Microsoft Azure Available Through Open Licensing

I did not expect this announcement until WPC, but it’s come out today. Microsoft announced, via a video, that Microsoft Azure will be available for resellers to sell, and customers to buy, through Open licensing on August 1st 2014. Yes, Azure is coming to the channel. Previously Azure has only been available direct (credit card) or via Enterprise Agreements.

Phil Sorgen took to the webcam to record this message. A blog post was also written by Josh Waldo, Senior Directory, Cloud Partner Strategy. There is also a FAQ for Azure in Open licensing. There will be a “ramp up” online event on Microsoft Azure in Open Licensing on June 4th. Register here.


Sorgen starts off by saying that Microsoft believes in joint success with partners, and in making business with Microsoft easier for partners. These two pillars are central to an exciting new opportunity for partners.

He announces it: Azure will be available through the distribution channel via Open licensing for partners to resell to their customers.

Azure allows partners to serve more customers without increasing their footprint. Successful cloud partners have learned how to expand their services beyond basic deployments. Think business IT-enabled consulting. Partners have increased revenues, but they had to evolve their business models.

Personally, I know of one services business that automates to an incredible level and cloud services fits their model perfectly. Before the recession they shifted tin like everyone; they evolved and now they are flourishing, and taking business from legacy service providers.

“Moving to cloud is a process not an event”: true for partners and customers. Azure can become even moer compelling. Note that Azure contains many hybrid cloud services, enabling “on ramps” to services that extend the functionality of on-premises IT, making it easier for businesses to explore and adopt Microsoft’s public and hybrid cloud offering.

Azure in Open will be flexible, provide compliance manageability, and provide value for customers. The consumption based billing provides a low barrier to entry, making it easier for SMEs to deploy services without huge CapEx costs. “Consumption aligned billing” is one of the buzz phrases. Focus on services instead of tin.

There is a new licensing model with Azure in Open.

Moving over to the blog post:

The cloud is growing 5 times faster than traditional IT. Microsoft alone is thought to purchase 17% of all servers on the planet in a year. “Additionally, partners that are building strong cloud businesses have 1.6X of recurring revenue as a portion of total revenue versus other partners”.

How does this licensing model work?

When you resell Azure in Open Licensing, you purchase tokens from your preferred Distributor and apply the credit to the customer’s Azure Portal in increments of $100. The credits can be used for any consumption-based service available in Azure. To add more credit, you simply purchase new tokens and add them to the account. This gives you the opportunity to manage your customer’s portal, setup services, and monitor consumption, all while maintaining a direct relationship.

In other words, you will buy Azure credit in the form of $100 tokens (I guess there will be localized versions). You can then use that credit in any way on Azure. It will be up to you (the end customer) to have enough credit to do what you need to do or to keep your services online. The advantage here is that you’re controlling costs (unlike post-usage credit card) and you don’t need to pre-purchase a huge credit (like with EA) before you know what your services will cost. I suspect that if partners want to, they can operate a service to help customers manage their credit.

A token comes in the form of an Online Services Activation (OSA) key. If you want $1000 in credit, you buy 10 SKUs of $100 and get 1 OSA key for the sum credit. The value has a 12 month life, starting from when the customer redeems the OSA key online – this credit will not roll over so don’t over purchase for a year. A customer can top up at any time. If they cannot reach a reseller (weekend), the customer can top up using a credit card. The program will be available through:

  • Open commercial
  • Open Academic
  • Open Government

Partners can request co-administrator accounts on their customers’ accounts to help them manage their service. Alerts can be configured for when credit runs low and needs to be topped up.


IMO, this is great news for partners. They can now choose to resell Azure if they want, and keep the billing/customer relationship – something that caused fear in the past (“cloud vendor X is trying to steal my customers”). Some might not want billing overhead and might go with another option.

Also, this announcement reinforces Microsoft’s unique selling point in the cloud wars. They are the only company with a private/public hybrid cloud model that spans on-premises customer owned, hosting partners, and Azure. Microsoft is also the only cloud vendor with a partner-enabling model.

