Archivi categoria: Microsoft Azure

Azure Management services: what’s new in November 2023

November has brought a series of significant updates in the Azure management services landscape. In this monthly recap, the most relevant innovations are highlighted, thus allowing for a specific deep dive into the new functionalities and optimizations introduced.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Monitor System Center Operations Manager (SCOM) Managed Instance

Azure Monitor SCOM Managed Instance brings the capabilities of SCOM monitoring and configurable health models to Azure Monitor. As an integrated feature in Azure Monitor, SCOM Managed Instance provides a cloud-based alternative for SCOM customers, ensuring continuity of monitoring for both cloud and on-premises environments. SCOM Managed Instance is now available to everyone and since its preview, it has added multiple features, such as the integration of SCOM alerts with Azure Monitor alerts, the ability to send integrated alerts to IT service management tools, the capability to view service health from the Azure portal, and an improved onboarding experience.

Azure Monitor Agent integrated with Connection Monitor

Azure Monitor Agent, integrated with Connection Monitor, offers an effective solution for network connectivity monitoring. This integration simplifies the management of monitoring agents by consolidating multiple functions into a single agent. It enables the collection of network connectivity and performance data for both Azure and on-premises environments enabled with Azure Arc. New features include improved support for Azure Arc on-premises endpoints and simpler management of monitoring extensions. Additionally, there are plans to expand support for additional Azure resources and enhance performance metrics.

Azure Monitor Log Storage up to 12 Years

More than a year ago, Azure Monitor Logs launched a log storage solution that allows logs to be retained for up to seven years at a reduced cost. This feature has been valuable for many customers with regulations requiring long-term data retention. Since the introduction of this storage capability, there has been a steady increase in the number of customers utilizing log storage and in the duration of data retention. There has also been demand from many customers for longer storage periods beyond the supported seven years. Examples include tax authorities and healthcare regulations in some countries, which require data retention for 10-12 years. After extensive technical discussions and evaluations, Microsoft has extended the supported retention period, and Azure Monitor Logs now supports up to 12 years of data retention.

Adding dynamic values in custom alert fields

Microsoft recently introduced a new feature for Azure Monitor alerts, which now allows the addition of dynamic values in custom fields. This feature is particularly useful for customizing alarm notifications, allowing users to include values dynamically extracted from the alert payload or a combination of both. This update significantly improves the flexibility and effectiveness of alarm notifications, allowing for more customization in actions triggered by action groups, such as webhook actions, Azure function, or logic app. This new capability enhances the precision and relevance of alarm notifications, improving the management and monitoring of infrastructure and applications on Azure.

OpenTelemetry deployment for ASP.NET Core Applications

Microsoft announced the general availability of Azure Monitor’s OpenTelemetry deployment for ASP.NET Core applications. Part of the Azure Monitor ecosystem, this offering is designed for native cloud application monitoring, enabling customers to observe failures, bottlenecks, and usage patterns to more quickly resolve incidents and reduce downtime. The OpenTelemetry deployment of Azure Monitor includes a thin wrapper for easy implementation with a single line of code, along with specific Azure features for an optimized experience on the platform. This deployment is open and extensible, allowing data to be sent to multiple destinations and extended with a rich set of OpenTelemetry instrumentation libraries that collect data from a wide range of frameworks and environments.

Latency Metrics for Azure Disks and Performance Metrics for Temporary Disks on Azure Virtual Machines (preview)

Microsoft recently announced the introduction of the capability to monitor latency across OS, data, and temporary disks using the SCSI protocol, with support for the NVMe protocol coming soon. This improvement is particularly important for high-performance applications such as SAP Hana and OLTP databases, where latency plays a crucial role in read and write operations. It is now possible to track latency operations on OS, data, and temporary disks using Azure Monitor metrics. Additionally, temporary disks, which are by nature non-persistent and typically found in Virtual Machine (VM) families marked with a ‘d’ in their name, are now accessible for performance monitoring on Azure Monitor. It is now easy to monitor queue depth, IOPS, and throughput for these temporary disks, even though their storage does not persist beyond the lifecycle of the associated VM.

Azure Monitor Agent and JSON Log Collection (preview)

Azure Monitor Agent (AMA) now supports the collection of logs in JSON format for ingestion into Log Analytics. This new feature is designed to enable customers to collect their JSON-formatted logs generated in their services or applications and insert them into a Log Analytics workspace table for analysis. The AMA agent is required to use custom JSON logs.

Integration of Azure Monitor alerts with Event Grid for Azure Key Vault System Events (preview)

Microsoft recently announced a new feature in public preview: the integration of Azure Monitor Alerts with Event Grid for Azure Key Vault system events. This integration represents a significant step in the evolution of event and alert management services in Azure. Azure Monitor alerts are essential for detecting and addressing issues before users become aware, proactively notifying when Azure Monitor data indicates there might be a problem with the infrastructure or application. The integration with Event Grid enables efficient communication of events that indicate changes in the system state. This approach is common in decoupled architectures, such as those using microservices. With Azure Monitor alerts as a destination in Event Grid event subscriptions, it is possible to receive critical event notifications through action groups such as SMS, email, push notifications, and more. This feature, currently available only for Azure Key Vault system events, combines Event Grid’s low-latency event delivery with the flexibility and direct-to-customer notifications of Azure Monitor alerts.

Configure

Azure Automation

Azure Automation now supports PowerShell 7.2

Azure Automation has announced the general availability of PowerShell 7.2 runbooks. Users can now create runbooks in the long-term supported version of PowerShell, using the Azure Automation extension for Visual Studio Code, enhanced by GitHub Copilot, and run them on a secure and reliable platform.

Govern

Azure Advisor

Enhancing the reliability of Azure Disks with the introduction of Zone Redundant Storage

Microsoft has announced the general availability of a new Azure Advisor recommendation that enhances the reliability of Azure disks through the use of Zone Redundant Storage (ZRS). Disks with ZRS offer synchronous data replication across three Availability Zones within a region, significantly increasing resilience. By adopting this recommendation, users can now design their solutions using ZRS disks, ensuring that their disks can withstand a zonal outage. This update brings a notable improvement in the resilience of solutions, preventing downtime and interruptions.

Azure Cost Management

Exporting costs via the FOCUS Schema (preview)

The FinOps Open Cost and Usage Specification (FOCUS) is an innovative initiative aimed at establishing a common, provider- and service-agnostic format for billing data. This format allows organizations to better understand cost and usage patterns and optimize spending and performance across multiple cloud offerings, software as a service (SaaS), and even on-premises solutions. Microsoft Cost Management is introducing support for exporting cost and usage data aligned with the FOCUS schema as part of a limited preview ahead of the upcoming major release of FOCUS.

Updates related to Microsoft Cost Management

Microsoft is continually seeking new methods to enhance Microsoft Cost Management, the solution for providing greater visibility into where costs are accumulating in the cloud, identifying and preventing incorrect spending patterns, and optimizing costs. This article details some of the latest improvements and updates regarding this solution.

