Category Archives: Datacenter Management

Azure IaaS and Azure Local: announcements and updates (December 2024 – Weeks: 49 and 50)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

ItalyNorth: New Services Available

The ItalyNorth cloud region has expanded its service offerings with the availability of Azure vNet Data Gateway and Azure AI Computer Vision. Additionally, vNet Data Gateway for Microsoft Fabric is now available in this region, empowering organizations to integrate and manage their data flows efficiently.

Microsoft Azure Now Available from New Cloud Region in New Zealand

Microsoft has announced the general availability of its first cloud region in New Zealand. Equipped with Azure Availability Zones, this new region provides global organizations with access to scalable, highly available, and resilient Microsoft Cloud services. This initiative underscores Microsoft’s commitment to supporting digital transformation and sustainable innovation in the country. The New Zealand region connects to the world’s largest and most trusted cloud infrastructure, offering the highest standards of security, privacy, and regulatory-compliant data storage.

Storage

Storage Account Default Maximum Request Rate Limit Increased to 40,000 Requests Per Second

Microsoft has increased the default maximum request rate for general-purpose v2 and Blob storage accounts to 40,000 requests per second in several regions, doubling the previous limit of 20,000 requests per second. This enhancement ensures that businesses can manage higher workloads with improved efficiency and scalability.

Enhancements on Elastic SAN: Resiliency, Scalability, and AVS Integration

Elastic SAN has received significant enhancements, including improved resiliency, scalability, and integration with Azure VMware Solution (AVS). A newly published availability Service Level Agreement (SLA) offers peace of mind for mission-critical workloads. Additionally, CRC32C checksum verification has been introduced, enabling customers to ensure data integrity. If enabled on the client side, connections without CRC32C verification will be rejected, preventing accidental errors during communication or storage. Elastic SAN is now generally available as a fully managed, VMware-certified SAN integrated with AVS. This solution provides massive scalability, redundancy, and cost efficiency, enabling AVS customers to deploy workloads with varying performance and reliability needs. It also supports use cases like backup, disaster recovery, and capacity-intensive workloads, offering a robust and extensible storage solution at a low total cost of ownership.

Azure Local

Azure Local Clustering Updates

Rack Aware Cluster (Preview)

Azure Local 23H2 introduces Rack Aware Clusters for short-distance setups. These clusters span two racks within a Layer-2 network, offering fault isolation and efficient storage. Supporting up to eight nodes, this scalable solution is ideal for edge locations and is set for general release in 2025.

Long-Distance Disaster Recovery

Azure Site Recovery enables disaster recovery by replicating Azure Local VMs to Azure. Hyper-V Replica supports replication to secondary sites for workloads that cannot utilize the cloud.

Transitioning from Stretched Clusters

Stretched Clusters from version 22H2 are not supported in 23H2 and beyond. However, clusters can remain supported by upgrading the operating system to version 23H2, providing time to transition to new solutions.

Windows Server 2025 Options

Windows Server 2025 introduces hybrid cloud capabilities and replication technologies like Hyper-V Replica and Storage Replica, enabling tailored disaster recovery solutions with enhanced flexibility.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Local: announcements and updates (November 2024 – Weeks: 47 and 48)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Local, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Managed Grafana Now Available in ItalyNorth

Azure Managed Grafana is now available in the ItalyNorth region, bringing the powerful visualization and analytics capabilities of Grafana closer to businesses in this area. This service enables users to monitor and analyze their Azure and hybrid environments seamlessly through an integrated, fully managed Grafana experience. With this expansion, organizations can leverage a locally hosted solution, ensuring lower latency and adherence to regional compliance requirements.

Compute

New Da/Ea/Fav6 Series AMD-Based Virtual Machines

Microsoft has announced the general availability of the Da/Ea/Fav6 series AMD-based virtual machines (VMs). These VMs include the Dasv6 and Dalsv6 general-purpose series, the Easv6 memory-optimized series, and the compute-optimized Falsv6, Fasv6, and Famsv6 series. They deliver significant performance and price-performance improvements over previous AMD-based VM generations, making them ideal for workloads like data analytics, web and application servers, databases, and caches.

Key advancements in these VMs include the integration of NVMe interfaces for local and remote disks, leading to:

  • 80% better remote storage performance,
  • 400% faster local storage speeds,
  • 20% networking bandwidth improvement,
  • 45% higher NVMe SSD capacity per vCPU for local-disk configurations.

