Category Archives: Microsoft Azure

Azure IaaS and Azure Stack: announcements and updates (March 2024 – Weeks: 09 and 10)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Retirement of Cloud Services (classic) Deployment Model

Azure has announced the retirement of the Cloud Services (classic) deployment model on August 31, 2024. Users are encouraged to migrate their services to Cloud Services (extended support) within Azure Resource Manager before this date to avoid service disruption. This transition enables access to new capabilities such as deployment templates, role-based access control, and regional resiliency.

Change Actor in Azure Resource Graph (preview)

Azure introduces the public preview of Change Actor in Azure Resource Graph, a tool that enhances audit, troubleshooting, and governance capabilities. This feature allows users to identify who made changes to resources, the client used for the change, and the operation called. By integrating Change Actor functionality, Azure offers improved visibility and control over resource changes, facilitating better management across tenants and subscriptions.

Compute

New Generation AMD VMs – Dasv6/Easv6/Fasv6 (preview)

Azure announces the public preview of the new generation AMD-based VMs, leveraging the 4th Generation AMD EPYC™ 9004 (Genoa) CPU. These VMs, available in Dasv6, Easv6, and Fasv6 series, offer enhanced performance and reliability. They support various memory to core ratios, catering to general-purpose, memory-optimized, and compute-optimized needs. Equipped with Azure Boost and NVMe interfaces, these VMs promise up to 80% better remote storage performance, faster local storage speeds, and improved networking bandwidth. Initially available in the East US 2 region, these VMs represent a significant expansion in Azure’s AMD VM offerings.

Networking

Azure Route Server Now Available in ItalyNorth Azure Region

Azure Route Server has been introduced to the ItalyNorth Azure Region, offering simplified dynamic routing between network virtual appliances (NVAs) and Azure virtual networks. This service facilitates the direct exchange of routing information via the Border Gateway Protocol (BGP) without the manual configuration of route tables. Azure Route Server, as a fully managed service, ensures high availability and seamless integration with the Azure Software Defined Network (SDN), enhancing network management and efficiency.

Azure Virtual Network Encryption Expanded to Additional Regions

Azure has extended its Virtual Network encryption feature to additional regions, including West US, East US, Europe, and more. This enhancement allows for the encryption of traffic within the same virtual network and across peered networks, bolstering security for data in transit. The expansion of this feature underscores Azure’s commitment to providing robust security options for its users.

Application Gateway for Containers

Microsoft Azure has announced the general availability of Application Gateway for Containers, marking a significant evolution in application load balancing technology. This service enhances the capabilities of the traditional Application Gateway and its Ingress Controller by offering advanced layer 7 load balancing and dynamic traffic management for Kubernetes workloads. With features like Custom Health Probes, URL Redirect, and URL/Header Rewrite, the service ensures near-to-real-time updates in response to changes within the Kubernetes environment. The general availability version also introduces Controller High Availability, Gateway API v1 integration, additional regional availability, and a service level agreement (SLA) to support production workloads confidently.

Azure Application Gateway introduces support for TLS and TCP protocols (preview)

Azure Application Gateway expands its functionality by introducing support for TLS and TCP protocols in public preview. This enhancement allows for the utilization of Application Gateway in non-HTTP applications, catering to protocols such as SQL, MQTT, and AMQP. It facilitates the use of custom domains with Application Gateway’s TLS certificate management, ensuring secure connections for clients and access to any backend service. Moreover, this feature provides a unified endpoint for client access, as a single Application Gateway resource can now support both Layer 7 (HTTP/S) and Layer 4 (TCP and TLS) protocols. Available for Standard V2 and Web Application Firewall V2 SKUs, this update broadens the scope of Application Gateway’s capabilities.

Internet inbound for Network Virtual Appliances in Virtual WAN Hubs (preview)

The introduction of Internet inbound (Destination NAT) for Next-Generation Firewall Network Virtual Appliances (NVAs) in Virtual WAN hubs is now in public preview. This feature enables network administrators to publish applications to a wider internet audience without directly exposing the application or server’s public IP. Instead, users access applications through a public IP address assigned to a Firewall NVA, which is configured to filter, translate, and control access to backend applications. With the ability to associate public IP addresses to Firewall NVAs deployed in Virtual WAN Hubs and utilize NVA management and orchestration software, Virtual WAN customers can now seamlessly program both the Virtual WAN infrastructure and the NVAs to accept and forward inbound traffic, enhancing security and accessibility.

Storage

Azure File Sync Agent v17.2 Release

The Azure File Sync Agent v17.2 has been officially released, consolidating improvements and fixes from its predecessors, versions 17.0 and 17.1. This update is crucial for users with the Azure File Sync agent version 16 or below, as both versions 16.2 and 17.2 are now available for update. This version marks the final planned release for Windows Server 2012 R2, with support for this server ending on March 4th, 2025. The agent is compatible with Windows Server 2012 R2, 2016, 2019, and 2022, providing enhanced functionality and stability.

Azure Blob Storage Cold Tier SLA

As of August 10th, 2023, Azure Blob Storage Cold Tier is generally available, providing a cost-effective solution for long-term storage of infrequently accessed data. The service level agreement (SLA) for Azure Blob Storage now includes this new online access tier, ensuring Microsoft’s commitment to uptime and connectivity.

Encryption at Host for Premium SSD v2 and Ultra Disks Expanded

Encryption at host for Premium SSD v2 and Ultra Disks is now generally available in additional regions including Canada East, West Europe, South Central US, and West US 3. This feature enhances security by starting encryption at the VM host level, ensuring data is encrypted at rest and in transit to the Storage service. The expansion of this feature demonstrates Azure’s ongoing commitment to providing secure and reliable cloud storage options.

Azure NetApp Files Volume Enhancement (preview)

Azure NetApp Files introduces a significant enhancement in public preview, allowing volumes in different availability zones within the same region to share the same volume mount path. This feature supports highly available architectures through cross-zone replication, simplifying automation and minimizing manual intervention during disaster recovery failovers. It is applicable to SMB, NFS, and dual-protocol volumes, facilitating improved recovery times and data availability across various scenarios, including host-based replication and test/dev environments.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in February 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Availability of the Azure Monitor Metrics Data Plane API

As of February, the Azure Monitor Metrics Data Plane API is available for use. This API allows for efficient management and monitoring of Azure resources, improving query efficiency and metric collection capability. It is possible to retrieve metric data for up to 50 resource IDs in the same subscription and region with a single API call, thus optimizing query throughput and reducing the risk of throttling.

Execution of the Azure Monitor Logs connector on an exact time range (preview)

The Azure Monitor Logs connector introduces a new preview feature: the ability to execute queries on an exact time range provided dynamically. This functionality allows for filtering the execution of queries in the Log Analytics workspace or Application Insights components for Logic App triggers or schedules, displaying relevant results. Until now, the time range could be set directly in the query or defined with a relative value, such as the last hour or the last 12 hours. With the exact time range option, it is now possible to dynamically pass the start and end time to respond to scenarios such as alarm diagnostics. When the connector is activated by an alarm, it can receive the alarm’s time range to replicate the results that triggered the alarm and allow for effective investigation.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure SQL migration assessment enabled by Azure Arc (preview)

With the growing adoption of cloud computing, organizations embark on the path of migration to the cloud, facing a complex and articulated challenge that can extend for several months, varying based on the size and complexity of the projects involved. This transition period can result in a delay in accessing the benefits offered by Azure’s capabilities, temporarily limiting operational efficiency and innovation.

