Category Archives: Cloud

Azure IaaS and Azure Stack: announcements and updates (December 2020 – Weeks: 49 and 50)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Dedicated Host: automatic VM placement and Azure Virtual Machine Scale Sets available

You can simplify the deployment and increase the scalability of your Azure Dedicated Hosts environments with two new features now generally available:

  • You can accelerate the deployment of Azure VMs in Dedicated Hosts by letting the platform select the host group to which the VM will be deployed.
  • You can also use Virtual Machine Scale Sets in conjunction with Dedicated Hosts. This new capability allows IT organizations to use scale sets across multiple dedicated hosts part of a dedicated hosts group.

New datacenter region in Denmark

Microsoft has announced the most significant investment in its 30-year history in Denmark, introducing Denmark as the location for its next sustainable datacenter region and a comprehensive skilling commitment for an estimated 200,000 Danes by 2024. Powered by 100 percent renewable energy, the datacenter region will provide Danish customers of all sizes faster access to the Microsoft Cloud, world-class security and the ability to store data at rest in the country.

HBv2-series VMs for HPC are now available in UAE North

HBv2 VMs for supercomputing lass HPC are now generally available in the Azure UAE North region.

Storage

Azure Storage blob inventory (preview)

A lot of valuable data is stored in Azure Blob Storage. Customers frequently want to have an overview of their data for business and compliance reasons. The Azure Storage blob inventory feature provides an overview of your blob data within a storage account. Use the inventory report to understand your total data size, age, encryption status, and so on. Enable blob inventory reports by adding a policy to your storage account. Add, edit, or remove a policy by using the Azure portal. Once enabled, an inventory report is automatically created daily.

Azure Storage account recovery available via portal

Azure Storage uses a storage account to contain all of your Azure Storage data including: blobs, files, tables, queues, and disks.  Accidentally deleting a storage account deletes all data in the account and previously could not be recovered. Microsoft is announcing that storage account recovery is available with some restrictions and this functionality is available via the Azure Portal.

 For a storage account to be recoverable:

  • A new storage account with the same name has not been recreated since deletion
  • The storage account was deleted in the last 14 days
  • It is not a classic storage account
  • Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in the following regions: Australia East, Korea Central, and South Central US. In addition, the NFS 3.0 preview is expanded to support block blob with premium performance tier in all available regions.

Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts

Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in the following regions: Australia East, Korea Central, and South Central US. In addition, the NFS 3.0 preview is expanded to support block blob with premium performance tier in all available regions.

Azure Stack

Azure Stack Edge

Virtual Machine Support (public preview)

Azure Stack Edge hosts Azure virtual machines so you can run your VM based IoT, AI, and business applications on an Azure appliance at your location. The system includes deployment and management from the Azure portal, meaning you use the Azure Portal to deploy a VM Image and a VM to your Edge device at your location. Because Azure Stack Edge supports Azure VMs, you can build and test your VM image in Azure before deploying straight to the edge. For local control, ARM compatible APIs and templates can deploy and manage VMs, even when the device is disconnected from Azure.

Kubernetes system is available

Azure Stack Edge includes a managed Kubernetes environment so you can deploy your containerized apps to the edge using this industry standard technology. Just click a button in the Azure Portal and Azure Stack Edge will create a Kubernetes cluster and keep it running for you. Then deploy your Kubernetes apps from the cloud via IoT Edge or Arc enabled Kubernetes. Or use native kubectl tools for local deployment. This makes it simple to have an on-premises Kubernetes environment for your AI, IoT, and modern business applications.

Azure Stack HCI

The new Azure Stack HCI is now generally available

Azure Stack HCI is the new subscription service for hyperconverged infrastructure from Microsoft Azure. Azure Stack HCI brings together the familiarity and flexibility of on-premises virtualization with powerful new hybrid capabilities. With Azure Stack HCI, you can run virtual machines, containers, and select Azure services on-premises with management, billing, and support through the Azure cloud.

Azure Stack Hub

Event hubs is available

Event Hubs is a reliable and scalable event streaming engine that backs thousands of applications across every kind of industry in Microsoft Azure. Microsoft is announcing the general availability of Event Hubs on Azure Stack Hub. Event Event Hubs on Azure Stack Hub will allow you to realize cloud and on-premises scenarios that use streaming architectures.

Azure IaaS and Azure Stack: announcements and updates (November 2020 – Weeks: 47 and 48)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Hybrid Benefit for Linux

Azure Hybrid Benefit functionality is available for Linux customers, allowing you to bring both your on-premises Windows Server and SQL Server licenses, as well as Red Hat Enterprise Linux (RHEL) or SUSE Linux Enterprise Server (SLES) subscriptions to Azure.

Microsoft to establish its first datacenter region in Sweden

Microsoft’s newest datacenter region will be among the most sustainable to date, as Microsoft will be partnering with Vattenfall around their 24/7 matching solution, which will track renewable energy consumption in the upcoming Swedish datacenters. The Microsoft Cloud delivered from datacenters in Sweden will enable Swedish businesses to empower employees, engage customers, transform products, and optimize operations, all through connected experiences and supported by advanced data privacy and security. Upcoming plans also include a skilling initiative for up to 150,000 Swedes. Microsoft’s community investments in Sweden total more than $1.25 million (U.S.) in partnership with 13 organizations to advance STEM programs focused on youth, skilling and culture. The new region will also deliver Availability Zones.

Storage

SMB Multichannel available on Azure Files premium tier (preview)

SMB Multichannel enables an SMB 3.x client to establish multiple network connections to a premium file share, and hence, increasing client’s performance up to 3x in terms of IOPS and throughput. Workloads running on the premium file shares can now achieve the required scale from a single virtual machine (VM) or a smaller set of VMs, thereby reducing the total cost of ownership.

Performance tiers for Premium SSDs

To sustain high performance demands for a specific duration, such as running a training environment during daytime, performance testing, or an event like Black Friday, you can now set the performance tier of your Premium SSDs without increasing the capacity of the disk. This provides the flexibility to achieve higher performance while also controlling costs. To start with, a baseline performance tier is set based on the provisioned disk size. However, when your application has higher performance demands, you can choose a higher performance tier. Once the period of high demand is complete, your provisioned disk can return to the initial baseline performance tier. For example, if you initially provision a P10 disk (128GB), your baseline performance tier is set as P10 (500 IOPS and 100MB/s). Later, you can update the tier to match the performance of P50 (7500 IOPS and 250MBs) and return to P10 when higher performance is no longer needed.

