Category Archives: Azure Networking

Azure IaaS and Azure Stack: announcements and updates (January 2022 – Weeks: 03 and 04)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Azure NetApp Files: new features

New features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities have recently received general availability status and no longer need registration for use:

The following new features have been added in public preview :

Regional coverage continues to expand, and Azure NetApp Files is now generally available in:

  • East Asia
  • Switzerland North
  • Switzerland West
  • West US 3

Feature regional coverage continues to expand as well for cross-region replication, cross region replication region pair additions:

  • West US 3 <-> East US
  • Southeast Asia <-> East Asia
  • Switzerland North <-> Switzerland West
  • UsGov Virginia <-> UsGov Texas
  • UsGov Arizona <-> UsGov Texas
  • UsGov Virginia <-> UsGov Arizona

Azure IaaS and Azure Stack: announcements and updates (January 2022 – Weeks: 01 and 02)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Price reductions for Azure confidential computing

Microsoft is announcing a price reduction on the DCsv2 and DCsv3-series VMs by up to 33%. The price reduction enables the data protection benefits of ACC with no premium compared to general purpose VMs on a per physical core basis. New prices took effect on 1/1/2022. If you are already using DCsv2 and DCsv3-series VMs prior to 1/1/2022, you will see the price reduction in your next bill.

Storage

Azure Ultra Disk Storage is available in West US 3

Azure Ultra Disk Storage is now available in West US 3. Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure virtual machines (VMs). Ultra Disks are suited for data-intensive workloads such as SAP HANA, top tier databases, and transaction-heavy workloads.

Networking

Multiple custom BGP APIPA addresses for active VPN gateways

All SKUs of active-active VPN gateways now support multiple custom BGP APIPA addresses for each instance. Automatic Private IP Addressing (APIPA) addresses are commonly used as the BGP IP addresses for VPN connectivity. In addition to many on-premises VPN devices requiring multiple custom APIPA addresses for BGP, this feature enables BGP connections to Amazon Web Services (AWS) and other cloud providers.

Load Balancer SKU upgrade through PowerShell script

You can now upgrade your Azure Load Balancer from Basic SKU to Standard SKU by using a PowerShell script. By upgrading to Standard SKU, the Load Balancer enables the network layer traffic to drive higher performance and stronger resiliency, along with an improved integration experience with other Azure services. The PowerShell script creates the Standard SKU Load Balancer with the same configurations as the Basic Load Balancer. In addition, the script migrates the backend resources to the Standard Load Balancer for you.

Azure Traffic Manager: additional IP addresses for endpoint monitoring service

Traffic Manager uses a probing mechanism to evaluate your application endpoints. To enhance the capacity of our probing plane, Microsoft will be increasing the number of probes deployed within Traffic Manager’s endpoint monitoring service over the next few years to continue to mitigate the large amount of growth. Your applications will see an increase in number of health probes and some of these probes may originate from new IP addresses. These changes will start to go live on 21st January 2022 at 20:00 UTC.

Recommended action: if you use a network access control mechanism (e.g., Azure Firewall or Network Security Groups) and are not using Service Tags (AzureTrafficManager), please continue checking this updated list of IP addresses each Wednesday, until further notice, to ensure you allow incoming traffic from these new IP addresses. Failure to do so may cause some Traffic Manager health probes for the application endpoints to fail and may result in misrouting of traffic. No action is required access control isn’t used or network access control is utilized with AzureTrafficManager service tags.

Azure Networking: how to extend an on-premises network to Azure with private connectivity

When you decide to undertake a strategy based on a hybrid cloud, that combines on-premises IT resources with public cloud resources and services, it is advisable to carefully consider how to connect your local network with the virtual networks present in the public cloud. In Azure one option is to use ExpressRoute, a private and dedicated connection that takes place through a third-party connectivity provider. This article describes possible network architectures with ExpressRoute, together with a series of precautions to be taken into consideration for a successful deployment.

