This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Compute
Automatic Azure VM extension upgrade capabilities
Azure Virtual Machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade VM extensions is now available for Azure Virtual Machines and Virtual Machine Scale Sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.
Storage
Azure File Sync agent v13
Improvements and issues that are fixed in the v13 release:
- Authoritative upload: authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
- Portal improvements to view cloud change enumeration and sync progress: when a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
- Support for server rename: if a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
- Support for Windows Server 2022 Preview: the Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
- Miscellaneous improvements:
- Reliability improvements for sync, cloud tiering and cloud change enumeration.
- If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
- The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
- Explorer.exe is now excluded from cloud tiering last access time tracking.
- New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.
More information about this release:
- This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
- A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
- The agent version for this release is 13.0.0.0.
- Installation instructions are documented in KB4588753.
Networking
Re-size Azure virtual networks that are peered (preview)
Virtual networks in Azure have had a long-standing constraint where any address space change is only allowed if the virtual network does not have any peerings. Microsoft is announcing that this limitation has been lifted, and customers can freely resize their virtual networks without incurring any downtime. With this feature, existing peerings on the virtual network do not need to be deleted prior to adding or deleting an address prefix on the virtual network.
Azure VPN Client for macOS
Azure VPN Client for macOS is available with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol.
Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, you can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for your Mac devices.
Azure ExpressRoute Global Reach: 2 new locations
There are 2 new locations for ExpressRoute Global Reach:
- South Africa (Johannesburg only)
- Taiwan
For more information about ExpressRoute Global Reach and available locations, visit ExpressRoute Global Reach webpage.
