Category Archives: Azure Management

Azure Arc for the management of server systems: benefits and usage scenarios

Heterogeneous infrastructures, applications based on different technologies and solutions located on different public clouds are increasingly common elements in corporate IT environments. These complexities, combined with a continuous evolution of their datacenters bring out more and more the need to visualize, govern and protect IT assets, regardless of where they are running. In Microsoft, this customer need was addressed by designing a solution that allows you to manage complex realities, also offering the possibility of bringing cloud innovation even using existing infrastructures: this solution is called Azure Arc. In particular, Azure Arc for servers extends the possibilities offered by Azure in governance and management also to physical machines and virtual systems that reside in environments other than Azure. In this article we will explore the main benefits and implementation scenarios that can be contemplated by adopting Azure Arc in the management of server systems.

Enabling Azure Arc servers allows you to manage physical servers and virtual machines residing outside Azure, on the on-premises corporate network or at other cloud providers. This management experience, valid for both Windows and Linux systems, is designed to provide consistency with the management methodologies of native virtual machines residing in the Azure environment. In fact, connecting a machine to Azure through Arc is considered in all respects as an Azure resource. Each connected machine has a specific ID, it is included in a resource group and benefits from standard Azure constructs.

Figure 1 – Azure Arc Management Overview

Main usage scenarios

The projection of server resources in Azure using Arc is a useful step to take advantage of the management and monitoring solutions described below.

Visibility and organization

In hybrid and multicloud environments, it can be particularly challenging to get a centralized view of all available resources. Some of these resources are running on Azure, some in a local environment, at branch offices or other cloud providers. By connecting resources to Azure Resource Manager via Azure Arc, it is possible to organize, centrally inventory and manage a wide range of resources, include Windows and Linux servers, server SQL, Kubernetes clusters and Azure services running in Azure and outside Azure. This visibility can be obtained directly from the Azure portal and specific queries can be performed using Azure Resource Graph.

Figure 2 - Azure Arc and resources in the Azure portal

Access management

With Azure Arc for servers it is possible to provide access to systems through Azure role-based access control (Azure RBAC). Furthermore, in the presence of different environments and tenants, Azure Arc also integrates with Azure Lighthouse. This scenario can be of particular interest to providers that offer managed services to multiple customers.

Monitor

Through VM Insights it is possible to consult the main performance data, from the guest operating system. Thanks to the powerful data aggregation and filtering functions, it is possible to easily monitor the performance for a very large number of systems and easily identify those that have performance problems. Furthermore, it is possible to generate a map with the interconnections present between the various components residing on different systems. Maps show how VMs and processes interact with each other and can identify dependencies on third-party services. The solution also allows you to check for connection errors, count connections in real time, network bytes sent and received by processes and latencies encountered at the service level.

Figure 3 – Monitoring: Performance

Figure 4 – Monitoring: Map

Azure Policy guest configurations

Guest Configuration Policies allow you to control settings within a system, both for virtual machines running in Azure environment and for "Arc Connected" machines. Validation is performed by the client and by the Guest Configuration extension as regards:

  • Operating system configuration
  • Configuration or presence of applications
  • Environment settings

At the moment, most of the Azure Guest Configuration Policies only allow you to make checks on the settings inside the machine, but they don't apply configurations. For more information on this scenario, you can consult the article Azure Governance: how to control system configurations in hybrid and multicloud environments.

Inventory

This feature allows you to retrieve inventory information relating to: installed software, files, Registry keys in a Windows environment, Windows Services and Linux Daemons. All this can easily be accessed directly from the portal Azure.

Change Tracking

The functionality ofChange Tracking monitors changes made to systems relatively to Daemons, File, Registry, software and services on Windows . This feature can be very useful in particular for diagnosing specific problems and for enabling alerts in the face of unexpected changes.

Figure 5 – Change Tracking e Inventory

Update Management

The solution ofUpdate Management allows you to have an overall visibility on the compliance of updates for both Windows and Linux systems. The solution is not only useful for consultation purposes, but it also allows you to schedule deployments for installing updates within specific maintenance windows.

Figure 6 – Update Management

Azure Defender
The projection of server resources in Azure using Arc is a useful step to ensure that all the machines in the infrastructure are protected by Azure Defender for Server. Similar to an Azure VM, it will also be necessary to deploy the Log Analytics agent on the target system. To simplify the onboarding process this agent is deployed using the VM extension, and this is one of the advantages of using Arc.

Once the Log Analytics agent has been installed and connected to a workspace used by ASC, the machine will be ready to use and benefit from the various security features offered in the Azure Defender for Servers plan.

Deployment Tools

Deployments can be simplified thanks to the use of Azure Automation State Configuration and of Azure VM extensions. This allows you to contemplate post-deployment configurations or software installation using the Custom Script Extension.

Conclusions

Maintain control and manage the security of workloads running on-premises, in Azure and on other cloud platforms it can be particularly challenging. Thanks to Azure Arc for Servers it is possible to easily extend the typical Azure management and monitoring services to workloads residing outside the Azure environment. Furthermore, Azure Arc allows you to obtain detailed information and organize various IT resources in a single centralized console, useful for effectively managing and controlling your entire IT environment.

Azure Management services: What's new in May 2021

To stay constantly updated on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Log Analytics workspace insights

Microsoft has announced the availability of Log Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: usage, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

  • What are the main tables, those where most of the data is imported?
  • Which resource sends the most logs to the workspace?
  • How long does it take for the logs to reach the workspace?
  • How many agents are connected to the work area? How many are in a health state?
  • Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
  • Who has set a daily limit? When data retention has changed?
    • Useful for keeping a log of changes in workspace settings.

