This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite 2021 conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.

Azure

Compute

Microsoft adding datacenter region in China

To meet growing customer demand in China, Microsoft will establish a new datacenter region in northern China. The new region will enable more customers to innovate and collaborate with the Microsoft Cloud, including Microsoft Azure, Office 365, Dynamics 365 and Power BI.

Azure Resource Mover now generally available

Azure Resource Mover, which provides portability between Azure regions is now generally available. Azure Resource Mover allows new customers to create applications in existing regions and migrate them upon new region launch or move into regions with availability zones (AZs) if not planned for their region. Azure Resource Mover moves multiple resources among Azure regions and performs dependency analysis for the workloads to ensure a successful move.

On-demand capacity reservations for Azure Virtual Machines will be
available (preview in April)

On-demand capacity reservations for Azure Virtual Machines enable customers to access virtual machines (VMs) in advance with service-level agreement (SLA) guarantees. This is particularly important to organizations that want to ensure high levels of availability when running business-critical applications on Azure.

Azure Virtual Machine Scale Sets flexible orchestration mode (preview).

Azure Virtual Machine Scale Sets help customers simplify the deployment, management and scalability of their applications while increasing high availability. Customers may now change VM sizes without redeploying their scale set, resulting in greater operational agility. Customers will also be able to mix Spot Virtual Machines and pay-as-yougo VMs within the same scale set to optimize costs.

New Mv2 Azure Virtual Machines for memory intensive workloads (preview)

These offerings expand the range of workloads that customers can run in Azure while addressing specific organizational compliance requirements and can give a 20% increase in CPU performance. Customers will be able to deploy the same VMs to Azure Dedicated Hosts.

Automatic VM guest patching for Linux VMs (preview)

Automatic VM guest patching for virtual machines helps ease update management by safely and automatically patching virtual machines to maintain security compliance. With automatic VM guest patching enabled, the VM is assessed periodically to determine the applicable patches for that VM. Updates classified as ‘Security’ or ‘Critical’ are automatically downloaded and applied on the VM during off-peak hours. Patch orchestration is managed by Azure and patches are applied following availability-first principles.

Improve Azure Spot Virtual Machines runtime and simulate evictions with new features (preview)

With Azure Spot Virtual Machines (Spot VMs), IT organizations can acquire scalable compute capacity at deep discounts for interruptible workloads. New ‘try & restore’ capabilities can now improve the overall runtime of workloads running on Spot virtual machines if they get evicted due to capacity constraints. This new capability applies when a Spot VM is part of a virtual machine scale set. Customers can also use recently added REST APIs to simulate evictions and test the behavior of their workload making sure it can tolerate interruptions when deployed on Spot VMs.

Azure trusted launch for Virtual Machines (preview)

Azure trusted launch protects your virtual machines against boot kits, rootkits, and kernel-level malware.  Trusted launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and drivers. By leveraging secure and measured boot, administrators gain insights and confidence of the entire boot chain’s integrity. With virtual Trusted Platform Module (vTPM), administrators can securely protect keys, certificates, and secrets in the virtual machines. In addition, administrators can monitor and attest to the integrity of virtual machines as well as reacting to any changes to the attestation policy baseline. Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by trusted launch. These new features are easily enabled, trusted launch is switched on with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.

Storage

New Azure Disk Storage capabilities for running mission-critical applications (preview)

Several Azure Disk Storage product enhancements for running mission-critical
applications on Azure are now available in preview, including:

• Azure Premium SSD and Standard SSD, which offer zone-redundant
  storage (ZRS) support to protect data in the event of a zone failure, a
  key feature to provide customers with high availability for mission-critical
  workloads. Disks with ZRS also provide a recovery point objective (RPO)
  of zero that minimizes data loss and helps ensure successful data recovery.
• Performance tiers on Azure Premium SSD, which provide sustained
  higher performance for a planned event like a seasonal sales promotion,
  giving customers the flexibility to scale performance without increasing
  the disk size by selecting a higher performance tier. Customers can now
  upgrade performance tiers on Premium SSDs without any downtime to
  avoid disruption to their workloads.
• Auto-key rotation of customer-managed keys, which gives customers
  the option to automatically update all their disks, snapshots and
  images using the same encryption key when a new version of a key is
  generated. Customers no longer need to manually update all their Azure
  resources and can ensure that their data is always secured with the
  latest key versions and that they meet their organization’s security and
  compliance requirements.

