Archivi categoria: Microsoft Azure

Azure IaaS and Azure Stack: most impactful announcements at Microsoft Ignite – October 2022

This special edition includes Microsoft’s most important announcements and major updates, regarding Azure infrastructure as a service (IaaS) and Azure Stack, which were officially announced this week at the Microsoft Ignite conference (October 2022). Microsoft announced a number of significant enhancements to its Azure infrastructure as a service (IaaS) portfolio, and Microsoft infrastructure services continue to evolve to improve the experience of running business-critical workloads in a hybrid environment.

Azure

Compute

Nutanix Cloud Clusters now generally available on Azure

Nutanix Cloud Clusters on Azure, now generally available, simplifies and accelerates the customer journey to the cloud. Nutanix customers can migrate or extend their workloads to Azure, without modification or retooling. With Nutanix Cloud Clusters on Azure, customers can leverage their existing Nutanix skills and tools, add Azure services such as security, identity and analytics and gain cost efficiencies with license portability that enables them to use their existing licenses for Azure deployment. And, to further support a hybrid model, customers can also seamlessly extend Azure data services to their on-premises Azure Arc-enabled Kubernetes clusters using the Nutanix platform.

New features for Azure VMWare Solution

Two new Azure VMware Solution features support higher availability and security for
customers’ mission critical workloads and include:

  • 99.99% private cloud uptime: stretched clusters for Azure VMware Solution, now in preview, will provide 99.99% uptime for mission-critical apps that require the highest availability. In times of Availability Zone failure, customers’ virtual machines (VMs) and apps automatically failover to an unaffected Availability Zone with no app impact, which does not require IT support.
  • Customer Managed Keys (CMK): now in preview, CMK will give customers maximum control over their encrypted vSAN data on Azure VMware Solution. With this feature, customers use Azure Key Vault to generate customer managed keys and to centralize and streamline the key management process

Azure savings plan for compute offers a new price offering

Microsoft is launching a new price offering, Azure savings plan for compute. This new offer, generally available later in October, will allow customers to save across select compute services globally by committing to spend a fixed hourly amount (for example, $5/hour) for one or three years. As customers use select compute services around the world, their usage is covered by the plan at reduced prices, helping them get more value from their cloud budget. During times when their usage is above their hourly commitment, users will simply be billed at the regular pay-as-you-go prices. With savings automatically applying across compute usage globally, they’ll continue saving even as their usage needs change over time. This plan lets customers increase the value of their cloud budget, retain financial control and optimize costs amid increasing cloud spends to help them do more with less.

New Azure Virtual Machine Scale Set and Spot Virtual Machines capabilities (preview)

A new Virtual Machine Scale Sets feature that enables Azure customers to include standard and Spot Virtual Machine types in the same virtual machine scale set is now in preview. This new capability is available with flexible orchestration mode and can help you achieve significant cost savings given the deep discount rates that Spot Virtual Machines usually provide. Virtual Machines Scale Sets flexible orchestration mode provides you with the ability to deploy highly available large-scale cloud infrastructure quickly, reliably, and easily. You can also set up policies that define the percentage allocation of standard versus Spot Virtual Machines. The number of standard VMs that need to be running at any given time, in addition to the percentage of Spot Virtual Machines, can also be defined.

Confidential VM option for SQL Server on Azure Virtual Machines

With the confidential VM option for SQL Server on Azure Virtual Machines, you can now run your SQL Server workloads on the latest AMD-backed confidential virtual machines. This ensures that both the data in use (the data processed inside the memory of the SQL Server) as well as the data at rest stored on your VM’s drives, are inaccessible to unauthorized users from the outside of the VM. This can be done without the need to change the code of your SQL Server applications or your database schemas, including stored procedures.

Storage

Next-gen Azure Premium SSD Disk Storage

The new Azure Premium SSD v2 Disk Storage is the most advanced general purpose block storage solution available, designed for performance-critical workloads like online transaction processing systems that consistently need sub-millisecond latency combined with high IOPS and throughput. Premium SSD v2 enables you to improve the price-performance of a broad range of enterprise production workloads that require sub-millisecond latency with high IOPS and throughput such as SQL Server, Oracle® DB, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. With Premium SSD v2, you can provision up to 64TiBs, 80,000 IOPS, and 1,200 MB/s throughput on a single disk. You can specify disk size ranging from 1 GiB up to 64 TiBs, in 1-GiB increments. You can provision separately disk size, IOPS, and throughput to match your workload requirements, resulting in greater flexibility when managing performance and costs. Furthermore, you can dynamically scale up or down the performance as needed without downtime, giving you the flexibility to manage disk performance cost-effectively.

Azure Elastic SAN (preview)

Azure Elastic SAN, now in preview, is a unique cloud-native and fully managed storage area network (SAN) service. Combining SAN-like capabilities with the benefits of being a cloud-native service, Azure Elastic SAN will offer a scalable, cost-effective, high-performance and reliable storage solution. It can connect to a variety of Azure compute services, enabling customers to seamlessly lift and shift their SAN workloads to the cloud without having to change their provisioning and management model.
These features include:

  • Deploying, managing and hosting workloads on Azure with an end-to-end experience like on-premises SAN.
  • Bulk provisioning of block storage that can achieve massive scale up to millions of IOPS, double-digit GB/s throughput and low single-digit millisecond latencies while serving a plethora of workloads in an organization.
  • Simplifying volume management through grouping and policy enforcement with an on-premises SAN experience.
  • Achieving higher resiliency and minimizing downtime with zone-redundant storage,
    thus ensuring organizations high levels of availability when running business-critical
    apps on Azure.

Networking

Azure DNS Private Resolver

Azure DNS Private Resolver is a cloud-native, highly available, and DevOps-friendly service. It provides a simple, zero- maintenance, reliable, and secure DNS service to resolve and conditionally forward DNS queries from a virtual network, on-premises, and to other target DNS servers without the need to create and manage a custom DNS solution. Resolve DNS names hosted in Azure Private DNS Zones from on-premises networks as well as DNS queries for your own domain names. This will make your DNS infrastructure work privately and seamlessly across on-premises networks and enable key hybrid networking scenarios.

Azure Resource Topology

Azure Resource Topology (ART) allows visualizing the resources in a network, acquire system context, understand state and debug issues faster. It provides a visualized connected experience for inventory management and monitoring. This unified topology leads to upgrading the network monitoring and management experience in Azure. Replacing the Network Watcher topology, this topology will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources. Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address. Selecting a resource in the topology highlights the node and all other nodes/resources connected to it via edges. These edges define the connections among regions which can be done through VNET peering, VNET Gateways, etc. The side pane shows extensive resource details and properties for selected node/resource.

Static IP configurations of private endpoints

Private endpoint support for statically defined IP addresses is generally available. This feature allows you to add customizations to your deployments. Leverage already reserved IP addresses and allocate them to your private endpoint without relying on the randomness of Azure’s dynamic IP allocation. In doing so, you can account for a consistent IP address to the private endpoint to use alongside IP based security rules and scripts.

