Azure IaaS and Azure Stack: announcements and updates (May 2023 – Weeks: 19 and 20)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution on Azure Government

Azure VMware Solution will become generally available on May 17, 2023, to US Federal and State and Local Government (US) customers and their partners, in the regions of Arizona and Virgina. With this release, Microsoft is combining world-class Azure infrastructure together with VMware technologies by offering Azure VMware Solutions on Azure Government, which is designed, built, and supported by Microsoft.

Networking

Routing Intent and Virtual WAN Integrated Firewall NVAs

Routing intent allows you to set up simple and declarative routing policies to configure Virtual WAN to route traffic to bump-in-the-wire security solutions such as Azure Firewall, Integrated Firewall NVA and SaaS deployed in the Virtual WAN hub. This feature delivers two critical use cases: inter-region/inter-hub traffic inspection and branch-to-branch (on-premises to on-premises traffic inspection). With the General Availability of routing intent feature, the Virtual WAN team also extended routing intent capabilities to Next Generation Firewall NVA’s integrated within the Virtual WAN hub. As a result, the Virtual WAN team is also announcing the General Availability of the first two integrated Firewall NVA’s in Virtual WAN: Check Point CloudGuard Network Security and Fortinet NGFW.

Seamlessly upgrade your Application Gateway V2 WAF configuration to a policy

Azure’s regional Web Application Firewall (WAF) on Application Gateway now supports a fully automated experience when upgrading your WAF from a configuration to a policy. WAF policies offer you multiple benefits over WAF configurations including:

  • richer feature set: Advanced features like newer managed rule sets, custom rules, per rule exclusions, bot protection rules, and more;
  • higher scale and performance with our next generation WAF engine;
  • simplified management experience: WAF policy allows you to define your WAF setup once, and share it across multiple gateways, listeners, and URL paths;
  • latest features: you can keep up to date with the latest features and enhancements.

Policy analytics for Azure Firewall

As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies. Over time, the firewall configuration can grow sub optimally impacting firewall performance and security. It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.

Inbound ICMPv4 pings are now supported on Azure Load Balancer

Standard Public Load Balancer now supports inbound ICMP pings on IPv4 frontends. Previously, to determine reachability of a Load Balancer’s frontend, a TCP-based ping tool like Psping would need to be used. This added complexity as external software was needed on each client machine. Now, you can ping the IPv4 frontend of a Standard Public Load Balancer like you natively would on an on-premises device without any external software needed. This enables you to troubleshoot network traffic between Azure Load Balancer and your client device.

Azure Bastion now support shareable links

With the Azure Bastion shareable links feature, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.
This feature will solve two key pain points:

  • administrators will no longer have to provide full access to their Azure accounts to one-time VM users—helping to maintain their privacy and security;
  • users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.

Now generally available, the shareable links feature is supported for peered VNETs across subscriptions and across regions. It is also supported for national clouds.

Azure DNS Private Resolver is available in additional regions

Azure DNS Private Resolver is now available in West US, Canada East, Qatar Central, UAE North, Australia Southeast, Norway East, Norway East, and Poland Central.

Always Serve for Azure Traffic Manager (preview)

Always Serve for Azure Traffic Manager (ATM) is now available in public preview. You can disable endpoint health checks from an ATM profile and always serve traffic to that given endpoint. You can also now choose to use 3rd party health check tools to determine endpoint health, and ATM native health checks can be disabled, allowing flexible health check setups.

Storage

Azure Container Storage (preview)

Azure Container Storage, now in preview, is a unique volume management service built natively for containers. It provides a consistent experience across different types of storage offerings, including Managed option (backed by Azure Elastic SAN), Azure Disks, and ephemeral disk on container services. This simplifies the deployment of persistent volumes and offers a highly scalable, cost-effective, high-performance and resilient storage solution. With Azure Container Storage, you can easily create and manage block storage volumes for production-scale stateful container applications and run them on Kubernetes, ensuring consistent experiences across different environments. The solution is optimized to enhance the performance of stateful workloads on Azure Kubernetes Service (AKS) clusters by accelerating the deployment of stateful containers with persistent volumes and improving quality with reduced pod failover time through fast attach/detach. Additionally, by efficiently deploying and managing persistent volumes on backend storage options, you can reduce the total cost of ownership (TCO) associated with container storage.

Azure NetApp Files Standard Network Features – Edit Volumes (preview)

Standard Network Features provide you with an enhanced Virtual Networking experience for a seamless and consistent experience along with security posture for Azure NetApp Files. You are now able to edit existing ANF volumes and upgrading Basic network features to Standard network features.

Please follow and like us: