Category Archives: Announcements and updates

Azure IaaS and Azure Stack: announcements and updates (June 2020 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New general purpose and memory-optimized Azure Virtual Machines with Intel

New general purpose and memory-optimized Azure Virtual Machines based on the 2nd generation Intel Xeon Platinum 8272CL (Cascade Lake) are available.

With this announcement, Microsoft is introducing two new Azure Virtual Machines families, one of which represents a brand-new product category in the portfolio:

  • The Azure Ddv4 and Ddsv4 and Edv4 and Edsv4 virtual machines, which include a local data temporary disk (now generally available)
  • The Azure Dv4 and Dsv4 and Ev4 and Esv4 virtual machines, a new category of virtual machines, which rely on remote disks and do not provide temporary local storage (now in preview).

The new virtual machine (VM) sizes deliver up to roughly 20 percent CPU performance improvement compared to their predecessors, the Dv3 and Ev3 VM families.

Azure Virtual Machines DCsv2-series is now available in new regions

Confidential computing DCsv2-series virtual machines (VMs) are now available in East US, Canada Central, UK South, and West Europe.

Extended term reservation for the Azure HBv2 Virtual Machine

Announcing the availability of the 5-year reservation for the Azure HBv2 Virtual Machine. The extended term reservation provides significant cost discount compared to pay-as-you-go rates. The extended term reservation provides continuous access to HBv2 resources for all supported Azure regions.

Storage

Azure Storage account failover

Customer-initiated Storage account failover is now generally available, allowing you to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes. Customer initiated failover is available for GRS, RA-GRS, GZRS, and RA-GZRS accounts.

Azure geo-zone-redundant storage is now generally available

Geo-zone-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS) are now generally available, offering intra-regional and inter-regional high availability and disaster protection for your applications. GZRS writes three copies of your data synchronously across multiple Azure Availability zones, similar to zone-redundant storage (ZRS), providing you continued read and write access even if a datacenter or availability zone is unavailable. In addition, GZRS asynchronously replicates your data to the secondary geo-pair region to protect against regional unavailability. RA-GZRS exposes a read endpoint on this secondary replica allowing you to read data in the event of primary region unavailability.

Ephemeral OS disks for Azure Virtual Machines (VMs) now support additional VM sizes (preview)

You now have the ability to store ephemeral OS disks on the VM temp or resource disk in addition to the VM cache (in preview). This enables their use with VMs that don’t have a cache, or have insufficient cache, but do have a temp or resource disk to store the ephemeral OS disk such as Dav3, Dav4, Eav4, and Eav3.

Networking

Web Application Firewall for Azure Front Door service logging enhancements

Azure Web Application Firewall for Azure Front Door Service now has a match details field in the logs to provide insights on why a request triggered a Web Application Firewall rule. In addition, you can facilitate further analysis by embedding the unique reference string in a Web Application Firewall custom response message to link the request to a specific entry in the Azure Front Door Service and Web Application Firewall logs.

Rules Engine for Azure Front Door and Azure CDN

The Rules Engine feature on both Azure Front Door and Azure Content Delivery Network (CDN) is now generally available. Rules Engine places the specific routing needs of your customers at the forefront of Azure’s global application delivery services, giving you more control in how you define and enforce what content gets served from where.

Azure IaaS and Azure Stack: announcements and updates (June 2020 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New Azure Virtual Machines with high-performance local SSD are generally available

The new Dd v4-series and Ed v4-series series Azure Virtual Machines provide up to 64 vCPUs and are based on the Intel® Xeon® Platinum 8272CL processor. This custom processor runs at a base speed of 2.5 Ghz and can achieve up to 3.4 Ghz all core turbo frequency. The Dd v4-series and Dds v4 virtual machine (VM) sizes are well suited for applications that benefit from low latency, high-speed local storage (up to 2,400 GiB.) The Edv4-series and Edsv4-series VM sizes are ideal for various memory-intensive enterprise applications and feature up to 504 GiB of RAM, in addition to high-performance local SSD storage (up to 2,400 GiB.)

Azure Dedicated Hosts now support additional Azure Virtual Machines

Deploy M-series, NV v3-series and NV v4-series Azure Virtual Machines on Azure Dedicated Hosts. This will expand the range of workloads you can run on Dedicated Hosts to include memory-intensive and graphics-intensive applications.

Storage

Azure File Sync agent v10.1

The Azure File Sync agent v10.1 update is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

  • Azure private endpoint support
  • Files Synced metric will now display progress while a large sync is running, rather than at the end.
  • Miscellaneous reliability improvements for agent installation, cloud tiering, sync and telemetry.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 10.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4522411.

Networking

Azure App Service regional virtual network integration for Linux apps is available

The regional virtual network integration feature of Azure App Service, which enables access to resources in your virtual network across service endpoints or ExpressRoute connections, is now available in public regions.

Azure IaaS and Azure Stack: announcements and updates (May 2020 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure DevTest Labs updates

New updates are available in Azure DevTest Labs:

  • Azure DevTest Labs is now available in the Switzerland North and Switzerland West regions. The support includes full Azure DevTest Labs capabilities.
  • Azure DevTest Labs environments are now available in Azure Government.

Storage

Object replication public preview for Azure Blob storage

Object replication is a new capability for block blobs that lets you replicate your data from your blob container in one storage account to another anywhere in Azure. Object replication unblocks a new set of common replication scenarios:

  • Minimize latency – have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency – have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution – have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
  • Minimize cost – tier down your data to Archive upon replication completion using lifecycle management policies to minimize the cost.
Azure File Sync: new version

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes frequently after installing the Azure File Sync v10 agent.

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 10.0.2.0.
  • A restart is required for servers that have an existing Azure File Sync agent installation.
  • Installation instructions are documented in KB4522412.

Azure Ultra Disk Storage available in more regions

Azure Ultra Disks offers high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs). Azure Ultra Disk Storage is now available in Central US, West US, South Central US, US Gov Virginia, France Central, and Japan East.

Azure server-side encryption with customer-managed keys available for Azure Ultra Disks

Azure Ultra Disk customers already benefit from server-side encription (SSE) with platform-managed keys for Azure Managed Disks enabled by default. SSE with customer-managed keys (CMK) improves on platform-managed keys by giving you control of the encryption keys to meet your compliance needs. SSE with CMK is integrated with Azure Key Vault, which provides highly available and scalable secure storage for your keys backed by hardware security modules (HSM). You can either bring your own keys (BYOK) to your key vault or generate new keys in the Key Vault.

Networking

Azure Firewall updates

New key features are now available in Azure Firewall:

  • Forced tunneling: configure a default route (0.0.0.0/0) on the AzureFirewallSubnet or publish a default route to the firewall over BGP, to send all traffic to on-premises or nearby NVA.
  • SQL FQDN filtering: filter outbound SQL traffic using application rules. Support is for SQL proxy mode only. Redirect mode support is tentatively planned for later in 2020.
  • The limit for Azure DevTest Labs from 100 to 250 for both DNAT and SNAT.

These features are included in the Azure Firewall standard SKU, so there is no change in the price.

Network service tiers with new Routing Preference option in preview
Using the new “Routing Preference” option in Azure, customers can choose how their traffic is routed between Azure and the internet. Prior to making “routing preferences” customer selectable, Azure exclusively kept and optimized customer traffic over Azure’s global network. The introduction of this new competitive egress tier adds a secondary option for solutions that do not require the premium predictability and performance of Microsoft’s global network. Instead it will allow customers to further architect their traffic to their needs and allow routing to the public internet as quickly as possible. Customers will have the option to select routing preference while creating a public IP address for an IaaS resource such as a Virtual Machine, Virtual Machine Scale Set or internet-facing Load Balancer, and for their Azure storage account.

Azure Peering Service is generally available

Peering Service is a networking capability that enhances customer connectivity to Microsoft cloud services such as Office 365, Dynamics 365, software as a service (SaaS) services, Azure, or any Microsoft services accessible via the public internet. Microsoft has partnered with internet service providers (ISPs), internet exchange partners (IXPs), and software-defined cloud interconnect (SDCI) providers worldwide to provide reliable and high-performing public connectivity with optimal routing from the customer to the Microsoft network.

Enterprises looking for internet-first access to the cloud, or considering SD-WAN architecture, or with high usage of Microsoft SaaS services need robust and high-performing internet connectivity. Customers can work with their Telco/carrier to take advantage of Peering Service, which is now generally available.

Key customer features include:

  • Best public routing (optimum route hops/AS hops) over the internet to Microsoft cloud services for optimal performance and reliability.
  • Ability to select the preferred service provider to connect to the Microsoft cloud.
  • Traffic insights such as latency reporting and prefix monitoring.
  • Route analytics and statistics: Events for (BGP) route anomalies (leak or hijack detection) and suboptimal routing.

Azure Stack

Azure Stack expands solutions and partner ecosystem
A host of new Azure Stack portfolio partners are accelerating time to value for hybrid customers today:

  • The Aware Group, which builds IoT Edge modules that use AI to detect anomalies and perform noise classification, is now delivering modules and
    solutions tailored to the industry.
  • Avanade is offering customers a fully managed Azure Stack Hub leveraging HPE’s Edgeline EL8000, a small form factor that does not require external cooling, making it ideal for locations like retail or manufacturing, where a datacenter may not be available on site.
  • CloudAssert is providing an enterprise cloud-based solution streamlining the management and operations of multiple Azure Stack Hub deployments, including resources located on-premises and public clouds, with a single pane of glass.
  • Microsoft is also launching the open-source Fast Healthcare Interoperability Resources (FHIR) server available now for Azure Stack Hub and Azure Stack Edge. Customers can now quickly connect existing data sources such as electronic health record systems or research databases at the edge while addressing compliance and regulatory requirements.
  • Finally, now available on GitHub, manufacturing customers can get started with an AI solution at the edge that combines the power of Azure Stack Hub and Azure Stack Edge with computer vision to modernize a factory floor.

Azure Stack Hub

Azure Stack Hub updates will simplify fleet and resource management and enable graphic-heavy scenarios
New Azure Stack Hub updates will simplify fleet and resource management, and enable accelerated machine learning scenarios, virtual desktop infrastructure and other graphics-heavy scenarios with GPUs:

  • Azure Stack Hub Fleet Management (private preview): Azure Stack Hub fleet management gives customers a single view and management method from Azure for all their Azure Stack Hub deployments.
  • ManagedIQ (CloudForms) (public preview): ManagedIQ, formerly known as CloudForms, now allows cloud operators to manage their resources on Azure Stack Hub and use RedHat technical tooling to manage the Azure Stack Hub. ManagedIQ is a supported platform from IBM and RedHat.
  • AKS Resource Provider on Azure Stack (private preview): The Azure Kubernetes Service (AKS) Resource Provider (RP) on Azure Stack Hub is a fully managed service for easily managing containerized applications for customers to automatically create and manage Kubernetes clusters on Azure
    Stack Hub.
  • GPU Partitioning using AMD GPUs (private preview): Graphics processing
    unit (GPU) partitioning for visualization using AMD GPUs on Azure Stack
    Hub is now available, enabling virtual desktop infrastructure (VDI) and other
    graphics-heavy scenarios on Azure Stack Hub.