Operational backup for Azure Blobs (preview)

Operational backup for Azure Blobs is a managed, local data protection solution that lets you protect your block blobs from various data loss scenarios like blob corruptions, blob deletions, and accidental storage account deletion. The data is stored locally within the source storage account itself and can be restored to a selected point in time whenever needed. So this provides a simple, secure, and cost-effective means to protect your blobs. Operational backup for blobs uses capabilities available from the blob service, like blob point-in-time restore, blob versioning, blob soft delete, and blob change feed, to restore all or a subset of blobs in a storage account. The solution integrates with Backup Center and other Backup management capabilities to provide a single pane of glass that can help you govern, monitor, operate, and analyze backups at scale.

Networking

Azure load balancing options

Azure load balancing options include a guided experience to help customers choose
the load balancing options that match their architectural and application requirements. Azure Load Balancer, now generally available, supports load balancing across IP addresses in the backend pool. Previously, network interfaces associated with virtual machines (VMs) could be added only in the backend of a Load Balancer. This feature enables flexibility to load balance across containers in addition to VMs and VM scale sets associated with their load balancer.

Azure Public IP SKU upgrade and load balancer upgrade

Azure Public IP SKU allows customers to upgrade and retain the same IPs without
management overhead or notices to their end customers and now supports the ability to upgrade from Basic to Standard SKU. In addition, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address. This is supported via PowerShell, command line interface (CLI) templates and API, and is available across all Azure regions.

Azure Networking routing preference

Azure Networking routing preference is now generally available and lets Azure customers choose how their traffic is routed between Azure and the internet. Azure customers can choose to optimize for performance (Microsoft network) or cost (ISP network/open internet). These options are also referred to as “cold potato routing” and “hot potato routing,” respectively. Egress data transfer price varies based on the routing
selection. This update will give customers more flexibility to optimize their underlying routing network for performance or cost on a per workload basis. 

Azure Route Server (preview)

Azure Route Server facilitates dynamic routing between network virtual appliance (NVA) and virtual networks. By establishing the Border Gateway Protocol (BGP) peering between an NVA and Azure Router Server, customers can inject IP addresses
(i.e., routes) from their NVA to their virtual network and let the NVA learn
what IP addresses their virtual network has. Azure Route Server is a fully
managed service with built-in high availability.

ExpressRoute IPv6 Support

To be released to preview later this month, will support both IPv4- and IPv6-based private peering in availability zones (AZs). IPv6 will enable key internet of things (IoT) scenarios. It will simplify enterprises’ migration or expansion to Azure even as they run
out of IPv4 addresses in their on-premises network.

New ExpressRoute Gateway metrics (preview)

ExpressRoute Gateway metrics enable users to monitor the count of routes learned, count of routes advertised, number of virtual machines (VMs) in the virtual network and frequency of routes changed for their ExpressRoute gateways, and set up alerts to manage capacity accordingly.

New ExpressRoute Portal Experience

It allows users to have a more complete peering and Global Reach configuration experience in Azure Portal.

Azure Virtual WAN now offers integration with VMware SD-WAN (preview)

This allows customers to connect all branch offices and remote locations to Azure through VMWare SD-WAN. Users can now manage last-mile connectivity and dynamic path optimization through VMWare SD-WAN and leverage global connectivity, routing intelligence and security through Azure Virtual WAN, benefiting from a complete Secure
Access Service Edge (SASE) solution.

Virtual WAN Remote User VPN Features

Virtual WAN Remote User VPN Features enable 100,000 remote users to connect to a Virtual WAN hub in a region (increased from the previous 10,000 limit). It will allow remote users to authenticate using any combination of Certificates, Azure Active Directory and Radius Servers. It also offers custom IPsec parameters for remote user VPN. Finally, it will connect multiple Radius servers to a single Virtual WAN Hub for Remote User authentication.

Scalable Bastion Gateway (preview)

Scalable Bastion Gateway will be released in preview later this month. Scalable Bastion Gateway will allow users to increase the size of Bastion gateway to support as many as 500 concurrent sessions and decrease the gateway size when the usage demand goes down. Bastion will support native Azure Active Directory (Azure AD) authentication integration for Linux VMs deployed on Azure.

Advanced VPN diagnostic features

Advanced VPN diagnostic features, including Packet Capture, the BGP Dashboard and VPN Connection features, will be released in preview this month. Packet Capture helps customers troubleshoot their connectivity issues and inspect the traffic flowing through their VPN gateways. The BGP Dashboard provides an all-up view for customers to see their route exchange between Azure and their on-premises networks. VPN Connection features (Reset, Show SA, Modes) allow customers to have fine-grained control and visibility to their VPN tunnels for monitoring, troubleshooting and management.