Very often a Site-to-site VPN is used to establish connectivity between the on-premise resources and the resources in Azure environment attested on the Virtual Networks. This type of connectivity is ideal for the following use cases:

  • Development environments, test, laboratories, but also production workloads where the resources located in the Azure environment do not use the connectivity to the on-premises environment intensively and strategically and vice versa.
  • When you have an acceptable tolerance for bandwidth and speed in the hybrid connection.

There are some use cases, however, where ExpressRoute should be configured, according to Microsoft best practices, to ensure bidirectional connectivity between the on-premise network and virtual networks (vNet) of Azure of the customer. Indeed, ExpressRoute is suitable for the following use cases:

  • If high speed requirements are to be met, connection with low latency and high availability / resilience.
  • In the presence of mission-critical workloads that use hybrid connectivity.

What is ExpressRoute?

Thanks to ExpressRoute it is possible to activate a dedicated private connection, provided by a third party connectivity provider, to extend the on-premises network to Azure. ExpressRoute connections do not go through the public internet. In this way they can offer a higher level of security, greater reliability, faster speeds and consistent latencies than traditional internet connections.

Figure 1 - ExpressRoute logic diagram

ExpressRoute connections enable access to the following services:

  • Microsoft Azure services (scenario covered in this article).
  • Services of Microsoft 365. Microsoft 365 it has been designed to be accessed securely and reliably over the Internet. For this reason it is recommended that you use ExpressRoute with Microsoft 365 only in certain scenarios, as described in this Microsoft article.

It is possible to create an ExpressRoute connection between the local network and the Microsoft cloud via four different modes:

Figure 2 - ExpressRoute connectivity models

Connectivity providers can offer one or more connectivity models and you can choose the most appropriate model for your connectivity needs.

Reference architectures

The following reference architecture shows how you can connect your on-premises network to virtual networks in Azure, using Azure ExpressRoute.

Figure 3 - Reference architecture to extend a local network with ExpressRoute

The architecture will consist of the following components.

  • On-premises corporate network (“On-premises network” in the schema). This is the Customer's private local network.
  • Local Edge Routers. These are the routers that connect the local network to the circuit managed by the provider.
  • ExpressRoute Circuit. It is a circuit layer 2 or layer 3, provided by the connectivity provider, which joins the local network to Azure via edge router. The circuit uses the hardware infrastructure managed by the connectivity provider.
  • Edge router Microsoft. These are routers in an active-active high availability configuration. These routers allow the connectivity provider to connect their circuits directly to the data center.
  • Virtual network gateway (ExpressRoute). The ExpressRoute virtual network gateway enables the virtual network (VNet) Azure to connect to the ExpressRoute circuit used for connectivity with the local network.
  • Azure virtual networks (VNet). Virtual networks residing in an Azure region.

In the architecture described above, ExpressRoute will be used as the primary connectivity channel to connect the on-premises network to Azure.

Furthermore, it is possible to use a site-to-site VPN connection as a source of backup connectivity to improve connectivity resilience. In this case, the reference architecture will be the following:

Figure 4 - Reference architecture to use both ExpressRoute and a site-to-site VPN connection

In this scenario they are expected, in addition to the architectural components described above, the following components:

  • Appliance VPN on-premises. A device or service that provides external connectivity to the local network. The VPN appliance can be a hardware device or a supported software solution for connecting to Azure.
  • Virtual network gateway (VPN). The VPN virtual network gateway allows the virtual network to connect to the VPN appliance present in the local network.
  • VPN connection. The connection has properties that specify the type of connection (IPSec) and the key shared with the local VPN appliance to encrypt the traffic.

How to monitor ExpressRoute

To allow you to monitor network resources in the presence of ExpressRoute connectivity, you can use the Azure Monitor platform tool, through which you can check availability, performance, the use and operation of this connectivity.

A screenshot of the solution is shown as an example.

Figure 5 – ExpressRoute circuit monitor via Azure Monitor

This solution will provide a detailed topology mapping of all ExpressRoute components (peering, connections, gateway) in relation to each other. The detailed network information for ExpressRoute will include a dashboard through which the metrics can be consulted, the actual speed, any drop of network packets and gateway metrics.

As an example, a dashboard screen showing the total throughput of inbound and outbound traffic for the ExpressRoute circuit is shown (expressed in bits / second). Furthermore, you can view the throughput for individual connections.