Export of Azure Monitor logs to multiple destinations (preview)

You now have the option to create up to 10 data export rules in each Log Analytics workspace, having the flexibility to decide which tables to export and to which destination (storage accounts oppure event hubs). This configuration possibility makes it possible to address these aspects:

  • Event hub rate limit
  • Single storage account rate limit
  • Different logs can be exported to different destinations.

Updates related to the user interface(UI)

The following user interface updates have been introduced in Log Analytics(UI):

  • Consultation of custom logs: it is now possible to control and manage the table and the custom fields from a new dedicated panel, offering a new user interface that improves the experience of consulting custom logs.
  • Azure Dashboard: the parts of Log Analytics added to Azure dashboards support integration with filters.

Query packs in Azure Monitor (preview)

Query packages have been made available in Azure Monitor , which are essentially ARM objects containing several queries. Among the main features we find:

  • Being ARM objects, precise control of permissions is provided and can be distributed via code and incorporated into policies.
  • They work in all contexts and in all environments, with the ability to upload them to multiple subscriptions.
  • They allow organizations to better organize queries based on their taxonomy, thanks to the presence of new metadata.
  • The clear experience, harmonized and contextual to the environment is incorporated in Log Analytics.

Availability in new regions

Azure Monitor Log Analytics is now also available in the South India region. To check the availability of the service in all the Azure regions you can consult this document.

Secure

Azure Security Center

Integration con GitHub Actions (in public preview)

The integration of Azure Security Center (ASC) with GitHub Actions, in public preview, allows you to easily incorporate security and compliance early in the software development lifecycle. With this integrated experience, you can gain greater visibility into IT operations and IT security, both in the pipeline CI / CD, both in the security scans of container registry within ASC. Furthermore, end-to-end traceability makes it easier for developers to identify issues, improving resolution times and strengthening your cloud security posture.

Re-scanning of containers

Azure Security Center has introduced a new scan for containers that analyzes images to identify vulnerabilities before the push action occurs within the Azure container registries. In the future, ASC will also provide recommendations if you detect workflows that send Docker images without enabling scan actions CI / CD.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Backup for Azure Blobs

Azure Blob Backup is a managed data protection solution, this helps protect block blobs from various data loss scenarios. The data is stored locally within the source storage account and can be restored from a certain time when necessary. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Enable Azure Site Recovery (ASR) when creating virtual machines

While creating new virtual machines from the Azure portal, you can now also enable the Azure Site Recovery replication process. This possibility is included in the virtual machine management options along with those already available, such as Monitoring, Identity, and Backup.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news is the migration of virtual machines and physical servers with operating system disks up to 4 TB, which is now supported using the migration method based on the presence of the agent.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's New in April 2021

Microsoft is constantly announcing news regarding Azure management services. This summary, released on a monthly basis, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Window systemss. The new version includes a new tool for troubleshooting and handles changes to certificates in Azure services differently.

The uniqueness of the name of the Log Analytics workspaces is now per resource group

In the past, the uniqueness of the Azure Monitor Log Analytics workspace was globally for all subscriptions. This meant that when a workspace name was used by a customer, it could not be reused by others. Microsoft has changed the way in which the uniqueness of the workspace name is requested and is now managed in the context of the resource group.

New definitions built-in of the Azure Policy for data encryption in Azure Monitor

Azure Monitor provides built-in policies for data encryption governance and control over the key used for encryption at rest. Here are the new built-in policies available for data encryption:

  • Azure Monitor logs clusters should be encrypted with customer-managed key – Audit if log analytics cluster is defined with customer-managed key.
  • Azure Monitor logs clusters should be created with infrastructure-encryption enabled (double encryption) – Audit log analytics cluster is created with Infrastructure enabled.
  • Azure Monitor logs for application insights should be linked to a log analytics workspace – Audit if application insights is linked to store data in log analytics workspace. Workspace can then be linked to a log analytics cluster for customer-managed key settings.
  • Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption – Audit if workspace has linked storage account, which allows the encryption using customer-managed key.
  • Log alert queries in Azure Monitor will be saved in customer storage account, if workspace has linked storage account, which allows the encryption using customer-managed key.

Improvements for Log Alerts

Log Alerts are available in Azure Monitor that allow users to use a Log Analytics query to evaluate the resources logs at a set frequency and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. In this context, two new highly requested features have been released (in preview):

  • Stateful Log Alert: with this feature enabled, activated alerts are automatically resolved once the condition is no longer satisfied. In this way, the same behavior is adopted as in the alerts related to metrics.
  • Frequency of 1 minute: with this feature enabled, the alert query is evaluated every minute to verify the specified condition, thus reducing the overall time for activating a Log Alert.

Availability in new regions

Azure Monitor Log Analytics is also available in the region South India.

To check the availability of the service in all the Azure regions you can consult this document.

Container insights: support for the monitor of Kubernetes Azure Arc enabled environment (preview)

Containers insights in Azure Monitor has extended its monitor capabilities to Azure Arc Kubernetes clusters as well, providing the same monitoring capabilities present for the Azure Kubernetes service (AKS), which:

  • Visibility on the performance of the environment, through the memory and processor metrics for the controllers, nodes and containers.
  • View information collected through workbooks and in the Azure portal.
  • Alert and possibility of querying historical data for problem solving.
  • Ability to verify Prometheus metrics.