Application Gateway Ingress Controller (AGIC) 

The Application Gateway Ingress Controller (AGIC) is now generally available as an add-on in Azure Kubernetes Service (AKS). You can now easily create or attach an existing Application Gateway instance to their AKS clusters. You can use the standard Kubernetes ingress API to define your routing rules, then have those rules be  implemented by the managed Application Gateway service. The Azure Application Gateway is a scalable, reliable, and secure L7 load balancer. By using Application Gateway as the entry point to the AKS applications, you don’t have to self-manage third party networking tools.

Multiple new features for Azure VPN Gateway (preview)

The following new features for Azure VPN Gateway are in public preview:

• Multiple authentication types for point-to-site VPN: you can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
• VPN connection management: with new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resetting the whole gateway. You can also set the IKE mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.

Azure Stack

Event Hubs on Azure Stack Hub

Event Hubs is a reliable and scalable event streaming engine that backs thousands of applications across every kind of industry in Microsoft Azure. Microsoft is now announcing the general availability of Event Hubs on Azure Stack Hub for disconnected scenarios.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Automatic Azure VM extension upgrade capabilities (preview)

Azure virtual machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade Azure VM extensions is now available in public preview for Azure virtual machines and virtual machine scale sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.

Azure Image Builder Service now generally available

Azure Image Builder service offers unification and simplification for your image building process across Azure and Azure Stack with an automated image building pipeline. Whether you want to build Windows or Linux virtual machine images, you can use existing image security configurations to build compliant images for your organization and patch existing custom images using Linux commands or Windows Update. Azure Image Builder supports images from multiple Linux distributions, Azure Marketplace, and Windows Virtual Desktop environments and you can build images for specialized VM sizes, such as creating images for GPU VMs.

New datacenter region in Indonesia

Microsoft announced plans to establish its first datacenter region in Indonesia to deliver trusted Azure services locally, with world-class data security, privacy, and the ability to store data in the country. In addition, Microsoft announced plans to skill an additional 3 million Indonesians to empower a total of 24 million Indonesians by the end of 2021 through its long-established skilling programs designed to help create inclusive economic opportunities in the digital era.

Storage

Azure NetApp Files: Volume hard quota change

From the beginning Azure NetApp Files has been using a ‘capacity pool’ provisioning and automatic growth mechanism. Azure NetApp Files volumes are thinly provisioned on an underlaying, customer-provisioned ‘capacity pool’ of a selected tier and size. Volume sizes (‘quotas’) are used to provide performance and capacity, and these ‘quotas’ can be adjusted on-the-fly at any time. This behavior means that, currently, the volume quota is a performance lever used to control bandwidth to the volume. Currently, underlaying capacity pools automatically grow when capacity fills up. The Azure NetApp Files behavior of volume and capacity pool provisioning will change to a manual and controllable mechanism. Starting March 15th, 2021, volume sizes (quota) will manage bandwidth performance, as well as provisioned capacity, and underlying capacity pools will no longer grow automatically. 

Networking

Azure Firewall Premium (preview)

With the new Azure Firewall Premium now in public preview, you can now perform the following new capabilities:

1. Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
2. Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
3. Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
4. URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in congestion with web categories.

Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager. Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, web categories and more. Firewall Rules (Classic) continues to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall manager. Firewall policy associated with a single firewall has no charge.

Azure Front Door: Standard and Premium now in public preview

Microsoft is introducing the preview of two new SKUs to the Azure Front Door family, which combines capabilities of: Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) into a single secure cloud CDN platform with intelligent threat protection and a simple to understand pricing model.

• Azure Front Door standard SKU is content delivery optimized, offering both static and dynamic content acceleration, global load balancing, SSL offload, domain and certificate management, enhanced traffic analytics, and basic security capabilities.
• Azure Front Door premium SKU builds on capabilities of the standard SKU, and adds extensive security capabilities across WAF, BOT protection, Azure Private Link support, integration with Microsoft Threat Intelligence, and security analytics. 

