy anywhere Others Container Management

Introducing Nano Server

Customer voice Reboots impact my business Why do I have to reboot because of a patch to a component I never use? When a reboot is required, the systems need to be back in service A.S.A.P. Server images are too big Large images take a long time to install and configure Transferring images consumes too much network bandwidth Storing images requires too much disk space Infrastructure requires too many resources If the OS consumes fewer resources, I can increase my VM density Higher VM density lowers my costs and increases my efficiency and margins

“ I want just the I need, and nothing components more.”

“We need server optimized for the configuration cloud.”

The next step in the journey Nano Server: A new headless, 64-bit only, deployment option for Windows Server Deep refactoring with cloud emphasis Cloud fabric & infrastructure (clustering, storage, networking) Born-in-the-cloud applications (PaaS v2, ASP.NET v5) VMs & Containers (Hyper-V & Docker) Extend the Server Core pattern Roles & features live outside of Nano Server No binaries or metadata in OS image Standalone packages install like apps Nano Full driver support Server Antimalware Server Core Server with a desktop experience

Nano Server Nano Server is an Installation Option Located on the Windows Server media Zero-footprint Must be customized to determine it’s functionality model Server roles and optional features live outside of Nano Server Standalone packages that install like applications, from local/cloud repositories Key roles and features Hyper-V, Storage (SoFS), Networking (DNS), Clustering Core CLR, ASP.NET 5 and PaaS Full Windows Server driver support Antimalware available as optional

Nano Server Quick Start Scripts included in Nano Server folder to make it easy to build a customized Nano Server image NanoServerImageGenerator.psm1 Convert-WindowsImage.ps1 UsePHYSIC scripts to VIRTUAL generate a Nano Server AL MACHINE image for MACHIN E New-NanoServerImage -MediaPath F:\ -BasePath .\Base -TargetPath .\NanoVM\SRV-Nano.vhd -ComputerName SRV-Nano -GuestDrivers –Storage -Clustering

The end result

Nano Server Recovery Console Provides local access to basic configuration and network settings: Computer name Domain or workgroup name Ipconfig/all information for each network adapter Provides ability to configure local NICs and Firewall settings How do I manage Nano Server?

Nano Server roles and features Table shows roles and features that are available in this release of Nano Server, along with the Windows PowerShell options that will install the packages for them Role or feature Option Hyper-V role Failover clustering File server role and other storage components Windows Defender antimalware, including a default signature file OEM drivers—select drivers that ship in-box with Server Core Reverse forwarders for application compatibility, for example common application frameworks such as Ruby, Node.js, etc. Hyper-V guest drivers for hosting Nano Server as a VM -Compute -Clustering -Storage Host Support for Windows Containers -Containers -Defender -OEMDrivers -ReverseForwarders -GuestDrivers

Nano Server roles and features Table shows roles and features that are available in this release of Nano Server, along with the Windows PowerShell options that will install the packages for them Role or feature Option DNS Server Role -Packages Microsoft-NanoServer-DNS-Package Desired State Configuration (DSC) -Packages Microsoft-NanoServer-DSC-Package IIS Web Server -Packages Microsoft-NanoServer-IIS-Package System Center VMM Agent -Packages Microsoft-Windows-Server-SCVMM-Package -Packages Microsoft-Windows-Server-SCVMM-ComputePackage Network Perf Diagnostics Service (NPDS) -Packages Microsoft-NanoServer-NPDS-Package Data Center Bridging -Packages Microsoft-NanoServer-DCB-Package