Azure Arc

VMware vSphere rnabled by Azure Arc

VMware vSphere enabled by Azure Arc helps users simplify the management of their hybrid IT environment spread across VMware vSphere and Azure. Customers can begin by connecting Azure Arc to resources in VMware vSphere deployments, thus facilitating the large-scale installation of agents and enabling Azure’s management, monitoring, and security solutions on on-premises systems.

Self-Service capabilities of System Center Virtual Machine Manager (SCVMM) in Azure with Azure Arc

The self-service capabilities of System Center Virtual Machine Manager (SCVMM) are now generally available in Azure through Azure Arc. Once connected with Azure Arc, customers can manage and control their SCVMM environments on Azure and perform self-service operations on virtual machines (VMs) directly from the Azure portal. This provides customers with a consistent management experience across Azure for both cloud and hybrid environments.

New features for SQL Server enabled by Azure Arc

The enhancements to SQL Server enabled by Azure Arc provide additional management capabilities for SQL Server systems operating outside of Azure:

  • Monitoring for SQL Server Enabled by Azure Arc (preview). The monitoring for SQL Server enabled by Azure Arc, now in preview, will allow customers to gain visibility across their entire SQL Server infrastructure, both in on-premises data centers and in the cloud. This enhances the performance of databases and allows for quicker diagnosis of issues.
  • Improved High Availability and Disaster Recovery (HA/DR) Management for SQL Server Enabled by Azure Arc (Preview). With Azure Arc, customers can now improve operational continuity and the availability of SQL Server by viewing and managing Always On availability groups, failover cluster instances, and backups directly from the Azure portal.
  • Extended Security Updates for SQL Server Enabled by Azure Arc. These updates, which provide critical security updates for up to three years after the end of extended support, are now available as a service through Azure Arc.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • DevOps Security Insights for GitHub, Azure DevOps, and GitLab. Users will gain deep visibility into the security posture of their applications on GitHub, Azure DevOps, and GitLab within Defender for Cloud. In addition to advanced security for GitHub and Azure DevOps, with the preview of GitLab Ultimate integration, Defender for Cloud now supports the three main development platforms.
  • Integration with Microsoft Entra Permissions Management. Users will get a centralized view of the Permissions Creep Index, implement access controls based on the principle of least privilege for cloud resources, and proactively analyze attack paths by linking access permissions to other potential vulnerabilities on Azure, Amazon Web Services (AWS), and Google Cloud.
  • Enhanced Container Security in Multicloud Environments. Users will be able to anticipate risks in containerized applications and prioritize misconfigurations and exposures in their Kubernetes deployments with the expansion of contextual graph-based capabilities of the Defender Cloud Security Posture Management (CSPM) to Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (GKE) clusters.
  • Proactive Attack Path Analysis and Faster Risk Mitigation. Users can efficiently remediate critical risks with a risk-based attack path analysis engine to identify and prioritize the resolution of more complex risks, such as cross-cloud attack paths.
  • Improved Security Posture for APIs. With the general availability of the Defender for APIs plan in Defender for Cloud, administrators will be able to gain visibility into critical business APIs, prioritize the remediation of vulnerabilities, and rapidly detect active real-time threats for APIs published in Azure API Management. New preview capabilities aimed at sensitive data classification supported by Microsoft Purview and curated attack paths will further assist security administrators in protecting data from API risks.
  • Microsoft Security Copilot. Users will be able to gain efficiency in discovering and resolving risks with the power of AI-generated guidance.

Protect

Azure Backup

Azure Backup for AKS

Microsoft has announced the general availability of Azure Backup for Azure Kubernetes Service (AKS). This native Azure solution provides simple and secure protection for containerized applications deployed on AKS, enabling customers to protect their mission-critical workloads.

Customer-Managed Key Encryption for Backup Vaults (Preview)

Microsoft Azure has introduced the capability to use customer-managed encryption keys (CMKs) for backing up data security. This feature, supported for Recovery Services Vaults, has been extended to Backup Vaults. It is now possible to use CMKs when creating a new backup vault or updating the encryption settings of an existing vault to use CMKs.

Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (November 2023 – Weeks: 45 and 46)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This week marks a significant milestone with the occurrence of the Microsoft Ignite event, bringing with it a substantial number of important updates and innovations announced by Microsoft. To delve deeper into the specific developments unveiled during this conference in these areas, I invite you to read the dedicated article: Unveiling the future: key insights from Microsoft Ignite on Azure IaaS and Azure Stack.

Azure

General

Azure to End Support for TLS 1.0 and 1.1 by 31 October 2024

Microsoft Azure has announced that it will end support for Transport Layer Security (TLS) versions 1.0 and 1.1 by 31 October 2024. This decision is part of Azure’s ongoing efforts to enhance security and provide best-in-class encryption for customer data. From this date, interactions with Azure services will require TLS 1.2 or later. While the Microsoft implementation of older TLS versions is not known to be vulnerable, TLS 1.2 and subsequent versions offer improved security features, such as perfect forward secrecy and stronger cipher suites. Customers are advised to confirm that their resources interacting with Azure services are using TLS 1.2 or later to avoid potential service disruptions. If resources are already exclusively using TLS 1.2 or later, no further action is required. However, if there is still a dependency on TLS 1.0 or 1.1, it is recommended to transition to TLS 1.2 or later by the specified deadline. Microsoft provides additional resources and support to assist with this transition.

Compute

Ubuntu Server to Ubuntu Pro in-place upgrade now available

Microsoft Azure has announced the general availability of an in-place upgrade from Ubuntu Server to Ubuntu Pro. This upgrade can be added as a subscription to your Azure Virtual Machines (VMs), enabling the transition without the need to redeploy or take VMs offline. Ubuntu Pro offers an extended support period of 10 years for over 2,300 Main and 23,000+ Universe packages, with the 18.04 version recently entering extended support. This upgrade enhances VMs with additional security and compliance features, making it a robust choice for enterprise environments. For detailed instructions on the upgrade process, Azure users can refer to the official documentation, and pricing information for Ubuntu Pro is available on the Azure pricing page.

Introducing NGads V620 Series VMs Optimized for Gaming Scenarios

Microsoft Azure has announced the general availability of the NGads V620 series VMs, a new addition optimized for gaming scenarios. These GPU-enabled virtual machines are powered by AMD Radeon™ PRO V620 GPUs and AMD EPYC 7763 (Milan) CPUs, designed to deliver a high-quality, interactive gaming experience hosted in Azure. The NGads V620 VMs feature GPU Partitioning, allowing VMs to access ¼, ½, or a whole GPU, enabling customers to tailor their performance and cost according to their business needs. Additionally, these VMs come standard with NVMe drives, offering up to 1025 GB of temp storage for rapid local data access. A key component of the NGads V620 series is the AMD Software: Cloud Edition. This software targets optimizations available in the consumer gaming version of the AMD Adrenaline driver, further tested and optimized for cloud environments. It is frequently updated to support the latest game releases. The software also supports accelerated virtual desktop environments, with Radeon PRO optimizations for high-end workstation applications in design or rendering.

