Microsoft Services

Agenda

Cloud Deployment Models

Cloud Service Brokerage

Cloud Service Brokerage Provider

Cloud Service Brokerage Capabilities

Organizations are moving to the cloud

Private cloud Public cloud

Private cloud is cloud infrastructure operated Public cloud renders services over a network
solely for a single organization, whether on-prem that is open for public use
or hosted

Portal Portal
IaaS | PaaS services IaaS | PaaS services

Cloud-inspired infrastructure Cloud infrastructure

The use of multiple clouds
Leverage multiple cloud models and/ or multiple cloud providers

Hybrid cloud Multi cloud

Refers to policy-based and coordinated service The use of multiple public cloud computing
provisioning, use, and management across a providers in a single heterogeneous
mixture of internal and external cloud services architecture

Portal Portal Portal Portal

IaaS | PaaS services IaaS | PaaS services IaaS | PaaS services IaaS | PaaS services

Cloud-inspired Cloud Cloud

Cloud infrastructure
infrastructure infrastructure infrastructure
Hybrid cloud environment advantages

Advantages of hybrid cloud

Hybrid cloud
Provide application flexibility

Refers to policy-based and coordinated service Meet specific regulatory and data sovereignty
provisioning, use, and management across a requirements
mixture of internal and external cloud services

Extend functionality and leverage cloud

Portal Portal functionality (global reach, elasticity, ‘infinite’
IaaS | PaaS services IaaS | PaaS services capacity, pay per use, etc.)

Cloud-inspired
Provide customizations option in the private
Cloud infrastructure cloud and standardization in the public cloud
infrastructure
Microsoft’s hybrid cloud platform will give you the
power of Azure in your datacenter

End-user experiences

Cloud application model

Infrastructure services
Platform services

Cloud infrastructure
Multi-cloud environments have advantages but
require large investment in cost, time, knowledge, etc.

Advantages of multi cloud

Multi cloud

The use of multiple public cloud computing

providers in a single heterogeneous architecture

Disadvantages of multi cloud

Portal Portal
IaaS | PaaS services IaaS | PaaS services

Cloud infrastructure Cloud infrastructure

What is brokerage?

An independent “agent”
Brings sellers and buyers together
Provides market information regarding:
- price
- product
- conditions
What is cloud service brokerage?

“Cloud Service Brokerage is

Three primary roles:
an IT role and business
model in which a company
or other entity adds value to
one or more (public or
private) cloud services on
behalf of one or more
consumers” – Gartner
Cloud services brokerage
Cloud Service Brokerage adds value to one or more cloud deployment model services

Aggregation
Integration Cloud service
brokerage roles
Customization

Hybrid Cloud Multi Cloud

Cloud
deployment
Private Cloud(s) Public Cloud(s) models
What are the expectations of a cloud
service brokerage?

Less expensive Easier Safer More productive

Navigate Integrate Consume Extend cloud services

Cloud service brokerage reality
Cloud Service Brokerage
Built on the assumption that any problem can be solved by
introducing an extra level of indirection*
However, it does not fundamentally solve the problems,
but add a layer of complexity through abstraction

Alternatively:
Enable desired business outcomes drive selection of Cloud Service Brokerage as an extra level of indirection
cloud services per business domain and/or function
Drive cloud providers to solve the real issue of
navigation, integration and customization
Rely on the cloud vendor’s cloud native capabilities
Minimize the need for aggregation and integration
across multiple clouds

Cloud Service Brokerage within the cloud platform

The cloud service brokerage in essence

YOU don’t need it…?!

Cloud paradigm shift
Trigger: remove unnecessary intermediaries/elements in the supply
chain / “cut out” the middlemen
Traditional IT Environment NEW IT environment
Intermediation: Disintermediation:
DNA
Enforce / control / prevent failure Enable / support / accept failure
Architecture governance Enforced building blocks / stacks Advised (component) deployment patterns
New service development Build (pull) Adopt (push)
Service delivery Wave based Continuous delivery / deployment
Service stability / availability Design for success (redundant) Design for failure (resilient)
Service levels Singular Selectable / composite
Level of delegation IT silos Services
Automation Isolated Systematic
Process efficiency Optimize / redesign Remove friction / automate
Processes subsist In documents Through self service and automation
Support agreements Fixed Flexible
Lifecycle N-1 or older N-1, N and N+1
Cloud service brokerage reality
Built on the assumption that cloud services are
interchangeable / generic across cloud providers
However, the implementation of cloud services differ
across cloud providers and are updated frequently at
different cadence between cloud providers

Results:
Reduces agility to adopt the rapid pace of innovation
Reduces the capabilities the cloud provider offers
(not all actions are available in the cloud service
brokerage platforms)
The choice in cloud services brokerage can be
divided into four options based on the technology
and the operator
Cloud service brokerage provider Platform Platform
internal / internal /
Organization Organization
The provider of the cloud brokerage roles can be
internal external
either the enterprise themselves or outsourced to a
commercial party