More IOPS at no additional cost for Azure Files premium tier

Effective immediately, all premium shares get an input/output per second (IOPS) uplift for free. All shares get an additional 400 baseline IOPS, and even the smallest share of 100 GiB can now burst up to 4,000 IOPS. This change is particularly beneficial for workloads that do not have a high capacity requirement but need extra performance to accommodate spikes in traffic or sudden unpredictable loads, such as web applications, backup and restore operations, and batch jobs.

Earlier:

  • Baseline IOPS = 1 * provisioned GiB. (Up to a max of 100,000 IOPS).
  • Burst Limit = 3 * Baseline IOPS. (Up to a max of 100,000 IOPS).

With this change:

  • Baseline IOPS = 400 + 1 * provisioned GiB. (Up to a max of 100,000 IOPS).
  • Burst Limit = MAX (4,000, 3 * Baseline IOPS). (Up to a max of 100,000 IOPS).

The new IOPS limits are available in all Azure Files premium tier regions. This additional free IOPS offer coupled with our recent price reduction of 33% on Azure Files premium tier will significantly reduce the total cost of deployment.

Networking

VPN over ExpressRoute private peering

For customers such as those in financial and health industries, double encryption over both their private WANs and Azure WAN is a key compliance requirement. VPN over ExpressRoute private peering allows customers to use IPsec tunnels over their ExpressRoute private peering to satisfy this need. You can configure a Site-to-Site VPN to a virtual network gateway over an ExpressRoute private peering using an RFC 1918 IP address. This configuration provides the following benefits:

  • Traffic over private peering is encrypted.

  • Point-to-site users connecting to a virtual network gateway can use ExpressRoute (via the Site-to-Site tunnel) to access on-premises resources.

New features for Azure VPN Gateway

 The following new features for Azure VPN Gateway as generally available:

  • High availability for RADIUS servers in point-to-site VPN – This feature enables highly available configuration for customers using RADIUS/AD authentication for their point-to-site VPN.
  • Custom IPsec/IKE policy with DPD timeout – Setting IKE DPD (Dead Peer Detection) timeout allows customers to adjust the IKE session timeout value based on their connection latency and traffic conditions to minimize unnecessary tunnel disconnect, improving both reliability and experience. This feature brings the entire custom IPsec/IKE policy configuration experience to Azure Portal.
  • APIPA support for BGP speaker – This feature supports customers with legacy VPN routers and Amazon Web Service (AWS) VGW, Google Cloud Platform (GCP) VPN which use Automatic Private IP Addressing (APIPA) addresses as their Border Gateway Protocol (BGP) speaker IP addresses. Now they can establish BGP sessions with Azure VPN gateways using APIPA (169.254.x.x) addresses.
  • FQDN support for site-to-site VPN – This feature supports customer branches or locations without static public IP addresses to connect to Azure VPN gateways. Customers can now leverage dynamic DNS services and use their Fully Qualified Domain Name (FQDN) instead of IP addresses. Azure VPN gateways will automatically resolve and update the VPN target to establish IPsec/IKE connections.
  • Session management and revocation for point-to-site VPN users – Enterprise administrators can now list and revoke individual user connections to their VPN gateways from Azure Portal in real time, addressing a key management asks.

Azure Management services: what's new in November 2020

In November, Microsoft unveiled several news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released forLinux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of features for Azure Arc VMs. It also includes a new troubleshooting tool.

Availability in new regions

Azure Log Analytics is now available in the "Brazil Southeast" and "Norway East" regions. It is also available in preview in three new regions: “Germany West Central”, “UAE North”, and “Switzerland West”. To check the availability of the service in all the Azure regions you can consultthis document.

Virtual Machines Guest Health (preview)

The functionality Virtual Machines Guest Health allows you to monitor the health status of the CPU, disk and memory for a virtual machine and allows you to receive alerts for changes. Each monitor measures the health status of a particular component and the three states covered are: Healthy, Warning, and Critical. These states are defined based on the thresholds set by the user for each monitor. The functionality Virtual Machines Guest Health has a hierarchical model “father-son” where the overall integrity of the virtual machine is determined by the integrity of its individual monitors and corresponds to the monitor state “son” having the worst state of integrity.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Brazil Southeast”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Export and management of Azure Policies as code with GitHub

You can now export Azure policies to GitHub directly from the Azure portal, through the “Export definitions”. After exporting, you can use GitHub actions to create custom workflows for deploying policies from GitHub to Azure. For further information you can consult this documentation.

Azure Advisor

New recommendations

Azure Adivisor has added the following recommendations to help improve the reliability and performance of Azure resources.

Reliability:

Performance:

Protect

Azure Backup

Soft Delete for SQL Server and SAP HANA in Azure VMs

Azure Backup officially released thesoft delete also with regard to the SQL Server and SAP HANA protection on board Azure virtual machinesSoft delete is a security feature that allows you to protect your backups even after you delete it. Thanks toSoft delete, in the event that a backup is removed accidentally or for malicious actions, you are guaranteed that the backup data is still maintained for 14 days from the cancellation date. This feature, that doesn't include any additional costs, allows you to recover any backups removed within the retention period.

News in SAP HANA protection

Azure Backup makes it easy to back up and restore SAP HANA databases running on Azure virtual machines and is BackInt certified by SAP. With regard to the protection of SAP HANA, the following innovations have been introduced:

  • Support for SAP HANA incremental database backups (preview).
  • Azure Backup's SAP HANA backup uses a pre-registration script to create a HANA user to perform backup and restore operations, which has suffered significant updates about the permissions required by the user who is used to perform backups.

Long term protection for Azure PostgreSQL

Azure Backup provides the ability to keep Azure Database backups for PostgreSQL up to 10 years. To consult the advanced protection features of Azure PostgreSQL databases you can consult this article.

Azure Resource Manager template support for backing up Azure file shares

Azure Backup introduced the ability to configure backup protection for Azure file shares by using the Azure Resource Manager declarative template (ARM). With this new option, you can enable backup of Azure file shares through a specific JSON file that can be deployed through the Azure portal, Azure Powershell or with azure command-line interface.