By the way, partners & customers in Ireland, if you want your techies to learn about Hybrid Cloud then you might want to send them to TechCamp 2014 in June.

TechEd NA 2014–Extending Your Premises To Microsoft Azure With Virtual Networks And ExpressRoute

Speakers: Ganesh Srinivasan (Azure Networking), Jai Desai (StorSimple), Jon Ormond (MSIT).

Legacy Connections for Site-Site in Azure

  • Secure point-site VPN: for developers. POCs. Small scale deployments. VPN in from a machine. Based on STP.
  • Secure site-to-site VPN: This is for SMB and enterprises. Connect your business to Azure compute. IaaS and PaaS workloads. Configuration generally done on and on-rem edge device. Based on IPsec.

Now added: Private site-to-site called ExpressRoute. For SMB (with WAN) and enterprises. Mission critical workloads. Backup/DR, Media, HPC. Based on services provided by WAN ISP that are Azure networking partners.

Virtual Network Recap

Software defined private network in Azure. You carve out your own IP space/subnets. Can punch holes through Azure firewall for public presence. VPN connects to the virtual network via an edge subnet.

In-Region VNet to VNet

You want security between tiers or services so you put them in different virtual networks. In the same region, there are no data transfer costs. You can punch holes through firewalls to let services communicate.

Cross-region VNet to VNet

Need local presences across the glob but with interconnectivity. For HA/DR also. Can communicate securely using private IP addresses.

Multi-site VNet Connectivity

Up to 10 on-prem sites can connect into a single VNet in Azure. They may be geographically dispersed.

VPN Partners

Watchguard, OpenSwan, Cisco, Fortinet, Brocade, Sonicawall, Checkpoint, Juniper, F5, Allie Telesis, and Windows Server 2012 R2.


Other techs go via public internet so you have dependencies on many ISPs between you and Microsoft. Lots of chokepoints. It might be secure (IPsec), but you cannot build SLA on this. ExpressNetwork brings Azure VNets into your WAN. Now you connect to Azure via a private, SLA controlled WAN connection managed by your ISP, subject to your contract with them.

Enterprise Workloads

All services are made available, and not just VNets. VPN is limited to VPN. You also have controlled and predictable latency. This means there are lots more workloads that you can do over ExpressRoute:

  • Storage/backup/recovery
  • Dev/test lab
  • BI/big data
  • Media
  • Hybrid apps
  • Productivity apps

SharePoint has generated lots of interest as a service over ExpressRoute from customers.

Two Flavours

  • Depoy “on prem” at a colo facility such as provided by Equinox. You can route via colo facility to Azure. Probably requires lots of work for you and additional h/w.
  • Use an Azure ExpressRoute partner as your WAN provider. Then your sites connect direct to Azure. Almost a light switch. Probably no additional h/w.


Equinix, TelecityGroup, BT, AT&T, Level3, Verizon, SingTel

BT important for UK/Ireland. Telecity are important for Europe. If you are not with any of these, “talk to us” according to the speaker, and “we will figure it out”.

ExpressRoute Tiers

Unlimited inbound data transfer. You get some outbound data for free and above that there is a charge.

  • 200 Mbps + 3 TB Month free
  • 500 Mbps and 7.5 TB/month free
  • 1 Gbps + 15 TB/month free
  • 10 Gbps and 250 TB free/month

Customer Connectivity

If you do VPN then you can only access compute that runs in VNets. If you do ExpressRoute then you can access anything. And of course, if you punch holes in firewalls, then you can make services available publicly.

Common misconception: stuff you place in Azure is public. No: it’s only public if you make it that way. Your Azure services can be completely private if you want.

Customer Sign Up Experience

Talk to MSFT and ask for partners in a location. You get a key. Pass that on to the service provider. They query Microsoft and then they create a cross connection between you and Azure. You then set up BGP routes between you and Azure. And then you are connected.

