Category Archives: Cloud

Azure Management services: what's new in February 2021

The month of February was full of news and there are several updates that have affected the Azure management services. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Availability in new regions

Azure Monitor Log Analytics is available in the following new regions:

UAE Central
Japan West
Australia Central 2 (preview)

To check the availability of the service in all the Azure regions you can consult this document.

The new Azure Monitor agent and the new data collection rules features(preview) extend to new regions and distros

Azure Monitor currently has (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features of this new agent we find:

Support for Azure Arc server(Windows and Linux)
Virtual Machine Scale Set support (VMSS)
Installation via ARM template

As far as the Data Collection is concerned, it introduces these innovations:

Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
Single collection and sending to both Log Analytics and Azure Monitor Metrics
Send to multiple workspaces (multi-homing for Linux)
Ability to better filter Windows events
Better extension management

AMA on Linux supports the following new distros for data collection (Data Collection Rules – DCR):

CentOS Linux 8*
Debian 10
Oracle Linux 8*
Red Hat Enterprise Linux Server 8*
SUSE Linux Enterprise Server 15.2*
SUSE Linux Enterprise Server 15.1*
Ubuntu 20

_*_{Known issue with Syslog events. Currently only Performance Counters are supported (CPU, Memory, Disk, Network)}

Furthermore, AMA and DCR are now available in new regions:

UK West (Wuk)
Korea Central (If)
France Central (Frc)
South Africa North (Jnb)
Switzerland North

New disk bursting metrics

Azure Monitor allows you to obtain detailed information on the resources deployed and running in the Azure environment. Through metrics, which are resource performance indicators in Azure, you can get detailed information about what's happening. Azure Monitor releases new metrics to help you better understand disk bursting performance. These new metrics provide the expected performance from Premium SSD disks and indicate the amount of bursting credits that have been used.

Configure

Azure Automation

Availability in new regions

Azure Automation is available in the following new regions:

Japan West
UAE Central

To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Cost Management

Availability for Azure Government Pay-As-You-Go subscription

Azure Cost Management features are now also available for Azure Government Pay-As-You-Go subscriptions.

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

What's new in Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Cross Region Restore (CRR) for Azure virtual machines

Azure Backup stores the backup data in the Recovery Service vault on which a geographical redundancy is set by default. This results in the backup data in the primary region being geographically replicated to the associated secondary region (paired region). However, replicated data in the secondary region is available for recovery only if Azure declares an emergency in the primary region. By adopting this new functionality in Azure Backup, you will be able to start restores of virtual machines in a secondary region at will, making them completely controlled by the customer. To do this, however, the Recovery Service vault that holds the backups must be set up in geographical redundancy. Recovery between different Azure regions is available, still in preview, also for SQL and SAP HANA.

New features for Azure Backup Center (preview)

Backup Center, currently in preview, now also supports the following workloads: SQL in Azure VM, SAP HANA in Azure VM and Azure Files. With the Backup Center, you can centrally manage and monitor backups of all supported Azure workloads.

Furthermore, new built-in policies for Azure Backup have been included in the Backup Center that allow you to configure the backups of virtual machines in Azure based on the resource groups they belong to and the assigned tags.

Azure Backup for SAP HANA: soft limit increased by 2 TB to 8 TB

Thanks to the new data transfer features, Azure Backup now helps protect larger SAP HANA DB. Azure Backup for SAP HANA now allows you to reach data transfer speeds up to 420 MBps for non-log backups (for example full, differential and incremental) and 100 MBps for log backups. Thanks to this improvement in data transfer capacity it is possible to back up ~ 1,5 TB per hour, which results in 6-8 TB of full backups in 4-6 hours. The Azure Backup Service allows you to provide similar speeds even during restore operations.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 54 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (February 2021 – Weeks: 05 and 06)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure achieves new certifications

Microsoft Azure has achieved this new certifications:

Its first PCI 3-D Secure (PCI 3DS) certification
It has increased the scope of its HITRUST CSF certification to include 172 Azure offerings across 49 Azure regions. Azure’s HITRUST certification letters are available on the Service Trust Portal and include the full list of HITRUST CSF certified Azure offerings and regions.