Azure Site Recovery

DR for Azure VM: increased the maximum disk size

Azure Site Recovery now enables Disaster Recovery scenarios for virtual machines in Azure with managed disks up to 32 TB, replicated in a secondary region.

Migrate

Azure Migrate

PowerShell support for the Server Migrate tool

In Azure Migrate, thanks to the addition of a new PowerShell-based management interface for the Server Migrate tool, you can configure and manage server replication and migration to Azure using Azure PowerShell cmdlets. This allows you to perform migrations in a repeatable and automated way, being able to obtain greater scalability and speed in the migration processes.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Networking: new features to know to better design network architectures

Cloud solutions evolve very quickly and staying up to date is a key element in innovating and responding effectively to technological changes. With the change of pace imposed by the digital transformation, network infrastructures must also be increasingly efficient, flexible and able to best provide the services required by the company business. To modernize your Azure Networking design and implementation strategy, it is therefore important to evaluate how the various technologies evolve. This article describes the news recently released by Microsoft that may affect Azure networking design, with references to real use cases.

Azure Bastion and VNet peering

Azure Bastion is a PaaS service that provides secure and reliable RDP and SSH access to virtual machines, directly through the Azure portal. Azure Bastion service provisioning is done within an Azure Virtual Network and allows access without having to assign public IP addresses directly to systems.

The news is that Azure Bastion can now work in synergy with Virtual Network (VNet) peering. This means that it is possible to activate Azure Bastion on a specific VNet and the same service can also be used to connect to virtual machines attested on the VNet in peering with this.

Azure Bastion works both in the presence of network peering that connects VNets to the same Azure region, both with VNet peering type Global, that connect VNets located in different Azure regions. From the point of view of network architectures, this possibility opens up new possible scenarios. In the typical and widely used network model, defined hub-and-spoke, you have a virtual network in Azure of Hub which acts as a point of connectivity to the on-premises network and the virtual networks that perform peering with the Hub are definedspoke, useful for isolating workloads. By adopting this model it is possible to activate Azure Bastion on the network of Hub. In this way it will be possible to reach with a single Azure Bastion service also all the virtual machines distributed in the VNets of spoke.

Figure 1 – Azure Bastion in a hub-and-spoke architecture

The following diagram shows the Azure Bastion deployment in a hub-and-spoke network architecture where:

  • The Bastion host is activated in the Hub centralized virtual network.
  • Communications are allowed, per TCP port 3389 and 22, from the Azure Bastion subnet in the Hub virtual network, to the private IPs of the Spoke virtual networks.
  • No public IP is required to access virtual machines.

With this configuration, you can simplify your architecture and reduce Azure costs, as only one Azure Bastion service will be required for the entire hub-and-spoke network topology.

Furthermore, Azure Bastion can also be provisioned in full-mesh network topologies, obtaining the same experience of accessing systems in RDP / SSH for VMs attested on all virtual networks in peering.

Some observations are reported in this regard:

  • It is possible to have several Bastion hosts active simultaneously between virtual networks in peering. This can happen particularly during the transition period, when you want to consolidate several Bastion hosts according to the hub-and-spoke topology described above. In the presence of multiple Bastion hosts, when connecting, you will be offered to choose which Bastion host to use.
  • Azure Bastion currently supports peered virtual network scenarios only if they reside in subscriptions belonging to the same tenant.

Azure Firewall: new DNS settings

Azure Firewall is the firewall-as-a-service solution (FWaaS) present in Microsoft's public cloud, which allows you to secure the resources present in the Azure Virtual Networks and to govern the related network flows. Azure Firewall features have been enhanced by adding support for custom DNS and DNS proxy.

Custom DNS

By default Azure Firewall uses Azure DNS for name resolution. The ability to configure Azure Firewall to use specific DNS servers has now been included.

In the settings, you can configure a single DNS server or multiple DNS servers:

Figure 2 - Setting up custom DNS in Azure Firewall from the Azure portal

Azure Firewall can also perform name resolution by using Azure Private DNS. In this scenario it is required that the VNet within which Azure Firewall resides is connected to the Azure Private Zone.

DNS proxy

Azure Firewall can now be configured to play the role of DNS proxy. By enabling this new feature, you can configure the Azure Firewall private IP address as the DNS of the virtual network. In this way all DNS traffic is directed to Azure Firewall, which acts as an intermediary between the systems that make DNS requests and the DNS servers themselves, in this way avoiding possible inconsistencies in name resolutions if custom DNS are used.

When the Azure firewall acts as a DNS proxy, there are two types of caches:

  • Positive cache: DNS resolution is successful. In this case Azure Firewall uses TTL (time to live) of the package or object.
  • Negative cache: DNS resolution is not successful. In this case, the information is stored in the Azure Firewall cache for one hour.

Figure 3 - Configure Azure Firewall as a DNS proxy from the Azure portal

This feature allows you to evaluate a new usage scenario for Azure Firewall, very useful when you need to manage DNS resolution in the presence of Private link, the mechanism that allows you to establish a private connection to services in Azure.

Each Azure PaaS service that uses Azure Private Link is assigned a mapped FQDN and stored in an Azure Private DNS zone. Requests sent to Azure DNS Private Zones are routed to the platform IP 168.63.129.16, which can only be reached from within the Azure environment. For this reason, if the DNS request originates from on-premises systems (or in any case from outside Azure), it is necessary to activate a DNS proxy within an Azure virtual network connected to the on-premise environment. With this new Azure Firewall DNS proxy feature, you can manage this challenge of name resolution of PaaS servers using Private Link with the following steps:

  • The VNet within which Azure Firewall resides is connected to the Azure Private Zone.
  • Azure Firewall is configured to use the Azure default DNS and enable the DNS Proxy functionality.
  • You configure your local DNS server to conditionally forward requests to Azure Firewall for the requested zone name.

Azure Firewall: using FQDN filtering in network rules

In Azure Firewall Network Rules, you can now use fully qualified domain names (FQDN) based on Azure Firewall DNS resolution. This feature allows you to filter outbound traffic for any protocol TCP / UDP (NTP, SSH, RDP, etc.) and requires the DNS proxy functionality described in the previous paragraph to be active. Azure Firewall, when configured as a DNS proxy, stores all IP addresses resolved by the FQDNs used in the network rules. For this reason it is good practice to use FQDNs in the network rules as a best practice.

