Archivi categoria: Azure Networking

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 49 and 50)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual Machine restore points (preview)

Public preview of VM restore point is available, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM.  VM restore points supports multi-disk application consistent snapshots and can be leveraged to easily capture backups of your VM and disks. You can easily restore the VM using VM restore points in cases of data loss, corruption, or disasters. Microsoft is also introducing a new Azure Resource Manager (ARM) resource called Restore Point Collection, which will act as a container for all the restore points of a specific VM.

Placement polices for Azure VMware Solution

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution Software-Defined Data Center (SDDC). These constraints allow the you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster. 

Storage

Secure access to storage account from a virtual network/subnet in any region (preview)

You can secure access to your storage account by enabling a service endpoint for Storage in the subnet and configuring a virtual network rule for that subnet through the Azure storage firewall. You can now configure your storage account to allow access from virtual networks and subnets in any Azure region. By default, service endpoints enable connectivity from a virtual network to a storage account in the same Azure region as the virtual network or it’s paired Azure region. This preview enables you to register your subnet to allow service endpoint connectivity to storage accounts in any Azure region across the globe.

Attribute-based Access Control (ABAC) conditions with principal attributes (preview)

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.

Soft delete for blobs capability for Azure Data Lake Storage

Soft delete for blobs capability for Azure Data Lake Storage is now generally available. This feature protects files and directories from accidental deletes by retaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object, i.e. file or directory, to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted. All soft deleted files and directories are billed at the same rate as active ones until the retention period has expired. 

Azure Stack

Azure Stack HCI

Windows Server guest licensing offer for Azure Stack HCI (preview)

To facilitate guest licensing for Azure Stack HCI customers, we are pleased to announce a new offer that brings simplicity and more flexibility for licensing.  The new Windows Server subscription for Azure Stack HCI is available in public preview as of December 14, 2021. This offer will allow you to purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime and preview pricing is $0 until general availability (GA).  At GA, the offer will be charged at $23.60 per physical core per month.  This offer simplifies billing through an all-in-one place Azure subscription and in some cases will be less expensive for customers than the traditional licensing model.

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 47 and 48)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

West Central US: Microsoft expands cloud services with two new datacenters in Wyoming

Microsoft is announcing the launch of two new Microsoft datacenters in Cheyenne –  Wyoming, one in Cheyenne Business Parkway and another in Bison Business Park, enabling to expand and support the growth and demand for digital services in West Central US datacenter region. Cheyenne has been home to Microsoft’s cloud infrastructure services since 2012 and this expansion will enable us to continue providing services to current and new customers.

New Azure Virtual Machines DCasv5 and ECasv5-series (preview)

Azure DCasv5/ECasv5 confidential virtual machines (VMs) powered by 3rd Gen AMD EPYC™ processors with SEV-SNP are available in preview.

SQL Server IaaS Agent extension for Linux SQL VMs

Microsoft is making the capabilities of SQL Server IaaS Agent extension available to Linux platforms, starting with Ubuntu with plans for other distributions in time.

If you are already running SQL Server on Azure using an Ubuntu Linux Virtual Machine, the SQL Server IaaS Agent extension now enables you to leverage integration with the Azure portal and unlocks the following benefits for SQL Server on Linux Azure VMs:

  • Compliance: The extension offers a simplified method to fulfill the requirement of notifying Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms.  This process negates needing to manage licensing registration forms for each resource.
  • Simplified license management: The extension simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using the Azure portal, Azure PowerShell, or the Azure CLI.

IaaS Agent extension full mode no restart for SQL VMs

You can now enable the full mode of SQL Server IaaS Agent extension with no restart, giving you access to more manageability features for SQL Server on Azure Virtual Machines without interruption to your workloads. Previously, you had to restart the SQL Server services to enable these features. The full mode of SQL Server IaaS Agent extension unlocks many benefits such as Automated Backup, Automated Patching, Storage Optimization, and more, along with license management that comes with lightweight mode.

Storage

Azure File Sync: new agent released

The Azure File Sync agent v14.1 is available. Issue that is fixed in the v14.1 release:

  • Tiered files deleted on Windows Server 2022 are not detected by cloud tiering filter driver. This issue can also impact Windows 2016 and Windows Server 2019 if a tiered file is deleted using the FILE_DISPOSITION_INFORMATION_EX class.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 14.1.0.0.
  • Installation instructions are documented in KB5001873.