To overcome these challenges, Microsoft introduces an innovative solution: SQL Server enabled for Azure Arc. This revolutionary technology allows organizations to begin leveraging the benefits of the cloud from the early stages of the migration process. Through Azure Arc, it is possible to manage SQL Server instances, both on-premise and distributed across multiple clouds, using Azure’s control plane and management services. This approach enables consistent and efficient hybrid management of the SQL Server environment, bringing immediate benefits in terms of operational efficiencies and cost reduction, in addition to ensuring an optimal migration and modernization experience.

In addition to these benefits, Microsoft announces the public preview release of the Azure SQL migration assessment, powered by Azure Arc. This feature, once activated by linking one’s SQL Server to Azure Arc, automatically and continuously provides an assessment of readiness for migration to Azure SQL. This assessment takes into account the evolutions of the work environment and suggests the Azure SQL deployment option best suited to specific needs, optimizing costs. Furthermore, it identifies potential migration risks and proposes mitigation strategies, thus facilitating the transition path to the cloud and improving strategic alignment with business needs.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Regulatory compliance management: through Defender for Cloud, the management of compliance standards is extended to Azure, AWS, and GCP environments, offering a unified experience in creating and managing personalized recommendations through KQL queries.
  • Cloud support for Defender for Containers: the threat detection capabilities specific to Azure Kubernetes Service (AKS) in Defender for Container are now extended to commercial clouds, Azure Government, and Azure China 21Vianet, with the list of supported features updated.
  • Update of the Defender FOR Container agent: a new version of the agent, which brings improvements in terms of performance and security, supports AMD64 and ARM64 architectures (Linux only) and employs Inspektor Gadget for process collection instead of Sysdig. This version is compatible exclusively with Linux kernel version 5.4 or higher, requiring updates for older kernels. ARM64 support is available starting from AKS V1.29.
  • Support for the OCI image format specification: vulnerability assessment now supports the Open Container Initiative (OCI) image format specification for AWS, Azure, and GCP clouds, thanks to Microsoft Defender Vulnerability Management.
  • Retirement of the AWS container vulnerability assessment powered by Trivy: this assessment has been replaced by a new solution powered by Microsoft Defender Vulnerability Management.
  • Recommendations for Azure Stack HCI: four new recommendations specific to Azure Stack HCI, currently in public preview, have been introduced, thus expanding the type of resources manageable through Microsoft Defender for Cloud.

Protect

Azure Backup

Support for Cross-Region recovery of PostgreSQL backups

Support for cross-region recovery of PostgreSQL backups through Azure Backup is now available to all. Using Read-Access Geo-Redundant Storage (RA-GRS), Azure Backup enables a high level of data resilience, allowing access to backups in disaster recovery scenarios and restoration operations from the secondary region at any time. This feature is now available for PostgreSQL backups in all public regions, offering a wide range of durability options for backup data.

Regional Disaster Recovery via Azure Backup for AKS (preview)

Azure Backup for AKS introduces a new feature in preview: Regional Disaster Recovery. This innovation provides advanced protection for containerized application workloads and data through scheduled backups and smooth restorations, ideal for addressing situations such as operational recovery, accidental deletion, and application migration. Thanks to Regional Disaster Recovery, organizations can anticipate and mitigate the impact of catastrophic regional events through the recovery of AKS clusters from backups located in a secondary region, leveraging Azure’s paired regions. This ensures operational continuity even in the face of regional disruptions, complying with the established 3-2-1 backup strategy and providing the resilience needed to ensure data recovery after tenant-compromising events, in addition to meeting compliance requirements imposed by heavily regulated sectors.

Extended support for VMs with Ultra and Premium SSD v2 disks

Azure has announced the general availability launch of extended support of Azure Backup for virtual machines (VMs) that use Ultra and Premium SSD v2 disks. This development represents a significant step forward in strengthening the resilience and recovery capabilities of businesses managing critical enterprise applications and high-intensity I/O in the cloud. Ultra disks, known for their ability to support enterprise-level applications such as SAP HANA, high-end SQL databases, and NoSQL databases, offer organizations the flexibility needed to run demanding workloads with ease. Simultaneously, Premium SSD v2 disks stand out as the most advanced block storage solution, optimized for IO-intensive production workloads that require latencies below one millisecond. The availability of these technologies in Azure Backup meets a fundamental customer demand, eager to ensure operational continuity of their VMs in the event of disasters or ransomware attacks. With the enablement of backup for VMs using both Ultra and Premium SSD v2 disks, Azure positions itself as a robust cloud platform capable of offering solid and efficient recovery solutions. These advanced backup options are designed for a wide spectrum of applications, including SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, and gaming, on virtual machines or stateful containers. The availability of these features in all regions that support the creation of Ultra and Premium SSD v2 disks highlights Azure’s commitment to providing reliable and cutting-edge backup solutions, thus promoting security, resilience, and operational efficiency for businesses globally.

Azure Site Recovery

Enabling replication for data disks added to VMware VMs

Azure Site Recovery now supports enabling replication for data disks added to a VMware VM already enabled for disaster recovery. Thanks to this update, users can ensure greater operational continuity and better data resilience management, extending disaster recovery protection to data disks added after the VM protection is enabled.

Support of Azure Site Recovery for Azure Trusted Launch VMs (preview)

Microsoft has announced the preview of Azure Site Recovery support for Azure Trusted Launch VMs, exclusively for Windows operating systems. These VMs provide basic security for Azure Generation 2 systems, enabling Secure Boot and vTPM capabilities.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 07 and 08)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Windows Admin Center for Azure Virtual Machines

The Windows Admin Center for Azure Virtual Machines marks a significant step forward in cloud management by integrating directly into the Azure Portal. This tool is engineered to streamline the administration of Windows Server Operating Systems for Azure Virtual Machines. By facilitating in-browser RDP and PowerShell sessions, managing files, viewing events, and monitoring performance, it significantly reduces the necessity for remote desktop connections. A standout feature is its integration with Azure Active Directory for single sign-on capabilities, offering a cohesive identity experience across Azure services. This innovation not only simplifies virtual machine deployment and maintenance but also enhances security by minimizing dependence on local administrator accounts.

Compute

NVv5 Series VMs Now Available in Italy North Azure Region

Azure’s NVv5 Series Virtual Machines, equipped with NVIDIA A10 GPUs and AMD EPYC 74F3V CPUs, are now accessible in the Italy North region. These VMs cater to the needs of high-performance computing and graphics-intensive applications, offering a blend of powerful computational resources and graphical processing capabilities. This expansion into the Italy North region underscores Azure’s commitment to providing geographically diverse options for compute-intensive workloads.

Trusted Launch for Azure VMs in China Regions

Microsoft is proud to announce the general availability of Trusted Launch for Azure virtual machines in all Azure regions across China, encompassing China East, China East 2, China East 3, China North, China North 2, and China North 3. This major update introduces a strengthened security framework for Azure Virtual Machines. Trusted Launch enhances foundational VM security by guaranteeing booting to a defined and trusted state, a crucial step in combating sophisticated malware threats, including boot kits and rootkits, by offering kernel-mode level security on par with the operating system.

Furthermore, Trusted Launch activates Credential Guard, a significant security measure that protects user passwords and derived domain credentials via secure boot, virtualization-based security, and vTPM, which are critical for domain controllers. This feature also provides ongoing insights into the health state and boot chain integrity of virtual machines, along with remediation pathways for attestation failures through Microsoft Defender for Cloud.

Especially for Windows 11 virtual machines, Trusted Launch bolsters defense mechanisms against lower layer malware through the support of UEFI, secure boot, and vTPM. This comprehensive security enhancement ensures a more secure and reliable environment for Azure VMs, marking a significant advancement in cloud security measures tailored to meet the evolving threats in the digital landscape.

Networking

Azure Firewall Enhancements: Flow Trace Logs and Autoscaling

Azure Firewall’s new enhancements, including Flow Trace Logs and autoscaling based on the number of connections, provide granular insights and improved scalability. Flow Trace Logs offer detailed visibility into TCP handshake logs, aiding in troubleshooting packet drops and route asymmetry. The autoscaling feature now adjusts firewall resources based on traffic connection counts, alongside throughput and CPU usage, enabling a more responsive and efficient firewall performance.

Parallel IP Group Update Support for Azure Firewall

The introduction of Parallel IP Group update support in public preview marks a significant improvement in Azure Firewall’s configuration management. This feature allows for the simultaneous update of up to 20 IP Groups within a Firewall Policy, streamlining administrative tasks and enabling faster, more scalable changes. This update is particularly beneficial for administrators utilizing dev ops methodologies for configuration changes, enhancing efficiency and agility in firewall management.

Storage

Azure Elastic SAN (General Availability)

Azure Elastic SAN’s transition to general availability signifies a milestone in cloud storage solutions, offering a fully-managed, cloud-native SAN experience. This service is designed for seamless migration of extensive SAN environments to Azure, simplifying the deployment, scaling, management, and configuration of storage area networks in the cloud. It introduces a SAN-like resource hierarchy and provisions resources at the appliance level, dynamically allocating these to accommodate various workloads, including databases, VDIs, and business applications. The integration of Azure Monitor Metrics and Azure Policy aids in managing performance and preventing misconfigurations, respectively, merging the efficiency of traditional SAN systems with the flexibility and scalability of cloud storage.

Azure File Sync Agent Releases: v17.1 and v16.2 (Security Only Updates)

The release of Azure File Sync agent versions 17.1 and 16.2 as security-only updates addresses a critical vulnerability (CVE-2024-21397) that previously allowed unauthorized file creation. These updates underscore Azure’s commitment to security, providing essential patches for Windows Server installations ranging from version 2012 R2 to 2022. Detailed installation instructions are provided (KB5023054 and KB5023052), ensuring users can securely synchronize files across their environments.

Azure Blob Storage Cold Tier: Enhanced Support for Change Feed and Object Replication

The general availability of Azure Blob Storage Cold Tier’s support for Change Feed and Object Replication introduces significant enhancements for data storage and management. This feature enables the capturing of changes to blobs and their metadata within the cold tier, facilitating efficient data replication and access. It represents Azure’s ongoing efforts to provide cost-effective, flexible storage solutions for infrequently accessed data with long-term retention requirements.

Zone Redundant Storage (ZRS) for Azure Disks in Canada Central

The general availability of Zone Redundant Storage for Azure Disk Storage in the Canada Central region provides a robust solution for data resilience and availability. By offering synchronous replication across three availability zones, ZRS enables Azure Disks to withstand zonal failures, ensuring uninterrupted application performance. This feature is particularly valuable for applications requiring high availability without the complexity of application-level data replication.

Azure NetApp Files Standard Network Features

Azure NetApp Files now supports the general availability of Standard network features, allowing for the editing of network features for Azure NetApp Files volumes. This update brings an enhanced Virtual Networking experience, ensuring seamless integration and improved security posture. Users can now edit existing Azure NetApp Files volumes and upgrade from Basic to Standard network features. This enhancement includes increased IP limits for VNets with Azure NetApp Files volumes, aligning them with VM capabilities to facilitate customer integration into existing network topologies. Moreover, it introduces enhanced network security with support for Network Security Groups (NSGs) on Azure NetApp Files delegated subnets, a feature long requested by customers for meeting enterprise security requirements. Enhanced network control is also achieved through support for User-defined routes (UDRs), allowing traffic direction via chosen Network Virtual Appliances. Additionally, connectivity has been improved with Active/Active VPN gateway setup and ExpressRoute FastPath connectivity, ensuring low latency and high bandwidth connectivity from on-premises networks to Azure.

Introducing Azure Storage Actions: Serverless Storage Data Management (Preview)

Microsoft has recently announced the public preview of Azure Storage Actions, a fully managed platform specifically crafted to streamline data management tasks for Azure Blob Storage and Azure Data Lake Storage. With the exponential growth of data, organizations find themselves grappling with the complexities of efficiently managing their data assets. Azure Storage Actions seeks to alleviate these challenges by offering a serverless infrastructure that dynamically scales to meet data management demands, eliminating the need for resource provisioning or management.

This innovative platform provides a no-code experience, enabling users to easily define conditional logic for processing data objects. It supports an array of tasks aimed at enhancing data utility and security, such as cost optimization, data protection, rehydration from archives, and tagging, among others. Additional functionalities are expected to be added in future updates, further expanding its capabilities.

Azure Storage Actions facilitates the rapid composition, validation, and deployment of data management tasks. It features an intuitive Azure portal interface that simplifies the process of defining operations and validating them, ensuring a seamless user experience. Moreover, the platform offers robust support for programmatic management through various tools including REST APIs, the Azure SDK, PowerShell, the Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates. This versatility makes Azure Storage Actions a comprehensive solution for managing large-scale data assets across Azure Blob Storage and Azure Data Lake Storage, promising to significantly enhance data management efficiency and effectiveness for organizations worldwide.

Azure Stack

Azure Stack HCI

Supported Azure Stack HCI Scenarios with System Center

The integration of Azure Stack HCI, version 23H2, with System Center Virtual Machine Manager (SCVMM) marks a significant step forward in hybrid cloud management. Azure Stack HCI 23H2 elevates cloud-based management capabilities through Azure Arc, catering to the needs of large-scale datacenter customers who rely on System Center VMM for their virtualization environment management. The recent announcement from the System Center team outlines the supported scenarios in SCVMM for managing Azure Stack HCI 23H2, providing clarity and direction for system administrators and IT professionals.