Azure Firewall, for both application rules and network rules, converts the FQDN into one or more IP addresses based on the selected DNS server (Azure DNS or custom DNS). When a new DNS resolution occurs, the new IP addresses are added to the firewall rules, IP addresses that are no longer returned by the DNS server have an expiration of 15 minutes. Azure Firewall Network Rules are updated every 15 seconds using DNS resolution. If you need to apply FQDN filters, it is still a good idea to always use the Azure Firewall application rules for HTTP / S or MSSQL protocols, while for all the remaining protocols it is possible to use both the application rules and the network rules.

New features for Azure VPN gateways

Following, are reported the new features that can be adopted in the presence of Azure VPN gateways:

  • High availability of RADIUS servers in point-to-site VPNs: this feature allows you to configure high availability for customers who use RADIUS / AD authentication for point-to-site VPNs.
  • Custom IPsec/IKE policies with DPD timeouts: the IKE DPD timeout setting (Dead Peer Detection) adjusts the IKE session timeout value based on connection latency and traffic conditions. This configuration is useful for minimizing tunnel disconnections, improving the reliability and user experience.
  • APIPA support for BGP speaker: this feature allows you to establish Border Gateway Protocol sessions (BGP), with Azure VPN gateways, using APIPA addresses (169.254.x. x). This feature is especially useful for customers with legacy VPN routers, Amazon Web Service (AWS) VGW, Google Cloud Platform (GCP) VPN that use APIPA addresses (Automatic Private IP Addressing) to announce BGP addresses.
  • FQDN support for site-to-site VPNs: this feature allows you to configure site-to-site VPN in the presence of devices that do not have static public IP addresses to connect to Azure VPN gateways. It is in fact possible to use the fully qualified domain name (FQDN) instead of IP addresses. Azure VPN gateway will be able to do DNS name resolution, automatically updating the destination to establish the VPN's IPsec / IKE connections.
  • Session management and user revocation for point-to-site VPNs: the ability to list and revoke individual user connections to VPN gateways is given, directly from the Azure portal and in real time.

Conclusions

There are several innovations recently released by Microsoft in Azure networking and it is advisable to carefully evaluate them to make an accurate design. In this way it will be possible to realize effective network architectures, optimizing costs and able to exploit all the potential offered by the Azure platform.

Azure IaaS and Azure Stack: announcements and updates (November 2020 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New SAP HANA Certified Memory-Optimized Virtual Machines

Microsoft is expanding SAP HANA certifications, enabling you to run production SAP HANA workloads on the Edsv4 virtual machines sizes.

Intel SGX based confidential computing VMs now available on Azure Dedicated Hosts

Azure Dedicated Host provides a single-tenant physical server to host your Azure Virtual Machines for Windows and Linux. The server capacity is not shared with other customers. You can now deploy DCsv2 Azure Virtual Machines to Dedicated Hosts. The DCsv2-series can help protect the confidentiality and integrity of your data and code while it’s processed in the public cloud. The new DCsv2_Type1 Dedicated Host SKUs feature the latest generation of Intel XEON E-2288G Processor with SGX technology. This new offering will enable you to build secure enclave-based applications to protect your code and data while it’s in use. Example use cases include confidential multiparty data sharing, fraud detection, anti-money laundering, blockchain, confidential usage analytics, intelligence analysis, and confidential machine learning.

New constrained vCPUs capable VMs

The Esv4, Edsv4, and Easv4 memory optimized Azure VM series now offer new constrained vCPU VM sizes. You can now take advantage of the latest generation Azure Virtual Machines for workloads that need high memory, storage, and I/O bandwidth, but not a high vCPU count. Several database workloads are not CPU-intensive and can benefit from these offerings.

SQL Server Reporting Services Virtual Machine images

Now in general availability, you have the option of migrating SQL Server Reporting Services workloads into Azure using pre-configured virtual machine images. This enables you to easily see your different virtual machine workloads and manage them. It can also help make your workloads more efficient and enables an easier onboarding experience to the cloud.

Storage

Azure File Sync agent v11.1

Improvements and issues that are fixed:

  • New cloud tiering modes to control initial download and proactive recall
    • Initial download mode: you can now choose how you want your files to be initially downloaded onto your new server endpoint. Want all your files tiered or as many files as possible downloaded onto your server by last modified timestamp? You can do that! Can’t use cloud tiering? You can now opt to avoid tiered files on your system. To learn more, see Create a server endpoint section in the Deploy Azure File Sync documentation.
    • Proactive recall mode: whenever a file is created or modified, you can proactively recall it to servers that you specify within the same sync group. This makes the file readily available for consumption in each server you specified. Have teams across the globe working on the same data? Enable proactive recalling so that when the team arrives the next morning, all the files updated by a team in a different time zone are downloaded and ready to go! To learn more, see Proactively recall new and changed files from an Azure file share section in the Deploy Azure File Sync documentation.
  • Exclude applications from cloud tiering last access time tracking
    • You can now exclude applications from last access time tracking. When an application accesses a file, the last access time for the file is updated in the cloud tiering database. Applications that scan the file system like anti-virus cause all files to have the same last access time which impacts when files are tiered. For more details, see the release notes.
  • Miscellaneous performance and reliability improvements
    • Improved change detection performance to detect files that have changed in the Azure file share.
    • Improved sync upload performance.
    • Initial upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
    • Sync reliability improvements for certain I/O patterns.
    • Fixed a bug to prevent the sync database from going back-in-time on failover clusters when a failover occurs.
    • Improved recall performance when accessing a tiered file.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

The agent version for this release is 11.1.0.0 and a restart may be required if files are in use during the agent installation. Installation instructions are documented in KB4539951.

Networking

New Azure Firewall capabilities

This new Azure Firewall capabilities will be generally available in Q4 CY2020:

  • Custom DNS: Allows you to configure Azure Firewall to use your own DNS server.
  • DNS Proxy capability: You can enable your Azure Firewall to act as a proxy for your DNS traffic. This is crucial for reliable FQDN filtering in network rules and provides DNS security through integration.
  • FQDN filtering in network rules: You can use this based on DNS resolution from Custom DNS or Azure DNS. This capability is recommended for protocols that are not supported with FQDN filtering in application rules today.

