This special edition includes Microsoft’s most important announcements and major updates, regarding Azure infrastructure as a service (IaaS) and Azure Stack, which were officially announced this week at the Microsoft Ignite conference (October 2022). Microsoft announced a number of significant enhancements to its Azure infrastructure as a service (IaaS) portfolio, and Microsoft infrastructure services continue to evolve to improve the experience of running business-critical workloads in a hybrid environment.
Azure
Compute
Nutanix Cloud Clusters now generally available on Azure
Nutanix Cloud Clusters on Azure, now generally available, simplifies and accelerates the customer journey to the cloud. Nutanix customers can migrate or extend their workloads to Azure, without modification or retooling. With Nutanix Cloud Clusters on Azure, customers can leverage their existing Nutanix skills and tools, add Azure services such as security, identity and analytics and gain cost efficiencies with license portability that enables them to use their existing licenses for Azure deployment. And, to further support a hybrid model, customers can also seamlessly extend Azure data services to their on-premises Azure Arc-enabled Kubernetes clusters using the Nutanix platform.
New features for Azure VMWare Solution
Two new Azure VMware Solution features support higher availability and security for
customers’ mission critical workloads and include:
- 99.99% private cloud uptime: stretched clusters for Azure VMware Solution, now in preview, will provide 99.99% uptime for mission-critical apps that require the highest availability. In times of Availability Zone failure, customers’ virtual machines (VMs) and apps automatically failover to an unaffected Availability Zone with no app impact, which does not require IT support.
- Customer Managed Keys (CMK): now in preview, CMK will give customers maximum control over their encrypted vSAN data on Azure VMware Solution. With this feature, customers use Azure Key Vault to generate customer managed keys and to centralize and streamline the key management process
Azure savings plan for compute offers a new price offering
Microsoft is launching a new price offering, Azure savings plan for compute. This new offer, generally available later in October, will allow customers to save across select compute services globally by committing to spend a fixed hourly amount (for example, $5/hour) for one or three years. As customers use select compute services around the world, their usage is covered by the plan at reduced prices, helping them get more value from their cloud budget. During times when their usage is above their hourly commitment, users will simply be billed at the regular pay-as-you-go prices. With savings automatically applying across compute usage globally, they’ll continue saving even as their usage needs change over time. This plan lets customers increase the value of their cloud budget, retain financial control and optimize costs amid increasing cloud spends to help them do more with less.
New Azure Virtual Machine Scale Set and Spot Virtual Machines capabilities (preview)
A new Virtual Machine Scale Sets feature that enables Azure customers to include standard and Spot Virtual Machine types in the same virtual machine scale set is now in preview. This new capability is available with flexible orchestration mode and can help you achieve significant cost savings given the deep discount rates that Spot Virtual Machines usually provide. Virtual Machines Scale Sets flexible orchestration mode provides you with the ability to deploy highly available large-scale cloud infrastructure quickly, reliably, and easily. You can also set up policies that define the percentage allocation of standard versus Spot Virtual Machines. The number of standard VMs that need to be running at any given time, in addition to the percentage of Spot Virtual Machines, can also be defined.
Confidential VM option for SQL Server on Azure Virtual Machines
With the confidential VM option for SQL Server on Azure Virtual Machines, you can now run your SQL Server workloads on the latest AMD-backed confidential virtual machines. This ensures that both the data in use (the data processed inside the memory of the SQL Server) as well as the data at rest stored on your VM’s drives, are inaccessible to unauthorized users from the outside of the VM. This can be done without the need to change the code of your SQL Server applications or your database schemas, including stored procedures.
Storage
Next-gen Azure Premium SSD Disk Storage
The new Azure Premium SSD v2 Disk Storage is the most advanced general purpose block storage solution available, designed for performance-critical workloads like online transaction processing systems that consistently need sub-millisecond latency combined with high IOPS and throughput. Premium SSD v2 enables you to improve the price-performance of a broad range of enterprise production workloads that require sub-millisecond latency with high IOPS and throughput such as SQL Server, Oracle® DB, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. With Premium SSD v2, you can provision up to 64TiBs, 80,000 IOPS, and 1,200 MB/s throughput on a single disk. You can specify disk size ranging from 1 GiB up to 64 TiBs, in 1-GiB increments. You can provision separately disk size, IOPS, and throughput to match your workload requirements, resulting in greater flexibility when managing performance and costs. Furthermore, you can dynamically scale up or down the performance as needed without downtime, giving you the flexibility to manage disk performance cost-effectively.
