News

Microsoft Execs Define IT's Role in a Hybrid Cloud World

Microsoft on Monday held its second Webcast on the benefits of using a hybrid cloud infrastructure.

The talk, aimed at the press, was structured into two parts: a prerecorded presentation with a Microsoft moderator plus a "live" Q&A that allowed press questions via text messaging. The experts answering the questions were Microsoft executives Brad Anderson and Mark Russinovich. Anderson is Microsoft's corporate vice president for Windows Server and System Center, while Russinovich is a Microsoft Technical Fellow.

This talk covered much of the ground covered in the first presentation on hybrid cloud that was held back in April. A third and yet-to-come talk with Anderson and Russinovich is planned that will conclude the series. So far, the gist of the talks has been to try to sell IT pros on the merits of adopting cloud infrastructures, at least via a hybrid network, using Microsoft on-premises-based server products along with Azure cloud services. Microsoft has been hammering on this theme since then-Microsoft CEO Steve Ballmer declared the company all-in the cloud more than four years ago.

The Jobs Question
An early question from the Microsoft moderator concerned the potential for the cloud to eliminate IT jobs. By adopting the cloud, an IT pro faces the prospect of automating away an IT role, meaning his job, in some cases. Russinovich didn't flinch in reply:

First, your comment about are they (cloud adopters) going to automate themselves out of a job. Yes. In some sense they are going to automate themselves out of some job so that they can do other ones. If you go back through history, people don't stay in IT without changing.

Anderson took a different angle to this question, arguing that automation is just a key technical attribute of the using the cloud:

We talk about how in Azure we're deploying a new core every five seconds, so just the amount of new capacity … it's at a scale that's hard to describe. You can't do that without automating everything…. Every time you have to do something manually, there's going to be errors in some percentage…. So you want to eliminate that.

There was also a question from the moderator on whether IT administrator roles would be the same in managing hybrid cloud infrastructures. Russinovich suggested that they would stay the same, saying that "it is a lot of the same roles. They're adapting to this new world. Everyone is looking to the future with an eye to the cloud."

Anderson, on the other hand, added a "change-or-die" perspective in his response:

Some orgs, whether it be dev tech or line of business, are going around IT if IT isn't delivering what they need. So you look at the dev-tech organizations and line of business, and they want agility. And all too often the IT teams are perceived as being slow. Let's take a look at the public cloud as the benchmark. How easy is it for a customer of mine … to put a credit card in the cloud compared to what I deliver to them in private cloud?

Microsoft's bottom line appears to be a tough-love message to IT pros that if you don't do cloud, you'll just become irrelevant eventually. A different perspective was offered by Thomas J. Bittman, vice president and distinguished analyst at Gartner Inc. Bittman argued in a recent blog post that IT departments support core operational processes, and that sort of support likely can't be replicated by the standardization imposed by various cloud computing models. The debate likely will continue, but the jobs question seems to always pop up in Microsoft's cloud discussions.

Active Directory's Importance
The moderator asked about the role of Active Directory when moving to the cloud. Russinovich laid out the options, including Active Directory Federation Services (ADFS) or the more limited option of using Directory Sync:

We've got an Azure Active Directory with an identity service in the cloud and that's where you can go and provision cloud identities, if you'd like to. The power of that, from a hybrid scenario, is that you can federate with your on-premises Active Directory installation. And so those identities are actually projected up into the cloud through our Azure Active Directory. No special network connectivity (is required) other than the ADFS connection that you've got on prem. And that allows your users to single sign on to their corporate assets and then access cloud apps … using that same identity, using that same authentication flow, using multifactor authentication, if they'd like to. So that's really the richest scenario that lights up, but if you don't want that federation, you can get a less rich but still powerful scenario with what we call Directory Sync -- so syncing your on-premises identity directly up in the cloud, even syncing passwords, if you'd like to, so people can even use the same passwords they've got on premises with the cloud. So, it's a separate -- basically a copy -- of your Active Directory installation that you use to sign on. You won't get single sign on; you won't get similar things like multifactor flowing through and other access restrictions like I mentioned with that first scenario (ADFS), but still that's another option if you want to go that route.

Anderson noted that he has spoken with some customers who have told him that they don't want identities stored in the cloud. However, he explained that the security details stay on premises:

It can be as limited as just the user name itself and four attributes -- with all of the passwords, all of the attributes, staying in your on-premises Active Directory. What that allows you to do is take the investments you've been using … since 2000 and send it out into the cloud.

Hybrid Cloud for Disaster Recovery
The moderator asked about Microsoft's solutions to improve site recovery or disaster recovery scenarios. Russinovich offered an update on Microsoft's evolving cloud-based solutions in that regard:

So the options that Brad mentioned -- StorSimple bottomless storage that also serves as backup, the Azure Site Recovery, which is the new name for Hyper-V Replica because now actually you can have Azure be a secondary site rather than (having) two different private datacenters…. That's what we announced at TechEd. One of those announcements was having Hyper-V Replica be able to replicate up into Azure. So those are the obvious places to start if you're going to do disaster recovery and backup from on-premises to the cloud. And that's a great way to start. If you go to the StorSimple solution, all of the data is encrypted.

Bandwidth and Backup
The moderator asked about the best ways to get data to Microsoft's cloud, short of trucking it to the site. Russinovich noted that it's actually possible to just mail the data to Microsoft on disk, which is called the Microsoft Azure Import/Export Service. "That can be the fastest, most economic way of getting data to our cloud," he said, adding that it's a method that doesn't put a burden an organization's fiber infrastructure. Both execs also mentioned Microsoft's Azure ExpressRoute service as a way for organizations to secure high-speed bandwidth that isn't tied to the public Internet.