You can learn more about DNS Settings in this document.

How to optimize management and costs of Azure virtual machines with SQL Server

For virtual machines in Azure environment on which SQL Server is running, a new management mode has been introduced that makes the maintenance activities necessary to increase security easier, obtain cost benefits and optimize deployments. This article describes how to enable this new feature and explores the benefits that can be achieved.

Azure provides a wide range of fully managed SQL database services, modern and secure that can support different scenarios, like re-hosting, modernizing existing SQL Server workloads and developing new cloud applications.

Figure 1 - SQL Service family

Although the adoption of managed services leads to high benefits in terms of costs, management and scalability, IaaS virtual machines with SQL Server installed are often still required in the Azure environment. This scenario is also common when dealing with "lift and shift" migrations of virtual machines from the on-premises environment.

Figure 2 – Administration effort in Cloud migration scenarios

In order to optimize and automate management and administration tasks, it is possible to activate the new extension SQL Server IaaS Agent (SqlIaasExtension) on Azure virtual machines with SQL Server installed. By registering this extension from the Azure portal it will be possible to access the "SQL virtual machines" group of resources as well as the classic "Virtual machines".

The adoption of this extension is completely free and the data collection carried out is aimed exclusively at offering new features from the Azure portal. Collected data will not be used by Microsoft to perform license checks without the customer's prior consent.

How to activate this new management method?

The first step required to use the extension SQL Server IaaS Agent is to register the resource provider Microsoft.SqlVirtualMachine on the specific subscription. This provider offers to the extension the ability to create resources within that specific subscription.

Figure 3 – Resource provider registration

Once this operation has been completed, it is advisable to choose the management method to be adopted, among the following:

  • Lightweight mode: in this mode, the extension binary files are copied to the virtual machine, but no agent is installed and the SQL Server service running on the VM is not restarted. By adopting this mode, you can only change the type of license and the edition of SQL Server, in addition to having a limited set of management options. This is the default management mode when using the automatic registration feature which can be activated from the Azure portal or through manual registration.

Figure 4 – Auto-enrollment from the Azure portal

Figure 5 – Select the subscription during the automatic registration phase from the Azure portal

The adoption of this mode has no impact on the use of virtual machine resources in terms of memory and CPU and it is recommended to activate this mode before the full management mode (full mode).

  • Full mode: in this mode, it is planned to install the SQL IaaS Agent aboard the virtual machine and a complete management experience is provided. Activating this mode involves restarting the SQL Server service. Full mode specifically installs two Windows services that, from direct experience, can have an impact on memory and CPU usage that is not always negligible.
  • NoAgent Mode: this is the mode dedicated to installations of SQL Server 2008 and SQL Server 2008 R2 on board Windows Server 2008. For this mode there is no impact on the use of memory or CPU and it is not necessary to restart SQL Server.

Virtual machines with SQL Server that have registered the extension in "lightweight" mode can upgrade to "full" mode via the Azure portal, Azure command line or Azure PowerShell. There is no downgrade procedure, but to switch from "full" mode to "lightweight" mode it is necessary to unregister on the VM the extension SQL IaaS Agent.

When you activate a virtual machine with SQL Server by using the images available in the Azure Marketplace, the extension SQL Server IaaS Agent is automatically registered if the specific resource provider is active on the subscription.

For more details on the registration process and the commands that you can use, please refer to this Microsoft's document.

Features offered

The extension SQL Server IaaS Agent allows you to take advantage, direct from the Azure Portal, of the benefits listed below for virtual machines hosting SQL Server:

  • Management from the Azure portal: you can view and manage specific SQL-related features of all virtual machines with SQL Server on board, at a single centralized point in the Azure portal.

Figure 6 – SQL Server management using the SQL Server IaaS Agent extension

  • Backup management: it will be possible to schedule backups for databases by selecting various options such as backup encryption, the setting of the retention period, the backup of system databases and the configuration of a manual or automatic schedule. This feature is useful for SQL Server protection when you do not want to adopt a specific backup solution, but it is sufficient to back up the databases on the instance to a storage account.

Figure 7 – Manage SQL Server backups by using the SQL Server IaaS Agent extension

  • Patching management: you will be allowed to configure a maintenance window during which can be installed security updates, coming from Windows Update and classified as critical or important, of Windows and SQL Server.

Figure 8 – Patching by using the SQL Server IaaS Agent extension

  • Security aspects and Azure Key Vault integration: it will be possible to manage the port to connect to the SQL Server instance. Furthermore, you will be allowed to enable SQL authentication, specifying a particular login. If the SQL Server SKU supports it, it is also possible to install and configure integration with Azure Key Vault, to use data encryption features such as Transparent Database Encryption, Column Level Encryption and Always Encrypted.

Figure 9 – Manage security aspects and integration with Azure Key Vault by using the SQL Server IaaS Agent extension

  • Licensing management: it will be possible to easily change the way SQL Server is licensed, thus being able to obtain direct cost savings.

Figure 10 – Manage SQL Server licensing by using the SQL Server IaaS Agent extension

  • Flexible management of the version and of the edition: in case there is a need to change the version or edition of SQL Server, you can update the metadata within the Azure portal without having to redeploy the entire SQL Server VM.

Figure 11 – Manage the SQL Server edition by using the SQL Server IaaS Agent extension

  • Enabling R Services (Advanced analytics): if the system is used in Machine Learning, the possibility of installing this feature is provided, during SQL Server setup, to allow the execution of R scripts on the SQL Server virtual machine.

Figure 12 – Enable R Services by using the SQL Server IaaS Agent extension

  • Configure Always On availability group functionality: directly from the Azure portal it is possible to activate high availability and disaster recovery mechanisms by configuring the Always On availability group.

Figure 13 - Activation of the Always On availability group functionality through the SQL Server IaaS Agent extension

Conclusions

Thanks to the adoption of this recent extension SQL Server IaaS Agent, running SQL Server on board an Azure virtual machine allows you to take advantage of various additional features and to have an optimal management experience, similar to SQL Server managed service. All these features also allow for greater ease of use and important advantages in SQL Server management compared to implementations on on-premise virtual machines.

