Archivi categoria: Datacenter Management

Azure IaaS and Azure Stack: announcements and updates (March 2024 – Weeks: 09 and 10)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Retirement of Cloud Services (classic) Deployment Model

Azure has announced the retirement of the Cloud Services (classic) deployment model on August 31, 2024. Users are encouraged to migrate their services to Cloud Services (extended support) within Azure Resource Manager before this date to avoid service disruption. This transition enables access to new capabilities such as deployment templates, role-based access control, and regional resiliency.

Change Actor in Azure Resource Graph (preview)

Azure introduces the public preview of Change Actor in Azure Resource Graph, a tool that enhances audit, troubleshooting, and governance capabilities. This feature allows users to identify who made changes to resources, the client used for the change, and the operation called. By integrating Change Actor functionality, Azure offers improved visibility and control over resource changes, facilitating better management across tenants and subscriptions.

Compute

New Generation AMD VMs – Dasv6/Easv6/Fasv6 (preview)

Azure announces the public preview of the new generation AMD-based VMs, leveraging the 4th Generation AMD EPYC™ 9004 (Genoa) CPU. These VMs, available in Dasv6, Easv6, and Fasv6 series, offer enhanced performance and reliability. They support various memory to core ratios, catering to general-purpose, memory-optimized, and compute-optimized needs. Equipped with Azure Boost and NVMe interfaces, these VMs promise up to 80% better remote storage performance, faster local storage speeds, and improved networking bandwidth. Initially available in the East US 2 region, these VMs represent a significant expansion in Azure’s AMD VM offerings.

Networking

Azure Route Server Now Available in ItalyNorth Azure Region

Azure Route Server has been introduced to the ItalyNorth Azure Region, offering simplified dynamic routing between network virtual appliances (NVAs) and Azure virtual networks. This service facilitates the direct exchange of routing information via the Border Gateway Protocol (BGP) without the manual configuration of route tables. Azure Route Server, as a fully managed service, ensures high availability and seamless integration with the Azure Software Defined Network (SDN), enhancing network management and efficiency.

Azure Virtual Network Encryption Expanded to Additional Regions

Azure has extended its Virtual Network encryption feature to additional regions, including West US, East US, Europe, and more. This enhancement allows for the encryption of traffic within the same virtual network and across peered networks, bolstering security for data in transit. The expansion of this feature underscores Azure’s commitment to providing robust security options for its users.

Application Gateway for Containers

Microsoft Azure has announced the general availability of Application Gateway for Containers, marking a significant evolution in application load balancing technology. This service enhances the capabilities of the traditional Application Gateway and its Ingress Controller by offering advanced layer 7 load balancing and dynamic traffic management for Kubernetes workloads. With features like Custom Health Probes, URL Redirect, and URL/Header Rewrite, the service ensures near-to-real-time updates in response to changes within the Kubernetes environment. The general availability version also introduces Controller High Availability, Gateway API v1 integration, additional regional availability, and a service level agreement (SLA) to support production workloads confidently.

Azure Application Gateway introduces support for TLS and TCP protocols (preview)

Azure Application Gateway expands its functionality by introducing support for TLS and TCP protocols in public preview. This enhancement allows for the utilization of Application Gateway in non-HTTP applications, catering to protocols such as SQL, MQTT, and AMQP. It facilitates the use of custom domains with Application Gateway’s TLS certificate management, ensuring secure connections for clients and access to any backend service. Moreover, this feature provides a unified endpoint for client access, as a single Application Gateway resource can now support both Layer 7 (HTTP/S) and Layer 4 (TCP and TLS) protocols. Available for Standard V2 and Web Application Firewall V2 SKUs, this update broadens the scope of Application Gateway’s capabilities.

Internet inbound for Network Virtual Appliances in Virtual WAN Hubs (preview)

The introduction of Internet inbound (Destination NAT) for Next-Generation Firewall Network Virtual Appliances (NVAs) in Virtual WAN hubs is now in public preview. This feature enables network administrators to publish applications to a wider internet audience without directly exposing the application or server’s public IP. Instead, users access applications through a public IP address assigned to a Firewall NVA, which is configured to filter, translate, and control access to backend applications. With the ability to associate public IP addresses to Firewall NVAs deployed in Virtual WAN Hubs and utilize NVA management and orchestration software, Virtual WAN customers can now seamlessly program both the Virtual WAN infrastructure and the NVAs to accept and forward inbound traffic, enhancing security and accessibility.

Storage

Azure File Sync Agent v17.2 Release

The Azure File Sync Agent v17.2 has been officially released, consolidating improvements and fixes from its predecessors, versions 17.0 and 17.1. This update is crucial for users with the Azure File Sync agent version 16 or below, as both versions 16.2 and 17.2 are now available for update. This version marks the final planned release for Windows Server 2012 R2, with support for this server ending on March 4th, 2025. The agent is compatible with Windows Server 2012 R2, 2016, 2019, and 2022, providing enhanced functionality and stability.

Azure Blob Storage Cold Tier SLA

As of August 10th, 2023, Azure Blob Storage Cold Tier is generally available, providing a cost-effective solution for long-term storage of infrequently accessed data. The service level agreement (SLA) for Azure Blob Storage now includes this new online access tier, ensuring Microsoft’s commitment to uptime and connectivity.

Encryption at Host for Premium SSD v2 and Ultra Disks Expanded

Encryption at host for Premium SSD v2 and Ultra Disks is now generally available in additional regions including Canada East, West Europe, South Central US, and West US 3. This feature enhances security by starting encryption at the VM host level, ensuring data is encrypted at rest and in transit to the Storage service. The expansion of this feature demonstrates Azure’s ongoing commitment to providing secure and reliable cloud storage options.

Azure NetApp Files Volume Enhancement (preview)

Azure NetApp Files introduces a significant enhancement in public preview, allowing volumes in different availability zones within the same region to share the same volume mount path. This feature supports highly available architectures through cross-zone replication, simplifying automation and minimizing manual intervention during disaster recovery failovers. It is applicable to SMB, NFS, and dual-protocol volumes, facilitating improved recovery times and data availability across various scenarios, including host-based replication and test/dev environments.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Windows Server 2025: the arrival of a new era of innovation and security for server systems

Microsoft is set to redefine the future of server operating systems with the announcement of its next major release: Windows Server 2025. This release will represent an evolutionary leap in the field of server operating systems, thanks to the introduction of innovative features that promise to revolutionize server management, their security, and performance. The new version is packed with improvements aimed at increasing operational efficiency and meeting the increasingly complex needs of modern IT environments. In this article, we will explore in detail the key features of Windows Server 2025, analyze its expected launch date, and evaluate its positioning in relation to Azure Stack HCI.

