This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.
Azure
General
Windows Admin Center for Azure Virtual Machines
The Windows Admin Center for Azure Virtual Machines marks a significant step forward in cloud management by integrating directly into the Azure Portal. This tool is engineered to streamline the administration of Windows Server Operating Systems for Azure Virtual Machines. By facilitating in-browser RDP and PowerShell sessions, managing files, viewing events, and monitoring performance, it significantly reduces the necessity for remote desktop connections. A standout feature is its integration with Azure Active Directory for single sign-on capabilities, offering a cohesive identity experience across Azure services. This innovation not only simplifies virtual machine deployment and maintenance but also enhances security by minimizing dependence on local administrator accounts.
Compute
NVv5 Series VMs Now Available in Italy North Azure Region
Azure’s NVv5 Series Virtual Machines, equipped with NVIDIA A10 GPUs and AMD EPYC 74F3V CPUs, are now accessible in the Italy North region. These VMs cater to the needs of high-performance computing and graphics-intensive applications, offering a blend of powerful computational resources and graphical processing capabilities. This expansion into the Italy North region underscores Azure’s commitment to providing geographically diverse options for compute-intensive workloads.
Trusted Launch for Azure VMs in China Regions
Microsoft is proud to announce the general availability of Trusted Launch for Azure virtual machines in all Azure regions across China, encompassing China East, China East 2, China East 3, China North, China North 2, and China North 3. This major update introduces a strengthened security framework for Azure Virtual Machines. Trusted Launch enhances foundational VM security by guaranteeing booting to a defined and trusted state, a crucial step in combating sophisticated malware threats, including boot kits and rootkits, by offering kernel-mode level security on par with the operating system.
Furthermore, Trusted Launch activates Credential Guard, a significant security measure that protects user passwords and derived domain credentials via secure boot, virtualization-based security, and vTPM, which are critical for domain controllers. This feature also provides ongoing insights into the health state and boot chain integrity of virtual machines, along with remediation pathways for attestation failures through Microsoft Defender for Cloud.
Especially for Windows 11 virtual machines, Trusted Launch bolsters defense mechanisms against lower layer malware through the support of UEFI, secure boot, and vTPM. This comprehensive security enhancement ensures a more secure and reliable environment for Azure VMs, marking a significant advancement in cloud security measures tailored to meet the evolving threats in the digital landscape.
Networking
Azure Firewall Enhancements: Flow Trace Logs and Autoscaling
Azure Firewall’s new enhancements, including Flow Trace Logs and autoscaling based on the number of connections, provide granular insights and improved scalability. Flow Trace Logs offer detailed visibility into TCP handshake logs, aiding in troubleshooting packet drops and route asymmetry. The autoscaling feature now adjusts firewall resources based on traffic connection counts, alongside throughput and CPU usage, enabling a more responsive and efficient firewall performance.
Parallel IP Group Update Support for Azure Firewall
The introduction of Parallel IP Group update support in public preview marks a significant improvement in Azure Firewall’s configuration management. This feature allows for the simultaneous update of up to 20 IP Groups within a Firewall Policy, streamlining administrative tasks and enabling faster, more scalable changes. This update is particularly beneficial for administrators utilizing dev ops methodologies for configuration changes, enhancing efficiency and agility in firewall management.
Storage
Azure Elastic SAN (General Availability)
Azure Elastic SAN’s transition to general availability signifies a milestone in cloud storage solutions, offering a fully-managed, cloud-native SAN experience. This service is designed for seamless migration of extensive SAN environments to Azure, simplifying the deployment, scaling, management, and configuration of storage area networks in the cloud. It introduces a SAN-like resource hierarchy and provisions resources at the appliance level, dynamically allocating these to accommodate various workloads, including databases, VDIs, and business applications. The integration of Azure Monitor Metrics and Azure Policy aids in managing performance and preventing misconfigurations, respectively, merging the efficiency of traditional SAN systems with the flexibility and scalability of cloud storage.
Azure File Sync Agent Releases: v17.1 and v16.2 (Security Only Updates)
The release of Azure File Sync agent versions 17.1 and 16.2 as security-only updates addresses a critical vulnerability (CVE-2024-21397) that previously allowed unauthorized file creation. These updates underscore Azure’s commitment to security, providing essential patches for Windows Server installations ranging from version 2012 R2 to 2022. Detailed installation instructions are provided (KB5023054 and KB5023052), ensuring users can securely synchronize files across their environments.
Azure Blob Storage Cold Tier: Enhanced Support for Change Feed and Object Replication
The general availability of Azure Blob Storage Cold Tier’s support for Change Feed and Object Replication introduces significant enhancements for data storage and management. This feature enables the capturing of changes to blobs and their metadata within the cold tier, facilitating efficient data replication and access. It represents Azure’s ongoing efforts to provide cost-effective, flexible storage solutions for infrequently accessed data with long-term retention requirements.
Zone Redundant Storage (ZRS) for Azure Disks in Canada Central
The general availability of Zone Redundant Storage for Azure Disk Storage in the Canada Central region provides a robust solution for data resilience and availability. By offering synchronous replication across three availability zones, ZRS enables Azure Disks to withstand zonal failures, ensuring uninterrupted application performance. This feature is particularly valuable for applications requiring high availability without the complexity of application-level data replication.
Azure NetApp Files Standard Network Features
Azure NetApp Files now supports the general availability of Standard network features, allowing for the editing of network features for Azure NetApp Files volumes. This update brings an enhanced Virtual Networking experience, ensuring seamless integration and improved security posture. Users can now edit existing Azure NetApp Files volumes and upgrade from Basic to Standard network features. This enhancement includes increased IP limits for VNets with Azure NetApp Files volumes, aligning them with VM capabilities to facilitate customer integration into existing network topologies. Moreover, it introduces enhanced network security with support for Network Security Groups (NSGs) on Azure NetApp Files delegated subnets, a feature long requested by customers for meeting enterprise security requirements. Enhanced network control is also achieved through support for User-defined routes (UDRs), allowing traffic direction via chosen Network Virtual Appliances. Additionally, connectivity has been improved with Active/Active VPN gateway setup and ExpressRoute FastPath connectivity, ensuring low latency and high bandwidth connectivity from on-premises networks to Azure.
Introducing Azure Storage Actions: Serverless Storage Data Management (Preview)
Microsoft has recently announced the public preview of Azure Storage Actions, a fully managed platform specifically crafted to streamline data management tasks for Azure Blob Storage and Azure Data Lake Storage. With the exponential growth of data, organizations find themselves grappling with the complexities of efficiently managing their data assets. Azure Storage Actions seeks to alleviate these challenges by offering a serverless infrastructure that dynamically scales to meet data management demands, eliminating the need for resource provisioning or management.
This innovative platform provides a no-code experience, enabling users to easily define conditional logic for processing data objects. It supports an array of tasks aimed at enhancing data utility and security, such as cost optimization, data protection, rehydration from archives, and tagging, among others. Additional functionalities are expected to be added in future updates, further expanding its capabilities.
Azure Storage Actions facilitates the rapid composition, validation, and deployment of data management tasks. It features an intuitive Azure portal interface that simplifies the process of defining operations and validating them, ensuring a seamless user experience. Moreover, the platform offers robust support for programmatic management through various tools including REST APIs, the Azure SDK, PowerShell, the Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates. This versatility makes Azure Storage Actions a comprehensive solution for managing large-scale data assets across Azure Blob Storage and Azure Data Lake Storage, promising to significantly enhance data management efficiency and effectiveness for organizations worldwide.
Azure Stack
Azure Stack HCI
Supported Azure Stack HCI Scenarios with System Center
The integration of Azure Stack HCI, version 23H2, with System Center Virtual Machine Manager (SCVMM) marks a significant step forward in hybrid cloud management. Azure Stack HCI 23H2 elevates cloud-based management capabilities through Azure Arc, catering to the needs of large-scale datacenter customers who rely on System Center VMM for their virtualization environment management. The recent announcement from the System Center team outlines the supported scenarios in SCVMM for managing Azure Stack HCI 23H2, providing clarity and direction for system administrators and IT professionals.
SCVMM Support for Azure Stack HCI 23H2
The supported scenarios in SCVMM for Azure Stack HCI 23H2 include:
- Addition and Management of Azure Stack HCI Clusters: SCVMM facilitates the addition of Azure Stack HCI clusters into your management framework, allowing for comprehensive oversight.
- Virtual Machine Operations: Provisioning, deploying, and performing lifecycle operations on VMs within Azure Stack HCI clusters are fully supported, streamlining virtual machine management.
- Storage and Volume Management: SCVMM enables the management of storage pool settings, creation of virtual disks, cluster shared volumes (CSVs), and application of Quality of Service (QoS) settings to optimize storage performance.
- Workload Migration: The migration of VMware and Windows Server-based workloads to Azure Stack HCI is supported, offering flexibility in transitioning to Azure Stack HCI environments.
- Cluster Management via PowerShell: Azure Stack HCI clusters can be managed using the same PowerShell cmdlets as Windows Server clusters, ensuring a consistent management experience.
- Azure Integration: Azure-based VM self-serve capabilities and management services are extended through Azure Arc-enabled SCVMM, enhancing cloud connectivity and management.
Limitations and Azure/WAC Exclusive Scenarios
While SCVMM supports a broad range of management functions, certain scenarios remain exclusive to Azure Portal/Windows Admin Center (WAC) for Azure Stack HCI 23H2:
- Cluster Creation and Registration: The creation and registration processes for Azure Stack HCI clusters are integrated into deployment and exclusively managed through Azure Portal/WAC.
- Upgrades and Azure Benefits: Upgrading from Azure Stack HCI 22H2 to 23H2 and enabling Azure benefits on VMs are managed only via Azure Portal/WAC.
- Advanced Features: New features of Azure Stack HCI 23H2, such as GPU-Partitioning and SDN Multi-site, along with previously unsupported features like Stretched clustering with 22H2, are managed outside of SCVMM.
Future Support and Availability
Support for Azure Stack HCI 23H2 in SCVMM is scheduled to be included in the next Long-Term Servicing Channel (LTSC) version of System Center. The general availability of this version is anticipated to align closely with the release of Windows Server 2025, offering forward-looking compatibility and support for Azure Stack HCI environments.
This integration underscores Microsoft’s commitment to hybrid cloud environments, providing the tools necessary for seamless management of virtualized infrastructure both on-premises and in the cloud. As the landscape of Azure Stack HCI evolves, the synergy between Azure Stack HCI and System Center continues to strengthen, offering a robust, scalable, and efficient management solution for modern datacenters.
Conclusion
Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.