SCVMM Support for Azure Stack HCI 23H2

The supported scenarios in SCVMM for Azure Stack HCI 23H2 include:

  • Addition and Management of Azure Stack HCI Clusters: SCVMM facilitates the addition of Azure Stack HCI clusters into your management framework, allowing for comprehensive oversight.
  • Virtual Machine Operations: Provisioning, deploying, and performing lifecycle operations on VMs within Azure Stack HCI clusters are fully supported, streamlining virtual machine management.
  • Storage and Volume Management: SCVMM enables the management of storage pool settings, creation of virtual disks, cluster shared volumes (CSVs), and application of Quality of Service (QoS) settings to optimize storage performance.
  • Workload Migration: The migration of VMware and Windows Server-based workloads to Azure Stack HCI is supported, offering flexibility in transitioning to Azure Stack HCI environments.
  • Cluster Management via PowerShell: Azure Stack HCI clusters can be managed using the same PowerShell cmdlets as Windows Server clusters, ensuring a consistent management experience.
  • Azure Integration: Azure-based VM self-serve capabilities and management services are extended through Azure Arc-enabled SCVMM, enhancing cloud connectivity and management.

Limitations and Azure/WAC Exclusive Scenarios

While SCVMM supports a broad range of management functions, certain scenarios remain exclusive to Azure Portal/Windows Admin Center (WAC) for Azure Stack HCI 23H2:

  • Cluster Creation and Registration: The creation and registration processes for Azure Stack HCI clusters are integrated into deployment and exclusively managed through Azure Portal/WAC.
  • Upgrades and Azure Benefits: Upgrading from Azure Stack HCI 22H2 to 23H2 and enabling Azure benefits on VMs are managed only via Azure Portal/WAC.
  • Advanced Features: New features of Azure Stack HCI 23H2, such as GPU-Partitioning and SDN Multi-site, along with previously unsupported features like Stretched clustering with 22H2, are managed outside of SCVMM.

Future Support and Availability

Support for Azure Stack HCI 23H2 in SCVMM is scheduled to be included in the next Long-Term Servicing Channel (LTSC) version of System Center. The general availability of this version is anticipated to align closely with the release of Windows Server 2025, offering forward-looking compatibility and support for Azure Stack HCI environments.

This integration underscores Microsoft’s commitment to hybrid cloud environments, providing the tools necessary for seamless management of virtualized infrastructure both on-premises and in the cloud. As the landscape of Azure Stack HCI evolves, the synergy between Azure Stack HCI and System Center continues to strengthen, offering a robust, scalable, and efficient management solution for modern datacenters.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 05 and 06)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available in Italy North Region

Azure VMware Solution has been made available in the Italy North Azure Region. This expansion allows customers in Italy to integrate their VMware workloads with Azure services seamlessly, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and expertise they are accustomed to. This launch supports the growing demand for cloud solutions in the region, enabling local businesses to innovate and scale with the cloud’s flexibility and efficiency.

Italy North Region Added to Azure HDInsight

Azure HDInsight is now generally available in the Italy North region. This expansion enhances Azure’s managed, full-spectrum, open-source analytics service capabilities, allowing enterprises to leverage popular frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, and more within Italy North. The availability of HDInsight in this region enables local and global enterprises to process big data, run real-time analytics, and use machine learning more efficiently with reduced latency.

Networking

Azure Virtual Network Manager Security Admin Rule Configuration Feature

The Azure Virtual Network Manager’s security admin rule configuration feature has reached general availability (GA) across 30 regions. This feature empowers organizations to enforce security policies across their virtual networks (VNets) efficiently, spanning subscriptions and regions worldwide. By prioritizing these rules above network security groups (NSGs), it ensures a standardized approach to security, helping to mitigate misconfigurations and adherence to corporate policies. The introduction of security admin rules streamlines network management, reducing the complexity of operations while enhancing security measures for expanding network infrastructures.

Azure Virtual Network Manager Topology View

Azure Virtual Network Manager (AVNM) topology view has been officially launched and is now generally available. This innovative feature offers a scalable and reliable solution for managing networks across global subscriptions. It integrates with Azure Resource Topology (ART) to provide a comprehensive visualization of network resources, contextualized by AVNM connectivity configurations. The topology view facilitates a deeper understanding of network connections, offering insights into the connectivity among network groups and VNets, thus enhancing confidence in network deployment strategies.

ExpressRoute Guided Portal Experience (preview)

Microsoft announces the public preview of the ExpressRoute guided portal experience, aimed at simplifying the configuration of multi-site resilient ExpressRoute circuits. This new portal experience offers critical information, such as the distance between peering locations and traffic engineering recommendations, to assist customers in making informed decisions. During the preview, users can access this feature globally in the Azure public cloud via the Azure portal flight link. This initiative underscores Microsoft’s commitment to providing intuitive tools for enhancing network resiliency and connectivity.

Storage

Mount Azure Storage as a Local Share in App Service Linux Now Supports NFS

Azure App Service Linux now supports NFS when mounting an Azure File share as a local share for web apps. This update enables more flexible and efficient storage solutions for web applications hosted on Azure, streamlining the integration and management of file storage.

Azure Ultra Disk Storage Now Available in Canada East

Azure Ultra Disk Storage, offering high throughput, high IOPS, and consistent low-latency disk storage, is now available in Canada East. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads, Ultra Disk Storage enhances Azure Virtual Machines’ performance and capabilities in the region.

Azure NetApp Files Standard Network Features – Edit Volumes in US Gov Regions

Azure has launched a public preview for editing network features of Azure NetApp Files volumes in US Gov regions, leveraging advanced hardware and software integration. This update introduces Standard Network Features, enhancing the virtual networking experience with improved security for Azure NetApp Files. Users can now upgrade Basic network features to Standard, benefiting from increased IP limits, enhanced network security and control, and improved connectivity options. This preview is available across all US Gov regions (VA, TX, & AZ).

General Availability: Support for up to 100 TB of Storage for the FHIR Service

Azure announces general availability for expanded storage support in the FHIR service, part of Azure Health Data Services, up to 100 TB. This enhancement allows for the storage and exchange of vast amounts of health data, facilitating large-scale analytics, population health management, research, and insights from health data. Organizations requiring storage beyond the default 4 TB can request an increase through the Azure portal.

Azure Stack

Azure Stack HCI

Azure Stack HCI 23H2 General Availability

Microsoft has announced the general availability of Azure Stack HCI version 23H2, marking a significant update in cloud-managed edge infrastructure. This version is ready for production . It introduces several previews, including Azure Migrate and Microsoft Defender for Cloud, specifically designed for Azure Stack HCI environments. However, it’s noteworthy that certain features like stretched clustering and System Center VMM support are temporarily unavailable in some regions. The launch of Azure Stack HCI 23H2 represents a leap forward in Microsoft’s edge infrastructure offerings, providing enterprises with robust, scalable solutions for their hybrid cloud environments.