Custom network interface name configurations of private endpoints

Private endpoint support for custom network interface (NIC) is now generally available. This feature allows you to define your own string name at the time of creation of the private endpoint NIC deployed. This enhances customizations to your deployments by allowing private endpoint resources to comply with your naming structure. You can leverage this feature to define a private endpoint NIC outside of the existing format of [Private Endpoint Name].nic.GUID.

IP Protection SKU for Azure DDoS Protection (preview)

IP Protection is designed with SMBs in mind and delivers enterprise-grade, cost-effective DDoS protection.  Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP. The existing standard SKU of Azure DDoS Protection will now be known as Network Protection.  IP Protection includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.

ExpressRoute Metro (in development)

ExpressRoute Metro offers you the ability to create private connections via an ExpressRoute Circuit with dual connections from a Service provider (AT&T, Equinix, Verizon etc.,) or connecting directly with ExpressRoute Direct over a dual 10 Gbps or 100 Gbps physical port in two different Microsoft Edge location in a metropolitan area offering higher redundancy and resiliency.

Azure public multi-access edge compute (MEC)

Azure public multi-access edge compute (MEC) allows enterprises and developers to
deliver innovative, high-performance, low-latency apps using operators’ public 5G
networks. Azure public MEC is available with AT&T in Atlanta and Dallas. This offers
customers the unique ability to analyze data closer to where it is being captured for
proactive actions and decisions. Azure public MEC with the AT&T 5G network will be available in November in Atlanta and Dallas. Additional sites will be coming soon to Detroit and New York City.

Azure Stack

Azure Stack HCI

New benefit for Software Assurance customers

Microsoft is expanding Azure Hybrid Benefit, a program that enables Software Assurance (SA) customers to reduce costs. With the new Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and Azure Stack HCI, customers can:

  • Get Azure Stack HCI at no additional cost with Windows Server Datacenter SA.
    Customers can modernize their existing datacenter and edge infrastructure to run their virtual machine (VM) and container-based workloads on modern infrastructure with industry-leading price-performance and built-in connectivity to Azure.
  • Run AKS on Windows Server and Azure Stack HCI at no additional cost with Windows SA and Cloud Solution Provider (CSP) subscriptions. With this, customers can deploy and manage containerized Linux and Windows apps from cloud to edge with a consistent, managed Kubernetes service.

Azure Arc-enabled VM management: public preview 2

Microsoft is adding some important new features in public preview 2 to manage virtual machines:

  • Marketplace image: in addition to using your own custom images, you can now access images from the Azure Marketplace. In just a few clicks, you can conveniently deploy the latest fully-patched images from Microsoft, including Windows Server 2022 Azure Edition with hotpatching and Windows 11 Enterprise multi-session for Azure Virtual Desktop. Later, images from third-party publishers will be available too. The Marketplace functionality is built natively into Azure Arc (no new agents needed) and is designed to be conscious of your network bandwidth: images are optimized to minimize file size, and you only need to download them once to create as many VMs as you like.
  • Guest management including VM extensions: when you deploy a new VM through Azure Arc, the guest OS is now automatically Arc-enabled. This means you can use VM extensions like Domain Join to configure the operating system, or Custom Script to deploy and configure your applications. Later, more extensions will be available.

22H2 feature update

All existing Azure Stack HCI clusters are eligible to receive 22H2 as a free over-the-air update. You can apply the update non-disruptively with cluster-aware updating, just like a monthly security patch. Microsoft recommends version 22H2 for all new Azure Stack HCI deployments. No matter how you use Azure Stack HCI, there’s something for you in the 22H2 feature update.

Network

With version 22H2, Network ATC can automatically assign IP addresses to your intra-cluster storage networks, and automatically name your cluster networks based on their intended use. It can also manage live migration settings for you, like selecting the best network, best transport, and best bandwidth allocation.

Storage

Storage management is more flexible: you can modify existing storage volumes to increase their resiliency (e.g., from two-way to three-way mirror) or convert in-place from fixed to thin provisioning.

Storage replication between sites in a stretch cluster is faster with new optional compression. Hyper-V live migration is more reliable for switchless 2-node and 3-node clusters. And there’s new tag-based network segmentation, enabling you to secure virtualized workloads against lateral threats based on custom tags of your choice.

Management tools

Management tools are being refreshed to support the new update. You can use Windows Admin Center to manage version 22H2 right now, and in mid-November, the next Windows Admin Center release will bring enhancements to light up new features, like modifiable volume settings, an improved cluster settings design, and more. In mid-November, the first Update Rollup (UR1) for System Center 2022 will add official support for Azure Stack HCI, version 22H2.

Azure Kubernetes Service hybrid deployment options

Azure Kubernetes Service (AKS) on Azure Stack HCI, Windows Server 2019, and 2022 Datacenter can be provisioned from the Azure Portal/CLI. Through this consistent managed Kubernetes experience, organizations can run containerized apps regardless of their location in a datacenter, the Azure cloud and/or a physical location or device.

Hardware

In 2023, Microsoft will begin offering an Azure Stack HCI integrated system based on hardware that’s designed, shipped, and supported by Microsoft. The solution, called the “Pro 2”, has a 2U half-depth form factor that’s ideal for deployment outside the datacenter, in locations like retail, manufacturing and healthcare. The Pro 2 will be available in several configurations, with specs tailored to edge use cases and the option for up to two NVIDIA A2 GPUs. You’ll be able to order it directly from the Azure Portal and it’ll ship with Azure Stack HCI pre-installed. And hardware management will be integrated directly into the existing cluster management tools, including a new Windows Admin Center extension that’s under development now.

Azure IaaS and Azure Stack: announcements and updates (October 2022 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Azure NetApp Files new regions and cross-region replication

Azure NetApp Files is now available in the following additional regions:

  • Korea South,
  • Sweden Central.

Additionally, Azure NetApp Files cross-region replication has been enabled between following regions:

  • Korea Central and Korea South,
  • North Central US and East US 2,
  • France Central and West Europe.

Networking

ExpressRoute FastPath support for Vnet peering and UDRs

FastPath now supports virtual network peering and user defined routing (UDR). FastPath will send traffic directly to any VM deployed in a spoke virtual network peered to the virtual network where the ExpressRoute virtual network gateway is deployed. Additionally, FastPath will now honor UDRs configured on the GatewaySubnet and send traffic directly to an Azure Firewall or third-party Network Virtual Appliance (NVA).

Azure Firewall Basic (preview)

Azure Firewall Basic is a new SKU for Azure Firewall designed for small and medium-sized businesses. 