These enhancements ensure superior performance and scalability for a wide range of enterprise needs.

Networking

Copilot in Azure: Embedded Experience for Azure Firewall Integration in Security Copilot

The integration of Azure Firewall with Security Copilot has been enhanced, offering a streamlined embedded experience for detailed threat analysis directly in the Azure portal. This feature enables analysts to investigate malicious traffic intercepted by the IDPS (Intrusion Detection and Prevention System) feature of Azure Firewall using natural language queries.

Key capabilities now accessible via the Azure portal include:

  • Retrieving the top IDPS signature hits for an Azure Firewall.
  • Enriching the threat profile of an IDPS signature beyond log information.
  • Searching for specific IDPS signatures across tenants, subscriptions, or resource groups.
  • Generating recommendations to secure environments using Azure Firewall’s IDPS feature.

These advancements simplify threat analysis and provide actionable insights to bolster security postures.

Azure Bastion Premium

Azure Bastion Premium is a new SKU designed to meet the needs of customers managing highly sensitive virtual machine workloads. This premium offering enhances security by ensuring private connectivity and enabling monitoring for potential anomalies in virtual machine sessions.

Key features introduced with Azure Bastion Premium include:

  • Session Recording: Record all virtual machine sessions connected via Bastion, allowing for graphical session playback for auditing and compliance.
  • Private Endpoint Connectivity: Securely connect to Bastion via a private endpoint to further isolate network traffic.

These features provide an elevated level of security and monitoring for critical workloads, ensuring compliance and operational integrity. For more details, refer to the guides on configuring session recording and private endpoint connectivity.

Azure Virtual Network Now Supports Configuration of Private IP Address Blocks on Network Interfaces (preview)

Azure Virtual Network has introduced support for configuring private IP address blocks on network interfaces, increasing the number of usable private IP addresses by up to 16 times. Network interfaces now support the configuration of one primary and multiple secondary IP configurations, with each secondary configuration capable of assigning a /28 CIDR block of private IPv4 addresses. This provides 16 usable IP addresses per configuration. This enhancement is particularly beneficial for scenarios such as deploying a large number of Kubernetes (K8s) containers in a virtual network, enabling seamless routing between virtual machines (VMs) and K8s containers. To learn more about configuring private IP address blocks on network interfaces, refer to the documentation: Assign private IP address prefixes to virtual machines.

Fallback to Internet on Private DNS Zones (preview)

The fallback to internet on Private DNS Zones is a new feature in preview that unlocks the adoption of fully managed solutions for network isolation and simplifies scenarios involving Private Link and Private DNS. This feature enables public recursion to occur when an authoritative NXDOMAIN response is received from Private DNS Zones, removing the need for IaaS-based DNS servers.

With this capability, customers can now implement a fully managed native solution for Private Link and Private DNS adoption. The feature can be enabled at the virtual network link level via the API, CLI, or PowerShell, with portal support expected within two weeks. Users can activate the fallback option by selecting Enable fallback to internet in the virtual network link configuration.

DNS Security Policy (preview)

The DNS security policy is now in public preview, introducing enhanced visibility and control over DNS traffic at the virtual network (VNet) level. This feature allows logs to be sent to a storage account, log analytics workspace, or event hubs, and offers DNS filtering capabilities to allow, alert, or block name resolutions based on domain lists. The general availability version will incorporate threat intelligence feeds to block known malicious domains.

Key features of the DNS security policy include:

  • DNS Traffic Rules: Rules to allow, block, or alert based on priority and domain lists.
  • Virtual Network Links: A single policy can be linked to multiple VNets within the same region.
  • DNS Domain Lists: Location-based lists of domains for targeted filtering.

The feature is accessible through API, CLI, and PowerShell, with portal availability expected within two weeks.

Azure DNS Now Supports DNSSEC (preview)

Azure DNS has introduced support for DNSSEC (Domain Name System Security Extensions) in public preview, significantly enhancing the security of domain name systems in the Azure public cloud. This feature ensures the integrity and authenticity of DNS data by verifying DNS responses against signatures, protecting against attacks such as cache poisoning and man-in-the-middle.

Key Benefits of DNSSEC:

  • Enhanced Security: Prevents DNS response manipulation, ensuring users are directed to legitimate destinations.
  • Data Integrity: Verifies that DNS data has not been altered in transit by signing responses.
  • Trust and Authenticity: Establishes a chain of trust from the root DNS servers to your domain.