Cloud service brokerage capabilities

The capabilities used to perform the cloud brokerage Platform Platform
roles can either be built into the cloud native platform external / external /
or built on top by a third party Organization Organization
internal external
Aggregation

Cloud-scale provisioning Unified management

Consistent management view Ease of access

Single sign-on (SSO) Customer support

Unified billing SLA Management

Cloud scale provisioning – finding the right
balance between control, agility, and business
value of public cloud
Allow Marketplace
Enforce provisioning Only Marketplace
provisioning but incentivize
through Service Catalogue Provisioning
the Service Catalogue

IT develops an approved service
catalogue of cloud services which
users are allowed to deploy
IT is responsible for Security
and Compliance
Users can deploy services from the
marketplace, but are responsible for
security and compliance themselves
Users are incentivize to use the
service catalogue, where IT controls
security and compliance
Users can deploy services from the
marketplace, but are responsible for
security and compliance themselves
Users can consult IT for guidance
SLA’s can best be managed using a service-
oriented approach
Service Oriented
Application Application
SLA’s delivered by Azure do not reflect highest
tiering (lower availability, no time to repair) Application Application
Custom Code Custom Code

Application need to be build resilient for Custom Code Custom Code

Database Database
reaching Prime Tier (Using strict patterns for
infrastructure and coding) Database Database
Middleware Middleware

Stack Oriented Instance Instance

99,99%
Application tiering relies on infrastructure
tiering for availability

Infrastructure is build redundant and 99%

agreements are made to respond and repair Management Service Management Service
No patterns integration between code
building and infrastructure Azure
Integration

Integration of cloud Community

Governance Migration skills
endpoints in scale management
Migrating a single business system to a single cloud
will reduce the need for cloud integration at an
application level
Single business system on
single cloud
Reduce latency

Reduce traffic on the interconnect

Reduce costs of outbound data flow

Increase consistency and unify

management of the business
application

Increase security Business App

Customization

Implementing and
Incorporating a new
Layering new data and managing of change in
Visibility and analytics look and feel to the
process functions people, processes, and
service
technologies
Cloud service brokerage provider
One option is to perform the cloud services
broker roles internally. This is usually done by
the IT department.
Often, a new department is created to perform
the cloud brokerage role, since operating a
cloud is very different then operating a
traditional data center.
The other option is to outsource the cloud
services broker roles, similarly as management
of traditional datacenter can be outsourced.
Focus on a party which can cope with the cloud
principles that will allow you to deploy with agiliy
and adopt innovation quickly
Cloud-consistent service delivery

Service administrator Application owners and users

Resource Automation Billing Tenant Hosting Virtual Azure storage Virtual Resource SQL
clouds management plan machines (Tables, Blobs) network groups database
Cloud services brokerage options

Option 1 | cloud platform

Aggregation
Cloud service
Integration brokerage roles
Customization

Hybrid Cloud Multi Cloud Cloud

deployment
Private Cloud(s) Public Cloud(s) models
Cloud service brokerage capabilities
One option is to use the native tooling
available in the cloud platform to perform most
of the activities of the cloud service brokerage
roles within the cloud itself.
Only a few activities require integration across
platforms, where cloud native technologies can
also be leveraged.
Use another platform in front of the cloud
platform. The management tasks are
abstracted into a new portal and performed
through the cloud platform APIs.
Understand how this platform will adopt
innovation from all cloud providers and what
activities can be performed using this platform.
Azure capabilities - aggregation
Private Cloud Private Cloud Public Cloud Public Cloud
Management Characteristics
OTHER CLOUDS MICROSOFT AZURE STACK MICROSOFT AZURE OTHER CLOUDS

Cloud-scale provisioning Azure Marketplace | ARM Templates

Consistent management view Azure Management Portal

Single sign-on (SSO) Active Directory and Azure Active Directory

Unified billing PowerBi | Partner (Cloudyn; Cloud Cruiser)

Unified management Operations Management Suite (+ SC)

Ease of access Azure Management Portal | PowerShell | DevTools

Customer support Azure Support and Premier Services

SLA management Transfer to Service Consumer

Azure capabilities - integration and customization
Private Cloud Private Cloud Public Cloud Public Cloud
Management Characteristics
OTHER CLOUDS MICROSOFT AZURE STACK MICROSOFT AZURE OTHER CLOUDS

Integration of cloud
endpoints in scale Azure Resource Manager and ExpressRoute

Role Based Access Control and Resource

Governance
Groups

Community management Github | Azure Feedback | Azure Advisors

Migration skills
Azure Site Recovery | Quickstart Templates | Microsoft Migration
Services
Layering new data and
process functions
Visual Studio Team Services | Operations Management Suite