Comprehensive, cloud-native network firewall security:

  • Network and application traffic filtering
  • Threat intelligence to alert on malicious traffic
  • Built-in high availability
  • Seamless integration with other Azure security services

Simple setup and easy-to-use:

  • Setup in just a few minutes
  • Automate deployment (deploy as code)
  • Zero maintenance with automatic updates
  • Central management via Azure Firewall Manager

Cost-effective:

  • Designed to deliver essential, cost-effective protection of your resources within your virtual network

Policy analytics for Azure Firewall (preview)

Policy analytics for Azure Firewall, now in public preview, provides enhanced visibility into traffic flowing through Azure Firewall, enabling the optimization of your firewall configuration without impacting your application performance.  

Azure Basic Load Balancer will be retired

On 30 September 2025, Azure Basic Load Balancer will be retired. You can continue to use your existing Basic Load Balancers until then, but you’ll no longer be able to deploy new ones after 31 March 2025.

To keep your workloads appropriately distributed, you’ll need to upgrade to Standard Load Balancer, which provides significant improvements including:

  • High performance, ultra-low latency, and superior resilient load-balancing.
  • Security by default: closed to inbound flows unless allowed by a network security group.
  • Diagnostics such as multi-dimensional metrics and alerts, resource health, and monitoring.
  • SLA of 99.99 percent availability.

Basic SKU public IP addresses will be retired

On 30 September 2025, Basic SKU public IP addresses will be retired in Azure. You can continue to use your existing Basic SKU public IP addresses until then, however, you’ll no longer be able to create new ones after 31 March 2025.

Standard SKU public IP addresses offer significant improvements, including:

  • Access to a variety of other Azure products, including Standard Load Balancer, Azure Firewall, and NAT Gateway.
  • Security by default—closed to inbound flows unless allowed by a network security group.
  • Zone-redundant and zonal front ends for inbound and outbound traffic.

Azure Management services: le novità di settembre 2022

Nel mese di settembre ci sono state diverse novità che Microsoft ha annunciato in merito agli Azure management services. In questo articolo vengono elencati i principali annunci, accompagnati dai riferimenti necessari per poter effettuare ulteriori approfondimenti in merito.

Il diagramma seguente mostra le diverse aree relative al management, che sono contemplate in questa serie di articoli, per poter rimanere aggiornati su questi temi ed effettuare al meglio il deployment ed il mantenimento delle applicazioni e delle risorse.

Figura 1 – Overview dei Management services in Azure

Monitor

Azure Monitor

Monitor per VM e cluster AKS basati su Arm

Azure Monitor ha introdotto il supporto per le macchine virtuali di Azure basate su Ampere Altra Arm e per il servizio Azure Kubernetes composto da nodi Arm.

Aggiornamento necessario per MMA che utilizza SSL v1

A partire dal 1° novembre 2022, Azure non accetterà più connessioni da versioni precedenti dell’agente di Operations Manager, noto anche come Microsoft Monitoring Agent (MMA), che utilizzano SSL V1. Se l’agente di Operations Manager è configurato per inviare dati a Log Analytics è necessario aggiornare l’agente alla versione più recente entro tale data.

Previsto il ritiro del connettore ITSM per ServiceNow

Microsoft ha annunciato che il 30 settembre 2025 sarà ritirato il connettore ITSM di Azure Monitor per la creazione di alert in ServiceNow. Per coloro che utilizzano questa integrazione, sarà possibile possibile creare incidenti oppure eventi utilizzando l’apposito Secure Webhook.

Govern

Azure Policy

Azure Policy built-in per Azure NetApp Files

Microsoft ha introdotto delle policy built-in relative ad Azure NetApp Files per consentire agli amministratori di limitare la creazione di volumi NFS non protetti e per controllare più facilmente i volumi esistenti.

Azure Cost Management

Aggiornamenti relativi a Microsoft Cost Management

Microsoft è costantemente alla ricerca di nuove metodologie per migliorare Microsoft Cost Management, la soluzione per fornire una maggiore visibilità su dove si stanno accumulando costi nel cloud, identificare e prevenire modelli di spesa errati ed ottimizzare i costi . In questo articolo sono riportati alcuni degli ultimi miglioramenti ed aggiornamenti riguardanti questa soluzione, tra i quali:

  • Possibilità di monitorare i budget dall’app Azure per dispositivi mobili.
  • Possibilità di ottenere informazioni dettagliate sui possibili risparmi direttamente dall’analisi dei costi (anteprima).

Secure

Microsoft Defender for Cloud

Nuove funzionalità, correzioni di bug e funzionalità deprecate di Microsoft Defender for Cloud

Lo sviluppo di Microsoft Defender for Cloud è in costante evoluzione e vengono introdotti miglioramenti su base continua. Per rimanere aggiornati sugli sviluppi più recenti, Microsoft aggiorna questa pagina, che fornisce informazioni su nuove funzionalità, correzioni di bug e funzionalità deprecate. In particolare, questo mese le principali novità riguardano:

  • Il supporto in Defender for Servers per la funzionalità di File Integrity Monitoring utilizzando l’Azure Monitor Agent.
  • L’aggiunta di raccomandazioni in ambito identity.

Protect

Azure Backup

Reserved capacity per Azure Backup Storage

Per ottimizzare i costi è possibile acquistare la capacità dell’Azure Backup Storage in modalità reserved capacity. La reservation si applicherà automaticamente sul Backup Storage selezionato e sarà disponibile su base annuale con uno sconto fino al 16% oppure su base triennale con uno sconto del 24%.

Alert in Azure Monitor

Grazie a questa integrazione tra Azure Monitor ed Azure Backup è possibile generare alert per eventi critici relativi alla sicurezza dei backup e in caso di errori nella protezione delle risorse. Per monitorare questi avvisi è possibile utilizzare la dashboard di Azure Monitor oppure il Backup center. Grazie a questa integrazione è possibile anche instradare questi avvisi verso diversi canali di notifica.

Migrate

Azure Migrate

Nuovi rilasci e funzionalità di Azure Migrate

Azure Migrate è il servizio presente in Azure che comprende un ampio portafoglio di strumenti che è possibile utilizzare, tramite una esperienza di utilizzo guidata, per affrontare in modo efficace i più comuni scenari di migrazione. Per rimanere aggiornati sugli sviluppi più recenti della soluzione è possibile consultare questa pagina, che fornisce informazioni su nuovi rilasci e nuove funzionalità. In particolare, questo mese le principali novità riguardano:

  • L’introduzione del supporto per sospendere e riprendere le repliche delle VMs in corso, senza dover eseguire nuovamente una replica completa.
  • Notifiche avanzate riguardanti lo stato di completamento della migrazione ed i test di migrazione.
  • Il rilevamento di web app Java su Apache Tomcat in esecuzione su server Linux ospitati in ambienti VMware.
  • Per le web app ASP.NET la possibilità di effettuare una raccolta avanzata di dati, incluso il rilevamento di stringhe di connessione ai database, le directory ed i meccanismi di autenticazione.

Valutazione di Azure

Per testare e valutare in modo gratuito i servizi offerti da Azure è possibile accedere a questa pagina.

