This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Governance Update – Management Groups

Beginning May 3, 2024, Azure will commence enabling the root management group for tenants that have not yet enabled it. This proactive step aligns with best practices for applying Azure Policy and reduces the initial setup work for following governance best practices. Upon creation of the root management group, all subscriptions will become children of this group, facilitating efficient management and compliance enforcement. This update does not alter access permissions or change subscriptions’ configurations; rather, it streamlines governance processes and enhances organizational compliance with Azure Policy standards.

Extensibility Model in Azure Deployment Environments (preview)

Azure Deployment Environments introduces a new extensibility model, now available in public preview, aimed at empowering customers to customize their deployment workflows using various infrastructure-as-code (IaC) frameworks. This model enables users to harness their preferred IaC framework, such as Bicep, Terraform, or Pulumi, to tailor deployment workflows to meet specific organizational needs. With support for Terraform and Bicep, users can seamlessly integrate their chosen IaC framework into Azure Deployment Environments, enhancing flexibility and efficiency in app infrastructure provisioning.

Compute

Azure Dedicated Host – Redeploy (preview)

In a move towards enhancing service resilience and user control, Azure Dedicated Host introduces the “Redeploy” feature, now available in public preview. This feature simplifies the process of moving an Azure Dedicated Host and its associated Virtual Machines (VMs) from one node to another within the same hardware generation. Termed as user-initiated service healing, the redeploy process ensures minimal disruption to services while addressing issues caused by user configurations or underlying host infrastructure. With support available across all regions of the Azure public cloud, users can utilize the Azure Portal or CLI to initiate host redeployment, maintaining host properties while ensuring data integrity on VMs’ temporary disks.

Networking

Application Gateway Web Application Firewall (WAF) Inspection Limit & Size Enforcement

Azure’s Application Gateway v2, integrated with the regional Web Application Firewall (WAF), now provides enhanced control over inspection limits and size enforcement for WAF policies running Core Rule Set (CRS) 3.2 or later. This update enables users to finely tune request body inspection, maximum request body limit, and maximum file upload limit independently. Moreover, users can disable enforcement of these limits without compromising request body inspection. These enhancements empower users to manage WAF policies more effectively, allowing larger requests to pass through without impediment.

Virtual Network Flow Logs

Azure Network Watcher introduces Virtual Network Flow Logs, a new capability enabling users to capture detailed information about IP traffic within their virtual networks. Whether for usage monitoring, optimization, troubleshooting, compliance, or security analysis, flow logs offer valuable insights into network activity. Users can record network traffic at the scope of the virtual network, subnet, or Network Interface Card (NIC), facilitating audit and compliance requirements, identifying traffic patterns, troubleshooting connectivity issues, and detecting malicious activity. Flow data is stored in Azure Storage accounts and can be exported to various analysis tools and security solutions for further examination.

Azure Virtual Network Manager Security Admin Rule Generally Available

The Azure Virtual Network Manager Security Admin Rule is now generally available across all public regions. This rule empowers users to enforce security policies consistently across virtual networks, regardless of subscriptions or regions. By evaluating rules before network security groups (NSGs), organizations can standardize security enforcement, mitigate misconfigurations, and ensure compliance with company policies. With streamlined security management and default settings to prevent errors, users can enhance network security while simplifying operational complexities.

Azure Virtual Network Manager User-Defined Route (UDR) Management (preview)

Azure Virtual Network Manager introduces user-defined route (UDR) management in public preview, offering users the ability to define and apply routing rules across multiple subnets and virtual networks. With this feature, users can easily describe their desired routing behavior within Azure Virtual Network Manager, streamlining the application of routing rules at scale without manual configuration of route tables for each subnet. This capability allows for various scenarios, including routing traffic between spokes across different hubs and directing traffic to specific destinations based on predefined rules, enhancing network management and flexibility within Azure environments.

Storage

Ultra Disks now available on Italy North Azure Region

Azure users in the Italy North region can now leverage the power of Ultra Disks for their virtual machines. Ultra Disks offer high throughput, low latency, and consistent performance, making them ideal for I/O-intensive workloads. With Ultra Disks, users can experience enhanced storage capabilities to meet the demands of their applications while maintaining scalability and reliability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Announcing New Cloud Governance Guidance in the Microsoft Cloud Adoption Framework for Azure

Microsoft is pleased to announce a significant update to the Cloud Adoption Framework (CAF) for Azure, introducing new and enhanced cloud governance guidance. This update is a pivotal part of Microsoft’s dedication to facilitating effective cloud adoption strategies across various organizations. The revised governance guidance covers critical areas such as identity, cost, resource, data, and AI governance, aiming to provide a comprehensive and accessible roadmap for organizations at any stage of their cloud journey. Whether it’s a startup aiming to scale operations efficiently or a large enterprise refining its governance practices, the new guidance is structured to support their evolving needs.

Retirement of Cloud Services (classic) Deployment Model (31 August 2024)

On 31 August 2024, Microsoft will retire the Cloud Services (classic) deployment model. Customers are advised to migrate their services to Cloud Services (extended support) in Azure Resource Manager before this date to avoid service disruption. The new deployment model offers significant improvements including deployment templates, role-based access control, and regional resiliency. Note that related services like Azure Virtual Network and Azure ExpressRoute gateway will also be retired, necessitating a migration to the Azure Resource Manager model which features enhanced resource deployment and management capabilities.

Compute

NVv4 Series VMs Now Available in Italy North Azure Region

Microsoft Azure has expanded its infrastructure offerings by making NVv4 Series Virtual Machines (VMs) available in the Italy North region. These VMs feature the AMD Radeon Instinct MI25 GPU and AMD EPYC 7V12 (Rome) CPU, offering robust performance options for computational and graphic-intensive applications. This deployment in Italy North provides local customers enhanced capabilities for graphics rendering, virtual desktop infrastructure (VDI), and AI workloads, further supporting the demands of diverse business environments in the region.

HBv4-series & HX-series VMs Now Available in Sweden Central

The HBv4-series and HX-series VMs are now available in the Sweden Central region. These VMs are equipped with up to 176 AMD EPYC™ 9V33X (“Genoa-X”) CPU cores and provide impressive memory and storage capacities. The HBv4-series VMs come with 768 GB of RAM, while the HX-series offers 1.4 TB of RAM. Both series feature a 2.3 GB L3 cache per VM, delivering substantial bandwidth capabilities. These VMs are particularly suitable for high-performance computing needs, featuring 400 Gb/s NDR InfiniBand from NVIDIA Networking to support supercomputer-scale workloads.

Networking

Azure Virtual Network Encryption Available in All Regions

Azure Virtual Network encryption is now available across all Azure regions, enabling encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network, as well as between regionally and globally peered virtual networks. This rollout enhances the already robust encryption-in-transit capabilities of Azure, providing an additional layer of security for data traveling within the cloud infrastructure.

Azure Virtual Network Manager Network Groups in Public Preview

The use of Azure Virtual Network Manager network groups in security admin rules is now available in public preview. This feature allows administrators to use network groups in the source and/or destination of security rules, facilitating easier network isolation and management. With network groups, administrators can logically group virtual networks or subnets, enabling scenarios like segregating production from non-production environments. This capability simplifies the enforcement of traffic control, eliminating the need to manually identify CIDR ranges or resource IDs, thereby enhancing security administration across Azure environments.

Storage

Azure Data Box Disk Now Available with Hardware Encryption

Azure Data Box Disk is now generally available with AES-256 hardware encryption for Linux-based hosts. This new offering is available to customers in the US, EU, and Japan, providing an option to choose between software encryption (BitLocker) and hardware encryption (self-encrypted). These self-encrypted disks offer copy performance on Linux that is on par with BitLocker encrypted disks on Windows, enhancing data security and performance for Azure users.

New Disk Property: LastOwnershipUpdateTime

Microsoft Azure introduces a new property for Disks, named LastOwnershipUpdateTime, available in the Azure Portal, PowerShell (PS), and Command-Line Interface (CLI). This property indicates the time when the Disk’s ownership or state was last updated, providing a clear timeline of changes. It is particularly useful when used alongside the diskState to monitor and verify the current state of the Disk and its recent updates. This addition aims to enhance transparency and control for Azure users managing disk resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Compute

Some Virtual Machines Size Will Be Retired

Microsoft Azure has announced the upcoming retirement of several virtual machine (VM) sizes within the NCv3-series, specifically the Standard_NC6s_v3, Standard_NC12s_v3, and Standard_NC24s_v3 VMs, scheduled for September 30th, 2025. Additionally, the Standard_NC24rs_v3 VM size will retire on March 31st, 2025. To ensure continuity and prevent service disruption, users are advised to transition their workloads to newer VM series within the same NC product line. In a related update, support for Basic and Standard A-series VMs in Batch pools will conclude on August 31, 2024. Users are encouraged to migrate their Batch pools to Av2-series VMs or other supported VM sizes to benefit from enhanced memory per vCPU and faster SSD storage.

On-demand capacity reservations for Specialty SKUs (preview)

Azure now offers on-demand capacity reservations for specialty VM sizes, currently in Public Preview. This feature allows for the reservation of compute capacity with SLA for specific VM sizes including Mv3, NC-series (v3 and newer), NV-series (v2 and newer), and Lsv2 series. It introduces the ability to ensure compute capacity—with SLA guarantees—is available ahead of VM deployments, crucial for maintaining the availability of business-critical applications. On-demand capacity reservations can be used in any public Azure region or availability zone, for any length of time, without commitment. These reservations can also be combined with Azure Reserved VM Instances (RIs) to further reduce costs.

Networking

Azure Virtual Network Manager Security Admin Rule Generally Available in 45 Regions

Azure Virtual Network Manager’s security admin rule configuration feature is now generally available in 45 regions. This pivotal update empowers users to enforce security policies for their virtual networks comprehensively across subscriptions and regions globally. Positioned to be evaluated before network security groups (NSGs), these rules underscore a commitment to standardized security enforcement. They are designed to mitigate potential misconfigurations and oversights, thereby safeguarding critical services and ensuring adherence to company policies. The feature highlights the ease of managing security with reduced operational complexities and introduces a default setting to minimize errors in NSG setups. For detailed insights and use cases, the virtual network flow logs documentation offers guidance on monitoring traffic allowed or denied by these rules.

Rate Limiting on ExpressRoute Direct Circuits

The general availability of Rate Limiting for ExpressRoute Direct port circuits brings a significant Quality of Service (QoS) enhancement, allowing for precise control over bandwidth usage. This feature helps prevent performance and reliability issues by enabling throttling of traffic throughput in accordance with the configured bandwidth, thus avoiding the potential for circuits to burst beyond their allocated bandwidth. Rate Limiting is available for both Private Peering and Microsoft Peering, in all Azure public cloud regions, and can be enabled for individual circuits during or after their creation process.

