 Welcome to Ops 107 Hybrid as a Management Plane. Let's get into it. Hi, and welcome to this IT Ops talk. My name's Oren Thomas. I'm a Principal Cloud Advocate. I've got Sonia Kauff, who's a Senior Cloud Advocate, and with us right now we have Jeff Woolsey, who's a Principal Program Manager, Hybrid Cloud at Microsoft, and we're going to have a wide-ranging discussion about Hybrid Cloud. Thank you very much, Oren. Thank you very much, Sonia. It's really a pleasure to be here. When you reached out to me to have this conversation, I was really excited because there's a lot of things going on right now in the world of Hybrid Cloud, but there's so much change happening and let's put aside, we know what's going on right now worldwide with COVID and how we're coping with that. There's also the change of what's going on for IT is under lots of different stresses. Obviously, they've been supporting the organizations, they've been supporting their businesses. They've had to probably change a little bit how they allocate their time to make sure that, you know what, folks can access the things that they need remotely. They still need to be able to provision resources, grow the business, grow their organization, deal with break fix, and it's a huge challenging time that a lot of our IT professionals and MVPs and partners around the world have been going through. The first thing I just wanted to start off with is just a huge kudos to every one of you that's out there right now, working for your organization, whether it's you're working at home, whether you're working in a Starbucks, wherever you can get Wi-Fi. We know that people are working in really challenging situations right now and they are being successful, and they are helping their organization, they're helping their colleagues, they're helping their coworkers, they're helping their customers be successful during this really challenging time. Sonya and Oran, I'm sure you've had lots of similar conversations with customers where they're going through this, and they're reaching out going, how are other people doing this? How are people dealing with all of these challenges? Oran, you look like you want to say something, yeah. Well, a lot of people are dealing with it very well in an ad hoc manner. That is one of the weird things about an IT pro career or maybe any career, is that a lot of it's just firefighting and it's dealing with the monster that's in front of you, instead of worrying about the monster that's down the hall to use a Dungeons and Dragons analogy. And I think that we've always been in a position that we are very good at dealing with the immediate with an eye on where we're meant to be going. And I think with this, everybody's able to sit there and go, oh, we need to deal with this next, and we need to deal with this next, and we can see what the challenges are. And I think that the workforces that we're often dealing with, especially when this started, we're a bit forgiving on how do you get this all together and everything started to work and then people adapted to the reality of what it was. And adjustments have been made along the way, but we're certainly not paralyzed in fear where it's like, things have changed, we don't know what to do. It's like, things have changed, we'll figure it out. And that's what the role is. Yeah, well, we haven't had the luxury of being paralyzed and not doing anything, right? And a really good conversation with Mark Anderson, the National Security Officer for Microsoft Australia. And we were talking about a lot of the objections about working remotely or going to cloud, had to be put aside because this is needed to be able to function and operate. It wasn't this pie in the sky project anymore, it was an immediate business need and the cost of not doing something, it just wasn't worth it. So everybody adapted pretty quickly. And organizations are now in this phase where they are trying to figure out where to next. They've done all the immediate stuff. Things haven't gone back completely to how they used to be. And so how do you plan for what the future looks like next? It's still a bit uncertain, but there's also a bit of a pause and reflect now and go, okay, so when we were in that response mode and we put in all these things, did we do them the most in the most secure way like to the best of our abilities? We got the functions up and running for the business, that's great, but there is also a bit of a time now to go back and make sure that all the little boxes are text in terms of security and configurations and just make sure that the house is still locked up nice and tightly before we carry on evolving with this. And you actually asked a very good question in there, which was where to next? And that was kind of one of the things that really kind of, when you asked me what to have this conversation, it kind of got me thinking about these conversations that I had with Jeffrey Snover. Jeffrey Snover, just spectacular person, the creator of PowerShell, technology that everybody uses, but I remember when nobody used it, when it was brand new. And part of one of the things I wanted to have the conversation about today, which was 10 years ago, I remember Jeffrey Snover and I, we basically said, look, we have got to get the word out on PowerShell. We've got to get the work on automation. This is a fundamental technology. And most importantly, it's a critical tool that every IT pro is gonna need in their toolbox. And now the question becomes, that was 10 years ago and spoiler alert, we added thousands and thousands upon thousands of commandlets, PowerShell is now ubiquitous. It's kind of everywhere, it's growing PowerShell's up to version seven. We're doing lots of different things, growing automation, but it's just this incredible tool in the toolbox. Well, now the question becomes, well, where to now and where are we going? And what are those critical tools that people need to understand? Where did they need to invest their time? But there's also one other thing, which is as customers have been dealing with the challenges that they have, I have spoken to some customers that said, you know what, we've also been, our management has also told us, we know we have some critical technical debt that we've been putting off. Now is a fantastic time for us to do that. And so one of the things I have been pushing, and I've been evangelizing this a lot on my social, my Twitter feed, quite honestly is a super basic one, but it is the criticality of the domain controller. And it's really funny. I, people have, you know, there's a lot of folks that have been doing this for a long time and they go, of course we know how important the domain controller is, but for folks that have been doing this for 10 or 20 years, you may get that, but there's a lot of folks that are new to IT that don't really understand and they're still managing a really, really legacy domain controller. And they don't understand that actually DC is critical infrastructure and that it handles so much. It's authentication, it's logging in, it's checking permissions, it's assigning and enforcing security policies. It's actually handling time synchronization. It's all of those things. And so I've been, you know, very much telling people, it's time to also, you know, it's important to understand some of these critical roles and features and capabilities within your organization. You know, I've been telling everyone as a best practice, everything, your DC, every DC you own should be on 2016 or later, period, bar none. That this is, you know, this is one of those, you shouldn't even be thinking about anything even previous to 2016. And there are so many reasons for that. If you look at security and the work that we have done in Windows Server and raising the bar on security, you know, 2016 was really a watershed release with the