Azure IaaS and Azure Stack: announcements and updates (September 2022 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Azure File Sync agent v15.1

Improvements and issues that are fixed:

  • Low disk space mode to prevent running out of disk space when using cloud tiering. Low disk space mode is designed to handle volumes with low free space more effectively. On a server endpoint with cloud tiering enabled, if the free space on the volume reaches below a threshold, Azure File Sync considers the volume to be in Low disk space mode. In this mode, files are tiered to the Azure file share more proactively and tiered files accessed by the user will not be persisted to the disk. To learn more, see the low disk space mode section in the Cloud tiering overview documentation.
  • Fixed a cloud tiering issue that caused high CPU usage after v15.0 agent is installed.
  • Miscellaneous reliability and telemetry improvements.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • The agent version for this release is 15.1.0.0.
  • Installation instructions are documented in KB5003883.

Standard network features for Azure NetApp Files

Standard network features for Azure NetApp Files volumes are available. Standard network features provide you with an enhanced, and consistent virtual networking experience along with security posture for Azure NetApp Files.

You are now able to choose between standard or basic network features while creating a new Azure NetApp Files volume:

  • Basic provide the current functionality, limited scale, and features.
  • Standard provides the following new features for Azure NetApp Files volumes or delegated subnets:
    – Increased IP limits for Vnets with Azure NetApp Files volumes. This is at par with VMs to enable you to provision Azure NetApp File volumes in your existing topologies or architectures. This eliminates the need to rearchitect network topologies to use Azure NetApp Files for workloads like VDI, AVD, or AKS.
    – Enhanced network security with support for network security groups (NSG) on the Azure NetApp Files delegated subnet.
    – Enhanced network control with support for user-defined routes (UDR) to and from Azure NetApp Files delegated subnets. You can now direct traffic to and from Azure NetApp Files via your choice of network virtual appliances for traffic inspection.
    – Connectivity over active or active VPN gateway setup for highly available connectivity to Azure NetApp Files from on-premises network.
    – ExpressRoute FastPath connectivity to Azure NetApp Files. FastPath improves the data path performance between on-premises network and Azure Virtual Network.

Immutable storage for Azure Data Lake Storage

Immutable storage for Azure Data Lake Storage is now generally available. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.

Improved Append Capability on Immutable Storage for Blob Storage

Immutable storage for Blob Storage on containers (which has been generally available since September 2018) now includes a new append capability. This capability, titled “Allow Protected Appends for Block and Append Blobs”, allows you to set up immutable policies for block and append blobs to keep already written data in a WORM state and continue to add new data. This capability is available for both legal holds and time-based retention policies.

Encrypt managed disks with cross-tenant customer-managed keys

Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.

Azure Dedicated Host support for Ultra Disk Storage

Virtual machines (VMs) running on Azure Dedicated Host support the use of standard and premium disks as data disks, and now there is also the support for ultra disks on dedicated host.

Azure unmanaged disks will be retired on 30 September 2025

Azure Managed Disks now have full capabilities of unmanaged disks and other advancements. Microsoft will begin deprecating unmanaged disks on September 30, 2022, and this functionality will be completely retired on September 30, 2025. 

Encryption scopes on hierarchical namespace enabled storage accounts (preview)

Encryption scopes introduce the option to provision multiple encryption keys in a storage account with hierarchical namespace. Using encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level. The preview is available for REST, HDFS, NFSv3, and SFTP protocols in an Azure Blob / Data Lake Gen2 storage account. The key that protects an encryption scope may be either a Microsoft-managed key or a customer-managed key in Azure Key Vault. You can choose to enable automatic rotation of a customer-managed key that protects an encryption scope. When you generate a new version of the key in your Key Vault, Azure Storage will automatically update the version of the key that is protecting the encryption scope, within a day.

Customer initiated storage account conversion (preview)

The self-service option to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS) is available. This allows you to initiate the conversion of storage accounts via the Azure portal without the necessity of creating a support ticket.

Networking

Resizing of peered virtual networks

Updating the address space for peered virtual networks now is now generally available. This feature allows you to update the address space or resize for a peered virtual network without removing the peering.

Improvements to Azure Web Application Firewall (WAF) custom rules

  • There are two improvements for WAF custom rules:
    Azure regional Web Application Firewall (WAF) with Application Gateway now supports creating custom rules using the operators “Any” and “GreaterThanOrEqual”. Custom rules allow you to create your own rules to customize how each request is evaluatedas it passes through the WAF engine.
  • Azure global Web Application Firewall (WAF) with Azure Front Door now supports custom geo-match filtering rules using socket addresses. Filtering by socket address allows you to restrict access to your web application by country/region using the source IP that the WAF sees.

Azure IaaS and Azure Stack: announcements and updates (September 2022 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Virtual Machines with Ampere Altra Arm–based processors

Microsoft is announcing the general availability of the latest Azure Virtual Machines featuring the Ampere Altra Arm–based processor. The new virtual machines will be generally available on September 1, and customers can now launch them in 10 Azure regions and multiple availability zones around the world. In addition, the Arm-based virtual machines can be included in Kubernetes clusters managed using Azure Kubernetes Service (AKS). This ability has been in preview and will be generally available over the coming weeks in all the regions that offer the new virtual machines.

Storage

Prevent a lifecycle management policy from archiving recently rehydrated blobs

Azure Storage lifecycle management offers a rule-based policy that you can use to transition blob data to the appropriate access tiers or to expire data at the end of the data lifecycle. You can configure rules to move a blob to archive tier based on last modified condition. If you rehydrate a blob by changing its tier, this rule may move the blob back to the archive tier. This can happen if the last modified time is beyond the threshold set for the policy. Now you can add a new condition, daysAfterLastTierChangeGreaterThan, in your rules, to skip the archiving action if the blobs are newly rehydrated.

Encrypt storage account with cross-tenant customer-managed keys (preview)

The ability to encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant is available in preview. You can use this solution to encrypt your customers’ data using an encryption key managed by your customers.

Ephemeral OS disks supports host-based encryption using customer managed key

Ephemeral OS disk customers can choose encryption type between platform managed keys or customer managed keys for host-based encryption. The default is platform managed keys. This feature would enable our customers to meet organization’s compliance needs.

Resource instance rules for access to Azure Storage

Resource instance rules enable secure connectivity to a storage account by restricting access to specific resources of select Azure services.
Azure Storage provides a layered security model that enables you to secure and control access to your storage account. You can configure network access rules to limit access to your storage account from select virtual networks or IP address ranges. Some Azure services operate on multi-tenant infrastructure, so resources of these services cannot be isolated to a specific virtual network.
With resource instance rules, you can now configure your storage account to only allow access from specific resource instances of such Azure services. For example, Azure Synapse offers analytic capabilities that cannot be deployed into a virtual network. If your Synapse workspace uses such capabilities, you can configure a resource instance rule on a secured storage account to only allow traffic from that Synapse workspace.
Resource instances must be in the same tenant as your storage account, but they may belong to any resource group or subscription in the tenant.

Networking

ExpressRoute IPv6 Support for Global Reach

IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.