ExpressRoute Metro for High Resiliency (preview)

In a significant advancement for network resilience, Azure announces the public preview of ExpressRoute Metro. This high-resiliency configuration is designed to provide multi-site redundancy through a dual-homed setup, allowing for diverse connections to two distinct edge sites within a city. Initially available in Amsterdam, Singapore, and Zurich, ExpressRoute Metro enhances the reliability and uptime of connectivity from on-premises networks to Azure. This addition introduces three tiers of resiliency for ExpressRoute – Standard, High, and Maximum – enabling customers to tailor their connectivity according to desired resilience levels.

Azure Front Door (classic) will be retired on 31 March 2027

On 31 March 2027, Azure Front Door (classic) will be retired for the public cloud. Users are encouraged to migrate to Front Door Standard or Premium by that date. Starting 1 April 2025, creation of new Front Door (classic) resources will no longer be possible via the Azure portal, Terraform, or any command line tools. However, modifications to existing resources will be allowed until its retirement. Azure Front Door Standard and Premium offer enhanced capabilities for static and dynamic content delivery, along with improved security, DevOps experiences, and pricing. Migration to these newer versions is recommended to avoid service disruptions and to take advantage of better integration with Azure services.

Storage

Azure File Sync Extension on Windows Admin Center Version 4.13.0 Now Available

The release of version 4.13.0 of the Azure File Sync extension for Windows Admin Center has been announced, marking a significant update that went live on March 20th. This version brings a series of enhancements and fixes aimed at improving the Azure File Sync experience within the Windows Admin Center platform. The key improvements include an optimized setup process designed to reduce unexpected failures, facilitating smoother and more efficient deployments of Azure File Sync. Additionally, the update introduces enhanced status checks, offering a proactive approach to verify compatibility and ensure full support for the selected configurations. Furthermore, the error reporting mechanism has been overhauled to provide more detailed and actionable insights. In case of issues during the Azure File Sync setup, users will now receive comprehensive error messages, enabling them to swiftly and effectively resolve any problems. Users are encouraged to update to version 4.13.0 of the Azure File Sync extension via the Windows Admin Center public extension feed to take advantage of these improvements.

Azure Files geo-redundancy for standard large file shares

Azure Files has expanded its offerings to include geo-redundancy for 100 TiB standard SMB file shares, now generally available. Previously capped at 5TiB, these geo-redundant file shares can now scale up to 100TiB with enhanced IOPS and throughput limits. This update brings a significant improvement to the performance and scalability of Azure Files, making it more viable for larger and more demanding storage needs. Geo-redundant standard large file shares are available in 30 regions, with plans to extend this to all regions in the future.

Improved Throughput Performance on Azure Disks’ Standard SSD

Azure unveils increased throughput limits for Standard SSD Disks sizes E50 and below, now offering 100 MB/s, up from 60 MB/s. This enhancement benefits workloads requiring higher throughput, including big data processing, online analytical processing (OLAP), high-performance computing (HPC), and artificial intelligence/machine learning (AI/ML). The improved performance is accessible across all regions without requiring additional steps, while the bursting performance for Standard SSD Disk tiers remains unchanged.

Availability Zone Volume Placement for Azure NetApp Files

The availability zone volume placement feature for Azure NetApp Files has reached general availability. This enhancement enables the deployment of new volumes in the selected logical availability zone, bolstering support for enterprise-level, high availability (HA) deployments across multiple availability zones. It facilitates cross-zone replication of volumes, enhancing resilience against zonal failures. Now available in all regions with Azure NetApp Files presence that support availability zones, this feature marks a significant step forward in cloud storage flexibility and reliability.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Free Data Transfer Out to Internet for Azure Departures

In a bold move to support customer freedom, Azure has introduced free egress for data transfers out of Azure infrastructure to other cloud providers or on-premises data centers. This policy, which aligns with the European Data Act, applies globally across all Azure regions, further facilitating customer transitions and migrations with financial and operational ease. Azure already offers the first 100GB/month of egressed data for free to all customers in all Azure regions around the world. If you need to egress more than 100GB/month, follow these steps to claim your credit.

Azure Classic Administrator Roles Retiring

On 31 August 2024, Azure will retire its classic administrator roles. Organizations using Co-Administrator or Service Admin roles are advised to transition to Azure Role-Based Access Control (RBAC) roles before this date. The retirement also applies to all Azure classic resources and the Azure Service Manager. From 3 April 2024, adding new Co-Administrator roles through the Azure portal will not be possible. Transitioning to Azure RBAC roles is necessary to avoid service disruptions

Modernized Azure Resource Manager Throttling (preview)

Azure Resource Manager’s throttling mechanism is set for a major overhaul in 2024, implementing a token bucket algorithm to manage API requests more efficiently. This update will significantly increase throttling limits and offer a smoother, more scalable experience for managing Azure resources, benefiting developers and administrators alike.

Networking

IPv6 Support for Azure Application Gateway (v2)

IPv6 support for Azure Application Gateway (v2) is now generally available, addressing the growing need for larger address spaces and improved routing efficiency. This update facilitates the support for IPv6 clients and helps customers dealing with IPv4 address scarcity, reinforcing Azure’s commitment to advanced networking solutions.