Azure NetApp Files application volume group for SAP HANA (preview)

Application volume group (AVG) for SAP HANA enables you to deploy all volumes required to install and operate an SAP HANA database according to best practices in a single one-step and optimized workflow. The application volume group feature includes the use of proximity placement group (PPG) with VMs to achieve automated, low-latency deployments. Application volume group for SAP HANA has implemented many technical improvements that simplify and standardize the entire process to help you streamline volume deployments for SAP HANA. Instead of creating the SAP HANA volumes (data, log, shared, log-backup, file-backup) individually, the new application volume group for SAP HANA creates these volumes in a single ‘atomic’ operation (GUI, RP, API).

Networking

VPN Gateway NAT

Azure VPN NAT (Network Address Translation) supports overlapping address spaces between your on-premises branch networks and your Azure Virtual Networks. NAT can also enable business-to-business connectivity where address spaces are managed by different organizations and re-numbering networks is not possible. VPN NAT provides support for 1:1 Static NAT and 1-to-many dynamic NAT.

Wildcard listener on Application Gateways

Azure Application Gateway now supports the use of wildcard characters such as asterisk (*) and question mark (?) for hostnames on a multi-site HTTP(S) listener. You can now route requests from multiple host-names such as shop.contoso.comaccounts.contoso.compay.contoso.com to the same backend pool through a single listener configured with a wildcard hostname such as *.contoso.com

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machines selector now generally available

Microsoft want to simplify the process required for you to identify the right VM based on your needs and budget. To that end, virtual machines selector is a web-based tool localized in 26 languages and available worldwide. Using the virtual machines selector you can specify your requirements, such as the category of workload you plan to run in Azure, and the technical specifications of your VM (e.g., OS disks storage options, data disks storage performance, Operating System, deployment region, etc.). After a few simple steps, the tool identifies the best VM and disk storage combination based on the information you enter. You will then be able to view the details of the recommended VMs and their prices. You can then add the selected VMs to the pricing calculator to perform a more comprehensive cost analysis.

New cloud region in Sweden

The new sustainable datacenter region in Sweden, with presence in Gävle, Sandviken and Staffanstorp is available. It includes Azure Availability Zones, which offer you additional resiliency for your applications by designing the region with unique physical datacenter locations with independent power, network, and cooling for additional tolerance to datacenter failures.

Azure VMware Solution now generally available in the France Central Azure Region and in Japan West Azure Region

Azure VMware Solution has expanded availability to Japan West and to France Central. With this release Japan West is now the second region within the Japan sovereign area to become available (joining Japan East).

SQL Server on Azure Virtual Machines: Multi subnet high availability

You can now simplify your SQL Server on Azure Virtual Machines high availability and disaster recovery configuration by deploying virtual machines in multiple subnets, eliminating the need for an Azure Load Balancer. Multi subnet configuration natively helps you match on-premises experience for connecting to your availability group listener or SQL Server failover cluster instance. Additionally, this feature doesn’t have any limitations on unique port or feature interoperability considerations like distributed network name (DNN) for availability group and failover cluster instance. Multi subnet configuration is natively supported by all versions of SQL Server and Windows Server Failover Cluster to simplify deployment, maintenance and improve failover time.

Azure Virtual Machines DCv3-series now available in Europe West and North (preview)

Announcing public preview expansion of the DCv3-series VMs to Europe West and North.

Storage

SFTP support for Azure Blob Storage (preview)

Starting today, SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is available for public preview in select regions. Azure Blob Storage is the only storage platform that supports SFTP over object storage natively in a serverless fashion, enabling you to leverage object storage economics and features. With multi-protocol support, you can run your applications on a single storage platform with no application rewrites necessary, therefore eliminating data silos.

NFSv4.1 support on Azure Files

Azure Files support for NFS v4.1 on premium tier for both locally-redundant storage and zone-redundant storage is available. Now you can deploy these fully POSIX compliant, distributed NFS file shares in your production environments for a wide variety of Linux and container based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and devops pipelines. NFS 4.1 is available in all regions where the premium tier of Azure Files exists.