Networking

Application Gateway: using a common port for Public and Private listeners

Microsoft Azure has announced the general availability of the feature that allows configuring the same port number for public and private listeners on your Application Gateway. This update simplifies the use of Application Gateway deployments to serve both internet-facing and internal clients without the need for non-standard ports or backend application customizations. The feature is available in all public regions, including Azure China and Azure Government cloud regions. Note that additional configuration may be necessary for inbound rules when using Network Security Groups.

Rate-Limit Rules for Application Gateway Web Application Firewall

Azure has introduced rate-limit custom rules for its regional Web Application Firewall (WAF) on Application Gateway, now generally available. This feature allows the detection and blocking of unusually high levels of traffic aimed at your application. Rate-limiting is instrumental in mitigating various types of denial-of-service attacks, managing misconfigured clients sending excessive requests, or controlling traffic from specific geographical locations. This enhancement bolsters the security and management of your web applications.

Application Gateway Supports IPv6 Frontend (preview)

Azure’s Application Gateway v2 is now in public preview for supporting dual-stack (IPv4 and IPv6) connections at the frontend. This upgrade enables the Application Gateway to manage traffic from both IPv4 and IPv6 clients, enhancing flexibility and connectivity options. This feature is particularly beneficial for addressing IPv4 address exhaustion and meeting various regulatory requirements. Users can now set up a new Application Gateway with both IPv4 and IPv6 addresses, reflecting Azure’s commitment to delivering top-notch service and customer experience.

Storage

Azure NetApp Files Datastores for Azure VMware Solution in US Government Regions

Azure NetApp Files datastores have achieved general availability in US Government Cloud regions to support storage-intensive workloads on Azure VMware Solution (AVS). This advancement allows users to create datastores through the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes, which can be attached to any selected private cloud clusters. With the ability to scale storage independently of compute and surpass the local instance storage limits provided by vSAN, this feature aims to reduce the total cost of ownership. This service is now available in the US Gov Virginia and US Gov Arizona regions.

Azure Elastic SAN Updates – Snapshots, Security, and Usability (preview)

Azure Elastic SAN, currently in preview, has received new updates to enhance its performance and security. The updates include live volume resizing, force delete capabilities, and Server-Side Encryption with Customer Managed Keys (SSE with CMK) for improved security. As a VMware Certified datastore, Elastic SAN offers scalable storage and performance, which optimizes total cost of ownership and scalability. These improvements are part of Azure’s ongoing efforts to provide seamless integration with other native Azure products and a robust, secure storage solution.

Azure Stack

Azure Stack HCI

AKS on Azure Stack HCI and Windows Server 2023-10-30

The AKS HCI management cluster has been updated to Kubernetes version 1.26.6, laying the groundwork for future Kubernetes versions for workload clusters. This release includes security updates to address vulnerabilities, enhancements to Azure Arc onboarding prechecks for better network resilience, and several bug fixes. Users are encouraged to try AKS on Azure Stack HCI or Windows Server using the evaluation guide and to contribute feedback and follow the AKS hybrid roadmap through GitHub.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Unveiling the future: key insights from Microsoft Ignite 2023 on Azure IaaS and Azure Stack HCI

In this article, I take you through the latest technological advancements and updates announced at the recent Microsoft Ignite event. With a focus on Azure Infrastructure as a Service (IaaS) and Azure Stack, my aim is to provide a thorough and insightful overview of the innovative solutions and strategic initiatives unveiled by Microsoft. This pivotal event, renowned for its groundbreaking revelations in the tech sphere, has introduced a range of new features, enhancements, and visionary developments within the Microsoft ecosystem. I invite you to join me in exploring these developments in detail, as I offer my personal insights and analysis on how they are set to shape the future of cloud infrastructure and services.

Azure

General

Microsoft recently unveiled Copilot for Azure, an AI companion designed to enhance the design, operation, optimization, and troubleshooting of applications and infrastructure, from cloud to edge. Leveraging large language models and insights from Azure and Arc-enabled assets, Copilot offers new insights and functionality while prioritizing data security and privacy.

In AI infrastructure updates, Microsoft is optimizing its hardware and software stack, collaborating with industry leaders to offer diverse AI inferencing, training, and compute options. Key developments include:

  • Custom silicon chips, Azure Maia and Azure Cobalt, for AI and enterprise workloads, enhancing performance and cost-effectiveness.
  • Azure Boost, enhancing network and storage performance, is now generally available.
  • ND MI300 v5 virtual machines with AMD chips, optimized for generative AI workloads.
  • NC H100 v5 virtual machines with NVIDIA GPUs, improving mid-range AI training and inferencing efficiency.

Additionally, Microsoft and Oracle have announced the general availability of Oracle Database@Azure, integrating Oracle database services with Microsoft Azure’s security and services, starting in the US East Azure region in December 2023 and expanding further in early 2024.

Compute

Azure is introducing new AMD-based virtual machines (VMs), now in preview, featuring the 4th Generation AMD EPYC™ Genoa processor. These VMs offer enhanced performance and reliability across various series, each with different memory-to-core ratios catering to general purpose, memory-optimized, and compute-optimized needs.

For SAP HANA workloads, the Azure M-series Mv3 family, powered by 4th-generation Intel® Xeon® Scalable processors and Azure Boost, provides faster insights and improved price-performance. They also offer improved resilience, faster data load times for SAP HANA OLAP workloads, and higher performance per core for SAP OLTP workloads. Azure Boost enhances these VMs with improved network and storage performance and security.

Azure also introduces new confidential VMs with Intel processors, featuring Intel® Trust Domain Extensions (TDX) for secure processing of confidential workloads in the cloud. These VMs support a range of new features, including RHEL 9.3 for AMD SEV-SNP confidential VMs, Disk Integrity Tool for disk security, temporary disk encryption for AMD-based VMs, and expanded regional availability. The NCCv5 series confidential VMs, equipped with NVIDIA H100 Tensor Core GPUs, are unique in the cloud sphere. They offer AI developers the ability to deploy GPU-powered applications confidentially, ensuring data encryption in both CPU and GPU memory and providing attestation reports for data privacy.

Also, Azure has introduced two new features in public preview:

  • Azure VMSS Zonal Expansion: this feature allows users to transition their VMs from a regional to a zonal configuration across Azure availability zones, significantly enhancing business continuity and resilience.
  • VM Hibernation: Azure now offers a VM hibernation feature, allowing users to save on compute costs. When a VM is hibernated, its in-memory state is preserved in the OS disk, and the VM is deallocated, incurring charges only for storage and networking resources. Upon reactivation, the VM resumes its applications and processes from the saved state, allowing for quick continuation of work.

These updates reflect Azure’s commitment to offering advanced, secure, and versatile cloud computing options.

