 Hi, welcome to Microsoft Azure Hybrid Solutions. My name is Mark Krasinovich, I'm Chief Technology Officer and Technical Fellow for Microsoft Azure. So to understand Azure's hybrid solutions, it's important to understand how that fits in the overall context of Azure. You might think of Azure as cloud in hyperscale public cloud regions. Of course, that is where Azure started, and that is where you're going to get the most value and scalability. However, Azure spans this entire spectrum that you see here, all the way down to tiny devices that fit in things like coffee machines that are integrated with Azure, and many points in between. We have Azure Edge Zones for example, and then for your deploying Azure services and capabilities in your own data center, we've got Azure Private Edge Zones, and we also have Azure Stack Hub. Azure Stack Hub being a fully cloud consistent version of Azure. They can even run disconnected from the public cloud in as small as four hyper-converged servers in your own data center. It also includes Azure Stack HCI, Azure Stack Hyper-Converged Infrastructure, which also runs in your own hardware in your own data centers. I'm going to talk a little bit more about that in a minute. Then finally, it includes Azure IoT devices, which are Azure IoT SDKs that can be installed in Raspberry Pi's and other IoT class devices that integrate up into Azure's IoT solutions and allow you to stream data, send control messages, and deploy applications onto those classic devices. When we talk about Azure's hybrid solutions, there's a whole spectrum of them beyond just the hardware integrations that I've talked about. For example, at the bottom, Microsoft's always been focused on integrating your own on-premises capabilities with Azure and either bringing value from Azure down to your on-premises data centers or integrating your on-premises data centers and applications with Azure itself. We've got support for management that I'll talk more about in a little bit later. We've got support for security identity. For example, Azure Active Directory has ways for you to do single sign-on from your own on-premises Active Directory deployment into cloud services, whether they're Azure's cloud services, Microsoft's in general, or even third-party SaaS and PaaS offerings. Security hybrid has been a focus of ours from the start, so Azure Security Center lets you deploy Azure Security agents on your own infrastructure and then get deep insights out of that in Azure's and also policy applications and compliance reports and Azure Security Center. We've also got support for hybrid application and data services. So SQL, for example, has support for backing up to public Azure. Windows Server supports back up to public Azure. We also have been a big focus on DevTools and DevOps, which are also focused not just on developing applications for Azure's public cloud, but being able to develop applications regardless of where they get deployed, including your own data center. There's a set of offerings that are specific to Azure and integrations with Azure. I already talked a little bit about Azure Stack with Azure Stack Hub and Azure Stack HCI. We also have made a big investment in a relatively new offering. We announced about a year ago called Azure Arc. What Azure Arc does is recognize that you've got on-premises applications and infrastructure, that you might want to bring Azure capabilities to. Those Azure capabilities include things like monitoring, management, including applying policies, a role-based access control, and control plane operations where you can leverage Azure's APIs and Azure's portal to directly interact with those on-premises resources. We have several initial offerings in the Azure Arc category, including Azure Arc for server where you can take servers and register them with Azure and get ability to deploy extensions and agents into them, monitor them, role-based access control, control of access to them. Kubernetes support for Azure Arc where you can register your on-premises Kubernetes clusters with Azure, and again, take advantage of all those capabilities, and Azure Big Data Clusters, which are SQL Postgres that run on top of Kubernetes deployments on-premises. These initial offerings are going to expand, but the idea here you can see is I've got an existing virtual machine sitting here on-premises. I'd like to bring Azure management and monitoring and security capabilities to that virtual machine and that's what Azure Arc lets you do. I'm going to focus in this presentation on highlighting some of the ways that Azure Arc lets you do that and some of the power that it brings. Then finally, the category of high OT is a big focus of ours. Intelligent Cloud, Intelligent Edge, bringing machine learning out to the edge, dealing with scenarios where latency and bandwidth or data sovereignty might prevent you from putting a workload or putting that data up in the public cloud. It has to be close to the endpoint, sitting in the environment, and so that is a focus of our IoT solutions. Like I said, I'm going to focus here on Azure Stack HCI and Azure Arc. The reason I'm focusing here is because these are very easy ways for you as an enterprise operator to be able to take advantage of Azure with minimal effort and take it and leverage its capabilities in place. It's the easiest way that one of the ways to adopt the cloud is of course to do cloud migrations. Lift and shift your applications, modernize your applications, deploy them to the cloud. Those are typically longer journeys requiring deep analysis of your workloads and planning for architectures and then planning for those movements. In the case of Azure Stack HCI, it is easy to adopt, very quickly to adopt capabilities from the public cloud. Azure Stack HCI, you can see in here is on-premises, so you bring your own server hardware, your own hyper-converged servers from the OEMs that you traditionally will work with, and it provides a number of capabilities to that infrastructure. It includes things like security