In the case of a WAN provider, the routing is done for you.


He creates an ExpressRoute connection via the web ONLY using MSFT WAN and AT&T. The whole process is basically orchestrated. Should take no more than 5 minutes to complete after walking through the wizards.

He VPNs into Microsoft and can ping and Azure VM over the new WAN connection.

Another ping demo: between 1-2 MS latency between a MSFT office in California and a SharePoint farm in Azure over ExpressRoute (think he said US East region).

Fails over the SharePoint SQL database (guest OS install) from one region to another – takes about 3-4 seconds.

We now get Jon Ormond of MS IT to talk about how they are using ExpressRoute.


LOTS of internal little apps that they have no interest in rewriting as PaaS apps. They use IaaS to run those VMs in Azure – doing that lift & shift now. Need a robust network connection. This is why they use ExpressRoute. They want to end up with 95% of VMs in “the cloud” both private (WAP) and public (Azure).

He does a demo using PowerShell to create the connection. Can also do this using REST API.

Jai Desai, a TSP takes over to talk StorSimple. I tune out here … a StorSimple talk.

TechEd NA 2014 – Introduction To Microsoft Azure Automation

Speakers: Eamon O’Reilly (System Center automation) & Beth Cooper (same team)

What System Center has done has been extended into Azure. Both in preview. About half of the room are familiar with Orchestrator, the basis of what we will see this morning.

Pretty full room – pretty small room unfortunately.


  • Optimize and extend existing investments: Based on POSH. Integrates existing systems.
  • Deliver flexible and reliable services: quicker. Reuse.
  • Lower costs and improve predictability: reduce manual errors.


Same as SMA: runbooks, jobs, and assets.

Appears under Automation in the Azure portal.


All runbook management/authoring/testing can be done in the Azure portal. Has a HA engine. Also has suspend/resume/checkpoint features of SMA. All based on POSH workflows so if you have a cmdlet, you can do it.


Free in preview. Pricing based on 3 points:

  • Job run time: time from start to complete. 500 minutes on free plan. $20/month (standard plan) gives you 10,000 minutes
  • Number of runbooks: 20 for free in free.
  • Integration module size: 5 MB on free plan.

You can register for the preview on the Azure preview site. This week is the time to do it. Preview is limited to East USA region.


Create a new automation account. Sample runbooks to be found on script centre. Tags are present to search/filter runbooks, like in SMA. Also has draft (what you are editing) and published runbook status. So you can have a published runbook and edit a new version.

Almost everyone in the room is using PowerShell. IT pros in Ireland are 5 years behind the USA, at least, and this is not a question of scale.

You can manually start a runbook or schedule on. Example: shut down idle VMs at end of workday and power them up at start of workday – save the runtime cost of VMs in Azure.

Automation Accounts

  • Organise automation by group of individual contributor
  • Accounts live in different regions.
  • Create up to 30 accounts

Automation Dashboard

  • For analysis and troubleshooting operations
  • Access problem jobs to get up and running quickly – focus on them instead of the lots of others that are OK


  • Author: Create workflow runnbooks. Call existing runbooks in library
  • Manage & browse and insert assets in runbooks: Modules & activities, credentials, variables, connections, schedules
  • Test: Run and see results within authoring window.
  • Troubleshoot issues
  • Publish: Edit draft before publishing

Manage Runbooks & Jobs

  • Dashboard view: view jobs over time. Find jobs that need attention
  • Runbooks view: Filtering of jobs based on status and date. ID authoring state (new, in edit, published). Filter by tags to find runbooks.
  • Jobs view: Histor of jobs per runbook. Who last updated/when. Input parameters and output. Drill into each job to view streams generated to help troubleshooting. Stop/suspend/resume job.


  • Connections: Information to connect to a particular system. System specific settings.
  • Update to new versions of integration modules
  • Credentials
  • Variables
  • Schedules

Central set of resources that can be used by all runbooks, like in SMA.