Azure Management services: le novità di agosto 2022

Microsoft rilascia costantemente novità riguardanti gli Azure management services. Pubblicando questo riepilogo si vuole fornire una panoramica complessiva delle principali novità rilasciate nell’ultimo mese. Questo consente di rimanere sempre aggiornati su questi argomenti ed avere i riferimenti necessari per condurre ulteriori approfondimenti.

Il diagramma seguente mostra le diverse aree relative al management, che sono contemplate in questa serie di articoli, per poter rimanere aggiornati su questi temi ed effettuare al meglio il deployment ed il mantenimento delle applicazioni e delle risorse.

Figura 1 – Overview dei Management services in Azure

Monitor

Azure Monitor

Azure Monitor metric alerts: miglioramento nell’apprendimento delle soglie

I “metric alerts” di Azure Monitor con il rilevamento dinamico delle soglie, utilizzano algoritmi di machine learning (ML) avanzati per apprendere il comportamento storico delle metriche e identificare modelli e anomalie che indicano possibili problemi nei servizi. Grazie all’introduzione di questa nuova funzionalità vengono riconosciute automaticamente le interruzioni prolungate e tali interruzioni vengono rimosse dall’andamento per non falsare i risultati. In questo modo si ottengono soglie molto migliori che si adattano ai dati e possono rilevare problemi nei servizi con la stessa sensibilità prima dell’interruzione.

VM insights e l’utilizzo del nuovo agente di Azure Monitor (preview)

Attualmente, per poter utilizzare Azure Monitor VM insights è necessario installare, a bordo di ogni macchina virtuale oppure dei virtual machine scale set da monitorare, l’agente di Log Analytics ed il dependency agent. Grazie al rilascio di questa nuova funzionalità (in anteprima) VM insights utilizzerà il nuovo agente di Azure Monitor, anziché l’agente di Log Analytics.

Diverse sono le funzionalità che si ottengono con questa preview:

  • Configurazione facilitata, utilizzando le data collection rule, per collezionare i performance counters delle VMs e specifici data types.
  • Possibilità di abilitare e disabilitare processi e dati delle dipendenze che generano la Map view, ottenendo così una conseguente ottimizzazione dei costi.
  • Miglioramento della sicurezza e delle performance derivanti dall’utilizzo dell’Azure Monitor agent e delle managed identity.

Autenticazione basata sulle managed identity per abilitare Azure Monitor container insights (preview)

Container insights ora supporta l’integrazione tramite l’agente di Azure Monitor per i cluster AKS (nodi Linux) e per i cluster abilitati per Arc. Questo agente raccoglie i dati sulle prestazioni e sugli eventi da tutti i nodi del cluster e viene automaticamente distribuito e registrato con il workspace di Log Analytics. Con l’agente di Azure Monitor, container insights supporta anche l’autenticazione tramite managed identity per AKS e per i cluster abilitati per Arc. Si tratta di un modello di autenticazione sicuro e semplificato in cui l’agente di monitor usa la managed identity del cluster per inviare i dati ad Azure Monitor. Questo nuovo meccanismo di autenticazione va a sostituire l’autenticazione locale basata sui certificati ed elimina la necessità di aggiungere un ruolo specifico al cluster. Sono supportate le System-assigned identity e le user-assigned identity.

Disponibilità in nuove regions

Azure Monitor Log Analytics è disponibile nelle seguenti nuove region:

  • China North 3
  • China East 3

Per consultare la disponibilità del servizio in tutte le region Azure è possibile consultare questo documento.

Govern

Azure Policy

Policy per bloccare il deployment di potenziali immagine vulnerabili

Per proteggere i cluster Kubernetes ed i relativi workload basati su container da potenziali tentativi di attacco è ora possibile creare delle restrizioni nel deployment delle immagini che contengono vulnerabilità nei relativi componenti software. Grazie a questa funzionalità è possibile utilizzare le Azure Policy e Azure Defender for Containers per identificare le vulnerabilità e applicare le relative patch prima di effettuare i deployment.

Azure Cost Management

Aggiornamenti relativi a Microsoft Cost Management

Microsoft è costantemente alla ricerca di nuove metodologie per migliorare Microsoft Cost Management, la soluzione per fornire una maggiore visibilità su dove si stanno accumulando costi nel cloud, identificare e prevenire modelli di spesa errati ed ottimizzare i costi . In questo articolo sono riportati alcuni degli ultimi miglioramenti ed aggiornamenti riguardanti questa soluzione. In particolare si segnala la possibilità di consolidare e gestire vari tenant di Azure Active Directory da un unico account di fatturazione del Microsoft Customer Agreement (MCA).

Azure Arc

Azure Arc-enable Servers: disponibilità in nuove regions

Azure Arc-enable Servers è disponibile nelle seguenti nuove region:

  • China East 2 (preview)
  • China North 2 (preview)
  • South Africa North

Secure

Microsoft Defender for Cloud

Nuove funzionalità, correzioni di bug e funzionalità deprecate di Microsoft Defender for Cloud

Lo sviluppo di Microsoft Defender for Cloud è in costante evoluzione e vengono introdotti miglioramenti su base continua. Per rimanere aggiornati sugli sviluppi più recenti, Microsoft aggiorna questa pagina, che fornisce informazioni su nuove funzionalità, correzioni di bug e funzionalità deprecate. In particolare, questo mese le principali novità riguardano:

  • Distribuzione automatica dell’agente di Azure Monitor (preview)
  • Alert deprecati riguardanti attività sospette correlate ad un cluster Kubernetes

Protect

Azure Site Recovery

Nuovo Update Rollup

Per Azure Site Recovery è stato rilasciato l’Update Rollup 63 che risolve diverse problematiche e introduce alcuni miglioramenti.

Tra le principali migliorie introdotte da questa versione dei componenti di ASR, troviamo:

  • Il supporto di Oracle Linux 8.6 per Linux OS/Azure verso Azure e per VMware/Physical verso Azure
  • La possibilità di migrare i processi di replica esistenti dalla modalità classica a quella moderna per le macchine virtuali VMware (vedi paragrafo seguente “Aggiornamento per adottare l’esperienza moderna di replica delle VMs di VMware”)

I relativi dettagli e la procedura da seguire per l’installazione è consultabile nella KB specifica.

Aggiornamento per adottare l’esperienza moderna di replica delle VMs di VMware

In ASR è stata introdotta la possibilità di migrare, le macchine virtuali VMware protette da Azure Site Recovery, dall’esperienza classica a quella moderna introdotta recentemente. La modalità classica prevede la replica delle VMs di VMware utilizzando il Configuration Server, mentre la modalità moderna prevede l’adozione dell’appliance di replica di ASR. Il processo di migrazione, verso la modalità moderna, che è stato introdotto prevede:

  • Un meccanismo di detection che consente di non dover ripetere la replica iniziale dei sistemi protetti.
  • Il calcolo dei tempi di migrazione necessari, al fine di poter avere tutti gli elementi necessari per una corretta pianificazione.
  • Un robusto meccanismo di rollback, per ripristinare la situazione iniziale (modalità classica) nel caso emergano delle problematiche.