New planned datacenter region in Georgia (East US 3)

The new datacenter region will have a presence in Douglas and Fulton counties, in response to growing customer demand, supporting the creation of new jobs and local business growth. Availability Zones in the new East US 3 region will provide customers with high availability and additional tolerance to datacenter failures.

Storage

Soft delete for Azure file shares is now on by default for new storage accounts

Soft delete for Azure file shares is now enabled by default and this change will apply to all new storage accounts. Soft delete protects your Azure file shares from accidental deletion. Soft delete acts like a recycle bin for Azure file shares, meaning that deleted shares remain recoverable for their entire retention period (7 days by default for storage accounts created after January 31^st). You will be charged for soft deleted data on the snapshot meter. If you have automated the creation of new storage accounts and the creation/deletion of new file shares within them, you must modify your scripts to explicitly disable soft delete after the creation of a new storage account. Soft delete will remain disabled by default for existing storage accounts.

Azure File Sync agent v11.2

The Azure File Sync agent v11.2 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

If a sync session is cancelled due to a high number of per-item errors, sync may go through reconciliation when a new session starts if the Azure File Sync service determines a custom sync session is needed to correct the per-item errors.
Registering a server using the Register-AzStorageSyncServer cmdlet may fail with “Unhandled Exception” error.
New PowerShell cmdlet (Add-StorageSyncAllowedServerEndpointPath) to configure allowed server endpoints paths on a server. This cmdlet is useful for scenarios in which the Azure File Sync deployment is managed by a Cloud Solution Provider (CSP) or Service Provider and the customer wants to configure allowed server endpoints paths on a server. When creating a server endpoint, if the path specified is not in the allow list, the server endpoint creation will fail. Note, this is an optional feature and all supported paths are allowed by default when creating a server endpoint. To learn more, see the release notes.

How to obtain and install this update:

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this update rollup:

This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
The agent version of this update rollup is 11.2.0.0.
A restart may be required if files are in use during the installation.
Installation instructions are documented in KB4539952.

Append blob support for Azure Data Lake Storage (limited public preview)

Append blobs allow users to append data to the end of a blob or file quickly and existing content does not need to be modified. This makes append blobs great for applications such as logging that need to add information to existing files efficiently and continuously. Until now, only block blobs were supported in Azure Data Lake Storage accounts. With this preview, applications can use create append blobs in these accounts also and write to them using Append Block operations.

Ingest up to 10 files and blobs with the new Azure Data Explorer intuitive UX

You can now easily ingest blobs or files into Azure Data Explorer with the new ingestion intuitive wizard. This ingestion wizard also allows you to create a table automatically based on the source structure.

Azure IaaS and Azure Stack: announcements and updates (January 2021 – Weeks: 03 and 04)

Azure

Compute

New Azure Cloud Services deployment model (preview)

Both deployment models are now available in Azure Cloud Services:

Azure Cloud Services (extended support), in public preview, is a new Azure Resource Manager–based deployment model for Azure Cloud Services. As an existing user of Azure Cloud Services, with Azure Cloud Services (extended support) you can now increase regional resiliency while gaining access to new capabilities such as role-based access control (RBAC), tags, policy, and support for deployment templates.
The Azure Service Manager–based deployment model is now named Azure Cloud Services (classic). You can keep using the existing Azure Cloud Services (classic) deployment model for your Azure Service Manager–based applications.

Availability Zones in new regions

Availability Zones give users additional options for high availability for their most demanding applications and services as well as confidence and protection from potential hardware and software failures by providing three or more unique physical locations within an Azure region. Availability Zones are now generally available in South Central US and in Germany West Central. Availability Zones in this regions are made up of 3 unique physically separated locations or “zones” within a single region to bring higher availability and asynchronous replication across Azure regions for disaster recovery protection.

Linux Diagnostics Agent 4.0 (preview)

The Linux Diagnostic Extension (LAD) 4.0 is now available in public preview. This release contains,

Azure Monitor Metric Sink enabled by default
Support for Ubuntu 20.04
Removal of OMI for a modified version of Telegraf
Bug and stability improvements
Performance improvements

Since this is a major version upgrade this update will not be automatically applied. You will need to update manually.