work that we did to really add next generation level of protections throughout the operating system, credential guard, remote credential guard. You know, there are some tricky security issues like pass the hash, pass the ticket that have been around for quite some time. The bad guys have been out there raising the game, working to steal credentials so that they're not hacking into an organization. They're using legitimate names and passwords to get in there. And credential guard, remote credential guard had added new defenses to actually protect against those. One of the challenges for a lot of people in the IT Pro role is especially once you, a lot of us have been an interesting stat about IT Pros is the average IT Pros middle-aged. And so a lot of people have been working with, for example, and I asked this question when I'm presenting, I say, how many people have been, you know, working with Windows Server since NT4 or 2000? You get 80% of the hands will go up. Now, one of the real big challenges is that we sit there and sometimes we focus on what's brand new. So someone's like, what should I be learning? Should I be learning Kubernetes? Should I be learning? Should I be learning about containers? Should I be learning about as your file sync? Should I be learning about as your arc? But one of the other things that you kind of have to do with your career is that you sometimes have to go back and look at the stuff that you think you know and see what improvements have been made. And one of the things I've always found when I'm talking about Windows Server I'll be talking to people that have been using Windows Server for more than two decades. And I go, okay, let's talk about how you harden a domain controller or let's talk about how you harden the domain. And I'll start going through features and there is an almost, I know this so I haven't learned anything more about it. So even though you've deployed the 2016 of the 2019 domain controller, you're still managing it like a 2003 domain controller. So something else to think about in terms of your IT career in a hybrid world is, okay, so what technology improvements have actually occurred to the operating system so that I understand that I'm using this operating system as efficiently as possible. It's sort of like getting into a brand new car and then never using cruise control, never using sort of radar, you never using lane assist and things like that because people don't know about it because they sit there and go, oh, I've got to concentrate on the new and shiny. Not realizing, I've also got to look at the improvements to the tribe and test it. Yes, and this is a good example of where we've taken some of the technologies we created. I know you've chatted with Ben Armstrong. We've taken technologies like Hyper-V and extended it far beyond just virtualization. Virtualization in Hyper-V was really just the kicking off point with what we did way back in 08 and 08 R2. But when we take it into 16 and 19 and the things that we did around credential guard, remote credential guard, Hyper-Vives are based security. This is where we took this technology to the next level to create that next level of defenses. And one of the things that people who haven't necessarily paid attention to aren't even aware of what this technology does or how it works. Sometimes I'll just hear the name and they won't realize, look what we've done is we've used virtualization to partition off parts of the operating system almost as though they're sitting in separate virtual machines. So that if one part of the operating system's compromised, the other part isn't. And they hear these names credential guard. What does that mean? Oh, is it just like a name of something or is it a different way of encrypting the data? No, it's actually a way of making sure that this bit can't touch this bit because it doesn't have the integrity to touch this bit. Yeah, we're actually compartmentalizing kernel code so that all of a sudden now, kernel access, a badly written driver or some, you know, malformed code or something that, you know, guess what? Yeah, happened to open up an attachment and it's doing bad things. All of a sudden doesn't have full complete access to the kernel because we've actually compartmentalized secrets and things like that. So I think one of the challenges though is that Active Directory has been a victim of its own success in terms of it was one of those things that you put into an organization. And as long as you kept an eye on things like the replication, it always just worked. And there is this hold back of when an IT pro has a look at all the things they've got to do in their day and the things that are actually on fire. If those servers are sitting there and they're still just working, how do you convince an organization to do upgrades, to upgrade those servers? And we've seen more success with people getting off server 2008 and in 2008, two, for example, when we see, look, it's now end of life. We're not gonna throw any more security patches at it. And it's one of those things it's almost like being the blue team, right? It's frustrating sometimes to actually get the buy-in to get the time in the budget to go and do these things that you know need doing. You know that the organization's overall security posture would be improved if you upgraded those operating system versions. But sometimes it takes that big fire or that big security event for someone to go, yeah, we should have or yeah, we need to do it. And you don't see a lot of those in organizations. I think that's one of the challenges that IT pros have is getting the buy-in and the sponsorship or how do they tell an organization that this really actually is super important that we get off these older versions so that we are in a better security position? Yes. And this is something that probably you're one of the few people in the world that can answer Jeff. So we get a new version of Windows Server for example, we'll say 2019 or we'll go as just 2019. Now there's all of these features that can be turned on that can make it hyper secure. And we want people to go and do that but one of the choices that you need to make sort of in your particular role is which ones of these do we turn on by default and which ones do we leave? Because we know that if we just tell people go and put 2019 there, it'll reach a baseline level of secure. But we also know that you can make Windows Server an order of magnitude more secure but that you have to go and do a lot of legwork. So how do you decide or how do you get into the position of deciding this is something that we're gonna enforce from the get-go versus this is stuff where we need to make you get out and walk. You know, that's a great answer and there's a couple different ways we're thinking about it and looking at it. One, there's always this tug and push and pull about security versus compact. And there's always this concern that, oh, someone's gonna enable something and we're gonna break something. It's why when it comes to Active Directory someone will say, well, you know, I'm afraid to deploy 2016 because the domain functional level's gonna change and it's gonna break anything. I had a nice long chat with a whole bunch of people that had been doing AD for a very, very long time. I said, guys, how many times did it actually break anything? And everyone kind of sat there and kind of scratched our head and were like, it doesn't really happen. We generally add new things, we add new functionality. So guess what we do that with and we do this after lots of extensive testing both internally and with customers. And what we're doing is raising the bar without impacting compact. At the same time, we know that there are some folks that have highly regulated environments. I'll give you one example, hospitals. And so they always push back because someone