App Service Backup and Restore over Azure Virtual Network

Azure now enables customers to conduct custom backups for web apps directly to a firewall-protected storage account, provided the app is either integrated with a virtual network or resides in a v3 App Service environment, and the storage account permits access from the connected virtual network. This feature enhances the security and flexibility of web app data management within Azure’s ecosystem.

Retirement of Application Gateway WAF v2 Configuration

The retirement date for Application Gateway WAF v2 Configuration is set for March 15, 2027. Customers are encouraged to migrate to the Application Gateway WAF v2 Policy for enhanced security features and performance without downtime. This transition underscores Azure’s ongoing efforts to streamline and improve security offerings.

Listener TLS Certificates Management in Azure Portal

Azure Application Gateway now supports TLS certificate management directly within the Azure portal, simplifying the management of .PFX certificates for HTTPS or TLS listeners. This enhancement makes it easier for administrators to handle certificate details, such as expiry and issuer name, improving operational efficiency in secure application delivery.

Microsoft Open Sources Retina: Container Networking Observability

Microsoft has open-sourced Retina, a cloud-native container networking observability platform designed by the Azure Container Networking team. Retina provides comprehensive network insights for cloud-native applications, facilitating non-intrusive troubleshooting and supporting diverse environments. This initiative reflects Azure’s commitment to community-driven innovation and enhanced cloud application management.

Host Network Security Group (NSG) Control in AKS

Azure Kubernetes Service (AKS) now offers enhanced security through Host Network Security Group (NSG) control, allowing for precise traffic management on AKS nodes with public IPs. By specifying allowed host ports in node pool settings, administrators can automatically generate allow rules in the cluster’s NSG, bolstering security for public-facing services.

Public IP Domain Name Label Scope (preview)

Azure introduces a public preview of a new capability for Public IP addresses to prevent DNS subdomain takeover while allowing DNS name re-use. The Domain Name Label Scope parameter ensures that a public IP address retains a consistent, hashed string within a specified scope, enhancing security against malicious attempts to hijack DNS subdomains.

Storage

Azure Blob Storage Cold Tier Expansion

Azure Blob Storage Cold Tier, a cost-efficient solution for storing infrequently accessed data, has expanded its availability to Poland Central, Qatar Central, and all regions in Azure China since its general availability on August 10th, 2023. This expansion provides more geographical options for users seeking long-term data retention with instant access, highlighting Azure’s dedication to global accessibility and data storage optimization.

Azure NetApp Files Support for 1 TiB Capacity Pools

Azure NetApp Files now supports creating capacity pools with a minimum size of 1TiB, offering more flexibility and cost savings for customers with smaller data storage needs. This update allows for incremental pool size adjustments, catering to diverse customer requirements and optimizing storage resource allocation.

Force Detach Zone Redundant Disks During Zone Outage (Private Preview)

Azure introduces a private preview feature allowing the force detachment of zone redundant disks during zone outages. This capability ensures business continuity by enabling disks to be detached from VMs in the impacted zone and reattached to VMs in active zones, leveraging Azure’s robust disaster recovery solutions.

Azure Stack

Azure Stack HCI

Introducing Azure Virtual Desktop workload in Azure Stack HCI Sizer

Earlier in February 2024, Microsoft announced the general availability of Azure Virtual Desktop for Azure Stack HCI, a significant enhancement that extends the capabilities of the Microsoft Cloud to datacenters and edge locations. Following this advancement, Microsoft has now integrated ‘Azure Virtual Desktop’ as a new workload category within the Azure Stack HCI sizer. This integration facilitates organizations in efficiently planning and sizing their Azure Virtual Desktop deployments on Azure Stack HCI. By calculating the number of VMs required, suggesting per VM configuration, and advising on hardware procurement, the Azure Stack HCI Sizer, a comprehensive web-based tool, supports organizations in accurately estimating hardware needs for their deployments. The synergy of Azure Virtual Desktop and Azure Stack HCI empowers organizations to securely operate virtualized desktops and applications on-premises, whether at the edge or in their datacenter. This is especially beneficial for organizations with strict data residency requirements, latency-sensitive workloads, or those needing proximity to their data.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Retirement of Cloud Services (classic) Deployment Model

Azure has announced the retirement of the Cloud Services (classic) deployment model on August 31, 2024. Users are encouraged to migrate their services to Cloud Services (extended support) within Azure Resource Manager before this date to avoid service disruption. This transition enables access to new capabilities such as deployment templates, role-based access control, and regional resiliency.

Change Actor in Azure Resource Graph (preview)

Azure introduces the public preview of Change Actor in Azure Resource Graph, a tool that enhances audit, troubleshooting, and governance capabilities. This feature allows users to identify who made changes to resources, the client used for the change, and the operation called. By integrating Change Actor functionality, Azure offers improved visibility and control over resource changes, facilitating better management across tenants and subscriptions.

Compute

New Generation AMD VMs – Dasv6/Easv6/Fasv6 (preview)

Azure announces the public preview of the new generation AMD-based VMs, leveraging the 4th Generation AMD EPYC™ 9004 (Genoa) CPU. These VMs, available in Dasv6, Easv6, and Fasv6 series, offer enhanced performance and reliability. They support various memory to core ratios, catering to general-purpose, memory-optimized, and compute-optimized needs. Equipped with Azure Boost and NVMe interfaces, these VMs promise up to 80% better remote storage performance, faster local storage speeds, and improved networking bandwidth. Initially available in the East US 2 region, these VMs represent a significant expansion in Azure’s AMD VM offerings.