What’s New in Windows Server 2025

The latest version of Windows Server, named “Windows Server 2025,” marks a turning point in the evolution of server operating systems, introducing a wide range of innovations and improvements aimed at meeting the most pressing needs of users and introducing new features to optimize performance, security, and server management. Here is a detailed overview of the main new features integrated into this version:

  • Hot Patching: one of the most anticipated features, hot patching, will be available to all users of Windows Server 2025. This technology allows for updates to be applied in-memory, avoiding the restarts of the traditional patching process, which can disrupt operations. Originally welcomed with enthusiasm by the Xbox team for managing their Azure servers, hot patching has proven to drastically reduce update times. The expansion of hot patching will be linked to the Azure Arc management tool, and will also be accessible for the upcoming Standard and Datacenter editions of Windows Server, on a paid basis, although it is currently available at no additional cost for Azure Edition and Azure Stack HCI users.
  • Next-Generation Active Directory: Windows Server 2025 introduces significant improvements to Active Directory, increasing scalability through the adoption of larger database pages (32k) and improving support for systems with a high number of cores. Numerous security reinforcements have also been implemented, including support for LDAP over TLS 1.3 and a new replication priority feature, making Active Directory more robust and secure.
  • Improved Storage Performance and Flexibility: the new operating system brings significant optimizations for NVMe storage, promising an increase in IOPS of up to 90% compared to the previous version. Support for NVMe over Fabric, improvements for Storage Replica, and a new native deduplication mechanism for ReFS, optimized for active data, have also been introduced.
  • Hyper-V and Artificial Intelligence: with the introduction of GPU partitioning (GPU-P), Windows Server 2025 allows for the sharing of a GPU across multiple virtual machines, ensuring full support for real-time migration and clustering. Improved support for direct device assignment (DDA) and the introduction of GPU pools for high availability further elevate Hyper-V’s capabilities.
  • Modernized Server Experience: the upgrade to Windows Server 2025 is made simpler through the ability to perform it directly from Windows Update, ensuring a smooth and seamless transition, in line with the commitment to an improved user experience.
  • Enhanced Security and Networking: new security measures have been introduced, including mandatory SMB Signing by default and improvements in protection against brute force attacks on SMB. Advanced networking features have also been introduced, such as intent-based ATC and significant performance improvements to the SDN gateway.
  • Containers and AKS: significant improvements have been made in container management, including reducing the size of the base image and improvements in application compatibility, especially for Nano Server, simplifying and making container use more efficient.
  • Next-Generation File Services: access to SMB over QUIC, previously limited to the Azure edition of Windows Server 2022, is now extended to all editions of Windows Server 2025. This facilitates secure remote access to file servers without the need for VPN, using an always-encrypted protocol that leverages TLS 1.3 for connections, improving security and accessibility.
  • New Pay as You Go Option: Microsoft is planning to sell Windows Server 2025 not only through the traditional perpetual license but also via a pay-as-you-go subscription option. This option will be enabled through Azure Arc, Microsoft’s cloud service management tool, and will be billed through “Azure Commerce.” The subscription-based offering could be used by organizations that have seasonal or burst workloads, offering flexibility in payment based on actual usage.

These innovations reflect Microsoft’s commitment to meeting user needs and driving the technological evolution of servers, with Windows Server 2025 poised to be a milestone in the history of server operating systems.

Windows Server 2025 vs Azure Stack HCI

Azure Stack HCI and Windows Server 2025 represent two fundamental pillars in Microsoft’s virtualization solution offering, each designed to meet different needs within the IT landscape. While Azure Stack HCI positions itself as the cutting-edge solution for hybrid environments, offering advanced integrations with Azure services for optimized management and scalability, Windows Server 2025 continues to be a solid choice for organizations that require more traditional virtualized solutions, with a particular focus on flexibility and management in disconnected scenarios. The choice between these two solutions depends on the specific virtualization needs, the organization’s cloud strategy, and the need for access to advanced management and security features.

In summary:

  • Azure Stack HCI represents Microsoft’s flagship virtualization platform, offering significant hybrid value not present in Windows Server. Its features include Azure Virtual Desktop, free Extended Security Updates (ESU), the Azure edition (with hotpatching), the ability to provision virtual machines directly from the Marketplace, and management through Azure. Azure Stack HCI also stands out for the speed with which it introduces new improvements and features.
  • For customers needing disconnected solutions, Microsoft proposes Windows Server as a virtualization platform. Although it does not have all the advanced features of Azure Stack HCI, Windows Server remains a feature-rich and absolutely valid solution.

Release Date of Windows Server 2025

The new version of Windows Server, named “Windows Server 2025,” is expected in the fall of this year. Although Microsoft has not yet announced an official release date, it is possible to make some predictions based on previous release cycles. The company’s last product, Windows Server 2022, was made available to the public on September 1, 2021. If Microsoft were to follow a similar schedule for its next product, then we could expect Windows Server 2025 to be released in the fall of this year.

Conclusions

Windows Server 2025 represents a significant step forward in Microsoft’s vision for the future of server management, offering a wide range of improvements and new features that promise to optimize the IT infrastructure of companies. The introduction of technologies such as hot patching, next-generation Active Directory, and improvements in the field of storage and artificial intelligence not only enhance security and performance but also management and operational efficiency. With its release expected in the fall of this year, Windows Server 2025 is poised to be a milestone in the evolution of server operating systems, ready to meet the needs of modern IT environments and set new standards for the industry.

Azure Management services: what’s new in February 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Availability of the Azure Monitor Metrics Data Plane API

As of February, the Azure Monitor Metrics Data Plane API is available for use. This API allows for efficient management and monitoring of Azure resources, improving query efficiency and metric collection capability. It is possible to retrieve metric data for up to 50 resource IDs in the same subscription and region with a single API call, thus optimizing query throughput and reducing the risk of throttling.

Execution of the Azure Monitor Logs connector on an exact time range (preview)

The Azure Monitor Logs connector introduces a new preview feature: the ability to execute queries on an exact time range provided dynamically. This functionality allows for filtering the execution of queries in the Log Analytics workspace or Application Insights components for Logic App triggers or schedules, displaying relevant results. Until now, the time range could be set directly in the query or defined with a relative value, such as the last hour or the last 12 hours. With the exact time range option, it is now possible to dynamically pass the start and end time to respond to scenarios such as alarm diagnostics. When the connector is activated by an alarm, it can receive the alarm’s time range to replicate the results that triggered the alarm and allow for effective investigation.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure SQL migration assessment enabled by Azure Arc (preview)

With the growing adoption of cloud computing, organizations embark on the path of migration to the cloud, facing a complex and articulated challenge that can extend for several months, varying based on the size and complexity of the projects involved. This transition period can result in a delay in accessing the benefits offered by Azure’s capabilities, temporarily limiting operational efficiency and innovation.

To overcome these challenges, Microsoft introduces an innovative solution: SQL Server enabled for Azure Arc. This revolutionary technology allows organizations to begin leveraging the benefits of the cloud from the early stages of the migration process. Through Azure Arc, it is possible to manage SQL Server instances, both on-premise and distributed across multiple clouds, using Azure’s control plane and management services. This approach enables consistent and efficient hybrid management of the SQL Server environment, bringing immediate benefits in terms of operational efficiencies and cost reduction, in addition to ensuring an optimal migration and modernization experience.

In addition to these benefits, Microsoft announces the public preview release of the Azure SQL migration assessment, powered by Azure Arc. This feature, once activated by linking one’s SQL Server to Azure Arc, automatically and continuously provides an assessment of readiness for migration to Azure SQL. This assessment takes into account the evolutions of the work environment and suggests the Azure SQL deployment option best suited to specific needs, optimizing costs. Furthermore, it identifies potential migration risks and proposes mitigation strategies, thus facilitating the transition path to the cloud and improving strategic alignment with business needs.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Regulatory compliance management: through Defender for Cloud, the management of compliance standards is extended to Azure, AWS, and GCP environments, offering a unified experience in creating and managing personalized recommendations through KQL queries.
  • Cloud support for Defender for Containers: the threat detection capabilities specific to Azure Kubernetes Service (AKS) in Defender for Container are now extended to commercial clouds, Azure Government, and Azure China 21Vianet, with the list of supported features updated.
  • Update of the Defender FOR Container agent: a new version of the agent, which brings improvements in terms of performance and security, supports AMD64 and ARM64 architectures (Linux only) and employs Inspektor Gadget for process collection instead of Sysdig. This version is compatible exclusively with Linux kernel version 5.4 or higher, requiring updates for older kernels. ARM64 support is available starting from AKS V1.29.
  • Support for the OCI image format specification: vulnerability assessment now supports the Open Container Initiative (OCI) image format specification for AWS, Azure, and GCP clouds, thanks to Microsoft Defender Vulnerability Management.
  • Retirement of the AWS container vulnerability assessment powered by Trivy: this assessment has been replaced by a new solution powered by Microsoft Defender Vulnerability Management.
  • Recommendations for Azure Stack HCI: four new recommendations specific to Azure Stack HCI, currently in public preview, have been introduced, thus expanding the type of resources manageable through Microsoft Defender for Cloud.

Protect

Azure Backup

Support for Cross-Region recovery of PostgreSQL backups

Support for cross-region recovery of PostgreSQL backups through Azure Backup is now available to all. Using Read-Access Geo-Redundant Storage (RA-GRS), Azure Backup enables a high level of data resilience, allowing access to backups in disaster recovery scenarios and restoration operations from the secondary region at any time. This feature is now available for PostgreSQL backups in all public regions, offering a wide range of durability options for backup data.

Regional Disaster Recovery via Azure Backup for AKS (preview)

Azure Backup for AKS introduces a new feature in preview: Regional Disaster Recovery. This innovation provides advanced protection for containerized application workloads and data through scheduled backups and smooth restorations, ideal for addressing situations such as operational recovery, accidental deletion, and application migration. Thanks to Regional Disaster Recovery, organizations can anticipate and mitigate the impact of catastrophic regional events through the recovery of AKS clusters from backups located in a secondary region, leveraging Azure’s paired regions. This ensures operational continuity even in the face of regional disruptions, complying with the established 3-2-1 backup strategy and providing the resilience needed to ensure data recovery after tenant-compromising events, in addition to meeting compliance requirements imposed by heavily regulated sectors.

Extended support for VMs with Ultra and Premium SSD v2 disks

Azure has announced the general availability launch of extended support of Azure Backup for virtual machines (VMs) that use Ultra and Premium SSD v2 disks. This development represents a significant step forward in strengthening the resilience and recovery capabilities of businesses managing critical enterprise applications and high-intensity I/O in the cloud. Ultra disks, known for their ability to support enterprise-level applications such as SAP HANA, high-end SQL databases, and NoSQL databases, offer organizations the flexibility needed to run demanding workloads with ease. Simultaneously, Premium SSD v2 disks stand out as the most advanced block storage solution, optimized for IO-intensive production workloads that require latencies below one millisecond. The availability of these technologies in Azure Backup meets a fundamental customer demand, eager to ensure operational continuity of their VMs in the event of disasters or ransomware attacks. With the enablement of backup for VMs using both Ultra and Premium SSD v2 disks, Azure positions itself as a robust cloud platform capable of offering solid and efficient recovery solutions. These advanced backup options are designed for a wide spectrum of applications, including SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, and gaming, on virtual machines or stateful containers. The availability of these features in all regions that support the creation of Ultra and Premium SSD v2 disks highlights Azure’s commitment to providing reliable and cutting-edge backup solutions, thus promoting security, resilience, and operational efficiency for businesses globally.

Azure Site Recovery

Enabling replication for data disks added to VMware VMs

Azure Site Recovery now supports enabling replication for data disks added to a VMware VM already enabled for disaster recovery. Thanks to this update, users can ensure greater operational continuity and better data resilience management, extending disaster recovery protection to data disks added after the VM protection is enabled.

