Azure IaaS and Azure Stack: announcements and updates (November 2024 – Weeks: 45 and 46)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Networking

Azure Cross-Subscription Load Balancer

Microsoft is pleased to announce the general availability of the Azure cross-subscription Load Balancer. This feature allows components of a load balancer, such as the frontend IP address or backend instances, to be located in different subscriptions. Cross-subscription load balancing offers flexibility in architecture design and is now available in all Azure public regions, as well as in China cloud and Government cloud regions.

Azure Load Balancer Admin State and Health Status

Azure Load Balancer now supports the Administrative State (Admin State) feature, simplifying the management of backend pool instances. Admin State allows users to override health probe behavior for individual instances without changing network security rules or port configurations. This facilitates maintenance by enabling users to mark instances as up or down and control connection behavior without additional complexity.

Additionally, the Health Status feature is now generally available, offering detailed insights into the health of backend instances in Azure Load Balancer pools. This feature provides:

  • User-triggered issue notifications

  • Platform-triggered reason codes

These capabilities enhance monitoring and troubleshooting, ensuring efficient management and improved visibility into backend instance health.

Single Prefix Enhancement to Seamless Gateway Migration

The Gateway migration experience has been enhanced to enable customers to use the Azure Portal or PowerShell scripts to deploy a second Virtual Network Gateway within the same GatewaySubnet. During the migration phase, initiated by the customer, Azure will transfer both the control plane and data path configurations from the existing gateway to the new one. This results in two operational gateways coexisting within the same subnet. After a successful migration, customers can remove the original gateway, leaving the new one in place for continued connectivity. This feature is designed to support seamless migrations with minimal downtime.

Azure Virtual Network Manager User-Defined Route (UDR) Management

Azure Virtual Network Manager now offers the general availability of User-Defined Route (UDR) Management. This feature simplifies the process of managing complex routing behaviors by automating UDR orchestration. Users can establish routing configurations that automatically deploy across virtual networks, eliminating the need for manual UDR creation or custom scripts, thus reducing errors and simplifying large-scale routing. UDR Management enables users to organize routing rules into collections tied to specific network groups, ensuring consistency and reusability across subnets or virtual networks. Custom routing behaviors, such as directing traffic in a hub-and-spoke topology or routing traffic through Azure Firewall, can now be implemented with ease. This automation ensures flexible and seamless routing that adjusts to network changes without manual intervention.

Retirement: Azure CDN Standard/Premium from Edgio (formerly Verizon)

Azure CDN Standard/Premium from Edgio (formerly Verizon) is set to be retired on November 4, 2025. To avoid service interruptions, customers currently utilizing this service need to migrate their workloads to a comparable solution before this date. Additionally, as of January 15, 2025, the creation of new Azure CDN profiles from Edgio will no longer be permitted.

This retirement follows Edgio’s Chapter 11 bankruptcy filing on September 9, 2024, which casts uncertainty over their ability to maintain service continuity until the retirement date. Microsoft continues to monitor the situation closely and will provide updates if any changes affect the retirement timeline.

As a recommended alternative, Microsoft suggests transitioning to Azure Front Door Standard or Premium, which is the flagship CDN product, to ensure a seamless migration and maintain high service reliability.

Static Egress Gateway for Azure Kubernetes Service (AKS)

The Static Egress Gateway for Azure Kubernetes Service (AKS) is now available in public preview. This feature empowers AKS users to configure a fixed source IP for out-of-cluster communications without the overhead of deploying a dedicated node pool with a NAT gateway. By leveraging this capability, organizations can achieve precise control over egress traffic, streamline integration with external systems, and bolster network security without incurring significant additional costs.

Network Isolated Clusters in AKS (preview)

Azure Kubernetes Service (AKS) introduces Network Isolated Clusters, now in public preview. This feature simplifies the process of restricting network access for AKS clusters by enabling built-in isolation without relying solely on Azure Firewall. By reducing the complexity and costs associated with managing firewall configurations, Network Isolated Clusters help organizations safeguard sensitive data and prevent unintentional exposure of public endpoints, thereby minimizing the risk of security breaches.

Storage

Convert to Azure Premium SSD v2 Disks

Microsoft is excited to announce the General Availability of the feature for converting to Premium SSD v2 disks (Pv2). This capability enables users to confidently migrate their workloads to Pv2 disks. The conversion process allows for a seamless transition from existing Standard SSD, Standard HDD, or Premium SSD v1 disks to Pv2 with minimal downtime. Notably, this process avoids disk destruction, eliminates the need for snapshots as a staging resource, and bypasses background data copying, making migrations simpler and more efficient.

Enhancements on Elastic SAN: Resiliency, Security, Scalability, and AVS Integration

Azure Elastic SAN, Microsoft’s latest block storage innovation, has been enhanced with new features that improve resiliency, security, scalability, and integration with Azure VMware Solution (AVS).

Key highlights include:

  • Service Level Agreement (SLA): The availability SLA is now published, providing assurance for mission-critical workloads running on Elastic SAN.

  • CRC Protection: Customers can now enable CRC32C checksum verification to maintain data integrity. If enabled on the client side, connections without CRC32C set for both header and data digests will be rejected, ensuring data protection.

  • Public Preview of Autoscale for Capacity: Elastic SAN now supports autoscaling, a first in cloud block storage solutions. This feature simplifies management by allowing users to set a policy for automatic scaling of storage capacity, saving time and controlling TCO by enabling growth on demand with user-defined increments.

  • Integration with Azure VMware Solution (GA): Azure Elastic SAN is now fully integrated with AVS, offering a managed, VMware-certified SAN that is scalable, easy to manage, and cost-efficient. This provides AVS customers with flexible storage options suitable for a range of workloads, including backup and disaster recovery.

Azure File Sync Support for Managed Identities (preview)

Azure File Sync support for managed identities is now available in public preview. This update allows users to leverage system-assigned managed identities provided by Microsoft Entra ID, thereby eliminating the need for shared keys as an authentication method for Azure file shares. By configuring managed identities, Azure File Sync deployments benefit from enhanced security through streamlined authentication processes in three key scenarios:

  • Authentication of the Storage Sync Service to Azure file shares

  • Authentication of registered servers to Azure file shares

  • Authentication of registered servers to the Storage Sync Service

The public preview is accessible in all Azure Public and Gov regions where Azure File Sync is supported, and there is no additional cost for utilizing managed identities in these configurations.

Azure Stack

Azure Stack HCI

Upgrade Your Azure Stack HCI 22H2 Clusters to 23H2

Azure Stack HCI version 22H2 will reach retirement in May 2025. After this date, clusters operating on this version will no longer receive monthly security and quality updates. To maintain compliance and continue receiving updates, it is essential to upgrade the operating system to version 23H2.

The recommended action for customers is to promptly initiate the upgrade process by following these steps:

  1. Upgrade the operating system of your Azure Stack HCI cluster to version 23H2 to ensure continued receipt of monthly security and quality updates.

  2. Apply the solution upgrade to receive ongoing feature updates.

Taking these steps promptly will help ensure cluster stability and continued support.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Please follow and like us: