This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite (November 2021) conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.
Azure
Compute
Azure trusted launch for Virtual Machines
Azure trusted launch protects your virtual machines against boot kits, rootkits, and kernel-level malware. Trusted launch allows administrators to deploy virtual machines with verified and signed bootloaders, OS kernels, and drivers. By leveraging secure and measured boot, administrators gain insights and confidence of the entire boot chain’s integrity. With virtual Trusted Platform Module (vTPM), administrators can securely protect keys, certificates, and secrets in the virtual machines. In addition, administrators can monitor and attest to the integrity of virtual machines as well as reacting to any changes to the attestation policy baseline. Azure Security Center serves as a single pane of glass for integrity alerts, recommendations, and remediations generated by trusted launch. These new features are easily enabled , trusted launch is switched on with a simple change in deployment code or a checkbox within the Azure portal for all virtual machines.
Expansion of the Azure Virtual Machines portfolio
New Azure Virtual Machines, which provide better price-performance for most general-purpose and memory-intensive workloads compared to prior VM generations, are now generally available. This important expansion of the Azure Virtual Machines portfolio now includes:
- The general availability of Dv5 and Ev5 Azure VMs, which deliver up to 15% increased performance for many workloads and better price-performance than the previous Dv4 and Ev4-series VMs. These new VMs can scale up to 96 vCPUs and feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration.
- The new Dasv5 and Easv5 Azure VMs are based on the 3rd Generation AMD EPYCTM 7763v (Milan) processor. These new VMs provide options with and without local disk storage for a lower price of entry. Standard SSDs, Standard HDDs, Premium SSDs, and Ultra Disk storage are supported based on regional availability. In addition, support for nested virtualization is also available.
- The new DCsv3 and DCdsv3-series Azure Virtual Machines transform the state-of-the-art for confidential workloads. Now with the 3rd Gen Intel Xeon Scalable processors, the capabilities of DC-series have improved substantially.
The Dv5 and Dasv5 Azure VMs, work well for many general computing workloads, e-commerce systems, web front ends, desktop virtualization solutions, customer relationship management applications, entry-level and mid-range databases, application servers, and more. The Ev5 and Easv5 Azure VMs are ideal for memory-intensive enterprise applications, larger relational database servers, data warehousing workloads, business intelligence applications, in-memory analytics workloads, and additional business-critical applications.
Azure Virtual Machine Scale Sets: new orchestration mode
Virtual Machine Scale Sets flexible orchestration mode helps you simplify the deployment, management, and scalability of your applications. These new features also combine the functionality of our previously separate Availability Sets and Virtual Machine Scale Sets offerings. As a result, you will now be able to manage your business-critical applications more effectively while ensuring high availability at massive scale. Additionally, this new capability provides full control of the individual VMs within a scale set while increasing overall performance. IT organizations will now also be able to change VM sizes without redeploying their scale set resulting in greater operational agility. They will also be able to mix Spot Virtual Machines and pay-as-you-go VMs within the same scale set to optimize costs while managing VMs and VM scale sets using the same APIs.
Azure VMware Solution now generally available in the Germany West Central Azure region
Azure VMware Solution has now expanded availability to Germany West Central, this update is in addition to the existing availability multiple Azure regions in US, Europe, Australia, Japan, UK, Canada, Brazil and Southeast Asia (Singapore).
Storage
Centralized management of keys for encrypting Azure disks
Now you can manage your Azure Key Vault centrally in a single subscription and use the keys stored in the Key Vault to encrypt managed disks and snapshots in other subscriptions in your organization. This allows your security team to enforce and easily manage a robust security policy to a single subscription.
On-demand disk bursting for Azure Premium SSDs
Microsoft is announcing the general availability of on-demand bursting on Azure Premium SSDs larger than 512 GiB or larger. Unlike the previous credit-based system where you can only burst if you have accumulated credits, the new on-demand bursting capability allows you to burst up to 6X (up to 30,000 IOPS and 1,000 MB/s of throughput) of the provisioned amount whenever needed. This provides you with the flexibility to scale performance to meet demand and optimize costs. You can easily take advantage of on-demand bursting by enabling it on supported Premium SSD disks. You will pay for a burst enablement fee and burst transaction costs for the additional transactions beyond the provisioned target.
Live resize of Azure Disk Storage (preview)
Resizing a disk on Azure can provide more storage capacity and better performance for your applications. Now, with live resize in preview, you can dynamically increase the size of your disks without any downtime to your application. You can start with smaller disks to keep costs down and increase the size of your disks without any downtime as your data footprint grows.
Cross-region snapshot copy for Azure Disk Storage (preview)
Incremental snapshots are cost-effective point-in-time backups of Azure Managed Disks. They are billed for the changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage, irrespective of the storage type of the parent disk. With cross-region snapshot copy now in preview, you can easily copy of incremental snapshots to any region of your choice. Azure manages the copy process and ensures that only changes since the last snapshot in the target region are copied over, reducing the data footprint and recovery point objective (RPO).