L’adozione del meccanismo moderno di replica è raccomandato da Microsoft in quanto consente di migliorare la sicurezza, ridurre l’effort di gestione e semplificare l’ambiente.

Migrate

Azure Migrate

Nuovi rilasci e funzionalità di Azure Migrate

Azure Migrate è il servizio presente in Azure che comprende un ampio portafoglio di strumenti che è possibile utilizzare, tramite una esperienza di utilizzo guidata, per affrontare in modo efficace i più comuni scenari di migrazione. Per rimanere aggiornati sugli sviluppi più recenti della soluzione è possibile consultare questa pagina, che fornisce informazioni su nuovi rilasci e nuove funzionalità. In particolare, questo mese le principali novità riguardano:

  • Possibilità di effettuare il discovery e l’assessment di ambienti SQL in Microsoft Hyper-V e in sistemi fisici/bare-metal, nonché sui servizi IaaS di altri cloud pubblici.

Valutazione di Azure

Per testare e valutare in modo gratuito i servizi offerti da Azure è possibile accedere a questa pagina.

Azure IaaS and Azure Stack: announcements and updates (August 2022 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution now in Sweden Central

Azure VMware Solution empowers you to seamlessly extend or migrate your existing on-premises VMware workloads to Azure without the cost, effort, or risk of re-architecting applications or retooling operations. With this update Azure VMware Solution has now expanded availability to the Sweden Central Azure region.

Azure VMware Solution: public IP capability

Most customer applications running on Azure VMware Solution require internet access. These applications require both outbound and inbound internet connectivity. Azure VMware Solution Public IP is a simplified and scalable solution for running these applications. With this capability, Microsoft enables the following:

  • Direct inbound and outbound internet access for AVS to the NSX-T Edge.
  • The ability to receive up to 1000 or more Public IPs.
  • DDoS Security protection against network traffic in and out of the internet.
  • Enable support for VMware HCX (migration tool for VMwre VMs) over the public internet.

UAE North Availability Zones

Availability Zones in UAE North are made up of three unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.

Networking

Private endpoint network security group support

Private endpoint support for network security groups (NSGs) is now generally available. This feature enhancement provides you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled.

Private endpoint user-defined routes support

Private endpoint support for user-defined routes (UDRs) is now generally available. This feature enhancement will remove the need to create a /32 address prefix when defining custom routes. You will now have the ability to use a wider address prefix in the user defined route tables for traffic destined to a private endpoint (PE) by way of a network virtual appliance (NVA). In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.

Azure Stack

Azure Stack HCI

Azure Stack HCI 22H2: Network ATC improvements

Network ATC can simplify the deployment and on-going management of host networking in Azure Stack HCI. In this article are described all improvements to this component, released with Azure Stack HCI 22H2 update.

Software Defined Networking (SDN) extensions reach General Availability for WAC

SDN Infrastructure, Network Security Groups (NSGs), Logical networks, Virtual Networks, Load Balancers, and Gateways reach General Availability for Windows Admin Center (WAC). SDN Infrastructure’s “Network Controller” tab in WAC now displays information about cluster, server, and node certificates, complete with UI indications that certificate will expire soon. 

Azure IaaS and Azure Stack: announcements and updates (August 2022 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Dedicated Host restart (preview)

Azure Dedicated Host gives you more control over the hosts you deployed by giving you the option to restart any host. When undergoing a restart, the host and its associated VMs will restart while staying on the same underlying physical hardware. With this new capability, now in preview, you can take troubleshooting steps at the host level.

Azure Dedicated Host support for Ultra SSD (preview)

Currently, VMs running on Azure Dedicated Host support the use of Standard and Premium Azure disks as data disks. With this preview, Microsoft is introducing support for Azure Ultra Disks on Azure Dedicated Host. Azure Ultra disks are highly performant disks on Azure that offer high throughput (maximum of 4000 MBps per disk) and high IOPS (maximum of 160,00 IOPS per disk) depending on the disk size.
If you are running IaaS workloads that are data intensive and latency sensitive, such as Oracle DB, MySQL DB, other critical databases, and gaming applications, you will benefit from using Ultra disks as data disks on VMs hosted on Azure Dedicated Host.

Microsoft Azure available from new cloud region in Qatar

Microsoft is launching a new datacenter region in Qatar. The new datacenter region includes Azure Availability Zones, which offer you additional resiliency for your applications by designing the region with unique physical datacenter locations with independent power, network, and cooling for additional tolerance to datacenter failures.

Enforcement mode of machine configuration (previously guest configuration)

The enforcement mode of machine configuration (previously guest configuration) is now generally available. This represents the ApplyAndMonitor and ApplyAndAutocorrect auditing modes. The customer experience within Azure has not changed as a result of the renaming. Machine configuration continues to provide a native capability to audit or configure operating system settings as code, both for machines running in Azure and hybrid Azure Arc-enabled servers, directly per-machine or at-scale orchestrated through Azure Automanage, Microsoft Defender for Cloud, or Azure Policy.
You will now be able to:

  • Apply and monitor configurations: set the required configuration on your machines and remediate on demand.
  • Apply and autocorrect configurations: set the required configuration at scale and autoremediate in the event of a configuration drift.
  • Apply configurations to machines at management group level.
  • Set TLS 1.2 to machines through our newly released built-in policy.
  • Create, delete, and monitor the compliance of your configurations through the Azure portal.

Storage

Azure StorSimple 8000/1200 series will no longer be supported starting 31st December 2022

Support for the following StorSimple versions will end 31st December 2022:
• StorSimple 8000 series – 8100, 8600, 8010, 8020
• StorSimple 1200 Series
• StorSimple Data Manager
• StorSimple Snapshot Manager

The StorSimple service will reach end of life which means the following will no longer be available:
• All cloud management capability (e.g. viewing or updating settings related to volumes, shares, backups, backup policies or installing updates, etc.)
• Access to live data and backups.
• Access to customer support resources (phone, email, web)
• Hardware replacement parts and repair services for StorSimple 8000 series devices
• Software updates for StorSimple 8000 series and 1200 series devices

Microsoft has been expanding the portfolio of Azure Hybrid storage capabilities with new services for data tiering and cloud ingestion, providing more options to customers for storing data in Azure in native formats.

Networking

Azure Firewall Premium is now ICSA labs certified

Azure Firewall Premium SKU is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It provides advanced threat protection that meets the needs of highly sensitive and regulated environments and includes Intrusion Prevention System (IPS) and TLS inspection capabilities.
The new Intrusion Prevention System (IPS) certification from ICSA Labs is an important IPS certification, is an addition to existing Firewall certification, from ICSA Labs.
ICSA Labs provides credible third-party testing and certification of security and health IT products, as well as network-connected devices. This includes certification of network intrusion prevention systems.
ICSA Labs Network Intrusion Prevention System (IPS) security certification test cycle includes Azure Firewall protection against exploits aimed at approximately 100 high severity vulnerabilities in enterprise software. Because real world attacks do not happen on a quiescent network, ICSA Labs tests with an appropriate level of background traffic using various mixes of enterprise network traffic. The test included evasion techniques, platform security of the product itself, logging, secure administration, and administrative functions.
Azure Firewall is the first cloud firewall service to attain the ICSA Labs Corporate Certification for both Firewall and IPS services.