Figure 6 - Metrics relating to the Throughput of ExpressRoute connections

For more details you can refer to the Microsoft official documentation on how to make the ExpressRoute monitor.

Security Considerations

Microsoft in the security baselines for ExpressRoute, refer to the Azure Security Benchmark version 1.0, the Azure-specific set of guidelines created by Microsoft, provides several indications that are recommended to be followed. Among the main ones that should be adopted we find:

  • Definition and implementation of standard security configurations for Azure ExpressRoute using Azure Policy.
  • Use of tags for Azure ExpressRoute components in order to provide metadata and a logical and structured organization of resources.
  • Locking to prevent accidental deletion or unwanted modification of Azure components related to ExpressRoute configuration.
  • Using Azure Platform Tools to Monitor Network Resource Configurations and Detect Network Resource Changes of ExpressRoute Connections. Creating Alerts in Azure Monitor to be generated when changes are made to critical resources.
  • Configure centralized collection of Activity Logs for ExpressRoute components.

Conclusions

ExpressRoute offers a fast and reliable connection to Azure with bandwidths that can reach up to 100 Gbps. It is therefore an ideal option for specific scenarios such as periodic data migration, replication for business continuity purposes, the disaster recovery, and the activation of high availability strategies. Thanks to ExpressRoute's fast speed and low latency times, Azure will feel like a natural extension of your data centers. In this way, it is possible to take advantage of the scalability and innovation of the public cloud without compromising in terms of network performance.

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 51 and 52)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In the past two weeks, Microsoft hasn’t made any major announcements regarding these topics. However, here are some links to interesting videos made by John Savill, Principal Cloud Solution Architect at Microsoft:

I take this opportunity to wish you happy holidays and happy New Year!

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 49 and 50)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual Machine restore points (preview)

Public preview of VM restore point is available, a new resource that stores VM configuration and a point-in-time snapshot of one or more managed disks attached to a VM. VM restore points supports multi-disk application consistent snapshots and can be leveraged to easily capture backups of your VM and disks. You can easily restore the VM using VM restore points in cases of data loss, corruption, or disasters. Microsoft is also introducing a new Azure Resource Manager (ARM) resource called Restore Point Collection, which will act as a container for all the restore points of a specific VM.

Placement polices for Azure VMware Solution

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution Software-Defined Data Center (SDDC). These constraints allow the you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster.

Storage

Secure access to storage account from a virtual network/subnet in any region (preview)

You can secure access to your storage account by enabling a service endpoint for Storage in the subnet and configuring a virtual network rule for that subnet through the Azure storage firewall. You can now configure your storage account to allow access from virtual networks and subnets in any Azure region. By default, service endpoints enable connectivity from a virtual network to a storage account in the same Azure region as the virtual network or it’s paired Azure region. This preview enables you to register your subnet to allow service endpoint connectivity to storage accounts in any Azure region across the globe.

Attribute-based Access Control (ABAC) conditions with principal attributes (preview)

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments expressed as a predicate using these attributes. This update to the preview enables the use of Azure AD custom security attributes for principals in role assignment conditions. You can now use combine principal attributes with resource and request attributes in your condition expressions.

Soft delete for blobs capability for Azure Data Lake Storage

Soft delete for blobs capability for Azure Data Lake Storage is now generally available. This feature protects files and directories from accidental deletes by retaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object, i.e. file or directory, to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted. All soft deleted files and directories are billed at the same rate as active ones until the retention period has expired.

Azure Stack

Azure Stack HCI

Windows Server guest licensing offer for Azure Stack HCI (preview)

To facilitate guest licensing for Azure Stack HCI customers, we are pleased to announce a new offer that brings simplicity and more flexibility for licensing. The new Windows Server subscription for Azure Stack HCI is available in public preview as of December 14, 2021. This offer will allow you to purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime and preview pricing is $0 until general availability (GA). At GA, the offer will be charged at $23.60 per physical core per month. This offer simplifies billing through an all-in-one place Azure subscription and in some cases will be less expensive for customers than the traditional licensing model.