Storage

Azure has announced several updates to its storage services to enhance data management, performance, and cloud migration:

  • Azure Ultra Disk Storage: the IOPS and throughput for Azure Ultra Disk Storage have been increased, now supporting up to 400,000 IOPS and 10,000 MB/s per disk. This enhancement allows a single disk to support the largest VMs, reducing the need for multiple disks and enabling shared disk configurations.
  • Azure Storage Mover: this service, now generally available, facilitates the migration of on-premises file shares to Azure file shares and Azure Blob Storage. It includes new support for SMB share migration and a VMware agent image.
  • Azure Native Qumulo Scalable File Service: the ANQ V2 offers improved economics and scalability, separating performance from capacity. It simplifies cloud file services, enabling rapid deployment and management through a unified namespace.
  • Amazon S3 Shortcuts: now generally available, these shortcuts allow the integration of data in Amazon S3 with OneLake, enabling a unified virtualized data lake without data duplication.
  • Azure Data Lake Storage Gen2 Shortcuts: these shortcuts, also generally available, enable connection to external data lakes in ADLS Gen2 into OneLake. This allows data reuse without duplication and enhances interoperability with Azure Databricks and Power BI.

Networking

Azure introduces several updates aimed at enhancing network security, flexibility, and performance:

  • Private Subnet: a new feature allowing the disabling of default outbound access for new subnets, enhancing security and aligning with Azure’s “secure by default” model.
  • Customer-controlled maintenance: this public preview feature allows scheduling gateway maintenance during convenient times across various gateway resources.
  • Azure Virtual Network Manager Security Admin Rule: now generally available in select regions, it enforces standardized security policies globally across virtual networks, enhancing security management and reducing operational complexities.
  • ExpressRoute Direct and Circuit in different subscriptions: this general availability feature allows ExpressRoute Direct customers to manage network costs and connect circuits from multiple subscriptions, improving resource management.
  • ExpressRoute as a Trusted Service: now customers can store MACsec secrets in Azure KeyVault with Firewall Policies, restricting public access while enabling trusted service access.
  • ExpressRoute seamless gateway migration: this feature enables a smooth migration from a non-availability zone to an Availability-zone (AZ) enabled Gateway SKU, eliminating the need to dismantle existing gateways.
  • Rate Limiting on ExpressRoute Direct Circuits: this public preview feature allows rate-limiting on circuits, optimizing bandwidth usage and improving network performance.
  • ExpressRoute Scalable Gateway: The new ErGwScale Virtual Network Gateway SKU offers up to 40 Gbps connectivity and features auto-scaling based on bandwidth usage, enhancing flexibility and efficiency in network connectivity.

Azure Stack

Azure Stack HCI

Azure Stack HCI version 23H2

At Microsoft Ignite 2023, the company announced the public preview of Azure Stack HCI version 23H2, introducing several advancements. Key features include cloud-based deployment, update management, and monitoring, enhancing the ease and efficiency of managing infrastructure at scale. With version 23H2, deployment from the cloud is now possible, simplifying the setup process and minimizing on-site expertise requirements. The new Lifecycle Manager consolidates updates into a monthly package, streamlining update management and reducing compatibility issues. Azure Stack HCI now offers comprehensive monitoring with Azure Monitor, providing detailed insights into system performance and health.

The update also emphasizes central management of diverse workloads, whether container-based, VM-based, cloud, or edge-run, through Azure Arc and an adaptive cloud approach. Version 23H2 supports a variety of virtual machines and introduces Azure Kubernetes Service for edge-based container management. Additionally, Azure Virtual Desktop for Azure Stack HCI is in preview, offering enhanced virtualized desktops and apps with improved latency and optional GPU acceleration.

Significant attention is given to security with Azure Stack HCI version 23H2. It ensures a secure deployment by default and integrates with Microsoft Defender for Cloud for comprehensive security management. The Trusted launch feature for Azure Arc-enabled virtual machines, previously exclusive to the Azure cloud, is now available at the edge, providing additional protection against firmware and bootloader attacks.

While the 23H2 version is currently available for preview, it is not yet recommended for production use, with general availability (GA) expected in early 2024. Microsoft advises customers to continue using version 22H2 for production environments, with an update path from 22H2 to 23H2 to be detailed later. For more detailed information on Azure Stack HCI version 23H2, readers are encouraged to visit this article.

Conclusion

As we wrap up our exploration of the latest updates from Microsoft Ignite, it’s clear that the advancements in Azure IaaS and Azure Stack are not just incremental; they are transformative. Microsoft’s commitment to innovation and its vision for a more integrated, efficient, and scalable cloud infrastructure is evident in every announcement and feature update. These developments promise to redefine how businesses and developers leverage cloud computing, enhancing agility, security, and sustainability.

The implications of these updates extend beyond mere technical enhancements; they signal a shift towards a future where cloud infrastructure is more accessible, resilient, and adaptive to evolving business needs. As I conclude this article, I am left with a sense of excitement and anticipation for what these changes mean for the industry. The journey of cloud computing is ever-evolving, and with Microsoft’s recent announcements at Ignite, we are witnessing a significant leap forward in that journey.

Thank you for joining me in this deep dive into Microsoft’s latest innovations. I look forward to continuing this discussion and exploring how these advancements will unfold and impact our digital world in the days to come.

Azure IaaS and Azure Stack: announcements and updates (November 2023 – Weeks: 43 and 44)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Integration with Canonical’s Snapshot Service (preview)

Microsoft has announced a public preview of Azure’s integration with Canonical’s Snapshot Service, marking a significant step forward in the deployment of secure and resilient Canonical workloads on Azure. This collaboration positions Azure as the first cloud provider to integrate with Canonical’s snapshot service. The integration aims to streamline the update process for Linux operating systems, enhancing security and reliability across Azure services. The Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) will utilize this new feature to apply consistent updates across different regions using Safe Deployment Principles (SDP). This initiative underscores Microsoft’s commitment to providing a secure and up-to-date environment for Linux-based applications on Azure.

Compute

Extension of Azure Compute Reservations Exchange Period

Microsoft Azure has announced a significant extension of the exchange period for Azure Compute Reservations, which includes Azure Reserved Virtual Machine Instances, Azure Dedicated Host reservations, and Azure App Services reservations. Initially set to end on January 1, 2024, the exchange period has been extended until at least July 1, 2024. This extension provides an additional grace period, allowing users to exchange their Azure Compute Reservations to better suit their resource needs and planning. Launched in October 2022, the Azure Savings Plan for Compute aims to offer greater flexibility, accommodating changes such as virtual machine series and regions. After the grace period, it will no longer be possible to exchange instance series or regions for the mentioned reservations. Users can choose to convert their Azure Compute Reservations into a savings plan or continue to use and purchase reservations for predictable and stable workloads.