Networking

Azure Route Server Now Available in ItalyNorth Azure Region

Azure Route Server has been introduced to the ItalyNorth Azure Region, offering simplified dynamic routing between network virtual appliances (NVAs) and Azure virtual networks. This service facilitates the direct exchange of routing information via the Border Gateway Protocol (BGP) without the manual configuration of route tables. Azure Route Server, as a fully managed service, ensures high availability and seamless integration with the Azure Software Defined Network (SDN), enhancing network management and efficiency.

Azure Virtual Network Encryption Expanded to Additional Regions

Azure has extended its Virtual Network encryption feature to additional regions, including West US, East US, Europe, and more. This enhancement allows for the encryption of traffic within the same virtual network and across peered networks, bolstering security for data in transit. The expansion of this feature underscores Azure’s commitment to providing robust security options for its users.

Application Gateway for Containers

Microsoft Azure has announced the general availability of Application Gateway for Containers, marking a significant evolution in application load balancing technology. This service enhances the capabilities of the traditional Application Gateway and its Ingress Controller by offering advanced layer 7 load balancing and dynamic traffic management for Kubernetes workloads. With features like Custom Health Probes, URL Redirect, and URL/Header Rewrite, the service ensures near-to-real-time updates in response to changes within the Kubernetes environment. The general availability version also introduces Controller High Availability, Gateway API v1 integration, additional regional availability, and a service level agreement (SLA) to support production workloads confidently.

Azure Application Gateway introduces support for TLS and TCP protocols (preview)

Azure Application Gateway expands its functionality by introducing support for TLS and TCP protocols in public preview. This enhancement allows for the utilization of Application Gateway in non-HTTP applications, catering to protocols such as SQL, MQTT, and AMQP. It facilitates the use of custom domains with Application Gateway’s TLS certificate management, ensuring secure connections for clients and access to any backend service. Moreover, this feature provides a unified endpoint for client access, as a single Application Gateway resource can now support both Layer 7 (HTTP/S) and Layer 4 (TCP and TLS) protocols. Available for Standard V2 and Web Application Firewall V2 SKUs, this update broadens the scope of Application Gateway’s capabilities.

Internet inbound for Network Virtual Appliances in Virtual WAN Hubs (preview)

The introduction of Internet inbound (Destination NAT) for Next-Generation Firewall Network Virtual Appliances (NVAs) in Virtual WAN hubs is now in public preview. This feature enables network administrators to publish applications to a wider internet audience without directly exposing the application or server’s public IP. Instead, users access applications through a public IP address assigned to a Firewall NVA, which is configured to filter, translate, and control access to backend applications. With the ability to associate public IP addresses to Firewall NVAs deployed in Virtual WAN Hubs and utilize NVA management and orchestration software, Virtual WAN customers can now seamlessly program both the Virtual WAN infrastructure and the NVAs to accept and forward inbound traffic, enhancing security and accessibility.

Storage

Azure File Sync Agent v17.2 Release

The Azure File Sync Agent v17.2 has been officially released, consolidating improvements and fixes from its predecessors, versions 17.0 and 17.1. This update is crucial for users with the Azure File Sync agent version 16 or below, as both versions 16.2 and 17.2 are now available for update. This version marks the final planned release for Windows Server 2012 R2, with support for this server ending on March 4th, 2025. The agent is compatible with Windows Server 2012 R2, 2016, 2019, and 2022, providing enhanced functionality and stability.

Azure Blob Storage Cold Tier SLA

As of August 10th, 2023, Azure Blob Storage Cold Tier is generally available, providing a cost-effective solution for long-term storage of infrequently accessed data. The service level agreement (SLA) for Azure Blob Storage now includes this new online access tier, ensuring Microsoft’s commitment to uptime and connectivity.

Encryption at Host for Premium SSD v2 and Ultra Disks Expanded

Encryption at host for Premium SSD v2 and Ultra Disks is now generally available in additional regions including Canada East, West Europe, South Central US, and West US 3. This feature enhances security by starting encryption at the VM host level, ensuring data is encrypted at rest and in transit to the Storage service. The expansion of this feature demonstrates Azure’s ongoing commitment to providing secure and reliable cloud storage options.

Azure NetApp Files Volume Enhancement (preview)

Azure NetApp Files introduces a significant enhancement in public preview, allowing volumes in different availability zones within the same region to share the same volume mount path. This feature supports highly available architectures through cross-zone replication, simplifying automation and minimizing manual intervention during disaster recovery failovers. It is applicable to SMB, NFS, and dual-protocol volumes, facilitating improved recovery times and data availability across various scenarios, including host-based replication and test/dev environments.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Windows Admin Center for Azure Virtual Machines

The Windows Admin Center for Azure Virtual Machines marks a significant step forward in cloud management by integrating directly into the Azure Portal. This tool is engineered to streamline the administration of Windows Server Operating Systems for Azure Virtual Machines. By facilitating in-browser RDP and PowerShell sessions, managing files, viewing events, and monitoring performance, it significantly reduces the necessity for remote desktop connections. A standout feature is its integration with Azure Active Directory for single sign-on capabilities, offering a cohesive identity experience across Azure services. This innovation not only simplifies virtual machine deployment and maintenance but also enhances security by minimizing dependence on local administrator accounts.

