Category Archives: Azure Stack

The new Microsoft solution for hyper-converged scenarios

Very frequently to the strong tendency to move workloads to the public cloud for cost benefits, efficiency and innovation, alongside the need to maintain specific on-premises application environments. The reasons can be different and range from compliance reasons, specific needs in terms of latency or for certain business reasons. Microsoft, aware of these needs, recently announced the release of a new version of Azure Stack HCI, the solution that allows you to build a hyper-converged infrastructure (HCI) to run virtual machines in an on-premises environment and that involves an easy and strategic connection to Azure services. This article lists the main features that will be introduced in the new version of Azure Stack HCI.

What is Azure Stack HCI?

This is a hyper-converged infrastructure (HCI), where different hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. In this way there is a transition from a traditional "three tier" infrastructure, composed of network switches, appliance, physical systems with onboard hypervisors, storage fabric and SAN, toward hyper-converged infrastructure (HCI).

Figure 1 – "Three Tier" Infrastructure vs Hyper-Converged Infrastructure (HCI)

Azure Stack HCI belongs to the Azure Stack family, which includes a comprehensive and flexible range of solutions to meet the different needs for implementing infrastructure. The Azure Stack portfolio ranges from Azure Stack Hub, which is an Azure extension that can bring the agility and innovation of cloud computing to the on-premises environment, to Azure Stack Edge, a managed Azure appliance that can bring computational power, cloud storage and intelligence in a remote edge of the customer. For more information about the Azure Stack portfolio, see this article.

Figure 2 – Azure Stack portfolio

The new Azure Stack HCI solution, deployed as an Azure hybrid service is named Azure Stack HCI version 20H2 and includes important news.

Figure 3 - Overview of Azure Stack HCI version 20H2 components

Full stack for a Hyper-Converged infrastructure

The operating system of the new Azure Stack HCI solution is based on the core components of Windows Server and has been specially designed and optimized to provide a powerful Hyper-converged platform. The new version of Azure Stack HCI adopts well-established Windows Server technologies such as Hyper-V, software-defined networking and Storages Spaces Direct, and adds new specific features. Following, the innovation areas of this solution are reported.

Dedicated and solution-specific operating system

The operating system of the new solution Azure Stack HCI it is a specific operating system with a simplified composition and newer components than Windows Server 2019.

This operating system does not include roles that are not required for the solution, such as the print server, DNS role, DHCP server, Active Directory Domain Services, services relating to certificates and federated services.

Furthermore, there is the most recent hypervisor also used in the Azure environment, with software-defined networking and storage technologies optimized for virtualization.

The local user interface is minimal and is designed to be managed remotely.

Figure 4 - Azure Stack HCI OS interface

Disaster Recovery Features and virtual machine failover inherent in the solution

In the new version of Azure Stack HCI is included the ability to create stretched clusters to extend a cluster of Azure Stack HCI in two different locations (rooms, buildings or even two cities). This feature provides a replica of storage (synchronous or asynchronous) and contemplates encryption, on-premises site resiliency and automatic failover of virtual machines.

Figure 5 – Stretched cluster in a hyper-converged Azure Stack HCI architecture

In the build phase of creating a new cluster, you can select whether it is an implementation on a single site or stretched on two different sites.

Figure 6 – Options when creating an Azure Stack HCI cluster

If there is a stretched cluster, when creating a volume, you can configure storage replication between the two sites.

Figure 7 – Volume replication options when there is stretched cluster

Optimized the Storage Spaces resync process

In Azure Stack HCI version 20H2 has been completely re-engineered the Storage Spaces Resync, used for storage space repair, to the point where the length of the process is significantly reduced (up to 4-5 times). This improvement makes it possible to speed up the restart of the various systems after the updates are applied.

Figure 8 - Comparison of the times for the monthly application of operating system patches

Updates of the entire stack covered by the solution (full-stack updates)

To reduce the complexity and operational costs of the solution update process, in the new version of Azure Stack HCI a process is contemplated that involves full-stack updating (Firmware / driver along with the operating system) for certain selected partners.

