Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Reinventing IT & Enabling Hybrid Cloud with Windows Server 2016

623 Aufrufe

Veröffentlicht am

Microsoft’s strategy centers on empowering you – the IT professionals - to generate business value within your organizations. With Microsoft Azure and Azure Stack, you can leverage the power of cloud to drive business agility and developer productivity. With the launch of Windows Server 2016 and Microsoft System Center 2016, you can accomplish more than ever before in your existing datacenters. And with Operations Management Suite, you can securely manage all of your on-premises and cloud infrastructure from one place. Jeff Woolsey discusses in-depth the latest technology innovations across all of these areas that help you reinvent your IT infrastructure, and be a hero within your organizations.

Veröffentlicht in: Präsentationen & Vorträge
  • Als Erste(r) kommentieren

Reinventing IT & Enabling Hybrid Cloud with Windows Server 2016

  1. 1. 0 Copyright 2016 FUJITSU Fujitsu Forum 2016 #FujitsuForum
  2. 2. 1 Copyright 2016 FUJITSU Reinventing IT & Enabling Hybrid Cloud with Windows Server 2016 Manfred Helber Senior Consultant Microsoft Solutions
  3. 3. 2 Copyright 2016 FUJITSU Windows Server The foundation of hybrid cloud On-premises datacenter Microsoft Azure Stack
  4. 4. 3 Copyright 2016 FUJITSU IT is being pulled in two directions Support business agility and innovation Provide secure, controlled IT resources By 2017, 50% of total IT spending will be spent outside of the formal IT organization.
  5. 5. 4 Copyright 2016 FUJITSU IT stress points Security threats Datacenter efficiency Supporting innovation
  6. 6. 5 Copyright 2016 FUJITSU Security is a top IT priority Security threats Datacenter efficiency Supporting innovation
  7. 7. 6 Copyright 2016 FUJITSU Increasing incidents Multiple motivations Bigger risk Why security is a top IT priority
  8. 8. 7 Copyright 2016 FUJITSU Source: McKinsey, Ponemon Institute, Verizon. Cyber threats are a material risk to your business Impact of lost productivity and growth Average cost of a data breach (15% YoY increase) $3.0 Trillion $4 Million Corporate liability coverage. $500 Million “Cyber security is a CEO issue.” - M c K i n s e y
  9. 9. 8 Copyright 2016 FUJITSU Security threats Datacenter efficiency Supporting innovation Datacenter efficiency Supporting innovation Protect identity Help secure virtual machines Protect the OS on-premises or in the cloud Better security starts at the OS
  10. 10. 9 Copyright 2016 FUJITSU Challenges in protecting credentials Ben Mary Jake Admin Domain admin Typical administrator Capability Time Social engineering leads to credential theft. Most attacks seek out and leverage administrative credentials (Pass the Hash)​. Administrative credentials often provide more privilege than necessary.
  11. 11. 10 Copyright 2016 FUJITSU Typical administrator Protect against compromised admin credentials Ben Mary Jake Admin Domain admin Just Enough and Just in Time administration Capability Time Credential Guard Prevents Pass-the-Hash and Pass-the-Ticket attacks by protecting stored credentials through virtualization-based security. Remote Credential Guard Works in conjunction with Credential Guard for RDP sessions to deliver Single Sign-On (SSO), eliminating the need to pass credentials to the RDP host. Just Enough Administration Limits administrative privileges to the bare-minimum required set of actions (limited in space). Just-in-Time Administration Provides privileged access through a workflow that is audited and limited in time. Capability and time needed
  12. 12. 11 Copyright 2016 FUJITSU Challenges in protecting the OS New exploits can attack the OS boot-path all the way up through applications. Known and unknown threats need to be blocked without impacting legitimate workloads.