Support for Windows containers Azure Container Networking Interface on Azure Stack Hub coming soon

Windows containers and Azure Container Networking Interface in Azure Kubernetes Service (AKS) engine deployed Kubernetes clusters will soon be in private preview.
The Azure Container Networking Interface plug-in lets you deploy and manage your own Kubernetes clusters with native Azure networking capability by default. This release, which will come as an update to the Azure Kubernetes Service engine, expands the capabilities of Kubernetes clusters on Azure Stack Hub.

Azure Stack Hub supports cross-platform compatibility on PowerShell

Azure Stack Hub now supports cross-platform compatibility on PowerShell and ensures hybrid consistency with Azure. Azure Stack Hub will utilize Az modules with new resource providers from Azure IoT Hub, Azure Stack Edge, and EventHub. This enables full cross-compatibility with Azure and Azure Stack Hub using PowerShell and PowerShell Core. Install PowerShell and connect to Azure Stack Hub on MacOs. This is available through the Az PowerShell installer.

Azure IaaS and Azure Stack: announcements and updates (May 2020 – Weeks: 19 and 20)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New Azure VMware Solution in preview

Azure VMware Solution empowers customers to seamlessly extend or migrate their existing on-premises VMware applications to Azure without the cost, effort or risk of re-architecting applications or retooling operations. Preview of the new solution is initially available in US East and West Europe Azure regions. The new Azure VMware Solution is expected to be generally available in the second half of 2020 and at that time, availability will be extended across more regions.

The new Azure VMware Solution is:

  • First Party Microsoft Azure service, endorsed by VMware. The new release of Azure VMware Solution is built on Microsoft Azure without the use of a third-party technology. The solution is also cloud verified by VMware and leverages components of the VMware Cloud Foundation framework including vSphere, vCenter, NSX-T, vSAN and HCX.
  • Seamless integrated Azure experience. In the new solution Microsoft has rearchitected the Software Defined Datacenter (SDDC) layer that underpins the Private Cloud, ensuring a truly seamless Azure experience for customers.
  • VMware HCX Enterprise now available. The new Azure VMware Solution includes HCX Enterprise edition as an option. With additional features from HCX Enterprise, customers can further simplify their migration efforts to Azure including support for bulk live migrations.
  • Leverage pricing benefits for Microsoft workloads. Azure VMware Solutions supports the Azure Hybrid Benefit and Azure VMware Solution customers are also eligible for three years of free Extended Security Updates on 2008 versions of Windows Server and SQL Server.

New cloud regions in Italy, New Zealand and Poland

Microsoft announced plans for new cloud datacenter regions in three countries: Italy, New Zealand and Poland. In Italy, Microsoft is building a new datacenter region in Milan, which will provide access to Azure, Microsoft 365/Office 365 and Dynamics 365 and the Power Platform set of tools.

Virtual machine (VM)-level disk bursting

Virtual machine-level disk bursting is a new feature that allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily to handle unforeseen spikey disk traffic smoothly and process batched jobs with speed. The feature is now enabled on all Azure Lsv2-series virtual machines, with support for more virtual machine types and families to come soon. This feature doesn’t cost anything extra and comes enabled by default.

General availability of Azure Spot Virtual Machines

Azure Spot VMs provide access to unused Azure compute capacity at deep discounts. Spot pricing is available on single VMs in addition to VM scale sets (VMSS). This enables you to deploy a broader variety of workloads on Azure while enjoying access to discounted pricing compared to pay-as-you-go rates. Spot VMs offer the same characteristics as a pay-as-you-go virtual machine, the differences being pricing and evictions. Spot VMs can be evicted at any time if Azure needs capacity.

Storage

Azure Blob versioning public preview

Applications and users create, update, and delete data in Azure Blob storage continuously. A common requirement is the ability to manage and access both current and historical versions of the data. As the next step to enhance data management and protection, the Blob storage versioning preview is available. Azure Blob Versioning automatically maintains previous versions of an object and identifies them with version IDs. You can list both the current blob and previous versions using version ID timestamps. You can also access and restore previous versions as the most recent version of your data if it was erroneously modified or deleted by an application or other users.

Blob Index for Azure Storage in preview

Blob Index, a managed secondary index, allowing you to store multi-dimensional object attributes to describe your data objects for Azure Blob storage. It is now available in preview. Built on top of blob storage, Blob Index offers consistent reliability, availability, and performance for all your workloads. Blob Index provides native object management and filtering capabilities, which allows you to categorize and find data based on attribute tags set on the data.

General availability of geo-zone-redundant storage (GZRS)

GZRS helps achieve higher data resiliency by:

  • Synchronously writing three replicas of your data across multiple availability zones (like ZRS today) protecting from cluster, datacenter or entire zone failure.
  • Asynchronously replicating the data to another region within the same geo into a single zone (like LRS today) protecting from a regional outage.