Key Highlights:

  • Production-Ready: Azure Stack HCI 23H2 is now ready for production environments, offering robust and reliable infrastructure solutions.
  • Seamless Update Process: An update from the previous version 22H2 to 23H2 will soon be available, specifically targeting 23H2 clusters to ensure smooth transitions.
  • Enhanced Solutions Availability: The GA version includes premier and integrated solutions, enriching the ecosystem for Azure Stack HCI users.
  • Azure Virtual Desktop (AVD) for Azure Stack HCI: AVD is now generally available, bringing together the advantages of Azure Virtual Desktop and Azure Stack HCI. This combination allows organizations to run virtualized desktops and apps securely, either on-premises at the edge or within data centers.
  • Azure Migrate Integration (Preview): Azure Stack HCI now supports Azure Migrate in preview, facilitating easier migration of workloads to Azure Stack HCI environments.
  • Microsoft Defender for Cloud Integration (Preview): Enhance your security posture with Microsoft Defender for Cloud for Azure Stack HCI, currently in preview.
  • Guidance on Using Version 22H2: It’s recommended to continue using version 22H2 temporarily if:
    1. The service is not available in your region (currently limited to East US and West Europe).
    2. You require stretched clustering support, which is not available in 23H2.
    3. Your setup relies on System Center VMM, not supported by 23H2.

Additional Information:

  • Currently, 3-node switchless deployments are not supported.
  • The GA version includes proxy support for HCI infrastructure, but not yet for VMs.
  • Updates to 23H2 can be performed through the portal on existing preview clusters or by new deployment.
  • With Windows Defender Application Control (WDAC) enabled by default in Azure Stack HCI 23H2, steps may be needed to allow certain applications to run.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in January 2024

This month, Microsoft has introduced a series of significant updates for Azure management services. This is part of a series of monthly articles aimed at providing an in-depth and detailed analysis of the most relevant innovations. The goal is to keep users always informed about the ongoing evolutions of Azure, providing the essential information to explore these developments further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Monitor VM Insights Dependency Agent for VM Linux RHEL 8.6

The Dependency Agent of Azure Monitor VM Insights is now supported for Linux Red Hat Enterprise Linux (RHEL) 8.6 VMs. This means that the Dependency Agent can be used to monitor network connections and processes of Linux RHEL 8.6 virtual machines and visualize the dependencies between them in the VM Insights Map function.

Integration of Azure Advisor with Azure Monitor Log Analytics Workspace

Azure Advisor is a cloud tool designed to help users follow best practices in optimizing their workloads in Azure. This solution analyzes resource configurations and telemetry data to provide targeted recommendations to improve four key areas: cost efficiency, performance, reliability, and security of Azure resources. Moreover, to support more effective management of Azure Monitor costs, Microsoft has implemented specific cost optimization recommendations and integrated Azure Advisor into the Log Analytics Workspace management interface.

Dedicated clusters in Azure Monitor logs now support different commitment levels

Microsoft has extended the capabilities of dedicated clusters in Azure Monitor Logs, now supporting any level of commitment, starting from a minimum of 100 GB per day. This new feature offers greater flexibility and customization for users who require specific solutions for their monitoring and logging needs. With this expansion, customers have the option to choose the service level that best fits their needs, ensuring more efficient and tailored data management.

Configure

Update management

Azure Update Manager on Azure Arc-enabled servers: new billing rules

From February 2024, Azure Update Manager will start generating consumption for Azure Arc-enabled servers. Azure Update Manager, formerly known as Azure Automation Update Management, has been available since September 2023. Customers who started using the service from that date will not be subject to costs until February 1, 2024.

Starting February 1, 2024, customers using Azure Update Manager on Azure Arc-enabled servers will be billed daily, with a specific rate per server per day, equivalent to about $5 USD per server per month.

An Azure Arc-enabled server is considered managed by Azure Update Manager on days when it meets both of the following conditions:

it has a connection status with Arc at any time of the day; an update operation is performed on it (patch on demand or via scheduled job, evaluation on demand or via periodic assessment) or it is associated with a schedule.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs.This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Preview of the Azure Arc extension for Visual Studio Code

Microsoft has announced the public preview of the Azure Arc extension for Visual Studio Code. This extension allows developers to easily manage Azure Arc resources and services directly from Visual Studio Code. With this integration, developers can expect greater efficiency and simplified workflows, as they will have the ability to access and manage Azure Arc resources without leaving the Visual Studio Code development environment.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • introduction of agentless container posture for GCP in Defender for Containers and Defender CSPM;
  • public preview of agentless malware scanning for servers;
  • integration of Defender for Cloud with Microsoft Defender XDR;
  • DevOps security annotations for Pull Requests enabled by default for Azure DevOps connectors.

Protect

Azure Site Recovery

Support for Azure VMs with Premium SSD v2

Azure Site Recovery now supports Azure VMs equipped with Premium SSD v2. This feature is available as a private preview in selected Azure regions. Premium SSD v2 disks represent Azure’s most advanced block storage solution, ideal for high I/O intensity enterprise workloads, offering sub-millisecond latencies, high IOPS, and throughput. This addition responds to a frequent customer request to be able to use Azure Site Recovery with Azure VMs on Premium SSD v2. Thanks to this feature, customers can ensure greater data security and operational continuity of applications and workloads, even in case of planned or unplanned interruptions.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 03 and 04)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Cloud Services (Classic) Retirement

Microsoft has announced the retirement of its Azure Cloud Services (Classic) deployment model, effective August 31, 2024. This decision marks a significant shift towards more advanced and modern cloud solutions. Users of Azure Cloud Services (Classic) are encouraged to migrate their services to Cloud Services (Extended Support) in Azure Resource Manager, which offers new capabilities and improved efficiency. This transition is vital for maintaining service continuity and accessing enhanced features.

Compute

Automatic Image Creation

Azure has announced the general availability of its Automatic Image Creation service. This feature simplifies the process of creating and managing virtual machine images, allowing for automation and streamlining of deployments. The general availability of this service underscores Azure’s commitment to providing efficient and user-friendly solutions in cloud computing.

Upgrade of Azure Gen1 VMs to Gen2-Trusted Launch (private preview)

Microsoft has announced a private preview that allows users to upgrade their existing Azure Generation 1 (Gen1) virtual machines (VMs) to Generation 2 (Gen2) with Trusted Launch support. This upgrade enhances the foundational security of existing Azure VMs by enabling features like Secure Boot and vTPM capabilities, integral to the Trusted Launch service. Trusted Launch provides a robust security framework for Azure VMs, ensuring boot integrity and protection against advanced threats. The service works by ensuring that only signed operating systems and drivers can boot, establishing a root of trust for the VM software stack. It supports a wide range of compute-optimized, memory-optimized, and storage-optimized VM sizes, as well as multiple operating systems including various versions of Linux and Windows. Notably, this upgrade doesn’t increase existing VM pricing, making it an attractive option for users seeking enhanced security without additional costs.

Networking

Azure Virtual Network Encryption

Microsoft has released the general availability of Azure Virtual Network Encryption, providing an additional layer of security for data in transit. This new feature ensures that data moving within a virtual network is encrypted, enhancing protection against potential threats and unauthorized access. The availability of this feature signifies Microsoft’s ongoing commitment to offering robust security solutions in its cloud services.