  13. 13. 12 Copyright 2016 FUJITSU Help protect the OS and its applications On-premises or in any cloud Device Guard Ensure that only permitted binaries can be executed from the moment the OS is booted. Windows Defender Actively protects from known malware without impacting workloads. Control Flow Guard Protects against unknown vulnerabilities by protecting against classes of memory corruption attacks.
  14. 14. 13 Copyright 2016 FUJITSU Challenges protecting virtual machines Virtual machines are easy to modify and copy. Multiple fabric administrators typically have access. Any compromised or malicious fabric administrators can access guest virtual machines.
  15. 15. 14 Copyright 2016 FUJITSU Features to help protect virtual machines Shielded Virtual Machines Use BitLocker to encrypt the disk and state of virtual machines protecting secrets from compromised admins and malware. Host Guardian Service Attests to host health releasing the keys required to boot or migrate a Shielded VM only to healthy hosts. Generation 2 VMs Supports virtualized equivalents of hardware security technologies (e.g., TPMs) enabling BitLocker encryption for Shielded Virtual Machines. Hyper-V Virtual machine Computer room Building perimeter Physical machine Hyper-V Shielded virtual machine  *                `
  16. 16. 15 Copyright 2016 FUJITSU Shielded Virtual Machines Works with Host Guardian Service Cloud/Datacenter Hyper-V Host 1 Hypervisor Guest VMGuest VM Guest VMHost OS Hyper-V Host 2 Hypervisor Guest VMGuest VMHost OS Hyper-V Host 3 Hypervisor Guest VMGuest VMHost OS Key Protection Host Guardian Service
  17. 17. 16 Copyright 2016 FUJITSU Cloud/Datacenter Hyper-V Host 1 Hypervisor Guest VMGuest VM Guest VMHost OS Hyper-V Host 2 Hypervisor Guest VMGuest VMHost OS Hyper-V Host 3 Hypervisor Guest VMGuest VMHost OS Key Protection Host Guardian Service healthy Key release criteria TPM-mode) 1. Known physical machines 2. Trusted Hyper-V instance 3. CI-compliant configuration Shielded Virtual Machines Works with Host Guardian Service
  18. 18. 17 Copyright 2016 FUJITSU Security threats Transforming the datacenter Supporting innovation Datacenter efficiency
  19. 19. 18 Copyright 2016 FUJITSU Security threats Datacenter efficiency Datacenter efficiency Software-define the datacenter Supporting innovation Enterprise-class Virtualization Software-defined Storage Software-defined Networking
  20. 20. 19 Copyright 2016 FUJITSU MANAGEMENTCLOUDDATACENTER Azure Inspired Compute
  21. 21. 20 Copyright 2016 FUJITSU Software-defined Compute Mission-critical Industry-leading scale Linux first-class citizen DATACENTER Network Infrastructure agility Proven at cloud scale VXLAN support Storage Cloud economics 3x performance at half the cost Multi-vendor ecosystem
  22. 22. 21 Copyright 2016 FUJITSU DATACENTER RAM per physical server
  23. 23. 22 Copyright 2016 FUJITSU DATACENTER Logical Processors per physical server
  24. 24. 23 Copyright 2016 FUJITSU DATACENTER RAM per VM
  25. 25. 24 Copyright 2016 FUJITSU MANAGEMENTCLOUDDATACENTER Virtual Processors per VM
  26. 26. 25 Copyright 2016 FUJITSU Software-defined Compute Mission-critical Industry-leading scale Linux first-class citizen DATACENTER Network Infrastructure agility Proven at cloud scale VXLAN support Storage Cloud economics 3x performance at half the cost Multi-vendor ecosystem
  27. 27. 26 Copyright 2016 FUJITSU MANAGEMENTCLOUDDATACENTER Azure Inspired SDN
  28. 28. 27 Copyright 2016 FUJITSU DATACENTER Azure Inspired SDN Azure Data Plane Network Controller Software Load Balancer Distributed Firewall VMs & Containers RDMA Optimized Micro-segmentation
  29. 29. 28 Copyright 2016 FUJITSU Software-defined Compute Mission-critical Industry-leading scale Linux first-class citizen DATACENTER Network Infrastructure agility Proven at cloud scale VXLAN support Storage Cloud economics 3x performance at half the cost Multi-vendor ecosystem