Figure 9 – Solution updates of a Dell EMC-branded Azure Stack HCI solution

Azure Hybrid Service

This new version of Azure Stack HCI is provided as an Azure service, applying a subscription-based licensing model and offering integrated hybrid capabilities.

To expand the capabilities of your solution, you can use Azure solutions to monitor, activate disaster recovery scenarios, manage backup protection, as well as a centralized view of the various implementations of Azure Stack HCI direct from the Azure Portal. Following, details about this Azure hybrid service are reported.

Native integration in Azure

The new Azure Stack HCI natively integrates with Azure services and Azure Resource Manager (ARM). No agent is required for this integration, but Azure Arc is integrated directly into the operating system. This allows you to view, direct from the Azure Portal, the cluster Azure Stack HCI on-premises exactly like an Azure resource.

Figure 10 – Azure Stack HCI integration scheme in Azure

By integrating with Azure Resource Manager, you can take advantage of the following benefits of Azure-based management:

Adopting Standard Azure Resource Manager-Based Constructs (ARM)
Classification of Clusters with Tags
Organizing Clusters in Resource Groups
Viewing all clusters Azure Stack HCI in one centralized view
Managing access using Azure Identity Access Management (IAM)

Billing based on a subscription model

Despite being running on-premises, Azure Stack HCI provides invoicing based on Azure subscription, just like any other Azure cloud service. The model is simple and has a cost of 10$ / core / Month, which depends on the cores of the physical processor. In the new pricing model there is no minimum or maximum on the number of licensed cores, much less in the activation duration.

Figure 11 – New licensing model applied for Azure Stack HCI

Dedicated Azure Support Team

Azure Stack HCI becomes an Azure solution, therefore it will be covered by Azure support with the following features:

You can easily request technical support directly from the Azure portal.
Support will be provided by a new team of experts dedicated to supporting the new solution Azure Stack HCI.
You can choose from different support plans, depending on your needs.

For more information, you can access this page.

Familiarity in management and operation

The Azure Stack HCI solution can be activated on different hardware models of your choice and does not require specific software tools to be administered.

Choosing and customizing your hardware

There are several hardware vendors that offer suitable solutions to run Azure Stack HCI and can be consulted by accessing this link. The choice is wide and falls on more than 200 solutions of more than 20 different partners. Azure Stack HCI requires hardware that is specifically tested and validated by various vendors.

The solutions Azure Stack HCI included in the catalog are composed of:

A server system
An host bus adapter
A family of network adapters

Furthermore, you can customize your hardware solution to suit your needs, going to configure the processor, memory, storage and features of network adapters, always respecting the supplier's compatibility matrices.

Figure 12 – Hardware composition for Azure Stack HCI solutions

Management and integration tools

The administrative management of Azure Stack HCI does not require specific software, but you can use existing management tools such as Admin Center, PowerShell, System Center Virtual Machine Manager and even third-party tools.

Using the Windows Admin Center, you can install and configure new architectures Azure Stack HCI and activate virtual systems. Furthermore, With native Windows Admin Center integration with Azure, you can extend functionality with different Azure services, including:

Azure Site Recovery to implement disaster recovery scenarios.
Azure Monitor to monitor, in a centralized way, what happens at the application level, on the network and in its hyper-converged infrastructure, with advanced analysis using artificial intelligence.
Azure Backup for offsite protection of your infrastructure.
Azure Security Center for monitoring and detecting security threats in virtual machines
Azure Update Management to make an assessment of the missing updates and proceed with its distribution, for both Windows and Linux systems, regardless of their location, Azure or on-premises.
Cloud Witness to use Azure storage account as cluster quorum.