Load Balancer in Azure API Management (preview)

Microsoft has introduced a public preview of the Load Balancer in Azure API Management. This feature aims to optimize the distribution of user requests across various servers, ensuring efficient resource utilization and improved response times. The introduction of this load balancer in the preview phase allows users to test and provide feedback, helping Microsoft enhance the feature before its full-scale release.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Leveraging Azure infrastructure in Italy: opportunities and strategies for businesses

In the digital era, the evolution of cloud computing represents a crucial turning point for businesses, radically changing the way data, applications, and IT infrastructures are managed. At the heart of this revolution stands Microsoft Azure, a leading cloud platform that offers an extensive assortment of services and solutions, designed to increase efficiency, security, and resilience of workloads. Azure’s availability in Italy presents an opportunity for businesses of all sizes to optimize their IT resources and expand in the digital landscape. This article aims to explore the potential of Azure’s infrastructure in Italy, highlighting how companies can benefit from its innovative services, seizing practical advantages and concrete opportunities that arise from it.

Azure: a flexible ecosystem for innovation

Azure’s philosophy is clear: simplify IT management without sacrificing reliability and efficiency. Microsoft has structured Azure to be a versatile platform, suitable for reducing costs and complexity for customers. This flexibility is manifested in Azure’s ability to integrate with existing environments, whether it be hybrid clouds with VMware and Nutanix, or in the implementation of IaaS and PaaS services for business applications. Microsoft’s approach is to put the customer at the center, offering customized solutions adaptable to every specific need.

Figure 1 – Microsoft Azure: The Infrastructure Designed for Various Workloads

The launch of Azure in Italy: a customer-oriented process

Azure’s service rollout follows a well-defined path. Initially, in the pre-launch phase, Microsoft establishes the ‘Azure Foundational Services’, which include the essential basic infrastructure: computing, storage, and networking. These components constitute the fundamental core of a cloud environment. With the official start of a region, Microsoft enters a new phase, introducing the ‘Azure Mainstream Services’. These services are expanded and adapted to directly meet customer needs, marking a crucial step in tailoring Microsoft’s cloud offering to the specificities of the local market. As the region matures, Microsoft launches the ‘Azure Strategic Services’, designed to meet more complex requirements and cover advanced use scenarios. At this stage, the focus is on close collaboration with customers to optimize workloads and performance, reflecting a continuous commitment to listening and responding to customer needs. Currently, the Azure Italy North region is in a phase of dynamic development, marked by a constant commitment to evolving services. Microsoft aims to grow in harmony with the needs of its customers, aiming not only to meet current needs but also to drive future innovation.

Figure 2 – Phases of Implementing Azure Services in a New Region

Reliability and resilience: a shared commitment and a framework for excellence

Reliability in the cloud represents a shared goal by both providers and users. Microsoft commits to providing a resilient foundation for the cloud, but it is up to companies to build robust systems on this foundation. Through the use of Azure, customers have the opportunity to implement resilience solutions, including high availability and disaster recovery, which integrate into their infrastructures to ensure operational continuity and security. The “Azure Well-Architected Framework” plays a crucial role in an effective cloud strategy. This framework guides companies through fundamental practices such as design, testing, and monitoring, emphasizing the need for a conscious approach in design, rigorous testing, and constant control. In this way, companies can ensure they operate in a reliable cloud environment.

Resilience and availability: Multi-Region vs. Single-Region

It is important to clarify a fundamental aspect. Historically, Microsoft Azure has adopted a multi-region design approach to ensure high cloud availability. By implementing multi-region architectures, Azure has allowed customers to distribute workloads across different regions, creating an effective failover architecture in case of interruptions. For example, European businesses have been able to distribute their workloads between West Europe and North Europe. In case of problems in one region, the other can automatically intervene, reducing the risk of downtime and ensuring operational continuity.

Figure 3 – Multi-Region Model

The ‘Data Residency Boundary’ demonstrates that, despite geographic distribution, data remains confined within a designated area, ensuring compliance with local regulations. Azure thus meets not only the technical needs for availability but also the legal and compliance requirements of global customers.

However, with Microsoft’s global expansion, there has been an evolution in the design of cloud infrastructures. The Azure North Italy region is an example, adopting a single-region approach with three availability zones and no paired regions, still ensuring excellent service availability and resilience.

Figure 4 – Single-Region Model

The North Italy region, created after careful risk analysis, ensures optimal security and performance. With latencies below 2 milliseconds, it offers synchronous replication of applications and data, maintaining operational continuity and data integrity. Each availability zone has independent data centers with autonomous resources, highlighting Microsoft’s commitment to high operability and service reliability.

Respecting the ‘Data Residency Boundary’ is crucial in Europe, where data protection regulations are stringent. The North Italy region is a model of adaptation to these needs, ensuring that data remains within regional borders and compliant with local laws.

The Azure Italy North Region: an opportunity for italian businesses

Addressing Italian companies considering the cloud to expand or transfer their IT infrastructure, the Azure North Italy region emerges as a promising choice. For businesses with operational headquarters exclusively in Italy, adopting this region offers tangible benefits, such as reduced latency and high performance, critical aspects for those operating predominantly at the national level. This choice also aligns with EU and Italian data residency regulations.

For customers currently using Azure services in other regions, such as West Europe, the transition to North Italy requires a more in-depth analysis. Key elements to consider include the impact on existing IT infrastructures, operational costs, and application performance. It is also crucial to evaluate latency in interactions between services located in different regions.

Another relevant factor is the need to serve users in geographically distant areas. In such cases, it might be more effective to maintain some services in a region closer to end-users or consider solutions that involve the distribution of Azure services across multiple regions.

The decision on the most suitable Azure region depends on the specific needs of the company and the geographical distribution of users. The advantage of the cloud lies in its flexibility and ability to adapt to various scenarios. Therefore, for Italian companies, both in the initial phase of adopting the cloud and in the expansion phase, the Azure North Italy region represents an option to be carefully considered.

Why choose Azure in northern Italy

Among the main aspects leading to the choice of adopting the Azure region located in Italy are:

  • Opting for a data center located in Italy means that data is physically stored within the country, in compliance with Italian data residency regulations. This choice not only minimizes risks related to data sovereignty but also ensures compliance with national and European Union regulations.
  • Companies can be sure of operating within the data borders of the EU and take advantage of advanced confidential computing capabilities, which provide additional levels of protection for sensitive data.
  • Optimization of performance for applications. Whether it’s Internet of Things (IoT) applications, Virtual Desktop solutions, or hybrid infrastructures, the North Italy region has been designed to support intensive use scenarios and to ensure the necessary performance for these advanced technologies.
  • Energy cost savings and reduced environmental impact. The North Italy region stands out for its energy efficiency, with a Power Usage Effectiveness (PUE) index of 1.12 and a Water Usage Effectiveness (WUE) of 0.023 l/kWh. These figures reflect Microsoft’s commitment to sustainability and energy efficiency.