Configure

Azure Automation

Availability in new regions

Azure Automation is also available in the region South India.

Support for System Assigned Managed Identities for cloud and Hybrid job (public preview)

Azure Automation has introduced support for System Assigned Managed Identities for cloud and Hybrid jobs. Among the advantages of using Managed Identities we find:

  • The ability to authenticate to any Azure service that supports Azure AD authentication.
  • Elimination of the management overhead associated with managing Run As accounts in runbook code. This makes it possible to access resources via the Managed Identity of an Automation account from a runbook, without having to worry about creating RunAsCertificate, RunAsConnection, etc.
  • It is not necessary to renew the certificate used by the Automation Run As account.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Azure Dedicated Host protection support

Azure Backup has introduced support for the backup and recovery of virtual machines residing on Azure Dedicated Host, physical servers dedicated to your organization whose capacity is not shared with other customers. This feature is available in all Azure regions where Azure Dedicated Host can be activated.

Azure VM Scale sets protection with orchestration templates (preview)

Azure Backup now allows you to backup and restore Azure VM Scale sets with orchestration models, which provide a logical grouping of virtual machines managed by the platform.

Improvements in encryption using customer managed keys (preview)

Azure Backup now allows you to use your own keys to encrypt backup data residing in the Recovery Services vaults. This new feature allows you to increase the control of the encryption of your data. Furthermore, you can use the Azure Policy to control and apply encryption using keys managed directly by the customer.

Azure Site Recovery

Support for Azure Policy (preview)

The ability to use Azure Policy is now provided to enable large-scale use of Azure Site Recovery for virtual machines. After creating a disaster recovery policy for a resource group, all new virtual machines that will be added to this resource group will have Site Recovery enabled automatically. Furthermore, through a Remediation process, Site Recovery can also be enabled for all virtual machines already present in the Resource Group.

Support for cross-continental disaster recovery (for 3 region pairs)

Azure Site Recovery introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected. This feature is currently available for the following 3 pairs of intercontinental regions:

  • Southeast Asia and Australia East
  • Southeast Asia and Australia Southeast
  • West Europe and South Central US

Support of “proximity placement groups” in hybrid and cloud disaster recovery scenarios

Azure Site Recovery introduced support for “proximity placement groups (PPG)” in hybrid and cloud disaster recovery scenarios. With this support it will be possible to replicate an on-premises physical or virtual machine or an Azure virtual machine within a PPG, in the chosen Azure target area. Upon activation of the failover plan, Site Recovery will activate the failover VM within the target PPG selected by the user. This functionality is available both through the Azure portal and through PowerShell and REST API, across all Azure regions.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this new release was released this month:

  • The tools Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration can be used by connecting privately and securely to the Azure Migrate service via ExpressRoute or via a site-to-site VPN, using Azure private links. This connectivity method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in March 2021

In March there were several news announced by Microsoft regarding Azure management services. In this series of articles, reported monthly, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

What's new in Azure Monitor for Windows Virtual Desktop

Azure Monitor for Windows Virtual Desktop, that will be made available in the coming weeks, will allow you to have a centralized view, containing all the monitor information to help you troubleshoot and operate on a large scale. Thanks to the latest updates it is possible to:

  • View a summary of the status and health of the pool host
  • Find and resolve deployment issues
  • Understanding and addressing user feedback
  • Evaluate resource usage and make scalability decisions, thus achieving optimal cost management

ExpressRoute Monitors in Azure Monitor Network Insights

Azure Monitor Network Insights allows now, through a centralized console, to make the ExpressRoute monitor. The solution displays the following information regarding ExpressRoute connectivity:

  • Topology of all ExpressRoute circuit components (peering, connections and gateways)
  • Provisioning and health status of the various components
  • Circuit metrics (Availability, throughput and packet delivery)
  • Metrics of the ExpressRoute gateway connected to the circuit

Azure Monitor SQL insights for Azure SQL (preview)

Azure Monitor SQL Insights allows you to collect, the analysis and customized display of telemetry data for SQL Database, SQL Managed Instance and SQL Server on board Azure Virtual Machines. The interactive experience introduced by SQL Insights allows you to customize the collection, the frequency of telemetry and to combine data from multiple sources, providing a unified monitoring experience for the SQL environment. SQL Insights is based on the Azure Monitor platform, giving customers access to all the viewing and notification features in the solution.

Azure Monitor Alerts for Azure Backup (preview)

You can now manage backup alerts through the standard Azure Monitor experience. This integration allows users to have a consistent experience in managing alerts across Azure services, including backup.

Azure monitor for containers: live consultation of pods logs & Replica set

Azure monitor for containers introduced support for real-time access to Azure Kubernetes Service Pods and Replica sets logs (AKS). Thanks to this new feature you can search for, filter and view historical pod logs in Log Analytics, you can also troubleshoot and diagnose pods and replica sets.

Container Insights: Persistent Volume monitoring & Tab reports

Container Insights of Azure Monitor introduces two new features:

  • Monitoring dei Persistent Volume (PV) for AKS clusters.
  • A new Reports tab that provides full access to all workbooks related to Kubernetes.

Azure SQL auditing in Log Analytics

It is now possible to merge the audit logs of Azure SQL Database and Azure Synapse Analytics to a Log Analytics workspace and to the Event Hub. This way you can centralize SQL audit logs in one location and do large-scale analysis.

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems, which introduces several improvements and greater stability.