Conclusions

The innovations introduced in Microsoft's new hyper-converged solution are very interesting and concern various areas. Azure Stack HCI integrates seamlessly with the existing on-premises environment and offers an important added value: the ability to connect Azure Stack HCI with Azure services to achieve a hybrid hyper-converged solution. This aspect in particular strongly differentiates it from other competitors who offer solutions in this area. Thanks to the changes introduced by this new version it is possible to obtain a complete and more integrated and performing proposition for hyper-converged scenarios.

Azure Hybrid Cloud: overview of the new Azure Stack portfolio

In a corporate reality the adoption of solutions totally based in the cloud is not always be a viable choice or the absolute best, hybrid solutions often have to be adopted, which in any case include the possibility of using the innovations introduced by the cloud. Microsoft, aware of that, has recently announced several innovations in the proposition of its solutions in Hybryd Cloud extending its portfolio to make it more complete and more adaptable to the needs of customers. This article describes how the range of Microsoft solutions in Azure Stack has been expanded and changed.

Currently, the solutions included in the Azure Stack portfolio are as follows::

Azure Stack Hub (previously called only "Azure Stack")
Azure Stack Edge (previously called "Azure Data Box Edge")
Azure Stack HCI

Figure 1 – Azure Stack product family

Azure Stack Hub

Azure Stack Hub and, prior to this product portfolio review, was known by the name Azure Stack continues to be the offering for enterprise customers and for the public sector customers, needing a cloud environment but disconnected from the Internet, or need to meet specific regulatory and compliance requirements. Azure Stack Hub It allows you to deliver the Azure services in the location you want. The solution continues to evolve to cover an increasingly broad range of services, including:

Kubernetes with Azure Kubernetes Service integration (AKS) to automate the creation, upgrading and scaling cluster environments.
Support for N-Series virtual machines that include GPU support.
Event Hubs (expected the preview this year)
Azure Stream Analytics (expected the preview this year)
Windows Virtual Desktop (WVD) (expected the preview this year)
Azure Data Services with Azure Arc (expected the preview this year)

Azure Stack Edge

Azure Stack Edge, previously known as Azure Databox Edge, is an Azure managed appliance that can bring computational power, cloud storage and intelligence in a remote edge of the customer. The customer can place the order and the provisioning of Azure Stack Edge direct from the Azure Portal, and then use the classic Azure management tools to monitor and perform updates. No upfront costs are required to obtain this appliance, but it will be covered monthly in the billing of Azure services. The big news about Azure Stack Edge is that new features will be supported, among the main ones we find:

Execution of virtual machines
Cluster Kubernetes
NVIDIA GPU support
High availability support

Azure Stack Edge will also be available in a "rugged" version, to withstand extreme environmental conditions, and in a battery-powered version, to be easily transported.

Azure Stack HCI

With the arrival of Windows Server 2019, Microsoft introduced the solution Azure Stack HCI, which allows the execution of virtual machines and a wide access to different services offered by Azure. This is a hyper-converged infrastructure (HCI), where different hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. This is the evolution of the Windows Server Software-Defined solution (WSSD) available in the past with Windows Server 2016. Azure Stack HCI with Windows Server 2019, allows the use of Hyper-V, a solid and reliable hypervisor, along with Software Defined Storage and Software-Defined Networking solutions. To this is added Windows Admin Center, that allows you to fully manage and with a graphical interface the hyper-converged environment.

Azure Stack HCI shares the same software-defined technologies also used by Azure Stack Hub and requires the adoption of hardware tested and validated specifically for the solution. In order to obtain certification, the hardware is subjected to rigorous validation tests, that guarantee the reliability and stability of the solution. To see the different Azure Stack HCI solutions of the various hardware vendors, you can access this page. Azure Stack HCI can be used for smaller environments with a minimum of two nodes and can scale up to a maximum of 16 nodes. This makes it a suitable solution for different usage scenarios.

Conclusions

To better meet the needs of different clients in this area, Microsoft has revisited its product portfolio. The Azure Stack portfolio combined with Azure Arc, provides an environment where Azure services and management are reflected on validated and integrated infrastructure models, all in a complementary way.