gave them an application 15 years ago that was configured in some way and they're especially sensitive. And of course, if it's a specific medical piece of a device, it can be a challenge. So what we have, we do put in the different policies in place so that someone's can say, look, here's a raised security baseline. Go with this. Or in fact, if you look at what we're doing in Azure policy as well, we're also raising the bar by providing these new policies through Azure policy that will be able to be pushed down through Arc. And this is part of one of the things I want us to get thinking about is because today these days, we have lots of folks that are doing stuff the way they've been doing it because that's how we've been doing it for the last 10 years, in the last 15 years. I had a call, I'm not kidding with a customer just a few weeks ago, where they were asking me all sorts of weird questions about security and I finally had to stop and I said, wait a minute, wait a minute, explain to me why you're asking me all these questions about deployment and reg keys and stuff like that. And they basically got to the point where they said, look, we had this person that used to work for the organization and we always deployed servers and we always ran this guy's script and this script would harden the server and we want to make sure it doesn't break it. And I said, well, where is this person? And he's like, well, he doesn't work here anymore. Like, well, how long has it been? It's been years, but it works and this is how we deploy it. Nobody knew what the script does or exactly how it worked or what it did, but it was quote unquote, the way they've been doing it. And it was like, okay, we need to take a step back and really think about what are the best practices you need to be putting in place? And we understand that not everyone's a green field unless you're a startup or a brand new organization and we get that you got a lot of brownfield to deal with, but you've got to take a point where we say, look, we're going to start to implement best practices or we're going to start to implement consistent policies. And in fact, one way to look at that, one great way to look at it is we are defining policies in Azure that guess what? You're going to be able to deploy on-premises through ARC. And to me, this is about providing now a consistency for your hybrid environment, whether it's on-prem, whether it's in your data center, whether it's in the cloud, whether it's Windows, whether it's Linux, that all of a sudden will make everybody's life better. So- And that's one of the ways I find that hybrid can make on-prem better is that the cloud can almost function as a management layer, because in the past, we might have something like, well, we had operations manager, but we didn't have necessarily in any way of like a product called security manager, which would literally go out and assess your security configurations and tell you what was right and what's wrong. And I can see that with ARC, that one of the promises of ARC is the ability to basically take some security baseline, like STIG, one of the STIGs, and say, right, we can assess your current configuration against a particular STIG, and we can say where you're not compliant with the STIG, but we can also then go look through all of your logs and say, now, this is why you might not want to turn this particular thing on. For example, it might go and look at, and I'm not sure that it does this, but it could go and look at your NTLM and say, well, you've got NTLM auditing, we're seeing that you're still using it. So we're not going to implement this recommendation that you turn off NTLM, because if you do that, you're gonna break this, this, and this, but we can make these recommendations to you that you should go and do this, this, this, and this, so that you can then reach this new thing. And this is something that the cloud offers that we couldn't do easily on-prem because the amount of legwork involved, where it can make recommendations that can literally say, hey, we want you to turn off NTLM. To turn off NTLM, you need to go to deal with this, this, this, and this, and once you've dealt with this, you can level up your security, and we'll even give you a nice little score to tell you how much you've improved it. Well, and think about systems management today, and think about how people have been doing it for the last 10 or 20 years. They've been using Operations Manager, they've been using Configuration Manager, they've been using, you know, System Center has a major, major footprint in enterprises around the world, but as much as System Center is awesome, don't get me wrong, there's also a place where people realize that the cloud can do so many things so much better. One of the challenges that I have run into for large, really large organizations for years has been, they'll say, Jeff, I've got multiple data centers. I've got multiple sites, maybe it's branch offices, maybe it's data centers, maybe it's guys that are on the road, all sorts of different environments, but guess what? It's changing, and most importantly, I just wanna be able to understand what I have in my estate. What does my inventory look like? What does my asset management look like? And honestly, if you ask an IT pro, you know, one of the biggest challenges they have is just trying to understand what they have so that they can manage it better. And today, you know, you look at System Center, and you know, within a domain or within a site, hey, it can be pretty awesome. It's when you start realizing, wait a minute, I got multiple sites, I got multiple branches, I've got multiple people trying to do this, and I've worked, you know, I've chatted with customers who said, look, we're working actually try and put all of these together, and we wanna create this aggregate view that shows us everything that we've got. Oh, and wouldn't it be great if we could actually, you know, start to plug in other things like event logs, and monitoring, and health and all of these things, but at the very basic, can I just see all of the assets I have? Literally every server, every storage device, every endpoint device, and every user managed device and actually see all of those things. And there's a stat out there. It's huge. And I probably remember who collected it, that said about 30% of all server workloads are comatose. And one of the reasons for that is that monitoring is just so unable to see everything. So that even if you've got everything plugged in, you're not necessarily sure what everything's doing. One of the advantages of the cloud is once you can put the haystack up here, you can then use the power of cloud to start finding the needles in the haystack in a way that you couldn't do it down here, where you were just worried about whether or not you had visibility. And there's visibility, and then there's recognizing what you're actually looking at. And the cloud is excellent because it's got all of that AI and machine learning to actually recognize what it's looking at, not just making sure that you've actually got visibility. Oh, sorry, go ahead, Sonia. I think some of that also comes from the fact that our cloud environments are a little bit more distributed in terms of who's spinning up those resources around. And at least when I was on IT Pro, if a new server got put into the environment, it was my IT team that had to order the hardware and build it and get it provisioned in the racks or at least get it provisioned in the data center that was hosting up for us. And one of the first things that we would do is make sure that we had an agent on it, right? There are a lot of third-party systems out there for deploying agents to various operating systems to try and give you that one central dashboard, especially if you've got environments and sort of different states