Conclusions

The presence of Microsoft Azure in Italy represents a valuable resource for local businesses. Azure stands out for its versatility and adaptability, proposing an ecosystem that is easily integrable with various operational contexts and capable of meeting specific business needs, while ensuring efficiency and reliability. The availability of this cloud platform in Italy allows companies to benefit from greater scalability in the digital sector, thanks to reduced latency, high performance, and full adherence to local regulations. A determining factor is compliance and sovereign data management: the Azure Italy North region strictly respects European data protection laws, ensuring that data remains within regional borders and compliant with current regulations. A distinctive feature of this region is also energy efficiency and a lower environmental impact, resulting in advantageous energy consumption. With Azure, Italian companies have the opportunity to embark on a path of digital innovation, availing themselves of customized solutions, maximum security, and regulatory compliance

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 01 and 02)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Customer-Managed Keys for Azure NetApp Files volume encryption

Azure NetApp Files now supports customer-managed keys for volume encryption, enhancing data security and control. This feature allows users to manage their encryption keys, providing an additional layer of security for sensitive data stored in the cloud. The integration of customer-managed keys with Azure NetApp Files ensures that data encryption aligns with organizational policies and regulatory requirements, offering a secure and compliant storage solution.

Premium SSD v2 and Ultra Disks support with Trusted Launch

Azure introduces the general availability of Premium SSD v2 and Ultra disks support for Trusted Launch virtual machines. This integration enhances security and performance for Azure virtual machines. Trusted Launch provides foundational security with features like Secure Boot and vTPM, protecting against advanced threats. The Ultra disks offer high-performance storage ideal for data-intensive workloads, while Premium SSD v2 disks provide a cost-effective solution for a broad range of enterprise applications.

Zone Redundant Storage for Azure Disks in more regions

Azure has expanded the availability of Zone Redundant Storage (ZRS) for Azure Disk Storage. Now available in West US3 and Germany West Central regions, ZRS enables synchronous data replication across three availability zones. This feature enhances data resilience and application uptime by mitigating the impact of zonal failures. ZRS is compatible with Azure Premium SSDs and Standard SSDs, ensuring high availability for critical workloads.

Azure Ultra Disk Storage Now Available in UK West and Poland Central

Azure has expanded its Ultra Disk Storage to the UK West and Poland Central regions, offering high throughput, high IOPS, and consistent low-latency disk storage. Azure Ultra Disk Storage is ideal for handling data-intensive workloads like SAP HANA, top-tier databases, and transaction-heavy processes. This expansion provides users in these regions with access to Azure’s most advanced storage solutions, optimizing performance for critical applications.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Microsoft Cloud for Sovereignty: the solution to meet sovereignty requirements in the cloud and hybrid environments

Microsoft has recently announced the availability of Microsoft Cloud for Sovereignty across all Azure regions. This solution offers reliable options for the public sector, designed to support the migration, development, and transformation of workloads in Microsoft’s cloud while complying with regulatory, security, and control requirements. In this article, we delve into the distinctive features of Microsoft Cloud for Sovereignty, exploring how it can ensure rapid digital transformation for government entities in compliance with regulations.

Sovereignty in the Hyperscale Cloud

Governments worldwide must meet a wide range of national and regional compliance requirements for applications and workloads, including governance, security controls, privacy, and in some cases, data residency and sovereign protections. Until now, most solutions to meet these regulatory requirements relied on private clouds and on-premises environments, slowing the adoption of scalable, secure, and resilient cloud solutions.

What is Data Sovereignty and Microsoft’s Stance on ‘Sovereignty’?

Data sovereignty is the concept that data is under the customer’s control and regulated by local laws. While data residency ensures data remains in a specific geographic location, data sovereignty ensures adherence to the regulations of the country where the public sector customer is located. Each jurisdiction has its own requirements, vision, and unique needs when it comes to addressing sovereignty. In this regard, while Microsoft believes many of these needs are met through standard cloud solutions, it has introduced Microsoft Cloud for Sovereignty, providing an additional layer of capabilities to meet the individual needs of public sector and government clients. It is then up to partners and clients to determine what is appropriate for their specific needs. For the most sensitive workloads that cannot be hosted in the public cloud, Microsoft offers hybrid options, such as Azure Stack HCI, allowing customers to keep data in their own on-premises environments.

The following paragraphs outline the most common requests for achieving data sovereignty in the cloud.

Residency, Security, and Compliance in the Hyperscale Cloud

Microsoft Cloud for Sovereignty is rooted in over 60 global Azure cloud regions, ensuring unmatched security and a wide range of regulatory compliance. This positions Microsoft as the cloud provider with the most regions worldwide, and this infrastructure allows customers to implement specific policies to ensure their data and applications remain within their preferred geographic boundary, fully respecting national or regional data residency requirements.

Controls for Data Access

Microsoft Cloud for Sovereignty provides controls to ensure sovereignty, protection, and encryption of sensitive data and to control access, enabled by:

  • Sovereign Landing Zone: A specific Azure landing zone designed for entities requiring privacy, security, and sovereign controls in compliance with governmental regulations. These zones provide a repeatable and secure approach for cloud service development and deployment. Governments facing complex and multilevel regulatory contexts find in the Sovereign Landing Zones an effective solution for designing, implementing, and managing solutions, adhering to established policies. They allow for the implementation and configuration of Azure resources, ensuring alignment with the best practices of the Cloud Adoption Framework (CAF). These guides enable organizations to meet data sovereignty requirements. For more information on SLZ and their features, it is recommended to consult the documentation on GitHub.
  • Azure Confidential Computing: A technology developed by Microsoft aimed at enhancing data security while being processed in the cloud. Traditionally, data can be protected while at rest (stored) or in transit (during transmission), but become vulnerable when in use or running on a server. Confidential Computing seeks to bridge this gap by protecting data even when in execution. This is achieved through the use of a technology called “Trusted Execution Environment” (TEE), which is essentially a secure area of the processor. TEEs isolate data and code in execution from other processes, including those of the operating system, so that only authorized code can access the data. This means that even if an attacker manages to penetrate the operating system or network, they would not be able to access the protected data within the TEE. Azure Confidential Computing is particularly useful for use cases requiring a high level of data security, such as financial transactions, healthcare information management, or handling sensitive data for businesses or governments.

The Complexity of Addressing Regulations that Vary from Country to Country

Digital sovereignty is a complex issue, varying significantly from one nation to another. To address this challenge, Microsoft has adopted a collaborative and customized approach with its Microsoft Cloud for Sovereignty. By working closely with local partners in different countries, Microsoft is able to tailor its cloud solutions to the specific needs of each client, maximizing efficiency and ensuring secure implementations.

In this context, Microsoft offers its clients the ability to adopt specific policies related to sovereignty through Azure, simplifying the process of complying with national and regional regulations. These initiatives (set of policies) help clients establish cloud security parameters, facilitating compliance with regulations.

A concrete example is the adoption of the Azure Cloud Security Benchmark. Clients can start here, then add the new Sovereignty Policy Baseline to strengthen digital sovereignty practices. Additionally, they can integrate specific layers for their regions, such as the guidelines for cloud migration from the Italian National Agency for Cybersecurity of Public Administration (ACN) for clients in Italy.

Furthermore, the new Cloud Security Alliance Cloud Controls Matrix (CSA CCM v4) policy initiative offers a global benchmark that informs and guides many regional standards, further consolidating Microsoft’s commitment to secure, compliant, and sovereign cloud solutions.

How Microsoft Ensures Data Remains in a Specific Country and Supports Sovereignty Needs of Governments Without Azure Regions in Their Territory?