Support of Azure Site Recovery for Azure Trusted Launch VMs (preview)

Microsoft has announced the preview of Azure Site Recovery support for Azure Trusted Launch VMs, exclusively for Windows operating systems. These VMs provide basic security for Azure Generation 2 systems, enabling Secure Boot and vTPM capabilities.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 07 and 08)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Windows Admin Center for Azure Virtual Machines

The Windows Admin Center for Azure Virtual Machines marks a significant step forward in cloud management by integrating directly into the Azure Portal. This tool is engineered to streamline the administration of Windows Server Operating Systems for Azure Virtual Machines. By facilitating in-browser RDP and PowerShell sessions, managing files, viewing events, and monitoring performance, it significantly reduces the necessity for remote desktop connections. A standout feature is its integration with Azure Active Directory for single sign-on capabilities, offering a cohesive identity experience across Azure services. This innovation not only simplifies virtual machine deployment and maintenance but also enhances security by minimizing dependence on local administrator accounts.

Compute

NVv5 Series VMs Now Available in Italy North Azure Region

Azure’s NVv5 Series Virtual Machines, equipped with NVIDIA A10 GPUs and AMD EPYC 74F3V CPUs, are now accessible in the Italy North region. These VMs cater to the needs of high-performance computing and graphics-intensive applications, offering a blend of powerful computational resources and graphical processing capabilities. This expansion into the Italy North region underscores Azure’s commitment to providing geographically diverse options for compute-intensive workloads.

Trusted Launch for Azure VMs in China Regions

Microsoft is proud to announce the general availability of Trusted Launch for Azure virtual machines in all Azure regions across China, encompassing China East, China East 2, China East 3, China North, China North 2, and China North 3. This major update introduces a strengthened security framework for Azure Virtual Machines. Trusted Launch enhances foundational VM security by guaranteeing booting to a defined and trusted state, a crucial step in combating sophisticated malware threats, including boot kits and rootkits, by offering kernel-mode level security on par with the operating system.

Furthermore, Trusted Launch activates Credential Guard, a significant security measure that protects user passwords and derived domain credentials via secure boot, virtualization-based security, and vTPM, which are critical for domain controllers. This feature also provides ongoing insights into the health state and boot chain integrity of virtual machines, along with remediation pathways for attestation failures through Microsoft Defender for Cloud.

Especially for Windows 11 virtual machines, Trusted Launch bolsters defense mechanisms against lower layer malware through the support of UEFI, secure boot, and vTPM. This comprehensive security enhancement ensures a more secure and reliable environment for Azure VMs, marking a significant advancement in cloud security measures tailored to meet the evolving threats in the digital landscape.

Networking

Azure Firewall Enhancements: Flow Trace Logs and Autoscaling

Azure Firewall’s new enhancements, including Flow Trace Logs and autoscaling based on the number of connections, provide granular insights and improved scalability. Flow Trace Logs offer detailed visibility into TCP handshake logs, aiding in troubleshooting packet drops and route asymmetry. The autoscaling feature now adjusts firewall resources based on traffic connection counts, alongside throughput and CPU usage, enabling a more responsive and efficient firewall performance.

Parallel IP Group Update Support for Azure Firewall

The introduction of Parallel IP Group update support in public preview marks a significant improvement in Azure Firewall’s configuration management. This feature allows for the simultaneous update of up to 20 IP Groups within a Firewall Policy, streamlining administrative tasks and enabling faster, more scalable changes. This update is particularly beneficial for administrators utilizing dev ops methodologies for configuration changes, enhancing efficiency and agility in firewall management.

Storage

Azure Elastic SAN (General Availability)

Azure Elastic SAN’s transition to general availability signifies a milestone in cloud storage solutions, offering a fully-managed, cloud-native SAN experience. This service is designed for seamless migration of extensive SAN environments to Azure, simplifying the deployment, scaling, management, and configuration of storage area networks in the cloud. It introduces a SAN-like resource hierarchy and provisions resources at the appliance level, dynamically allocating these to accommodate various workloads, including databases, VDIs, and business applications. The integration of Azure Monitor Metrics and Azure Policy aids in managing performance and preventing misconfigurations, respectively, merging the efficiency of traditional SAN systems with the flexibility and scalability of cloud storage.

Azure File Sync Agent Releases: v17.1 and v16.2 (Security Only Updates)

The release of Azure File Sync agent versions 17.1 and 16.2 as security-only updates addresses a critical vulnerability (CVE-2024-21397) that previously allowed unauthorized file creation. These updates underscore Azure’s commitment to security, providing essential patches for Windows Server installations ranging from version 2012 R2 to 2022. Detailed installation instructions are provided (KB5023054 and KB5023052), ensuring users can securely synchronize files across their environments.

Azure Blob Storage Cold Tier: Enhanced Support for Change Feed and Object Replication

The general availability of Azure Blob Storage Cold Tier’s support for Change Feed and Object Replication introduces significant enhancements for data storage and management. This feature enables the capturing of changes to blobs and their metadata within the cold tier, facilitating efficient data replication and access. It represents Azure’s ongoing efforts to provide cost-effective, flexible storage solutions for infrequently accessed data with long-term retention requirements.

Zone Redundant Storage (ZRS) for Azure Disks in Canada Central 

The general availability of Zone Redundant Storage for Azure Disk Storage in the Canada Central region provides a robust solution for data resilience and availability. By offering synchronous replication across three availability zones, ZRS enables Azure Disks to withstand zonal failures, ensuring uninterrupted application performance. This feature is particularly valuable for applications requiring high availability without the complexity of application-level data replication.

Azure NetApp Files Standard Network Features

Azure NetApp Files now supports the general availability of Standard network features, allowing for the editing of network features for Azure NetApp Files volumes. This update brings an enhanced Virtual Networking experience, ensuring seamless integration and improved security posture. Users can now edit existing Azure NetApp Files volumes and upgrade from Basic to Standard network features. This enhancement includes increased IP limits for VNets with Azure NetApp Files volumes, aligning them with VM capabilities to facilitate customer integration into existing network topologies. Moreover, it introduces enhanced network security with support for Network Security Groups (NSGs) on Azure NetApp Files delegated subnets, a feature long requested by customers for meeting enterprise security requirements. Enhanced network control is also achieved through support for User-defined routes (UDRs), allowing traffic direction via chosen Network Virtual Appliances. Additionally, connectivity has been improved with Active/Active VPN gateway setup and ExpressRoute FastPath connectivity, ensuring low latency and high bandwidth connectivity from on-premises networks to Azure.

Introducing Azure Storage Actions: Serverless Storage Data Management (Preview)

Microsoft has recently announced the public preview of Azure Storage Actions, a fully managed platform specifically crafted to streamline data management tasks for Azure Blob Storage and Azure Data Lake Storage. With the exponential growth of data, organizations find themselves grappling with the complexities of efficiently managing their data assets. Azure Storage Actions seeks to alleviate these challenges by offering a serverless infrastructure that dynamically scales to meet data management demands, eliminating the need for resource provisioning or management.