Networking

Default Rule Set 2.1 for Regional WAF with Application Gateway

Microsoft Azure has reached a new milestone with the general availability of Default Rule Set (DRS) 2.1 for the regional Web Application Firewall (WAF) on Azure Application Gateway. This release is based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and is enhanced with additional proprietary protection rules developed by the Microsoft Threat Intelligence team. The team’s analysis of Common Vulnerabilities and Exposures (CVEs) has been instrumental in adapting the CRS to address these vulnerabilities while minimizing false positives. This update reflects Microsoft’s dedication to providing robust security measures for applications deployed on Azure, ensuring that they are safeguarded against a wide array of threats.

Azure Bastion for Developers (Preview)

Azure Bastion now offers a developer-focused preview that enables secure and seamless RDP and SSH access to virtual machines over the Azure platform. This service is designed to provide a more integrated and streamlined experience for developers, with features that cater specifically to their workflows and access requirements. The preview aims to enhance productivity and security for development environments hosted on Azure.

Storage

Azure Blob Storage Cold Tier

Azure Blob Storage has announced the general availability of its Cold Tier support for Blob Batch operations as of August 10th, 2023. This new online access tier is the most cost-effective option within Azure Blob Storage for storing infrequently accessed data that requires long-term retention while still providing instant access. Blob Batch operations have been enhanced to support tiering operations for the cold tier, allowing for the efficient management of large volumes of data. For more information on optimizing performance and cost with the Cold Tier, users can refer to the Azure documentation.

TLS 1.2 to Become the Minimum TLS Version for Azure Storage

In a move to align with evolving technology and regulatory standards, Azure Storage is set to deprecate support for TLS versions 1.0 and 1.1. Starting from November 1, 2024, the minimum supported version will be TLS 1.2. This update is crucial as TLS 1.2 offers enhanced security and speed over its predecessors, which do not support modern cryptographic algorithms and cipher suites. The change will affect both existing and new storage accounts that are currently using the older TLS versions across all Azure clouds.

To prevent any service disruptions, users of Azure Storage are required to transition to TLS 1.2 and eliminate any dependencies on the older versions. Azure Storage already supports and defaults to TLS 1.2, so customers using it will not experience any impact due to this update. However, for those utilizing TLS 1.0 or 1.1, it is imperative to update operating systems, development libraries, frameworks, and any other solutions to the latest versions that support TLS 1.2 before October 31, 2024.

Azure has provided a set of recommendations and resources to facilitate this migration. For further details and guidance, users can navigate to the Azure updates page.

Azure Premium SSD v2 Disk Storage Now Available in More Regions

Azure Premium SSD v2 Disk Storage has expanded its availability, now including Poland Central, China North 3, and US Gov Virginia regions. This next-generation storage solution provides sub-millisecond disk latencies and is designed to support IO-intensive workloads at a cost-effective price point. It is ideal for a variety of enterprise production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, and big data analytics. For more information on Premium SSD v2 Disk Storage and pricing, users can refer to the Azure Managed Disks pricing page.

Azure NetApp Files Standard Storage with Cool Access (preview)

Azure has introduced a new feature in public preview for Azure NetApp Files, standard storage with cool access. This innovative feature allows users to configure a standard capacity pool with cool access, effectively moving cold (infrequently accessed) data transparently to an Azure storage account. This transition aims to reduce the cost of storage while maintaining the same throughput to and from the volume.

However, users should note that there might be a difference in data access latency, as data blocks could be tiered to the Azure storage account. The cool access feature offers options for the “coolness period” to optimize network transfer costs based on specific workload and read/write patterns. This functionality is provided at the volume level.

During the preview phase, this feature is available in several regions, including East US2, East Asia, Central India, Canada Central, Australia East, North Europe, Brazil South, France Central, Australia Southeast, and Canada East. More regions will be added as the preview progresses.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in October 2023

This month, Microsoft has introduced a series of significant updates to the Azure management services. Through this series of monthly articles, I aim to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, giving you the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM insights: migration to Azure Monitor agent by August 31, 2024

On August 31, 2024, VM insights based on the Log Analytics agent will be retired. It is recommended to migrate to the Azure Monitor agent for VM insights, which offers several improvements, including:

  • Enhanced security and performance.
  • Data collection rules to help reduce costs.
  • A simplified management experience, facilitating troubleshooting.

Integrated Azure Monitor alerts for Azure Site Recovery (preview)

Microsoft recently announced the preview availability of integrated Azure Monitor alerts for Azure Site Recovery. This new feature allows Azure users to more effectively monitor the status and performance of their disaster recovery environments. The integrated alerts enable rapid detection of potential issues, ensuring more efficient and proactive management of resources in emergency recovery situations. With this integration, users can configure custom alerts based on specific performance and status parameters, improving resilience and operational readiness for their systems. This feature is particularly useful for organizations requiring high standards of operational continuity and data integrity.

Govern

Azure Policy

Protection of critical infrastructures from large-scale accidental deletions with Policies

Microsoft has introduced “DenyAction” in Azure Policy. This new feature allows blocking requests based on actions taken on the resource, rather than just its configuration or properties. In practice, with Deny Action, it is possible to protect infrastructures by preventing unwanted deletion calls. While in the past Azure Policy only offered the “deny” function, which blocked requests based on specific resource configurations, now with the addition of Deny Action, the blocking capability has been extended to actions included in the request.

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Arc-enabled SCVMM (preview)

With the recent introduction of “Azure Arc-enabled System Center Virtual Machine Manager (SCVMM)”, it is now possible to manage SCVMM VMs more efficiently directly from Azure. This innovative solution facilitates the discovery, integration, and management of VMs. Microsoft is expanding the capabilities for SCVMM enabled in Azure Arc. Thanks to this update, Azure Arc-enabled SCVMM VMs receive full support for Azure management services. This includes protection offered by Microsoft Defender for Cloud, monitoring via Azure Monitor, and updates provided by Azure Update Manager. These new features offer customers a simpler and more effective management experience of their System Center-managed assets, all through Azure.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Public preview availability of recommendations for managing DevOps security posture;
  • Release of the CIS Azure Foundations Benchmark v2.0.0 in the Regulatory Compliance dashboard.

Protect

Azure Backup

Backup Vaults with MUA (Multi-User Authorization)

Azure Backup has announced the availability of backup vaults with MUA (Multi-User Authorization). These vaults offer an integrated backup solution that protects business data through a series of advanced access features. With this release, the backup administrator, who is usually the owner of the Backup vault, needs to obtain the collaborator role on the protected resource to perform certain operations. This requires an action by the owner of the protection resource to approve and grant the requested access. Additionally, it is possible to use Azure Active Directory Privileged Identity Management to manage just-in-time access on the protected resource.

Enhanced Soft Delete

Azure has announced the availability of the “Enhanced Soft Delete” feature for Azure Backup. This feature offers additional protection against data loss, ensuring that backup data remains available for recovery, even if the backup source is deleted. The Enhanced Soft Delete feature protects against accidental deletions and malicious activities. This adds an extra layer of security and resilience to backup data.