Storage

Copy Blob support over private endpoints

Azure Storage now enables you to copy data between storage accounts where one or both the accounts are protected using private endpoints. This includes support for Copy Blob or utilities such as such as AzCopy over Private Endpoints. The feature also enables copying of data between storage accounts, where one account uses a private endpoint and another uses a service endpoint. Azure Storage validates that the client has access to both the source and the destination storage accounts before allowing the data to be copied.

Resource instance rules for access to Azure Storage (preview)

Some Azure resources cannot be isolated through a virtual network or an IP address rule. However, you’d still like to secure and restrict access to your storage account to only your application’s Azure resources. You can now configure your storage accounts to allow access to only specific resource instances of select Azure services by creating a resource instance rule. Resource instances must be in the same tenant as your storage account, but they may belong any resource group or subscription in the tenant. Resource instance rules for access to Azure Storage are now in public preview in all Azure public regions.

Prevent Shared Key authorization on Azure Storage accounts (preview)

Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key. Microsoft is announcing the public preview of the ability to disable Shared Key authorization for Azure Storage. Before you disable Shared Key authorization on existing storage accounts, Microsoft suggests checking existing access patterns via monitoring.

Azure Management services: what's new in January 2021

The new year began with several announcements from Microsoft regarding news related to Azure management services. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Monitor

Azure Monitor

Cross query between Azure Monitor and Azure Data Explorer (preview)

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Monitoring Azure Data Explorer Cluster with Azure Monitor (preview)

Azure Monitor expands its capabilities with Azure Monitor for Azure Data Explorer, which allows you to perform a complete monitor of Azure Data Explorer clusters, providing a single view of performance, of operations, and actual use.

Integration between Azure Monitor workbooks and Application Change Analysis (preview)

The recently released integration between Azure Monitor and Application Change workbooks allows you to create different types of charts, using as a data source the information regarding the changes that are made in the Azure environment. For example,, you can create charts to see when important changes have occurred in the last few 24 hours, or use the ability to merge to see what changed before a spike in memory that occurred on a VM.

ITSM Connector for ServiceNow ITOM with Secure Export (preview)

Secure Export is the new version (in preview) of the’IT Service Management Connector (ITSM) of Azure Monitor, which allows you to automatically create work items in an ITSM tool, when an Azure Monitor alert is activated. As part of the preview, a new integration with ServiceNow IT Operations Management was introduced (ITOM) using Secure Export.

Azure Monitor Network Insights

Azure Monitor Network Insights is now available and allows , through a centralized console, to monitor your Azure network infrastructure. The main features of Network Insights are as follows:

Unique console for the network monitor.
Agent configuration is not required.
Centralized access to traffic and connectivity monitor tools, that allow you to check health state, metrics, alerts, and data.
Viewing the network topology, with the ability to view functional dependencies. This will make it easier to solve any problems.
Access resource metrics to debug when needed, without having to write queries or create specific workbooks.

Availability in new regions

Azure Monitor Log Analytics is now available in the following Azure regions: “Germany West Central”, “UAE North”, and “Switzerland West”. Furthermore, Azure Log Analytics is available in preview in two new regions: “UAE Central” and “Japan West”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in new regions

Azure Automation is now available in the “UAE North” and in the region of “Switzerland West”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Support for NSG Flow Logs

TheNSG flow logs in the Azure platform, they allow you to maintain the visibility of network traffic entering and leaving the Network Security Groups. To simplify the deployment experience, NSG flow logs Integrated support has been introduced in the Azure Policy, which allows you to check the enabled status and to force the collection of NSG flow logs when disabled, specifically by using the following policies:

Audit policy: NSGs flag without Flow logs enabled
DeployIfNotExists policy: Enable Flow logs on NSGs where it is disabled

Azure Cost Management

Updates related to Azure Cost Management and Billing

Microsoft is constantly looking for new ways to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . In this article some of the latest improvements and updates regarding this solution are reported, including:

New cost view for resource groups
Saving the last scope used
What's New in Cost Management Labs
Definition of roles and responsibilities
Cost-saving methodologies by running .NET apps on Azure
New ways to save money
New videos to deepen these issues
Documentation updates

Secure

Azure Security Center

Vulnerability assessment for on-premises and multi-cloud systems

The Azure Security Center solution has recently been enriched with the ability to carry out an integrated Vulnerability Assessment, not just virtual machines in Azure, but also systems located on-premises or in multi-cloud environments, as long as Azure Arc has been enabled.