Azure Archive rehydration priority update

Azure Archive Storage provides a secure, low-cost means for retaining cold data, including backups and archival storage. Data stored in Archive Storage is offline and unavailable for read access until it is rehydrated to the hot or cool tier. You can choose to rehydrate data with standard or high priority, depending on the urgency of the retrieval request. Previously, it was not possible to change the retrieval priority after initiating a rehydration operation; priority had to be determined in advance, and there was no flexibility to update the priority if the retrieval urgency subsequently changed.

Archive Storage now supports updating the retrieval priority from standard to high while a rehydration operation is pending. You can simplify rehydration management and improve cost efficiency by initiating the rehydration operation with standard priority for a set of blobs, then updating the priority to high for any blobs that require faster retrieval.

Networking

VPN Gateways: increased connection limit

The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High Performance SKU.

Azure Bastion: new features available with Standard SKU (preview)

With the new Azure Bastion native client support you can:

  • Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local Windows machine
  • Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials

Also, with the new Azure Bastion IP based connection capability you can now connect to any target resource reachable from your Bastion using its private IP address. This includes any reachable resources hosted on-premises or in other clouds, allowing you to achieve more secure global remote connectivity with Azure Bastion.

ExpressRoute now supports Azure Virtual Desktop Shortpath RDP over Private Peering

ExpressRoute Private Peering now supports Azure Virtual Desktop RDP Shortpath. After establishing the reverse connect transport, the client and session host starts the RDP connection. With RDP Shortpath configured, the client will require a direct connectivity with the session host to establish a secure TLS connection. You can leverage ExpressRoute Private peering to setup the direct connection to support RDP Shortpath. 

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (November 2021) conference.

Azure

Compute

Zerto Disaster Recovery for Azure VMware Solution

Zerto Disaster Recovery is now available and supported with Azure VMware Solution, delivering data protection and disaster recovery services that eliminate data loss and downtime for vSphere virtual machines running on Azure VMware Solution environment.

Zerto Disaster Recovery for Azure VMware Solution supports the following 3 scenarios:

  • On-premises VMware to Azure VMware Solution for Hybrid disaster recovery
  • Azure VMware Solution to Azure VMware Solution for cloud-based disaster recovery
  • Azure VMware Solution to Azure IaaS for cloud-based disaster recovery

Azure Spot Virtual Machines: Try to restore functionality

You can now opt-in and use this feature while deploying Spot VMs using Virtual Machine Scale Sets. This new feature will automatically try to restore an evicted Spot VM to maintain the desired target compute capacity (e.g., number of VMs) in a scale set.

Storage

Azure File Sync agent v14 

Improvements and issues that are fixed in the v14 release:

  • Improved server endpoint deprovisioning guidance in the portal. When removing a server endpoint via the portal, we now provide step by step guidance based on the reason behind deleting the server endpoint, so that you can avoid data loss and ensure your data is where it needs to be (server or Azure file share).
  • Invoke-AzStorageSyncChangeDetection cmdlet improvements. Microsoft has improved the Invoke-AzStorageSyncChangeDetection cmdlet and the 10,000 item limit no longer applies when scanning the entire share. 
  • Azure File Sync is now supported in West US 3 region.
  • Reduced transactions when a file consistently fails to upload due to a per-item sync error.
  • Reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 14.0.0.0.
  • Installation instructions are documented in KB5001872.

Ephemeral OS disks for Azure VMs support additional VM sizes

You now can choose where to store Ephemeral OS disks, either in VM temp disk or on VM cache. This feature enables Ephemeral OS disks to be created for all the VMs, which don’t have cache or have an insufficient cache (such as Dav3, Dav4, Eav4, and Eav3) but has sufficient temp disk to host the Ephemeral OS disk.