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • Australia Central 2

To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

  • UK West

Azure Automanage

New features for Windows systems and extension to Linux distro

Azure Automanage is a new solution that automates several operations throughout the entire lifecycle of virtual machines located in Azure. It allows you to automatically implement best practices in virtual machine management ensuring compliance regarding security aspects, corporate compliance and business continuity. In this solution, new features have been added to simplify operations on virtual machines (VM) Windows Server, such as installing security patches without restarting. This feature allows security patches to be deployed in seconds, this makes it easier to protect servers from critical threats. Azure Automanage has also been extended to major Linux distributions.

Govern

Azure Policy

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Ability to monitor spending through alerts on expected costs (forecasted cost alerts)
  • New view of subscription costs
  • What's New in Cost Management Labs

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Integrating Azure Firewall management into Security Center
  • Inclusion of the “Disable rule” experience in SQL vulnerability assessment (preview)
  • Azure Monitor Workbooks built into Security Center
  • Azure Audit reports included in the regulatory compliance dashboard (preview)
  • Ability to view recommendation data in Azure Resource Graph with “Explore in ARG”
  • Workflow Automation Deployment Policy Updates
  • Improvements in the recommendations page

Protect

Azure Backup

Backup Center

The new Backup Center solution is now available and offers a unique experience designed for centralized management of large-scale backups. With Backup Center, you can dynamically explore large backup inventories between vaults, subscriptions, different locations and even tenants using Azure Lighthouse. The Backup Center can also govern any actions related to backups. Thanks to integration with Azure Policies and recent additional features for tag-based Azure Policies, large-scale governance can be implemented and compliance monitoring simplified. Backup Center also provides useful information to detect resources that are not protected from backups.

Backup Center supports the following types of workloads:

  • Azure Virtual Machines
  • SQL in Azure Virtual Machines
  • HANA in Azure VMs
  • Azure Files

Furthermore, the following workloads are supported in preview:

  • Azure Disks
  • Azure Blobs
  • Azure Database for PostgreSQL Servers

Azure Managed Disk backups

Azure Backup offers the ability to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

SAP HANA Incremental Backup Support

Azure Backup introduces support for creating incremental SAP HANA backups (at the moment in all regions, except Germany Northeast, Germany Central, France South, and US Gov IOWA). Sap HANA's large DB protection is faster and cheaper with this feature.

Support for Archive storage for backup of VMs and SQL on board VMs (preview)

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, you can move these backups from the standard tier to the new archive tier. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process. In addition to this, Azure Backup will provide, using a specific API, recommendations for moving recovery points to the tier archive.

Backup for Azure Blobs (preview)

Azure Blob backup is an on-premises and managed data protection solution, this helps protect block blobs from various data loss scenarios. Data is stored locally within the source storage account and can be restored from a certain selected time when needed. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Expanding DR scenarios to Availability Zones from Azure

Although Availability Zones are traditionally used by customers for high-availability configurations of environments, can now also be leveraged to implement specific disaster recovery scenarios. This feature allows you to define DR plans for scenarios where the maintenance of data residency and local compliance is required, improving the Recovery Point Objective (RPO). This configuration also reduces the complexity of the configurations required to implement a DR strategy in a secondary region.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support to provide multiple server credentials on the Azure Migrate appliance needed to detect installed applications (software inventory), perform agentless dependency analysis and discover SQL Server instances and databases in the VMware environment.
  • Agentless VMware migration now supports simultaneous replication of 500 VMs for vCenter.
  • Azure Migrate automatically installs the Azure VM agent during migration (using the agentless migration method).
  • Azure Migrate Hub now includes an app containerization tool (preview), with support for ASP.NET and Java web applications, which allows you to facilitate the migration of containerized applications running on Azure Kubernetes Service (AKS).
  • Ability to perform assessment for migration to Azure VMware Solution.
  • The new Azure Migrate PowerShell module (preview) adds support for Server Migration agentless tools for migrating VMware virtual machines (VM) in Azure. Furthermore, you can configure and manage server replication to Azure and migrate them, using Azure PowerShell cmdlets in an automated and repeatable way.

Azure Database Migration

SQL Server discovery and assessment agentless

With Azure Migrate, you can now discover SQL Server instances and databases running in a VMware environment, analyze their configuration, application performance and dependencies to migrate to Azure SQL databases and Azure SQL Managed Instances. The solution can provide information regarding the possibility of migration, correct sizing and SQL Azure cost projections.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in February 2021

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • UAE Central
  • Japan West
  • Australia Central 2 (preview)

To check the availability of the service in all the Azure regions you can consult this document.

The new Azure Monitor agent and the new data collection rules features(preview) extend to new regions and distros

Azure Monitor currently has (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features of this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

As far as the Data Collection is concerned, it introduces these innovations:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

AMA on Linux supports the following new distros for data collection (Data Collection Rules – DCR):

  • CentOS Linux 8*
  • Debian 10
  • Oracle Linux 8*
  • Red Hat Enterprise Linux Server 8*
  • SUSE Linux Enterprise Server 15.2*
  • SUSE Linux Enterprise Server 15.1*
  • Ubuntu 20

*Known issue with Syslog events. Currently only Performance Counters are supported (CPU, Memory, Disk, Network)

Furthermore, AMA and DCR are now available in new regions:

  • UK West (Wuk)
  • Korea Central (If)
  • France Central (Frc)
  • South Africa North (Jnb)
  • Switzerland North

New disk bursting metrics

Azure Monitor allows you to obtain detailed information on the resources deployed and running in the Azure environment. Through metrics, which are resource performance indicators in Azure, you can get detailed information about what's happening. Azure Monitor releases new metrics to help you better understand disk bursting performance. These new metrics provide the expected performance from Premium SSD disks and indicate the amount of bursting credits that have been used.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

