To protect our most critical corporate assets, Microsoft IT creates secure, isolated environments for business groups that manage highly confidential, regulated, or restricted data. We’re taking advantage of services in Windows Server 2016—including shielded virtual machines and Host Guardian Services—to isolate host, storage, computing, and network services, and to separate component administration within each environment.
A range of hosted apps, services, and business processes run on our cloud infrastructure. Microsoft IT wanted to automate cloud infrastructure management in ways that would ensure consistent, efficient deployment and configuration operations, and would reduce error-prone manual processes. We used Microsoft Azure Resource Manager to create modular, reusable tools—including templates, scripts, and interfaces to manage infrastructure-as-a-service components and streamline processes.
Microsoft IT maintains a private cloud that includes dedicated storage and thousands of virtual machines. With Windows Server 2016, we use Storage Quality of Service (QoS) to manage storage usage and monitor performance. Policies in Storage QoS prevent one virtual machine from dominating storage I/O within a cluster, standardize storage I/O, and give us insight into storage I/O across the environment.
Microsoft IT manages thousands of servers across the company, and the process of reconfiguring servers was tedious and potentially inconsistent. Now, using automated configuration with PowerShell and DSC, we can define configuration logic and make changes programmatically in Windows Server. We have a more flexible, consistent environment, with fewer complex server configuration tasks.
Hyper-V cluster nodes running Windows Server make up a significant part of the private cloud at Microsoft, hosting thousands of apps and services. Upgrading these cluster nodes was a tedious process for Microsoft IT, and meant taking entire clusters offline. But now, with Windows Server 2016, we can do rolling cluster OS upgrades without stopping the services or going offline. The process is simpler and more efficient, and no one loses productivity due to down time.
To improve security and better support the productivity of our mobile workforce, Microsoft IT enabled Azure Multi-Factor Authentication as an additional verification method for secure sign-in. Now, users can sign in from any device with a single user identity that is verified with a phone call or mobile app notification. We integrated enhanced security into our existing infrastructure, focusing on the user experience, reducing helpdesk calls, and improving the performance of the service.