Azure Front Door Standard/Premium (Preview) is a secure cloud CDN service that cyber security teams can use to accelerate content delivery while protecting apps, APIs, and websites from cyberthreats. It combines intelligent threat protection and modern CDN technology in a tightly integrated service. Your users get friction-free access to internal apps, and APIs and websites are delivered fast at a global scale. And best of all, implementing Azure Front Door Standard/Premium (Preview) across your internal and external digital assets is quick, easy and cost effective with a simplified billing model.

Web Application Firewall Integration with Azure Front Door Standard and Premium SKU

Azure Web Application Firewall is now integrated into Azure Front Door Standard and Premium SKU (Preview). Azure Front Door Standard supports custom WAF rules only, and the Premium SKU supports custom WAF rules, managed ruleset, and Bot manager.

Azure Front Door: Web Application Firewall ruleset refresh

Azure Web Application Firewall with Azure Front Door has a new version of managed ruleset available: Microsoft_DefaultRuleSet_1.1. Powered by Microsoft Threat Intelligence, Microsoft_DefaultRuleSet_1.1 adds new rules for broader coverage and modifications for some existing rules to reduce false positives.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure achieves new certifications

Microsoft Azure has achieved this new certifications:

• Its first PCI 3-D Secure (PCI 3DS) certification
• It has increased the scope of its HITRUST CSF certification to include 172 Azure offerings across 49 Azure regions. Azure’s HITRUST certification letters are available on the Service Trust Portal and include the full list of HITRUST CSF certified Azure offerings and regions.

New planned datacenter region in Georgia (East US 3)

The new datacenter region will have a presence in Douglas and Fulton counties, in response to growing customer demand, supporting the creation of new jobs and local business growth. Availability Zones in the new East US 3 region will provide customers with high availability and additional tolerance to datacenter failures.

Storage

Soft delete for Azure file shares is now on by default for new storage accounts

Soft delete for Azure file shares is now enabled by default and this change will apply to all new storage accounts. Soft delete protects your Azure file shares from accidental deletion. Soft delete acts like a recycle bin for Azure file shares, meaning that deleted shares remain recoverable for their entire retention period (7 days by default for storage accounts created after January 31^st).  You will be charged for soft deleted data on the snapshot meter. If you have automated the creation of new storage accounts and the creation/deletion of new file shares within them, you must modify your scripts to explicitly disable soft delete after the creation of a new storage account. Soft delete will remain disabled by default for existing storage accounts.

Azure File Sync agent v11.2 

The Azure File Sync agent v11.2 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

• If a sync session is cancelled due to a high number of per-item errors, sync may go through reconciliation when a new session starts if the Azure File Sync service determines a custom sync session is needed to correct the per-item errors.
• Registering a server using the Register-AzStorageSyncServer cmdlet may fail with “Unhandled Exception” error.
• New PowerShell cmdlet (Add-StorageSyncAllowedServerEndpointPath) to configure allowed server endpoints paths on a server. This cmdlet is useful for scenarios in which the Azure File Sync deployment is managed by a Cloud Solution Provider (CSP) or Service Provider and the customer wants to configure allowed server endpoints paths on a server. When creating a server endpoint, if the path specified is not in the allow list, the server endpoint creation will fail. Note, this is an optional feature and all supported paths are allowed by default when creating a server endpoint. To learn more, see the release notes.

How to obtain and install this update:

• To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this update rollup:

• This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
• The agent version of this update rollup is 11.2.0.0.
• A restart may be required if files are in use during the installation.
• Installation instructions are documented in KB4539952.

Append blob support for Azure Data Lake Storage (limited public preview)

Append blobs allow users to append data to the end of a blob or file quickly and existing content does not need to be modified.  This makes append blobs great for applications such as logging that need to add information to existing files efficiently and continuously.  Until now, only block blobs were supported in Azure Data Lake Storage accounts. With this preview, applications can use create append blobs in these accounts also and write to them using Append Block operations.

Ingest up to 10 files and blobs with the new Azure Data Explorer intuitive UX

You can now easily ingest blobs or files into Azure Data Explorer with the new ingestion intuitive wizard. This ingestion wizard also allows you to create a table automatically based on the source structure.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New Azure Cloud Services deployment model (preview)

Both deployment models are now available in Azure Cloud Services:

• Azure Cloud Services (extended support), in public preview, is a new Azure Resource Manager–based deployment model for Azure Cloud Services. As an existing user of Azure Cloud Services, with Azure Cloud Services (extended support) you can now increase regional resiliency while gaining access to new capabilities such as role-based access control (RBAC), tags, policy, and support for deployment templates.
• The Azure Service Manager–based deployment model is now named Azure Cloud Services (classic). You can keep using the existing Azure Cloud Services (classic) deployment model for your Azure Service Manager–based applications.