and different domains. But with the cloud now, it's not just the IT people that are putting resources in the cloud. We've got developers that want to self-provision those kind of resources, whether or not they're ISVMs or whether they're serverless or all of the other tools that they've got access to in the cloud now that they're spinning up under my subscriptions that I'm now gonna need to be responsible for not only from a cost perspective, from a security perspective and operations and performance perspectives. And I think the cool part about that though is that we've kind of saw that that was gonna be a thing and we counteracted that by wrapping this policy engine around it to turn around and go, you know what? We can actually put some controls about what people can provision in the cloud, sizes of storage accounts or VMs, where they can put them in terms of location and get some really good visibility across all of those resources so that you can start managing with the policy. And like you said, Azure Arc for Service is the icing on the cake to be able to go, look, you don't want to manage two separate environments in two different ways. You don't want to be managing your cloud servers and your resources this way and then your on-prem service in the other way. And so what we're seeing now in terms of that compatibility that Azure Arc for Service agent being able to bring the visibility of those on-prem machines into the Azure portal and have them managed by the same sort of policy set, it's just gonna make life so much simpler for organizations that are going to be running hybrid environments for the long term. And this goes to one of the core compelling things that customers are telling me that they see as part of their move to the cloud, which is, wait a minute, now I have literally a management plane that I can train, I can understand, I can build. My next generation skill set becomes the Azure management plane. It's log analytics, it's monitoring, it's update, it's Arc, it's policy. And guess what, it can now all of a sudden I have a way to manage all of my organization's resources. I don't have to worry, is it in a domain, is it not in a domain, is it Windows, it's Linux, we handle it all. Okay, so now I have a way to enforce policy and force update management. I can actually see my assets. So solving one of that fundamental challenge that people had with system center, which was how do I bring in all of these different system centers from different organizations or from different locations and different offices and actually kind of federate that data so that I could start to figure out how to make sense of it. Don't worry about any of that. Archify your resources. You see it, it all lights up now in Azure. And on top of that now, as you bring in more things, they all appear here. And most importantly, think about that management plane. And this is why I think for IT pros, it's so critical that this becomes the next tool in their toolkit. Which is because today, system center, I've got to update system center. I've got to manage the life cycle of system center. There's a new version of ops man, there's a new version of system center, there's a new version of config manager on-prem. I've got to do all of those updates. In the cloud, we handle it all for you. What you are focused on as an IT pro is your ability to deliver to your organization, not just keeping the management plane up and running. So that's an important way to, and it's interesting when we were introduced to the concept of cloud. It was almost marketed, and I use that word deliberately, as a replacement for on-prem. But I think the reality, and especially for IT pros who are very practical focused, is that it's a compliment to on-prem. That it's not a replacement. I mean, there's certain things. There's one of the things that I'm seeing a lot of customers talk about is actually using the cloud as a development environment. And then once the workloads have reached a level of maturity, actually bringing them back on-prem. We had a discussion with one of our other presenters, where he was talking about a lot of development of Kubernetes technologies, and Kubernetes clusters was done in the cloud, where they could rapidly iterate. But once it got to a certain level of maturity, it was like, right, we're not going to run it up down there. We actually want to run it on as your stack HCI. But we're having to play with it at the beginning up here, because we can do whatever. But once we actually know what it looks like, and we've built it, and we've designed it, and it's good, right, we're actually going to run it in one of our boxes. So when any, and I think that it got people a little offside when they were talking about it being a replacement, because especially for IT pros, we've seen a lot of technologies proposed that have fizzled out. And one of the things an IT pro has to be about their workloads is inherently a little conservative, because you don't want to sell your business on a platform that's going to disappear in five years time. So you want to know that it's going to get some legs underneath it. And whereas if you're understanding it as a compliment, you can then suddenly understand, oh my gosh, I can see where this actually will stick around because it's making things a whole lot better. It's not just, oh, this is a different way to run VMs instead of going and throwing it into a hosting provider. I can throw it into that. I'm seeing, oh, this management layer, and there's pros and cons. You can go and put your management layer up here, and it's really good for a lot of people, but there's also a lot of dials and switches that keep changing that make it a bit more challenging to become an expert on, because you're always dealing with sort of a moving target, whereas if you've got something that you deploy down here and you spend five years on it, you're going to really know the unit out of your management plane, because it has stayed stable. That is a completely agree with everything you're saying, and that's one of the things that actually customers have told me many times. The reason why we've gone to Azure is number one, you've proven, Microsoft, you know how to deliver this stuff on-prem. This stuff is going to stay around. Sure, we're moving a bunch of stuff into the cloud, but we know it's all going to get connected, and because we know that you know how to run on-prem, we know that you know how to run on-cloud, we also know that putting all these together, there's no one that should know better hybrid than Microsoft. And Microsoft can have that conversation that our competitors can't, where we say, you know what? You run it where it suits you. You don't have to run everything in the cloud, because not everything should run in the cloud. There's some things that should run on-prem, and there's some things that should run on the cloud. Our cloud-first competitors might be, well, we don't want you to run on-prem because we're not making any money out of that. We want you to run everything with us, and it might not make sense to you, even though it makes sense to them. Whereas I think, and I can't speak for the corporate strategy, what we're trying to do with hybrid is say, do it where it makes sense for you. I'm going to share my screen. I know I was trying to keep this conversational and not bring up slides, but I've got to bring up one here. So when it comes to complementary, this is one of my absolute favorite better-together stories. And this, to me, if you're an IT pro and you haven't at least looked at this, you're just way behind the ball. This, to me, is such an obvious hybrid cloud story, and the benefits are so huge, it's just right there for the taking. I mean, as real fall sink is better than chase kite. It is absolutely- I cannot tell you how many conversations I've