DNSSEC is now available via API, CLI, and PowerShell, with portal support expected in the coming weeks. For further details, refer to the Azure DNSSEC documentation.

Network Security Perimeter (preview)

The Network Security Perimeter feature, now in preview, provides a robust solution to restrict access to resources within a defined perimeter while permitting public traffic through explicitly configured inbound and outbound access rules. This capability enhances security and simplifies the management of PaaS resources.

With Network Security Perimeter, administrators can:

  • Create secure boundaries around PaaS resources.
  • Prevent data exfiltration by associating PaaS resources with the perimeter.
  • Define and manage access rules for traffic outside the secure perimeter.
  • Consolidate access rule management for all PaaS resources within a single interface.
  • Enable diagnostic settings to generate access logs for auditing and compliance.
  • Allow private endpoint traffic without requiring additional access rules.

This feature streamlines the administration of secure environments while maintaining flexibility for specific access needs.

Web Application Firewall (WAF) Running on Application Gateway for Containers (preview)

Azure’s Application Gateway for Containers now supports Web Application Firewall (WAF) in private preview, offering centralized security for Azure Kubernetes Service (AKS) environments. WAF’s Default Ruleset protects against a wide range of attacks and exploits, including:

  • Cross-site scripting (XSS),
  • SQL injection,
  • PHP and Java injection,
  • Local and remote file inclusion,
  • Remote command execution,
  • Protocol attacks, and
  • Session fixation vulnerabilities.

Additionally, the WAF includes bot manager rulesets to safeguard against malicious bot activities. This comprehensive protection empowers AKS users to defend their applications and services against evolving threats while leveraging the scalability of containerized architectures.

Storage

Azure NetApp Files Cool Access Feature Support with Large Volumes

Azure NetApp Files now supports the cool access feature for large volumes, marking its general availability. This capability enables the tiering of infrequently accessed data on large volumes (ranging from 50 TiB to 1 PiB, and up to 2 PiB on request) to a lower-cost storage tier while maintaining seamless integration with standard, premium, and ultra storage service levels.

The cool access feature allows organizations in industries like Oil & Gas, Manufacturing, and Healthcare to optimize costs by transitioning inactive data to more affordable storage tiers. This integration is especially valuable for large-scale workloads requiring compliance or ongoing business processes, offering significant cost savings and operational efficiency. This feature is available in Azure NetApp Files regions that support large volumes.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in November 2024

This month, thanks in part to the Microsoft Ignite event, significant updates have been announced for Azure Management Services. Through this series of monthly articles, we aim to provide an overview of the most relevant news, keeping you informed about these developments and offering essential information to explore these topics further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Govern

Azure Cost Management

Updates for Microsoft Cost Management

Microsoft continually strives to improve Microsoft Cost Management, a solution designed to provide greater visibility into cloud spending, identify and prevent incorrect spending patterns, and optimize costs. This article highlights some of the latest enhancements and updates to this solution, including:

Exports to Microsoft Fabric (preview): With a new connection to Microsoft Fabric, users can export cost and pricing datasets directly into OneLake. This feature simplifies data integration into the Fabric system, eliminating the need for manual transfers from storage accounts.

Azure OpenAI Cost View: Managing Azure OpenAI Service costs is now easier with a new integrated view in Cost Analysis. This feature allows users to:

  • View execution costs for OpenAI models over specific periods.
    • Include costs of reserved purchases within the selected subscription.
    • Access the new view quickly under “Smart Views” in Cost Analysis.

Cost Simulations with Copilot: Azure Copilot now includes cost estimates for OpenAI deployments based on tokens. For example, users can simulate scenarios like a 15% increase to predict cost impacts, helping with better budget management.

Copilot-Cost Analysis Integration: The Copilot experience for Cost Management is enhanced with Cost Analysis integration in generated responses. Using the “View in Cost Analysis” button, users can:

  • Access a custom view based on their request.
  • Analyze costs with specific parameters.
  • Share the view with their team and set up email alerts.

Secure

Microsoft Defender for Cloud

AI Security Posture Management for Multicloud Environments

Microsoft Defender for Cloud expands its capabilities to manage the security of generative AI models. New features include:

  • Extended Support for Amazon Bedrock: Enables deep discovery of AWS AI technologies, including new recommendations and attack paths to enhance security.
  • AI Grounding Data Insights: Provides detailed analysis of datasets used for AI models, identifying associated risks and offering tools for vulnerability prioritization.