The vulnerability scanning included in Azure Defender for servers is done through the solutionQualys, which is recognized as a leading tool for real-time identification of potential vulnerabilities in the systems.

Thanks to this update, it is possible to harness the power of Azure Defender for server to consolidate the vulnerability management program on all resources in your environment (Azure and not). Among the main features we find:

Monitoring the VA scan (vulnerability assessment) on Azure Arc machines
Provisioning the VA agent on Azure Arc Windows and Linux machines (manually and on a large scale)
Receiving and analyzing vulnerabilities detected by distributed agents (manually and on a large scale)
Unified experience for Azure VMs and Azure Arc machines

What's new in Azure Security Center

Azure Security Benchmark becomes the default initiative
Secure score for management groups (preview)
Secure score API
DNS sangling security added to Azure Defender for App Service
Multi-cloud connectors
Exemption, for subscriptions and management groups, for recommendations from the secure score
Users can request visibility “tenant-wide”
35 recommendations in previews added
CSV export of filtered lists of recommendations
Resources “Not applicable” are reported as “Compliant” in Azure Policy assessments
Weekly export of secure score and regulatory compliance data through continuous export (preview)

Azure Defender for SQL updates and enhancements

In Azure Security Center, the following updates and improvements have been made to Azure Defender for SQL:

Protect

Azure Backup

Azure Managed Disk backups (limited preview)

Azure Backup offers the ability, at the moment by accessing a limited preview, to protect managed disks. All this takes place through the periodic creation of snapshots that are kept for a duration established by backup policy. The solution does not require the presence of specific agents and supports backup and recovery of both operating system and data disks (including shared disks), regardless of whether or not they are connected to a virtual machine running in Azure.

Encryption at rest with keys “customer-managed”

Azure Backup introduces encryption at rest support using customer-managed keys. This feature encrypts backup data in recovery services vaults using your keys in the Azure Key Vault. Data is protected using a data encryption key (DEK) AES-based 256, which in turn is protected using the keys stored in the Key Vault. Compared to encryption that uses keys managed by the Azure platform (available by default), this support gives you more control over encryption key management, enabling you to best meet your compliance needs.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 53 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (January 2021 – Weeks: 01 and 02)

Azure

Compute

New datacenter region in Chile

Microsoft has announced plans for a new datacenter region in Chile, as part of a “Transforma Chile” initiative. A skilling program as well as an Advisory Board are also part of the initiative, targeted at reaching 180,00 Chileans.

NCas_T4_v3-Series VMs are now generally available

NCas_T4_v3Virtual Machines feature 4 NVIDIA T4 GPUs with 16 GB of memory each, up to 64 non-multithreaded AMD EPYC 7V12 (Rome) processor cores, and 448 GiB of system memory. These virtual machines are ideal to run ML and AI workloads utilizing Cuda, TensorFlow, Pytorch, Caffe, and other frameworks or the graphics workloads using NVIDIA GRID technology. NCas_T4_v3 VMs are now generally available in West US2, West Europe, and Korea Central regions.

Networking

Public IP SKU upgrade

Azure public IP addresses now support the ability to be upgraded from Basic to Standard SKU. Additionally, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address. This is supported via PowerShell, CLI, templates, and API and available across all Azure regions.

Azure Hybrid Cloud: Azure Stack Edge solution overview

Microsoft to better meet the needs of adopting solutions that can extend your environment, from the main datacenter to the peripheral sites, with innovative Azure services, makes the Azure Stack portfolio available to its customers. It is a set of hybryd cloud solutions, that allow you to deploy and run your application workloads consistently, without restrictions imposed by the geographical location. This article provides an overview of the Azure Stack Edge platform (ASE) and its characteristics, examining the use cases and the main features.

Before going into the specifics of Azure Stack Edge it is good to specify that the solutions included in the Azure Stack portfolio are the following:

Azure Stack Edge: the Azure managed appliance that can bring computational power, cloud storage and intelligence in a remote edge of the customer.
Azure Stack HCI: the solution that allows the execution of virtual machines and an easy connection to Azure thanks to a hyper-converged infrastructure (HCI).
Azure Stack Hub: the offer for enterprise companies and public sector customers, needing a cloud environment but disconnected from the Internet, or need to meet specific regulatory and compliance requirements.