Microsoft provides detailed information about data residency in the Microsoft Cloud through its documentation and the Microsoft Trust Portal. Additional measures to maximize data residency have been announced as part of the EU Data Boundary. Governments worldwide have different preferences regarding sovereignty and data residency. For some clients, data residency in their own country is not a prerequisite for sovereignty. Moreover, the sovereignty controls that Microsoft provides can be used anywhere, even in the absence of a region in their own country.

Microsoft Cloud for Sovereignty for Italian Clients

A significant step towards digital sovereignty in Italy is represented by the introduction of the new Azure Italy North region. This region opens new possibilities for public and private clients, offering them access to Sovereign Landing Zones. Additionally, Azure Italy North stands out for adopting cutting-edge technologies like Azure Confidential Computing. With the addition of Azure Italy North, Microsoft demonstrates its commitment to supporting the specific needs of Italian clients, providing advanced technological solutions that meet the challenges of digital sovereignty and data security.

Capabilities of Microsoft Cloud for Sovereignty

The capabilities of Microsoft Cloud for Sovereignty extend across several levels:

Figure 1 – The Various Layers that Compose Microsoft Cloud for Sovereignty

New Capabilities for Sovereignty

The following new solutions highlight Microsoft’s ongoing investment in improving sovereignty in the hyperscale cloud:

  • Drift Analysis Capability: Continuous administration and maintenance can potentially introduce changes that are not compliant with established policies, causing the deployment to deviate from compliance over time. The new drift analysis tool inspects the deployment and generates a list of non-compliant settings, along with a severity assessment, facilitating the identification of discrepancies to be remedied and the verification of compliance in specific environments.
  • Transparency Logs: Provides eligible customers with visibility into instances where Microsoft engineers have accessed customer resources through Just-In-Time (JIT) access, most commonly in response to a customer support request.
  • New Configuration Tools in the Azure Portal: Allow customers to create a new custom Sovereign Landing Zone in two simple steps using a guided experience.

Conclusions

In conclusion, Microsoft Cloud for Sovereignty represents a significant turning point in data management and digital sovereignty in the cloud and hybrid environments. With its ability to meet complex compliance requirements and ensure data security, this solution stands as a fundamental pillar for the public and governmental sector. The availability across all Azure regions, coupled with innovative Azure Confidential Computing and Sovereign Landing Zones, offers customers unprecedented flexibility to keep data within national or regional boundaries, respecting local regulations. Microsoft’s personalized and collaborative approach in responding to the specific needs of each country demonstrates a clear commitment to digital sovereignty, offering secure, scalable, and reliable solutions. Particularly for Italian clients, the opening of the Azure Italy North region is a significant step forward, highlighting Microsoft’s investment in supporting local needs and strengthening data security. Overall, Microsoft Cloud for Sovereignty emerges as an important innovation in the cloud computing landscape, advancing the mission of a safer, compliant, and sovereign digital future.

Azure Management services: what’s new in December 2023

This month, Microsoft introduced a series of significant updates to the Azure management services. Through this series of monthly articles, the aim is to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Configure

Azure Automation

Retirement of Azure Automation Services – August 31, 2024

Microsoft has announced that on August 31, 2024, two services in Azure Automation will be retired: the Update Management service and the Change Tracking and Inventory service, both using the Log Analytics agent.

  1. Retirement of the Azure Automation Update Management service: This service, currently used for update management and system maintenance, will no longer be available after August 31, 2024. Users are encouraged to migrate to alternative solutions offered by Azure to maintain effectiveness in managing their system updates.
  2. Retirement of the Change Tracking and Inventory service with Log Analytics Agent: Similarly, the Change Tracking and Inventory service, which utilizes the Log Analytics agent in Azure Automation, will end its operations on the same date. Customers are invited to explore and adopt other solutions provided by Azure to effectively manage change tracking and inventory management of IT resources.

Microsoft urges its users to take timely action to ensure a smooth transition to the new proposed solutions, thus ensuring continuity and efficiency in managing their IT infrastructures.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly looking for innovative ways to enhance Microsoft Cost Management, their solution designed to provide greater transparency on cloud costs, identify and prevent inefficient spending patterns, and optimize overall costs. During 2023, numerous improvements and significant updates have been implemented to this solution. These updates aim to make Microsoft Cost Management even more effective in providing its users with the information and tools necessary to manage cloud expenses more efficiently and consciously.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, and improvements are introduced on an ongoing basis. To stay up-to-date on the most recent developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Defender for Servers at the resource level: it is now possible to manage Defender for Servers on specific resources within one’s subscription, allowing full control over the protection strategy. This capability allows for configuring specific resources with custom settings different from those configured at the subscription level.
  • Retirement of the classic multi-cloud connectors: the experience of the classic multi-cloud connectors has been retired, and data is no longer transmitted to connectors created through that mechanism. The new native multi-cloud connectors, available for AWS and GCP since March 2022 without additional costs, completely replace the value of these classic connectors.
  • Release of the coverage workbook: this tool allows monitoring which Defender for Cloud plans are active on which parts of the environment, helping to ensure complete protection of environments and subscriptions.
  • Vulnerability assessment for Container Images in Azure Government and Azure managed by 21Vianet: vulnerability assessment for Linux container images in Azure is now also available in Azure Government and Azure managed by 21Vianet.
  • Support for Windows in the Container Vulnerability Assessment (preview): support for Windows images has been released in public preview as part of the vulnerability assessment for Azure and Azure Kubernetes Services container registries.
  • Agentless container security posture for AWS in Defender for Containers and Defender CSPM (preview): the new agentless capabilities of container security posture are now available for AWS.
  • Support for PostgreSQL Flexible Server in the Defender plan for open-source relational databases: Microsoft has announced support for PostgreSQL Flexible Server in the Microsoft Defender plan for open-source relational databases.

Protect

Azure Backup

Crash Consistent Multi-Disk VM Restore Points

Microsoft recently announced the introduction of support for the ‘Crash Consistent’ multi-disk mode in virtual machine (VM) restore points. This feature provides an agentless solution that captures and preserves both the VM configuration and write- and timing-consistent snapshots for all managed disks connected to the VM. The captured state is equivalent to that of the data present in the VM in the event of a power outage or system crash. This innovation aims to significantly improve reliability and data management in Azure infrastructures.

Azure Site Recovery

New Update Rollup

Update Rollup 70 has been released for Azure Site Recovery. This update brings significant improvements in terms of functionality and service stability, consolidating Azure Site Recovery’s position as a reliable solution for disaster recovery. The related details and the procedure to follow for installation can be found in the specific KB.

Migrate

Azure Migrate

‘As on-premises’ in Azure Migrate SQL Discovery and Assessment (preview)

Azure Migrate has introduced the new ‘As on-premises’ sizing policy for SQL instance assessments. This feature allows for quick and accurate analysis of SQL instances identified by the Azure Migrate appliance. The ‘As on-premises’ policy is based on the source SQL instance configuration to provide appropriate sizing recommendations for the target Azure SQL service. Additionally, if performance data is available, an assessment can be carried out based on these performances to obtain customized SKU recommendations for the source workload on Azure. In cases where performance data is not available for some specific instances, the ‘As on-premises’ sizing is employed to ensure precise and reliable target sizing.

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.