  • Japan West
  • UAE Central

To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Cost Management

Availability for Azure Government Pay-As-You-Go subscription

Azure Cost Management features are now also available for Azure Government Pay-As-You-Go subscriptions.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Cross Region Restore (CRR) for Azure virtual machines

Azure Backup stores the backup data in the Recovery Service vault on which a geographical redundancy is set by default. This results in the backup data in the primary region being geographically replicated to the associated secondary region (paired region). However, replicated data in the secondary region is available for recovery only if Azure declares an emergency in the primary region. By adopting this new functionality in Azure Backup, you will be able to start restores of virtual machines in a secondary region at will, making them completely controlled by the customer. To do this, however, the Recovery Service vault that holds the backups must be set up in geographical redundancy. Recovery between different Azure regions is available, still in preview, also for SQL and SAP HANA.

New features for Azure Backup Center (preview)

Backup Center, currently in preview, now also supports the following workloads: SQL in Azure VM, SAP HANA in Azure VM and Azure Files. With the Backup Center, you can centrally manage and monitor backups of all supported Azure workloads.

Furthermore, new built-in policies for Azure Backup have been included in the Backup Center that allow you to configure the backups of virtual machines in Azure based on the resource groups they belong to and the assigned tags.

Azure Backup for SAP HANA: soft limit increased by 2 TB to 8 TB

Thanks to the new data transfer features, Azure Backup now helps protect larger SAP HANA DB. Azure Backup for SAP HANA now allows you to reach data transfer speeds up to 420 MBps for non-log backups (for example full, differential and incremental) and 100 MBps for log backups. Thanks to this improvement in data transfer capacity it is possible to back up ~ 1,5 TB per hour, which results in 6-8 TB of full backups in 4-6 hours. The Azure Backup Service allows you to provide similar speeds even during restore operations.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 54 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in January 2021

The new year began with several announcements from Microsoft regarding news related to Azure management services. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Cross query between Azure Monitor and Azure Data Explorer (preview)

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

  • Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
  • On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Monitoring Azure Data Explorer Cluster with Azure Monitor (preview)

Azure Monitor expands its capabilities with Azure Monitor for Azure Data Explorer, which allows you to perform a complete monitor of Azure Data Explorer clusters, providing a single view of performance, of operations, and actual use.

Integration between Azure Monitor workbooks and Application Change Analysis (preview)

The recently released integration between Azure Monitor and Application Change workbooks allows you to create different types of charts, using as a data source the information regarding the changes that are made in the Azure environment. For example,, you can create charts to see when important changes have occurred in the last few 24 hours, or use the ability to merge to see what changed before a spike in memory that occurred on a VM.

ITSM Connector for ServiceNow ITOM with Secure Export (preview)

Secure Export is the new version (in preview) of the’IT Service Management Connector (ITSM) of Azure Monitor, which allows you to automatically create work items in an ITSM tool, when an Azure Monitor alert is activated. As part of the preview, a new integration with ServiceNow IT Operations Management was introduced (ITOM) using Secure Export.

Azure Monitor Network Insights

Azure Monitor Network Insights is now available and allows , through a centralized console, to monitor your Azure network infrastructure. The main features of Network Insights are as follows:

  • Unique console for the network monitor.
  • Agent configuration is not required.
  • Centralized access to traffic and connectivity monitor tools, that allow you to check health state, metrics, alerts, and data.
  • Viewing the network topology, with the ability to view functional dependencies. This will make it easier to solve any problems.
  • Access resource metrics to debug when needed, without having to write queries or create specific workbooks.

Availability in new regions

Azure Monitor Log Analytics is now available in the following Azure regions: “Germany West Central”, “UAE North”, and “Switzerland West”. Furthermore, Azure Log Analytics is available in preview in two new regions: “UAE Central” and “Japan West”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is now available in the “UAE North” and in the region of “Switzerland West”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Support for NSG Flow Logs

TheNSG flow logs in the Azure platform, they allow you to maintain the visibility of network traffic entering and leaving the Network Security Groups. To simplify the deployment experience, NSG flow logs Integrated support has been introduced in the Azure Policy, which allows you to check the enabled status and to force the collection of NSG flow logs when disabled, specifically by using the following policies:

  • Audit policy: NSGs flag without Flow logs enabled
  • DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled   

Azure Cost Management

Updates related to Azure Cost Management and Billing

Microsoft is constantly looking for new ways to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . In this article some of the latest improvements and updates regarding this solution are reported, including:

  • New cost view for resource groups
  • Saving the last scope used
  • What's New in Cost Management Labs
  • Definition of roles and responsibilities
  • Cost-saving methodologies by running .NET apps on Azure
  • New ways to save money
  • New videos to deepen these issues
  • Documentation updates

Secure

Azure Security Center

Vulnerability assessment for on-premises and multi-cloud systems

The Azure Security Center solution has recently been enriched with the ability to carry out an integrated Vulnerability Assessment, not just virtual machines in Azure, but also systems located on-premises or in multi-cloud environments, as long as Azure Arc has been enabled.

The vulnerability scanning included in Azure Defender for servers is done through the solutionQualys, which is recognized as a leading tool for real-time identification of potential vulnerabilities in the systems.