Networking

New Azure Firewall Premium capabilities

 Several new Azure Firewall Premium capabilities are available:

  • Azure Firewall Premium availability in more regions. Azure Firewall Premium is now available in both Microsoft Government Cloud and Azure China 21Vianet. This expansion makes Azure Firewall Premium now available in 44 Azure regions.
  • Terraform support for Firewall Policy Premium. Azure Firewall Premium supports a range of DevOps tools including Azure CLI, PowerShell, REST API. Customers can now use Terraform, a popular open-source tool used by DevOps for implementing infrastructure as code, to manage their Azure Firewall Premium.
  • Web categories Category Check (in preview). Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Often customers want to check what categories does a specific URL fall under. Customers can now use the convenience of Azure Portal to determine URL web categories and share feedback if the category is not accurate.
  • Migrate to Premium SKU using Stop/Start approach. If you use Azure Firewall Standard SKU with Firewall Policy, you can use the Allocate/Deallocate method to upgrade your Firewall SKU to Premium. This migration approach is supported on both VNET Hub and Secure Hub Firewalls. Secure Hub deployments will be upgraded while preserving the public IP of the firewall. 

Extended regional availability for Private Link NSG Support and for Private Link UDR Support

Private Endpoint support for Network Security Groups (NSGs) and Private Endpoint support for User Defined Routes (UDRs) are now in public preview.

  • Private Endpoint support for Network Security Groups (NSGs) enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint.
  • Private Endpoint support for User Defined Routes (UDRs) enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range. 

At this time, this features are available in the following regions: UsEast2Euap, UsCentralEuap, WestCentralUS, WestUS, WestUS2, EastUS, EastUS2, Asiaeast, Australiaeast, Japaneast, Canadacentral, Europenorth, Koreacentral, Brazilsouth, Uksouth, US South, US North, and France Central.

ExpressRoute IPv6 Support for Private Peering

IPv6 support for ExpressRoute Private Peering is now generally available with ExpressRoute circuits and Azure environments globally. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New centralized management experience for Azure Hybrid Benefit for SQL Server (preview)

Azure Hybrid Benefit for SQL Server helps reduce costs by allowing existing on-premises licenses with active Software Assurance to be assigned to Azure. Now there’s an easier way to manage the benefit, optimize cost savings, and sustain compliance for the entire organization. Instead of assigning the benefit to each individual Azure resource (e.g. virtual machine), billing admins can now assign and manage SQL Server licenses at an Azure subscription or entire Azure account level.

Cross region replication for Azure NetApp Files

With this disaster recovery capability, you can replicate your Azure NetApp Files volumes between select Azure standard and non-standard region pairs continuously in a fast and cost-effective way, protecting your data from unforeseeable regional failures. Azure NetApp Files cross region replication leverages NetApp SnapMirror technology so only changed blocks are sent over the network in a compressed, efficient format. This technology reduces the amount of data required to replicate across the regions with up to 50% or more, therefore saving Azure NetApp Files customers data transfer cost. It also shortens the replication time so you can achieve a smaller Restore Point Objective.

Networking

Azure Firewall Premium now generally available in five new Azure regions

Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments, and it is now generally available in the following new Azure Cloud regions: USGov Texas, USGov Arizona, USGov Virginia, China North 2 and China East 2.

Azure Stack

Azure Stack HCI

New feature update

Feature updates for Azure Stack HCI are released periodically to enhance the customer experience.  This month’s feature update for Clusters running Azure Stack HCI, version 21H2 are:

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

What’s new in Azure VMware Solution

  • Azure VMware Landing Zone is now publically available. It is Microsoft’s prescriptive, opinionated and best-practices backed guidance for deploying and managing workloads running on Azure VMware solution.
  • It’s soon possible to use Azure NetApp Filesas NFS datastore for Azure VMware Solution. It’s a great option for using the same NetApp VSAN datastores as used in on-premise environments in Azure now.
  • It is possible now to do HCX migration over VPN and SD-SWAN. Customers can get an additional option besides Azure ExpressRoute for driving migrations.  
  • Azure VMware Solution is now included as part of Azure Workload Acquisition & Nurture incentive Partners can take advantage of multiple benefits available under the program to drive Azure VMware Solution projects.
  • New enhancements, global expansion, partner integration are now available as documented here.

Availability Zones now generally available in new regions

Azure Availability Zones are now generally available in the South Africa North, Norway East and Korea Central region. These new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.

Storage

Azure NetApp Files waitlist removal

Azure NetApp Files, one of the fastest growing bare-metal Azure services is now available to Azure customers directly from the Azure portal, CLI, API or with SDK, without having to go through waitlist approval process.