had with customers about Azure FileSync, and literally the meeting comes to a complete stop where people raise their hand and start going, when did this come out? How come I've never heard of this? Real problems that everybody's got with mucking out their file servers and replication. So first of all- That's the thing. Our IT pros, they light up when they get those little nuggets of things that they make the connection about how it makes their on-prem well better. I mean, as soon as they learn about something like custom bandpass with lists back into Azure AD or dynamic thresholds for monitoring that you get with Azure Monitor monitoring your on-prem servers, they're like, I didn't realize that the cloud could do that for my on-prem environment. Yes, exactly right. I did not realize that you were Microsoft, you were getting- you were actually evaluating threats that are happening on the other side of the globe. You're actually updating Defender in real time. You're making those changes and deploying those out and by the time it gets to my side of the globe, you've already put in a mitigation in Defender. That is the power of the cloud where we can do things because we are at planetary scale. We can drive that scale to everyone and give you tremendous benefit. And also again, it goes back to the fact that we've been doing on-premises, whether you're a small-medium business to the largest Fortune 500 enterprises, globals out there, we know what those challenges are and we want to make sure that we're driving the right solutions. And to me, this is one of my favorite because I've spoken to so many happy Azure File Sync customers. And quite literally, it all started because at the end of the day, every customer has a file server. You know, everybody has a file. It's why servers first started. It's why servers are existent and it's the number one use case. It's because I need to share data. Now, I will always have the SharePoint guys coming to me and go, well, Jeff, SharePoint, I don't get me wrong. Love my SharePoint. SharePoint's awesome. SharePoint made file servers so much, much better. Took it to the next level. Don't get me wrong. But file servers are still everywhere. And since the dawn of file servers, no one has ever said, wow, I just bought a file server and I will never need more storage than what I've got today. Nobody has ever said those words, you know? No, because what happens is, I mean, there's even like a mathematical thing where is that a file is created and then it's got a certain life span before it's never going to be touched again. But we don't know easily what the probability is that there's certain files that if they haven't been touched for 90 days, there's a 99% chance they're never going to be touched again. But there's that one file and everybody knows because it'll be the file that you've removed from the file server and then someone comes to you and says, oh, look, we've got that Excel spreadsheet from like five years ago that we need now for an audit. Where is it? And you're sitting there going, um, yeah, we ship that tape off. Well, and how many IT pros have created, you know, they have the drop box for everybody in the organization or in an apartment and it's always running out. So you're sending the nag mail to please, hey, clean out your drop box, get rid of the old stuff. And everybody's got like, you know, everybody in the org has the same copy of the same PowerPoint deck 20 times over. And, you know, this is a real, real world solution that quite honestly is doing just gangbusters in terms of, you know, the amount of storage that Azure file sync is hosting on Azure. Because number one, it just is simple and just works. And to me, you know, you start with fundamentally, what is this about? Well, number one, you know, multi-site sync, it's for those customers that say, hey, guess what? You know what, I want to be able to easily share files between different locations and I have lots of things that I want to share between, you know, headquarters and my multiple branches. And, you know, whether it's user data, whether it's server data, whether it's, you know, all of that, it's, you know, file sync is there. But to me, the critical one is this, cloud tiering. This is just gold. I mean, think about it. You buy a file server, you set it up, you put a bunch of storage in there and it's out of storage. What do you do? Oh, I got to go buy some more storage. I've got to figure out, you know, how did I max it out? Do I have any more slots in my server? Do I plug in an externally? Do I got to buy some sort of device? How do I deal with running out of storage? It's the most fundamental problem. And here, Azure File Sync just makes this, no, we solved the problem for you. We basically sync. Something that we don't do with OneDrive or OneDrive for business is because the cloud tiering here either says, hey, what you've got is you've said, leave me this amount of free space on the volume or just automatically tier files that haven't been touched for a certain amount of time. Whereas if you're using one of these, sort of these desktop clients, you've got to sit there manually and go, oh, I don't keep this on my device. So eventually you've still got to go and do that manual process. And it's the automatic part of this is what makes this so fantastic because literally you set up a share and I love the simplicity of this solution, which is, look, I've got a share and you basically say, how much of this is going to be free? So if it's 100 gigabytes and you're going to say, guess what, or forget 100 gigabytes, 10 terabytes, 10 terabytes, how much of this is going to be free? Well, keep 25% of it free. That means the moment it's over that, you know what, it's just going to tear into the cloud. And what it means is, it means that that file server on-prem becomes a hot cache. And so all of the things that people are actually touching and manipulating and accessing is running right there locally on that server on-prem. It's all fast. It's all zippy. It's all good. And that stuff that you haven't touched in a long time, guess what? It's automatically teared to Azure. When you need it, click on the file. It looks like it's right there. There's a file there. You click on it. It downloads it from Azure. And the nice thing about it because it makes it transparent to the user. The user has no idea whatsoever that anything's changed. And when they don't know what's changed and if their cheese hasn't been moved, they're happy with it. Whereas if they had to go in and you had to have a manual process of click this button to request this file to be restored, you'd be like, nah, not one of that at all. That's not very good. But if they don't know about it, excellent. It's automatic. It's transparent. All you have to do is set the tiering policy. I mean, that is what transparent hybrid should look like. And so the cloud tiering is what makes this gold. And to me, the other features are just, wow, this is just icing on the cake. So cloud tiering's got you covered. Then, of course, you've got backup. And what's great about this is all is because guess what? This is going into the cloud. Guess what? I can now just use Azure backup to automatically back this up. And of course, I can do all of the encryption on the backup. And also this gives me a DR story. So this really is a comprehensive storage, hybrid storage solution that we're giving. So if that file server goes down, guess what? That's okay. The files are still available. They're all up in the cloud. Guess what? Plug in my new server, set up sync, and there we go. And so to me, And if the cloud gets corrupted, then you can just restore it in the cloud and then it replicates the portfolio endpoints. So this is an example of how I look at moving forward, how IT pros should be thinking about the next set of tools that