Figure 1 – Azure Stack Product Family

To get an overview of these solutions I invite you to read this article.

Azure Stack Edge value proposition

The results that can be obtained by adopting the Azure Stack Edge solution are the following:

Possibility of adopting an on-premises model Infrastructure as a service (IaaS) for workloads on peripheral sites (edge), where both hardware and software are provided by Microsoft.
Ability to run applications at customer sites, in order to keep them close to the data sources. Furthermore, allows you to run not only proprietary and third-party applications at the edge, but also to take advantage of different Azure services.
Availability of built-in hardware accelerators that allow you to run machine learning and AI scenarios at the edge, right where the data is, without having to send data to the cloud for further analysis.
Possibility of having an integrated cloud storage gateway that allows easy data transfer from the edge to the cloud environment.

Usage scenarios

The main scenarios for using Azure Stack Edge are the following:

Machine learning at peripheral sites: thanks to the presence of integrated hardware accelerators and the processing capabilities offered by the solution, you have the ability to cope with these scenarios right where the data resides, processing them in real time, without having to send them to Azure.
Computational capacity at edge: customers can run their business applications and IoT solutions at peripheral sites, without necessarily having to rely on constant connectivity to the cloud environment.
Network transfer of data from the edge to the cloud: used in scenarios where you want to periodically transfer data from the edge to the cloud, for further analysis or storage purposes.

Form factors

To support the different usage scenarios reported, vertically between industrial sectors, Azure Stack Edge is available in three separate form factors:

Azure Stack Edge Pro, a 1U blade server with one or two GPUs.
Azure Stack Edge Pro R, a rugged server with GPU, in a sturdy carrying case, complete with UPS and backup battery.
Azure Stack Edge Mini R, a machine with a reduced form factor with a battery and a low weight (less than 3,5 Kg).

Figure 2 – Azure Stack Edge Form Factors

Azure Stack Edge "rugged" versions allow resistance to extreme environmental conditions, and battery-powered versions allow easy transport.

Azure Stack Edge stack software

The customer can place the Azure Stack Edge order and provisioning directly from the Azure portal, and then use the classic Azure management tools to monitor and perform updates. Hardware support is provided directly by Microsoft, that will replace the components in case of problems. There is no upfront cost to obtain this appliance, but the cost will be included monthly in the billing of Azure services. Since, once configured, any application running on Azure Stack Edge can be configured and deployed from the Azure portal, eliminates the need for IT staff in the edge location.

Azure Stack Edge Computational Capacity

The ability to offer computational capacity taken from the edges is one of the key features of Azure Stack Edge, which can be provided in one of the following ways:

IoT Edge: the execution of containerized workloads distributed through the IoT hub has always been supported since the launch of Azure Stack Edge and continues to be so.
Kubernetes: recently, support was introduced for the execution of containerized workloads in Kubernetes clusters running on Azure Stack Edge.
Virtual machines: another way to run applications is by activating workloads on board virtual machines.

Kubernetes environment in Azure Stack Edge

Kubernetes is becoming the de facto standard for the execution and orchestration of containerized workloads, but those who know these environments, is aware of some of the operational challenges that can arise from managing a Kubernetes cluster. In this context, the goal of Azure Stack Edge is to simplify the deployment and management of Kubernetes clusters. With a simple configuration, you can activate a Kubernetes cluster on Azure Stack Edge.

Once the Kubernetes cluster has been configured, you must perform additional management steps, that are simplified in ASE with simple add-ons. Among these operations we find:

The ability to easily enable hardware accelerators.
The provisioning of the storage system to create persistent volumes.
Keep it up to date with Kubernetes releases by taking the latest updates available.
The ability to apply security and governance mechanisms from their own infrastructure.