Availability Zones in new regions

Availability Zones give users additional options for high availability for their most demanding applications and services as well as confidence and protection from potential hardware and software failures by providing three or more unique physical locations within an Azure region. Availability Zones are now generally available in South Central US and in Germany West Central. Availability Zones in this regions are made up of 3 unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.

Linux Diagnostics Agent 4.0 (preview)

The Linux Diagnostic Extension (LAD) 4.0 is now available in public preview. This release contains,

• Azure Monitor Metric Sink enabled by default
• Support for Ubuntu 20.04
• Removal of OMI for a modified version of Telegraf
• Bug and stability improvements
• Performance improvements
•  

Since this is a major version upgrade this update will not be automatically applied. You will need to update manually.

Storage

Copy Blob support over private endpoints 

Azure Storage now enables you to copy data between storage accounts where one or both the accounts are protected using private endpoints. This includes support for Copy Blob or utilities such as such as AzCopy over Private Endpoints. The feature also enables copying of data between storage accounts, where one account uses a private endpoint and another uses a service endpoint. Azure Storage validates that the client has access to both the source and the destination storage accounts before allowing the data to be copied.

Resource instance rules for access to Azure Storage (preview)

Some Azure resources cannot be isolated through a virtual network or an IP address rule. However, you’d still like to secure and restrict access to your storage account to only your application’s Azure resources. You can now configure your storage accounts to allow access to only specific resource instances of select Azure services by creating a resource instance rule. Resource instances must be in the same tenant as your storage account, but they may belong any resource group or subscription in the tenant. Resource instance rules for access to Azure Storage are now in public preview in all Azure public regions. 

Prevent Shared Key authorization on Azure Storage accounts (preview)

Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key. Microsoft is announcing the public preview of the ability to disable Shared Key authorization for Azure Storage. Before you disable Shared Key authorization on existing storage accounts, Microsoft suggests checking existing access patterns via monitoring.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New datacenter region in Chile

Microsoft has announced plans for a new datacenter region in Chile, as part of a “Transforma Chile” initiative. A skilling program as well as an Advisory Board are also part of the initiative, targeted at reaching 180,00 Chileans.

NCas_T4_v3-Series VMs are now generally available

NCas_T4_v3Virtual Machines feature 4 NVIDIA T4 GPUs with 16 GB of memory each, up to 64 non-multithreaded AMD EPYC 7V12 (Rome) processor cores, and 448 GiB of system memory. These virtual machines are ideal to run ML and AI workloads utilizing Cuda, TensorFlow, Pytorch, Caffe, and other frameworks or the graphics workloads using NVIDIA GRID technology. NCas_T4_v3 VMs are now generally available in West US2, West Europe, and Korea Central regions.

Networking

Public IP SKU upgrade

Azure public IP addresses now support the ability to be upgraded from Basic to Standard SKU.  Additionally, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address.  This is supported via PowerShell, CLI, templates, and API and available across all Azure regions.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In the last week of the year, there was little news, thanks to the holiday period. This series of blog posts will continue into 2021. I take this opportunity to wish you a Happy New Year!

Azure

Azure NetApp Files: Application Consistent Snapshot tool (preview)

Azure Application Consistent Snapshot tool (AzAcSnap) is in public preview. It is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL).

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution: now available in UK South and Japan East Azure regions

The new Azure VMware Solution empowers customers to seamlessly extend or migrate their existing on-premises VMware applications to Azure without the cost, effort or risk of re-architecting applications or retooling operations. General Availability of the new Azure VMware Solution was announced at Microsoft Ignite, Sept 2020, with initial availability in US East, US West, West Europe and Australia. Microsoft has now expanded availability to two more Azure regions Japan East and UK South. For updates on more upcoming region availability please visit the product by region page here.

HBv2-series VMs for HPC now available in the UAE North region

HBv2 VMs are now Generally Available in the Azure UAE North region.