Compute

NVv5 Series VMs Now Available in Italy North Azure Region

Azure’s NVv5 Series Virtual Machines, equipped with NVIDIA A10 GPUs and AMD EPYC 74F3V CPUs, are now accessible in the Italy North region. These VMs cater to the needs of high-performance computing and graphics-intensive applications, offering a blend of powerful computational resources and graphical processing capabilities. This expansion into the Italy North region underscores Azure’s commitment to providing geographically diverse options for compute-intensive workloads.

Trusted Launch for Azure VMs in China Regions

Microsoft is proud to announce the general availability of Trusted Launch for Azure virtual machines in all Azure regions across China, encompassing China East, China East 2, China East 3, China North, China North 2, and China North 3. This major update introduces a strengthened security framework for Azure Virtual Machines. Trusted Launch enhances foundational VM security by guaranteeing booting to a defined and trusted state, a crucial step in combating sophisticated malware threats, including boot kits and rootkits, by offering kernel-mode level security on par with the operating system.

Furthermore, Trusted Launch activates Credential Guard, a significant security measure that protects user passwords and derived domain credentials via secure boot, virtualization-based security, and vTPM, which are critical for domain controllers. This feature also provides ongoing insights into the health state and boot chain integrity of virtual machines, along with remediation pathways for attestation failures through Microsoft Defender for Cloud.

Especially for Windows 11 virtual machines, Trusted Launch bolsters defense mechanisms against lower layer malware through the support of UEFI, secure boot, and vTPM. This comprehensive security enhancement ensures a more secure and reliable environment for Azure VMs, marking a significant advancement in cloud security measures tailored to meet the evolving threats in the digital landscape.

Networking

Azure Firewall Enhancements: Flow Trace Logs and Autoscaling

Azure Firewall’s new enhancements, including Flow Trace Logs and autoscaling based on the number of connections, provide granular insights and improved scalability. Flow Trace Logs offer detailed visibility into TCP handshake logs, aiding in troubleshooting packet drops and route asymmetry. The autoscaling feature now adjusts firewall resources based on traffic connection counts, alongside throughput and CPU usage, enabling a more responsive and efficient firewall performance.

Parallel IP Group Update Support for Azure Firewall

The introduction of Parallel IP Group update support in public preview marks a significant improvement in Azure Firewall’s configuration management. This feature allows for the simultaneous update of up to 20 IP Groups within a Firewall Policy, streamlining administrative tasks and enabling faster, more scalable changes. This update is particularly beneficial for administrators utilizing dev ops methodologies for configuration changes, enhancing efficiency and agility in firewall management.

Storage

Azure Elastic SAN (General Availability)

Azure Elastic SAN’s transition to general availability signifies a milestone in cloud storage solutions, offering a fully-managed, cloud-native SAN experience. This service is designed for seamless migration of extensive SAN environments to Azure, simplifying the deployment, scaling, management, and configuration of storage area networks in the cloud. It introduces a SAN-like resource hierarchy and provisions resources at the appliance level, dynamically allocating these to accommodate various workloads, including databases, VDIs, and business applications. The integration of Azure Monitor Metrics and Azure Policy aids in managing performance and preventing misconfigurations, respectively, merging the efficiency of traditional SAN systems with the flexibility and scalability of cloud storage.

Azure File Sync Agent Releases: v17.1 and v16.2 (Security Only Updates)

The release of Azure File Sync agent versions 17.1 and 16.2 as security-only updates addresses a critical vulnerability (CVE-2024-21397) that previously allowed unauthorized file creation. These updates underscore Azure’s commitment to security, providing essential patches for Windows Server installations ranging from version 2012 R2 to 2022. Detailed installation instructions are provided (KB5023054 and KB5023052), ensuring users can securely synchronize files across their environments.

Azure Blob Storage Cold Tier: Enhanced Support for Change Feed and Object Replication

The general availability of Azure Blob Storage Cold Tier’s support for Change Feed and Object Replication introduces significant enhancements for data storage and management. This feature enables the capturing of changes to blobs and their metadata within the cold tier, facilitating efficient data replication and access. It represents Azure’s ongoing efforts to provide cost-effective, flexible storage solutions for infrequently accessed data with long-term retention requirements.

Zone Redundant Storage (ZRS) for Azure Disks in Canada Central 

The general availability of Zone Redundant Storage for Azure Disk Storage in the Canada Central region provides a robust solution for data resilience and availability. By offering synchronous replication across three availability zones, ZRS enables Azure Disks to withstand zonal failures, ensuring uninterrupted application performance. This feature is particularly valuable for applications requiring high availability without the complexity of application-level data replication.

Azure NetApp Files Standard Network Features

Azure NetApp Files now supports the general availability of Standard network features, allowing for the editing of network features for Azure NetApp Files volumes. This update brings an enhanced Virtual Networking experience, ensuring seamless integration and improved security posture. Users can now edit existing Azure NetApp Files volumes and upgrade from Basic to Standard network features. This enhancement includes increased IP limits for VNets with Azure NetApp Files volumes, aligning them with VM capabilities to facilitate customer integration into existing network topologies. Moreover, it introduces enhanced network security with support for Network Security Groups (NSGs) on Azure NetApp Files delegated subnets, a feature long requested by customers for meeting enterprise security requirements. Enhanced network control is also achieved through support for User-defined routes (UDRs), allowing traffic direction via chosen Network Virtual Appliances. Additionally, connectivity has been improved with Active/Active VPN gateway setup and ExpressRoute FastPath connectivity, ensuring low latency and high bandwidth connectivity from on-premises networks to Azure.