they need to be thinking about. What are these hybrid tools? What is this management plane in Azure that I need to understand? How do I integrate Arc into my workflow so that I have a consistency of management, I have a consistency of policy, and I'm improving the service I'm providing to the organization. I mean, think about it. I've spoken to customers that had a 20 terabyte file server that they thought was going to last them years and years and years that was full, and they've basically come back to us and they've said, yeah, actually our 20 terabyte file server is effectively over 100 terabytes now because of all of the file sync work that Azure File Sync is doing. And the fact that we don't have to manage the moving of storage to the cloud that's an automatic process has made our lives so much better and has made us so much more productive because we're talking about folks with huge data sets. We've worked with folks that are in Hollywood that have been producing videos and producing trailers for movies and stuff like that. And for them, just the data manipulation and moving all of this stuff around the fact that this is automatic is an absolute lifesaver because they would have to have people just there to manage the data because they would go through it so quickly. So this to me is one fantastic example of the work that Hybrid can do to make everyone's life much better. And as I think about the stuff here on the right, the centrally managing from Azure, I'm seeing this start to grow in importance. When we started Azure, it was interesting that the stuff on the left don't get me wrong, the stuff on the left is still critically important. But this is where customers started with us. They said, Jeff, we want to extend into Azure. And it was kind of a conservative take, which was look, we know home is our on-prem environment and we feel good about this and we're going to use Azure as an extension. So for VM replication, for example, Azure Site Recovery, do that. Or Azure Filesync to extend my storage or use Cloud Witness, for example, for my failover clusters to provide me quorum and stuff like that. That's where it started. What we see right now is the right-hand side is the part where customers are going, wait a minute, we think that there is so much value in here because of the fact that, like I said before, and I don't mean to sound like a broken record, but the management plane is there. Microsoft is managing the management plane for me. I don't have to deal with any of the lifecycle management. I mean, I just think about, again, when we release a new version of a system center or any enterprise product, guess what? They're going to give you a bunch of training. They're going to show you how to migrate your data to the new platform. We handle all of this for you and we just deliver new features. We just light them up for you so that you can concentrate on delivering value back to the organization. I think as you were falsing an easy gateway drug into the cloud and I think that really the next one for a lot of IT pros who are very on-prem centric is as your update management because as your update management's value proposition is everybody's got the WSUS server on-prem that you sit there and you go, okay, it kind of does what I need it to do, but if you've got multiple sites and WSUS doesn't give you an audit of what's missing on particular machines and then suddenly by plugging things into with your update management, you can manage updates across your windows and your Linux systems, but it's very much that paradigm of your management layers in the cloud because you log on into the Azure portal and you say, right, I want to run this update deployment and then bang, bang, bang, bang, bang, you've suddenly got a group of computers that are compliant with a set of updates and I think that when I know I'm talking to people about hybrid and what's the value proposition of hybrid, I start with this, your file sync, that's solving one problem that you've got as your update management is solving another problem that's pressing for you right at the moment. Yes, absolutely, yes, and better scale, better resilience, better visibility that you're getting through update management, and then Azure Monitor. Azure Monitor to me is, to me, I look at one of the most popular features of System Center, it's been Operations Manager for so long, and by the way, I keep benching System Center, I don't want anybody thinking I'm bagging on System Center that I don't like some System Center or that System Center is going anywhere because by the way, for those customers that are completely have some of these air-gapped environments, guess what, that's what they're using to manage it, they're absolutely using System Center, so there's plenty of cases where System Center continues to be adopted and continues to grow in those scenarios. Certainly cases where you can integrate System Center with this management plan, so you can have Operations Manager where you've got all your management packs collecting certain sets of data, and then using that as a funnel to shunt it up to Azure, so it's not, again, the cloud is complementary to On-Prem, it's not a replacement for On-Prem. Yes, and the fact that we're also building kind of a community up there as well, so policy is a good example of this. In Azure policy, we actually have a bunch of policy built into Azure so that when, a lot of people don't realize this, when you deploy a VM in Azure IaaS, there's a whole bunch of policy we help you out with that we automatically include to provide a consistent environment, and there's a whole bunch of policies that are already there. So for example, you may say, hey, I'm working in this type of vertical or this type of vertical where these types of policies are recommended or some of these policies are required, and you can literally say, well, then I want that policy profile. Well, now we're in a world where you can say, hey, by the way, that's not just what's happening in Azure, but that's also what I'm deploying On-Prem. And so that can be Azure Arc for services, and by the way, that could be Azure Arc running in a VM or VM, that can be running in a Hyper-V VM, that could be running on physical. And so again, as an IT Pro, think about what we're doing here. We're giving you the next set of tools for your toolbox. These are the things that you should be learning. These are the things that you should be comfortable with, because like knowing Active Directory, like knowing System Center, guess what? These are going to be the next generation of tools that are going to be important on your resume, they're important on your CV, and really, there's so many ways that you can plug into the community, learn more, heck, put your own policies in there. You may have a policy, guess what? I thought of something that no one thought of, please, add it to there. Give us your feedback. Let us know how are there things that would be useful to you? Maybe you're in a very niche vertical or something like that. You want to add your two cents or two? We'd love to have it, because this allows us to better figure out what are the right consistent policies that we can help folks with. So I just want to angle this conversation back to the SMB space for a moment, because that's an area that I spent a long time and as a managed service provider. And I know that Pierre has recorded a great session about Azure Lighthouse, and I've been watching with interest the capabilities of Azure Lighthouse grow alongside with the Azure Arc capabilities. You can certainly see that the roadmap for that is very much looking like expanding that management plane over multiple different environments. So if you haven't taken a look at Azure Lighthouse, what that does is it gives us the ability to get visibility of different Azure environments through