These capabilities ensure robust security for AI models, improving data governance and reducing associated risks.

Enhanced Container Security Features (preview)

In addition to existing container capabilities, significant new features include:

  • Detection and Response to Suspicious Activity: Defender for Cloud allows custom queries to detect anomalous behavior, improving runtime vulnerability management.
  • Rapid Containment: Enables limiting communication between pods or isolating networks to prevent unauthorized access to sensitive data.
  • AI Support for SOC: AI provides guided remediation, assisting security teams with step-by-step instructions to resolve incidents efficiently, even with limited expertise.

These features represent a further step toward comprehensive container protection.

API Security Enhancements with Microsoft Defender for Cloud (preview)

Microsoft Defender for Cloud introduces advanced features to enhance API security, addressing the growing importance of these interfaces in modern application models. New capabilities include:

  • Native Integration with CSPM: Provides complete API visibility through Azure API Management, mapping both front-end and back-end elements for holistic risk management.
  • API Data Classification: Now includes query strings and URL path parameters, supporting in-depth analysis and triage of data in transit.
  • Security Recommendations: Highlights exploitable attack paths, providing specific context for data exposure scenarios.

These features help organizations mitigate API risks and strengthen application security posture.

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, you can refer to this page, which provides information about new features, bug fixes, and deprecated functionalities.

Protect

Azure Backup

Regional Disaster Recovery with Azure Backup for AKS

Azure announces the availability of Vaulted Backup support for Azure Kubernetes Service (AKS), an important innovation that ensures protection, compliance, and resilience for cloud-native applications against regional disasters.

Key benefits for Azure customers:

  • Cross-Regional Recovery: The Cross-Region Restore functionality enables critical failover, ensuring business continuity and compliance with disaster recovery regulations.
  • Regulatory Compliance: Support for long-term retention (LTR) of data for up to 10 years, adhering to major global compliance frameworks.
  • Enhanced Security and Resilience: With immutable vaults and role-based access control, backup data is protected from ransomware and unauthorized access.

With the GA support for AKS Vaulted Backup, Azure Backup simplifies compliance, improves resilience, and strengthens the security of cloud-native environments.

Default Security with Soft Delete in Azure Backup (Preview)

Azure Backup introduces soft delete functionality, a default-enabled security measure that allows deleted backup data to be recovered for a period of 14 days. By enabling soft delete at the vault level, Azure provides default protection for all customers, preventing accidental or intentional data loss.

Immutable WORM Storage for Backups in Recovery Services Vaults (Preview)

Azure Backup introduces immutable WORM (Write Once, Read Many) storage for backups in Recovery Services Vaults. Once immutability is enabled and activated, Recovery Points cannot be deleted or have their retention periods reduced before expiration.

Key features:

  • Meets compliance requirements with immutable storage.
  • Applicable to both existing and new vaults with locked immutability.
  • Currently available in preview in limited regions.

This feature ensures advanced protection for backup data, reducing the risk of tampering and meeting regulatory compliance needs.

Migrate

Azure Migrate

New Capabilities of Azure Migrate for Hybrid Cloud Migration and Management

Azure Migrate introduces advanced tools to support the planning and management of migrations to Azure and hybrid environments. Customers can now create a detailed business case to compare the Total Cost of Ownership (TCO) of on-premises workloads versus Azure, as well as view annual financial analyses during the transition process.

Key updates:

  • Azure Arc Value Assessment: Customers can compare the current TCO of on-premises environments with the estimated TCO using Azure Arc, evaluating savings and benefits such as Extended Security Updates (ESUs) and SQL Pay-As-You-Go on Azure Arc-enabled SQL Server.
  • Hybrid Cloud Management: Visualize the benefits of security and management tools like Microsoft Defender for Cloud, Azure Monitor, and Azure Update Manager applied to on-premises environments via Azure Arc.
  • Customized Planning: For those not migrating everything or planning a phased migration, it’s possible to compare combined on-premises and Azure costs to optimize strategy.

These tools offer greater flexibility and transparency, enabling customers to download reports and involve stakeholders in the decision-making process.