Has application insights enabled. If there’s an error on his site, The runbook triggers an action when an alert is created. A response is triggered whenever an alert is detected. All done using inline runbooks. Note: the alert detection method he used was to search for an alert email in GMail via an RSS feed.

Another demo.


They’re using SharePoint to store and change control their runbook scripts. A runbook is monitoring the status of scripts in the SharePoint document library (list item), using a custom SharePoint module. This uses a connection asset. They see a script go into a “ready to test” status in SP and that triggers a child runbook. It appears that the action is that the runbook is updated in Azure and moved to “production” status in SharePoint – they don’t really explain but that’s not really the point anyway. The demo was connections to external resources.

Typical Scenarios

Azure automation is more than just about Azure resources. Posh offers huge extensibility via modules.

  • Monitoring & remediation: Alert on a VM. Monitor for new services to ensure management. Notify subscription owners of underutilized VMs that are wasting money.
  • Change control and provisioning: Deploy a VM, and enable monitoring. Deploy a new service and configure endpoints for alerts. Deploy from GIT and automate tests and swap to production if passes. Monitor SharePoint online for approval to update a service and do that once approved.
  • Patch/Update/Backup orchestration: Use traffic manager to patch IaaS VMs without downtime to services. Enable regeneration of storage account keys while avoiding downtime. SQL backup on a schedule. Backup and restore IaaS VMs.

Leave remote management of Azure VMs enabled and Azure Automation can reach into those VMs’ guest OSs.

Anything you do twice: Automate it.

Takes time to create automation, but the more you do it the quicker you do it. And the time you invest up front will save you time in the long term.

TechEd North America 204 Press Conference

James Well, Julia White, Mark Russinovich, and Brad Anderson are here for the keynote press conference, hosted by Joey Snow.

Key thing to take away: cloud can add value to everything you do – Brad Anderson. Enterprise mobility: integration across enterprise and Office 365. Cloud will manage Office on devices of all types, be that program, policy, or data. Azure Remote App will allow you to remote apps from the cloud to Windows, IOS, or Android.

Mark R: Talks about ExpressRoute for hybrid cloud. Azure Files brings consistency to hybrid cloud. Already  available in private cloud.  File sharing as a service (PaaS) in Azure so VMs can access shared files. Azure Site Recovery brings failover to the cloud for on-premise. Greatly reduces cost of DR & compliance. Manage anti-malware can deploy MSFT endpoint protection easily. Store logs in blobs. Symantec and Trend Micro have partnered with same portal and powershell. Trend Micro also allow encryption like BitLocker, with the key’s stored on your own site.

James Well: .Net stuff on cloud scale applications.

Julia: How do I secure data? New security and privacy stuff. Content categorization and security for data loss prevention. Files can be encrypted in OneDrive and SharePoint. New series of videos and blogs on the Office 365 Trust Center.

Brad: IT pros have concerns about their impact in the company. What has happend 6-2 months after adopting cloud? Their ability to contribute to the company has increased. MSFT has to help the world understand. Once a company embraces an element of cloud, the company and IT pros want to adopt more. These are “on ramps”.

Question: “Windows Server will fulfil the roles in your data center – 6 years ago. Has that changed to Azure?”. Brad – Azure is Windows Server. You deliver the best platform for your organization using a combination of on-premise and cloud. Do anything you need based on Windows Server and Azure. Mark – clarifies that it is Server and System Center. Brad – Azure is based on Hyper-V.

Question: Will Azure Site Recovery Manager require System Center? Brad – yes, it requires SCVMM.

NOTE – they lost the SME market.

Question: 3 differences between Azure RemoteApp and others. 75-80% of “VDI” is actually app remoting (session host) and not actually VDI. Reasons: costs. To build this for scale of users, you need lots of infrastructure. MSFT has that already, so you can use it with elastic demand/costs, without spending CAPEX.

Live Blogging From TechEd North America 2014 Keynote

Welcome to Houston where the keynote hall is full and they’re filling the overflow rooms for the Brad Anderson-led keynote at TechEd North America 2014. I am here with Petri IT Knowledgebase, sitting in the press section at the front of the hall.