Azure IaaS and Azure Stack: announcements and updates (December 2021 – Weeks: 47 and 48)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

West Central US: Microsoft expands cloud services with two new datacenters in Wyoming

Microsoft is announcing the launch of two new Microsoft datacenters in Cheyenne – Wyoming, one in Cheyenne Business Parkway and another in Bison Business Park, enabling to expand and support the growth and demand for digital services in West Central US datacenter region. Cheyenne has been home to Microsoft’s cloud infrastructure services since 2012 and this expansion will enable us to continue providing services to current and new customers.

New Azure Virtual Machines DCasv5 and ECasv5-series (preview)

Azure DCasv5/ECasv5 confidential virtual machines (VMs) powered by 3rd Gen AMD EPYC™ processors with SEV-SNP are available in preview.

SQL Server IaaS Agent extension for Linux SQL VMs

Microsoft is making the capabilities of SQL Server IaaS Agent extension available to Linux platforms, starting with Ubuntu with plans for other distributions in time.

If you are already running SQL Server on Azure using an Ubuntu Linux Virtual Machine, the SQL Server IaaS Agent extension now enables you to leverage integration with the Azure portal and unlocks the following benefits for SQL Server on Linux Azure VMs:

  • Compliance: The extension offers a simplified method to fulfill the requirement of notifying Microsoft that the Azure Hybrid Benefit has been enabled as is specified in the product terms. This process negates needing to manage licensing registration forms for each resource.
  • Simplified license management: The extension simplifies SQL Server license management, and allows you to quickly identify SQL Server VMs with the Azure Hybrid Benefit enabled using the Azure portal, Azure PowerShell, or the Azure CLI.

IaaS Agent extension full mode no restart for SQL VMs

You can now enable the full mode of SQL Server IaaS Agent extension with no restart, giving you access to more manageability features for SQL Server on Azure Virtual Machines without interruption to your workloads. Previously, you had to restart the SQL Server services to enable these features. The full mode of SQL Server IaaS Agent extension unlocks many benefits such as Automated Backup, Automated Patching, Storage Optimization, and more, along with license management that comes with lightweight mode.

Storage

Azure File Sync: new agent released

The Azure File Sync agent v14.1 is available. Issue that is fixed in the v14.1 release:

  • Tiered files deleted on Windows Server 2022 are not detected by cloud tiering filter driver. This issue can also impact Windows 2016 and Windows Server 2019 if a tiered file is deleted using the FILE_DISPOSITION_INFORMATION_EX class.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 14.1.0.0.
  • Installation instructions are documented in KB5001873.

Azure NetApp Files application volume group for SAP HANA (preview)

Application volume group (AVG) for SAP HANA enables you to deploy all volumes required to install and operate an SAP HANA database according to best practices in a single one-step and optimized workflow. The application volume group feature includes the use of proximity placement group (PPG) with VMs to achieve automated, low-latency deployments. Application volume group for SAP HANA has implemented many technical improvements that simplify and standardize the entire process to help you streamline volume deployments for SAP HANA. Instead of creating the SAP HANA volumes (data, log, shared, log-backup, file-backup) individually, the new application volume group for SAP HANA creates these volumes in a single ‘atomic’ operation (GUI, RP, API).

Networking

VPN Gateway NAT

Azure VPN NAT (Network Address Translation) supports overlapping address spaces between your on-premises branch networks and your Azure Virtual Networks. NAT can also enable business-to-business connectivity where address spaces are managed by different organizations and re-numbering networks is not possible. VPN NAT provides support for 1:1 Static NAT and 1-to-many dynamic NAT.