Remotely managing Nano Server Remote graphical & Web tools PowerShell remoting VM & container management Deployment & monitoring Partners & frameworks Server manager Azure Portal tools Task manager Registry editor File explorer Server configuration Event viewer Disk manager Device & driver management Performance Users & groups Core PowerShell engine, language, and cmdlets Windows Server cmdlets (network, storage, etc.) PowerShell DSC Remote file transfer Remote script authoring & debugging PowerShell Web access Hyper-V manager Hyper-V cmdlets PowerShell Direct over PSRP CimSession support Docker SCVMM agent & console 3rd-party agents & consoles DISM online & VHD support Unattended setup Visual Studio integration DSC Local Config Manager Setup & boot eventing SCOM agent VSO App Insights Azure Op Insights Chef integration .NET Core and CoreCLR ASP.NET 5 Python, PHP, Ruby, Node.js PowerShell Classes PS Script Analyzer PowerShell Gallery PowerShellGet

Remote Server Management Tool http://blogs.technet.com/b/nanoserver/archive/2016/02/09/server-management-tools-is-nowlive.aspx Eliminating the need to ever sit in front of a server Azure-based Includes replacements for local-only tools Task manager, registry editor Event viewer, device manager Sconfig Control panel, file explorer Performance monitor, disk management Users/Groups manager Supports Server Core and server with desktop experience https://channel9.msdn.com/Series/Nano-Server-Tea m/Remote-Server-Management-Tools-on-Nano-Serve r Marketplace - Management - More - Server management tools

Learn About Events Thought Leadership Never Again Miss Launch Events IT-Camps Online Events New MVA Class Top Industry Though Leadership / Industry Trends Certification Jump Start (Architecting Azure Solutions coming soon) You Asked for it . Now you have it! Over 100,000 subscribers in first month! Thought Leadership / Industry Trends Local and National ITPro 1st Party Events Local ITPro 3rd Party (Partner) Events Local ITPro Community Online events; MVA content Channel 9 content; Interesting Blog Content Occasional Easter Egg; sometimes learning, sometimes tangible value More FeaturesRecent coming Articles: Talent Gap Translating Business Problems to Technology Solutions Cloud System Architecture & Security http://aka.ms/addme

Example: Azure Certification Jump Start 70-534 Architecting Microsoft Azure Solutions Brought to you By: @ITProGuru Microsoft 8:00 Registration, Breakfast and Networking 8:30 Sharp: 70-534 Introduction Exam Tips and Tricks Coming Design Microsoft Azure infrastructure and networking (15–20%) Secure resources (15–20%) Soon Design an advanced application (15–20%) Join EVENTS Lunch & Labs Mailing List Design websites (15–20%) Design an application storage and data access strategy (15–20%) NOW! http://www.amazon.com/dp/0735697442/ref rdr ext tm Design a management, monitoring, and business continuity strategy (15–2 0%) Field Experiences 5:00pm Book Signing – Authors Dan Stolts (some locations) 5:00pm Social Hour w/ Speakers and Friends Registration Required Text Book for Attendees http://aka.ms/AddMe

Lab Getting started with Nano Server

Software-Defined Storage (SDS)

Industry trends What is Software-defined Storage (SDS) ? Software intelligence delivering feature-rich cloud scale storage and economics built on industry standard hardware Cloud-inspired infrastructure and design Using Industry-standard hardware Integrating cloud design points in software Driving cloud cost efficiencies Data explosion Device proliferation Modern apps Unstructured data analytics Evolving technologies Scale out with simplicity Integrated solutions Rapid time to solution Policy-based management Flash is transforming storage Network delivering extreme performance Maturity in software-based solutions Virtual machines and containers

What is a SAN, really? Connectivity adaptors Resilient connectivity to external sources via iSCSI, FC, FCoE, NFS, SMB. Controllers The brains of the SAN—typically now with x86 CPU, memory, and provides enterprise features like thin provisioning, deduplication, storage tiering, etc. Multiple controllers provide resiliency. Physical disks Flash-based (SSD) or spinning media (HDD) to provide the raw storage capacity for your data. Pooled by the controllers, and sliced into LUNs (simple, mirrored, parity, etc.).