When using GZRS, you can continue to read and write the data even if one of the availability zones in the primary region is unavailable. In the event of a regional failure you can also use read-access geo-zone-redundant storage (RA-GZRS) to continue having read access to your data or execute account failover to also restore write accessibility. GZRS provides a great balance of high performance, high availability and disaster recovery and is beneficial when building highly available applications/services in Azure.

Azure File Sync is removing support for TLS 1.0 and 1.1

Azure File Sync service will remove support for TLS 1.0 and 1.1 in August 2020.

Networking

Azure Virtual Network NAT in Azure Government and Azure China

Azure Virtual Network NAT (network address translation) is now generally available in the Azure Government and Azure China regions. NAT simplifies outbound-only internet connectivity for virtual networks and can be configured for one or more subnets of a virtual network.

Azure Firewall Updates

Two new key features in Azure Firewall are generally available:

Additionally, Microsoft is increasing the limit for multiple public IP addresses from 100 to 250 for both DNAT and SNAT.

Rules Engine for Azure Front Door Service is now in preview

Rules Engine on Azure Front Door Service brings your specific routing needs to the forefront of its application delivery experience, giving you more control over how you define and enforce what content gets served from where. Rules Engine empowers you to modify request and response headers, or dynamically override your existing route behavior based on incoming requests.

Private Link is now available on Event Grid

Azure Event Grid now has Private Link integration for custom topics and event domains, generally available in all Azure regions, allowing virtual network resources within their production workloads to communicate directly to their Event Grid topics without accessing the public internet. This enables enterprise workloads to take advantage of event-driven architectures securely for mission-critical workloads that require network isolation.

Azure Stack

Azure Stack Hub

Azure App Service and Azure Functions on Azure Stack Hub update available

A major update to Azure App Service on Azure Stack Hub is now available. The update build number is 87.0.2.10. All fixes and updates are detailed in the release notes.

This release updates the resource provider and brings new key capabilities and fixes:

  • Updates to App Service Tenant, Admin, Azure Functions portals, and Kudu tools.
  • Updates Azure Functions runtime to v1.0.13021.
  • Updates to core service to improve reliability and error messaging will enable easier diagnosis of common issues.
  • Updates to the application frameworks and tools including .NET Framework, ASP.NET Core, PHP, NodeJS, and NPM.
  • Windows Server updates to underlying operating system of all roles.
  • Cumulative updates for Windows Server are now applied to controller roles as part of deployment and upgrade.
  • Updated default virtual machine and scale set SKUs for new deployments.

Azure IaaS and Azure Stack: announcements and updates (May 2020 – Weeks: 17 and 18)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Maintenance control for platform updates

The maintenance control feature for Azure Virtual Machines platform updates is now generally available for Azure Dedicated Hosts and isolated virtual machines (VMs). This feature gives you more control over platform maintenance when dealing with highly sensitive workloads. Use this feature to control all host updates, including rebootless updates, within a 35-day window. The ability to control the maintenance window is particularly useful when you deploy workloads that are extremely sensitive to interruptions running on an Azure Dedicated Host or an isolated VM where the underlying physical server runs a single customer’s workload. This feature is not supported for VMs deployed in hosts shared with other customers.

New DCsv2-series virtual machines are available

You can develop confidential applications that protect data while it’s being processed in the CPU with new DCsv2-series virtual machines (VMs), powered by Intel SGX. Traditionally, applications are protected while at rest and in transit. Now, you can deliver applications that protect data while in use. This enables a new set of scenarios like multiparty sharing, where it’s possible to combine data from multiple companies to run machine learning models without the companies getting access to each other’s data.

Windows Server containers in AKS now generally available

Windows Server containers in Azure Kubernetes Service (AKS) are now generally available. You can take advantage of this new feature to run Linux and Windows workloads side-by-side in a single cluster using the same tools. Create/upgrade/scale Windows node pools in AKS through the standard tools (portal/CLI) and Azure will help manage the health of the cluster.

Azure Migrate now available in Azure Government

Microsoft’s service for datacenter migration, Azure Migrate, is now available in Azure Government, unlocking the whole range of functionality for government customers. Azure Migrate V2 for Azure Government includes a one-stop shop for discovery, assessment, and migration of largescale datacenters.

Storage

Enhanced features in Azure Archive Storage

Three new feature enhancements for Azure Block Blob storage and Azure Archive storage are now generally available, making the service faster, simpler, and more capable.

  • Priority retrieval from Azure Archive. High rehydrate-priority fulfills the need for emergency data rehydrate from archive, with retrievals for blobs of a few GB typically taking less than one hour.
  • Upload blob direct to access tier of your choice. The PutBlob or PutBlockList API allows you to upload your blob data directly to any access tier (hot, cool, or archive). This enables customers to write cold data directly to Azure Archive, realizing their cost savings immediately.
  • CopyBlob enhanced capabilities. The CopyBlob API supports the archive access tier, allowing you to copy data into and out of the archive access tier within the same storage account. It also includes support for the other two new features—priority retrieval and direct to access tier of your choice.

Networking

Azure Firewall: support for Windows Virtual Desktop

You can use Azure Firewall to protect Window Virtual Desktop deployments. In addition there are FQDN tags for Windows Virtual Desktop (WVD).

Azure Private Link for AKS is generally available

Azure Kubernetes Service (AKS) Private Link is generally available. You can use it to isolate your Kubernetes API server within your Azure virtual network, enabling fully private communication with the managed Kubernetes control plane hosted by AKS.