the one Azure portal plane, and that includes PowerShell and the CLI for running your commands. But now if you put yourself in the shoes of a managed service provider, instead of having to log into different environments with different credentials, or it's similar to a form of delegated access control where I can now get access to different customer environments from this one control plane, get visibility of them all on the same page and manage them all at the same time. And it's controlled by the customer in so far as if at any time they want to see the activity of what I've been doing in their environment or they want to revoke my access completely, they have the control to do that too. The interesting part is seeing where Azure Arc is fitting into that now. And so not only are you getting visibility of your customers cloud environments, but you're getting visibility of their on-prem environments no matter where they have those servers or their data sources, we're seeing more compatibility through Azure Arc to get visibility of those in the same plane. And I think it's just a great story that the management tools that we're talking about, this plane inside Azure for controlling things isn't just applicable to the large entity and to the enterprises. Azure Lighthouse is interesting in that it's also got some great use case scenarios for larger enterprises that themselves are running multiple Azure tendencies. And so outside of the MSP space, that's a whole different use case for a lot of our multinational customers. But if I'm starting out my IT career, if I'm working in a smaller business, those skills that I'm going to pick up learning things like Azure Monitor, Azure Policy, Azure Sentinel and how Azure Arc integrates in that control plane, they're going to suit me whether or not I'm working on one customer that's got five servers, whether I'm working on 10 customers that have got one or two servers each, or when I step into the enterprise world, if I want a career change and I want to go and work for a much larger company, hey, guess what? It's still Azure Policy, Azure Monitor, Azure Sentinel. And those tools are just so ubiquitous across your career as being a new cloud foundational skill for our IT pros. Oh, Sonia, thank you so much for bringing this up. Yeah, you hit the nail right on the head. Kudos to you. Thank you. You're so right. It's easy to forget. We talk a lot about enterprises and large organizations and sometimes it's easy to... I don't want to heaven forbid overlook our tremendous customers in the SMB space because there are just so many of them. There are millions of them. And you're absolutely right. A lot of these small, medium businesses, they work with partners that help manage their environments. And if you're one of those organizations that is servicing lots of different customers and they're all using Azure, it's important that we build a solution that allows you to manage all of those different customers. Do it securely, of course, because you're talking multi-tenant environment here. You may have to deal with different licensing models. You may have ESPEA, CSPs. You may have pay as you go. I mean, oh my gosh, between licensing business models, tenancy and all of these things, it can be challenging. And at the same time for the customer, you know, the customer, just because they're a small, medium business doesn't mean that they don't want to see what work is being done by the partner. So being able to delegate management, delegate permissions, audit the work that they're doing, totally get it. And you bring up an excellent point. And that's what Azure Lighthouse is designed to do was customers, obviously, they choose a partner that they trust and they expect to support them. But at the same time, you also want to, it's a two-way street and you do want to be able to check and hey, did those changes I request happen? Can both sides audit and see what's going on? And most importantly, can the business partner securely manage different environments in different locations and do it in a way that makes everyone happy? And you're right, Azure Lighthouse is a huge initiative by us to make sure that we have solutions that scale all the way down to really small businesses that, you know what, they want to focus on providing their service to their organization, however big or however small they are, and they may have a partner that handles the IT for them. And you know what, they don't want to think about Azure. They have a Microsoft trusted cloud solution provider that does it for them. So yes, thank you for bringing that up. Another thing to think about to pivot yet again is that management isn't just cloud down. One of the things that's very important for people that are Windows Server people is the new management tools that allow them to manage parts of their infrastructure up. I'm talking specifically about Windows Admin Center and all of the hybrid capabilities that are being lit up in Windows Admin Center and that really, if you're going to take a step into this hybrid world that you really need to be starting to use those tools there to connect up, not just to come down and that hybrids a story about that maybe it works for you that way or maybe it works for you that way. Yeah, so Admin Center is super near and dear to my heart. I've been begging and pleading for Windows Admin Center for a very, very, very long time. And I have to tell you it has been so gratifying to see the customer response. It's only been out just over three years. We know that there are millions and millions of servers under management with Windows Admin Center. And for those folks who haven't played with it yet, please go download Windows Admin Center right now. If you played with it a while ago but you haven't touched it in a while, trust me, it's changed dramatically. Why? Because it's been changing dramatically since the very first time we released it three years ago. Admin Center has become this really go-to tool not only for helping you manage your servers on-prem in Azure, in the cloud, connecting to create these hybrid environments. For example, the Azure Filesync that we talked about. One of the things that I remember talking to the Azure Filesync team was, guys, this should be automatic. I should be able to click, click, click through. And Admin Center will automatically configure my file server without me ever having to touch the file server. And it does exactly that. You use Admin Center, connect it to your file server. You don't need to already pee into it. It's all communicating remotely. It'll install the agent. It'll configure the resources with Azure. It'll take your subscription information. You literally walk through it. You type in your Azure policy and boom, you're done. And you never literally logged into the server and touched a thing. I was doing a demo yesterday that was really cool in that it was Storage Replica. And Storage Replica replicates one volume to another volume. But in Windows Admin Center, you go Storage Replica and it goes, do you want to replicate to another server? Or do you want to replicate to it as your VM? You click as your VM. It spins up the VM for you. You never have to go into the console. And then suddenly it's replicating your volume from on-prem to Azure. So again, there's a disaster recovery. Let's click, click, click down here that uses all the hybrid technology up here to make on-prem better. Yes. And Azure Site Recovery was actually one of the very first hybrid capabilities we built in. I remember we demoed this many Ignites ago, but literally, select a VM, click on replicate, and boom, you're replicating in Azure in like two or three clicks. And I say two or three clicks because we literally count clicks. My goal is I always tell guys, tell the team, it's got to be single-digit clicks. If we get into over 10, it's