Next hop IP support for Route Server

With next hop IP support, you can deploy network virtual appliances (NVAs) behind an Azure Internal Load Balancer (ILB) to acheive key active-passive connectivity scenarios and improve connectivity performance.

Azure Management services: le novità di luglio 2022

Microsoft annuncia in modo costante novità riguardanti gli Azure management services e come di consueto viene rilasciato questo riepilogo mensile. L’obiettivo è di fornire una panoramica complessiva delle principali novità del mese, in modo da rimanere sempre aggiornati su questi argomenti ed avere i riferimenti necessari per condurre ulteriori approfondimenti.

Il diagramma seguente mostra le diverse aree relative al management, che sono contemplate in questa serie di articoli, per poter rimanere aggiornati su questi temi ed effettuare al meglio il deployment ed il mantenimento delle applicazioni e delle risorse.

Figura 1 – Overview dei Management services in Azure

Monitor

Azure Monitor

Azure Monitor per soluzioni SAP (preview)

Azure Monitor ha lanciato una nuova versione, chiamata Azure Monitor for SAP solutions (AMS), per il monitor delle soluzioni SAP (preview). Questa nuova versione consente, per i workload SAP in Azure, di raccogliere le informazioni e le telemetrie di SAP. Tale soluzione risulta utile sia per i team SAP BASIS sia per i team di infrastruttura che possono consultare le informazioni raccolte in un’unica posizione.

Strumenti di migrazione per l’Azure Monitor Agent (preview)

L’Azure Monitor Agent (AMA) offre un modo sicuro, economicamente conveniente, semplificato e performante per la raccolta dei dati di telemetria provenienti dalle macchine virtuali di Azure, da Virtual Machine Scale Set, dai server abilitati per Arc e dai client Windows. La migrazione dall’agente di Log Analytics (agenti MMA oppure OMS) dovrà avvenire entro agosto 2024. Per semplificarti questo processo, Microsoft sta mettendo a disposizione degli strumenti dedicati di migrazione degli agenti, che consentono di automatizzare il processo di migrazione. Per ulteriori dettagli è possibile consultare la documentazione ufficiale Microsoft.

Azure Monitor Agent: supporto per le User-assigned Managed Identity (preview)

Il nuovo Azure Monitor Agent (AMA) ora supporta in anteprima le User-assigned Managed Identity. Grazie a questo supporto è possibile utilizzare le policy per distribuire l’estensione dell’AMA su macchine virtuali e su virtual machine scale set. Le User-assigned Managed Identity consentono di ottenere una maggiore scalabilità e resilienza rispetto alle System Assigned Identity, diventando così il metodo consigliato per effettuare installazioni su larga scala tramite le extension.

Configure

Update management center (preview)

Update management center è la nuova soluzione che aiuta a gestire e a governare centralmente gli aggiornamenti di tutte le macchine. Funziona senza la necessità di fare attività di onboarding, in quanto è una soluzione che si basa nativamente sulla piattaforma Azure Compute e su Azure Arc-enabled servers. Questa soluzione prenderà presto il posto di Update Management di Azure Automation, rimuovendo qualsiasi dipendenza da Azure Automation e da Log Analytics. Update management center è, ad oggi, in grado di gestire e governare gli aggiornamenti su:

  • Sistemi operativi Windows e Linux
  • Macchine che risiedono in Azure, in locale e su altre piattaforme cloud, grazie ad Azure Arc

Tra i principali punti di forza della nuova soluzione troviamo:

  • Visibilità centralizzata degli aggiornamenti
  • Integrazione nativa e zero onboarding
  • Integrazione con i ruoli e le identità di Azure
  • Elevata flessibilità nella gestione degli aggiornamenti

Govern

Azure Cost Management

Aggiornamenti relativi a Microsoft Cost Management

Microsoft è costantemente alla ricerca di nuove metodologie per migliorare Microsoft Cost Management, la soluzione per fornire una maggiore visibilità su dove si stanno accumulando costi nel cloud, identificare e prevenire modelli di spesa errati ed ottimizzare i costi . In questo articolo sono riportati alcuni degli ultimi miglioramenti ed aggiornamenti riguardanti questa soluzione.

Secure

Microsoft Defender for Cloud

Nuove funzionalità, correzioni di bug e funzionalità deprecate di Microsoft Defender for Cloud

Lo sviluppo di Microsoft Defender for Cloud è in costante evoluzione e vengono introdotti miglioramenti su base continua. Per rimanere aggiornati sugli sviluppi più recenti, Microsoft aggiorna questa pagina, che fornisce informazioni su nuove funzionalità, correzioni di bug e funzionalità deprecate. In particolare, questo mese le principali novità riguardano:

Protect

Azure Backup

Smart tiering: spostamento automatico nel vault-archive tier (preview)

In Azure Backup è stata introdotta la possibilità di configurare le policy per automatizzare l’utilizzo del vault-archive tier per le macchine virtuali di Azure e per SQL Server/SAP HANA a bordo di macchine virtuali. Questo garantisce che i punti di ripristino idonei e consigliati (nel caso di macchine virtuali di Azure) vengano spostati automaticamente nel vault-archive tier. Questa operazione viene svolta in modo periodico e in base alle impostazioni della policy di backup. Inoltre, risulta possibile specificare il numero di giorni dopo i quali si desidera che i punti di ripristino vengano spostati nel vault-archive tier.

Azure Site Recovery

Mitigate vulnerabilità di Azure Site Recovery

Microsoft ha corretto una serie di vulnerabilità di Azure Site Recovery (ASR) rilasciando degli aggiornamenti il 12 luglio, durante il ciclo regolare degli aggiornamenti di Microsoft. Queste vulnerabilità interessano tutti i clienti che utilizzano ASR in uno scenario di replica da VMware/Physical verso Azure. Tali vulnerabilità sono state corrette nell’ultima versione di ASR 9.49. Per maggiori informazioni è possibile consultare questo bollettino.

Nuovo Update Rollup

Per Azure Site Recovery è stato rilasciato l’Update Rollup 62 che risolve diverse problematiche e introduce alcune novità, tra le quali quali:

  • Supporto per Linux OS/Azure verso Azure: RHEL 8.6 e Cent OS 8.6 
  • Supporto per VMware/Physical verso Azure: RHEL 8.6 e Cent OS 8.6 
  • Supporto per la configurazione delle regole di “proxy bypass” per le repliche VMware e Hyper-V, utilizzando i private endpoint. 