Introducing Azure Storage Actions: Serverless Storage Data Management (Preview)

Microsoft has recently announced the public preview of Azure Storage Actions, a fully managed platform specifically crafted to streamline data management tasks for Azure Blob Storage and Azure Data Lake Storage. With the exponential growth of data, organizations find themselves grappling with the complexities of efficiently managing their data assets. Azure Storage Actions seeks to alleviate these challenges by offering a serverless infrastructure that dynamically scales to meet data management demands, eliminating the need for resource provisioning or management.

This innovative platform provides a no-code experience, enabling users to easily define conditional logic for processing data objects. It supports an array of tasks aimed at enhancing data utility and security, such as cost optimization, data protection, rehydration from archives, and tagging, among others. Additional functionalities are expected to be added in future updates, further expanding its capabilities.

Azure Storage Actions facilitates the rapid composition, validation, and deployment of data management tasks. It features an intuitive Azure portal interface that simplifies the process of defining operations and validating them, ensuring a seamless user experience. Moreover, the platform offers robust support for programmatic management through various tools including REST APIs, the Azure SDK, PowerShell, the Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates. This versatility makes Azure Storage Actions a comprehensive solution for managing large-scale data assets across Azure Blob Storage and Azure Data Lake Storage, promising to significantly enhance data management efficiency and effectiveness for organizations worldwide.

Azure Stack

Azure Stack HCI

Supported Azure Stack HCI Scenarios with System Center

The integration of Azure Stack HCI, version 23H2, with System Center Virtual Machine Manager (SCVMM) marks a significant step forward in hybrid cloud management. Azure Stack HCI 23H2 elevates cloud-based management capabilities through Azure Arc, catering to the needs of large-scale datacenter customers who rely on System Center VMM for their virtualization environment management. The recent announcement from the System Center team outlines the supported scenarios in SCVMM for managing Azure Stack HCI 23H2, providing clarity and direction for system administrators and IT professionals.

SCVMM Support for Azure Stack HCI 23H2

The supported scenarios in SCVMM for Azure Stack HCI 23H2 include:

• Addition and Management of Azure Stack HCI Clusters: SCVMM facilitates the addition of Azure Stack HCI clusters into your management framework, allowing for comprehensive oversight.
• Virtual Machine Operations: Provisioning, deploying, and performing lifecycle operations on VMs within Azure Stack HCI clusters are fully supported, streamlining virtual machine management.
• Storage and Volume Management: SCVMM enables the management of storage pool settings, creation of virtual disks, cluster shared volumes (CSVs), and application of Quality of Service (QoS) settings to optimize storage performance.
• Workload Migration: The migration of VMware and Windows Server-based workloads to Azure Stack HCI is supported, offering flexibility in transitioning to Azure Stack HCI environments.
• Cluster Management via PowerShell: Azure Stack HCI clusters can be managed using the same PowerShell cmdlets as Windows Server clusters, ensuring a consistent management experience.
• Azure Integration: Azure-based VM self-serve capabilities and management services are extended through Azure Arc-enabled SCVMM, enhancing cloud connectivity and management.

Limitations and Azure/WAC Exclusive Scenarios

While SCVMM supports a broad range of management functions, certain scenarios remain exclusive to Azure Portal/Windows Admin Center (WAC) for Azure Stack HCI 23H2:

• Cluster Creation and Registration: The creation and registration processes for Azure Stack HCI clusters are integrated into deployment and exclusively managed through Azure Portal/WAC.
• Upgrades and Azure Benefits: Upgrading from Azure Stack HCI 22H2 to 23H2 and enabling Azure benefits on VMs are managed only via Azure Portal/WAC.
• Advanced Features: New features of Azure Stack HCI 23H2, such as GPU-Partitioning and SDN Multi-site, along with previously unsupported features like Stretched clustering with 22H2, are managed outside of SCVMM.

Future Support and Availability

Support for Azure Stack HCI 23H2 in SCVMM is scheduled to be included in the next Long-Term Servicing Channel (LTSC) version of System Center. The general availability of this version is anticipated to align closely with the release of Windows Server 2025, offering forward-looking compatibility and support for Azure Stack HCI environments.

This integration underscores Microsoft’s commitment to hybrid cloud environments, providing the tools necessary for seamless management of virtualized infrastructure both on-premises and in the cloud. As the landscape of Azure Stack HCI evolves, the synergy between Azure Stack HCI and System Center continues to strengthen, offering a robust, scalable, and efficient management solution for modern datacenters.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available in Italy North Region

Azure VMware Solution has been made available in the Italy North Azure Region. This expansion allows customers in Italy to integrate their VMware workloads with Azure services seamlessly, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and expertise they are accustomed to. This launch supports the growing demand for cloud solutions in the region, enabling local businesses to innovate and scale with the cloud’s flexibility and efficiency.

Italy North Region Added to Azure HDInsight

Azure HDInsight is now generally available in the Italy North region. This expansion enhances Azure’s managed, full-spectrum, open-source analytics service capabilities, allowing enterprises to leverage popular frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, and more within Italy North. The availability of HDInsight in this region enables local and global enterprises to process big data, run real-time analytics, and use machine learning more efficiently with reduced latency.