This innovative platform provides a no-code experience, enabling users to easily define conditional logic for processing data objects. It supports an array of tasks aimed at enhancing data utility and security, such as cost optimization, data protection, rehydration from archives, and tagging, among others. Additional functionalities are expected to be added in future updates, further expanding its capabilities.

Azure Storage Actions facilitates the rapid composition, validation, and deployment of data management tasks. It features an intuitive Azure portal interface that simplifies the process of defining operations and validating them, ensuring a seamless user experience. Moreover, the platform offers robust support for programmatic management through various tools including REST APIs, the Azure SDK, PowerShell, the Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates. This versatility makes Azure Storage Actions a comprehensive solution for managing large-scale data assets across Azure Blob Storage and Azure Data Lake Storage, promising to significantly enhance data management efficiency and effectiveness for organizations worldwide.

Azure Stack

Azure Stack HCI

Supported Azure Stack HCI Scenarios with System Center

The integration of Azure Stack HCI, version 23H2, with System Center Virtual Machine Manager (SCVMM) marks a significant step forward in hybrid cloud management. Azure Stack HCI 23H2 elevates cloud-based management capabilities through Azure Arc, catering to the needs of large-scale datacenter customers who rely on System Center VMM for their virtualization environment management. The recent announcement from the System Center team outlines the supported scenarios in SCVMM for managing Azure Stack HCI 23H2, providing clarity and direction for system administrators and IT professionals.

SCVMM Support for Azure Stack HCI 23H2

The supported scenarios in SCVMM for Azure Stack HCI 23H2 include:

  • Addition and Management of Azure Stack HCI Clusters: SCVMM facilitates the addition of Azure Stack HCI clusters into your management framework, allowing for comprehensive oversight.
  • Virtual Machine Operations: Provisioning, deploying, and performing lifecycle operations on VMs within Azure Stack HCI clusters are fully supported, streamlining virtual machine management.
  • Storage and Volume Management: SCVMM enables the management of storage pool settings, creation of virtual disks, cluster shared volumes (CSVs), and application of Quality of Service (QoS) settings to optimize storage performance.
  • Workload Migration: The migration of VMware and Windows Server-based workloads to Azure Stack HCI is supported, offering flexibility in transitioning to Azure Stack HCI environments.
  • Cluster Management via PowerShell: Azure Stack HCI clusters can be managed using the same PowerShell cmdlets as Windows Server clusters, ensuring a consistent management experience.
  • Azure Integration: Azure-based VM self-serve capabilities and management services are extended through Azure Arc-enabled SCVMM, enhancing cloud connectivity and management.

Limitations and Azure/WAC Exclusive Scenarios

While SCVMM supports a broad range of management functions, certain scenarios remain exclusive to Azure Portal/Windows Admin Center (WAC) for Azure Stack HCI 23H2:

  • Cluster Creation and Registration: The creation and registration processes for Azure Stack HCI clusters are integrated into deployment and exclusively managed through Azure Portal/WAC.
  • Upgrades and Azure Benefits: Upgrading from Azure Stack HCI 22H2 to 23H2 and enabling Azure benefits on VMs are managed only via Azure Portal/WAC.
  • Advanced Features: New features of Azure Stack HCI 23H2, such as GPU-Partitioning and SDN Multi-site, along with previously unsupported features like Stretched clustering with 22H2, are managed outside of SCVMM.

Future Support and Availability

Support for Azure Stack HCI 23H2 in SCVMM is scheduled to be included in the next Long-Term Servicing Channel (LTSC) version of System Center. The general availability of this version is anticipated to align closely with the release of Windows Server 2025, offering forward-looking compatibility and support for Azure Stack HCI environments.

This integration underscores Microsoft’s commitment to hybrid cloud environments, providing the tools necessary for seamless management of virtualized infrastructure both on-premises and in the cloud. As the landscape of Azure Stack HCI evolves, the synergy between Azure Stack HCI and System Center continues to strengthen, offering a robust, scalable, and efficient management solution for modern datacenters.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 05 and 06)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available in Italy North Region

Azure VMware Solution has been made available in the Italy North Azure Region. This expansion allows customers in Italy to integrate their VMware workloads with Azure services seamlessly, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and expertise they are accustomed to. This launch supports the growing demand for cloud solutions in the region, enabling local businesses to innovate and scale with the cloud’s flexibility and efficiency.

Italy North Region Added to Azure HDInsight

Azure HDInsight is now generally available in the Italy North region. This expansion enhances Azure’s managed, full-spectrum, open-source analytics service capabilities, allowing enterprises to leverage popular frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, and more within Italy North. The availability of HDInsight in this region enables local and global enterprises to process big data, run real-time analytics, and use machine learning more efficiently with reduced latency.

Networking

Azure Virtual Network Manager Security Admin Rule Configuration Feature 

The Azure Virtual Network Manager’s security admin rule configuration feature has reached general availability (GA) across 30 regions. This feature empowers organizations to enforce security policies across their virtual networks (VNets) efficiently, spanning subscriptions and regions worldwide. By prioritizing these rules above network security groups (NSGs), it ensures a standardized approach to security, helping to mitigate misconfigurations and adherence to corporate policies. The introduction of security admin rules streamlines network management, reducing the complexity of operations while enhancing security measures for expanding network infrastructures.

Azure Virtual Network Manager Topology View 

Azure Virtual Network Manager (AVNM) topology view has been officially launched and is now generally available. This innovative feature offers a scalable and reliable solution for managing networks across global subscriptions. It integrates with Azure Resource Topology (ART) to provide a comprehensive visualization of network resources, contextualized by AVNM connectivity configurations. The topology view facilitates a deeper understanding of network connections, offering insights into the connectivity among network groups and VNets, thus enhancing confidence in network deployment strategies.

ExpressRoute Guided Portal Experience (preview)

Microsoft announces the public preview of the ExpressRoute guided portal experience, aimed at simplifying the configuration of multi-site resilient ExpressRoute circuits. This new portal experience offers critical information, such as the distance between peering locations and traffic engineering recommendations, to assist customers in making informed decisions. During the preview, users can access this feature globally in the Azure public cloud via the Azure portal flight link. This initiative underscores Microsoft’s commitment to providing intuitive tools for enhancing network resiliency and connectivity.