Cluster environment configuration completed, Simple mechanisms are provided for deploying and managing workloads on the Kubernetes cluster, by using the following modes:

Azure Arc: ASE comes with native integration with Azure Arc. With just a few steps you can enable Azure Arc, allowing applications to be distributed in the Kubernetes cluster directly from the Azure portal.
IoT Hub: by enabling the IoT hub add-on it is possible to use it for the distribution of conteiners.
Kubectl: finally supports the native way kubectl, typically used in disconnected environments or if you have an existing infrastructure that already integrates with this mode.

Figure 3 – Kubernetes deployment in Azure Stack Edge

Virtual machines in Azure Stack Edge

Another variant to offer computational capacity at the edges is the activation of virtual machines. Azure Stack Edge allows you to host virtual machines, both Windows and Linux, offering the ability to deploy and manage these virtual machines directly from Azure or by acting locally.

Figure 4 – Virtual Machines in Azure Stack Edge

One thing to consider is that Azure Stack Edge allows you to set up simpler network topologies than Azure or Azure Stack Hub.

Regarding the hardware acceleration features in Azure Stack Edge, these two variants are supported:

GPU NVIDIA T4, fully integrated with the GPU stack
Intel Movidius Visual Processing Unit (VPU), for AI and ML scenarios

Azure services that can be deployed in Azure Stack Edge

The number of services that can be activated in Azure Stack Edge is large, among those recently introduced we find:

Live Video Analytics: a platform for creating video solutions and applications based on artificial intelligence, to carry out real-time insights using video streams.
Spatial Analysis: a real-time computer vision module to analyze videos and understand people's movements in physical spaces. For example,, during the Covid period, many retail stores want to implement social distancing policies and may use a special analytics module to understand certain behavior based on videos shot in the store.
Azure Monitor: this increases application performance and availability by collecting logs from containers and analyzing them.

Figure 5 – Azure Solutions in Azure Stack Edge

Conclusions

In business realities, the adoption of totally cloud-based solutions does not always turn out to be a viable choice or the best of all, hybrid solutions often have to be adopted, which in any case include the possibility of using the innovations introduced by the cloud. Azure Stack Edge is a flexible and modern solution that allows you to meet your needs, even the most challenging ones, emerging for edge sites, without neglecting the potential offered by the public cloud.

Azure IaaS and Azure Stack: announcements and updates (December 2020 – Weeks: 53)

In the last week of the year, there was little news, thanks to the holiday period. This series of blog posts will continue into 2021. I take this opportunity to wish you a Happy New Year!

Azure

Azure NetApp Files: Application Consistent Snapshot tool (preview)

Azure Application Consistent Snapshot tool (AzAcSnap) is in public preview. It is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL).

Azure Management services: what's new in December 2020

In December several news regarding Azure management services were announced by Microsoft. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

Monitor

Azure Monitor

New Azure Monitor agent and new Data Collection Rules features(preview)

Azure Monitor introduces (in preview) a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

Support for Azure Arc server(Windows and Linux)
Virtual Machine Scale Set support (VMSS)
Installation via ARM template

With regard to the Data Collection, these innovations have been made:

Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
Single collection and sending to both Log Analytics and Azure Monitor Metrics
Send to multiple workspaces (multi-homing for Linux)
Ability to better filter Windows events
Better extension management

Azure Monitor for Windows Virtual Desktop (preview)

Azure Monitor now allows you to perform the following operations related to Windows Virtual Desktop environments:

View a summary of the status and health of host pools
Find and resolve any deployment issues
Evaluate resource usage and make decisions about scalability and cost management
Understanding and addressing user feedback

Azure Monitor for containers: tab reports and deployment logs

In Azure Monitor for containers a new tab has been made available Reports that gives customers complete access to all advanced monitoring workbooks for Kubernetes, for example: Node-disk, Node-network, workloads and Persistent Volume monitoring.

Furthermore, you can now view real-time logs of Azure Kubernetes Service deployments (AKS), accessing the live logs of the pods directly. Log Analytics will allow you to search by applying filters to view historical pod deployment logs, useful for diagnosing any issues.

Azure Monitor for containers: support for Private Cluster live logs (preview)

In Azure Monitor for containers support for private cluster live logs has been introduced, this allows you to view in real time container logs, pod events and metrics. For more details please visit the Microsoft-specific documentation.

Infrastructure Encryption for Azure Monitor data

Starting from 1 November 2020 data that flows into Azure Monitor is encrypted twice: at the service level and now also at the infrastructure level, thanks to the double encryption available for Azure storage.