Standard network features for Azure NetApp Files (preview)

Standard network features for Azure NetApp Files volumes is now in public preview in select regions. This includes support for increased IP limits, Network Security Groups, User-defined routes, and additional connectivity patterns like connectivity over Active/Active VPN gateway and ExpressRoute FastPath.

Azure NetApp Files Backup capability (preview)

Azure NetApp Files backup expands the data protection capabilities of Azure NetApp Files by providing fully managed backup solution for long-term recovery, archive, and compliance.
Azure NetApp Files online snapshots are now enhanced with backup of snapshots. With this new backup capability, you can offload your Azure NetApp Files snapshots to Azure blob storage in a fast and cost-effective way, further protecting your data from accidental deletion.

Enable hierarchical namespace for existing Azure Storage accounts

Accelerating value through data analytics by enabling the Azure Data Lake Storage (ADLS) hierarchical namespace for existing Azure Storage accounts is now generally available. The benefits of the ADLS hierarchical namespace in providing enhanced performance and features that are dedicated to maximizing the value of data analytics is well established. You can now get this benefit for existing accounts and data by enabling the hierarchical namespace in place.

Object replication for Premium Block Blob Storage (preview)

Object replication allows you to replicate your premium block blob data at the blob level from one storage account to another anywhere in the Azure.
Object replication unblocks a new set of common replication scenarios for premium block blobs:

  • Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.

Azure IaaS and Azure Stack: announcements and updates (September 2021 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution achieves FedRAMP High Authorization

With this certification, U.S. government and public sector customers can now use Azure VMware Solution as a compliant FedRAMP cloud computing environment, ensuring it meets the demanding standards for security and information protection.

JetStream Disaster Recovery for Azure VMware Solution (preview)

JetStream Disaster Recovery is now available on Azure VMware Solution in public preview, enabling DR protection needed for business and mission-critical applications. JetStream Disaster Recovery on Azure VMware Solution is also cost-effective, as it uses minimal resources at the DR site by leveraging cloud storage, such as Azure Blob Storage.

Azure AD-joined VMs support

With this latest update, you can now:

  • Join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (Azure AD.)
  • Connect to the virtual machine from any device with basic credentials.
  •  Automatically enroll the virtual machines with Microsoft Endpoint Manager.

Management Group Scope for Azure Reservations (preview)

You can scope a reservation to a management group. When you set the scope to a management group, the reservation discount is applied to matching resources in the list of subscriptions that are a part of the management group and the billing context.

Storage

Azure Archive Storage now available in three new regions

Azure Archive Storage provides a secure, low-cost means for retaining cold data including backup and archival storage. Now, Azure Archive Storage is available in three new regions: Norway East, UAE North, and Germany West Central.

Azure IaaS and Azure Stack: announcements and updates (September 2021 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

On-demand capacity reservations for Azure Virtual Machines (preview)

On-demand capacity reservations for Azure Virtual Machines, now in public preview, enable IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or Availability Zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time, no commitment is required. The ability for you to access compute capacity, with SLA guarantees when on-demand capacity reservations become generally available, ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs.

Run Commands for Azure VMware Solution (preview)

Run commands are a collection of PowerShell packages available in the Azure VMware Solution portal that simplify the execution of certain operations on vCenter. With this announcement your cloud administrator can now more easily run management tasks that require elevated privileges.

Automatic scaling with Azure Virtual Machine Scale Sets flexible orchestration mode (preview)

Microsoft has enabled elastic virtual machine profile and automatic scaling for Azure Virtual Machine Scale Sets with flexible orchestration elastic profile and automatic scaling. The features are now in public preview, and provide:  

  • Up to 1000 instances in a scale set (general purpose virtual machine sizes only)
  • Ability to manually add VM instances to the scale set
  • The option to spread instances across fault domains automatically, or specify a fault domain
  • Place on demand and Spot VMs in the same scale set
  • (New) Define a VM profile and specify instance count
  • (New) Automatically scale out and scale in based on metrics, schedule, or AI prediction (private preview)
  • (New) In guest patching that respects high availability / FD constraints
  • (New) Automatic extension updates
  • (New) Automatic instance repair/replacement of unhealthy instances
  • (New) Terminate notification for on demand and Spot VMs
  • (New) Secure by default networking – customers must explicitly define outbound connectivity
  • (New) Improved scale out and scale in reliability, latency, and elasticity

Storage

Azure Files: SMB 3.1.1 support, SMB Multichannel and storage capacity reservation 

Server Message Block (SMB) 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.