Storage

Azure File Sync agent v11.1

Azure File Sync agent v11.1 is now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

• New cloud tiering modes to control initial download and proactive recall
  • Initial download mode: you can now choose how you want your files to be initially downloaded onto your new server endpoint. Want all your files tiered or as many files as possible downloaded onto your server by last modified timestamp? You can do that! Can’t use cloud tiering? You can now opt to avoid tiered files on your system. To learn more, see Create a server endpoint section in the Deploy Azure File Sync documentation.
  • Proactive recall mode: whenever a file is created or modified, you can proactively recall it to servers that you specify within the same sync group. This makes the file readily available for consumption in each server you specified. Have teams across the globe working on the same data? Enable proactive recalling so that when the team arrives the next morning, all the files updated by a team in a different time zone are downloaded and ready to go! To learn more, see Proactively recall new and changed files from an Azure file share section in the Deploy Azure File Sync documentation.
• Exclude applications from cloud tiering last access time tracking
  • You can now exclude applications from last access time tracking. When an application accesses a file, the last access time for the file is updated in the cloud tiering database. Applications that scan the file system like anti-virus cause all files to have the same last access time which impacts when files are tiered. For more details, see the release notes.
• Miscellaneous performance and reliability improvements
  • Improved change detection performance to detect files that have changed in the Azure file share.
  • Improved sync upload performance.
  • Initial upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
  • Sync reliability improvements for certain I/O patterns.
  • Fixed a bug to prevent the sync database from going back-in-time on failover clusters when a failover occurs.
  • Improved recall performance when accessing a tiered file.

More information about this release:

• This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
• The agent version for this release is 11.1.0.0.
• A restart may be required if files are in use during the agent installation.
• Installation instructions are documented in KB4539951.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Dedicated Host: automatic VM placement and Azure Virtual Machine Scale Sets available

You can simplify the deployment and increase the scalability of your Azure Dedicated Hosts environments with two new features now generally available:

• You can accelerate the deployment of Azure VMs in Dedicated Hosts by letting the platform select the host group to which the VM will be deployed.
• You can also use Virtual Machine Scale Sets in conjunction with Dedicated Hosts. This new capability allows IT organizations to use scale sets across multiple dedicated hosts part of a dedicated hosts group. 

New datacenter region in Denmark

Microsoft has announced the most significant investment in its 30-year history in Denmark, introducing Denmark as the location for its next sustainable datacenter region and a comprehensive skilling commitment for an estimated 200,000 Danes by 2024. Powered by 100 percent renewable energy, the datacenter region will provide Danish customers of all sizes faster access to the Microsoft Cloud, world-class security and the ability to store data at rest in the country.

HBv2-series VMs for HPC are now available in UAE North

HBv2 VMs for supercomputing lass HPC are now generally available in the Azure UAE North region.

Storage

Azure Storage blob inventory (preview)

A lot of valuable data is stored in Azure Blob Storage. Customers frequently want to have an overview of their data for business and compliance reasons. The Azure Storage blob inventory feature provides an overview of your blob data within a storage account. Use the inventory report to understand your total data size, age, encryption status, and so on. Enable blob inventory reports by adding a policy to your storage account. Add, edit, or remove a policy by using the Azure portal. Once enabled, an inventory report is automatically created daily.

Azure Storage account recovery available via portal

Azure Storage uses a storage account to contain all of your Azure Storage data including: blobs, files,  tables, queues, and disks.  Accidentally deleting a storage account deletes all data in the account and previously could not be recovered. Microsoft is announcing that storage account recovery is available with some restrictions and this functionality is available via the Azure Portal. 

 For a storage account to be recoverable: 

• A new storage account with the same name has not been recreated since deletion 
• The storage account was deleted in the last 14 days 
• It is not a classic storage account 
•  Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in the following regions: Australia East, Korea Central, and South Central US. In addition, the NFS 3.0 preview is expanded to support block blob with premium performance tier in all available regions.  

Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts

Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in the following regions: Australia East, Korea Central, and South Central US. In addition, the NFS 3.0 preview is expanded to support block blob with premium performance tier in all available regions.

Azure Stack

Azure Stack Edge

Virtual Machine Support (public preview)

Azure Stack Edge hosts Azure virtual machines so you can run your VM based IoT, AI, and business applications on an Azure appliance at your location. The system includes deployment and management from the Azure portal, meaning you use the Azure Portal to deploy a VM Image and a VM to your Edge device at your location. Because Azure Stack Edge supports Azure VMs, you can build and test your VM image in Azure before deploying straight to the edge. For local control, ARM compatible APIs and templates can deploy and manage VMs, even when the device is disconnected from Azure.

