This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Compute
Microsoft plans to establish new cloud datacenter region in Austria
Microsoft announced intent to build a new datacenter region in Austria. The announcement also included details around establishment of a new Center of Digital Excellence in Austria, as well as a digital skilling initiative targeted at reaching approximately 120,000 Austrians by 2024.
Microsoft to establish its first datacenter region in Taiwan
Microsoft has announced plans to build a new datacenter region in Taiwan, along with a skilling initiative for over 200,000 people in Taiwan by 2024. The new region will also include Availability Zones, building on Microsoft’s 30+ year history in Taiwan.
Microsoft Cloud for Healthcare (generally available)
Microsoft Cloud for Healthcare is now generally available. This integrated solution enables customers to quickly access a portfolio of released and new healthcare capabilities tailored to the unique requirements of health data in the cloud. It unlocks the power of Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform, and our ecosystem of partner healthcare solutions to create trusted, end-to-end cloud-based solutions. Healthcare organizations can engage in more proactive ways with patients and give caregivers tools to improve workflow efficiency and streamline interactions. Microsoft Cloud for Healthcare will make it easier for healthcare organizations to remain agile and focus on what they do best delivering better experiences, insights, and care. For more information on general availability read this page.
New VM series supported by Azure Batch
Use Azure Batch to run large-scale parallel and high-performance computing (HPC) batch jobs in Azure. The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:
- Dav4, Dasv4
- Ddv4, Ddsv4
- Eav4, Easv4
- Edv4, Edsv4
- E64iv3
- Mv2
- NVv4
Azure SQL Virtual Machines with SQL Server IaaS Agent extension
Registering your SQL Server Virtual Machine images in Azure Marketplace and extracting the total value from your Azure IaaS data estate is now easier with the SQL Server IaaS Extension now in general availability. Previously, in order to enjoy the full scope of cost saving and manageability features offered on Azure SQL Server Virtual Machines, you had to run a complicated script that required a large portion of time. Now you can simply tick a consent checkbox and allow Microsoft to automatically register all existing and future SQL Server Virtual Machines in your subscription. Access a number of features designed to save you money and increase manageability by providing a PaaS-like service while still maintaining the ability to customize your data estate that is integral to any IaaS service.
Storage
Soft delete for Azure file shares is now generally available in all regions
Soft delete acts like a recycle bin for your file shares, protecting your Azure file shares from accidental deletion. Now when a file share is deleted, it transitions to a soft deleted state in the form of a soft deleted snapshot. You get to configure how long soft deleted data is recoverable for before it is permanently erased. In January 2021, soft delete will be enabled by default for all new storage accounts with a default retention period of 7 days. Settings for existing storage accounts will not change.
Azure Blob storage lifecycle management supports blob versions management
Azure Blob storage lifecycle management now supports blob versions. Microsoft recommends using blob versioning to maintain previous versions of a blob for data protection. When blob versioning is enabled for a storage account, Azure Storage automatically creates a new version of a blob each time that blob is modified or deleted. You can use lifecycle management to automatically transition old blob versions to a cooler storage tier (hot to cool, hot to archive, or cool to archive) or delete old blob versions to optimize for cost. The lifecycle management feature is free of charge. Customers are charged the regular operation cost for the Set Blob Tier API calls. Delete operation is free. For more information about pricing, see Block Blob pricing.
Policy to control the minimum TLS version used with Azure Storage
Azure Storage now offers administrators the flexibility to specify the minimum version of TLS that a client application must use to communicate with a storage account. Microsoft recommends that you follow a DRAG (Detection-Remediation-Audit-Governance) framework to continuously manage secure TLS for your storage accounts.
Networking
New features for Azure VPN Gateway (preview)
Microsoft is announcing the following new features for Azure VPN Gateway in public preview:
- High availability for RADIUS servers in point-to-site VPN – This feature enables highly available configuration for customers using RADIUS/AD authentication for their point-to-site VPN.
- VPN over ExpressRoute private peering – For customers such as those in financial and health industries, double encryption over both their private WANs and Azure WAN is a key compliance requirement. VPN over ExpressRoute private peering allows customers to use IPsec tunnels over their ExpressRoute private peering to satisfy this need.
- Custom IPsec/IKE policy with DPD timeout – Setting IKE DPD (Dead Peer Detection) timeout allows customers to adjust the IKE session timeout value based on their connection latency and traffic conditions to minimize unnecessary tunnel disconnect, improving both reliability and experience. This feature brings the entire custom IPsec/IKE policy configuration experience to Azure Portal.
- APIPA support for BGP speaker – This feature supports customers with legacy VPN routers and Amazon Web Service (AWS) VGW, Google Cloud Platform (GCP) VPN which use APIPA addresses as their BGP speaker IP addresses. Now they can establish BGP sessions with Azure VPN gateways using APIPA addresses.
- FQDN support for site-to-site VPN – This feature supports customer branches or locations without static public IP addresses to connect to Azure VPN gateways. Customers can now leverage dynamic DNS services and use their FQDNs instead of IP addresses. Azure VPN gateways will automatically resolve and update the VPN target to establish IPsec/IKE connections.
- Session management and revocation for point-to-site VPN users – Enterprise administrators can now list and revoke individual user connections to their VPN gateways from Azure Portal in real time, addressing a key management asks.