New Releases and Features of Azure Migrate

To stay updated on the latest developments, visit this page, which provides information on new releases and features. This month, notable highlights include:

  • Cost Assessments for AVS: Support for the AV64 SKU and the external storage option with Azure NetApp Files.
  • Enterprise Linux Machine Migration: Capability to transfer RHEL and SLES machines from VMware and Hyper-V environments to Azure, leveraging the Azure Hybrid Benefit.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Unveiling the future: key insights from Microsoft Ignite 2024 on Azure IaaS and Azure Local

In this article, I delve into the latest technological advancements and strategic updates unveiled at the recent Microsoft Ignite 2024 event. With a specific focus on Azure Infrastructure as a Service (IaaS) and Azure Local, I aim to provide a comprehensive and insightful overview of the innovative solutions and initiatives introduced by Microsoft. As a cornerstone event in the tech world, Microsoft Ignite continues to shape the industry by presenting groundbreaking features, enhancements, and visionary developments. Join me as I explore these transformative updates in detail, offering my personal insights on their potential to redefine the future of cloud infrastructure and services. This article examines the implications of these transformative updates, analyzing their impact on the evolution of cloud infrastructure and services, and their significance for businesses navigating the digital future.

Azure

Silicon Updates for Azure Infrastructure

Microsoft Azure is advancing its infrastructure with end-to-end silicon innovations to meet the growing demands of cloud and AI workloads. Azure Integrated Hardware Security Module (HSM) ensures robust security across datacenter hardware, while Azure Boost Data Processing Units (DPUs) provide efficiency in networking, storage, and acceleration for scale-out workloads. Additionally, Azure’s innovative liquid cooling technology is tailored for large-scale AI systems, ensuring efficiency and sustainability within its datacenters. By integrating CPUs, AI accelerators, and DPUs, alongside cutting-edge hardware security and cooling technologies, Azure continues to optimize every layer of its infrastructure for the AI-driven era.

Azure HBv5 Virtual Machines Built for High Performance and Cost Efficiency (preview)

Azure HBv5 virtual machines are designed to redefine high-performance computing (HPC) in the cloud by delivering exceptional performance and cost efficiency. Powered by AMD EPYC™ 9V64H processors and the latest NVIDIA InfiniBand networking technologies, these VMs promise up to 8x the performance of leading bare metal and cloud alternatives, and up to 35x the speed of legacy on-premises systems. HBv5 VMs are optimized for demanding workloads such as computational fluid dynamics, weather modeling, and aerospace simulation. With enhanced data movement capabilities, high-bandwidth memory, and a co-designed platform to overcome bottlenecks, HBv5 will empower researchers and businesses to accelerate insights and reduce costs, with availability in preview by 2025.

Azure ND GB200 V6 VMs Powered by NVIDIA Blackwell Platform (preview)

Microsoft Azure has announced the preview of its Azure ND GB200 V6 virtual machines, powered by NVIDIA Blackwell GB200 Superchips. These VMs represent a breakthrough in AI computing, offering unparalleled performance and scalability for AI model training and inference. Co-developed and co-optimized with NVIDIA and other AI innovators, the Azure ND GB200 V6 series sets a new standard for AI supercomputing in the cloud. The integration of NVIDIA GB200 Superchips ensures accelerated capabilities for the most advanced AI workloads, enabling faster, more efficient AI innovation.

Microsoft Continues Transition to Reliable Logical Qubits

Microsoft is pioneering advancements at the intersection of AI and quantum computing by transitioning toward reliable logical qubits. In collaboration with Atom Computing, Microsoft is developing the world’s largest neutral atom commercial system with entangled logical qubits, offering breakthrough 2-qubit gate fidelity. These advancements will enable deeper, more complex quantum computations, surpassing classical computing capabilities. The co-designed commercial quantum machine, expected to launch by the end of 2025, will support faster AI training and accelerate scientific discovery, marking a significant leap in quantum innovation.

Azure Local

Azure Expands Adaptive Cloud, Introducing the Azure Local Infrastructure Solution

Microsoft Azure continues to innovate with its adaptive cloud approach, supporting global infrastructure across cloud and edge environments. This expansion offers unified management, enhanced security, simplified application deployment, and a consistent data foundation across hybrid, multicloud, and edge ecosystems. As part of this evolution, Azure Local—a cloud-controlled hybrid infrastructure platform powered by Azure Arc—is now generally available. Azure Arc acts as a bridge, extending Azure platform services like Azure Local across hybrid, multicloud, and edge locations.