Wildcard listener on Application Gateways

Azure Application Gateway now supports the use of wildcard characters such as asterisk (*) and question mark (?) for hostnames on a multi-site HTTP(S) listener. You can now route requests from multiple host-names such as shop.contoso.com, accounts.contoso.com, pay.contoso.com to the same backend pool through a single listener configured with a wildcard hostname such as *.contoso.com.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machines selector now generally available

Microsoft want to simplify the process required for you to identify the right VM based on your needs and budget. To that end, virtual machines selector is a web-based tool localized in 26 languages and available worldwide. Using the virtual machines selector you can specify your requirements, such as the category of workload you plan to run in Azure, and the technical specifications of your VM (e.g., OS disks storage options, data disks storage performance, Operating System, deployment region, etc.). After a few simple steps, the tool identifies the best VM and disk storage combination based on the information you enter. You will then be able to view the details of the recommended VMs and their prices. You can then add the selected VMs to the pricing calculator to perform a more comprehensive cost analysis.

New cloud region in Sweden

The new sustainable datacenter region in Sweden, with presence in Gävle, Sandviken and Staffanstorp is available. It includes Azure Availability Zones, which offer you additional resiliency for your applications by designing the region with unique physical datacenter locations with independent power, network, and cooling for additional tolerance to datacenter failures.

Azure VMware Solution now generally available in the France Central Azure Region and in Japan West Azure Region

Azure VMware Solution has expanded availability to Japan West and to France Central. With this release Japan West is now the second region within the Japan sovereign area to become available (joining Japan East).

SQL Server on Azure Virtual Machines: Multi subnet high availability

You can now simplify your SQL Server on Azure Virtual Machines high availability and disaster recovery configuration by deploying virtual machines in multiple subnets, eliminating the need for an Azure Load Balancer. Multi subnet configuration natively helps you match on-premises experience for connecting to your availability group listener or SQL Server failover cluster instance. Additionally, this feature doesn’t have any limitations on unique port or feature interoperability considerations like distributed network name (DNN) for availability group and failover cluster instance. Multi subnet configuration is natively supported by all versions of SQL Server and Windows Server Failover Cluster to simplify deployment, maintenance and improve failover time.

Azure Virtual Machines DCv3-series now available in Europe West and North (preview)

Announcing public preview expansion of the DCv3-series VMs to Europe West and North.

Storage

SFTP support for Azure Blob Storage (preview)

Starting today, SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is available for public preview in select regions. Azure Blob Storage is the only storage platform that supports SFTP over object storage natively in a serverless fashion, enabling you to leverage object storage economics and features. With multi-protocol support, you can run your applications on a single storage platform with no application rewrites necessary, therefore eliminating data silos.

NFSv4.1 support on Azure Files

Azure Files support for NFS v4.1 on premium tier for both locally-redundant storage and zone-redundant storage is available. Now you can deploy these fully POSIX compliant, distributed NFS file shares in your production environments for a wide variety of Linux and container based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and devops pipelines. NFS 4.1 is available in all regions where the premium tier of Azure Files exists.

Azure Archive rehydration priority update

Azure Archive Storage provides a secure, low-cost means for retaining cold data, including backups and archival storage. Data stored in Archive Storage is offline and unavailable for read access until it is rehydrated to the hot or cool tier. You can choose to rehydrate data with standard or high priority, depending on the urgency of the retrieval request. Previously, it was not possible to change the retrieval priority after initiating a rehydration operation; priority had to be determined in advance, and there was no flexibility to update the priority if the retrieval urgency subsequently changed.

Archive Storage now supports updating the retrieval priority from standard to high while a rehydration operation is pending. You can simplify rehydration management and improve cost efficiency by initiating the rehydration operation with standard priority for a set of blobs, then updating the priority to high for any blobs that require faster retrieval.

Networking

VPN Gateways: increased connection limit

The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High Performance SKU.

Azure Bastion: new features available with Standard SKU (preview)

With the new Azure Bastion native client support you can:

  • Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local Windows machine
  • Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials

Also, with the new Azure Bastion IP based connection capability you can now connect to any target resource reachable from your Bastion using its private IP address. This includes any reachable resources hosted on-premises or in other clouds, allowing you to achieve more secure global remote connectivity with Azure Bastion.

ExpressRoute now supports Azure Virtual Desktop Shortpath RDP over Private Peering

ExpressRoute Private Peering now supports Azure Virtual Desktop RDP Shortpath. After establishing the reverse connect transport, the client and session host starts the RDP connection. With RDP Shortpath configured, the client will require a direct connectivity with the session host to establish a secure TLS connection. You can leverage ExpressRoute Private peering to setup the direct connection to support RDP Shortpath.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (November 2021) conference.