Server Message Block (SMB) Multichannel enables you to improve the IO performance of your SMB client 2-4x, increasing performance and decreasing total cost of ownership.

Storage capacity reservations for Azure Files enable you to significantly reduce the total cost of ownership of storage by pre-committing to storage utilization. To achieve the lowest costs in Azure, you should consider reserving capacity for all production workloads.

Zone redundant storage (ZRS) for Azure Disk Storage

Zone redundant storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. They also enable you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.

Automatic key rotation of customer-managed keys for encrypting Azure disks

Azure Disk Storage now enables you to automatically rotate keys for encryption of your data.

Change performance tiers for Azure Premium SSDs with no downtime

On Azure Premium SSDs, you can now change the performance tiers without any downtime to your application (generally available). You can change the performance tier of a disk even when it is attached to running virtual machines. For planned events like a seasonal sales promotion or running a training environment, you need to achieve sustained higher performance for a few hours or days and then return to the normal performance levels. With performance tiers on Premium SSDs, you have the flexibility to scale the disk performance without increasing the disk size by selecting a higher performance tier. You can also change tiers to bring it back to your baseline performance tier, enabling you to achieve higher performance and cost savings.

Networking

New updates to Azure Firewall

New Azure Firewall capabilities:

  • Azure Firewall supports US West 3, Jio India West, and Brazil Southeast.
  • Auto-generated self-signed certificates for Azure Firewall Premium SKU.
  • Secure Hub now supports Availability Zones.
  • Deploy Azure Firewall without public IP in Forced Tunnel mode.
  • Configure pre-existing Azure Firewalls in Force Tunnel mode using stop or start commands.

Azure Route Server

Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. When you establish a Border Gateway Protocol (BGP) peering between your NVA and Azure Router Server, you can advertise IP addresses from your NVA to your virtual network. Your NVA will also learn what IP addresses your virtual network has. Azure Route Server is a fully managed service and is configured with high availability.

Several key Azure Route Server benefits include:

  • Simplify network appliance operations
  • Deploy it in your existing setup
  • Support any network appliance
  • Enable new network topology

Private Link Network Security Group Support (preview)

Private Endpoint support for Network Security Groups (NSGs) is now in public preview. This feature enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Private Link UDR Support (preview)

Private Endpoint support for User Defined Routes (UDRs) is now in public preview. This feature enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range.  In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Address changes on an Azure virtual network that has active peerings (preview)

You can now update your virtual network address space without needing to remove the peering links on their virtual networking and incurring any downtime.

Azure ExpressRoute: new ExpressRoute Direct and Peering locations

New locations are available for ExpressRoute Direct:

  • Denver
  • Newport (Wales)
  • Pune

The new locations support dual 10Gbps or 100Gbps connectivity into Microsoft’s global network.

New peering locations are available for ExpressRoute:

  • Chicago2
  • Pune
  • Seoul2

Azure IaaS and Azure Stack: announcements and updates (August 2021 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Placement polices for Azure VMware Solution (preview)

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution software-defined data center (SDDC). These constraints allow you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual Machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster. When you create a placement policy, it creates a vSphere Distributed Resource Scheduler (DRS) rule in the specified vSphere cluster. It also includes additional logic for interoperability with Azure VMware Solution operations.

New VM series supported by Azure Batch

The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:

Azure Virtual Machines: retired series

Microsoft is retiring:

  • H-series Azure Virtual Machine sizes (H8, H8m, H16, H16r, H16m, H16mr, H8 Promo, H8m Promo, H16 Promo, H16r Promo, H16m Promo, and H16mr Promo) on 31 August 2022.
  • ND-series virtual machine sizes on 31 August 2022.
  • Basic and Standard A-series VMs on 31 August 2024.