Azure IaaS and Azure Stack: announcements and updates (November 2020 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Microsoft plans to establish new cloud datacenter region in Austria

Microsoft announced intent to build a new datacenter region in Austria. The announcement also included details around establishment of a new Center of Digital Excellence in Austria, as well as a digital skilling initiative targeted at reaching approximately 120,000 Austrians by 2024.

Microsoft to establish its first datacenter region in Taiwan

Microsoft has announced plans to build a new datacenter region in Taiwan, along with a skilling initiative for over 200,000 people in Taiwan by 2024. The new region will also include Availability Zones, building on Microsoft’s 30+ year history in Taiwan.

Microsoft Cloud for Healthcare (generally available)

Microsoft Cloud for Healthcare is now generally available. This integrated solution enables customers to quickly access a portfolio of released and new healthcare capabilities tailored to the unique requirements of health data in the cloud. It unlocks the power of Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform, and our ecosystem of partner healthcare solutions to create trusted, end-to-end cloud-based solutions. Healthcare organizations can engage in more proactive ways with patients and give caregivers tools to improve workflow efficiency and streamline interactions. Microsoft Cloud for Healthcare will make it easier for healthcare organizations to remain agile and focus on what they do best delivering better experiences, insights, and care. For more information on general availability read this page.

New VM series supported by Azure Batch

Use Azure Batch to run large-scale parallel and high-performance computing (HPC) batch jobs in Azure. The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:

  • Dav4, Dasv4
  • Ddv4, Ddsv4
  • Eav4, Easv4
  • Edv4, Edsv4
  • E64iv3
  • Mv2
  • NVv4

Azure SQL Virtual Machines with SQL Server IaaS Agent extension

Registering your SQL Server Virtual Machine images in Azure Marketplace and extracting the total value from your Azure IaaS data estate is now easier with the SQL Server IaaS Extension now in general availability. Previously, in order to enjoy the full scope of cost saving and manageability features offered on Azure SQL Server Virtual Machines, you had to run a complicated script that required a large portion of time. Now you can simply tick a consent checkbox and allow Microsoft to automatically register all existing and future SQL Server Virtual Machines in your subscription. Access a number of features designed to save you money and increase manageability by providing a PaaS-like service while still maintaining the ability to customize your data estate that is integral to any IaaS service.

Storage

Soft delete for Azure file shares is now generally available in all regions

Soft delete acts like a recycle bin for your file shares, protecting your Azure file shares from accidental deletion. Now when a file share is deleted, it transitions to a soft deleted state in the form of a soft deleted snapshot. You get to configure how long soft deleted data is recoverable for before it is permanently erased. In January 2021, soft delete will be enabled by default for all new storage accounts with a default retention period of 7 days. Settings for existing storage accounts will not change.

Azure Blob storage lifecycle management supports blob versions management

Azure Blob storage lifecycle management now supports blob versions. Microsoft recommends using blob versioning to maintain previous versions of a blob for data protection. When blob versioning is enabled for a storage account, Azure Storage automatically creates a new version of a blob each time that blob is modified or deleted. You can use lifecycle management to automatically transition old blob versions to a cooler storage tier (hot to cool, hot to archive, or cool to archive) or delete old blob versions to optimize for cost. The lifecycle management feature is free of charge. Customers are charged the regular operation cost for the Set Blob Tier API calls. Delete operation is free. For more information about pricing, see Block Blob pricing.

Policy to control the minimum TLS version used with Azure Storage

Azure Storage now offers administrators the flexibility to specify the minimum version of TLS that a client application must use to communicate with a storage account. Microsoft recommends that you follow a DRAG (Detection-Remediation-Audit-Governance) framework to continuously manage secure TLS for your storage accounts.

Networking

New features for Azure VPN Gateway (preview)

Microsoft is announcing the following new features for Azure VPN Gateway in public preview:

  • High availability for RADIUS servers in point-to-site VPN – This feature enables highly available configuration for customers using RADIUS/AD authentication for their point-to-site VPN.
  • VPN over ExpressRoute private peering – For customers such as those in financial and health industries, double encryption over both their private WANs and Azure WAN is a key compliance requirement. VPN over ExpressRoute private peering allows customers to use IPsec tunnels over their ExpressRoute private peering to satisfy this need.
  • Custom IPsec/IKE policy with DPD timeout – Setting IKE DPD (Dead Peer Detection) timeout allows customers to adjust the IKE session timeout value based on their connection latency and traffic conditions to minimize unnecessary tunnel disconnect, improving both reliability and experience. This feature brings the entire custom IPsec/IKE policy configuration experience to Azure Portal.
  • APIPA support for BGP speaker – This feature supports customers with legacy VPN routers and Amazon Web Service (AWS) VGW, Google Cloud Platform (GCP) VPN which use APIPA addresses as their BGP speaker IP addresses. Now they can establish BGP sessions with Azure VPN gateways using APIPA addresses.
  • FQDN support for site-to-site VPN – This feature supports customer branches or locations without static public IP addresses to connect to Azure VPN gateways. Customers can now leverage dynamic DNS services and use their FQDNs instead of IP addresses. Azure VPN gateways will automatically resolve and update the VPN target to establish IPsec/IKE connections.
  • Session management and revocation for point-to-site VPN users – Enterprise administrators can now list and revoke individual user connections to their VPN gateways from Azure Portal in real time, addressing a key management asks.

Azure Management services: what's new in October 2020

In October, Microsoft announced a considerable number of news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released for Linux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of the features for Azure Arc VMs. Also included is support for Python 3 and a new troubleshooting tool.

Monitor Azure Arc-enabled Kubernetes environments

Azure Monitor for Containers now extends support by contemplating alerts related to metrics of azure arc-enabled kubernetes environments. These metric alerts enable an effective monitor of system resources. To see the list of alerts available for Azure Arc-enabled Kubernetes clusters, please consult this document.

Azure Monitor for containers: Network Policy Manager support (Preview)
It is now possible to monitor the networking of AKS clusters using Network Policy Manager (NPM). In this way Azure monitor for containers will collect the metrics and report any anomalies in the configuration or in the performance of the network.