Networking

Azure Virtual Network Manager Security Admin Rule Configuration Feature 

The Azure Virtual Network Manager’s security admin rule configuration feature has reached general availability (GA) across 30 regions. This feature empowers organizations to enforce security policies across their virtual networks (VNets) efficiently, spanning subscriptions and regions worldwide. By prioritizing these rules above network security groups (NSGs), it ensures a standardized approach to security, helping to mitigate misconfigurations and adherence to corporate policies. The introduction of security admin rules streamlines network management, reducing the complexity of operations while enhancing security measures for expanding network infrastructures.

Azure Virtual Network Manager Topology View 

Azure Virtual Network Manager (AVNM) topology view has been officially launched and is now generally available. This innovative feature offers a scalable and reliable solution for managing networks across global subscriptions. It integrates with Azure Resource Topology (ART) to provide a comprehensive visualization of network resources, contextualized by AVNM connectivity configurations. The topology view facilitates a deeper understanding of network connections, offering insights into the connectivity among network groups and VNets, thus enhancing confidence in network deployment strategies.

ExpressRoute Guided Portal Experience (preview)

Microsoft announces the public preview of the ExpressRoute guided portal experience, aimed at simplifying the configuration of multi-site resilient ExpressRoute circuits. This new portal experience offers critical information, such as the distance between peering locations and traffic engineering recommendations, to assist customers in making informed decisions. During the preview, users can access this feature globally in the Azure public cloud via the Azure portal flight link. This initiative underscores Microsoft’s commitment to providing intuitive tools for enhancing network resiliency and connectivity.

Storage

Mount Azure Storage as a Local Share in App Service Linux Now Supports NFS

Azure App Service Linux now supports NFS when mounting an Azure File share as a local share for web apps. This update enables more flexible and efficient storage solutions for web applications hosted on Azure, streamlining the integration and management of file storage.

Azure Ultra Disk Storage Now Available in Canada East

Azure Ultra Disk Storage, offering high throughput, high IOPS, and consistent low-latency disk storage, is now available in Canada East. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads, Ultra Disk Storage enhances Azure Virtual Machines’ performance and capabilities in the region.

Azure NetApp Files Standard Network Features – Edit Volumes in US Gov Regions

Azure has launched a public preview for editing network features of Azure NetApp Files volumes in US Gov regions, leveraging advanced hardware and software integration. This update introduces Standard Network Features, enhancing the virtual networking experience with improved security for Azure NetApp Files. Users can now upgrade Basic network features to Standard, benefiting from increased IP limits, enhanced network security and control, and improved connectivity options. This preview is available across all US Gov regions (VA, TX, & AZ).

General Availability: Support for up to 100 TB of Storage for the FHIR Service

Azure announces general availability for expanded storage support in the FHIR service, part of Azure Health Data Services, up to 100 TB. This enhancement allows for the storage and exchange of vast amounts of health data, facilitating large-scale analytics, population health management, research, and insights from health data. Organizations requiring storage beyond the default 4 TB can request an increase through the Azure portal.

Azure Stack

Azure Stack HCI

Azure Stack HCI 23H2 General Availability

Microsoft has announced the general availability of Azure Stack HCI version 23H2, marking a significant update in cloud-managed edge infrastructure. This version is ready for production . It introduces several previews, including Azure Migrate and Microsoft Defender for Cloud, specifically designed for Azure Stack HCI environments. However, it’s noteworthy that certain features like stretched clustering and System Center VMM support are temporarily unavailable in some regions. The launch of Azure Stack HCI 23H2 represents a leap forward in Microsoft’s edge infrastructure offerings, providing enterprises with robust, scalable solutions for their hybrid cloud environments.

Key Highlights:

• Production-Ready: Azure Stack HCI 23H2 is now ready for production environments, offering robust and reliable infrastructure solutions.
• Seamless Update Process: An update from the previous version 22H2 to 23H2 will soon be available, specifically targeting 23H2 clusters to ensure smooth transitions.
• Enhanced Solutions Availability: The GA version includes premier and integrated solutions, enriching the ecosystem for Azure Stack HCI users.
• Azure Virtual Desktop (AVD) for Azure Stack HCI: AVD is now generally available, bringing together the advantages of Azure Virtual Desktop and Azure Stack HCI. This combination allows organizations to run virtualized desktops and apps securely, either on-premises at the edge or within data centers.
• Azure Migrate Integration (Preview): Azure Stack HCI now supports Azure Migrate in preview, facilitating easier migration of workloads to Azure Stack HCI environments.
• Microsoft Defender for Cloud Integration (Preview): Enhance your security posture with Microsoft Defender for Cloud for Azure Stack HCI, currently in preview.
• Guidance on Using Version 22H2: It’s recommended to continue using version 22H2 temporarily if:
  1. The service is not available in your region (currently limited to East US and West Europe).
  2. You require stretched clustering support, which is not available in 23H2.
  3. Your setup relies on System Center VMM, not supported by 23H2.

Additional Information:

• Currently, 3-node switchless deployments are not supported.
• The GA version includes proxy support for HCI infrastructure, but not yet for VMs.
• Updates to 23H2 can be performed through the portal on existing preview clusters or by new deployment.
• With Windows Defender Application Control (WDAC) enabled by default in Azure Stack HCI 23H2, steps may be needed to allow certain applications to run.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.