I relativi dettagli e la procedura da seguire per l’installazione sono consultabili nella KB specifica.

Migrate

Azure Migrate

Nuovi rilasci e funzionalità di Azure Migrate

Azure Migrate è il servizio presente in Azure che comprende un ampio portafoglio di strumenti che è possibile utilizzare, tramite una esperienza di utilizzo guidata, per affrontare in modo efficace i più comuni scenari di migrazione. Per rimanere aggiornati sugli sviluppi più recenti della soluzione è possibile consultare questa pagina.

Valutazione di Azure

Per testare e valutare in modo gratuito i servizi offerti da Azure è possibile accedere a questa pagina.

Azure IaaS and Azure Stack: announcements and updates (July 2022 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machine restore points

VM restore points provides you with a point in time snapshot of all the managed disks attached to your Virtual Machine. Customers and Azure partners who are looking to build business continuity and disaster recovery solutions can use VM restore points to capture app consistent and crash consistent backups natively on the Azure platform. This can then be used to restore disks and VMs during scenarios such as data loss, data corruption, or disaster recovery. 

NVads A10 v5 Virtual Machines

NVads A10 v5 virtual machines (VMs) are now generally available in West Europe, South Central US, and West US3 regions. The NVads A10 v5 VM series enables a wide variety of graphics, video, and AI workloads, including virtual production and visual effects, engineering design and simulation, game development and streaming, virtual desktops/workstations and more. They feature NVIDIA A10 Tensor Core GPUs, up to 72 AMD EPYC™ 74F3-series vCPUs, and are designed to offer the right choice for any workload with optimum configurations for both single user and multi-session environments. 

Azure confidential VMs (DCasv5/ECasv5-series VMs)

Azure confidential VMs are designed to offer a new, hardware-based TEE leveraging SEV-SNP, which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. Azure DCasv5/ECasv5 confidential VMs, utilizing 3rd Gen AMD EPYC processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, are available. 

Trusted Launch support for DCsv3 and DCdsv3 series Virtual Machines

Trusted Launch support for DCsv3 and DCdsv3 virtual machines is available. DCsv3 and DCdsv3 series virtual machines provides support for Intel® SGX. With all new hardware-based security paradigm is now just a few clicks away in Azure to deploy DCsv3 virtual machines with trusted launch feature.

Storage

Live resize for Premium SSD and Standard SSD Disk Storage

Resizing a disk on Azure can provide increased storage capacity and better performance for your applications. As part of our commitment to continuously add new capabilities to our Azure Disk Storage portfolio, live resize for Premium SSD and Standard SSD Disk Storage is now generally available. With live resize, you can dynamically increase the storage capacity of your Premium SSD and Standard SSD disks without causing any disruption to your applications. To reduce costs, you can start with smaller disks and gradually increase their storage capacity without experiencing any downtime.

Azure Premium SSD v2 Disk Storage (preview)

The next generation of Microsoft Azure Premium SSD Disk Storage is available in preview. This new disk offering provides the most advanced block storage solution designed for a broad range of input/output (IO)-intensive enterprise production workloads that require sub-millisecond disk latencies as well as high input/output operations per second (IOPS) and throughput at a low cost. With Premium SSD v2, you can now provision up to 64TiBs of storage capacity, 80,000 IOPS, and 1,200 MBPS throughput on a single disk. With best-in-class IOPS and bandwidth, Premium SSD v2 provides the most flexible and scalable general-purpose block storage in the cloud, enabling you to meet the ever-growing demands of your production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Moreover, with Premium SSD v2, you can provision granular disk sizes, IOPS, and throughput independently based on your workload needs, providing you more flexibility in managing performance and costs.

Networking

TLS 1.3 support on Application Gateway (preview)

The new Predefined and CustomV2 policies on Application Gateway come with TLS v1.3 support. They provide improved security and performance benefits, fulfilling the needs of your enterprise security policies. You may use out-of-the-box predefined policies or configure a preferred cipher-suite list by using the CustomV2 policy.

Azure Stack

Azure Stack HCI

Azure Marketplace for Arc-enabled Azure Stack HCI (preview)

Azure Marketplace for Arc-enabled Azure Stack HCI makes it easy and convenient to download the latest fully patched image to your cluster with just a few clicks in the Azure Portal. This preview focuses on Windows 11 Enterprise multi-session, the image used by Azure Virtual Desktop, and Windows Server 2022 Datacenter Azure Edition, which enables hot-patching (reboot-less patching) for on-premises VMs. More images will follow in the coming months. This preview is available for all in-market Azure Stack HCI.

Remote support for Arc-enabled Azure Stack HCI (preview)

When opening a case, you can now grant Microsoft support engineers remote access to your cluster to gather logs of perform remediation steps themselves. This reduces the back-and-forth that’s typical with on-premises support. New PowerShell cmdlets and Windows Admin Center tools let you precisely control and audit the access that support engineers get, including time limits, allow-listing cmdlets, and comprehensive auditing that’s always on.

Arc-enabled guest VMs with extensions for Azure Stack HCI (preview)

When you deploy a new virtual machine through Azure Arc onto Azure Stack HCI, the guest operating system is now automatically enrolled as an Arc-enabled server instance. This means you can use popular VM extensions like Custom Script to perform configuration inside the VM (like installing an application) as part of VM deployment. To illustrate the usefulness of this capability, Microsoft is providing a sample custom script extension that enrolls a VM into an Azure Virtual Desktop session host pool, eliminating manual configuration of the guest agent as its own step. This preview is available for all in-market Arc-enabled Azure Stack HCI.

Azure Stack HCI version 22H2 (preview)

The operating system at the heart of Azure Stack HCI gets a major update with new features and enhancements every year. Next month, the first significant preview of version 22H2 will become available to clusters enrolled in the public Preview channel. Like version 21H2, the new version 22H2 will be available as a free, non-disruptive, over-the-air update for all subscribers when it reaches general availability later this year. Content-wise, the update is focused on fundamental improvements to the core hypervisor, storage, and networking.

Storage replication in stretch clusters is faster, and you can convert existing volumes from fixed provisioning to thin provisioning.

Network ATC has gained new abilities, including automatic IP addressing for storage networks, support for stretch clusters, and better network proxy support.

Hyper-V live migration is faster and more reliable for switchless 2-node and 3-node clusters.

And for new installations, version 22H2 starts with a stronger default security posture, including a stronger set of protocols and cipher suites, Secured-Core Server, Windows Defender application control, and other well-known security features enabled by default right from the start.

Azure Stack Hub

Azure Well-Architected Framework Assessments (preview)

Two pillars of the Well-Architected Framework are available in Preview for Azure Stack Hub on the Microsoft Assessment Platform: Reliability and Operational Excellence. If you are using Azure Stack Hub to deploy and operate workloads for key business systems, it is now possible to answers questions for these pillars within the assessments platform. After completing the assessments, you will be provided with a maturity or risk score, together with prescriptive guidance and knowledge links that suggest possible improvements you could make to your architecture design and score.