This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite 2021 conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.
Azure
Compute
Microsoft adding datacenter region in China
To meet growing customer demand in China, Microsoft will establish a new datacenter region in northern China. The new region will enable more customers to innovate and collaborate with the Microsoft Cloud, including Microsoft Azure, Office 365, Dynamics 365 and Power BI.
Azure Resource Mover now generally available
Azure Resource Mover, which provides portability between Azure regions is now generally available. Azure Resource Mover allows new customers to create applications in existing regions and migrate them upon new region launch or move into regions with availability zones (AZs) if not planned for their region. Azure Resource Mover moves multiple resources among Azure regions and performs dependency analysis for the workloads to ensure a successful move.
On-demand capacity reservations for Azure Virtual Machines will be
available (preview in April)
On-demand capacity reservations for Azure Virtual Machines enable customers to access virtual machines (VMs) in advance with service-level agreement (SLA) guarantees. This is particularly important to organizations that want to ensure high levels of availability when running business-critical applications on Azure.
Azure Virtual Machine Scale Sets flexible orchestration mode (preview).
Azure Virtual Machine Scale Sets help customers simplify the deployment, management and scalability of their applications while increasing high availability. Customers may now change VM sizes without redeploying their scale set, resulting in greater operational agility. Customers will also be able to mix Spot Virtual Machines and pay-as-yougo VMs within the same scale set to optimize costs.
New Mv2 Azure Virtual Machines for memory intensive workloads (preview)
These offerings expand the range of workloads that customers can run in Azure while addressing specific organizational compliance requirements and can give a 20% increase in CPU performance. Customers will be able to deploy the same VMs to Azure Dedicated Hosts.
Automatic VM guest patching for Linux VMs (preview)
Automatic VM guest patching for virtual machines helps ease update management by safely and automatically patching virtual machines to maintain security compliance. With automatic VM guest patching enabled, the VM is assessed periodically to determine the applicable patches for that VM. Updates classified as ‘Security’ or ‘Critical’ are automatically downloaded and applied on the VM during off-peak hours. Patch orchestration is managed by Azure and patches are applied following availability-first principles.
Improve Azure Spot Virtual Machines runtime and simulate evictions with new features (preview)
With Azure Spot Virtual Machines (Spot VMs), IT organizations can acquire scalable compute capacity at deep discounts for interruptible workloads. New ‘try & restore’ capabilities can now improve the overall runtime of workloads running on Spot virtual machines if they get evicted due to capacity constraints. This new capability applies when a Spot VM is part of a virtual machine scale set. Customers can also use recently added REST APIs to simulate evictions and test the behavior of their workload making sure it can tolerate interruptions when deployed on Spot VMs.
Azure trusted launch for Virtual Machines (preview)
Azure trusted launch protects your virtual machines against boot kits, rootkits, and kernel-level malware. Trusted launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and drivers. By leveraging secure and measured boot, administrators gain insights and confidence of the entire boot chain’s integrity. With virtual Trusted Platform Module (vTPM), administrators can securely protect keys, certificates, and secrets in the virtual machines. In addition, administrators can monitor and attest to the integrity of virtual machines as well as reacting to any changes to the attestation policy baseline. Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by trusted launch. These new features are easily enabled, trusted launch is switched on with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.
Storage
New Azure Disk Storage capabilities for running mission-critical applications (preview)
Several Azure Disk Storage product enhancements for running mission-critical
applications on Azure are now available in preview, including:
- Azure Premium SSD and Standard SSD, which offer zone-redundant
storage (ZRS) support to protect data in the event of a zone failure, a
key feature to provide customers with high availability for mission-critical
workloads. Disks with ZRS also provide a recovery point objective (RPO)
of zero that minimizes data loss and helps ensure successful data recovery.
- Performance tiers on Azure Premium SSD, which provide sustained
higher performance for a planned event like a seasonal sales promotion,
giving customers the flexibility to scale performance without increasing
the disk size by selecting a higher performance tier. Customers can now
upgrade performance tiers on Premium SSDs without any downtime to
avoid disruption to their workloads.
- Auto-key rotation of customer-managed keys, which gives customers
the option to automatically update all their disks, snapshots and
images using the same encryption key when a new version of a key is
generated. Customers no longer need to manually update all their Azure
resources and can ensure that their data is always secured with the
latest key versions and that they meet their organization’s security and
compliance requirements.
Operational backup for Azure Blobs (preview)
Operational backup for Azure Blobs is a managed, local data protection solution that lets you protect your block blobs from various data loss scenarios like blob corruptions, blob deletions, and accidental storage account deletion. The data is stored locally within the source storage account itself and can be restored to a selected point in time whenever needed. So this provides a simple, secure, and cost-effective means to protect your blobs. Operational backup for blobs uses capabilities available from the blob service, like blob point-in-time restore, blob versioning, blob soft delete, and blob change feed, to restore all or a subset of blobs in a storage account. The solution integrates with Backup Center and other Backup management capabilities to provide a single pane of glass that can help you govern, monitor, operate, and analyze backups at scale.
