In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.
The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.
The new Azure Monitor agent and new Data Collection Rules features are available
Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).
Among the various key features added in this new agent we find:
- Support for Azure Arc server(Windows and Linux)
- Virtual Machine Scale Set support (VMSS)
- Installation via ARM template
With regard to the Data Collection, these innovations have been made:
- Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
- Single collection and sending to both Log Analytics and Azure Monitor Metrics
- Send to multiple workspaces (multi-homing for Linux)
- Ability to better filter Windows events
- Better extension management
All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).
Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)
Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.
Azure Monitor cost changes to achieve significant savings
Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:
- New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
- Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
- Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.
Changes in compliance for Resource Type Policies
Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.
Azure Cost Management
Updates related toAzure Cost Management and Billing
Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:
- Display of amortized costs in the cost analysis preview.
- Cloudyn is withdrawn from the 30 June.
- News regarding Cost Management Labs.
Azure Security Center
New features, bug fixes and deprecated features of Azure Security Center
Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
- New alerts for Azure Defender for Key Vault
- Recommendations for encrypting through customer-managed keys (CMKs) (disabilitata by default)
- Prefix change for Kubernetes alerts, from “AKS_” to “K8S_”
- Deprecated two recommendations from the security check “Apply system updates”
TLS 1.2 enforcement per il MARS backup agent
Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.
Cross Region Restore of SQL / SAP HANA running on VM in Azure
In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:
- Support for new geographies of the public cloud.
- The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
- Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.
Support for Azure private links
Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.