What about Microsoft and storage? Connectivity adaptors Windows Server File Servers have resilient connectivity to external sources using regular 1GBE, 10GBE network adaptors. Support for up to 56GB, 100GB RDMA adaptors. Support via iSCSI, SMB 3.0, and NFS connectivity. Windows Server is now the controller Clustered Windows Server File Servers (SOFS) create disk pools, then slices them into storage spaces. Spaces can be thin provisioned, tiered, and support deduplication. Spaces can be simple, mirrored, or parity. Physical disks Multiple options for low cost and low complexity. HDD/SSD mix can exist in external JBOD shelf connected via SAS, or within the file server (controller) chassis itself.

Windows Server 2012 R2 architecture 1 4 Scale-Out File Server 2 3 3 2 SSDs and HDDs SSD SSD SSD 1 4 Industry-standard JBOD, filled with SSD and HDD on a 1:4 ratio. Additional JBODs added for capacity. Up to 8 industry-standard x86 servers, running Windows Server 2012 R2, connected to JBOD via 6 GB/12 GB SAS. Build Windows Server cluster Create Storage pool Create Storage Spaces from pool Create Scale-Out File Server Create continuously available file shares on the spaces File shares provide storage for Hyper-V hosts, accessed over SMB 3.0. Highest performance delivered via SMB Direct (RDMA) and SMB Multichannel. Supports 56 GB speeds.

Windows Server 2016—new nverged (disaggregated) architecture with Storage Spaces Direct architecture Hyper-V cluster 1 2 SMB storage fabric Storage Spaces Direct with Scale-Out File Server 1 2 Architecture allows for scaling Hyper-V clusters (compute) and Scale-Out File Server cluster (storage) independently Industry standard x86 servers, with local SSD and HDD. Servers are connected together with 10GBE. SATA and NVMe drives supported. Build Windows Server cluster Enable Storage Spaces Direct Create Storage pool Create Storage Spaces from pool Create Scale-Out File Server Create Continuously Available file shares on the Spaces File sharesfor provide for Hyper-V Optimize Storagestorage Spaces Direct hosts, accessed over SMB 3.0. Highest performance delivered via SMB Direct (RDMA) and SMB Multichannel. Supports 56 GB speeds. http://itproguru.com/expert/2016/03/everythingyou-need-to-know-about-state-of-the-art-ssd-drivesnvme-pcie-m2-with-paul-braren-and-itproguru/

Storage Spaces Direct tware-defined storage using industry standard servers with local storag Hyper-V cluster Cloud design points and management Standard servers with local storage New device types such as SATA and NVMe SSD Prescriptive hardware configurations Deploy, manage, and monitor with SCVMM, SCOM, and PS Reliability, scalability, flexibility SMB storage fabric Storage Spaces Direct with Scale-Out File Server Use cases Fault tolerance to disk, enclosure, node failures Scale pools to large number of drives Simple and fine grained expansion Fast VM creation and efficient VM snapshots Hyper-V IaaS storage Storage for backup and replication targets Hyper-converged (compute and storage together) Converged (compute and storage separate) http://itproguru.com/expert/2016/01/windows-server-2016preview-storage-spaces-direct-overview/

Windows Server 2016—new per-converged storage and compute with Storage Spaces Direct architecture Hyper-converged stack 1 Hyper-V virtual machines Cluster share volumes ReFS file system C:\Cluster storage Storage spaces Storage pools 2 Software storage bus SMB network Industry standard x86 servers, with local SSD and HDD. Servers are connected together with 10GBE. SATA and NVMe drives supported. Build Hyper-V cluster Enable Storage Spaces Direct Create Storage pool Create Storage Spaces from pool Create Cluster Shared Volumes Optimize for Storage Spaces Direct Compute and storage resources scale and are managed together. Typically small to medium sized scale-out deployments.