monitoring. It includes the ability for you to do backups, backups of those virtual machines to the public cloud and take advantage of that cheap, highly reliable, highly available public cloud storage to back up your own on-premises infrastructure. It includes support for update management and orchestration of updates across that infrastructure. It also includes the ability for you to do monitoring, and that monitoring is for health analytics monitoring, as well as for security monitoring of that infrastructure. All of that is what Azure Stack HCI brings to the table by leveraging capabilities in public Azure. Azure Stack HCI may be something you're familiar with, because you've been following our data center evolution for several years or it might be something new to you. Regardless, you might be wondering, how does that relate to our Windows Server strategy? What I'm going to do is explain how they're similar and how their focus is a little bit different. First, we're investing heavily in both of them. Azure Stack HCI is our focus of relatively new. We've got a roadmap of awesome new releases. Windows Server is something we've been working on for decades and we continue to evolve and mature it and enhance it with new Cloud native capabilities. But the way that they're different now is Azure Stack HCI is really focused on being a great virtualization host or a great virtualization platform. Whereas Windows Server is focused on being an awesome guest, meaning where you're going to be actually running your workload leveraging the capabilities of Windows Server as a runtime, either in a virtual machine or on top of a bare metal server. That means that Azure Stack HCI is the future of Hyper-V virtualization and our software-defined data center roadmap. So things like software-defined networking and software-defined storage and bringing that to your own on-premises infrastructure, that is Azure Stack HCI. Whereas Windows Server is going to continue to evolve and fulfill its capabilities of delivering great Windows Server roles support, including things for like DNS, DHCP, Active Directory, and file services and web serving. Whereas Azure Stack HCI is a great virtualization host, aimed at supporting any type of virtual machine, operating system, any type of guest, whether it's Windows Server or any of the flavors of Linux that it's supported. Windows Server, of course, is going to be a great platform for running Windows apps as well on top of it like SQL Server. So you can think of one as virtual machines, the other one is Windows Server apps and roles. This is where they're a little bit similar and also a little bit different because Azure Stack HCI is designed to run on your own infrastructure in your own data centers. You can think of Azure Stack HCI as being the on-premises implementation for your own enterprise of infrastructure. Whereas in public Azure, we've got a version of Azure Stack HCI with software-defined data centers running in public Azure data centers. Windows Server though is designed to run anywhere, whether it's in your own hardware on Azure Stack HCI and bare metal servers in your own data centers in public Azure or in other clouds as well. Now, if we take a look at the Azure Stack HCI architecture, you can see at the bottom we've got a hardware ecosystem and these are going to be all of the OEMs that you've purchased your hardware through supported by Azure Stack HCI. On top of that, we've got the Azure Stack HCI operating system, which is a distributed operating system that supports software-defined data center like I talked about and on a per node or per server basis, that's where you're going to see Hyper-V at the foundation of it. On top of that, you've got your Windows or Linux virtual machines, as well as support for AKS on Azure Stack HCI. This is our bringing a compatible Azure Kubernetes service that we've got in Azure down to your own infrastructure so you can run your Kubernetes workloads on top of Azure Stack HCI with integrations and optimization with Azure Stack HCI's infrastructure. Then on top of that layer, you're going to have your virtual apps that run in virtual machines, you're going to have cloud native apps that run on top of Kubernetes, and you're also going to have ARC enabled data services, and I'll talk about that in a little bit later, but ARC enabled data services, again, SQL and Postgres, those are going to be running on top of Kubernetes, whether it's AKS on Azure Stack HCI or other Kubernetes distributions. Then finally, on top, we've got your run times and other applications that you're going to build on top of this foundational layer. You can see over on the right side of the architecture diagram that we have Azure ARC, and I already talked about ARC enabled data services. I also, going back, talked about how Azure ARC can be enabled on your virtual machines. This is where you would register those virtual machines, Windows or Linux virtual machines with Azure ARC, and then get ARC management, monitoring, and security capabilities applied to them. But Azure ARC also deeply integrates with Azure Stack HCI itself. To demonstrate that, why don't we go take a look at how we can register a file share in Azure Stack HCI, and have that be managed and accessible through Azure. Here you can see my dashboard in Windows Admin Center, and what I'm taking a look at here is the Azure connection, the status of my servers, and the status of my drives. What I'm going to do to demonstrate some of the capabilities of Windows Admin Center on top of Azure Stack HCI, is go create a new file share, and show you just how easy it is to create a very resilient file share all from this UX, and to demonstrate that resilience, you get right out of the Azure Stack HCI infrastructure. So first, let's go create a volume. I call this volume here demo, volume, and we want it to be a two-way mirror, just so that it can be highly resilient in the face of any particular server failure. We're going to create that volume as a virtual size of 20 gigabytes, and