Thanks to this update, it is possible to harness the power of Azure Defender for server to consolidate the vulnerability management program on all resources in your environment (Azure and not). Among the main features we find:

  • Monitoring the VA scan (vulnerability assessment) on Azure Arc machines
  • Provisioning the VA agent on Azure Arc Windows and Linux machines (manually and on a large scale)
  • Receiving and analyzing vulnerabilities detected by distributed agents (manually and on a large scale)
  • Unified experience for Azure VMs and Azure Arc machines

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Azure Security Benchmark becomes the default initiative
  • Secure score for management groups (preview)
  • Secure score API
  • DNS sangling security added to Azure Defender for App Service
  • Multi-cloud connectors
  • Exemption, for subscriptions and management groups, for recommendations from the secure score
  • Users can request visibility “tenant-wide”
  • 35 recommendations in previews added
  • CSV export of filtered lists of recommendations
  • Resources “Not applicable” are reported as “Compliant” in Azure Policy assessments
  • Weekly export of secure score and regulatory compliance data through continuous export (preview)

Azure Defender for SQL updates and enhancements

In Azure Security Center, the following updates and improvements have been made to Azure Defender for SQL:

Protect

Azure Backup

Azure Managed Disk backups (limited preview)

Azure Backup offers the ability, at the moment by accessing a limited preview, to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

Encryption at rest with keys “customer-managed”

Azure Backup introduces encryption at rest support using customer-managed keys. This feature encrypts backup data in recovery services vaults using your keys in the Azure Key Vault. Data is protected using a data encryption key (DEK) AES-based 256, which in turn is protected using the keys stored in the Key Vault. Compared to encryption that uses keys managed by the Azure platform (available by default), this support gives you more control over encryption key management, enabling you to best meet your compliance needs.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 53 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in December 2020

In December several news regarding Azure management services were announced by Microsoft. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New Azure Monitor agent and new Data Collection Rules features(preview)

Azure Monitor introduces (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

Azure Monitor for Windows Virtual Desktop (preview)

Azure Monitor now allows you to perform the following operations related to Windows Virtual Desktop environments:

  • View a summary of the status and health of host pools
  • Find and resolve any deployment issues
  • Evaluate resource usage and make decisions about scalability and cost management
  • Understanding and addressing user feedback

Azure Monitor for containers: tab reports and deployment logs

In Azure Monitor for containers a new tab has been made available Reports that gives customers complete access to all advanced monitoring workbooks for Kubernetes, for example: Node-disk, Node-network, workloads and Persistent Volume monitoring.

Furthermore, you can now view real-time logs of Azure Kubernetes Service deployments (AKS), accessing the live logs of the pods directly. Log Analytics will allow you to search by applying filters to view historical pod deployment logs, useful for diagnosing any issues.

Azure Monitor for containers: support for Private Cluster live logs (preview)

In Azure Monitor for containers support for private cluster live logs has been introduced, this allows you to view in real time container logs, pod events and metrics. For more details please visit the Microsoft-specific documentation.

Infrastructure Encryption for Azure Monitor data 

Starting from 1 November 2020 data that flows into Azure Monitor is encrypted twice: at the service level and now also at the infrastructure level, thanks to the double encryption available for Azure storage.

Configure

Azure Automation

Support for Azure Private Link available

Microsoft has introduced support forAzure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

  • Establish a private connection with Azure Automation, without opening access from the public network.
  • Ensure that Azure Automation data is accessible only through authorized private networks.
  • Protect yourself from data extraction by allowing granular access to specific resources.
  • Keep all traffic within the Microsoft Azure backbone network.

Availability in new regions

Azure Automation is now available in the “Norway East” and “Germany West Central”. To check the availability of the service in all the Azure regions you can consult this document.

Support for Python3 runbooks (preview)

In Azure Automation, you can now import, create and run runbooks Python 3 in Azure or in a Hybrid Runbook Worker.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: what's new in November 2020

In November, Microsoft unveiled several news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released forLinux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of features for Azure Arc VMs. It also includes a new troubleshooting tool.

Availability in new regions

Azure Log Analytics is now available in the "Brazil Southeast" and "Norway East" regions. It is also available in preview in three new regions: “Germany West Central”, “UAE North”, and “Switzerland West”. To check the availability of the service in all the Azure regions you can consultthis document.

Virtual Machines Guest Health (preview)

The functionality Virtual Machines Guest Health allows you to monitor the health status of the CPU, disk and memory for a virtual machine and allows you to receive alerts for changes. Each monitor measures the health status of a particular component and the three states covered are: Healthy, Warning, and Critical. These states are defined based on the thresholds set by the user for each monitor. The functionality Virtual Machines Guest Health has a hierarchical model “father-son” where the overall integrity of the virtual machine is determined by the integrity of its individual monitors and corresponds to the monitor state “son” having the worst state of integrity.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Brazil Southeast”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Export and management of Azure Policies as code with GitHub

You can now export Azure policies to GitHub directly from the Azure portal, through the “Export definitions”. After exporting, you can use GitHub actions to create custom workflows for deploying policies from GitHub to Azure. For further information you can consult this documentation.

Azure Advisor

New recommendations

Azure Adivisor has added the following recommendations to help improve the reliability and performance of Azure resources.

Reliability:

Performance:

Protect

Azure Backup

Soft Delete for SQL Server and SAP HANA in Azure VMs

Azure Backup officially released thesoft delete also with regard to the SQL Server and SAP HANA protection on board Azure virtual machinesSoft delete is a security feature that allows you to protect your backups even after you delete it. Thanks toSoft delete, in the event that a backup is removed accidentally or for malicious actions, you are guaranteed that the backup data is still maintained for 14 days from the cancellation date. This feature, that doesn't include any additional costs, allows you to recover any backups removed within the retention period.