Azure IaaS and Azure Stack: announcements and updates (September 2019 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Microsoft Azure available from new cloud regions in Switzerland

Microsoft announced the availability of new Azure Regions in Switzerland. With the Azure Region Switzerland West and Switzerland North, Microsoft addresses the need of customers to have cloud regions and datacenters available in Switzerland. Remember that not all services are available in all Azure regions. You can find more information about the products and services available in the Swiss Azure regions on the Azure website.

31 new Azure edge sites

Microsoft announced the addition of 31 new edge sites, bringing the total to over 150 across more than 50 countries. Microsoft is also adding 14 new meet-me sites to Azure ExpressRoute to further enable and expand access to dedicated private connections between customers’ on-premises environments and Azure.

Azure Firewall in China

Azure Firewall is also available in China.

Azure DevTest Labs now integrates with Azure Bastion

Azure DevTest Labs now integrates with Azure Bastion, enabling you to connect to your virtual machines through a web browser. Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. As a lab owner, it’s possible to enable your lab virtual machines to have browser-based access provided they’re created in a virtual network that has Azure Bastion configured on it.

Azure Stack

Azure App Service on Azure Stack Update 7 (1.7)

This release updates the resource provider and brings the following key capabilities and fixes:

Updates to **App Service Tenant, Admin, Functions portals and Kudu tools**. Consistent with Azure Stack Portal SDK version.
Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
Access Restrictions now enabled in User Portal

All other fixes and updates are detailed in the App Service on Azure Stack Update Seven Release Notes.

Diagnostic log collection is generally available for Azure Stack

The Azure Stack diagnostic log collection service provides a simplified way for Azure Stack operators to collect and share diagnostic logs with Microsoft Customer Support Services (CSS). A new user experience in the Azure Stack administrator portal is available for operators to set up the automatic upload of diagnostic logs to a storage blob when certain critical alerts are raised, or to perform the same operation on demand.

Azure IaaS and Azure Stack: announcements and updates (January 2019 – Weeks: 03 and 04)

Azure

Azure Guest OS Family 6 (Windows Server 2019)

Azure Guest OS Family 6, based on Windows Server 2019, is now generally available. Windows Server 2019 is the operating system that bridges on-premises environments with Azure, adding layers of security while helping you modernize your applications and infrastructure.

Azure Availability Zones in East US 2

Azure Availability Zones, a high-availability solution for mission-critical applications, is generally available in East US 2.

Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, Microsoft offers a service-level agreement (SLA) of 99.99% for uptime of virtual machines.

Update rollup for Azure File Sync Agent: January 2019

An update rollup for the Azure File Sync agent was released and addresses the following issues:

Files are not tiered after upgrading the Azure File Sync agent to version 4.x.
AfsUpdater.exe is now supported on Windows Server 2019.
Miscellaneous reliability improvements for sync.

More information about this update rollup:

This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
The agent version of this update rollup is 4.3.0.0.
A restart may be required if files are in use during the update rollup installation.
Installation instructions are documented in KB4481059.

Azure Migrate is available in Asia and Europe

Azure Migrate now supports Asia and Europe as migration project locations. This means that you can now store your discovered metadata in Asia (Southeast Asia) and Europe (North Europe/West Europe) regions.

In addition to Asia and Europe, Azure Migrate also supports storing the metadata in United States and Azure Government geographies. Support for other Azure geographies is planned for the future.

Note that the project geography does not restrict you from planning your migration for a different target location. Azure Migrate supports more than 30 regions as assessment target locations. The project geography is only used to store the discovered VM metadata.