Kubernetes system is available

Azure Stack Edge includes a managed Kubernetes environment so you can deploy your containerized apps to the edge using this industry standard technology. Just click a button in the Azure Portal and Azure Stack Edge will create a Kubernetes cluster and keep it running for you. Then deploy your Kubernetes apps from the cloud via IoT Edge or Arc enabled Kubernetes. Or use native kubectl tools for local deployment. This makes it simple to have an on-premises Kubernetes environment for your AI, IoT, and modern business applications.

Azure Stack HCI

The new Azure Stack HCI is now generally available

Azure Stack HCI is the new subscription service for hyperconverged infrastructure from Microsoft Azure. Azure Stack HCI brings together the familiarity and flexibility of on-premises virtualization with powerful new hybrid capabilities. With Azure Stack HCI, you can run virtual machines, containers, and select Azure services on-premises with management, billing, and support through the Azure cloud.

Azure Stack Hub

Event hubs is available

Event Hubs is a reliable and scalable event streaming engine that backs thousands of applications across every kind of industry in Microsoft Azure. Microsoft is announcing the general availability of Event Hubs on Azure Stack Hub. Event Event Hubs on Azure Stack Hub will allow you to realize cloud and on-premises scenarios that use streaming architectures.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Hybrid Benefit for Linux

Azure Hybrid Benefit functionality is available for Linux customers, allowing you to bring both your on-premises Windows Server and SQL Server licenses, as well as Red Hat Enterprise Linux (RHEL) or SUSE Linux Enterprise Server (SLES) subscriptions to Azure.

Microsoft to establish its first datacenter region in Sweden

Microsoft’s newest datacenter region will be among the most sustainable to date, as Microsoft will be partnering with Vattenfall around their 24/7 matching solution, which will track renewable energy consumption in the upcoming Swedish datacenters. The Microsoft Cloud delivered from datacenters in Sweden will enable Swedish businesses to empower employees, engage customers, transform products, and optimize operations, all through connected experiences and supported by advanced data privacy and security. Upcoming plans also include a skilling initiative for up to 150,000 Swedes. Microsoft’s community investments in Sweden total more than $1.25 million (U.S.) in partnership with 13 organizations to advance STEM programs focused on youth, skilling and culture. The new region will also deliver Availability Zones.

Storage

SMB Multichannel available on Azure Files premium tier (preview)

SMB Multichannel enables an SMB 3.x client to establish multiple network connections to a premium file share, and hence, increasing client’s performance up to 3x in terms of IOPS and throughput. Workloads running on the premium file shares can now achieve the required scale from a single virtual machine (VM) or a smaller set of VMs, thereby reducing the total cost of ownership.

Performance tiers for Premium SSDs

To sustain high performance demands for a specific duration, such as running a training environment during daytime, performance testing, or an event like Black Friday, you can now set the performance tier of your Premium SSDs without increasing the capacity of the disk. This provides the flexibility to achieve higher performance while also controlling costs. To start with, a baseline performance tier is set based on the provisioned disk size. However, when your application has higher performance demands, you can choose a higher performance tier. Once the period of high demand is complete, your provisioned disk can return to the initial baseline performance tier. For example, if you initially provision a P10 disk (128GB), your baseline performance tier is set as P10 (500 IOPS and 100MB/s). Later, you can update the tier to match the performance of P50 (7500 IOPS and 250MBs) and return to P10 when higher performance is no longer needed.

More IOPS at no additional cost for Azure Files premium tier

Effective immediately, all premium shares get an input/output per second (IOPS) uplift for free. All shares get an additional 400 baseline IOPS, and even the smallest share of 100 GiB can now burst up to 4,000 IOPS. This change is particularly beneficial for workloads that do not have a high capacity requirement but need extra performance to accommodate spikes in traffic or sudden unpredictable loads, such as web applications, backup and restore operations, and batch jobs.

Earlier:

• Baseline IOPS = 1 * provisioned GiB. (Up to a max of 100,000 IOPS).
• Burst Limit = 3 * Baseline IOPS. (Up to a max of 100,000 IOPS).

With this change:

• Baseline IOPS = 400 + 1 * provisioned GiB. (Up to a max of 100,000 IOPS).
• Burst Limit = MAX (4,000, 3 * Baseline IOPS). (Up to a max of 100,000 IOPS).

The new IOPS limits are available in all Azure Files premium tier regions. This additional free IOPS offer coupled with our recent price reduction of 33% on Azure Files premium tier will significantly reduce the total cost of deployment.