News in SAP HANA protection

Azure Backup makes it easy to back up and restore SAP HANA databases running on Azure virtual machines and is BackInt certified by SAP. With regard to the protection of SAP HANA, the following innovations have been introduced:

  • Support for SAP HANA incremental database backups (preview).
  • Azure Backup's SAP HANA backup uses a pre-registration script to create a HANA user to perform backup and restore operations, which has suffered significant updates about the permissions required by the user who is used to perform backups.

Long term protection for Azure PostgreSQL

Azure Backup provides the ability to keep Azure Database backups for PostgreSQL up to 10 years. To consult the advanced protection features of Azure PostgreSQL databases you can consult this article.

Azure Resource Manager template support for backing up Azure file shares

Azure Backup introduced the ability to configure backup protection for Azure file shares by using the Azure Resource Manager declarative template (ARM). With this new option, you can enable backup of Azure file shares through a specific JSON file that can be deployed through the Azure portal, Azure Powershell or with azure command-line interface.

Azure Site Recovery

DR for Azure VM: increased the maximum disk size

Azure Site Recovery now enables Disaster Recovery scenarios for virtual machines in Azure with managed disks up to 32 TB, replicated in a secondary region.

Migrate

Azure Migrate

PowerShell support for the Server Migrate tool

In Azure Migrate, thanks to the addition of a new PowerShell-based management interface for the Server Migrate tool, you can configure and manage server replication and migration to Azure using Azure PowerShell cmdlets. This allows you to perform migrations in a repeatable and automated way, being able to obtain greater scalability and speed in the migration processes.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

How to optimize management and costs of Azure virtual machines with SQL Server

For virtual machines in Azure environment on which SQL Server is running, a new management mode has been introduced that makes the maintenance activities necessary to increase security easier, obtain cost benefits and optimize deployments. This article describes how to enable this new feature and explores the benefits that can be achieved.

Azure provides a wide range of fully managed SQL database services, modern and secure that can support different scenarios, like re-hosting, modernizing existing SQL Server workloads and developing new cloud applications.

Figure 1 - SQL Service family

Although the adoption of managed services leads to high benefits in terms of costs, management and scalability, IaaS virtual machines with SQL Server installed are often still required in the Azure environment. This scenario is also common when dealing with "lift and shift" migrations of virtual machines from the on-premises environment.

Figure 2 – Administration effort in Cloud migration scenarios

In order to optimize and automate management and administration tasks, it is possible to activate the new extension SQL Server IaaS Agent (SqlIaasExtension) on Azure virtual machines with SQL Server installed. By registering this extension from the Azure portal it will be possible to access the "SQL virtual machines" group of resources as well as the classic "Virtual machines".

The adoption of this extension is completely free and the data collection carried out is aimed exclusively at offering new features from the Azure portal. Collected data will not be used by Microsoft to perform license checks without the customer's prior consent.

How to activate this new management method?

The first step required to use the extension SQL Server IaaS Agent is to register the resource provider Microsoft.SqlVirtualMachine on the specific subscription. This provider offers to the extension the ability to create resources within that specific subscription.

Figure 3 – Resource provider registration

Once this operation has been completed, it is advisable to choose the management method to be adopted, among the following:

  • Lightweight mode: in this mode, the extension binary files are copied to the virtual machine, but no agent is installed and the SQL Server service running on the VM is not restarted. By adopting this mode, you can only change the type of license and the edition of SQL Server, in addition to having a limited set of management options. This is the default management mode when using the automatic registration feature which can be activated from the Azure portal or through manual registration.

Figure 4 – Auto-enrollment from the Azure portal

Figure 5 – Select the subscription during the automatic registration phase from the Azure portal

The adoption of this mode has no impact on the use of virtual machine resources in terms of memory and CPU and it is recommended to activate this mode before the full management mode (full mode).

  • Full mode: in this mode, it is planned to install the SQL IaaS Agent aboard the virtual machine and a complete management experience is provided. Activating this mode involves restarting the SQL Server service. Full mode specifically installs two Windows services that, from direct experience, can have an impact on memory and CPU usage that is not always negligible.
  • NoAgent Mode: this is the mode dedicated to installations of SQL Server 2008 and SQL Server 2008 R2 on board Windows Server 2008. For this mode there is no impact on the use of memory or CPU and it is not necessary to restart SQL Server.

Virtual machines with SQL Server that have registered the extension in "lightweight" mode can upgrade to "full" mode via the Azure portal, Azure command line or Azure PowerShell. There is no downgrade procedure, but to switch from "full" mode to "lightweight" mode it is necessary to unregister on the VM the extension SQL IaaS Agent.

When you activate a virtual machine with SQL Server by using the images available in the Azure Marketplace, the extension SQL Server IaaS Agent is automatically registered if the specific resource provider is active on the subscription.

For more details on the registration process and the commands that you can use, please refer to this Microsoft's document.

Features offered

The extension SQL Server IaaS Agent allows you to take advantage, direct from the Azure Portal, of the benefits listed below for virtual machines hosting SQL Server:

  • Management from the Azure portal: you can view and manage specific SQL-related features of all virtual machines with SQL Server on board, at a single centralized point in the Azure portal.

Figure 6 – SQL Server management using the SQL Server IaaS Agent extension

  • Backup management: it will be possible to schedule backups for databases by selecting various options such as backup encryption, the setting of the retention period, the backup of system databases and the configuration of a manual or automatic schedule. This feature is useful for SQL Server protection when you do not want to adopt a specific backup solution, but it is sufficient to back up the databases on the instance to a storage account.