Azure Monitor for containers: persistent volume monitoring support (PV)

Azure Monitor for containers is now able to monitor the capacity of the persistent volume (PV) connected to the AKS cluster, collecting capacity metrics for all PVs, except for kubesystemnamespace.

Azure Monitor Log Analytics data export (preview)

This feature allows you to continuously export data that resides in certain tables in a Log Analytics workspace to an Azure storage account (every hour) or to Azure Event Hub (almost in real time). When exporting to a storage account, each table is stored in a separate container. Similarly, when you export to event hub, each table is exported to a new event hub instance. There is currently no method for filtering data and limiting the export of only certain events. By adopting this feature you can take advantage of the following benefits:

  • Low cost data retention
  • Easier compliance when data retention is required for an extended period of time
  • Integration with third-party solutions such as Azure Data Lake and Splunk
  • Low-latency export to Event Hub, enabling near real-time monitoring and alerts

Availability in new regions (preview)

Azure Log Analytics is now available in preview in the region of “Brazil Southeast” and “Norway East”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Switzerland North”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Added support for keys, secrets, and certificates in Azure Policy for Key Vault

Azure Policies for Key Vault allow you to control secrets, keys, and certificates stored in the key vault to ensure that set compliance requirements are met. Any secrets, keys, or certificates that do not meet the requirements will appear as non-compliant in the policy compliance dashboard. Furthermore, you can set deny policies to prevent users from creating or importing objects into the key vault that do not comply with the policies that you set. Compliance results can also be published in Azure Security Center.

Azure Cost Management

Azure Cost Management + Billing updates

During this month, news was announced regarding the following areas of Azure Cost Management and Billing:

Azure Advisor

New recommendations

The following recommendations have been added in Azure Adivisor to improve resource performance:

  • Use the Accelerated Writes feature in your HBase cluster
  • Review Azure Data Explorer table cache-period (policy)
  • Optimize MySQL temporary-table sizing
  • Distribute data in server group to distribute workload among nodes

For further information you can consult this article.

Furthermore, to improve the operation of the Azure environment, the following recommendations have been included:

  • Ensure that at least one host pool is Validation Environment enabled
  • Make sure not too many host pools have Validation Environment enabled
  • Use Traffic Analytics to view insights into traffic patterns across Azure resources

More details are available in this article.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 51 which solves several issues and introduces support for the following Linux distributions: SUSE 15 SP2, RHEL 7.9 e Cent OS 7.9. The related details and the procedure to follow for installation can be found in specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Migrate: how to evaluate your VMware environment to address workloads migration to Azure

The digital transformation process that affects companies often involves the migration of workloads hosted in their data centers to the cloud to obtain better results in terms of governance, security and cost efficiency. The innovation of migrating to the cloud frequently becomes a business priority to the point that this process is no longer a matter of "if" or "when", but the real question now is "how" to deal with this migration? In this regard, Microsoft has developed the Azure Migrate solution that allows you to deal with the most common migration scenarios reducing complexity and costs. This article describes in detail how it is possible to discover and assess virtual machines hosted in a VMware environment with Azure Migrate, so you can better address the migration path.

Azure Migrate Overview

Azure Migrate structure the process of migration in different phase: discovery, assessment, and migration. These three steps fall under the Microsoft Cloud Adoption Framework for Azure which, on the path to adopting cloud solutions, defines six main stages that apply to most organizations:

  • Strategy: defines the "business justification" and the expected results.
  • Plan: aligns the cloud adoption plan with business results.
  • Ready: Prepare your cloud environment for the changes you want.
  • Adopt: implements the changes you want in your IT and business processes.
    • Discovery, assessment, and migrating with Azure Migrate are part of this phase
  • Manage: implements basic operational guidelines and best practices.
  • Govern: evaluates and implements best practices in governance.

The Azure Migrate Hub provides all the tools to perform, monitor and analyze your migration path to Azure. This approach provides an integrated experience that provides continuity and provides an overall view of the migration process.

Figure 1 – Overview of Azure Migrate

Azure Migrate Hub includes Azure services and third-party solutions to address different migration scenarios:

  • Windows and Linux servers
  • SQL and non-SQL databases
  • Web apps
  • Virtual desktop infrastructure
  • Data

Discovery and assessment for VMware environments

The process of discoverying the VMware environment through Azure Migrate can generate a large amount of information, useful for assessing the status of workloads. The assessment process carries out an assessment of the environment and is able to answer critical questions such as:

  • Your virtual machine is ready to run in azure environment?

Azure Migrate reports if there are configurations that are not suitable for Azure, for example the operating system version or disk size are not supported. It also provides recommendations on how to correct these situations to avoid problems with the migration.

  • What size should the VM in Azure have?

Most organizations want to know the size of the virtual machine in Azure in advance to efficiently perform the workload, as sizing helps predict costs. Azure Migrate eliminates the need for calculations and translates CPUs, disk and memory of an on-premises system in an equivalent environment in Azure. The service recommends a specific virtual machine size and disk type based on the performance data collected.

  • How much will it cost to run in Azure?

Azure Migrate provides an estimate of the monthly costs of running servers in Azure.

  • Which applications are running on the system and their dependencies?

Thanks to Server Assessment it is possible to analyze cross-server application dependencies and consequently optimize strategies for interdependent movement of servers to Azure. Dependency identification can be performed with agents installed on each virtual machine or in VMware environments it can be performed without agents. When you use the agent-based solution, data is sent to Azure Log Analytics so you can analyze it in great detail to find hidden dependencies that might otherwise escape detection.

To start this VMware environment discovery process, you need to create a new Azure Migrate project, in the "servers" section:

Figure 2 – Creating an Azure Migrate project

After assigning it a name and defining in which geographical area of ​​Azure the metadata sent should reside, it is advisable to choose the tool to carry out the assessment. In this case we have chosen to adopt the Microsoft solution Server Assessment, but you can also adopt solutions from other vendors.

Figure 3 – Choice of the tool to carry out the assessment

In a similar way, it is also possible to choose the tool to be used to perform the migration.

At this point you can start the discovery process.

Figure 4 – Initiation of the discovery process

To identify the servers and workloads to be evaluated, you can import the Azure Migrate appliance into your local environment or use a manual method by importing a CSV file.