you can see that that's the amount of space we were actually requires double that because it is a mirror, and then we create. This is being created right on top of that Azure Stack HCI storage pool that we've registered. Like I mentioned, we want to be able to share out that volume to our enterprise users. And so the next thing we're going to do is to go create a file share on top of it. And here you can see that we're going to select the volume that I just created, call this demo, share, and create that share. Skip through the defaults here and create it. And you can see here we've got it created, so we can immediately go open that share now, and you can see it's empty. Go back to Windows Admin Center. You can also explore the share from there. And this is actually all of Azure Stack HCI's shares or volumes, and here you can see I go up in the demo volume I created and access the demo share that's registered on that top volume. I'm going to upload some files directly in Windows Admin Center to that share on that volume. And then we've finished the upload. I can go back into Explorer on that share and double click that and you can see we've got a bunch of client records inside a zip file now. Now I've just uploaded this and the active node on that mirror is node one. So to demonstrate the resiliency that I've just gotten out of the box here, I'm going to shut down node one on this Azure Stack HCI infrastructure, shut it down. And we go back into Explorer and Windows Admin Center and you can see that here we are on node two, which is still up in active. If I go to the file share there, we're going to find that our files on that share were synced. And so, even though obviously despite the fact that we've had a major failure here of a node because that was a two way mirror on top of Azure Stack HCI, completely transparent to those end users that were interacting with the share. So that's a quick look at Azure Stack HCI and some of the capabilities you get out of Azure Stack HCI managing your infrastructure and presenting capabilities and services on top of it, including support for creating highly resilient volumes and file shares on top of those volumes. Now let's talk about how to leverage the power of Azure on top of your Azure Stack HCI infrastructure. And that's where we get back into Azure Arc. And I've talked about Azure Arc for servers, registering your virtual machines or your bad metal servers with Azure, which allows you to access them through the Azure portal through the Azure CLI and get those benefits of policy security and monitoring on top of them. Azure Arc for Kubernetes rather, which is registering your Kubernetes clusters. And finally, Azure Data Services on Azure Arc where you can take your big data clusters and run them on premises on your own infrastructure. So here's a deeper look at the architecture of Azure Arc. At the bottom, you've got resource specific tools like your Kubernetes native tools, your server admin tools, your Git repo, your other tools that are gonna be leveraged, you're gonna be leveraging in your on-premises infrastructure regardless of whether you connect them up to Azure Arc or not. At the very top, you've got management experiences and management services that apply to Azure Arc. Like I mentioned, monitoring, role-based access control, insights into the security policies that you've got and insights into the monitoring that is being generated by what's called Azure Resource Manager, which is the universal control plane to Azure. And let me stop here for a second and talk a little bit about Azure Resource Manager because understanding Azure Resource Manager I think will really drive home a deeper understanding of Azure Arc. ARM, Azure Resource Manager is the universal control plane for all of Azure. All of Azure's infrastructure and platform as a service offerings plug in to ARM for their control planes. What that means is that ARM is effectively the front door for Azure. And as the front door, it can provide uniform capabilities across all of these services. Those uniform capabilities are the ones I've been talking about. Role-based access control. So there's a common way to apply role-based access control across all of Azure services because they all plug in to ARM. Similarly, for monitoring on that control plane, you get that right out of Azure Resource Manager because all of its control plane operations for all Azure services go through ARM. ARM logs all that to an activity log that you can then go look at for security insights and for business and service health insights. And then policy is something else you can apply and organization of your inventory. So grouping collections of resources that are instantiated through Azure ARM as possible through the use of Azure policy and Azure management groups where you can attach policy to groups of resources that have similar purpose and require similar compliance and security rules. And governance and compliance, of course, is a key part of that. Now, when you talk about Azure Arc for virtual and physical servers, that means installing an Azure Arc agent inside that virtual server that is, or physical server that's registered with ARM through the ArcRP or resource provider. And now what that does is light up those servers into ARM and you get those ARM capabilities. Similarly, for Kubernetes clusters, once you register that Kubernetes cluster by after you install the Arc agent for Kubernetes in that cluster, register it with Azure Arc. At that point, it shows up now as a Kubernetes cluster through Azure Arc and Azure's portal and Azure's command lines. And now it's part of Azure's control plane. And the same thing happens for Azure Arc data manager which registers your SQL or your Postgres DB clusters with Azure Arc. Again, giving you those same capabilities up into Azure's portal. And you can see where this is going. Really the Azure Arc agent by registering a resource with Azure ARM and providing that control plane plugin, you automatically get all of the capabilities, all of the