There was a related bandwidth question asked about disaster recovery scenarios, and that prompted Anderson to explain how StorSimple uses the cloud to restore bits on premises:

With StorSimple, effectively what we do is we take a map of every block of data on a volume or on a server. And then we keep that map locally, but we start moving the cold blocks of data up into Azure. And so we keep the hot blocks while the cold blocks are up in Azure…. It has compression. We actually encrypt everything on premises before we send it up into the cloud.… In the case of a disaster recovery, let's say that you lose a server. The way that StorSimple works is you can move another server, basically attached to that cache that's in Azure, (and) it just brings down the map and the hot blocks. All of the cold blocks stay up in the cloud. So you don't have to wait hours and hours. Your disaster recovery from an on-premise server to another on-premise server is literally in minutes.

Anderson also related an anecdote about the Sundance Film Festival, which handles all submitted films digitally. The event's organizers were using StorSimple in trial mode and were able to use it to recover data in minutes after experiencing a problem with their storage area network, he claimed. Russinovich noted that Microsoft Azure also has a geocopy service offering in which a whole region can fail and users can still get access to data.

First Cloud Steps
During the live Q&A portion of the talk, Anderson and Russinovich were asked about what first steps an organization could take to get familiar with using Microsoft's cloud. Russinovich suggested that using Microsoft Azure for dev-test operations was low risk, and the setup just takes minutes.

Anderson noted that access to Microsoft Azure Backup service is "natively built into Windows Server 2012 R2," and organizations can just enable that backup service to try it out. "You can do that in 20 minutes," he added. He also suggested creating a trial Windows Intune account to manage a handful of mobile devices from the cloud. Many organizations start with e-mail collaboration as their first foray into using cloud services, Anderson said, and he suggested trying Office 365 to that end.

Security Questions
A cloud security question was asked by the moderator. Russinovich said that security was the No. 1 issue for people who are new to the cloud. More experienced cloud users were more likely to be focused on compliance issues, he added. Microsoft has several certifications for its cloud services, including Health Insurance Portability and Accountability Act (HIPPA) compliance, he noted. "Compliance is really a stand-in for security," Russinovich said.

Another question during the live Q&A concerned security for hybrid clouds. Russinovich described a few of those details:

When it comes to security and when it comes to the fundamentals of delivering a public cloud offering, we know that trust is an absolute requirement for public cloud. And so there are some aspects of trust that are non-negotiable.… Some of the networking capabilities that we've got in the public cloud, for example, create a secure tunnel from your on-premises environment up in the cloud. That is a connection back to the on-premises infrastructure as well. We've got support for encryption inside of virtual machines. We partnered with Trend Micro and Symantec to allow customers to encrypt their VMs in Azure and we've also partnered with them to, and involved our own first-party antimalware solution, that touches with a single click and deploy into their virtual machines…. This is just the beginning of the offerings that we are going to light up and make available to our customers….

The Five Commons
A press question focused on running SQL Server workloads in Azure. It prompted Anderson to explain Microsoft's view about what is common between Microsoft's premises-based software and Microsoft Azure:

We talk about these set of five commonalities, "the commons" that we call them, across all of our cloud. And we believe that if we do a great job of providing consistency in these five areas, it just makes it really easy for organizations to embrace the cloud. And one of those is data, and that really comes down to SQL…. Just a reminder of the five commons, it's 'identity,' so having a common identity to be able to manage access across on-premises, hosted and the cloud; it's 'management,' that's where System Center and things like PowerShell become so important because you want a consistent way to be able to manage across cloud; the 'developer tools,' so be able to develop once and run anywhere is super-critical important; 'virtualization,' so it's the same VHD format, it's the same virtualization infrastructure; and finally 'data.'

The Code Spaces Security Problem
One of the press questions was about data security issues experienced by cloud hosting services provider Code Spaces and how Microsoft's cloud might avoid such a fate. Code Spaces was sabotaged by a hacker who deleted customer data as part of an extortion scheme. The company recently announced it will cease trading as a company and will concentrate on returning the data to customers that wasn't deleted. As noted by a Gartner blog post, Code Spaces had promised "redundant, high specification servers with guaranteed uptime and availability."

Neither Russinovich nor Anderson had much to say on the point. Russinovich said that customers aren't absolved from the responsibility of managing their data stored in the cloud. Code Spaces lacked multifactor authentication, he added. He also suggested the use of the Microsoft Azure Active Directory Premium subscription option. (Microsoft today announced that the Microsoft Azure Active Directory Premium is available for free 90-day trials.) The premium offering adds some security checks. For instance, the service will scan for anomalies, such as a log-in that occurs in different locations. Anderson concurred on that point.

Future Steps
One press question concerned the availability of tools that would enable the integration of Microsoft Azure with other cloud vendor solutions. Anderson said that Microsoft has some "things out there today, but this is an area of high investment." He suggested that "anything that helps with migrations from VMware to Azure we are going to accelerate."

Another press question concerned Windows Intune, and whether that Microsoft cloud-enabled management solution would eventually get PowerShell support. Anderson described that idea as "a wonderful scenario, something we need to do."

The press asked if virtual desktop infrastructure (VDI) was something that Microsoft considered to be part of is Azure roadmap. Anderson noted the recent preview release of Azure RemoteApp, although it's not a full desktop-as-a-service offering. However, Anderson did note that it's a common request of Microsoft's customers to want to do full desktop on Azure. He said that would be "something to look to in the future."

On another note, it's now announced that Mark Russinovich will be giving the opening keynote address at 1105 Media's TechMentor conference on Aug. 12. Russinovich will explain how organizations are utilizing Windows Server, Microsoft System Center and the Azure service together as part of that talk.

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.