This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.
Azure
Storage
Azure File Sync agent v15.1
Improvements and issues that are fixed:
- Low disk space mode to prevent running out of disk space when using cloud tiering. Low disk space mode is designed to handle volumes with low free space more effectively. On a server endpoint with cloud tiering enabled, if the free space on the volume reaches below a threshold, Azure File Sync considers the volume to be in Low disk space mode. In this mode, files are tiered to the Azure file share more proactively and tiered files accessed by the user will not be persisted to the disk. To learn more, see the low disk space mode section in the Cloud tiering overview documentation.
- Fixed a cloud tiering issue that caused high CPU usage after v15.0 agent is installed.
- Miscellaneous reliability and telemetry improvements.
To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.
More information about this release:
- This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
- The agent version for this release is 15.1.0.0.
- Installation instructions are documented in KB5003883.
Standard network features for Azure NetApp Files
Standard network features for Azure NetApp Files volumes are available. Standard network features provide you with an enhanced, and consistent virtual networking experience along with security posture for Azure NetApp Files.
You are now able to choose between standard or basic network features while creating a new Azure NetApp Files volume:
- Basic provide the current functionality, limited scale, and features.
- Standard provides the following new features for Azure NetApp Files volumes or delegated subnets:
– Increased IP limits for Vnets with Azure NetApp Files volumes. This is at par with VMs to enable you to provision Azure NetApp File volumes in your existing topologies or architectures. This eliminates the need to rearchitect network topologies to use Azure NetApp Files for workloads like VDI, AVD, or AKS.
– Enhanced network security with support for network security groups (NSG) on the Azure NetApp Files delegated subnet.
– Enhanced network control with support for user-defined routes (UDR) to and from Azure NetApp Files delegated subnets. You can now direct traffic to and from Azure NetApp Files via your choice of network virtual appliances for traffic inspection.
– Connectivity over active or active VPN gateway setup for highly available connectivity to Azure NetApp Files from on-premises network.
– ExpressRoute FastPath connectivity to Azure NetApp Files. FastPath improves the data path performance between on-premises network and Azure Virtual Network.
Immutable storage for Azure Data Lake Storage
Immutable storage for Azure Data Lake Storage is now generally available. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed.
Improved Append Capability on Immutable Storage for Blob Storage
Immutable storage for Blob Storage on containers (which has been generally available since September 2018) now includes a new append capability. This capability, titled “Allow Protected Appends for Block and Append Blobs”, allows you to set up immutable policies for block and append blobs to keep already written data in a WORM state and continue to add new data. This capability is available for both legal holds and time-based retention policies.
Encrypt managed disks with cross-tenant customer-managed keys
Many service providers building Software as a Service (SaaS) offerings on Azure want to give their customers the option of managing their own encryption keys. Customers of service providers can now use cross-tenant customer-managed keys to manage encryption keys in their own Azure AD tenant and subscription using Azure Key Vault. As a result, they will have complete control of their customer-managed keys and their data.
Azure Dedicated Host support for Ultra Disk Storage
Virtual machines (VMs) running on Azure Dedicated Host support the use of standard and premium disks as data disks, and now there is also the support for ultra disks on dedicated host.
Azure unmanaged disks will be retired on 30 September 2025
Azure Managed Disks now have full capabilities of unmanaged disks and other advancements. Microsoft will begin deprecating unmanaged disks on September 30, 2022, and this functionality will be completely retired on September 30, 2025.
Encryption scopes on hierarchical namespace enabled storage accounts (preview)
Encryption scopes introduce the option to provision multiple encryption keys in a storage account with hierarchical namespace. Using encryption scopes, you now can provision multiple encryption keys and choose to apply the encryption scope either at the container level (as the default scope for blobs in that container) or at the blob level. The preview is available for REST, HDFS, NFSv3, and SFTP protocols in an Azure Blob / Data Lake Gen2 storage account. The key that protects an encryption scope may be either a Microsoft-managed key or a customer-managed key in Azure Key Vault. You can choose to enable automatic rotation of a customer-managed key that protects an encryption scope. When you generate a new version of the key in your Key Vault, Azure Storage will automatically update the version of the key that is protecting the encryption scope, within a day.
Customer initiated storage account conversion (preview)
The self-service option to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS) is available. This allows you to initiate the conversion of storage accounts via the Azure portal without the necessity of creating a support ticket.
Networking
Resizing of peered virtual networks
Updating the address space for peered virtual networks now is now generally available. This feature allows you to update the address space or resize for a peered virtual network without removing the peering.
Improvements to Azure Web Application Firewall (WAF) custom rules
- There are two improvements for WAF custom rules:
Azure regional Web Application Firewall (WAF) with Application Gateway now supports creating custom rules using the operators “Any” and “GreaterThanOrEqual”. Custom rules allow you to create your own rules to customize how each request is evaluatedas it passes through the WAF engine.
- Azure global Web Application Firewall (WAF) with Azure Front Door now supports custom geo-match filtering rules using socket addresses. Filtering by socket address allows you to restrict access to your web application by country/region using the source IP that the WAF sees.