In the case of use of the appliance, the process can be summarized with the following steps:

Figure 5 – Discovery and assessment process of VMware environments

The activation of the Azure Migrate appliance for VMware environments is documented in this Microsoft article. After completing the deployment of the OVA template, you need to continue with the following steps.

Figure 6 – Configuring prerequisites

The appliance needs to be registered to the Azure Migrate project created in its subscription. To do this you need to enter a key generated directly from the Azure portal.

Figure 7 – Appliance registration

At the end of the registration it is necessary to provide the vCenter credentials, useful for discovering VMware virtual machines, and details to connect to the vCenter server. Furthermore, you can specify the credentials to use to detect installed applications and various dependencies, all in agentless mode. For further details please visit the Microsoft-specific documentation.

Figure 8 – Managing VMware credentials and sources

At the end of the discovery process it is possible to consult the data collected by the Azure portal.

Figure 9 – Server discovery

The next step involves the creation of the assessment process, going to define the properties according to your needs.

Figure 10 – Properties of the assessment process

Following, you must specify the systems that you intend to migrate, that will be the subject of the assessment.

Figure 11 – Selection of the machines on which to carry out the assessment

The assessment process, if based on performance data collected by the Azure Migrate virtual application, has a level of reliability expressed with a degree of confidence from 1 to 5.

Figure 12 – Assessments carried out and levels of reliability

The assumed sizing for Azure systems is calculated by examining the performance collected in the previous days, in particular:

  • RAM and CPU usage
  • IOPS and throughput for each disk connected to the virtual machine.
  • Network I/O to manage performance-based sizing for each network adapter connected to a virtual machine.

For more information on the assessment process, please consult this Microsoft's document.

The outcome of the assessment can be consulted directly from the Azure portal, where you can also download an Excel sheet with its details.

Figure 13 – Assessment details

For each system it is also possible to explore the various application dependencies:

Figure 14 – Application dependencies of a single server

All application dependencies discovered by Azure Migrate can also be exported from the Azure portal to an Excel sheet.

Conclusions

Easily move VMware workloads to Azure is an increasingly felt need in order to increase productivity thanks to greater elasticity and scalability offered by the public cloud. Using Azure Migrate, you can easily and accurately complete the discovery and assessment phases of your VMware environment. These phases are of fundamental importance in order to face the process of migrating VMware application workloads to Azure in the best possible way.

Azure IaaS and Azure Stack: announcements and updates (October 2020 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New cloud datacenter region in Greece

Microsoft has announced plans build its newest datacenter region in Greece. This announcement will also encompass a skilling initiative which will reach a minimum of 100,000 people in Greece, as well as an AI for Cultural Heritage initiative, which will digitize 3D video from the Ancient City of Olympia. The new region is anticipated to include Microsoft Azure, with Microsoft 365, Dynamics 365 and Power Platform to follow.

New Azure Spot Virtual Machines features

In the Azure portal, you can now access the spot price and the eviction rate for the past 28 trailing days for the specific Spot VM you intend to deploy. These new capabilities will enable you to derive estimates about the probability that your workloads will be evicted while providing insights regarding the cost of running interruptible workloads using Spot VMs.

Azure Virtual Machines DCsv2-series expanding within Europe, United Kingdom and United States

Confidential computing DCsv2-series virtual machines (VMs) are now available in North Europe, UK West and US West. Customers in Europe, United Kingdom and United States now have disaster recovery capabilities available. These VMs are backed by the latest generation of Intel XEON E-2288G processor with Software Guard Extensions (SGX) technology, and with the Intel Turbo Boost Technology these machines can go up to 5.0 GHz. Use the DCsv2-series instances to build secure, enclave-based applications to protect your code and data while it’s in use.

Azure DevTest Labs: network isolated lab

An Azure Virtual Network helps ensure that private network traffic is logically isolated from outside traffic. Each lab can be configured with an Azure network to ensure virtual machines and environments created within are isolated from unwanted traffic and follow enterprise networking policies. Lab owners can also now create a network isolated lab. This means, alongside isolating lab virtual machines and environments to a selected network, lab owners can also isolate the lab storage account and key vaults created for certain lab operations. Learn more about how you can create an isolated network lab.

Azure DevTest Labs: available in more regions

Azure DevTest Labs is now available in the UAE North, Germany West Central and Norway East regions. The support includes full Azure DevTest Labs capabilities.

Storage

Azure NetApp Files Manual QoS Capacity Pool (preview)

Microsoft is introducing Azure NetApp Files (ANF) manual quality of service (QoS) capacity pool, which is a new type of capacity pool that allows you to assign the capacity and throughput for a volume independently. The total throughput of all volumes created with a manual QoS capacity pool is limited by the total throughput of the pool. The total throughput of the pool is determined by the combination of the pool size and the service-level throughput. Find more details in the ANF user documentation.

Azure Blob: Soft Delete for Containers preview region expansion

Soft delete for containers expands upon Azure Blob Storage’s existing capabilities such as blob versioning, soft delete for blobs, account delete locking, and immutable blobs, making our data protection and restore capabilities even better. When container soft delete is enabled for a storage account, any deleted container and their contents are retained in Azure Storage for the period that you specify. During the retention period, you can restore previously deleted containers and any blobs within them. Microsoft is expanding the public preview to all public Azure regions. There is no additional charge to enable container soft delete. Data in soft deleted containers is billed at the same rate as active data.

Azure Files premium tier is now available in more regions with LRS, ZRS, and NFS support

Azure Files premium tier storage offers highly-performant, highly available file services, that is built on solid-state drives (SSD). Premium tier is optimized to deliver consistent performance for IO-intensive workloads that require high-throughput and low latency. More Azure Files premium tier regions, more premium files regions with locally redundant storage (LRS), zone redundant storage (ZRS) support, and Network File System (NFS 4.1) public preview support. Stay up to date on the premium tier region availability through the Azure region availability page.

Networking

Standard Load Balancer and Public IP addresses support resource group move

Standard Load Balancers and Standard Public IP addresses now support being moved across resource groups within the same subscription. Moving a resource only moves it to a new resource group. It doesn’t change the location of the resource or the subscription. Moving Standard Load Balancers and Public IP addresses across resource groups is supported in all Azure public cloud regions.