riches, support for templates, support for governance, support for security insights on top of Azure security center on top of Azure Sentinel, which I'll talk about a little bit later, just by virtue of plugging in. So no easier way to get all of these capabilities and consistency with everything else you're doing in Azure by registering your resources with Azure Arc. So let's take a look at Azure Arc in action on top of Azure Stack HCI infrastructure. So here I'm back in Windows Admin Center. Now this time, instead of looking at volumes, I'm gonna take a look at virtual machines. And so here we're gonna go to the virtual machines menu. And you can see that I've got a couple of them. And I've got one here in the stop state, this Windows Server 2019 virtual machine. Let's start that virtual machine by powering it on and then we're gonna connect to it. And you're gonna see that this is a fresh virtual machine. We've got the server manager dashboard that comes up by default on this brand new clean image. Now, when I go to Microsoft Azure's portal, you can see I just did a refresh. And because we had that Arc agent installed and registered that virtual machine with Azure, it shows right up here in the Azure portal. And it shows right up here with a bunch of different capabilities offered up to me, like security monitoring policies, those things I've been talking about for me to readily access right here. One of the things I mentioned, which is a really powerful capabilities that is consistent with public Azure is the ability to install agents into those virtual machines. And what I'm doing here is installing the Microsoft Log Analytics agent, which is Microsoft's monitoring agent, which we install into public Azure virtual machines here onto my on-premises virtual machine. And you can see I've registered it with my Log Analytics workspace. And what that means is that now I'm gonna start getting logs automatically from that Windows server machine, the event logs, sent up into Azure for me to be able to look at. You can also see that I'm able to connect and manage that virtual machine right here from the Azure portal. So I'm connecting through RDP back to my on-premises infrastructure into that virtual machine. And when I do a control, I'll delete and pull up task manager. You can see that I've installed that monitoring agent and in fact is already in there in that virtual machine and running and now collecting data that's being sent up to Azure for us to be able to mine in ways for security analytics as well as health for that virtual machine. So we've just seen me create a volume on top of Azure Stack HCI, look at a virtual machine on Azure Stack HCI, install the Azure Arc agent so that I could see it up in the Azure portal and start managing it and getting the capabilities through ARM that I talked about. We actually used one of the really cool capabilities for Azure Arc for servers which is installing extensions into it and the extension I installed into that virtual machine was the Azure monitoring agent, the same agent we apply everywhere in Azure. Now that I've done that, I've got this foundation on which I can start to provide really cool value added services on top and capabilities on top of that. And one of them is security insights. I've already talked about Azure Security Center and one of the things that we get right off the bat when we've registered one of those servers with Arc is the ability for that server to show up in Azure Security Center and for me to be able to see is that server patched, what kind of vulnerabilities are exposed on that server. But one of the other things I get now with the log agent in there is the ability to do deep security analytics on top of what's coming out of that virtual machine in the same way that I would do across my entire Azure portfolio. And that is through a service that we've got called Azure Sentinel, which you can think of as next gen XDR or a SIM in the cloud, SIM as a service. And it's really taken off because of its incredibly powerful capabilities and ability to join lots of different data sources together so that you don't have islands of security information. You've got basically a lake of security information. And that is really important when it comes to security because so many times a security threat isn't isolated to a particular resource but actually spans resources. If we see threat actors doing lateral movements and what they're doing on a virtual machine is relates to what they've done on your network, what they've done in your identity system. And with all of these data sources being aggregatable into Azure Sentinel, now you can get insights and visibility across all of those different areas where the threat actors acting. This slide takes you a little bit deeper into the architecture for Azure Sentinel. And you can see, like I said, all of these different data sources. Your on-premises SIM can pump data right into Azure Sentinel. We've got Microsoft threat intelligence which we're providing our own information into Azure Sentinel and I'll talk about how we use that in a second. You can get data from other public clouds and pump that into Azure Sentinel. All of these different data sources because it's so extensible, really data can come from anywhere. And of course, we've got built-in connectors for existing Azure resources, Azure Active Directory, Azure ARM activity logs, all can be dumped into Azure Sentinel. And at that point with log analytics, being able to, for you to be able to do your own queries across that entire data set of security signals, be able to say, where have I seen logins from this particular user across which assets and at what times. To having analytics rules, heuristics or even machine learning algorithms surface things up as incidents. So we're anomalies here and there are low fidelity signals, having intelligence combine these things together and surface things up as an incident where we have a high fidelity probability that we've got a threat actor working across those resources