Regional Disaster Recovery for Azure Backup for AKS (preview)

Azure Backup for AKS allows customers to protect their containerized workloads along with application data deployed on AKS clusters. The solution enables scheduled backups of AKS clusters and their restoration in various scenarios. Customers also want to use their AKS backups to recover applications in the event of a regional disaster, following industry best practices for the 3-2-1 backup strategy. With this in mind, the Azure Backup service is announcing the private preview of the regional disaster recovery capability of AKS Backup. Using this feature, it is possible to recover the AKS cluster from backups in a secondary region, such as an Azure paired region, in the event of a regional disaster.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (October 2023 – Weeks: 41 and 42)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure achieves HITRUST CSF v11.0.1 certification

I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.

HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.

Compute

Azure Dedicated Host – Resize

With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.

VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)

Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.

Networking

Default Outbound Access for VMs in Azure Will Be Retired

Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.

ExpressRoute Traffic Collector now generally available

Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.

Some of the primary use cases for flow logs include:

  • Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
  • Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
  • Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.

It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.

Azure Private Link for MySQL – Flexible Server

Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.

Storage

Azure Files improved support for Unicode characters

Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:

  • Control characters that are supported by NTFS.
  • Trailing dot (.) characters at the end of directory and file names.
  • Characters that function individually but were previously blocked when used in combination, especially in non-English languages.

Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.

Zone Redundant Storage for Azure Disks in More Regions

Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (October 2023 – Weeks: 39 and 40)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure Now Available from New Cloud Region in Italy

Microsoft Azure has officially reached General Availability in a new cloud region in Italy. This expansion of Azure’s global presence brings its cloud services closer to businesses and organizations in Italy, enabling them to benefit from Azure’s comprehensive suite of services for their digital transformation initiatives. With this new cloud region, customers in Italy can now take advantage of low-latency, high-performance computing and networking capabilities offered by Azure, while complying with local data residency requirements and ensuring data sovereignty.

Networking

Default outbound access for VMs in Azure will be retired: Transition to a new method of internet access

Azure is retiring the default outbound access for virtual machines (VMs) and recommends transitioning to a new method of internet access. This change is part of Azure’s ongoing commitment to improve the security and performance of its services. Customers are advised to review the documentation and make necessary changes to ensure uninterrupted outbound connectivity for their VMs.

Domain Fronting update on Azure Front Door and Azure CDN

Azure has announced the general availability of the domain fronting update on Azure Front Door and Azure CDN. This update enhances the security and performance of the services. Domain fronting is a technique used to obfuscate the destination of HTTPS traffic. With this update, Azure aims to provide better security and improved performance for its users. The update ensures that the services are more resilient and can handle traffic more efficiently.

Gateway Load Balancer IPv6 support

Azure Gateway Load Balancer now supports IPv6, which allows you to build, deploy, and scale applications that use IPv6 addresses. This enhancement provides a consistent frontend IP for virtual appliances, ensuring that traffic is distributed evenly across multiple instances. With this update, Azure continues to expand its IPv6 capabilities, enabling you to meet the requirements of your IPv6-enabled applications.

Storage

Zone-redundant storage for Azure Disks is now available in more regions

Zone-redundant storage (ZRS) for Azure Disks is now available in more regions. ZRS replicates your data in availability zones, ensuring data resilience and protection against zone failures. This update provides a higher level of resilience for your critical applications and ensures that they remain operational even if one of the availability zones fails.

Customer-Managed Keys for Azure NetApp Files Volume Encryption is Now Available in US Gov Regions (preview)

Azure is excited to announce the availability of Customer-Managed Keys for Azure NetApp Files Volume Encryption in the US Gov Regions, now in public preview. This new feature empowers Azure customers in government sectors to have greater control over their data security and encryption keys when using Azure NetApp Files. With Customer-Managed Keys, customers can manage their own encryption keys using Azure Key Vault, ensuring a higher level of data security and compliance with specific regulatory requirements. This preview provides an opportunity for customers in government regions to evaluate and test this feature before its general availability.

Azure Stack

Azure Stack HCI

Premier Solutions for Azure Stack HCI

The introduction of Premier Solutions for Azure Stack HCI represents a significant leap forward in Azure’s offerings for customers seeking enhanced operational efficiency, rapid deployment, and flexible procurement options. This innovative category of products has been developed in close collaboration with industry leaders like Dell Technologies and Lenovo, resulting in a seamless and comprehensive edge infrastructure solution.

Key Benefits of Premier Solutions for Azure Stack HCI:

  • Improved Operational Experience: Premier Solutions are designed to streamline and enhance the operational experience for Azure Stack HCI users. By leveraging the expertise and technology of Azure, customers can expect greater reliability, scalability, and ease of management, ensuring that their infrastructure runs smoothly without interruptions.
  • Faster Time to Value: With Premier Solutions, customers can deploy Azure Stack HCI more quickly and efficiently. The integration of hardware, software, and cloud services simplifies the setup process, reducing the time and effort required to get the system up and running. This means organizations can start realizing the benefits of their HCI infrastructure sooner.
  • Greater Flexibility with as-a-Service Procurement: Premier Solutions offer flexible procurement options, aligning with the as-a-service model that is becoming increasingly popular in the IT industry. This allows organizations to scale their infrastructure as needed, optimizing costs and resources while ensuring they have access to the latest technologies and features.
  • Deep Integration: The collaboration with leading partners, including Dell Technologies and Lenovo, ensures a high level of integration between hardware and software components. This deep integration results in a more cohesive and efficient HCI solution, delivering improved performance and reliability.
  • Seamless Connectivity: Premier Solutions enable seamless connectivity between on-premises infrastructure and the Azure cloud. This connectivity ensures that organizations can leverage the full power of Azure services while maintaining control over their data and resources.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: le novità di settembre 2023

Nel mese di settembre ci sono state diverse novità che Microsoft ha annunciato in merito agli Azure management services. In questo articolo vengono elencati i principali annunci, accompagnati dai riferimenti necessari per poter effettuare ulteriori approfondimenti in merito.

Il diagramma seguente mostra le diverse aree relative al management, che sono contemplate in questa serie di articoli:

Figura 1 – Overview dei Management services in Azure

Monitor

Azure Monitor

Azure Monitor VM Insights ora disponibile con Azure Monitor Agent

Azure ha annunciato la disponibilità di “Azure Monitor VM Insights” attraverso l’uso dell’Azure Monitor Agent. Questo servizio offre un metodo rapido e semplice per monitorare i carichi di lavoro dei clienti sulle macchine virtuali Azure e sugli scale set, nonché sui server abilitati ad Azure Arc che operano in un ambiente on-premises e/o multi-cloud.

La nuova versione dell’agente offre vari benefici, tra cui risparmi sui costi, una gestione semplificata e sicurezza e performance migliorate. Se precedentemente si faceva uso di VM Insights utilizzando Log Analytics Agent (ora deprecato), Microsoft suggerisce di consultare la loro guida alla migrazione per passare all’Azure Monitor Agent.