Azure VMware Solution: new capabilities introduced for disk pool (preview)
New capabilities are introduced in Disk Pool (preview) to enable Disk storage as the persistent storage for Azure VMware Solution. Disk Storage integration with Azure VMware Solution combines the power of familiar VMware technology running on Azure, with efficient Azure Disk Storage. Disk Pool enables Azure VMware Solution to access Disk storage by surfacing an Internet Small Computer Systems Interface (iSCSI) endpoint for disks. You can add new or existing disks to disk pool and expose them as datastores in Azure VMware Solution. Microsoft is introducing new capabilities to disk pool across availability, cost-effectiveness, and end-to-end integration:
- Improved availability of disk pool with an enhancement to the underlying iSCSI infrastructure to a Highly Availably architecture with dual controller support
- Addition of Azure Standard SSDs as a supported disk offering for a more cost-effective option for Disaster Recovery scenarios
- Updates to the pricing model to a service-based pricing model. Currently, customers are being billed for the managed resources deployed to support disk pool. With this new pricing model, customers will be charged an hourly service fee, which is based on the performance tier selected (Basic, Standard, Premium SKUs). The pricing model change will be effective on December 1, 2021.
- End-to-end portal experience for connecting a disk pool to Azure VMware Solution clusters and managing underlying storage
Networking
Bastion Standard SKU
With the new Azure Bastion Standard SKU, you can now perform/configure the following:
-
Manually scale Bastion host Virtual Machine instances: Azure Bastion supports manual scaling of the Virtual Machine (VM) instances facilitating Bastion connectivity. You can configure 2-50 instances to manage the number of concurrent SSH and RDP sessions Azure Bastion can support.
-
Azure Bastion admin panel: Azure Bastion supports enabling/disabling features accessed by the Bastion host.
Azure Virtual Network Manager (preview)
Azure Virtual Network Manager is a highly scalable and available network management solution. It allows you to simplify network management across subscriptions globally. Using the centralized network management capabilities, you can manage your network resources at scale from a single plane of glass.
Key features of Azure Virtual Network Manager include:
- Global management of virtual network resources across regions and subscriptions
- Automated management and deployment of virtual network topologies such as hub and spoke and mesh
- High-priority security rule enforcement at scale to protect your network resources
- Simple deployment of network configurations
Gateway Load Balancer (preview)
Gateway Load Balancer is a fully managed service enabling you to deploy, scale, and enhance the availability of third party network virtual appliances (NVAs) in Azure. You can add your favorite third party appliance whether it is a firewall, inline DDoS appliance, deep packet inspection system, or even your own custom appliance into the network path transparently, all with a single click.
With Gateway Load Balancer, you can easily add or remove advanced network functionality without additional management overhead. It provides the bump-in-the-wire technology you need to ensure all traffic to a public endpoint is sent to the appliance before your application. What makes Gateway LB even more powerful is ensuring symmetrical flows or ensuring a consistent route to your network virtual appliance, without having to update routes manually. As a result, packets traverse the same network path in both directions to function are able to do so.
NAT gateway integration with AKS
You can now provision a NAT gateway as part of cluster creation or create an AKS cluster with a NAT gateway on an existing VNET, instead of configuring a NAT gateway manually. A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to external services, but external services cannot initiate a connection. With NAT gateway support, ingress traffic can be handled via the Load Balancer, and egress traffic can be distributed across up to 16 IP addresses, providing the potential for 64,000 concurrent UDP and TCP flows per IP.
New troubleshooting experiences in Network Insights for VPN Gateway & Azure Firewall
Access rich insights and new troubleshooting experiences in Azure Monitor Network Insights for VPN Gateway and Azure Firewall.
With the new resources, you can access:
- A resource topology showing resource health and connected resources
- A pre-built workbook showing all key metrics along multiple
- Direct links to documentation and troubleshooting help
ExpressRoute private peering support for BGP communities and FastPath improvements (preview)
ExpressRoute private peering now supports the use of custom Border Gateway Protocol (BGP) communities with virtual networks connected to your ExpressRoute circuits. Once you configure a custom BGP community for your virtual network, you can view the regional and custom community values on outbound traffic sent over ExpressRoute when originating from that virtual network. These values can be used when applying filters or specifying routing preferences for traffic sent to your on-premises from your Azure environment.
Also, ExpressRoute FastPath now supports a greater variety of scenarios, such as support for traffic sent to peered virtual networks.
Azure Network Function Manager
Azure Network Function Manager, which offers a consistent management experience for pre-validated mobile network functions to enable a private LTE/5G solution, is now generally available. The service also enables a seamless cloud-to-edge experience for Azure Marketplace network functions like SD-WAN and VPN. For a true hybrid experience, customers can use Azure Marketplace to choose from a pre-validated list of marketplace network functions to help ensure proper operation with Azure Stack Edge.
Azure Stack
Azure Stack HCI
Azure Virtual Desktop for Azure Stack HCI (preview)
With Azure Virtual Desktop for Azure Stack HCI, you can maintain full control over your infrastructure and enjoy the advantages of Azure Virtual Desktop in your own datacenter, including a full Windows 10 and 11 desktop experience for users with multi-session or single session support to optimize cost and performance.
Azure benefits for Windows Server
To license and activate Windows Server, Azure Stack HCI already lets you bring your own Datacenter license to enable automatic VM activation (AVMA). Coming soon, if you don’t already have a license, there’s a convenient new option to pay for your Windows Server guests through your Azure subscription, just like in Azure.
Arc-enabled VM management (preview)
In addition to managing your host cluster, you can now use Azure Arc to provision and manage virtual machines running on Azure Stack HCI directly from the Azure Portal. VMs and their associated resources like VM images, disks, and networks are projected into ARM as separate first-class resources by a new cross-platform technology called the Arc resource bridge.