Azure Elastic SAN (preview)
Azure Elastic SAN, now in preview, is a unique cloud-native and fully managed storage area network (SAN) service. Combining SAN-like capabilities with the benefits of being a cloud-native service, Azure Elastic SAN will offer a scalable, cost-effective, high-performance and reliable storage solution. It can connect to a variety of Azure compute services, enabling customers to seamlessly lift and shift their SAN workloads to the cloud without having to change their provisioning and management model.
These features include:
- Deploying, managing and hosting workloads on Azure with an end-to-end experience like on-premises SAN.
- Bulk provisioning of block storage that can achieve massive scale up to millions of IOPS, double-digit GB/s throughput and low single-digit millisecond latencies while serving a plethora of workloads in an organization.
- Simplifying volume management through grouping and policy enforcement with an on-premises SAN experience.
- Achieving higher resiliency and minimizing downtime with zone-redundant storage,
thus ensuring organizations high levels of availability when running business-critical
apps on Azure.
Networking
Azure DNS Private Resolver
Azure DNS Private Resolver is a cloud-native, highly available, and DevOps-friendly service. It provides a simple, zero- maintenance, reliable, and secure DNS service to resolve and conditionally forward DNS queries from a virtual network, on-premises, and to other target DNS servers without the need to create and manage a custom DNS solution. Resolve DNS names hosted in Azure Private DNS Zones from on-premises networks as well as DNS queries for your own domain names. This will make your DNS infrastructure work privately and seamlessly across on-premises networks and enable key hybrid networking scenarios.
Azure Resource Topology
Azure Resource Topology (ART) allows visualizing the resources in a network, acquire system context, understand state and debug issues faster. It provides a visualized connected experience for inventory management and monitoring. This unified topology leads to upgrading the network monitoring and management experience in Azure. Replacing the Network Watcher topology, this topology will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources. Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address. Selecting a resource in the topology highlights the node and all other nodes/resources connected to it via edges. These edges define the connections among regions which can be done through VNET peering, VNET Gateways, etc. The side pane shows extensive resource details and properties for selected node/resource.
Static IP configurations of private endpoints
Private endpoint support for statically defined IP addresses is generally available. This feature allows you to add customizations to your deployments. Leverage already reserved IP addresses and allocate them to your private endpoint without relying on the randomness of Azure’s dynamic IP allocation. In doing so, you can account for a consistent IP address to the private endpoint to use alongside IP based security rules and scripts.
Custom network interface name configurations of private endpoints
Private endpoint support for custom network interface (NIC) is now generally available. This feature allows you to define your own string name at the time of creation of the private endpoint NIC deployed. This enhances customizations to your deployments by allowing private endpoint resources to comply with your naming structure. You can leverage this feature to define a private endpoint NIC outside of the existing format of [Private Endpoint Name].nic.GUID.
IP Protection SKU for Azure DDoS Protection (preview)
IP Protection is designed with SMBs in mind and delivers enterprise-grade, cost-effective DDoS protection. Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP. The existing standard SKU of Azure DDoS Protection will now be known as Network Protection. IP Protection includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.
ExpressRoute Metro (in development)
ExpressRoute Metro offers you the ability to create private connections via an ExpressRoute Circuit with dual connections from a Service provider (AT&T, Equinix, Verizon etc.,) or connecting directly with ExpressRoute Direct over a dual 10 Gbps or 100 Gbps physical port in two different Microsoft Edge location in a metropolitan area offering higher redundancy and resiliency.
Azure public multi-access edge compute (MEC)
Azure public multi-access edge compute (MEC) allows enterprises and developers to
deliver innovative, high-performance, low-latency apps using operators’ public 5G
networks. Azure public MEC is available with AT&T in Atlanta and Dallas. This offers
customers the unique ability to analyze data closer to where it is being captured for
proactive actions and decisions. Azure public MEC with the AT&T 5G network will be available in November in Atlanta and Dallas. Additional sites will be coming soon to Detroit and New York City.