Storage

Mount Azure Storage as a Local Share in App Service Linux Now Supports NFS

Azure App Service Linux now supports NFS when mounting an Azure File share as a local share for web apps. This update enables more flexible and efficient storage solutions for web applications hosted on Azure, streamlining the integration and management of file storage.

Azure Ultra Disk Storage Now Available in Canada East

Azure Ultra Disk Storage, offering high throughput, high IOPS, and consistent low-latency disk storage, is now available in Canada East. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads, Ultra Disk Storage enhances Azure Virtual Machines’ performance and capabilities in the region.

Azure NetApp Files Standard Network Features – Edit Volumes in US Gov Regions

Azure has launched a public preview for editing network features of Azure NetApp Files volumes in US Gov regions, leveraging advanced hardware and software integration. This update introduces Standard Network Features, enhancing the virtual networking experience with improved security for Azure NetApp Files. Users can now upgrade Basic network features to Standard, benefiting from increased IP limits, enhanced network security and control, and improved connectivity options. This preview is available across all US Gov regions (VA, TX, & AZ).

General Availability: Support for up to 100 TB of Storage for the FHIR Service

Azure announces general availability for expanded storage support in the FHIR service, part of Azure Health Data Services, up to 100 TB. This enhancement allows for the storage and exchange of vast amounts of health data, facilitating large-scale analytics, population health management, research, and insights from health data. Organizations requiring storage beyond the default 4 TB can request an increase through the Azure portal.

Azure Stack

Azure Stack HCI

Azure Stack HCI 23H2 General Availability

Microsoft has announced the general availability of Azure Stack HCI version 23H2, marking a significant update in cloud-managed edge infrastructure. This version is ready for production . It introduces several previews, including Azure Migrate and Microsoft Defender for Cloud, specifically designed for Azure Stack HCI environments. However, it’s noteworthy that certain features like stretched clustering and System Center VMM support are temporarily unavailable in some regions. The launch of Azure Stack HCI 23H2 represents a leap forward in Microsoft’s edge infrastructure offerings, providing enterprises with robust, scalable solutions for their hybrid cloud environments.

Key Highlights:

  • Production-Ready: Azure Stack HCI 23H2 is now ready for production environments, offering robust and reliable infrastructure solutions.
  • Seamless Update Process: An update from the previous version 22H2 to 23H2 will soon be available, specifically targeting 23H2 clusters to ensure smooth transitions.
  • Enhanced Solutions Availability: The GA version includes premier and integrated solutions, enriching the ecosystem for Azure Stack HCI users.
  • Azure Virtual Desktop (AVD) for Azure Stack HCI: AVD is now generally available, bringing together the advantages of Azure Virtual Desktop and Azure Stack HCI. This combination allows organizations to run virtualized desktops and apps securely, either on-premises at the edge or within data centers.
  • Azure Migrate Integration (Preview): Azure Stack HCI now supports Azure Migrate in preview, facilitating easier migration of workloads to Azure Stack HCI environments.
  • Microsoft Defender for Cloud Integration (Preview): Enhance your security posture with Microsoft Defender for Cloud for Azure Stack HCI, currently in preview.
  • Guidance on Using Version 22H2: It’s recommended to continue using version 22H2 temporarily if:
    1. The service is not available in your region (currently limited to East US and West Europe).
    2. You require stretched clustering support, which is not available in 23H2.
    3. Your setup relies on System Center VMM, not supported by 23H2.

Additional Information:

  • Currently, 3-node switchless deployments are not supported.
  • The GA version includes proxy support for HCI infrastructure, but not yet for VMs.
  • Updates to 23H2 can be performed through the portal on existing preview clusters or by new deployment.
  • With Windows Defender Application Control (WDAC) enabled by default in Azure Stack HCI 23H2, steps may be needed to allow certain applications to run.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in January 2024

This month, Microsoft has introduced a series of significant updates for Azure management services. This is part of a series of monthly articles aimed at providing an in-depth and detailed analysis of the most relevant innovations. The goal is to keep users always informed about the ongoing evolutions of Azure, providing the essential information to explore these developments further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Monitor VM Insights Dependency Agent for VM Linux RHEL 8.6

The Dependency Agent of Azure Monitor VM Insights is now supported for Linux Red Hat Enterprise Linux (RHEL) 8.6 VMs. This means that the Dependency Agent can be used to monitor network connections and processes of Linux RHEL 8.6 virtual machines and visualize the dependencies between them in the VM Insights Map function.

Integration of Azure Advisor with Azure Monitor Log Analytics Workspace

Azure Advisor is a cloud tool designed to help users follow best practices in optimizing their workloads in Azure. This solution analyzes resource configurations and telemetry data to provide targeted recommendations to improve four key areas: cost efficiency, performance, reliability, and security of Azure resources. Moreover, to support more effective management of Azure Monitor costs, Microsoft has implemented specific cost optimization recommendations and integrated Azure Advisor into the Log Analytics Workspace management interface.

Dedicated clusters in Azure Monitor logs now support different commitment levels

Microsoft has extended the capabilities of dedicated clusters in Azure Monitor Logs, now supporting any level of commitment, starting from a minimum of 100 GB per day. This new feature offers greater flexibility and customization for users who require specific solutions for their monitoring and logging needs. With this expansion, customers have the option to choose the service level that best fits their needs, ensuring more efficient and tailored data management.

Configure

Update management

Azure Update Manager on Azure Arc-enabled servers: new billing rules

From February 2024, Azure Update Manager will start generating consumption for Azure Arc-enabled servers. Azure Update Manager, formerly known as Azure Automation Update Management, has been available since September 2023. Customers who started using the service from that date will not be subject to costs until February 1, 2024.

Starting February 1, 2024, customers using Azure Update Manager on Azure Arc-enabled servers will be billed daily, with a specific rate per server per day, equivalent to about $5 USD per server per month.

