Reinventing IT & Enabling Hybrid Cloud with Windows Server 2016

Fujitsu Forum 2016

#FujitsuForum

Reinventing IT & Enabling Hybrid Cloud withWindows Server 2016

Manfred Helber

Senior Consultant Microsoft Solutions

Windows Server The foundation of hybrid cloud

On-premises datacenter Microsoft Azure Stack

IT is being pulled in two directions

Support business agility and innovation

Provide secure, controlled IT resources

By 2017, 50% of total IT spending will be spent outside of the formal IT organization.

IT stress points

Security threats

Datacenterefficiency

Supporting innovation

Security is a top IT priority

Security threats

Increasing incidents

Multiple motivations

Bigger risk

Why security is a top IT priority

Source: McKinsey, Ponemon Institute, Verizon.

Cyber threats are a material r isk to your business

Impact of lost productivity and growth

Average cost of a data breach (15% YoY increase)

$3.0 Tr i l l ion $4 Mil l ion

Corporate liabilitycoverage.

$500 Mil l ion

“Cyber security is a CEO issue .”- M c K i n s e y

Security threats

Datacenter efficiency

Protect identity

Help secure virtual machines

Protect the OS on-premises or in the cloud

Better security starts at the OS

Challenges in protecting credentials

Ben Mary Jake AdminDomain admin

Typical administrator

Social engineering leads to credential theft.

Most attacks seek out and leverage administrative credentials (Pass the Hash).

Administrative credentials often provide more privilege than necessary.

Typical administrator

Protect against compromised admin credentials

Ben Mary Jake AdminDomain admin

Just Enough and Just in Time administration

Credential Guard Prevents Pass-the-Hash and Pass-the-Ticket attacks by protecting stored credentials through virtualization-based security.

Remote Credential Guard Works in conjunction with Credential Guard for RDP sessions to deliver Single Sign-On (SSO), eliminating the need to pass credentials to the RDP host.

Just Enough AdministrationLimits administrative privileges to the bare-minimum required set of actions (limited in space).

Just-in-Time AdministrationProvides privileged access through a workflow that is audited and limited in time.

Capability and time needed

Challenges in protecting the OS

New exploits can attack the OS boot-path all the way up through applications.

Known and unknown threats need to be blocked without impacting legitimate workloads.

Help protect the OS and its applicationsOn-premises or in any cloud

Device GuardEnsure that only permitted binaries can be executed from the moment the OS is booted.

Windows Defender Actively protects from known malware without impacting workloads.

Control Flow Guard Protects against unknown vulnerabilitiesby protecting against classes of memory corruption attacks.

Challenges protecting virtual machines

Virtual machines are easy to modify and copy.

Multiple fabric administrators typically have access.

Any compromised or malicious fabric administrators can access guest virtual machines.

Features to help protect virtual machines

Shielded Virtual Machines Use BitLocker to encrypt the disk and state of virtual machines protecting secrets from compromised admins and malware.

Host Guardian Service Attests to host health releasing the keys required to boot or migrate a Shielded VM only to healthy hosts.

Generation 2 VMsSupports virtualized equivalents of hardware security technologies (e.g., TPMs) enabling BitLocker encryption for Shielded Virtual Machines.

Hyper-V

Virtual machine

Computer room

Building perimeter

Physical machine

Hyper-V

Shielded virtual machine

Shielded Virtual MachinesWorks with Host Guardian Service

Cloud/Datacenter

Hyper-V Host 1

Hypervisor

Guest VMGuest VM Guest VMHost OS

Hyper-V Host 2

Hypervisor

Guest VMGuest VMHost OS

Hyper-V Host 3

Hypervisor

Key Protection

Host Guardian Service

Cloud/Datacenter

Hyper-V Host 1

Hypervisor

Guest VMGuest VM Guest VMHost OS

Hyper-V Host 2

Hypervisor

Hyper-V Host 3

Hypervisor

Key Protection

Host Guardian Service

healthy

Key release criteria TPM-mode)

1. Known physical machines

2. Trusted Hyper-V instance

3. CI-compliant configuration

Shielded Virtual MachinesWorks with Host Guardian Service

Security threats

Transforming the datacenter

Security threats

Software-define the datacenter

Enterprise-class Virtualization

Software-defined Storage

Software-defined Networking

MANAGEMENTCLOUDDATACENTER

Azure Inspired Compute

Software-defined

Compute

Mission-critical

Industry-leading scale

Linux first-class citizen

DATACENTER

Network

Infrastructure agility

Proven at cloud scale

VXLAN support

Storage

Cloud economics

3x performance at half the cost

Multi-vendor ecosystem

DATACENTER

per physical server

DATACENTER

Logical Processors

per physical server

DATACENTER

per VM

Virtual Processors

per VM

Software-defined

Compute

Mission-critical

DATACENTER

Network

VXLAN support

Storage

Cloud economics

Azure Inspired SDN

DATACENTER

Azure Inspired

Azure Data Plane

Network Controller

Software Load Balancer

Distributed Firewall

VMs & Containers

RDMA Optimized

Micro-segmentation

Software-defined

Compute

Mission-critical

DATACENTER

Network

VXLAN support

Storage

Cloud economics

DATACENTER

Azure Inspired SDS

Azure Inspired

Storage Spaces Direct

Storage Replica

Storage QoS

Hyper-Converged Optimized

RDMA Optimized

Converged solutionOn-premises disaggregated solution

Scale components separately

in this model.