taking too many. Why is this taking so many clicks? We got to keep that number down, keep it simple. Do everything that we need to do, but let's really make sure we have the right actions we need there. And the team has nailed it, and we've continued to grow on our hybrid capabilities, whether it's creating an extended network, whether it's creating a site-to-site, a point-to-site VPN, whether it's a site-to-site replication, we've been adding more of these hybrid capabilities. And one other thing I want to point out about Admin Center is Admin Center has continued to grow in its functionality. When we launched Admin Center early on, it was, okay, it's to manage your Windows servers. Oh, then we added, by the way, we added the ability to do hybrid capabilities. Then we added the ability to deploy an Azure Stack 8 CI cluster. You may not have realized it for folks, so this is something we just released literally in the last week. There's an Azure IoT Edge plugin now in Admin Center. So now, all of a sudden, what this will do is actually deploy a Linux container. Did Jeff just say Linux? Yes. It'll actually deploy a Linux container on Edge IoT. So I've had, for years, I've had people go, well, Jeff, this only manages Windows Server. It doesn't manage Linux. And I said, well, we don't do anything to preclude that. We don't do anything to prevent it. There's nothing that limits. We've actually made Admin Center as a pluggable console. We just haven't built a Linux plugin because we're really super busy on the Windows Server stuff, the Azure Stack stuff, and the Edge stuff, and the Hybrid stuff. Well, now this new Edge IoT actually deploys a Linux container for Edge IoT. So that's in preview, if people want to play with that. But it just shows you that Admin Center is also one of those tools you need in your toolbox. So my hope with it is that eventually I can do everything that I could do in a console. So everything from Active Directory users and computers or an equivalent, and then a version that does the hybrid version of that. So Azure AD Connect all sits in there as well. Certificate services, Wins server. Aranya, you're trying to kill mmc.exe. Yes, because eventually that's the only way that we eventually move on for it is for all of that functionality to be replicated so that I don't have to sit there and go, you know what, I need to do this tricky thing. I need to go up and spin up an MMC because I can do it all in Admin Center, or if I really want to in PowerShell. But Admin Center allows me to do it quickly. PowerShell is if I want to repeat doing it. But what I want to eventually get to the point of doing is I would love to retire the server manager console and I would love to retire Microsoft management consoles. Have them there, have them as optional features that I can add if I need them. But if I can do everything through WACC, my life is a lot better. For folks listening, go back and listen to what Oran just said like three more times. I loved what you said there. For easy to use, it's WACC. If stuff I want to repeat, it's PowerShell. Yes, it's the right tool for the right problem. And every so often someone will come onto my social feed on Twitter and complain that this needs more automation or why aren't you doing automation? I'm like, wait a minute, wait a minute. There's this thing called PowerShell. What are you talking about? What are you talking about? PowerShell is awesome. It's fantastic. And it's not PowerShell or Admin Center. I'm not telling you to get rid of PowerShell and I'm not telling you that you should always use PowerShell. Use the right tool. And those tools, you'll notice PowerShell, Admin Center and the Azure console, the Azure portal, these are all complementary things. They all fit in your toolbox. And that's what Hybrid is. It's a complement on-prem. It's not a replacement for on-prem. Absolutely. I think if we'd talked about it that way 10 years ago, we would have had people much more less concerned about the cloud because some of the ways that it was talked about, it was talked about, we're going to replace you with the cloud. And it's like, no, that's not true at all. What the cloud is is going to give you much bigger toolbox and much newer tools, but you're still going to be doing the same stuff. Right. Absolutely. Absolutely. And I keep telling people, in fact, I'll even say it now, look, we've been releasing, going back to the last 20 years, we've been releasing a Windows Server release every two to three years like Clockwork. Every two to three years like Clockwork, new version of Windows Server. Spoiler alert, that's going to happen again. We're going to release a new version of Windows Server within two to three years of the last one. Spoiler alert, we will, after that, spoiler alert, we will, after that too. We will continue to do that because guess what? That's what the market demands. That's what we need. It's a reflection of the death of Windows Server being greatly exaggerated. I know. It's hilarious. Folks, I keep telling people, look, Windows Server is going to be shipping long after I retire, and I don't plan on retiring anytime soon. And what I look at is, look, our goal is to figure out to give you the right thing to solve the right problem. And Azure Stack 8CI slots right into this as well. Azure Stack 8CI, number one, hybrid is built in. Hybrid is first class, that whole management console that we've been talking about with Azure Portal, Azure Stack 8CI is a first class citizen right there in the Azure Portal. And every time I demo this and I show people, like you can just literally see their mouths drop to go, wait a minute. Yeah, you just registered Azure Stack with 8CI and now it appears in the Azure Portal and that's all. I didn't need to download any agents. I didn't need to install any nonsense. No, it's just built into the product. And now I have insights from the cloud. And if I wanted to deploy Kubernetes on it, if I wanted to deploy Azure Monitor, if I wanted to deploy Azure Security Center, deploy Azure Policy, it's all right there. And it's just a different way of thinking. It's just a different way of thinking because again, most of us come from an on-prem world moving to the cloud. But once you've seen that, guess what, the cloud can do all of these things for your on-prem world and it's this bi-directional cloud goodness, it's fantastic for everyone. Well, I think that we've probably reached a great point to end this conversation. So thank you very much, Jeff, for your time and everything that we've talked about. It's been wonderful. You are quite welcome. Yeah, that was amazing. We could carry on much longer, but we will let our viewers go back to see the other great sessions that we have in this event. We know you've all got limited time. And if you enjoyed this conversation, come and tell us your thoughts. Do you agree with us? There's some things you disagree with. Come and tell us what you think at aka.ms4dslashops107-chat. That is the social chat for this particular session. And if you're interested in any of the other sessions from this event, come and find us at aka.ms4dslashitops-talks, then you'll be able to see all of the other great technical talks that we've had in this event as well. Jeff, thank you so much for your time. It's always a pleasure and I just love that we've able to have this chat about all of these topics that are so important for our IT pros. A huge thank you to both of you. And most importantly, a huge thank you to all of our users, our customers, our friends out there. We want to make sure we're delivering the right thing for you guys to be successful. And we appreciate all your support. Keep the feedback. Keep coming. Try out Azure. Try out Windows Admin Center. Download Azure Stack 8CI. Lots more to come. We've got a busy 2021 ahead. Bring it on. Thanks, Jeff.