What is Azure Local?

Azure Local enables customers to extend Azure services to distributed locations, empowering them to run mission-critical workloads, cloud-native applications, and AI solutions with unparalleled flexibility and scalability. Through partnerships with OEMs like Dell, HP, and Lenovo, Azure Local integrates secure, pre-validated hardware with cloud-based services. Supporting a variety of infrastructure setups, from compact industrial PCs to enterprise-grade servers, Azure Local also addresses disconnected scenarios, meeting rigorous regulatory and compliance requirements.

Azure Local’s Role in Azure’s Global Infrastructure

This new platform underscores Azure’s commitment to providing customers with unmatched options tailored to their unique needs. Whether leveraging Azure’s global presence in over 60 regions or third-party infrastructure enabled by Azure Arc, customers benefit from centralized management, advanced security features, and AI-driven insights. These capabilities accelerate app development and scaling while offering a unified experience across centralized and distributed environments.

Key Features and Benefits

Azure Local integrates and expands upon the Azure Stack product family, offering broader capabilities and a more streamlined experience. Existing Azure Stack HCI customers will automatically transition to Azure Local, which includes features like:

  • Customizable cloud-based operations and security
  • Support for cloud-native and traditional applications
  • Azure Virtual Desktop integration

New customers can explore validated partner solutions on the Azure Local webpage to get started today.

Azure Local vs. Azure Arc

  • Azure Local: Designed for customers seeking new or refreshed infrastructure at distributed locations, with Azure Arc capabilities seamlessly built-in.
  • Azure Arc: A bridge to extend Azure services to existing infrastructure or other cloud environments.

Azure Local’s Relationship with Azure Stack HCI

Azure Local now encompasses Azure Stack HCI, maintaining all its features and adding significant new functionality:

  • Support for lower-spec hardware (preview)
  • Disconnected operations (preview)
  • Enhanced services and flexibility

Existing customers need only continue applying updates to transition smoothly to Azure Local.

Transition for Azure Stack Hub and Azure Stack Edge

Microsoft recommends Azure Local for most distributed infrastructure scenarios. Once preview features such as lower-spec hardware and disconnected operations become generally available, Azure Local will offer equivalent capabilities to previous Azure Stack solutions. Until then, Azure Stack Hub and Azure Stack Edge remain available as standalone products.

Windows Server Integration

Azure Local also brings added value to Windows Server customers. Those with Software Assurance or active subscriptions can access Azure management tools like:

  • Azure Update Manager
  • Azure Policy Guest Configuration
  • Disaster Recovery
  • Change Tracking and Inventory

This integration incurs no additional cost, further enhancing Azure’s value proposition.

Getting Started

Azure Local is now available for production use (version 2411). New customers can browse the solutions catalog for their preferred vendor’s hardware and read the deployment guide to initiate their journey. Additional low-spec, cost-effective options are expected to launch soon.

Stay Informed with Microsoft Ignite: The Book of News

For more information, you can refer to “The Book of News,” the guide to Microsoft’s announcements for Microsoft Ignite. This resource is designed to streamline your access to the latest updates and provide essential insights into the topics that matter most to you.

Conclusion

The innovations unveiled at Microsoft Ignite 2024 mark a transformative leap in cloud infrastructure and hybrid solutions. From groundbreaking advancements in Azure IaaS with next-generation silicon, high-performance virtual machines, and pioneering AI capabilities to the introduction of Azure Local as a unified platform for distributed environments, Microsoft continues to redefine the standards of scalability, flexibility, and security.

These updates emphasize Azure’s commitment to empowering businesses with the tools needed to navigate the evolving digital landscape. Whether through enhanced performance for demanding workloads, seamless hybrid integration, or cutting-edge developments in quantum computing, Microsoft’s vision aligns with the growing demand for adaptive and resilient cloud solutions.

Azure Local’s seamless integration of Azure Stack HCI and the broader Azure ecosystem offers a compelling solution for organizations seeking a consistent and secure approach to managing workloads across centralized, hybrid, and edge environments. By bridging cloud-native and traditional applications, Azure Local simplifies infrastructure management while addressing complex compliance and operational needs.

As we look ahead, the innovations discussed at Microsoft Ignite 2024 set the stage for a future where cloud technologies continue to drive business transformation. By staying informed and embracing these advancements, organizations can unlock new levels of agility, innovation, and growth in an increasingly connected world.