  30. 30. 29 Copyright 2016 FUJITSU DATACENTER Azure Inspired SDS
  31. 31. 30 Copyright 2016 FUJITSU MANAGEMENTCLOUDDATACENTER Azure Inspired SDS Storage Spaces Direct Storage Replica NVMe Storage QoS Hyper-Converged Optimized RDMA Optimized
  32. 32. 31 Copyright 2016 FUJITSU Converged solution On-premises disaggregated solution Scale components separately in this model. Simultaneous scaling is possible when compute (Hyper-V) and storage components (Storage Spaces Direct) reside on the same cluster. Hyper-converged Scale compute, storage simultaneously Storage Software SMB3 Virtual machines on Hyper-V host Scale-out file server Storage Software Virtual Machines Scale-out file server Storage Software
  33. 33. Industry-standard servers with internal drives
  34. 34. No shared storage, no fancy cables – just Ethernet
  35. 35. Let’s cluster them
  36. 36. Software-defined “pool” of storage
  37. 37. We’re ready to create volumes!
  38. 38. Hyper-Converged
  39. 39. 42 Copyright 2016 FUJITSU Demo: Software-defined storage
  40. 40. © Fujitsu 2016 Storage Spaces Direct (S2D) Scale-Out
  41. 41. Add new node to cluster
  42. 42. © Fujitsu 2016 Storage Spaces Direct (S2D) Fault Tolerance
  43. 43. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  44. 44. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  45. 45. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  46. 46. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  47. 47. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  48. 48. Server Fault Tolerance Up to 2 simultaneous failures Copies always land in different servers Accommodates servicing and maintenance Data resyncs automatically
  49. 49. Chassis & Rack Fault Tolerance
  50. 50. © Fujitsu 2016 Fault Domain Awareness Flexible Scenarios Set up with PowerShell or XML policy Create flexible, nested topologies Fault Domains Clustering now understands Node, Chassis, Rack, and Site Failure policies and Spaces Direct data placement
  51. 51. © Fujitsu 2016 Hyper-converged Storage Spaces Direct
  52. 52. 62 Copyright 2016 FUJITSU Nano Server installation option - just enough OS Nano Server Just enough OS
  53. 53. 63 Copyright 2016 FUJITSU Increase reliability with cluster enhancements Cluster OS Rolling Upgrade Upgrade your fabric to Windows Server 2016, without downtime to workloads running on Hyper-V virtual machines. Mixed OS Mode cluster Provides ability for Windows Server 2012 R2 cluster nodes to operate with Windows Server 2016 nodes. VM resiliency Designed for cloud-scale environments, this helps preserve VM session state in the event of transient storage or network disruptions. Fault domain-aware clusters Enhances key operations during cluster lifecycle such as failover behavior, placement policies, heartbeating between nodes, and quorum behavior.
  54. 54. 64 Copyright 2016 FUJITSU Complete software-defined storage solution Storage Replica Create affordable business continuity and disaster recovery among datacenters. Storage Quality of Service Prevent noisy neighbors from impacting high priority workloads with a Storage QoS policy. Storage Spaces Direct Use standard servers with local storage to build highly available and scalable software-defined storage. Site 1 Site 2
  55. 55. 65 Copyright 2016 FUJITSU Azure-inspired, software-defined networking Move faster with Network Controller VXLAN-based virtual networking Hybrid SDN gateways for cross-cloud deployment External and internal software load balancing Reduce costs Ability to converge RDMA and Ethernet traffic on the same teamed NICs QoS for predictable performance Monitoring and automation to reduce OpEx Enhance network security Distributed firewall Network Security Groups for microsegmentation Routing and mirroring to specialized virtual appliances
  56. 56. 66 Copyright 2016 FUJITSU Demo: Nano Server
  57. 57. 67 Copyright 2016 FUJITSU

×