Lab Deploying Storage Spaces Direct

Software-Defined Networking

The story so far 4 Windo ws Server Gatew ay Hyper-V Extensible Switch Inbox NIC teaming SMB 3.0 protocol Hardware offloads Converged networking 2 Network Switch Management with OMI 3 Virtualized networks with NVGRE 4 Windows Server Gateway 3 Virtual networks Hyper-V hosts 1 Physical switches 1 2

The story so far host networking Extensible Switch 4 Windo ws Server Gatew ay L2 network switch for VM connectivity. Extensible by partners, including Cisco, 5nine, NEC, and InMon 3 Virtual networks Inbox NIC teaming Built-in, multiple configuration options and loaddistribution algorithms including new Dynamic mode SMB Multichannel Increase network performance and resilience by using multiple network connections simultaneously Hyper-V hosts 1 SMB Direct Physical switches Highest performance through use of NICs that support Remote Device Memory Access (RDMA) – high speed, with low latency 2 Hardware offloads Dynamic VMQ load-balances traffic processing across multiple CPUs. vRSS allows VMs to use multiple vCPUs to achieve highest networking

The story so far switch management OMI 4 Windo ws Server Gatew ay Open Management Infrastructure – open source, highly portable, small footprint, high performance CIM Object Manager Open source implementation of standards-based management – CIM and WSMAN 3 Virtual networks API symmetry with WMI V2 Supported by Arista and Cisco, among others Datacenter abstraction layer Any device or server that implements standard protocol and schema can be managed from standard compliant tools like PowerShell Hyper-V hosts 1 Standardized Common management interface across multiple network vendors Physical switches Automation 2 Streamline enterprise management across the infrastructure

The story so far virtual networks Network Virtualization 4 Windo ws Server Gatew ay Overlays multiple virtual networks on shared physical network Uses industry standard Generic Routing Encapsulation (NVGRE) protocol 3 Virtual networks VLANs Removes constraints around scale, mis-configuration, and subnet inflexibility Mobility Complete VM mobility across the datacenter, for new and existing workloads Hyper-V hosts Overlapping IP addresses from different tenants can exist on same infrastructure 1 VMs can be live migrated across physical subnets Physical switches Automation 2 Streamline enterprise management across the infrastructure Compatible

The story so far gateways 4 Windo ws Server Gatew ay Bridge network-virtualized and non-network-virtualized environments Come in many forms – switches, dedicated appliances or built into Windows Server 3 Virtual networks System Center Windows Server gateway can be deployed and configured through SCVMM Service Template available on TechNet for streamlined deployment Hyper-V hosts Deployment options Supports forwarding for private clouds, NAT for VM internet access and S2S VPN for hybrid 1 Physical switches Gateways 2

Lab Exploring Network Virtualization

Switch-Embedded Teaming (SET) New way of deploying converged networking Teaming integrated into the Hyper-V vSwitch Teaming modes: Switch independent (no static or LACP in this release) Load balancing: Hyper-V port or dynamic only in this release Management: SCVMM or PowerShell, not NIC Teaming GUI in this release Up to 8 uplinks per SET: Same manufacturer, same driver, same capabilities (e.g., dual port NIC) No longer required to create a NIC Team Switch must be created in SET-mode (SET can’t be added to existing switch) New-VMSwitch -name SETswitch –NetAdapterName “NIC1”,“NIC2” ‑EnableEmbeddedTeaming true

Network Controller Intern et Internet Datacenter Management Tool Route r Physical Top of Rack Switch Hyper-V vSwitch VM VM Hyper-V Host Hyper-V vSwitch VM VM Hyper-V Host Physical Top of Rack Switch Network Controller Hyper-V vSwitch VM VM Hyper-V Host Hyper-V vSwitch VM VM Hyper-V Host A centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter Can be deployed as single VM (lab) or as a cluster of 3 physical servers (no Hyper-V) or 3 VMs on separate hosts

Network Controller overview Highly available and scalable server role Southbound API for NC to communicate with the network Management applications Network aware applications Northbound API allows you to communicate with the NC Southbound API Network Controller can discover network devices, detect service configurations, and gather all of the information you need about the network Provides pathway to send information to the network infrastructure, such as configuration changes that you have made Northbound API (REST interface) Provides you with the ability to gather network information from Network Controller and use it to monitor and configure the network Configure, monitor, troubleshoot, and deploy new devices on the network by using Windows PowerShell, REST, SCVMM, SCOM etc. Can manage Hyper-V VMs & vSwitches, physical network switches, physical Network Controller Virtual network infrastructure Physical network infrastructure NIC