Networking
Azure load balancing options
Azure load balancing options include a guided experience to help customers choose
the load balancing options that match their architectural and application requirements. Azure Load Balancer, now generally available, supports load balancing across IP addresses in the backend pool. Previously, network interfaces associated with virtual machines (VMs) could be added only in the backend of a Load Balancer. This feature enables flexibility to load balance across containers in addition to VMs and VM scale sets associated with their load balancer.
Azure Public IP SKU upgrade and load balancer upgrade
Azure Public IP SKU allows customers to upgrade and retain the same IPs without
management overhead or notices to their end customers and now supports the ability to upgrade from Basic to Standard SKU. In addition, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address. This is supported via PowerShell, command line interface (CLI) templates and API, and is available across all Azure regions.
Azure Networking routing preference
Azure Networking routing preference is now generally available and lets Azure customers choose how their traffic is routed between Azure and the internet. Azure customers can choose to optimize for performance (Microsoft network) or cost (ISP network/open internet). These options are also referred to as “cold potato routing” and “hot potato routing,” respectively. Egress data transfer price varies based on the routing
selection. This update will give customers more flexibility to optimize their underlying routing network for performance or cost on a per workload basis.
Azure Route Server (preview)
Azure Route Server facilitates dynamic routing between network virtual appliance (NVA) and virtual networks. By establishing the Border Gateway Protocol (BGP) peering between an NVA and Azure Router Server, customers can inject IP addresses
(i.e., routes) from their NVA to their virtual network and let the NVA learn
what IP addresses their virtual network has. Azure Route Server is a fully
managed service with built-in high availability.
ExpressRoute IPv6 Support
To be released to preview later this month, will support both IPv4- and IPv6-based private peering in availability zones (AZs). IPv6 will enable key internet of things (IoT) scenarios. It will simplify enterprises’ migration or expansion to Azure even as they run
out of IPv4 addresses in their on-premises network.
New ExpressRoute Gateway metrics (preview)
ExpressRoute Gateway metrics enable users to monitor the count of routes learned, count of routes advertised, number of virtual machines (VMs) in the virtual network and frequency of routes changed for their ExpressRoute gateways, and set up alerts to manage capacity accordingly.
New ExpressRoute Portal Experience
It allows users to have a more complete peering and Global Reach configuration experience in Azure Portal.
Azure Virtual WAN now offers integration with VMware SD-WAN (preview)
This allows customers to connect all branch offices and remote locations to Azure through VMWare SD-WAN. Users can now manage last-mile connectivity and dynamic path optimization through VMWare SD-WAN and leverage global connectivity, routing intelligence and security through Azure Virtual WAN, benefiting from a complete Secure
Access Service Edge (SASE) solution.
Virtual WAN Remote User VPN Features
Virtual WAN Remote User VPN Features enable 100,000 remote users to connect to a Virtual WAN hub in a region (increased from the previous 10,000 limit). It will allow remote users to authenticate using any combination of Certificates, Azure Active Directory and Radius Servers. It also offers custom IPsec parameters for remote user VPN. Finally, it will connect multiple Radius servers to a single Virtual WAN Hub for Remote User authentication.
Scalable Bastion Gateway (preview)
Scalable Bastion Gateway will be released in preview later this month. Scalable Bastion Gateway will allow users to increase the size of Bastion gateway to support as many as 500 concurrent sessions and decrease the gateway size when the usage demand goes down. Bastion will support native Azure Active Directory (Azure AD) authentication integration for Linux VMs deployed on Azure.
Advanced VPN diagnostic features
Advanced VPN diagnostic features, including Packet Capture, the BGP Dashboard and VPN Connection features, will be released in preview this month. Packet Capture helps customers troubleshoot their connectivity issues and inspect the traffic flowing through their VPN gateways. The BGP Dashboard provides an all-up view for customers to see their route exchange between Azure and their on-premises networks. VPN Connection features (Reset, Show SA, Modes) allow customers to have fine-grained control and visibility to their VPN tunnels for monitoring, troubleshooting and management.
Application Gateway Ingress Controller (AGIC)
The Application Gateway Ingress Controller (AGIC) is now generally available as an add-on in Azure Kubernetes Service (AKS). You can now easily create or attach an existing Application Gateway instance to their AKS clusters. You can use the standard Kubernetes ingress API to define your routing rules, then have those rules be implemented by the managed Application Gateway service. The Azure Application Gateway is a scalable, reliable, and secure L7 load balancer. By using Application Gateway as the entry point to the AKS applications, you don’t have to self-manage third party networking tools.
Multiple new features for Azure VPN Gateway (preview)
The following new features for Azure VPN Gateway are in public preview:
- Multiple authentication types for point-to-site VPN: you can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
- VPN connection management: with new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resetting the whole gateway. You can also set the IKE mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.
Azure Stack
Event Hubs on Azure Stack Hub
Event Hubs is a reliable and scalable event streaming engine that backs thousands of applications across every kind of industry in Microsoft Azure. Microsoft is now announcing the general availability of Event Hubs on Azure Stack Hub for disconnected scenarios.