Azure

Compute

Zerto Disaster Recovery for Azure VMware Solution

Zerto Disaster Recovery is now available and supported with Azure VMware Solution, delivering data protection and disaster recovery services that eliminate data loss and downtime for vSphere virtual machines running on Azure VMware Solution environment.

Zerto Disaster Recovery for Azure VMware Solution supports the following 3 scenarios:

  • On-premises VMware to Azure VMware Solution for Hybrid disaster recovery
  • Azure VMware Solution to Azure VMware Solution for cloud-based disaster recovery
  • Azure VMware Solution to Azure IaaS for cloud-based disaster recovery

Azure Spot Virtual Machines: Try to restore functionality

You can now opt-in and use this feature while deploying Spot VMs using Virtual Machine Scale Sets. This new feature will automatically try to restore an evicted Spot VM to maintain the desired target compute capacity (e.g., number of VMs) in a scale set.

Storage

Azure File Sync agent v14

Improvements and issues that are fixed in the v14 release:

  • Improved server endpoint deprovisioning guidance in the portal. When removing a server endpoint via the portal, we now provide step by step guidance based on the reason behind deleting the server endpoint, so that you can avoid data loss and ensure your data is where it needs to be (server or Azure file share).
  • Invoke-AzStorageSyncChangeDetection cmdlet improvements. Microsoft has improved the Invoke-AzStorageSyncChangeDetection cmdlet and the 10,000 item limit no longer applies when scanning the entire share.
  • Azure File Sync is now supported in West US 3 region.
  • Reduced transactions when a file consistently fails to upload due to a per-item sync error.
  • Reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 14.0.0.0.
  • Installation instructions are documented in KB5001872.

Ephemeral OS disks for Azure VMs support additional VM sizes

You now can choose where to store Ephemeral OS disks, either in VM temp disk or on VM cache. This feature enables Ephemeral OS disks to be created for all the VMs, which don’t have cache or have an insufficient cache (such as Dav3, Dav4, Eav4, and Eav3) but has sufficient temp disk to host the Ephemeral OS disk.

Networking

New Azure Firewall Premium capabilities

Several new Azure Firewall Premium capabilities are available:

  • Azure Firewall Premium availability in more regions. Azure Firewall Premium is now available in both Microsoft Government Cloud and Azure China 21Vianet. This expansion makes Azure Firewall Premium now available in 44 Azure regions.
  • Terraform support for Firewall Policy Premium. Azure Firewall Premium supports a range of DevOps tools including Azure CLI, PowerShell, REST API. Customers can now use Terraform, a popular open-source tool used by DevOps for implementing infrastructure as code, to manage their Azure Firewall Premium.
  • Web categories Category Check (in preview). Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Often customers want to check what categories does a specific URL fall under. Customers can now use the convenience of Azure Portal to determine URL web categories and share feedback if the category is not accurate.
  • Migrate to Premium SKU using Stop/Start approach. If you use Azure Firewall Standard SKU with Firewall Policy, you can use the Allocate/Deallocate method to upgrade your Firewall SKU to Premium. This migration approach is supported on both VNET Hub and Secure Hub Firewalls. Secure Hub deployments will be upgraded while preserving the public IP of the firewall.

Extended regional availability for Private Link NSG Support and for Private Link UDR Support

Private Endpoint support for Network Security Groups (NSGs) and Private Endpoint support for User Defined Routes (UDRs) are now in public preview.

  • Private Endpoint support for Network Security Groups (NSGs) enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint.
  • Private Endpoint support for User Defined Routes (UDRs) enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range.

At this time, this features are available in the following regions: UsEast2Euap, UsCentralEuap, WestCentralUS, WestUS, WestUS2, EastUS, EastUS2, Asiaeast, Australiaeast, Japaneast, Canadacentral, Europenorth, Koreacentral, Brazilsouth, Uksouth, US South, US North, and France Central.

