Azure IaaS and Azure Stack: announcements and updates (June 2024 – Weeks: 21 and 22)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

RISE with SAP is Available on ItalyNorth Azure Region

RISE with SAP, a comprehensive Platform-as-a-Service offering, is now accessible in the ItalyNorth Azure Region. This service bundles SAP software licensing, cloud infrastructure, and managed services under a single SAP contract, applicable to R3, SAP Business Suite, and S/4HANA. This availability in the Italy North region aims to provide localized support and optimized performance for enterprises utilizing SAP solutions.

Update on Inter-Availability Zone Data Transfer Pricing

Azure has announced that it will no longer charge for data transfers across availability zones, regardless of whether private or public IPs are used on Azure resources. Availability zones enable Azure services to enhance greater resiliency for customers’ cloud infrastructure. This change aims to further encourage and support customers’ efforts in building more resilient and efficient applications and solutions on Azure.

Activity Log Alerts Can Now Run in EU Data Boundary

Activity log alert rules can now be saved in one of the following EU Data Boundary regions: North Europe and West Europe. This capability is available when creating a new activity log alert rule. Saving the rule in a European region ensures that the alert rule metadata and its processing remain within the EU Data Boundary. In all other cases, users can select the default Global region. Additionally, action groups can also be saved in EU regions, allowing for an end-to-end experience within Europe, encompassing alert evaluation and actions.

Next-Gen Dashboards Experience in Azure Portal (preview

A new Dashboards experience within the Azure Portal has been introduced. This experience includes a richer editing experience, dashboard as a view, mobile support, and works in parallel with the current experience. Currently, dashboards provide a focused and organized view of cloud resources in the Azure portal, allowing users to monitor resources and quickly launch tasks for day-to-day operations. The new experience is accessible through the Dashboard Hub, the Browse experience, and the Azure Mobile app. Users can create new dashboards or transform existing ones into the new experience. Both the new and current experiences will run in parallel to ensure parity and safely roll out new features.

Compute

VM Hibernation for General Purpose VMs

VM hibernation for general-purpose VMs is now generally available in all public regions. Hibernation is supported on both Linux and Windows operating systems. This feature enables users to hibernate their VMs to save compute costs. When a VM is hibernated, Azure persists the VM’s in-memory state in the OS disk and deallocates the VM, so users do not have to pay for the VM during hibernation, only for associated storage and networking resources. When the VM is restarted, applications and processes resume from their previous state, allowing users to quickly pick up from where they left off. This feature can be used on both existing and new VMs.

Azure Cobalt 100 Arm-based Virtual Machines (preview)

Microsoft is announcing the preview of the new Cobalt 100 Arm-based virtual machines (VMs). These are the first generation of VMs that feature the new Cobalt 100 chipset, custom-built using an Arm-based architecture, and optimized for efficiency and performance when running general-purpose and cloud-native workloads. Users can expect up to 40% improved performance compared to the previous generation of Arm-based Azure VMs. These VMs offer performance consistency and linear performance scaling with workloads like web applications, microservices, and open-source databases.

Azure Compute Fleet (preview)

Azure is pleased to announce the public preview of Azure Compute Fleet, a new service that streamlines the provisioning and management of Azure compute capacity across different virtual machine (VM) types, availability zones, and pricing models to achieve desired scale, performance, and cost. Azure Compute Fleet provides features to deploy and manage diverse groups of VMs at scale, including integration of multiple pricing models within a single fleet request, automated configuration of a fleet of VMs, and adjustable settings to prioritize deployment speed, operational cost, or a balance of both. It can manage and deploy up to 10,000 VMs in a region within a single fleet, providing flexibility and reliability through automated spot VMs, VM mix, and cross-zonal deployment features.

Networking

Azure Firewall: New Regions Availability

To meet new workload demands, Azure Firewall Basic, Standard, Premium, and Azure Firewall Manager are now generally available in four new regions: Israel Central, Italy North, Mexico Central, and Spain Central. With these new regions, Azure Firewall is now available in 64 regions worldwide, utilizing the Microsoft global network backbone.

Azure Firewall Integration in Microsoft Copilot for Security (preview)

The public preview of Azure Firewall integration in Microsoft Copilot for Security is now available. This feature allows users to retrieve the top IDPS signature hits for an Azure Firewall, enriching the threat profile of IDPS signatures with additional details. Users can perform fleet-wide searches for threats across all their Firewalls and generate recommendations to secure their environment using Azure Firewall’s IDPS feature.

Azure Web Application Firewall (WAF) Integration in Microsoft Copilot for Security (preview)

Azure Web Application Firewall (WAF) integrated into the Microsoft Copilot for Security standalone experience is now available in public preview. This integration is available with both Azure Front Door WAF and Azure Application Gateway WAF. It provides top WAF rules triggered analysis, generating summaries of WAF requests blocked due to web application and API attacks. Additionally, it includes an analysis of the top offending IPs, highlighting malicious IPs in customer environments along with related WAF rules triggered. The SQL injection and cross-site scripting WAF detection summaries provide contextual details about WAF blocks, including WAF rules, pattern matches, and related IPs.

Azure Application Gateway v2 Basic SKU (preview)

The Application Gateway Basic SKU is a new offering within the Application Gateway family, designed for small and medium-sized customers. It is ideal for applications with lower traffic and SLA requirements that do not need advanced traffic management features. The Basic SKU includes built-in high availability and supports HTTP2/HTTPS and WebSocket protocols. It offers core application-level load balancing features such as URL-based, host-based, and multi-site routing, along with cookie-based affinity. It supports flexible backends, including AKS, VMSS, App Services, and on-premises deployments. Customers can select the Basic SKU either directly from the Azure Portal or through their preferred scripting languages.

Azure Load Balancer Health Event Logs (preview)

Azure Load Balancer health event logs are now available in public preview. These logs enable users to collect, store, and analyze information to understand the health of their Azure Load Balancer resources. They help troubleshoot specific scenarios and identify availability issues affecting the load balancer. Examples include traffic distribution issues, port exhaustion, and the absence of healthy backends. Health event logs allow monitoring of load balancer health without the need for complex metric-based alerts or custom data ingestion pipelines. The preview is currently rolling out to all public regions.

Azure Front Door Server Variable Enhancement Generally Available

Azure Front Door’s rule set and server variable feature, allowing dynamic modification of request and response at the edge, is now generally available. This feature enables the redirection of clients based on request information, URL rewriting, and HTTP header modifications. It supports security headers to prevent browser-based vulnerabilities, routing requests based on geographic or device data, and applying different caching policies. The new enhancement includes support for URL path segment capture and rewrite, adding more flexibility for users needing to manipulate URL paths dynamically.

Azure Virtual Network Manager’s virtual network verifier (preview)

Virtual network verifier enables users to check if their network policies allow or disallow traffic between their Azure network resources, helping them answer simple diagnostic questions, triage why reachability isn’t working as expected, and prove conformance of their Azure setup to their organization’s security compliance requirements. Within their network manager resource, users can access Virtual Network Verifier’s capabilities by creating a verifier workspace, then defining reachability analysis intents that capture the traffic they want to evaluate. Once they run an analysis on their intent, they can visualize the reachability outcome and parse the reachability analysis results’ JSON. Virtual network verifier’s reachability analysis evaluates several Azure policies and resources within the network manager’s scope. Users can even delegate Virtual Network Verifier resources to non-network manager users for troubleshooting reachability.

Azure Bastion Premium (preview)

Azure Bastion Premium is a new SKU targeting customers handling highly sensitive virtual machine workloads. Its mission is to offer enhanced security features that ensure customer virtual machines are connected securely and to monitor VMs for any anomalies that may arise. The first set of features focuses on ensuring private connectivity and graphical recordings of virtual machines connected through Bastion. With the new Azure Bastion Premium SKU, users can now record all virtual machine sessions that are connected via a session-recording Bastion and view the configured session recording. Additionally, users can connect to Bastion via a private endpoint.

Azure Load Balancer now supports Admin State (preview)

Azure has announced the public preview of Azure Load Balancer Administrative State (Admin State) to simplify and enhance the management of VMs in the backend pool of Azure Load Balancer. With Admin State, users can override the Load Balancer’s health probe behavior for each individual backend pool instance (usually VMs or VMSS instances) without making changes to network security rules or closing ports on their VM. Users can set the Admin State of the backend instance to be up or down, overriding the Load Balancer health probe. This setting changes how the Load Balancer directs new or existing connections to the backend instance. Admin State allows for easy removal of virtual machines from the backend pool for maintenance, patching, or applying fixes without additional overhead of closing ports or updating security rules. Admin State is available in all Azure public regions, Azure China cloud regions, and Azure Government cloud regions.

Storage

Azure NetApp Files Backup

Azure NetApp Files has enhanced its online snapshots with the addition of backup capabilities. This new feature allows users to offload their Azure NetApp Files snapshots to a Backup Vault efficiently and cost-effectively, protecting data from accidental deletion. The backup mechanism extends Azure NetApp Files’ snapshot technology by only copying and storing changed data blocks relative to previously vaulted snapshots. These vaulted snapshots are represented in full and can be restored individually and directly, which eliminates the need for an iterative full-incremental recovery process.

Azure NetApp Files Support for Large Volumes up to 500TiB in Size

Azure NetApp Files now supports the creation of large volumes ranging from 50TiB to 500TiB, significantly expanding beyond the previous 100TiB limit. This enhancement supports various high-performance computing (HPC), AI/ML, and large file content repositories that require a single namespace. Additionally, these large volumes feature cross-zone and cross-region replication, ensuring data resilience and business continuity. HPC workloads, crucial for simulating processes and electronic design automation, benefit from enhanced data protection and availability. AI/ML workloads, involving extensive datasets, gain improved security and recovery options, while large file repositories enjoy optimized cost and scale with robust data protection.

Azure NetApp Files Application Volume Group for Oracle (preview)

The application volume group (AVG) for Oracle is now in public preview, enabling the deployment of all necessary Azure NetApp Files volumes for Oracle databases in a single, optimized workflow. This feature ensures that all volumes are placed in the same availability zone as the VMs, optimizing latency and performance. With technical improvements that streamline the deployment process, this feature supports various Oracle database layouts from small to multi-hundred TiB sizes. It promises reduced deployment times and enhanced application performance and stability across all Azure NetApp Files enabled regions.

Azure NetApp Files support for Active Directory connection per NetApp account (preview)

The Azure NetApp Files support for Active Directory connection per NetApp account feature now allows each NetApp account to connect to its own Active Directory Forest and Domain, providing the ability to manage more than one Active Directory connection within a single region under a subscription. This enhancement enables distinct Active Directory connections for each NetApp account, facilitating operational isolation and specialized hosting scenarios. Active Directory connections can be configured multiple times for multiple NetApp accounts to make use of it. With the creation of SMB volumes in Azure NetApp Files now tied to these Active Directory connections in the NetApp account, the management of Active Directory environments becomes more scalable, streamlined, and efficient. Additionally, the public preview for the “Shared AD support for multiple accounts to one Active Directory per region per subscription” feature is concluding, and new registrations will no longer be accepted. Customers are recommended to transition to this new capability instead.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Please follow and like us: