This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Virtual machine scale sets: Automatic image upgrades for custom images
Automatically deploy new versions of custom images to scale set virtual machines using the new capabilities of virtual machine scale sets. Automatic OS image upgrade monitors your image gallery and automatically begins scale set upgrades when a new image version is deployed, facilitating faster image deployment without additional overhead. Enabling automatic OS image upgrades will safely upgrade the OS disk for all virtual machines in the scale set, helping to ease update management.
Distributed network name for SQL Server on Virtual Machines
Support for distributed network name (DNN) for SQL Server failover cluster instance (SQL FCI) on Azure IaaS with SQL Server 2019 CU2 and higher is now available. Connectivity configuration with DNN increases the availability and robustness of SQL FCI. By using DNN, you don’t need an Azure Load Balancer, and can simply use the same method you’ve been using on-premises for automated failover.
Azure Data Lake Storage
The following news have been announced for Azure Data Lake Storage:
- Immutable storage for Azure Data Lake Storage is available in preview. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
- The archive tier for Azure Data Lake Storage is generally available. The archive tier provides an ultra-low cost tier for long term retention of data while keeping your data available for future analytics needs. Tier your data seamlessly among hot, cool, and archive so all your data stays in one storage account. Lifecycle management policies can be set so files are moved automatically to the archive tier when data access becomes rare. When needed, data in the archive tier can be quickly and easily rehydrated so that the data is available for your analytics workloads.
- File snapshots for Azure Data Lake Storage are available in preview. Use file snapshots to take an unlimited number of point-in-time snapshots of your files. These snapshots can be used to revert a file back to that snapshot in the case of accidental or inadvertent updates. Snapshots can also be retained so you can reference the content of a file at that point in time.
- Static website for Azure Data Lake Storage is in preview. Use static website to directly host static content from Azure Data Lake Storage, and view that site content from a browser by using the public URL of that website.
Azure Storage 200 TB block blob size in preview
Azure Blob storage provides massively scalable object storage for workloads including application data, HPC, backup, and high-scale workloads. Microsoft has increased the maximum size of a single blob from 5 TB to 200 TB, now available in preview.
The increase in blob size better supports use cases from seismic data processing to genomics that require support for multiple TB object sizes.
Azure Shared Disks for SQL Server failover cluster instance on Azure IaaS (preview)
Preview support is now available for Azure Shared Disks for SQL Server failover cluster instance (SQL FCI) on Azure IaaS with SQL Server 2019 on Windows Server 2019 and higher. Azure Shared Disks for SQL FCI enables lift and shift migrations for the most commonly used HA configuration on-premises to Azure IaaS.
New Azure Firewall features
The following several new Azure Firewall features have been announced by Microsoft that allow your organization to improve security, have more customization, and manage rules more easily. These new capabilities were added based on customer top feedback:
- Custom DNS support now in preview.
- DNS Proxy support now in preview.
- FQDN filtering in network rules now in preview.
- IP Groups now generally available.
- AKS FQDN tag now generally available.
- Azure Firewall is now HIPAA compliant.
Azure Firewall Manager
Azure Firewall Manager is now generally available and includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network. Microsoft is introducing several new capabilities to Firewall Manager and Firewall Policy to align with the standalone Azure Firewall configuration capabilities:
- Threat intelligence-based filtering allow list in Firewall Policy is now generally available.
- Multiple public IP addresses support for Azure Firewall in Secure Virtual Hub is now generally available.
- Forced tunneling support for Hub Virtual Network is now generally available.
- Configuring secure virtual hubs with Azure Firewall for east-west traffic (private) and a third-party security as a service (SECaaS) partner of your choice for north-south traffic (internet bound).
- Integration of third-party SECaaS partners are now generally available in all Azure public cloud regions.
- Zscaler integration will be generally available on July 3, 2020. Check Point is a supported SECaaS partner and will be in preview on July 3, 2020. iboss integration will be generally available on July 31, 2020.
- Support for domain name system (DNS) proxy, custom DNS, and fully-qualified domain name (FQDN) filtering in network rules using Firewall Policy are now in preview.
Private endpoints for Azure File Sync
Starting with Azure File Sync agent 10.1, Azure File Sync supports private endpoints in all public and Azure US Government cloud regions where Azure File Sync is available. Private endpoints enable you to assign your Storage Sync Service private IP addresses from within the address space of your virtual network. This allows you to:
- Securely connect to your Azure resources from on-premises networks using a VPN or ExpressRoute connection with private-peering.
- Secure your Azure resources by disabling the public endpoints for Azure Files and File Sync.
- Increase security for your Azure virtual networks by blocking exfiltration of data from your network boundaries.
Azure Virtual WAN: new capabilities
Several key Azure Virtual WAN capabilities are now generally available:
- Hub to Hub connectivity providing fully meshed virtual hubs.
- Custom Routing adding advanced routing enhancements: custom route tables and optimization of virtual network routing.
- Virtual Network Transit with 50 Gbps transit speeds between Virtual Networks (Vnets) connected with Virtual WAN.
- VPN and ExpressRoute Transit for seamless interconnectivity between VPN/SD-WAN and ExpressRoute connected sites and users.
- New VPN Capabilities supporting custom BGP IP (also known as APIPA or Automatic Private IP Addressing) for VPN Site connections.
- New Virtual WAN Partners VMware SD-WAN by Velocloud and Cisco Meraki now supporting automation of IPsec connectivity between their branch VPN/SD-WAN devices and Azure Virtual WAN VPN service.
Azure Load Balancer support for IP-based backend pool management (preview)
Azure Load Balancer now supports load balancing across IP addresses in the backend pool. Previously, you could only add network interfaces associated virtual machines in the backend of a Load Balancer. With this release, you can load balance to resources in Azure via your private IPv4 or IPv6 addresses using Standard Load Balancer.