Visiblity and analytics PowerBi | Azure Management Portal

Incorporating a new look

and feel to the service
Azure Management Portal (limited options)

Implementing and managing of

change in people, processes and Microsoft Services
technologies
Azure Resource Manager

Consistent management APIs

Resource groups
AZURE RESOURCE MANAGER API
Templates
Tagging
RBAC
Auditing
Monitoring
PS, CLI, REST
Cross-region support
Azure Marketplace
An online store for highly
optimized and integrated
applications and services ready
to deploy on Microsoft Azure
Growing ecosystem of 3,000+ virtual machine and
SaaS offers
The Azure Marketplace offers virtual machine images,
virtual machine extensions, APIs, applications,
Machine Learning services and data services
Streamlined configuration, deployment, and
management
Unified app development
Describe Deploy Control
Gallery
Write once, deploy to Azure Gallery
or Azure Stack
Identical application model with same APIs
Azure Resource Manager Azure Resource Manager
Role-based Access Control (RBAC)
Same deployment experience—PowerShell, Azure
portal, or Visual Studio
Choice of open source application platforms,
languages, and frameworks

Consistency

MICROSOFT AZURE STACK MICROSOFT AZURE

Sample templates

Browse templates at azure.com

Backed by GitHub repo:

https://github.com/azure/azure-quickstart-
templates

Community and Microsoft contributed

Build and submit your own template today

Role-based access control (RBAC)
Allows secure access with Subscription

granular permissions to
resources Contributor Owner Readers

Assignable to users, groups, or Resource Groups

service principals
Built-in roles make it easy to get
started Contributor Owner Readers

Role definitions describes the set

of permissions (e.g. read actions) Resources

Role assignments associates role

definitions with an identity (e.g.
user/group) at a scope (e.g. Contributor Owner Readers

resource group, resource)

Resource tags

Name/value pairs assigned to Tags x 15

resources or resource groups

Subscription-wide taxonomy
Each resource/resource group can have up
to 15 tags
Flows through billing

Examples or
Department: Engineering
Environment: QA
Creator: TabrezM
Billing PowerBI

Microsoft Azure Enterprise

content pack for Power BI

Explore and monitor your Microsoft

Azure Enterprise data in Power BI with
the Power BI content pack
The data will be refreshed automatically
once per day
Azure Stack management portal

Cloud-consistent
service delivery

Enable application owners and end-users

productively consume software-defined
infrastructure using the same intuitive
self-service experience as Azure
Azure management portal

Cloud-consistent
service delivery

Enable application owners and end-users

to productively consume software-
defined infrastructure using the same
intuitive self-service experience as Azure
Azure Active Directory

Identity as the control plane Windows Server

Simple
connection
Self-service Single
sign on
Active Directory
Username
Other •••••••••
A comprehensive identity and access Directories
management cloud solution
SaaS
Combines directory services, Azure
advanced identity governance,
Public Office 365
application access management and cloud
a rich standards-based platform for
developers On-premises Microsoft Azure Active Directory Cloud
Operations Management Suite

SaaS management offering

that works with any cloud

A single portal for all your

management tasks. No infrastructure
to maintain
Manage workloads across Windows
and Linux, hybrid and public clouds,
Azure and AWS
Complements your System Center
investment to unleash new
management scenarios
ExpressRoute

Extending Enterprise Networks to Microsoft Azure

Azure using ExpressRoute

ExpressRoute provides organizations a

private, dedicated, high-throughput network
connection between Microsoft Azure
datacenters and their on-premises IT VPN Private
environment
ExpressRoute has three types of peering
options: private, public and Microsoft
Azure Site Recovery
On-premises to Microsoft Azure Microsoft Azure
protection with Azure Site
Recovery
ASR provides single DR solution which
works across platforms (Hyper-V, VMWare, Orchestration
Physical) across clouds (public, private and and Replication
service provider) and across workloads to
provide a range of RTO/RPO using multiple
channels (Replica, Scout, SAN etc.)

Primary
Site
Visual Studio team services
Code Build + Load Release
Repository Deploy Testing Management
Cloud collaboration tools
for teams

It’s not an IDE, it’s everything else.

Visual Studio Team Services provides
a set of cloud-powered collaboration Azure
Visual Eclipse /
tools that work with your existing IDE
Studio XCode
or editor, so your team can work
effectively on software projects of all
shapes and sizes

Application Insights
and Hockey App
Azure services in your datacenter
Developers Self-service
consumption
Transform datacenter resources
into cloud services

Self-service IaaS—Virtual Machines, PaaS PaaS

Virtual Network, Storage, Docker-enabled
containers
Self-service PaaS— App Service**, Service
Fabric*
IaaS ••• IaaS
Flexible service delivery with Azure-based
management and automation tools

Flexible service
IT Ops delivery

** - Only Web Apps is in TP1, * - not in TP1