Overview of the data center and the cloud
Over the years, we have shifted our data centers strategies quite significantly as it relates to the hardware our services run on. The OS types, versions, and virtualization of those services have recently shifted to fully cloud-based technologies. A traditional enterprise data center typically consisted of mainframes to store and access information. Data centers during these times were located on location or at a separate facility under management of the organization. As technology evolved, there was a shift from mainframe to server-based data centers. This is where the Windows Server family became widely adopted and grew in popularity.
Moving beyond standard hardware-based server models comes virtualization. The ability to run many servers on only a few physical servers changed the dynamics of the data center significantly. Today, we are in a major shift to cloud computing. Organizations are slowly moving away from the traditional on-premise data center and moving all their workloads into cloud environments. With the cloud data center, organizations can continue to run traditional servers and services, but the overhead of owning and managing physical infrastructure is greatly reduced or eliminated.
Another major change with a shift to the cloud is the elimination of onsite facility management and physical operations. Building and maintaining a data center is an enormous undertaking that is challenging and comes with substantial cost implications when designing for highly available services and disaster recovery as part of a business continuity plan. Moving to the cloud changes these dynamics significantly. Your cost model changes to a subscription model with no ownership of any hardware or physical facilities, and a robust business continuity plan becomes more feasible to design.
This shift also changes the dynamics of security for the data center. Traditionally, physical security with access controls, locks, badge readers, and security cameras was all that was needed. This goes away with the cloud, but how do you ensure the cloud provider is protecting the access and controls? How do you ensure your data is safe? These are all valid concerns and change the way we manage security as opposed to the traditional data center perspective. We will cover these questions in more detail throughout this book.
Next, let's look at the three common types of scenarios for the data center.
Types of data center
This section will provide an overview of each of the current scenarios mostly being used today.
On-premise
As mentioned previously, an on-premise data center is considered the traditional model. Organizations build out and operate their infrastructure on your business's property or off-site at a separate facility. In this model, you are fully responsible for everything in the physical infrastructure (building, power, cooling, hardware, security, access, and so on) and everything that runs on the hardware. The following is an example of a traditional on-premise model:
Figure 3.1 – On-premise data center
Cloud
As we look further into the cloud model, it is important to understand public and private cloud offerings. A public cloud is where the services are hosted by the provider and the underlying infrastructure is shared with other organizations. Your environment will be logically separated from other organizations, but the underlying hardware, network, and storage is shared with other subscribers on the same service. A private cloud offering is where the services are hosted in a dedicated environment and only your organization runs on the underlying services. Determining the appropriate model will most likely be dictated by your organization's industry and compliance requirements.
Tip
You can find more information on public versus private here:https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/.
The following is an example of a cloud model:
Figure 3.2 – Cloud model
Cloud solutions have three different types of primary services available for consumption:
- Infrastructure as a Service (IaaS):
IaaS requires the most involvement from your organization and is operated very similarly to a virtualized environment on-premises. The difference is that businesses have no responsibility for physical infrastructure and the servers, storage, and network are all managed by the hosting provider. You can simply turn on virtual machines and services as needed.
Important note
What is IaaS?: https://azure.microsoft.com/en-us/overview/what-is-iaas/.
- Platform as a Service (PaaS):
With PaaS, you are provided with the required platform from the cloud provider. In addition to the physical infrastructure, the operating system, middleware, and other tools to run services are also managed by the hosting provider. For example, in a traditional IaaS Windows environment, you would need to install Internet Information Services (IIS) to deploy a web server or install SQL to deploy a database server. With PaaS, you simply subscribe to an Azure Web App or Azure SQL database and you consume the service once it’s available. There is no install or maintenance of any underlying software to run these apps.
Important note
What is PaaS?: https://azure.microsoft.com/en-us/overview/what-is-paas/.
- Software as a Service (SaaS):
The third available service is Software as a Service. This service requires the least involvement and essentially provides you with the entire software solution to be consumed. In addition to what is managed for both the IaaS and PaaS services, the hosting provider also maintains the application itself, including keeping it current and up-to-date. An example of a SaaS offering would be Exchange Online, in which your entire Exchange environment is hosted, kept up to date, and managed by Microsoft. You simply consume the email services for your organization.
Important note
What is SaaS?: https://azure.microsoft.com/en-us/overview/what-is-saas/.
Now that we have covered what each of the cloud services are, let's look at some examples of what falls within the Microsoft ecosystem for each of these services. The following diagram provides some examples of what you can subscribe to within each of the services:
Figure 3.3 – Microsoft IaaS, PaaS, and SaaS examples
Hybrid
The last model we will review is the hybrid model. A hybrid model essentially combines the on-premise model with the cloud model, allowing an organization to use their on-premise data center at the same time as they're consuming cloud services. This model is most likely going to be preferred for most organizations simply because mature and expensive on-premise data centers can't easily be moved to a cloud model overnight. What the hybrid model does is allow a pathway from on-premise to the cloud while providing services from both environments.
Figure 3.4 – Hybrid model
The focus of this book will be primarily around the on-premise, hybrid, and IaaS models as this is where your Windows servers will reside and operate. With the PaaS and SaaS models, the underlying OS is managed and secured by the service provider.
Now that we've covered the different models available for operating data centers, we will move on and discuss access management as it relates to Windows Server. In the next few sections, we will cover securing access to Windows Server and introduce common strategies and security access best practices used by organizations.