M-series virtual machines (VMs) are available in Australia Central region

Azure M-series VMs are available in the Australia Central region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure IaaS and Azure Stack: announcements and updates (December 2018 – Weeks: 50 and 51)

Azure

Update rollup for Azure File Sync Agent: December 2018

An update rollup for the Azure File Sync agent was released this month which addresses the following issues:

A Stop error 0x3B or Stop error 0x1E may occur when a VSS snapshot is created.
A memory leak may occur when cloud tiering is enabled

More information about this update rollup:

This update is available for Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 installations that have Azure File Sync agent version 3.1.0.0 or a later version installed.
The agent version of this update rollup is 4.2.0.0.
A restart may be required if files are in use during the update rollup installation.
Installation instructions are documented in KB4459990.

Automate Always On availability group deployments with SQL Virtual Machine resource provider

A new automated way to configure high availability solutions for SQL Server on Azure Virtual Machines (VMs) is now available using SQL VM resource provider.

Virtual Network Service Endpoints for serverless messaging and big data

Azure Event Hubs, a highly reliable and easily scalable data streaming service, and Azure Service Bus, which provides enterprise messaging, are the new set of serverless offerings joining the growing list of Azure services that have enabled Virtual Network Service Endpoints.

Azure Stack

Azure Stack 1811 update

The 1811 update package includes fixes, improvements, and new features for Azure Stack. This update package is only for Azure Stack integrated systems. Do not apply this update package to the Azure Stack Development Kit.

Azure IaaS and Azure Stack: announcements and updates (December 2018 – Weeks: 48 and 49)

Azure

Azure Dedicated Hardware Security Module (HSM)

The Microsoft Azure Dedicated Hardware Security Module (HSM) service provides cryptographic key storage in Azure and meets the most stringent customer security and compliance requirements. This service is the ideal solution for customers requiring FIPS 140-2 Level 3 validated devices with complete and exclusive control of the HSM appliance. Azure Dedicated HSM addresses a unique set of customer needs for secure key storage scenarios in Azure.

The Dedicated HSM service is available in eight Azure regions, namely East US, West US, South Central US, East US 2, Southeast Asia, East Asia, West Europe, and North Europe

Improving Azure Virtual Machine resiliency with predictive ML and live migration

Since early 2018, Azure has been using live migration in response to a variety of failure scenarios such as hardware faults, as well as regular fleet operations like rack maintenance and software/BIOS updates. The use of live migration to handle failures gracefully allowed us to reduce the impact of failures on availability by 50 percent. Using the deep fleet telemetry, Microsoft enabled machine learning (ML)-based failure predictions and tied them to automatic live migration for several hardware failure cases, including disk failures, IO latency, and CPU frequency anomalies. Azure team partnered with Microsoft Research (MSR) on building the ML models that predict failures with a high degree of accuracy before they occur. As a result, Microsoft is able to live migrate workloads off “at-risk” machines before they ever show any signs of failing. This means VMs running on Azure can be more reliable than the underlying hardware.

Update rollup for Azure File Sync Agent: December 2018

An update rollup for the Azure File Sync agent was released which addresses the following issues:

A Stop error 0x3B or Stop error 0x1E may occur when a VSS snapshot is created.
The server may become unresponsive because of a cloud-tiering memory leak.
Agent installation fails with the following error: Error 1921. Service ‘Storage Sync Agent’ (FileSyncSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.
The Storage Sync Agent (FileSyncSvc) service may crash when memory usage is high.
Miscellaneous reliability improvements for cloud tiering and sync.

More information about this update rollup:

This update is available for Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 installations that have Azure File Sync agent version 3.1.0.0 or a later version installed.
The agent version of this update rollup is 4.1.0.0.
A restart may be required if files are in use during the update rollup installation.

Installation instructions are documented in KB4459988.

Virtual network service endpoints for Azure Database for MariaDB (preview)

Virtual network service endpoints for Azure Database for MariaDB are accessible in preview in all available regions. Virtual network service endpoints allow you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. Traffic to Azure Database for MariaDB from the virtual network service endpoints stays within the Azure network, preferring this direct route over any specific routes that take internet traffic through virtual appliances or on-premises.