Configure

Azure Automation

Support for Azure Private Link available

Microsoft has introduced support forAzure Private Link, necessary to securely connect virtual networks to Azure Automation through the use of private endpoints. This feature is useful for:

Establish a private connection with Azure Automation, without opening access from the public network.
Ensure that Azure Automation data is accessible only through authorized private networks.
Protect yourself from data extraction by allowing granular access to specific resources.
Keep all traffic within the Microsoft Azure backbone network.

Availability in new regions

Azure Automation is now available in the “Norway East” and “Germany West Central”. To check the availability of the service in all the Azure regions you can consult this document.

Support for Python3 runbooks (preview)

In Azure Automation, you can now import, create and run runbooks Python 3 in Azure or in a Hybrid Runbook Worker.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (December 2020 – Weeks: 51 and 52)

Azure

Compute

Azure VMware Solution: now available in UK South and Japan East Azure regions

The new Azure VMware Solution empowers customers to seamlessly extend or migrate their existing on-premises VMware applications to Azure without the cost, effort or risk of re-architecting applications or retooling operations. General Availability of the new Azure VMware Solution was announced at Microsoft Ignite, Sept 2020, with initial availability in US East, US West, West Europe and Australia. Microsoft has now expanded availability to two more Azure regions Japan East and UK South. For updates on more upcoming region availability please visit the product by region page here.

HBv2-series VMs for HPC now available in the UAE North region

HBv2 VMs are now Generally Available in the Azure UAE North region.

Storage

Azure File Sync agent v11.1

Azure File Sync agent v11.1 is now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

New cloud tiering modes to control initial download and proactive recall
- Initial download mode: you can now choose how you want your files to be initially downloaded onto your new server endpoint. Want all your files tiered or as many files as possible downloaded onto your server by last modified timestamp? You can do that! Can’t use cloud tiering? You can now opt to avoid tiered files on your system. To learn more, see Create a server endpoint section in the Deploy Azure File Sync documentation.
- Proactive recall mode: whenever a file is created or modified, you can proactively recall it to servers that you specify within the same sync group. This makes the file readily available for consumption in each server you specified. Have teams across the globe working on the same data? Enable proactive recalling so that when the team arrives the next morning, all the files updated by a team in a different time zone are downloaded and ready to go! To learn more, see Proactively recall new and changed files from an Azure file share section in the Deploy Azure File Sync documentation.
Exclude applications from cloud tiering last access time tracking
- You can now exclude applications from last access time tracking. When an application accesses a file, the last access time for the file is updated in the cloud tiering database. Applications that scan the file system like anti-virus cause all files to have the same last access time which impacts when files are tiered. For more details, see the release notes.
Miscellaneous performance and reliability improvements
- Improved change detection performance to detect files that have changed in the Azure file share.
- Improved sync upload performance.
- Initial upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
- Sync reliability improvements for certain I/O patterns.
- Fixed a bug to prevent the sync database from going back-in-time on failover clusters when a failover occurs.
- Improved recall performance when accessing a tiered file.

More information about this release:

This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
The agent version for this release is 11.1.0.0.
A restart may be required if files are in use during the agent installation.
Installation instructions are documented in KB4539951.

The possibilities offered by Azure for container execution

The strong trend in application development involving microservice-based architectures make containers perfect for efficiently deploying software and operating at scale. containers can work on windows operating systems, Linux and Mac, on virtual machines or bare metal, in on-premise data centers and, obviously, in the public cloud. Microsoft is certainly a leading provider that enables enterprise-level container execution in the public cloud. This article provides an overview of the main solutions that can be adopted to run containers in a Microsoft Azure environment.

Virtual machines

IaaS virtual machines in Azure environment can provide maximum flexibility to run Docker containers. In fact,, on Windows and Linux virtual machines it is possible to install the Docker runtime and thanks to the availability of different combinations of CPU and RAM you can have the necessary resources to run one or more containers. This approach is typically recommended in DevTest environments, as the cost of configuring and maintaining the virtual machine is not negligible.