Vista cronologica per gli alert di Azure Monitor (preview)

Monitorare le risorse e gli avvisi in Azure è ora più semplice e intuitivo grazie alla nuova vista cronologica in anteprima di Azure Monitor. Questa vista offre una panoramica chiara degli avvisi attivati, permettendo agli utenti di identificare rapidamente i problemi

Distribuzione OpenTelemetry-based per Node.js e Python

Azure Monitor ora offre la distribuzione OpenTelemetry-based per Node.js e Python, permettendo agli sviluppatori di integrarsi facilmente con Azure Monitor e raccogliere dati di telemetria. Questa nuova funzionalità garantisce che gli sviluppatori possano monitorare efficacemente le loro applicazioni, ottenendo informazioni sulle prestazioni, sugli errori e su altre metriche principali.

Configure

Update management

Azure Update Manager: gestione degli aggiornamenti rinnovata e potenziata

Azure Update Manager offre una soluzione SaaS per gestire e governare gli aggiornamenti software su macchine Windows e Linux in ambienti Azure, on-premises e multi cloud. Si tratta di un’evoluzione della soluzione di gestione degli aggiornamenti di Azure Automation con nuove funzionalità. Azure Update Manager è stato riprogettato per offrire nuove capacità senza dipendere dall’agente di Log Analytics o dall’agente di Azure Monitor. Si basa sul VM agent di Microsoft Azure per gestire i flussi di aggiornamento sulle VM Azure e sull’agente Azure Connected Machine per gestire i server abilitati ad Azure Arc.

Govern

Azure Cost Management

Esportazione dei dati di Cost Management in account di archiviazione protetti con firewall

Risulta ora possibile esportare i dati di Cost Management negli account di archiviazione di Azure protetti con firewall. Gli utenti possono utilizzare l’API Exports o il portale Azure per creare attività ricorrenti per l’esportazione automatica dei dati dei costi in formato CSV. Questo può essere programmato su base giornaliera, settimanale o mensile, e i dati esportati possono essere utilizzati per la creazione di dashboard o per l’integrazione con sistemi finanziari.

Aggiornamenti relativi a Microsoft Cost Management

Microsoft è costantemente alla ricerca di nuove metodologie per migliorare Microsoft Cost Management, la soluzione per fornire una maggiore visibilità su dove si stanno accumulando costi nel cloud, identificare e prevenire modelli di spesa errati ed ottimizzare i costi . In questo articolo sono riportati alcuni degli ultimi miglioramenti ed aggiornamenti riguardanti questa soluzione.

Secure

Microsoft Defender for Cloud

Scansione malware in Defender for Storage

Defender per Storage introduce la funzionalità di scansione malware, superando le sfide tradizionali legate alla protezione da malware e fornendo una soluzione ideale per settori fortemente regolamentati. Questa funzione, disponibile come componente aggiuntivo, rappresenta un notevole potenziamento delle soluzioni di sicurezza di Microsoft Defender for Storage. Con la scansione malware si ottengono i seguenti benefici.

  • Protezione, in tempo pressoché reale, senza agent: capacità di intercettare malware avanzati come quelli polimorfici e metamorfici.
  • Ottimizzazione dei costi: grazie a una tariffazione flessibile, si possono controllare i costi basandosi sulla quantità di dati esaminati e con una granularità a livello di risorsa.
  • Abilitazione su larga scala: senza necessità di manutenzione, supporta risposte automatizzate su larga scala e offre diverse opzioni per l’attivazione tramite strumenti e piattaforme come Azure policy, Bicep, ARM, Terraform, API REST e il portale Azure.
  • Versatilità applicativa: basandosi sul feedback degli utenti beta negli ultimi due anni, la scansione malware si è dimostrata utile in una varietà di scenari, come applicazioni web, protezione dei contenuti, conformità, integrazioni con terze parti, piattaforme collaborative, flussi di dati e set di dati per l’apprendimento automatico (ML).

GitHub Advanced Security per Azure DevOps

Risulta ora possibile visualizzare gli alert di GitHub Advanced Security per Azure DevOps (GHAzDO) relativi a CodeQL, secret e dipendenze, direttamente in Defender for Cloud. I risultati verranno visualizzati nella sezione DevOps e nelle Raccomandazioni. Per vedere questi risultati, è necessario integrare i propri repository abilitati a GHAzDO in Defender for Cloud.

Nuove funzionalità, correzioni di bug e funzionalità deprecate di Microsoft Defender for Cloud

Lo sviluppo di Microsoft Defender for Cloud è in costante evoluzione e vengono introdotti miglioramenti su base continua. Per rimanere aggiornati sugli sviluppi più recenti, Microsoft aggiorna questa pagina, che fornisce informazioni su nuove funzionalità, correzioni di bug e funzionalità deprecate. Per conoscere  le principali novità che hanno caratterizzato Defender for Cloud nell’estate 2023, delineando come queste innovazioni possano rappresentare un valore aggiunto per le aziende, potete consultare questo articolo.

Protect

Azure Backup

Cross Region Restore (CRR) for Recovery Services Agent (MARS) 

In seguito alla Disponibilità Generale del Ripristino Cross Region per i backup di VM, SQL e SAP HANA e per rafforzare il pilastro di resilienza, Microsoft ha annunciato il supporto del Ripristino Cross Region per l’Agente dei Servizi di Ripristino (MARS) utilizzando Azure Backup.

I clienti di Azure sfruttano l’Agente dei Servizi di Ripristino per eseguire il backup dei loro file/cartelle e dello stato del sistema in un Vault dei Servizi di Ripristino di Azure. I dati di backup nella regione primaria possono anche essere replicati geograficamente in una regione secondaria abbinata ad Azure per garantire la durabilità. In precedenza, i dati replicati nella regione secondaria erano disponibili per il ripristino nella regione secondaria solo se Azure dichiarava un disastro nella regione primaria. Con l’introduzione di questo nuovo supporto, i clienti possono attivare il ripristino dei backup dell’Agente dei Servizi di Ripristino nella regione secondaria in qualsiasi momento.

Questa capacità può essere sfruttata nei seguenti scenari:

  • quando la regione primaria è disponibile per testare i ripristini dai dati di backup nella regione secondaria per scopi di audit/conformità;
  • quando la regione primaria non è disponibile, i clienti possono attivare il ripristino dei dati salvati in backup nella regione secondaria anche se la regione primaria di Azure è parzialmente indisponibile o completamente indisponibile senza alcun tempo di attesa.

Salvataggio della passphrase di Azure Backup Recovery Services Agent (MARS) in Azure Key Vault (preview)

La sicurezza dei dati è una priorità per Microsoft, e con la nuova funzionalità in anteprima che permette di salvare la passphrase di cifratura dell’Agente di Servizi di Ripristino direttamente in Azure Key Vault, gli utenti possono ora godere di un livello di sicurezza ancora maggiore. Questa integrazione rende l’installazione dell’Agente di Servizi di Ripristino più fluida e sicura, eliminando la necessità di script personalizzati.