Azure Government Top Secret now generally available for US national security missions

Azure Government Top Secret is available for US and this is a significant milestone in Microsoft commitment to bringing unmatched commercial innovation to US government customers across all data classifications. This announcement, together with new services and functionality in Azure Government Secret, provides further evidence of Microsoft’s relentless commitment to the mission of national security, enabling customers and partners to realize the vision of a multi-cloud strategy and achieve greater agility, interoperability, cost savings, and speed to innovation.

Storage

Azure Blob storage inventory

Inventory provides an easy way to gain insights into the containers and all block, append, and page blobs stored within an account.  Blob Inventory can be selected to provide a full listing of all blobs and containers on a daily or weekly basis. Prior to Inventory, either a separate catalog system or, listing of all blobs and analyzing added complexity and cost to solutions that used blob storage. With inventory, all blobs and containers that match an optional filter will be listed on a daily or weekly basis to a CSV or Parquet file that can then be processed for insights.  

Azure Archive Storage events for easy rehydration of archived blobs

The Azure Archive Storage provides a secure, low-cost means for retaining cold data including backups and archival storage. When your data is stored in Archive Storage, the data is offline and not available for read until it is moved to the hot or cool tier. Previously, the only way to determine when blob rehydration was complete and available to be read was to repeatedly poll the status of the rehydration operation, increasing complexity and cost. Azure Event Grid now supports events that fire when a blob is rehydrated from the archive tier. The Microsoft.Storage.BlobCreated event fires when a blob is copied from the archive tier to a new destination blob in the hot or cool tier. The Microsoft.Storage.BlobTierChanged event fires when the archived blob’s tier is changed to hot or cool. Your application can handle these events in order to respond to blob rehydration.

Azure Blob storage: last access time tracking

Last access time tracking integrates with lifecycle management to allow the automatic tiering and deletion of data based on when individual blobs are last accessed. This allows greater cost control as well as an automatic workflow including deletion of data after it is no longer used. Last access time can also be used without lifecycle management by any solution that needs to understand when individual blobs are last read and then take action. Lifecycle management with last access time tracking is available in all public regions for accounts with flat namespace used.  Azure Data Lake Storage Gen2 will be supported later this year.

Networking

Network Insights: enhanced troubleshooting experiences for additional resources

You now have access to rich insights and enhanced troubleshooting experiences for four additional networking resources in Network Insights: Private Link, NAT Gateway, Public IP, and NIC.

With the onboarding of these resources, customers can access:

  • A resource topology showing resource health and connected resources
  • A pre-built workbook showing all key metrics along multiple
  • Direct links to documentation and troubleshooting help

Azure IaaS and Azure Stack: announcements and updates (August 2021 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Automatic Azure VM extension upgrade capabilities 

Azure Virtual Machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade VM extensions is now available for Azure Virtual Machines and Virtual Machine Scale Sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.

Storage

Azure File Sync agent v13

Improvements and issues that are fixed in the v13 release:

  • Authoritative upload: authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
  • Portal improvements to view cloud change enumeration and sync progress: when a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
  • Support for server rename: if a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
  • Support for Windows Server 2022 Preview: the Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
  • Miscellaneous improvements:
    • Reliability improvements for sync, cloud tiering and cloud change enumeration.
    • If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
    • The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
    • Explorer.exe is now excluded from cloud tiering last access time tracking.
    • New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 13.0.0.0.
  • Installation instructions are documented in KB4588753.

Networking

Re-size Azure virtual networks that are peered (preview)

Virtual networks in Azure have had a long-standing constraint where any address space change is only allowed if the virtual network does not have any peerings. Microsoft is announcing that this limitation has been lifted, and customers can freely resize their virtual networks without incurring any downtime. With this feature, existing peerings on the virtual network do not need to be deleted prior to adding or deleting an address prefix on the virtual network.

Azure VPN Client for macOS

Azure VPN Client for macOS is available with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol.

Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, you can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for your Mac devices.

Azure ExpressRoute Global Reach: 2 new locations

There are 2 new locations for ExpressRoute Global Reach:

  • South Africa (Johannesburg only)
  • Taiwan

For more information about ExpressRoute Global Reach and available locations, visit ExpressRoute Global Reach webpage.