Serverless approaches

Azure Container Instances (ACI)

Azure Container Instances (ACI) is the easiest and fastest way in Azure to run on-demand containers in a managed serverless environment. All this is made possible without having to activate specific virtual machines and the necessary maintenance is almost negligible. The solution Azure Container Instances is suitable in scenarios that require isolated containers, without the need to adopt a complex orchestration system. ACI is in fact able to provide only some basic scheduling features offered by the orchestration platforms and, although it does not cover the valuable services provided by such platforms, can be seen as a complementary solution.

Top-level resources in Azure Container Instances are the Container group, a collection of containers that are scheduled on the same host machine. Containers within a container group share the lifecycle, resources, the local network and storage volumes. Container group concept is similar to pod concept in Kubernetes environment.

Figure 1 – Container group sample in Azure Container Instances

The service Azure Container Instances involves costs that depend on the number of vCPUs and GBs of memory allocated per second. For more details on costs please visit the Microsoft official page.

Azure Web App for Containers

For web-based workloads, there is the ability to run containers from Azure App Service, the Azure web hosting platform, using the service Azure Web App for Containers, with the advantage of being able to exploit the distribution methodologies, scalability and monitors inherent in the solution.

Azure Batch and Containers

If workloads require you to scale with multiple job batches, you can put them in containers and manage scaling through Azure Batch. In this scenario, the combination of Azure Batch and containers turns out to be a winner. Azure Batch allows the execution and resizing of a large number of batch processing processes in Azure, while containers provide an easy way to perform Batch tasks, without having to manage the environment and its dependencies, required to run applications. In these scenarios, it is possible to envisage the adoption of low-priority VMs with Azure Batch to reduce costs.

Containers orchestration

The automation and management tasks of a large number of containers and the ways in which they interact with each other is known as orchestration. In case therefore there is a need to orchestrate more containers it is necessary to adopt more sophisticated solutions such as: Azure Kubernetes Service (AKS) or Azure Service Fabric.

Azure Kubernetes Service (AKS)

Azure Kubernetes Service (AKS) is the fully managed Azure service that allows the activation of a Kubernetes cluster.

Kubernetes, also known as “k8s”, provides automated orchestration of containers, improving its reliability and reducing the time and resources required in the DevOps field. Kubernetes tends to simplify deployments, allowing you to automatically perform implementations and rollbacks. Furthermore, it allows to improve the management of applications and to monitor the status of services to avoid errors in the implementation phase. Among the various functions there are services integrity checks, with the ability to restart containers that are not running or that are blocked, allowing to advertise to clients only the services that have started correctly. Kubernetes also allows you to automatically scale based on usage and exactly like containers, allows you to manage the cluster environment in a declarative way, allowing version-controlled and easily replicable configuration.

Figure 2 - Example of microservices architecture based on Azure Kubernetes Service (AKS)

Azure Service Fabric

Another possibility to orchestrate containers is the adoption of the reliable and flexible platform Azure Service Fabric. This is Microsoft's container orchestrator that allows the deployment and management of microservices in highly intensive cluster environments with very fast deployment times. With this solution you have the opportunity, for the same application, to combine services residing in processes and services within containers. The unique and scalable architecture of Service Fabric allows you to perform data analysis almost in real time, computational calculations in memory, parallel transactions and event processing in applications. Service Fabric provides a sophisticated and lightweight runtime that supports stateless and stateful microservices. A key differentiator of Service Fabric is its robust support for creating stateful services, adopting built-in programming models of Service Fabric or stateful containerized services. For more information on the application scenarios that can take advantage of Service Fabric stateful services you can consult this document.

Figure 3 - Azure Service Fabric overview

Azure Service Fabric can boast of hosting many Microsoft services, including Azure SQL Database, Azure Cosmos DB, Cortana, Microsoft Power BI, Microsoft Intune, Azure Event Hubs, Azure IoT Hub, Dynamics 365, Skype for Business, and many core Azure services.

Conclusions

Microsoft offers a range of options for running containers in its public cloud. The choice of the solution that best suits your needs among all those offered, despite requiring careful evaluation, allows to have a high flexibility. From the adoption of serverless approaches, the management of cluster environments for orchestration, up to the creation of your own infrastructure based on virtual machines, you can find the ideal solution to run containers in the Microsoft Azure environment.