ExpressRoute IPv6 Support for Private Peering

IPv6 support for ExpressRoute Private Peering is now generally available with ExpressRoute circuits and Azure environments globally. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New centralized management experience for Azure Hybrid Benefit for SQL Server (preview)

Azure Hybrid Benefit for SQL Server helps reduce costs by allowing existing on-premises licenses with active Software Assurance to be assigned to Azure. Now there’s an easier way to manage the benefit, optimize cost savings, and sustain compliance for the entire organization. Instead of assigning the benefit to each individual Azure resource (e.g. virtual machine), billing admins can now assign and manage SQL Server licenses at an Azure subscription or entire Azure account level.

Cross region replication for Azure NetApp Files

With this disaster recovery capability, you can replicate your Azure NetApp Files volumes between select Azure standard and non-standard region pairs continuously in a fast and cost-effective way, protecting your data from unforeseeable regional failures. Azure NetApp Files cross region replication leverages NetApp SnapMirror technology so only changed blocks are sent over the network in a compressed, efficient format. This technology reduces the amount of data required to replicate across the regions with up to 50% or more, therefore saving Azure NetApp Files customers data transfer cost. It also shortens the replication time so you can achieve a smaller Restore Point Objective.

Networking

Azure Firewall Premium now generally available in five new Azure regions

Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments, and it is now generally available in the following new Azure Cloud regions: USGov Texas, USGov Arizona, USGov Virginia, China North 2 and China East 2.

Azure Stack

Azure Stack HCI

New feature update

Feature updates for Azure Stack HCI are released periodically to enhance the customer experience. This month’s feature update for Clusters running Azure Stack HCI, version 21H2 are:

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

What’s new in Azure VMware Solution

  • Azure VMware Landing Zone is now publically available. It is Microsoft’s prescriptive, opinionated and best-practices backed guidance for deploying and managing workloads running on Azure VMware solution.
  • It’s soon possible to use Azure NetApp Filesas NFS datastore for Azure VMware Solution. It’s a great option for using the same NetApp VSAN datastores as used in on-premise environments in Azure now.
  • It is possible now to do HCX migration over VPN and SD-SWAN. Customers can get an additional option besides Azure ExpressRoute for driving migrations.  
  • Azure VMware Solution is now included as part of Azure Workload Acquisition & Nurture incentive Partners can take advantage of multiple benefits available under the program to drive Azure VMware Solution projects.
  • New enhancements, global expansion, partner integration are now available as documented here.

Availability Zones now generally available in new regions

Azure Availability Zones are now generally available in the South Africa North, Norway East and Korea Central region. These new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.

Storage

Azure NetApp Files waitlist removal

Azure NetApp Files, one of the fastest growing bare-metal Azure services is now available to Azure customers directly from the Azure portal, CLI, API or with SDK, without having to go through waitlist approval process.

Standard network features for Azure NetApp Files (preview)

Standard network features for Azure NetApp Files volumes is now in public preview in select regions. This includes support for increased IP limits, Network Security Groups, User-defined routes, and additional connectivity patterns like connectivity over Active/Active VPN gateway and ExpressRoute FastPath.

Azure NetApp Files Backup capability (preview)

Azure NetApp Files backup expands the data protection capabilities of Azure NetApp Files by providing fully managed backup solution for long-term recovery, archive, and compliance.
Azure NetApp Files online snapshots are now enhanced with backup of snapshots. With this new backup capability, you can offload your Azure NetApp Files snapshots to Azure blob storage in a fast and cost-effective way, further protecting your data from accidental deletion.

Enable hierarchical namespace for existing Azure Storage accounts

Accelerating value through data analytics by enabling the Azure Data Lake Storage (ADLS) hierarchical namespace for existing Azure Storage accounts is now generally available. The benefits of the ADLS hierarchical namespace in providing enhanced performance and features that are dedicated to maximizing the value of data analytics is well established. You can now get this benefit for existing accounts and data by enabling the hierarchical namespace in place.

Object replication for Premium Block Blob Storage (preview)

Object replication allows you to replicate your premium block blob data at the blob level from one storage account to another anywhere in the Azure.
Object replication unblocks a new set of common replication scenarios for premium block blobs:

  • Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.