Backup di Azure Files nelle regioni cinesi

Il backup di Azure Files è ora generalmente disponibile nelle regioni cinesi. Questa funzionalità consente agli utenti di eseguire il backup dei loro file su Azure in modo sicuro e affidabile.

Migrate

Azure Migrate

Nuovi rilasci e funzionalità di Azure Migrate

Azure Migrate è il servizio presente in Azure che comprende un ampio portafoglio di strumenti che è possibile utilizzare, tramite una esperienza di utilizzo guidata, per affrontare in modo efficace i più comuni scenari di migrazione. Per rimanere aggiornati sugli sviluppi più recenti della soluzione è possibile consultare questa pagina, che fornisce informazioni su nuovi rilasci e nuove funzionalità.

Valutazione di Azure

Per testare e valutare in modo gratuito i servizi offerti da Azure è possibile accedere a questa pagina.

Azure IaaS and Azure Stack: announcements and updates (September 2023 – Weeks: 37 and 38)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Latest generation burstable VMs – Bsv2, Basv2, and Bpsv2

The Bsv2, Basv2, and Bpsv2 series virtual machines represent the latest generation of Azure burstable general-purpose VMs. These VMs provide a baseline level of CPU utilization and can expand to higher CPU utilization as workload volume increases. They are ideal for various applications, including development and test servers, low-traffic web servers, small databases, microservices, proof-of-concept servers, build servers, and code repositories. Compared to the B series v1, these new B series v2 virtual machines offer up to 15% better price-performance, up to 5X higher network bandwidth with accelerated networking, and 10X higher remote storage throughput.

Networking

Sensitive Data Protection for Application Gateway Web Application Firewall

Azure’s regional Web Application Firewall (WAF) running on Application Gateway has introduced support for sensitive data protection through log scrubbing. When a request aligns with the criteria of a rule and activates a WAF action, the event is documented within the WAF logs. These logs are maintained as plain text for easier debugging. However, this means that any patterns matching sensitive customer data, such as IP addresses, passwords, and other personally identifiable information, could potentially be recorded in the logs as plain text. To enhance the security of this sensitive data, users can now establish log scrubbing rules that substitute the sensitive data with “******”. The sensitive data protection feature using log scrubbing facilitates the creation of rules using various variables, including Request Header Names, Request Cookie Names, Request Arg Names, Request Post Arg Names, Request JSON Arg Names, and Request IP Address.

Azure Front Door Standard and Premium support Bring Your Own Certificates (BYOC) based domain ownership validation (preview)

Azure Front Door Standard and Premium now support Bring Your Own Certificates (BYOC) based domain ownership validation. With this feature, Azure Front Door can automatically approve domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the provided certificate matches the custom domain. This reduces the steps and efforts required to prove domain ownership, streamlining the Dev-Ops experience. For domains created before this feature’s support and whose validation status is not yet approved, users will need to trigger the auto-approval of domain ownership validation manually.

Storage

Azure Premium SSD v2 Disk Storage now available in multiple regions

Azure Premium SSD v2 Disk Storage is now generally available in the Australia East, France Central, Norway East, and UAE North regions. This expansion offers customers in these regions the opportunity to leverage the benefits of Azure Premium SSD v2 Disk Storage for their workloads. Azure Premium SSD v2 Disk Storage provides high-performance and low-latency disk support for virtual machines running I/O-intensive workloads. By utilizing this storage solution, users can expect consistent performance, enhanced durability, and availability.

Azure IaaS and Azure Stack: announcements and updates (September 2023 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch as default for VMs deployed through the Azure portal

Azure has introduced “Trusted launch” as a default feature for virtual machines deployed through the Azure portal. Trusted launch hardens Azure virtual machines with security features, ensuring that administrators deploy VMs with verified and signed bootloaders, OS kernels, and a boot policy. The feature encompasses secure boot, vTPM, and boot integrity monitoring, offering protection against boot kits, rootkits, and kernel-level malware. Secure Boot ensures that only signed OSes and drivers boot, while the Virtual TPM (vTPM) safeguards keys, certificates, and secrets within the virtual machine. Additionally, Boot integrity monitoring, in conjunction with Microsoft Azure Attestation and Azure Security Center, provides integrity alerts, recommendations, and remediation actions if remote attestation fails.

Networking

Azure Firewall Single-Click Upgrade and Downgrade Now in General Availability

Azure has introduced a new capability for its Firewall service, allowing users to seamlessly upgrade from the Standard SKU to the Premium SKU, and vice versa. This enhancement simplifies the upgrade and downgrade process, ensuring that users can make these changes without any service interruptions. With just a single click, Azure customers can now easily transition between the two firewall versions. This feature is especially beneficial for those looking to leverage the advanced functionalities of the Premium SKU or revert to the Standard SKU based on their requirements. The Azure Firewall Single-Click Upgrade and Downgrade feature was officially made available on August 31, 2023.

Azure Container Apps support for UDR, NAT Gateway, and smaller subnets

Azure has announced the general availability of Azure Container Apps support for User Defined Routes (UDR), NAT Gateway, and smaller subnets. This enhancement provides users with more flexibility and control over their networking configurations, allowing for more customized and optimized network setups. Azure Container Apps is a fully managed platform for building and running microservices and APIs. With this update, users can now leverage UDR to define custom routes, utilize NAT Gateway for outbound connectivity, and deploy in smaller subnets for more granular network segmentation.

Azure Firewall: Explicit Proxy (preview)

Microsoft Azure has recently introduced a public preview of the Azure Firewall Explicit Proxy. This new feature is designed to enhance the security and performance of Azure’s firewall services. As it is currently in public preview, users can explore its functionalities and provide feedback to help improve the service before its general release. For more details and to stay updated on further developments, you can visit the official announcement page.

Azure Firewall: Auto-Learn SNAT Routes Feature Now in Public Preview (preview)

Azure has introduced a new feature in public preview, named “Auto-Learn SNAT Routes”, promising to simplify and expedite network configurations. This feature allows the Azure Firewall to automatically learn address ranges and configure them to be excluded from SNAT, thereby reducing the time and complexity spent on manually defining private SNAT ranges. To utilize this feature, the Azure Route Server needs to be deployed in the same virtual network as the Azure Firewall. Released on August 31, 2023, this feature promises to be a valuable tool for network administrators seeking to optimize their processes. For more information, you can visit the official page.

Storage

Azure Premium SSD v2 Disk Storage Now Available in Select Regions

Microsoft has announced the general availability of Azure Premium SSD v2 Disk Storage in several regions, including Australia East, France Central, Norway East, and UAE North. This new offering promises to deliver high-quality storage performance while ensuring security and reliability. Users in these regions can now benefit from the advanced storage features offered by Azure, helping to enhance the efficiency and resilience of their systems. For further details, you can visit the official page.