I  live blogged as the event went on. Don’t expect much if anything in the way of Windows or System Center news. This will be a cloud year, where new features come out every 6 or so weeks, thanks to a cloud development cycle. I also do not expect Satya Nadella here.

Speaking of which; Nadella courted devs at a number of events in recent months, including Build. What will Microsoft do this week to convince influential IT pros that Azure won’t steal their jobs and that they are still important to Microsoft (they don’t feel that way lately)?

Right now a classical/electrical band called Flash Drive is playing pop muzak.

After a few songs they get a good reception. Now the 2 minute long teched countdown show kicks off with Joey Snow and Rick Claus.

Brad Anderson comes out sans-Aston Martin. He professes love for the new reign of Satya Nadella. As expected, Brad talks about devices and data of previously unimaginable growth. Cloud will be core to everything we do to manage devices (ever connected world) to derive insights from that data. There are no more devices than people on the planet.

On comes a video with some dude in black and white. It’s a new world, with low contrast film. It’s devices-devices-devices. No monkey boy dancing. Airy fairy stuff about storing data in trees. Yes; trees. I guess these guys are from MSFT Research.

Brad wants to talk about IT Pros. “IT pros are literally at the centre of cloud first and device first clouds”. “No longer think of public cloud as seperate; it is integral to your data center from this point forward”.

Three capabilities required when you consider a cloud. Choosing a cloud vendor wisely is critical for your future:

  • Hyper-V scale: able to grow fast than you. Only 3 companies operate at this scale. This scale drives innovation in infrastructure.
  • Enterprise capabilities and enterprise grade cloud. Financially backed SLA.
  • Hybrid: Works with on premise, partner hosted cloud, and public cloud all integrated. Only MSFT does this.

Right now, only MSFT meets all three requirements.

How could we change our industry if we had unlimited computing power. Here comes Respawn’s Titanfall, an Azure-powered online-only game. It had over 100,000 VMs on day 1, powered up around the world, with clients connected to the closest data centre. No worry about location or performance. They have solid and even compute capacity. They scale up and down as required to meet customer demand. They power lots of game functionality on the server, which they could not do on a console. 150 employees company has hundreds of thousands of VMs around the world.

16 regions. A new core is deployed every 5 seconds. 2 billion authentications a day being done by Azure Active Directory. They take this functionality and trickle it down to hosting partners (WAP, Hyper-V, and System Center). Windows Server Hyper-V is the common foundation across private, hosted, and public cloud. No lock in. Flexible expansion, shrink, and mobility.

IaaS new features:

  • Cloud app discovery Preview. This looks VERY cool.
  • Compute intensive VMs – more RAM and more VMs, with RDMA Infiniband at 40 Gbps.
  • Virtual networking enhancements
  • ExpressRoute is GA for MPLS networking. 2 circuits for every connecting for fault tolerance. Note that Telecity is now a partner.
  • Azure Files Preview: SMB 3.0 sharing of files for VMs.

Software-defined storage (Storage Spaces) is used by Azure.

On to SQL 2014. In memory gives 30x increase without re-writing application, just by adding RAM to existing h/w.

Azure Redis Cache is in preview. API AManagement Preview is in preview too.

Out comes Josh Twist to talk about API Management. Wellmark is an American insurance company and Azure customer. He talks about this feature without explaining what it is. I’m lost.

Back to Brad with more announcements:

  • Anti-malware is being added to Azure. Microsoft Endpoint protection. Partnering with Symantec and Trend Micro.
  • Encrypted storage for Office 365.
  • Azure Site Recovery: Hyper-V Replica to Azure. review in June. This is BIG. Use HRM for orchestration.

Here comes Matt McSpirit to talk about the latter. Azure Site Recovery can be your secondary site if you don’t have one. Can manage replication between sites and to Azure. Centralized management of the replica VMs. VMs can be encrypted while at rest.