Azure Stack
Azure Stack HCI
New benefit for Software Assurance customers
Microsoft is expanding Azure Hybrid Benefit, a program that enables Software Assurance (SA) customers to reduce costs. With the new Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and Azure Stack HCI, customers can:
- Get Azure Stack HCI at no additional cost with Windows Server Datacenter SA.
Customers can modernize their existing datacenter and edge infrastructure to run their virtual machine (VM) and container-based workloads on modern infrastructure with industry-leading price-performance and built-in connectivity to Azure.
- Run AKS on Windows Server and Azure Stack HCI at no additional cost with Windows SA and Cloud Solution Provider (CSP) subscriptions. With this, customers can deploy and manage containerized Linux and Windows apps from cloud to edge with a consistent, managed Kubernetes service.
Azure Arc-enabled VM management: public preview 2
Microsoft is adding some important new features in public preview 2 to manage virtual machines:
- Marketplace image: in addition to using your own custom images, you can now access images from the Azure Marketplace. In just a few clicks, you can conveniently deploy the latest fully-patched images from Microsoft, including Windows Server 2022 Azure Edition with hotpatching and Windows 11 Enterprise multi-session for Azure Virtual Desktop. Later, images from third-party publishers will be available too. The Marketplace functionality is built natively into Azure Arc (no new agents needed) and is designed to be conscious of your network bandwidth: images are optimized to minimize file size, and you only need to download them once to create as many VMs as you like.
- Guest management including VM extensions: when you deploy a new VM through Azure Arc, the guest OS is now automatically Arc-enabled. This means you can use VM extensions like Domain Join to configure the operating system, or Custom Script to deploy and configure your applications. Later, more extensions will be available.
22H2 feature update
All existing Azure Stack HCI clusters are eligible to receive 22H2 as a free over-the-air update. You can apply the update non-disruptively with cluster-aware updating, just like a monthly security patch. Microsoft recommends version 22H2 for all new Azure Stack HCI deployments. No matter how you use Azure Stack HCI, there’s something for you in the 22H2 feature update.
Network
With version 22H2, Network ATC can automatically assign IP addresses to your intra-cluster storage networks, and automatically name your cluster networks based on their intended use. It can also manage live migration settings for you, like selecting the best network, best transport, and best bandwidth allocation.
Storage
Storage management is more flexible: you can modify existing storage volumes to increase their resiliency (e.g., from two-way to three-way mirror) or convert in-place from fixed to thin provisioning.
Storage replication between sites in a stretch cluster is faster with new optional compression. Hyper-V live migration is more reliable for switchless 2-node and 3-node clusters. And there’s new tag-based network segmentation, enabling you to secure virtualized workloads against lateral threats based on custom tags of your choice.
Management tools
Management tools are being refreshed to support the new update. You can use Windows Admin Center to manage version 22H2 right now, and in mid-November, the next Windows Admin Center release will bring enhancements to light up new features, like modifiable volume settings, an improved cluster settings design, and more. In mid-November, the first Update Rollup (UR1) for System Center 2022 will add official support for Azure Stack HCI, version 22H2.
Azure Kubernetes Service hybrid deployment options
Azure Kubernetes Service (AKS) on Azure Stack HCI, Windows Server 2019, and 2022 Datacenter can be provisioned from the Azure Portal/CLI. Through this consistent managed Kubernetes experience, organizations can run containerized apps regardless of their location in a datacenter, the Azure cloud and/or a physical location or device.
Hardware
In 2023, Microsoft will begin offering an Azure Stack HCI integrated system based on hardware that’s designed, shipped, and supported by Microsoft. The solution, called the “Pro 2”, has a 2U half-depth form factor that’s ideal for deployment outside the datacenter, in locations like retail, manufacturing and healthcare. The Pro 2 will be available in several configurations, with specs tailored to edge use cases and the option for up to two NVIDIA A2 GPUs. You’ll be able to order it directly from the Azure Portal and it’ll ship with Azure Stack HCI pre-installed. And hardware management will be integrated directly into the existing cluster management tools, including a new Windows Admin Center extension that’s under development now.