Azure IaaS and Azure Stack: announcements and updates (April 2020 – Weeks: 15 and 16)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

SQL Server 2019 IaaS images with Linux distribution support now available

Azure Marketplace pay-as-you-go images for SQL Server 2019 on RHEL 8.0, Ubuntu 18.04, and SLES 12 SP5 are now generally available.

Virtual machine scale sets: automatic image upgrades for custom images

Virtual machine scale sets now provide the ability to automatically deploy new versions of custom images to scale set virtual machines. Enabling automatic OS image upgrades on your scale set helps ease update management by safely and automatically upgrading the OS disk for all virtual machines in the scale set. This capability is now available in preview for custom images through Shared Image Gallery.

Automatic instance repairs for virtual machine scale sets

Virtual machine scale sets now provide the capability to automatically repair unhealthy instances based on application health status. Configure the scale set instances to emit application health by using either the application health extension or Azure Load Balancer health probes. After the automatic repairs policy is enabled, when an instance is found to be unhealthy, the scale set will automatically delete the unhealthy instance and create a new one to replace it.

Azure Migrate is now available in Azure Government

Azure Migrate provides a hub of Microsoft and partner tools to help customers meet their migration needs. Azure Migrate also offers scenarios for database migration, VDI migration, and web application migration, in addition to at-scale migration of VMware, Hyper-V, and physical servers to Azure. All Azure Migrate features, including agentless discovery and assessment, application inventory, and migration, are now available in Azure Government.

Azure File Sync v10 released

The Azure File Sync agent v10 release is being released to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

  • Improved sync progress in the portal
  • Improved cloud tiering portal experience
  • Support for moving the Storage Sync Service and/or storage account to a different Azure Active Directory (AAD) tenant
  • Evaluation tool now identifies files or directories that end with a period
  • Miscellaneous performance and reliability improvements

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog by following the steps documented in KB4522409.

Networking

Azure Virtual Network supports reverse DNS lookup

Azure Virtual Network now supports reverse DNS lookup (PTR DNS queries) for virtual machine IP addresses by default. Use this to quickly look up name of the VM from its IP address. Previously, using DNS queries to look up the fully qualified domain name (FQDN) for a virtual machine from its IP address would result in an NXDOMAIN response. Now, instead of getting an NXDOMAIN, you’ll receive valid FQDN of the virtual machine to which the IP address belongs.

Azure IaaS and Azure Stack: announcements and updates (April 2020 – Weeks: 13 and 14)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Spot Virtual Machines are now generally available

Spot Virtual Machines provide scalability while reducing costs and they’re ideal for workloads that can be interrupted. Get unique Azure pricing and benefits when running Windows Server workloads on Spot Virtual Machines.

Storage

Direct Upload of Azure Managed Disks

Customers can bring an on-premises VHD to Azure as a managed disk in two ways: copy the VHD into a storage account before converting it into a managed disk, or attach an empty managed disk to a virtual machine and do a copy. Both of these have disadvantages. The first option requires maintaining storage accounts, while the second option has the additional cost of running virtual machines. Direct upload addresses both these issues and provides a simplified workflow by allowing you to copy an on-premises VHD directly into an empty managed disk. You can use it to upload to Standard HDD, Standard SSD, and Premium SSD managed disks of all the supported sizes.

New Azure Disk sizes and bursting support 

Azure Disks, block-level storage volumes managed by Azure and used with Azure Virtual Machines, now have new 4-GiB, 8-GiB, and 16-GiB sizes available on both premium and standard SSDs. The new disk sizes introduced on standard SSD disk provide the most cost-efficient SSD offering in the cloud, providing consistent disk performance at the lowest cost per GB. In addition, Microsoft now supports bursting on Azure premium SSD disks in all Azure regions in the public cloud. With bursting, even the smallest premium SSD disks at 4-GiB can now achieve up to 3,500 IOPS and 170 MiB/second, and better accommodate spiky workloads. It can be best used for OS disks to accelerate virtual machine (VM) boot or data disks to accommodate spiky traffic. To learn more about disk bursting, read the premium SSD bursting article.

Azure Ultra Disks: Shared disk capability in preview

Attach an Azure managed disk to multiple virtual machines (VMs) simultaneously using the new shared disks feature of Azure Managed Disks. Deploy new or migrate existing clustered applications to Azure by attaching a managed disk to multiple VMs. Shared disks also support SCSI persistent reservation protocol.

Server-side encryption with customer-managed keys for Azure Managed Disks in GA 

Azure customers already benefit from server-side encryption with platform-managed keys for Managed Disks enabled by default. Server-side encryption with customer-managed keys improves on platform-managed keys by giving you control of the encryption keys to meet your compliance need. Today, customers can also use Azure Disk Encryption which leverages the BitLocker feature of Windows and the DM-Crypt feature of Linux to encrypt Managed Disks with customer-managed keys within the guest VM. Server-side encryption with customer-managed keys improves on Azure Disk encryption by enabling you to use any OS types and images, including custom images, for your virtual machines by encrypting data in the Storage service.