Figure 7 – Manage SQL Server backups by using the SQL Server IaaS Agent extension

  • Patching management: you will be allowed to configure a maintenance window during which can be installed security updates, coming from Windows Update and classified as critical or important, of Windows and SQL Server.

Figure 8 – Patching by using the SQL Server IaaS Agent extension

  • Security aspects and Azure Key Vault integration: it will be possible to manage the port to connect to the SQL Server instance. Furthermore, you will be allowed to enable SQL authentication, specifying a particular login. If the SQL Server SKU supports it, it is also possible to install and configure integration with Azure Key Vault, to use data encryption features such as Transparent Database Encryption, Column Level Encryption and Always Encrypted.

Figure 9 – Manage security aspects and integration with Azure Key Vault by using the SQL Server IaaS Agent extension

  • Licensing management: it will be possible to easily change the way SQL Server is licensed, thus being able to obtain direct cost savings.

Figure 10 – Manage SQL Server licensing by using the SQL Server IaaS Agent extension

  • Flexible management of the version and of the edition: in case there is a need to change the version or edition of SQL Server, you can update the metadata within the Azure portal without having to redeploy the entire SQL Server VM.

Figure 11 – Manage the SQL Server edition by using the SQL Server IaaS Agent extension

  • Enabling R Services (Advanced analytics): if the system is used in Machine Learning, the possibility of installing this feature is provided, during SQL Server setup, to allow the execution of R scripts on the SQL Server virtual machine.

Figure 12 – Enable R Services by using the SQL Server IaaS Agent extension

  • Configure Always On availability group functionality: directly from the Azure portal it is possible to activate high availability and disaster recovery mechanisms by configuring the Always On availability group.

Figure 13 - Activation of the Always On availability group functionality through the SQL Server IaaS Agent extension

Conclusions

Thanks to the adoption of this recent extension SQL Server IaaS Agent, running SQL Server on board an Azure virtual machine allows you to take advantage of various additional features and to have an optimal management experience, similar to SQL Server managed service. All these features also allow for greater ease of use and important advantages in SQL Server management compared to implementations on on-premise virtual machines.

Azure Management services: what's new in October 2020

In October, Microsoft announced a considerable number of news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released for Linux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of the features for Azure Arc VMs. Also included is support for Python 3 and a new troubleshooting tool.

Monitor Azure Arc-enabled Kubernetes environments

Azure Monitor for Containers now extends support by contemplating alerts related to metrics of azure arc-enabled kubernetes environments. These metric alerts enable an effective monitor of system resources. To see the list of alerts available for Azure Arc-enabled Kubernetes clusters, please consult this document.

Azure Monitor for containers: Network Policy Manager support (Preview)
It is now possible to monitor the networking of AKS clusters using Network Policy Manager (NPM). In this way Azure monitor for containers will collect the metrics and report any anomalies in the configuration or in the performance of the network.

Azure Monitor for containers: persistent volume monitoring support (PV)

Azure Monitor for containers is now able to monitor the capacity of the persistent volume (PV) connected to the AKS cluster, collecting capacity metrics for all PVs, except for kubesystemnamespace.

Azure Monitor Log Analytics data export (preview)

This feature allows you to continuously export data that resides in certain tables in a Log Analytics workspace to an Azure storage account (every hour) or to Azure Event Hub (almost in real time). When exporting to a storage account, each table is stored in a separate container. Similarly, when you export to event hub, each table is exported to a new event hub instance. There is currently no method for filtering data and limiting the export of only certain events. By adopting this feature you can take advantage of the following benefits:

  • Low cost data retention
  • Easier compliance when data retention is required for an extended period of time
  • Integration with third-party solutions such as Azure Data Lake and Splunk
  • Low-latency export to Event Hub, enabling near real-time monitoring and alerts

Availability in new regions (preview)

Azure Log Analytics is now available in preview in the region of “Brazil Southeast” and “Norway East”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Switzerland North”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Added support for keys, secrets, and certificates in Azure Policy for Key Vault

Azure Policies for Key Vault allow you to control secrets, keys, and certificates stored in the key vault to ensure that set compliance requirements are met. Any secrets, keys, or certificates that do not meet the requirements will appear as non-compliant in the policy compliance dashboard. Furthermore, you can set deny policies to prevent users from creating or importing objects into the key vault that do not comply with the policies that you set. Compliance results can also be published in Azure Security Center.

Azure Cost Management

Azure Cost Management + Billing updates

During this month, news was announced regarding the following areas of Azure Cost Management and Billing:

Azure Advisor

New recommendations

The following recommendations have been added in Azure Adivisor to improve resource performance:

  • Use the Accelerated Writes feature in your HBase cluster
  • Review Azure Data Explorer table cache-period (policy)
  • Optimize MySQL temporary-table sizing
  • Distribute data in server group to distribute workload among nodes

For further information you can consult this article.

Furthermore, to improve the operation of the Azure environment, the following recommendations have been included:

  • Ensure that at least one host pool is Validation Environment enabled
  • Make sure not too many host pools have Validation Environment enabled
  • Use Traffic Analytics to view insights into traffic patterns across Azure resources

More details are available in this article.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 51 which solves several issues and introduces support for the following Linux distributions: SUSE 15 SP2, RHEL 7.9 e Cent OS 7.9. The related details and the procedure to follow for installation can be found in specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.