This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Compute
On-demand capacity reservations for Azure Virtual Machines (preview)
On-demand capacity reservations for Azure Virtual Machines, now in public preview, enable IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or Availability Zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time, no commitment is required. The ability for you to access compute capacity, with SLA guarantees when on-demand capacity reservations become generally available, ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs.
Run Commands for Azure VMware Solution (preview)
Run commands are a collection of PowerShell packages available in the Azure VMware Solution portal that simplify the execution of certain operations on vCenter. With this announcement your cloud administrator can now more easily run management tasks that require elevated privileges.
Automatic scaling with Azure Virtual Machine Scale Sets flexible orchestration mode (preview)
Microsoft has enabled elastic virtual machine profile and automatic scaling for Azure Virtual Machine Scale Sets with flexible orchestration elastic profile and automatic scaling. The features are now in public preview, and provide:
- Up to 1000 instances in a scale set (general purpose virtual machine sizes only)
- Ability to manually add VM instances to the scale set
- The option to spread instances across fault domains automatically, or specify a fault domain
- Place on demand and Spot VMs in the same scale set
- (New) Define a VM profile and specify instance count
- (New) Automatically scale out and scale in based on metrics, schedule, or AI prediction (private preview)
- (New) In guest patching that respects high availability / FD constraints
- (New) Automatic extension updates
- (New) Automatic instance repair/replacement of unhealthy instances
- (New) Terminate notification for on demand and Spot VMs
- (New) Secure by default networking – customers must explicitly define outbound connectivity
- (New) Improved scale out and scale in reliability, latency, and elasticity
Storage
Azure Files: SMB 3.1.1 support, SMB Multichannel and storage capacity reservation
Server Message Block (SMB) 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.
Server Message Block (SMB) Multichannel enables you to improve the IO performance of your SMB client 2-4x, increasing performance and decreasing total cost of ownership.
Storage capacity reservations for Azure Files enable you to significantly reduce the total cost of ownership of storage by pre-committing to storage utilization. To achieve the lowest costs in Azure, you should consider reserving capacity for all production workloads.
Zone redundant storage (ZRS) for Azure Disk Storage
Zone redundant storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. They also enable you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.
Automatic key rotation of customer-managed keys for encrypting Azure disks
Azure Disk Storage now enables you to automatically rotate keys for encryption of your data.
Change performance tiers for Azure Premium SSDs with no downtime
On Azure Premium SSDs, you can now change the performance tiers without any downtime to your application (generally available). You can change the performance tier of a disk even when it is attached to running virtual machines. For planned events like a seasonal sales promotion or running a training environment, you need to achieve sustained higher performance for a few hours or days and then return to the normal performance levels. With performance tiers on Premium SSDs, you have the flexibility to scale the disk performance without increasing the disk size by selecting a higher performance tier. You can also change tiers to bring it back to your baseline performance tier, enabling you to achieve higher performance and cost savings.
Networking
New updates to Azure Firewall
New Azure Firewall capabilities:
- Azure Firewall supports US West 3, Jio India West, and Brazil Southeast.
- Auto-generated self-signed certificates for Azure Firewall Premium SKU.
- Secure Hub now supports Availability Zones.
- Deploy Azure Firewall without public IP in Forced Tunnel mode.
- Configure pre-existing Azure Firewalls in Force Tunnel mode using stop or start commands.
Azure Route Server
Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. When you establish a Border Gateway Protocol (BGP) peering between your NVA and Azure Router Server, you can advertise IP addresses from your NVA to your virtual network. Your NVA will also learn what IP addresses your virtual network has. Azure Route Server is a fully managed service and is configured with high availability.
Several key Azure Route Server benefits include:
- Simplify network appliance operations
- Deploy it in your existing setup
- Support any network appliance
- Enable new network topology
Private Link Network Security Group Support (preview)
Private Endpoint support for Network Security Groups (NSGs) is now in public preview. This feature enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.
Private Link UDR Support (preview)
Private Endpoint support for User Defined Routes (UDRs) is now in public preview. This feature enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.
Address changes on an Azure virtual network that has active peerings (preview)
You can now update your virtual network address space without needing to remove the peering links on their virtual networking and incurring any downtime.
Azure ExpressRoute: new ExpressRoute Direct and Peering locations
New locations are available for ExpressRoute Direct:
- Denver
- Newport (Wales)
- Pune
The new locations support dual 10Gbps or 100Gbps connectivity into Microsoft’s global network.
New peering locations are available for ExpressRoute:
- Chicago2
- Pune
- Seoul2