that Sentinel has access invisibility into. It also has supports for Jupyter notebooks. And so this is something that is becoming more popular for security analysts is to be able to sit with a Jupyter notebook and run Python commands atop that database of security signals, to be able to ad hoc, get insights and even come up with workbooks and solutions which include automation where you can have direct automated responses to particular kinds of activity. So once you've done an analytics on a particular threat, for example and you see that a threat actor is operating in a particular way and you have a mitigation in place, a mitigation which requires a number of steps and operations on your infrastructure. At that point, you can automate that with the workbook and have that automatically run. Now when that incident fires, the mitigation kicks into place or alerts go out to security operators. And then all of this of course relates to the ability to hunt. So one of the things that Azure Sentinel also does is present that security information up in a graphical form that allows you to see the relationship between different objects that have events being emitted for them and also track security incidents in those anomalies and understand the incidents from a graph perspective that even spans resources across different assets. So to see Azure Sentinel in action and the kind of value that it can provide on top of the layers that I've been building up here in Azure Stack HCI. Next, Azure Arc. Let's go take a look at Sentinel looking at our virtual machine. So here we are back in Windows Admin Center and you can see here that when I take a look at the servers, we've got two servers. These are node one and node two in our Azure Stack HCI cluster. And when I take a look, you can see that we've got them registered with Azure and Log Analytics Agent injected into them, pumping data into our Azure Sentinel workspace here. And you can see now that I've got that data flowing that we can see events and alerts over time. You can see that I did have an alert because I was doing some testing on this and we've got a map down at the bottom which if there'd been a recent alert we would have seen exactly where in the US based off IP address location that alert came from. I mentioned the ability to plug in lots of different data sources into Azure Sentinel. You can see here are the list of connectors that you could register and I'm registering Azure Activity Log which is the ARM logs so that they start flowing into my Azure Sentinel workspace. And so I'm doing that connection right here. And that is an example of a first party integration for Azure Sentinel. But one of the value propositions of Sentinel is it's not just Azure, it's also Microsoft services as well as many third party services as SIMs, appliances, you see Windows Firewall there, you can see Syslog there, you can see lots of different vendors have their offerings integrated with Azure Sentinel through these connectors. And so we can have like I said, a security lake, a security data lake with Azure Sentinel. Now to show you the integration with our on-premises Azure Stack HCI deployment here that I've got ARC enabled, I'm going to after doing much work to force Windows to let me do this because Windows Defender is pretty good at detecting Mimicats and installing Mimicats on this server. Mimicats is notorious hacker tool for dumping credentials out of the local security authority, the local credential database on a Windows server system which allows an attacker to get the credential and then to perform lateral movements across your network. So a very dangerous tool if it's allowed to execute and one that you certainly if it executes or even attempts to execute on your servers, you're going to want to know. And you can see here because we integrated with Azure Sentinel and Log Analytics, we immediately got an alert, a high priority alert with a high fidelity signal which is actually an incident based off of four discrete events that are Mimicats running on that. And you can see that we have this is an unresolved event. You can see this high severity. We can change classification of this for future reference and executions of the same incident. We also can set bookmarks on this. We can track the entities and we can set up workbooks in response. So for example, we could have a script that goes in, does a mitigation like deletes Mimicats or performs some other mitigation like restores Windows Defender if it's been disabled on that server, automatically execute. So you've seen here in just a short time I took an Azure Stack HCI cluster. I was able to show you how Azure Stack HCI lets you manage that infrastructure very easily and create highly available, highly reliable services on top of the software defined data center technologies that are part of Azure Stack HCI. Then I showed you how to arc enable your infrastructure and how once you've arc enabled it a lot of other capabilities can come on top of it including one of the key ones which is security insights through Azure Sentinel. Again, very easy low touch ways for you to start taking advantage of Microsoft's and Azure's hybrid capabilities for your on-premises infrastructure right where you are without having to go perform complex architecture migration plans without having to worry about where your data is but immediately getting value out of those kinds of integrations. And so that just gives you a flavor for what we hope to share with you at this hybrid IT ops event. And you can see a bunch of the other sessions that we've got here that go deeper into the things that I've been talking about as well as talk about other aspects of our Azure hybrid offerings that I didn't have an opportunity to share with you. But again, wanted to get you excited about what you've got available to you very quickly and easily so that you can become a hero adopting cloud technologies for helping you get your jobs done in your on-premises data centers. Thank you very much. Hope you enjoy the event.