Azure IaaS and Azure Stack: announcements and updates (November 2018 – Weeks: 46 and 47)

Azure

Azure Network Watcher enabled by default for subscriptions that contain virtual networks

Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.

Network Watcher is now enabled by default for subscriptions that contain a virtual network. There is no impact to your resources or associated charge for automatically enabling Network Watcher. This will simplify and improve your network troubleshooting experience.

To learn more about Network Watcher features, or for information about how to opt out, see the product documentation. You can also get information about pricing.

Azure Availability Zones in Southeast Asia

Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available in Southeast Asia.

Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, we now offer a service-level agreement (SLA) of 99.99% for uptime of virtual machines.

Availability Zones are generally available in select regions.

Microsoft Azure is now certified to host sensitive health data in France

Microsoft Azure, Microsoft Office 365, and Microsoft Dynamics have been granted a Health Data Hosting (HDS) certification. This makes Microsoft the first major cloud provider capable of meeting the strict standards of storing and processing health data for data centers located in France, and under the new certification process that began in June 2018. This validates the very high level of safety and protection that Microsoft can offer to French healthcare entities, who will be able to rely on the Microsoft cloud to deploy the applications and health services of tomorrow. These applications and health services will also be in compliance with the current regulations on data protection and privacy.

Announced the Azure File Sync v4 release

Improvements and issues that are fixed:

Adds support for Windows Server 2019.
Adds a new date-based cloud tiering policy setting. This policy setting is used to specify files that should be cached if accessed in a specified number of days. To learn more, see Cloud Tiering Overview.
Fixes an issue in which cloud tiering can take up to 24 hours to tier files.
Improvement when adding a new server to an existing sync group. Files are now downloaded based on the recently Created\Modified date from other servers in the sync group.
Improves interop with antivirus and other solutions so that tiered files can now use the FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS attribute.
Fixes an issue in which servers are unable to communicate with the Storage Sync Service when app-specific proxy settings are used.
Fixes an issue in which deleting a server endpoint will no longer cause tiered files to become unusable as long as the cloud endpoint was not deleted and the server endpoint is recreated within 30 days.
Improves unattended agent installations by enabling including an answer file.
Adds support for a volume-level restore option on servers which have cloud tiering disabled.
Improves sync so that it now supports bidirectional control characters.
Adds miscellaneous performance and reliability improvements for sync and cloud tiering.

New H-series Azure VMs for HPC workloads

Two new H-series (HB and HC) Azure Virtual Machines for high-performance computing (HPC) workloads are now available in preview. These are optimized for HPC applications driven by intensive computation, such as implicit finite element analysis, reservoir simulation, and computational chemistry. More information in this blog.

Azure Stack

Azure App Service on Azure Stack 1.4 (Update 4)

Released the fourth update to Azure App Service on Azure Stack. These release notes describe the improvements and fixes in Azure App Service on Azure Stack Update 4 and any known issues.

Extension Host is coming with the next update 1811

Extension Host will be enabled by the next Azure Stack update, 1811. This capability further enhances security and simplifies network integration for Azure Stack.

Azure IaaS and Azure Stack: announcements and updates (November 2018 – Weeks: 44 and 45)

Azure

Azure File Sync is now supported in North Central US and South Central US regions

To get the latest list of supported regions, see https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning#region-availability

M-Series VMs are now available in East Asia regions

Azure M-Series virtual machines (VMs) are now available in the Canada Central, Canada East and East Asia regions. M-Series VMs offer configurations with memory from 192 GB to 3.8TiB (4TB) RAM and are certified for SAP HANA.

Approve and audit support access requests to VMs using Customer Lockbox for Azure

Customer Lockbox for Microsoft Azure helps customers control and audit a Microsoft support engineer’s access to compute workloads on Azure that may contain customer data. Microsoft support doesn’t have standing access to service operations. In some rare scenarios, to resolve a support issue, just-in-time access with limited and time bound authorization can be provided to Microsoft support engineers. Customer Lockbox helps ensure that Microsoft support engineers don’t access customers’ content in the Azure portal without the customer’s explicit approval. It also helps improve the existing support ticket workflow by expediting the customer’s approval process. This capability enables customers to have more granular control, better visibility and enhanced audit over the support process.