Network Function Virtualization Firewall & antiviru s DDoS & IPS/IDS App/ WAN Optimiz ers S2S Gatewa y L2/L3 Gatewa ys Routers & switche s NAT & HTTP Proxy Load balance rs Network functions that are being performed by hardware appliances are increasingly being virtualized as virtual appliances It can be one or more virtual machines packaged, updated, and maintained as a unit Virtual appliances are quickly emerging and creating a brand new market Microsoft included a standalone gateway as a virtual appliance starting with Dynamic and easy to change because they Windows Server 2012 R2 Can easily be moved or scaled up/down Minimizes operational complexity

Software Load Balancer (SLB) Scalable and available Flexible and integrated Easy management Proven with Azure— scale out to many Multiplexer (MUX) instances, balancing billions of flows Reduced capex through multitenancy Centralized control and management through Network Controller High-throughput between MUX and virtual networks Highly available Supports North/South and East/West load balancing Utilizes Direct Server Return for high performance Access to physical network resources from tenant virtual network Layer 3 and layer 4 load balancing Supports NAT Easy fabric deployment through SCVMM Integration with existing tenant portals via Network Controller— REST APIs or PowerShell Purple virtual network Blue virtual network SLB MUX Green virtual network SLB MUX Edge routing infrastructure Network Controller

Datacenter Firewall Included within Windows Server PowerShe ll Network Controller It is a network layer, 5tuple, stateful, multitenant firewall Protocol Source and destination port numbers Northbound Interface (REST APIs) Distributed Firewall Manager Southbound Interface Policies Policies Host 1 Host 2 VM1 VM2 VM1 VM3 VM2 VM3 Source and destination IP addresses Tenant administrators can install and configure firewall policies to help protect their virtual networks Managed via Network Controller and northbound APIs vNICs vNICs vSwitch NIC vSwitch NIC NIC Gateway NIC

Datacenter Firewall Highly scalable, manageable, and diagnosable software-based firewall Freedom to move tenant virtual machines to different compute hosts without breaking tenant firewall policies Deployed as a vSwitch port host agent firewall Tenant virtual machines get the policies assigned to their vSwitch host agent firewall Firewall rules are configured in each vSwitch port, independent of the actual PowerShe ll Network Controller Northbound Interface (REST APIs) Distributed Firewall Manager Southbound Interface Policies Policies Host 1 Host 2 VM1 VM2 VM1 VM3 VM2 vNICs vNICs vSwitch NIC VM3 vSwitch NIC NIC Gateway NIC

Resources

Resources Register for another IT Innovation Series event Further topics: Windows 10, Azure and more. aka.ms/ITInnovation Continue your learning Download the Windows Server 2016 Technical Preview. aka.ms/ITInnovationResources Know someone who wants to learn more about the Cloud? Tell them to get started at the Microsoft Cloud Roadshow.

Lab environment Lab URL: https://aka.ms/iti Access Code: ITI1591 Password Passw0rd! Evaluations: http://aka.ms/tnthybridcam

TechNet on Tour Cloud Infrastructure Event Wrap-Up For a online copy of the Fundamentals of Azure book, please download here: aka.ms/ fundofazurebook 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TechNet on Tour Hybrid Cloud Attendee Evaluation Please take a few minutes to answer our short survey BEFORE you leave the event today! To receive the evaluation link for this event, text MICROSOFT CAMBRIDGE to 878787. By doing so you agree that Microsoft can send you an automated message to this mobile phone. If unable to access the evaluation through the QR code on your name badge, you can access the evaluation here: http://aka.ms/tnthybridcam Provide the email you used to register for this event, select the attendee evaluation and complete the evaluation. Thank you for your feedback! 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2015 Microsoft Corporation. All rights reserved.