Simultaneous scaling is possible

when compute (Hyper-V) and storage

components (Storage Spaces Direct)

reside on the same cluster.

Hyper-convergedScale compute, storage simultaneously

Storage Software

Virtual machines on Hyper-V host

Scale-out file server

Storage Software

Virtual Machines

Scale-out file server

Storage Software

Industry-standard servers with internal drives

No shared storage, no fancy cables – just Ethernet

Let’s cluster them

Software-defined “pool” of storage

We’re ready to create volumes!

Hyper-Converged

Demo:Software-defined storage

Storage Spaces Direct (S2D)

Scale-Out

Add new node to cluster

Storage Spaces Direct (S2D)

Fault Tolerance

Server Fault ToleranceUp to 2 simultaneous failures

Copies always land in different servers

Accommodates servicing and maintenance

Data resyncs automatically

Chassis & Rack Fault Tolerance

Fault Domain Awareness

Flexible Scenarios

Set up with PowerShell or XML policy

Create flexible, nested topologies

Fault Domains

Clustering now understands

Node, Chassis, Rack, and Site

Failure policies and Spaces Direct data

placement

Hyper-converged Storage Spaces Direct

Nano Server installation option - just enough OS

Nano ServerJust enough OS

Increase reliability with cluster enhancements

Cluster OS Rolling Upgrade Upgrade your fabric to Windows Server 2016, without

downtime to workloads running on Hyper-V virtual

machines.

Mixed OS Mode clusterProvides ability for Windows Server 2012 R2 cluster

nodes to operate with Windows Server 2016 nodes.

VM resiliencyDesigned for cloud-scale environments, this helps

preserve VM session state in the event of transient

storage or network disruptions.

Fault domain-aware clusters Enhances key operations during cluster lifecycle such

as failover behavior, placement policies, heartbeating

between nodes, and quorum behavior.

Complete software-defined storage solution

Storage ReplicaCreate affordable business

continuity and disaster recovery

among datacenters.

Storage Quality of ServicePrevent noisy neighbors from

impacting high priority workloads

with a Storage QoS policy.

Storage Spaces DirectUse standard servers with local

storage to build highly available and

scalable software-defined storage.

Site 1 Site 2

Azure-inspired, software-defined networking

Move faster with Network Controller

VXLAN-based virtual networking

Hybrid SDN gateways for cross-cloud deployment

External and internal software load balancing

Reduce costs

Ability to converge RDMA and Ethernet traffic on the same teamed NICs

QoS for predictable performance

Monitoring and automation to reduce OpEx

Enhance network security

Distributed firewall

Network Security Groups for microsegmentation

Routing and mirroring to specialized virtual appliances

Demo:Nano Server

Reinventing IT & Enabling Hybrid Cloud with Windows Server 2016

Presentations & Public Speaking

Hybrid Storage - Nexsan€¦ · All hybrid storage solutions utilize a flash-based storage controller that provides intelligent storage management, enabling SSDs to provide fast performance

Reinventing Yourself

Reinventing Bazaar

Kickstart Your Digital Transformation: Enabling a Hybrid ......Source: IBM Growing up hybrid Accelerating digital transformation of organizations already use services from three or

Hybrid & Federation Models to Augment Private Infrastructure · Hybrid CDN, where private infrastructure is augmented by a global CDN service network, enabling better service for

INSIGHTS INTO STABILITY ASPECTS OF HYBRID SYSTEM; AN ENABLING TECHNOLOGY FOR RURAL ELECTRIFICATION IN BANGLADESH

Enabling the Software Defined Data Center for Hybrid IT

Intel IT Cloud Journey and Overview Normalizing 2013 Intel Cloud 2.5 Hybrid SaaS Legacy Apps Hybrid PaaS Cloud Aware Apps In 2013, Hybrid applications are the norm enabling low latency,

Reinventing the Physicist - APS Home · Reinventing the Physicist ‐2014. Reinventing the Physicist ‐2014 WHY HOW WHAT Simon Sinek – TED.com. Priorities Reinventing the Physicist

LKIN17: Enabling Enterprise Agility though a Hybrid Agile Implementation Model - Jasdeep Singh

Enabling Hybrid Workflows with Docker/Mesos @Orbitz

Reinventing management

Restarting and Reinventing School: Learning in the Time of ......remains. Hybrid and blended learning models can facilitate continuity of learning by enabling teaching and learning

Enabling 4GBB via hybrid-FTTH, - · 5 dr. Rob F.M. van den Brink -Enabling 4GBB via hybrid-FTTH Broadband Forum, Dec 6th, 2010, bbf2010.1395.00 2. Hybrid FttH-complementary to full

Enabling Hybrid Cloud Today With Microsoft Technologies v1 0

Reinventing healthcare

Enabling Low-Overhead Hybrid MPI/OpenMP Parallelism in MPC · IWOMP'2010 June 15th 2010 1 Enabling Low-Overhead Hybrid MPI/OpenMP Parallelism with MPC Patrick Carribault, Marc Pérache

Reinventing Organizations - complete summary v6blog.convergeforimpact.com/wp-content/uploads/2015/02/Reinventing... · Reinventing Organizations In his 2014 book Reinventing Organizations,

Enabling Technologies - Diesel through hybrid Dunnuck.pdfEnabling Technologies - Diesel through hybrid. David Dunnuck. Executive Director – CES Research and Engineering. 2 2. 19901/24/2019

Reinventing spaces