Azure IaaS and Azure Stack: announcements and updates (October 2018 – Weeks: 42 and 43)

Azure

Azure AD DS now supports Azure managed disks

Azure Active Directory Domain Services (AD DS) now supports Azure managed disks. Azure managed disks provide a greater degree of availability and resilience to failures. This enables the domain controllers of your managed domain to be more resilient to storage-related outages. All newly created managed domains now use Azure managed disks by default. Existing managed domains will slowly be migrated to use Azure managed disks over the course of calendar year 2018.

Azure DevTest Labs: Configure enforcing auto shutdown schedule for the lab

You can now configure enforcing a shutdown schedule for all the virtual machines in your lab so that you can save costs from wasteful running machines. To learn more about this feature, go to the team blog.

Azure Availability Zones expand with new services and to new regions

Availability Zones expand into additional regions, North Europe and West US 2. In addition to the continued expansion of Availability Zones across Azure regions, Microsoft announces an expanded list of zone-redundant services including Azure SQL Database, Service Bus, Event Hubs, Application Gateway, VPN Gateway, and ExpressRoute.

Azure Stack

Azure Stack 1809 update

This update package includes improvements, fixes, and known issues for Azure Stack.
The following improvements for Azure Stack are included:

Azure Stack syslog client (General Availability). This client allows the forwarding of audits, alerts, and security logs related to the Azure Stack infrastructure to a syslog server or security information and event management (SIEM) software external to Azure Stack. The syslog client now supports specifying the port on which the syslog server is listening.
With this release, the syslog client is generally available, and it can be used in production environments.
You can now move the registration resource on Azure between resource groups without having to re-register. Cloud Solution Providers (CSPs) can also move the registration resource between subscriptions, as long as both the new and old subscriptions are mapped to the same CSP partner ID. This does not impact the existing customer tenant mappings.

Azure IaaS and Azure Stack: announcements and updates (October 2018 – Weeks: 40 and 41)

Azure

Advanced Threat Protection for Azure Storage (public preview)

Advanced Threat Protection for Azure Storage, available in public preview, detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit storage accounts. This feature helps customers detect and respond to potential threats on their storage account as they occur.

Ephemeral OS Disk (limited preview)

Limited preview of Ephemeral OS Disk, a new type of OS disk created directly on the host node, providing local disk performance and faster boot/reset time. Ephemeral OS Disk is supported for all virtual machines (VM) and virtual machine scale sets (VMSS). Ephemeral OS Disk is ideal for stateless workloads that require consistent read/write latency to OS disk, as well as frequent reimage operations to reset the VM(s) to the original state. This includes workloads such as website applications, game server hosting services, VM pools, computation, jobs and more. Ephemeral OS Disk also works well for workloads that are leveraging low-priority VM scale sets.

Azure confidential computing (public preview)

Azure confidential computing protects your data while it’s in use. It is the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use. It is the cornerstone of Microsoft ‘Confidential Cloud’ vision, which aims to make data and code opaque to the cloud provider. DC-series of virtual machines in US East and Europe West are in public preview. While these virtual machines may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), specifically the latest generation of Intel Xeon Processors with Intel SGX technology. You can now build, deploy, and run applications that protect data confidentiality and integrity in the cloud. The DC-series of VMs are the first set of Generation 2 virtual machines. As such, Microsoft has specially configured operating images that are required with these virtual machines (Generation 2 support for Ubuntu Server 16.04 and Windows Server 2016 Datacenter). These images are automatically used when deploying through the portal. Custom images are not yet supported. DC-series VMs will not show up in the size selector for arbitrary marketplace images, as not all images have been updated yet.