Site recovery makes networking easy. Can map networks between primary and secondary site. Map on-premise networks with Azure virtual networks.

A recovery plan orchestrates failover, test, planned, or unplanned. It will cleanly shut down VMs and replicate final changes in the event of a planned failover ( a flood is coming).  You can inject manual tasks into the orchestration.

We move on to identity, another MSFT USP. SaaS is powered by identity. For example, Office 365. Discover how many they are using with Cloud App Discovery. Often some 250 unmanaged SaaS apps in a company. IT has no control. IT needs to take control and manage identity and security.

Office on the 3 mobile OSs will be brought under management. Protection of files: Azure Rights Management Services (ARMS). Part of the EMS bundle for EA customers. The protection travels with the files: only the right people can access the files, even with accidental leakage.

Azure RemoteApp is Mohoro. It’s a RDS session host system designed to run in Azure. You upload LOB apps into Azure and users access them from cross-platform devices. AWS desktop as a service is a square wheel compared to Azure RemoteApp.

Demo: User signs into SaaS app using AD ID via ID federation into Azure AD.  80% of employees admit using non-approved SaaS apps. Cloud App Discovery tool allows admins to discover what apps are being used and how. Now IT can bring these apps under company control. Azure AD has 1300 templates for SaaS single-sign on.

Azure Remote App preview is GA today – note it is not live yet in the Europe regions. Publish apps over the highly performing RemoteFX protocol to devices of different OSs – Windows, iOS, Mac OS X, and Android. A little nod to Citrix.

Now on to the dev audience. I sleep.

I wake up. Now Brad is talking about users. Sadly, people have lost interest in the dev content and are leaving.

“Work like a network”.

Humans can achieve if we focus. There is a flood of information that distracts. Need to move from information to action. Information is locked within boundaries inside organizations. BI stuff now. Yawn.

Demo on BI with old content from Barcelona promo video.

Back to Brad to talk about Office. Ugh, sounds like more BI.

Julia White to talk cloud productivity with Intune and Office 365. Basic demo of doc sharing in OneDrive for Business. Tell Me in Word Online is shown to help find how to do formatting. Can share from OneDrive for Business into Yammer. Yammer: IT managed social experience.

Back to Brad. More people leaving the hall. Not nearly as bad as Elop in 2009 (that was BAD) but a section of the audience has lost interest. This will be a talking point IMO.

Back to summarise. MSFT believes in cloud and getting us to embrace it.

Event: TechCamp 2014 On June 19/20 In Dublin

Another community event is coming on June 19th and 20th in Citywest in Dublin. This time, with TechCamp 2014, we’re switching to a more “here’s how to do it” style of presentation. Based on feedback, we’ll have 1 track per day, over 2 days. Day 1 (June 19th) will focus on Hybrid Cloud, mixing Windows Server, System Center, and Microsoft Azure content into one track. On day 2 (June 20th) the focus switches over to the public cloud, and products like Office 365 and Windows Intune.

Most of the speakers are MVPs sharing their knowledge and experience with these technologies, with keynotes by local Microsoft product-line managers.

You can choose to register for either or both days.

Please retweet, post on Facebook, LinkedIn, share with workmates, customers, etc.


Microsoft News Summary – 9 May 2014

Another quiet 24 hours ahead of TechEd:

Microsoft News Summary – 7 May 2014

Between a bank holiday and some travel, I’ve been unable to post, but I’ve saved up the headlines from those days:

Presentation – Microsoft Azure And Hybrid Cloud

I recently presented in the MicroWarehouse and Microsoft Ireland road show to Irish Microsoft partners on the topic of the Cloud OS, comprised of Azure, Windows Server 2012 R2, Hyper-V, and System Center 2012 R2. You can find the slide deck below.


Microsoft News Summary-1 May 2014

Happy May Day, comrades! I was tied up with events the last couple of mornings so here is two days worth of news. Note the new beta for System Center Advisor. The security functionality looks very interesting!