Networking

VPN over ExpressRoute private peering

For customers such as those in financial and health industries, double encryption over both their private WANs and Azure WAN is a key compliance requirement. VPN over ExpressRoute private peering allows customers to use IPsec tunnels over their ExpressRoute private peering to satisfy this need. You can configure a Site-to-Site VPN to a virtual network gateway over an ExpressRoute private peering using an RFC 1918 IP address. This configuration provides the following benefits:

• Traffic over private peering is encrypted.

• Point-to-site users connecting to a virtual network gateway can use ExpressRoute (via the Site-to-Site tunnel) to access on-premises resources.

New features for Azure VPN Gateway

 The following new features for Azure VPN Gateway as generally available:

• High availability for RADIUS servers in point-to-site VPN – This feature enables highly available configuration for customers using RADIUS/AD authentication for their point-to-site VPN.
• Custom IPsec/IKE policy with DPD timeout – Setting IKE DPD (Dead Peer Detection) timeout allows customers to adjust the IKE session timeout value based on their connection latency and traffic conditions to minimize unnecessary tunnel disconnect, improving both reliability and experience. This feature brings the entire custom IPsec/IKE policy configuration experience to Azure Portal.
• APIPA support for BGP speaker – This feature supports customers with legacy VPN routers and Amazon Web Service (AWS) VGW, Google Cloud Platform (GCP) VPN which use Automatic Private IP Addressing (APIPA) addresses as their Border Gateway Protocol (BGP) speaker IP addresses. Now they can establish BGP sessions with Azure VPN gateways using APIPA (169.254.x.x) addresses.
• FQDN support for site-to-site VPN – This feature supports customer branches or locations without static public IP addresses to connect to Azure VPN gateways. Customers can now leverage dynamic DNS services and use their Fully Qualified Domain Name (FQDN) instead of IP addresses. Azure VPN gateways will automatically resolve and update the VPN target to establish IPsec/IKE connections.
• Session management and revocation for point-to-site VPN users – Enterprise administrators can now list and revoke individual user connections to their VPN gateways from Azure Portal in real time, addressing a key management asks.

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New SAP HANA Certified Memory-Optimized Virtual Machines

Microsoft is expanding SAP HANA certifications, enabling you to run production SAP HANA workloads on the Edsv4 virtual machines sizes.

Storage

Azure File Sync agent v11.1 

Improvements and issues that are fixed:

• New cloud tiering modes to control initial download and proactive recall
  • Initial download mode: you can now choose how you want your files to be initially downloaded onto your new server endpoint. Want all your files tiered or as many files as possible downloaded onto your server by last modified timestamp? You can do that! Can’t use cloud tiering? You can now opt to avoid tiered files on your system. To learn more, see Create a server endpoint section in the Deploy Azure File Sync documentation.
  • Proactive recall mode: whenever a file is created or modified, you can proactively recall it to servers that you specify within the same sync group. This makes the file readily available for consumption in each server you specified. Have teams across the globe working on the same data? Enable proactive recalling so that when the team arrives the next morning, all the files updated by a team in a different time zone are downloaded and ready to go! To learn more, see Proactively recall new and changed files from an Azure file share section in the Deploy Azure File Sync documentation.
• Exclude applications from cloud tiering last access time tracking
  • You can now exclude applications from last access time tracking. When an application accesses a file, the last access time for the file is updated in the cloud tiering database. Applications that scan the file system like anti-virus cause all files to have the same last access time which impacts when files are tiered. For more details, see the release notes.
• Miscellaneous performance and reliability improvements
  • Improved change detection performance to detect files that have changed in the Azure file share.
  • Improved sync upload performance.
  • Initial upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
  • Sync reliability improvements for certain I/O patterns.
  • Fixed a bug to prevent the sync database from going back-in-time on failover clusters when a failover occurs.
  • Improved recall performance when accessing a tiered file.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

The agent version for this release is 11.1.0.0 and a restart may be required if files are in use during the agent installation. Installation instructions are documented in KB4539951.

Networking

New Azure Firewall capabilities

This new Azure Firewall capabilities will be generally available in Q4 CY2020:

• Custom DNS: Allows you to configure Azure Firewall to use your own DNS server.
• DNS Proxy capability: You can enable your Azure Firewall to act as a proxy for your DNS traffic. This is crucial for reliable FQDN filtering in network rules and provides DNS security through integration.
• FQDN filtering in network rules: You can use this based on DNS resolution from Custom DNS or Azure DNS. This capability is recommended for protocols that are not supported with FQDN filtering in application rules today.

You can learn more about DNS Settings in this document.