This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Compute
Azure Mv3 Medium Memory (MM) Virtual Machines (preview)
Microsoft announced the public preview of the next generation Mv3 Medium Memory (MM) virtual machine series. These virtual machines are designed to offer improved performance and higher reliability compared to their predecessors. Some of the key features of the new Mv3 MM VMs include:
- Powered by the 4th Generation Intel® Xeon® Scalable Processor and DDR5 DRAM technology.
- Capability to scale for SAP workloads ranging from 250GB to 4TB, ensuring faster performance and a lower total cost of ownership (TCO).
- With Azure Boost, the Mv3 MM VMs deliver approximately a 25% improvement in network throughput and up to a 1.5X boost in remote storage throughput compared to the previous M-series families.
- Azure Boost’s isolated architecture enhances security for the Mv3 MM virtual machines by processing storage and networking separately on dedicated hardware, rather than on the host server.
- Enhanced resilience against failures in memory, disks, and networking, leveraging insights from previous generations.
- Availability in both disk and diskless configurations, providing customers with the flexibility to select the option that best suits their workload requirements.
For a more detailed exploration of this release, you can read their blog.
Networking
New Monitoring and Logging Updates in Azure Firewall
New Monitoring and Logging Updates in Azure Firewall are available:
- Structured Logs: new logging format that provides a more detailed view of firewall events. Structured Logs provide the following benefits: they are easier to work with data in log queries and help discover schemas; they improves performance and reduce latency; they allow ability to grant Azure RBAC rights on specific tables.
- Latency Probe: The Latency Probe metric is designed to measure the overall latency of Azure Firewall and provide insight into the health of the service.
- Resource Health (preview): monitor that provides visibility into Azure Firewall health status and allows you to address service problems that may affect your Azure Firewall resource.
- Embedded Firewall Workbooks (preview): Integrated workbooks into the Azure Firewall Portal that provide valuable insights and statistics regarding your firewall activities and events.
Illumio for Microsoft Azure Firewall
Illumio has joined forces with Microsoft to introduce microsegmentation support for Microsoft Azure Firewall, which is now generally available. This collaboration allows Azure customers to enforce Zero Trust Segmentation, going beyond mere network and application filtering. The integration aids firewall operations teams in understanding rules with a richer context of the resources they are safeguarding. With this enriched context, administrators can effortlessly identify which resource is secured by a particular rule, determine its owner, and confidently manage the rule’s lifecycle.
For a more detailed exploration of this integration and its benefits, you can learn more here.
Quick create Azure Front Door endpoints for Azure Storage accounts
You can now create Azure Front Door Standard and Azure Front Door Premium endpoints directly from the Azure portal, similar to any other Azure CDN endpoint. This integration facilitates the management of all Azure Front Door and/or Azure CDN profiles linked to a storage account from a unified interface. Setting up a new Azure Front Door Service and endpoint for a storage account is straightforward. Users can simply browse to their storage account in the Azure portal and navigate to the Front Door and CDN profiles section. From this location, it’s possible to establish new endpoints, swiftly access the endpoint profiles, manage custom domains for the endpoints, and activate security features such as the Web Application Firewall and/or Private Link. For a more detailed understanding, you can read the documentation.
Azure Front Door Standard/Premium in Azure Government
Azure Front Door (AFD) Standard and Premium tier is now generally available in Azure Government, specifically in the regions of Arizona and Texas. With this release, Local Government (US) customers and their partners can leverage the new and enhanced capabilities offered in the standard and premium tiers. Some of these capabilities include improved reporting and diagnostic tools, an expanded rules engine with server variables, an enhanced Web Application Firewall with features like the latest DRS rule set, Bot protection, and more. The integration with Microsoft Sentinel Analytics and other security features such as Private Link connectivity and subdomain takeover prevention further enhance the offering. However, it’s important to note that the managed certificate for enabling HTTPS is currently not supported in Azure Government, and users are advised to utilize their own certificates.
Rate-limit rules for Application Gateway Web Application Firewall (preview)
Azure’s regional Web Application Firewall (WAF) running on Application Gateway has introduced support for rate-limit custom rules. These rules are designed to detect and block unusually high traffic levels aimed at your application. By implementing rate limiting, users can counteract various denial-of-service attacks, safeguard against clients that might have been mistakenly set up to send a large number of requests in a brief period, and manage traffic rates to their site from specific regions.
For more details, you can learn more here.
Storage
Incremental Snapshots for Premium SSD v2 Disk and Ultra Disk Storage
Azure has announced the general availability of incremental snapshots support for Premium SSD v2 and Ultra Disk. This feature comes with an instant restore capability and is available in all regions where Premium SSD v2 and Ultra Disk are supported. With this update, users can instantly restore Premium SSD v2 and Ultra Disks from snapshots and attach them to a running VM without waiting for any background data copy. This new capability allows immediate read and write access to disks after their creation from snapshots. This ensures a quick recovery of data from accidental deletions or disasters.
For more information and a deeper understanding of this feature, you can refer to the documentation.
Custom NFSv4.1 ID domain in Azure NetApp Files (preview)
Azure NetApp Files now supports custom NFSv4.1 ID domains in public preview. This feature allows users to customize the NFSv4.1 ID domain for their volume, ensuring a seamless migration of NFSv4.1 workloads to Azure NetApp Files. This enhancement provides flexibility and aids in the migration of workloads without the need to modify the client configuration.
Azure NetApp Files Cloud Backup for Virtual Machines (preview)
Azure NetApp Files introduces Cloud Backup for Virtual Machines in public preview. This feature provides an integrated, native backup solution for Azure Virtual Machines, ensuring data protection and business continuity. With Cloud Backup for Virtual Machines, you can now create VM consistent snapshot backups of VMs on Azure NetApp Files datastores. The associated virtual appliance installs in the Azure VMware Solution cluster and provides policy based automated and consistent backup of VMs integrated with Azure NetApp Files snapshot technology for fast backups and restores of VMs, groups of VMs (organized in resource groups) or complete datastores lowering RTO, RPO, and improving total cost of ownership.
Azure Elastic SAN Updates: Private Endpoints & Shared Volumes (preview)
As Azure approaches the general availability of Azure Elastic SAN, they have been continuously enhancing the service and introducing new features based on feedback from Azure customers. Recently, they have released support for private endpoints and volume sharing via SCSI (Small Computer System Interface) Persistent Reservation.
With the introduction of private endpoint support, users can now access Elastic SAN volumes either through private endpoints or via public endpoints that are restricted to specific virtual network subnets. This update is crucial for those who need the added layer of security that private endpoints provide. Additionally, the shared volume support allows users to connect and utilize an Elastic SAN volume from multiple compute clients, such as virtual machines. This is done while using SCSI reservation commands to select from various supported access modes to read or write to the volume. Furthermore, persistent reservations are supported, ensuring uninterrupted access to data even across reboots.
For a deeper understanding and more details on these features, you can read the blog and refer to the documentation about Azure Elastic SAN.