General availability of incremental snapshots of Managed Disks

Incremental snapshots are a cost-effective, point-in-time backup of managed disks. Unlike current snapshots, which are billed for the full size, incremental snapshots are billed for the delta changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage irrespective of the storage type of the parent disks. For additional reliability, incremental snapshots are stored on Zone Redundant Storage (ZRS) by default in regions that support ZRS. Incremental snapshots provide differential capability, enabling customers and independent solution vendors (ISVs) to build backup and disaster recovery solutions for Managed Disks. It allows you to get the changes between two snapshots of the same disk, thus copying only changed data between two snapshots across regions, reducing time and cost for backup and disaster recovery. Incremental snapshots are accessible instantaneously; you can read the underlying data of incremental snapshots or restore disks from them as soon as they are created. Azure Managed Disk inherit all the compelling capabilities of current snapshots and have a lifetime independent from their parent managed disks and independent of each other.

New additions to the Azure Archive Storage partner network

Azure Archive Storage is now integrated with new partners including IBM Spectrum Protect Plus, NetApp StorageGRID, Rubrik, and Veritas NetBackup, making the partner network even more comprehensive. Other Azure Archive Storage partners include Archive360, CloudBerry Lab, Cohesity, Commvault, HubStor, Igneous, NetApp, and Tiger Technology. 

Networking

IPv6 for Azure Virtual Network is generally available

IPv6 for Azure Virtual Network is now generally available worldwide. IPv6 support within the Azure Virtual Network and to the internet enables you to expand into the growing mobile and IoT markets with Azure-based applications and to address IPv4 depletion in your own corporate networks.

Azure Container Registry support for Private Link now in preview

Azure Container Registry now supports Private Link, a means to limit network traffic of resources within the virtual network.

Azure Edge Zones extends Azure services to the edge

Azure Edge Zones combines the power of Azure, 5G, carriers, and operators around the world to enable new scenarios for developers, customers and partners. These new offerings are coming to preview and will help local telecoms and carrier partners drive new solutions for business and society, including autonomous vehicles, smart cities, virtual reality, and other smart industry use cases. 

Azure Stack

Azure Stack Edge

Azure Stack Edge preview

Microsoft also announced the expansion of Azure Stack Edge preview with the NVIDIA T4 Tensor Core GPU. Azure Stack Edge is a cloud managed appliance that provides processing for fast local analysis and insights to the data. With the addition of an NVIDIA GPU, customers are able to build in the cloud then run at the edge.

Azure Stack Hub

Azure Stack Hub preview

Microsoft, in collaboration with NVIDIA, is announcing that Azure Stack Hub with Azure NC-Series Virtual Machine (VM) support is now in preview. GPU support in Azure Stack Hub unlocks a variety of new solution opportunities. With our Azure Stack Hub hardware partners, customers can choose the appropriate GPU for their workloads to enable Artificial Intelligence, training, inference, and visualization scenarios.

Event Hubs on Azure Stack Hub in preview

We are now announcing the availability of the preview version of Event Hubs on Azure Stack Hub. Event Hubs on Azure Stack Hub will allow you to realize cloud and on-premises scenarios that use streaming and event-based architectures.

Azure IaaS and Azure Stack: announcements and updates (March 2020 – Weeks: 11 and 12)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Virtual Network NAT generally available

Azure Virtual Network NAT (Network Address Translation) simplifies outbound-only Internet connectivity for virtual networks. NAT can be configured for one or more subnets of a virtual network and provides on-demand connectivity for virtual machines.

Private Endpoints for Azure Storage are Generally Available

Private Endpoints provide secure connectivity to Azure Storage from a Azure virtual network (VNet). On-premises networks can also securely connect to a storage account using a private endpoint when that network is to a VNet using Express Route or VPN. Private Endpoints for Azure Storage are now generally available in all Azure public regions.

Azure Web Application Firewall integration with Azure Content Delivery Network service in preview

Azure Web Application Firewall service protects your web applications from malicious attacks. In addition to Azure Application Gateway and Azure Front Door service, Web Application Firewall is now natively integrated with Azure Content Delivery Network, protecting Content Delivery Network endpoints from common exploits such as SQL injection and cross site scripting (XSS) attacks.

Private Link for different Azure services is available

Azure Private Link is now generally available (GA) for the below services:

  • Azure Storage
  • Azure Data Lake Storage Gen 2
  • Azure SQL Database
  • Azure Cosmos DB
  • Azure Synapse Analytics (SQL Data Warehouse)
  • Azure Key Vault
  • Azure Database for MySQL
  • Azure Database for PostgreSQL
  • Azure Database for MariaDB
  • Azure Kubernetes Service -> Kubernetes API

In addition, Private Link is now available in preview for the following services:

  • App Service
  • Azure Cognitive Search
  • Event Hub
  • Service Bus
  • Azure Relay
  • Azure Backup
  • Azure Container Registry
  • Event Grid -> Topics
  • Event Grid -> Domains

App Service regional Virtual Network integration

The regional Virtual Network integration feature has now entered general availability (GA) and supports sending all outbound calls into your virtual network. Use features like network NSGs and UDRs against all outbound traffic from your web app.

Azure Shared Disks for clustered applications in preview

Azure Shared Disks is a shared block storage offering, enabling customers to run latency-sensitive workloads without compromising on well-known deployment patterns for fast failover and high availability. Azure Shared Disks are best suited for clustered databases, parallel file systems, persistent containers, and machine learning applications. Azure Shared Disks provide a consistent experience for applications running on Windows or Linux based clusters today.

ACR built-in audit policies for Azure Policy in preview

Azure Container Registry now supports built-in audit policies for Azure Policy.

Preparing for TLS 1.2 in Microsoft Azure

Microsoft Azure recommends all customers complete migration towards solutions that support transport layer security (TLS) 1.2 and to make sure that TLS 1.2 is used by default.

Azure File Sync agent version 6.x will expire on April 21, 2020

On April 21, 2020, Azure File Sync agent version 6.x will be expired and stop syncing. If you have servers with agent version 6.x, update to a supported agent version (7.x or later).

Azure Storage: Append Blob immutability support is generally available

Store business-critical data objects in a non-erasable and non-modifiable state for a user-specified retention interval using immutable storage for Azure Blob storage. Append blobs allow the addition of new data blocks to the end of an object and are optimized for data append operations required by auditing and logging scenarios.

General availability of NVv4 and HBv2-Series virtual machines

General availability of NVv4 virtual machines in South Central US, East US, and West Europe regions. Additional regions are planned in the coming months. With NVv4, Azure is the first public cloud to offer GPU partitioning built on industry-standard SR-IOV technology. HBv2-series VMs for HPC are now available in the Azure West Europe region.

Azure IaaS and Azure Stack: announcements and updates (March 2020 – Weeks: 09 and 10)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

New datacenter region in Spain

Microsoft will open a datacenter region in Spain to help accelerate digital transformation of public and private entities of all sizes, helping them to innovate, scale and migrate their businesses to the cloud in a secure way.

Microsoft will retire classic IaaS VMs

Because Azure Resource Manager now has all the infrastructure as a service (IaaS) capabilities of Azure Service Management and new advancements, Microsoft will retire classic IaaS VMs on March 1, 2023. Beginning March 1, 2023, customers who are using classic IaaS VMs will no longer be able to start any classic IaaS VMs using ASM. Any remaining VMs in a running or stopped-allocated state will be moved to a stopped-deallocated state. The following Azure services and functionality will not be impacted by this retirement: Cloud Services, storage accounts not used by classic VMs, and virtual networks (VNets) not used by classic VMs.

Azure Virtual Network service endpoint policies feature

Azure Virtual Network service endpoint policies enable you to prevent unauthorized access to Azure Storage accounts from your virtual network. It enables you to limit access to only specific whitelisted Azure Storage resources by applying endpoint policies over the service endpoint configuration.

Azure Load Balancer TCP resets on idle timeout is available

Azure Load Balancer now supports sending bidirectional TCP resets on idle timeout for load balancing rules, inbound NAT rules, and outbound rules. This is available in all regions. Use this ability to help applications gain visibility into when Standard Load Balancer terminates connections due to idle timeout. When enabled, Standard Load Balancer will generate a TCP reset packet to both the client and server side of a TCP connection on idle timeout. This allows applications to behave more predictably, as well as to detect the termination of a connection, remove expired connections, and initiate new connections. CP resets can be enabled on standard load balancers using the Azure portal, Resource Manager templates, CLI, and PowerShell.

Web Application Firewall with Azure Front Door service supports exclusion lists

Web Application Firewall exclusion lists allow you to omit certain request attributes from a rule evaluation. You can use them to fine tune Web Application Firewall policies for your applications.

Azure StorSimple 8000/1200 series will no longer be supported starting December 31, 2022

Microsoft has been expanding the portfolio of Azure Hybrid storage capabilities with new services for data tiering and cloud ingestion, providing more options to customers for storing data in Azure in native formats. In conjunction with this, support for the following StorSimple versions will end December 31, 2022.

Active Directory for authentication on SMB access to Azure File in preview

Azure Files Active Directory (Azure AD) Authentication is in preview. You can use it to mount your Azure Files using Azure AD credentials with the exact same access control experience as on-premises.

HPC-optimized virtual machines are available

Azure HBv2-series Virtual Machines (VMs) are generally available in the South Central US region. HBv2 VMs will also be available in West Europe, East US, West US 2, North Central US, Japan East soon. HBv2 VMs deliver supercomputer-class performance, message passing interface (MPI) scalability, and cost efficiency for a variety of real-world high performance computing (HPC) workloads, such as CFD, explicit finite element analysis, seismic processing, reservoir modeling, rendering, and weather simulation.

A8 – A11 Azure Virtual Machine sizes will be retired on March 1, 2021

Microsoft is retiring A8 – A11 Azure Virtual Machine sizes on March 1, 2021. Starting today, customers with existing A8 – A11 size virtual machines will be able to deploy more of the same size, but new customers will no longer be able to create A8 – A11 VMs. After March 1, 2021, any remaining A8 – A11 size virtual machines remaining in your subscription will be set to a deallocated state. These virtual machines will be stopped and removed from the host. These virtual machines will no longer be billed in the deallocated state.

NDv2-Series VMs are Generally Available

NDv2 GPU VMs for high-end deep learning training and HPC workloads are going GA in East US, South Central US, and West Europe.

NVv4-Series VMs are Generally Available

Microsoft announced general availability of NVv4 Virtual Machines. NVv4 VMs are designed to provide you unprecedented GPU resourcing flexibility. You can now choose VMs with a whole GPU all the way down to 1/8th of a GPU.

Virtual machine scale sets now simpler to manage

Three new capabilities that simplify the overall management of virtual machine scale sets in Azure are now available. New custom scale-in policies for virtual machine scale sets let you specify the order in which virtual machines (VMs) within a scale set are deleted during a scale-in operation based on a set of criteria (such as the newest VM that was added to a scale set). New instance protection policies enable you to protect one or more individual VMs in a scale set. Two new capabilities are provided:

  • Protect from scale-in blocks instance deletion during scale-in operations.
  • Protect from scale set actions blocks all scale set operations including upgrades and reimage.

It’s also now possible to receive notifications about instance deletions and to set up a predefined delay timeout for the deletion operation. Notifications are sent through Azure Metadata Service Scheduled Events. Delay timeouts can range between 5 and 15 minutes.

Azure IaaS and Azure Stack: announcements and updates (February 2020 – Weeks: 07 and 08)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Firewall Manager now supports virtual networks

Azure Firewall Manager Preview now supports Azure Firewall deployments in virtual networks (also known as hub virtual networks) in addition to its support for Azure Firewall deployments in virtual WAN hubs (also known as secured virtual hubs).

New Azure Firewall certification and features

New Azure Firewall capabilities are available:

  • ICSA Labs Corporate Firewall Certification.
  • Forced tunneling support now in preview.
  • IP Groups now in preview.
  • Customer configured SNAT private IP address ranges now generally available.
  • High ports restriction relaxation now generally available.

Form more detrails you can read this document.

Azure Virtual Network: Network address translation in preview

Azure Virtual Network now offers network address translation (NAT) (in preview) to simplify outbound-only internet connectivity for virtual networks. All outbound connectivity uses the public IP address and/or public IP prefix resources connected to the virtual network NAT. Outbound connectivity is possible without a load balancer or public IP addresses directly attached to virtual machines. Virtual Network NAT Preview is fully managed, highly resilient, and is currently available in the following regions:

  • Europe West
  • Japan East
  • US East 2
  • US West
  • US West 2
  • US West Central 

Preview of Azure Shared Disks for clustered applications

The limited preview of Azure Shared Disks, the industry’s first shared cloud block storage, is available. Azure Shared Disks enables the next wave of block storage workloads migrating to the cloud including the most demanding enterprise applications, currently running on-premises on Storage Area Networks (SANs). These include clustered databases, parallel file systems, persistent containers, and machine learning applications. This unique capability enables customers to run latency-sensitive workloads, without compromising on well-known deployment patterns for fast failover and high availability. This includes applications built for Windows or Linux-based clustered filesystems like Global File System 2 (GFS2). With Azure Shared Disks, customers now have the flexibility to migrate clustered environments running on Windows Server, including Windows Server 2008 (which has reached End-of-Support), to Azure. This capability is designed to support SQL Server Failover Cluster Instances (FCI)Scale-out File Servers (SoFS)Remote Desktop Servers (RDS), and SAP ASCS/SCS running on Windows Server.

Azure Private Link is generally available

Azure Private Link is now generally available. Azure Private Link is a secure and scalable way for you to consume services (such as Azure PaaS,  Partner Service, BYOS) on the Azure platform privately from within your virtual network. Private Link also enables you to create and render your own services on Azure. It enables a true private connectivity experience between services and virtual networks.

Azure Resource Manager template support for NSG flow logs

Now, Azure Resource Manage, the native and powerful way to manage your infrastructure as code, supports the deployment of network security group (NSG) flow logs through templates. NSG flow logs are now an Azure Resource Manager resource so you have the ability to deploy flow logs programmatically and set up Azure Governance policies to verify that flow logs are enabled. 

Azure Network Watcher is generally available in four new regions

Azure Network Watcher is now generally available in UAE North, Switzerland North, Norway West, and Germany West Central regions.

Native Azure Active Directory authentication support and Azure VPN Client 

Native Azure Active Directory (Azure AD) authentication support for OpenVPN protocol, and Azure VPN Client for Windows are generally available for Azure point-to-site (P2S) VPN. Native Azure AD authentication support enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN Gateway integration and a new Azure VPN client to obtain and validate an Azure AD token.

Unified network monitoring with connection monitor in preview

Azure Network Watcher now has a new and improved connection monitor feature. Connection monitor provides unified end-to-end connection monitoring capabilities for hybrid and Azure deployments. Some of the new capabilities include:

  • A single console for configuring and monitoring connectivity and network quality from Azure and on-premises VMs/hosts. 
  • The ability to monitor endpoints within and across Azure regions, on-premises sites, and global service locations. 
  • Higher and configurable probing frequencies and support for more protocols.
  • Faster time to detect and diagnose issues in Azure and hybrid networks.
  • Access to historical monitoring data retained in Log Analytics. 

Azure Bastion is available in 20 new regions

Azure Bastion, the managed PaaS service that provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL and without any public IP on your virtual machines, is now generally available in 20 new regions.

Active Directory authentication support on Azure Files (preview)

You can now mount your Azure Files using AD credentials with the exact same access control experience as on-premises. You may leverage an Active Directory domain service either hosted on-premises or on Azure for authenticating user access to Azure Files for both premium and standard tiers. Managing file permissions is also simple. As long as your Active Directory identities are synced to Azure AD, you can continue to manage the share level permission through standard role-based access control (RBAC). For directory and file level permission, you simply configure Windows ACLs (NTFS DACLs) using Windows File Explorer just like any regular file share. 

Azure Stack

Kubernetes on Azure Stack 

Microsoft now supports Kubernetes cluster deployment on Azure Stack, a certified Kubernetes Cloud Provider. Install Kubernetes using Azure Resource Manager templates generated by ACS-Engine on Azure Stack.