An Azure Arc-enabled server is considered managed by Azure Update Manager on days when it meets both of the following conditions:

it has a connection status with Arc at any time of the day; an update operation is performed on it (patch on demand or via scheduled job, evaluation on demand or via periodic assessment) or it is associated with a schedule.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Preview of the Azure Arc extension for Visual Studio Code

Microsoft has announced the public preview of the Azure Arc extension for Visual Studio Code. This extension allows developers to easily manage Azure Arc resources and services directly from Visual Studio Code. With this integration, developers can expect greater efficiency and simplified workflows, as they will have the ability to access and manage Azure Arc resources without leaving the Visual Studio Code development environment.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • introduction of agentless container posture for GCP in Defender for Containers and Defender CSPM;
  • public preview of agentless malware scanning for servers;
  • integration of Defender for Cloud with Microsoft Defender XDR;
  • DevOps security annotations for Pull Requests enabled by default for Azure DevOps connectors.

Protect

Azure Site Recovery

Support for Azure VMs with Premium SSD v2

Azure Site Recovery now supports Azure VMs equipped with Premium SSD v2. This feature is available as a private preview in selected Azure regions. Premium SSD v2 disks represent Azure’s most advanced block storage solution, ideal for high I/O intensity enterprise workloads, offering sub-millisecond latencies, high IOPS, and throughput. This addition responds to a frequent customer request to be able to use Azure Site Recovery with Azure VMs on Premium SSD v2. Thanks to this feature, customers can ensure greater data security and operational continuity of applications and workloads, even in case of planned or unplanned interruptions.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 03 and 04)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Cloud Services (Classic) Retirement

Microsoft has announced the retirement of its Azure Cloud Services (Classic) deployment model, effective August 31, 2024. This decision marks a significant shift towards more advanced and modern cloud solutions. Users of Azure Cloud Services (Classic) are encouraged to migrate their services to Cloud Services (Extended Support) in Azure Resource Manager, which offers new capabilities and improved efficiency. This transition is vital for maintaining service continuity and accessing enhanced features.

Compute

Automatic Image Creation

Azure has announced the general availability of its Automatic Image Creation service. This feature simplifies the process of creating and managing virtual machine images, allowing for automation and streamlining of deployments. The general availability of this service underscores Azure’s commitment to providing efficient and user-friendly solutions in cloud computing.

Upgrade of Azure Gen1 VMs to Gen2-Trusted Launch (private preview)

Microsoft has announced a private preview that allows users to upgrade their existing Azure Generation 1 (Gen1) virtual machines (VMs) to Generation 2 (Gen2) with Trusted Launch support. This upgrade enhances the foundational security of existing Azure VMs by enabling features like Secure Boot and vTPM capabilities, integral to the Trusted Launch service. Trusted Launch provides a robust security framework for Azure VMs, ensuring boot integrity and protection against advanced threats. The service works by ensuring that only signed operating systems and drivers can boot, establishing a root of trust for the VM software stack. It supports a wide range of compute-optimized, memory-optimized, and storage-optimized VM sizes, as well as multiple operating systems including various versions of Linux and Windows. Notably, this upgrade doesn’t increase existing VM pricing, making it an attractive option for users seeking enhanced security without additional costs.

Networking

Azure Virtual Network Encryption

Microsoft has released the general availability of Azure Virtual Network Encryption, providing an additional layer of security for data in transit. This new feature ensures that data moving within a virtual network is encrypted, enhancing protection against potential threats and unauthorized access. The availability of this feature signifies Microsoft’s ongoing commitment to offering robust security solutions in its cloud services.

Load Balancer in Azure API Management (preview)

Microsoft has introduced a public preview of the Load Balancer in Azure API Management. This feature aims to optimize the distribution of user requests across various servers, ensuring efficient resource utilization and improved response times. The introduction of this load balancer in the preview phase allows users to test and provide feedback, helping Microsoft enhance the feature before its full-scale release.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 01 and 02)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Customer-Managed Keys for Azure NetApp Files volume encryption

Azure NetApp Files now supports customer-managed keys for volume encryption, enhancing data security and control. This feature allows users to manage their encryption keys, providing an additional layer of security for sensitive data stored in the cloud. The integration of customer-managed keys with Azure NetApp Files ensures that data encryption aligns with organizational policies and regulatory requirements, offering a secure and compliant storage solution.

Premium SSD v2 and Ultra Disks support with Trusted Launch

Azure introduces the general availability of Premium SSD v2 and Ultra disks support for Trusted Launch virtual machines. This integration enhances security and performance for Azure virtual machines. Trusted Launch provides foundational security with features like Secure Boot and vTPM, protecting against advanced threats. The Ultra disks offer high-performance storage ideal for data-intensive workloads, while Premium SSD v2 disks provide a cost-effective solution for a broad range of enterprise applications.

Zone Redundant Storage for Azure Disks in more regions

Azure has expanded the availability of Zone Redundant Storage (ZRS) for Azure Disk Storage. Now available in West US3 and Germany West Central regions, ZRS enables synchronous data replication across three availability zones. This feature enhances data resilience and application uptime by mitigating the impact of zonal failures. ZRS is compatible with Azure Premium SSDs and Standard SSDs, ensuring high availability for critical workloads.

Azure Ultra Disk Storage Now Available in UK West and Poland Central

Azure has expanded its Ultra Disk Storage to the UK West and Poland Central regions, offering high throughput, high IOPS, and consistent low-latency disk storage. Azure Ultra Disk Storage is ideal for handling data-intensive workloads like SAP HANA, top-tier databases, and transaction-heavy processes. This expansion provides users in these regions with access to Azure’s most advanced storage solutions, optimizing performance for critical applications.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in December 2023

This month, Microsoft introduced a series of significant updates to the Azure management services. Through this series of monthly articles, the aim is to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Configure

Azure Automation

Retirement of Azure Automation Services – August 31, 2024

Microsoft has announced that on August 31, 2024, two services in Azure Automation will be retired: the Update Management service and the Change Tracking and Inventory service, both using the Log Analytics agent.

  1. Retirement of the Azure Automation Update Management service: This service, currently used for update management and system maintenance, will no longer be available after August 31, 2024. Users are encouraged to migrate to alternative solutions offered by Azure to maintain effectiveness in managing their system updates.
  2. Retirement of the Change Tracking and Inventory service with Log Analytics Agent: Similarly, the Change Tracking and Inventory service, which utilizes the Log Analytics agent in Azure Automation, will end its operations on the same date. Customers are invited to explore and adopt other solutions provided by Azure to effectively manage change tracking and inventory management of IT resources.

Microsoft urges its users to take timely action to ensure a smooth transition to the new proposed solutions, thus ensuring continuity and efficiency in managing their IT infrastructures.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly looking for innovative ways to enhance Microsoft Cost Management, their solution designed to provide greater transparency on cloud costs, identify and prevent inefficient spending patterns, and optimize overall costs. During 2023, numerous improvements and significant updates have been implemented to this solution. These updates aim to make Microsoft Cost Management even more effective in providing its users with the information and tools necessary to manage cloud expenses more efficiently and consciously.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, and improvements are introduced on an ongoing basis. To stay up-to-date on the most recent developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Defender for Servers at the resource level: it is now possible to manage Defender for Servers on specific resources within one’s subscription, allowing full control over the protection strategy. This capability allows for configuring specific resources with custom settings different from those configured at the subscription level.
  • Retirement of the classic multi-cloud connectors: the experience of the classic multi-cloud connectors has been retired, and data is no longer transmitted to connectors created through that mechanism. The new native multi-cloud connectors, available for AWS and GCP since March 2022 without additional costs, completely replace the value of these classic connectors.
  • Release of the coverage workbook: this tool allows monitoring which Defender for Cloud plans are active on which parts of the environment, helping to ensure complete protection of environments and subscriptions.
  • Vulnerability assessment for Container Images in Azure Government and Azure managed by 21Vianet: vulnerability assessment for Linux container images in Azure is now also available in Azure Government and Azure managed by 21Vianet.
  • Support for Windows in the Container Vulnerability Assessment (preview): support for Windows images has been released in public preview as part of the vulnerability assessment for Azure and Azure Kubernetes Services container registries.
  • Agentless container security posture for AWS in Defender for Containers and Defender CSPM (preview): the new agentless capabilities of container security posture are now available for AWS.
  • Support for PostgreSQL Flexible Server in the Defender plan for open-source relational databases: Microsoft has announced support for PostgreSQL Flexible Server in the Microsoft Defender plan for open-source relational databases.

Protect

Azure Backup

Crash Consistent Multi-Disk VM Restore Points

Microsoft recently announced the introduction of support for the ‘Crash Consistent’ multi-disk mode in virtual machine (VM) restore points. This feature provides an agentless solution that captures and preserves both the VM configuration and write- and timing-consistent snapshots for all managed disks connected to the VM. The captured state is equivalent to that of the data present in the VM in the event of a power outage or system crash. This innovation aims to significantly improve reliability and data management in Azure infrastructures.

Azure Site Recovery

New Update Rollup

Update Rollup 70 has been released for Azure Site Recovery. This update brings significant improvements in terms of functionality and service stability, consolidating Azure Site Recovery’s position as a reliable solution for disaster recovery. The related details and the procedure to follow for installation can be found in the specific KB.

Migrate

Azure Migrate

‘As on-premises’ in Azure Migrate SQL Discovery and Assessment (preview)

Azure Migrate has introduced the new ‘As on-premises’ sizing policy for SQL instance assessments. This feature allows for quick and accurate analysis of SQL instances identified by the Azure Migrate appliance. The ‘As on-premises’ policy is based on the source SQL instance configuration to provide appropriate sizing recommendations for the target Azure SQL service. Additionally, if performance data is available, an assessment can be carried out based on these performances to obtain customized SKU recommendations for the source workload on Azure. In cases where performance data is not available for some specific instances, the ‘As on-premises’ sizing is employed to ensure precise and reliable target sizing.

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 51 and 52)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This release marks the final update for the year 2023, and I take this opportunity to wish everyone the best for the upcoming year 2024!

Azure

General

Microsoft Cloud for Sovereignty

Microsoft has announced the general availability of Microsoft Cloud for Sovereignty, a significant advancement in cloud technology for government agencies. This new offering is designed to meet the unique compliance, security, and policy requirements of governments while leveraging cloud capabilities to deliver enhanced value to citizens.

Key Highlights:

  • Compliance and Security: Microsoft Cloud for Sovereignty is built on over 60 cloud regions, providing industry-leading cybersecurity and the broadest compliance coverage. It enables governments to implement policies that align with national or regional data residency requirements.
  • Sovereign Controls: The platform offers sovereign controls to protect and encrypt sensitive data. This includes sovereign landing zones and Azure Confidential Computing, which secures data in memory in hardware-based trusted execution environments.
  • Policy Initiatives: Governments can adopt sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements. This includes the Azure Cloud Security Benchmark and Sovereignty Policy Baseline, among others.

New Capabilities:

  • Drift Analysis Tool: Identifies non-compliant settings and helps maintain policy compliance.
  • Transparency Logs: Provides visibility into instances where Microsoft engineers access customer resources.
  • Configuration Tools in Azure Portal: Simplifies the creation of sovereign landing zones.

This development marks a significant step in enabling governments to harness the power of cloud technology while maintaining strict control over data sovereignty and regulatory compliance.

Compute

Red Hat Enterprise Linux 8.9 on Azure Virtual Machines

Azure now supports Red Hat Enterprise Linux (RHEL) 8.9 on its Virtual Machines, marking the latest minor release of RHEL 8. This version offers enhanced stability, security, and performance for production environments. Key features include streamlined deployment and migration options, new metrics in the performance co-pilot, and new Application Streams for Node.js 20, Java-21, and compiler toolkits. RHEL 8.9’s release emphasizes Azure’s commitment to providing a versatile and efficient operating environment for varied infrastructures.

Networking

Security Update for Azure Front Door WAF CVE-2023-50164

Azure has deployed a new managed rule for its global Web Application Firewall (WAF) customers to address the security vulnerability CVE-2023-50164. This update is crucial for applications potentially impacted by this vulnerability. The fix has been implemented in the ruleset versions 2.1, 2.0, and earlier. The rule, identified as ID 99001017 in the MS-ThreatIntel-CVEs Rule Group, is initially set to ‘Disabled’ with an ‘Anomaly Score’ action, and users are advised to enable it if their application is vulnerable. This update underscores Azure’s commitment to providing robust security for web applications.

Security Update for Application Gateway WAF CVE-2023-50164

Azure has announced the general availability of a security update for the Application Gateway WAF to address the CVE-2023-50164 vulnerability. This update is vital for regional WAF customers to safeguard their applications. The update includes changes to the Default Ruleset (DRS) and Core Ruleset (CRS), with the rule ID 99001017 now set to ‘Enabled’ and ‘Log’ action. It’s important to note that the ‘Anomaly Score’ action is not supported for this rule, and users with older WAFs running CRS 3.1 should upgrade to enable ‘Block’ mode.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.