Azure IaaS and Azure Stack: announcements and updates (November 2024 – Weeks: 45 and 46)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Networking

Azure Cross-Subscription Load Balancer

Microsoft is pleased to announce the general availability of the Azure cross-subscription Load Balancer. This feature allows components of a load balancer, such as the frontend IP address or backend instances, to be located in different subscriptions. Cross-subscription load balancing offers flexibility in architecture design and is now available in all Azure public regions, as well as in China cloud and Government cloud regions.

Azure Load Balancer Admin State and Health Status

Azure Load Balancer now supports the Administrative State (Admin State) feature, simplifying the management of backend pool instances. Admin State allows users to override health probe behavior for individual instances without changing network security rules or port configurations. This facilitates maintenance by enabling users to mark instances as up or down and control connection behavior without additional complexity.

Additionally, the Health Status feature is now generally available, offering detailed insights into the health of backend instances in Azure Load Balancer pools. This feature provides:

  • User-triggered issue notifications

  • Platform-triggered reason codes

These capabilities enhance monitoring and troubleshooting, ensuring efficient management and improved visibility into backend instance health.

Single Prefix Enhancement to Seamless Gateway Migration

The Gateway migration experience has been enhanced to enable customers to use the Azure Portal or PowerShell scripts to deploy a second Virtual Network Gateway within the same GatewaySubnet. During the migration phase, initiated by the customer, Azure will transfer both the control plane and data path configurations from the existing gateway to the new one. This results in two operational gateways coexisting within the same subnet. After a successful migration, customers can remove the original gateway, leaving the new one in place for continued connectivity. This feature is designed to support seamless migrations with minimal downtime.

Azure Virtual Network Manager User-Defined Route (UDR) Management

Azure Virtual Network Manager now offers the general availability of User-Defined Route (UDR) Management. This feature simplifies the process of managing complex routing behaviors by automating UDR orchestration. Users can establish routing configurations that automatically deploy across virtual networks, eliminating the need for manual UDR creation or custom scripts, thus reducing errors and simplifying large-scale routing. UDR Management enables users to organize routing rules into collections tied to specific network groups, ensuring consistency and reusability across subnets or virtual networks. Custom routing behaviors, such as directing traffic in a hub-and-spoke topology or routing traffic through Azure Firewall, can now be implemented with ease. This automation ensures flexible and seamless routing that adjusts to network changes without manual intervention.

Retirement: Azure CDN Standard/Premium from Edgio (formerly Verizon)

Azure CDN Standard/Premium from Edgio (formerly Verizon) is set to be retired on November 4, 2025. To avoid service interruptions, customers currently utilizing this service need to migrate their workloads to a comparable solution before this date. Additionally, as of January 15, 2025, the creation of new Azure CDN profiles from Edgio will no longer be permitted.

This retirement follows Edgio’s Chapter 11 bankruptcy filing on September 9, 2024, which casts uncertainty over their ability to maintain service continuity until the retirement date. Microsoft continues to monitor the situation closely and will provide updates if any changes affect the retirement timeline.

As a recommended alternative, Microsoft suggests transitioning to Azure Front Door Standard or Premium, which is the flagship CDN product, to ensure a seamless migration and maintain high service reliability.

Static Egress Gateway for Azure Kubernetes Service (AKS)

The Static Egress Gateway for Azure Kubernetes Service (AKS) is now available in public preview. This feature empowers AKS users to configure a fixed source IP for out-of-cluster communications without the overhead of deploying a dedicated node pool with a NAT gateway. By leveraging this capability, organizations can achieve precise control over egress traffic, streamline integration with external systems, and bolster network security without incurring significant additional costs.

Network Isolated Clusters in AKS (preview)

Azure Kubernetes Service (AKS) introduces Network Isolated Clusters, now in public preview. This feature simplifies the process of restricting network access for AKS clusters by enabling built-in isolation without relying solely on Azure Firewall. By reducing the complexity and costs associated with managing firewall configurations, Network Isolated Clusters help organizations safeguard sensitive data and prevent unintentional exposure of public endpoints, thereby minimizing the risk of security breaches.

Storage

Convert to Azure Premium SSD v2 Disks

Microsoft is excited to announce the General Availability of the feature for converting to Premium SSD v2 disks (Pv2). This capability enables users to confidently migrate their workloads to Pv2 disks. The conversion process allows for a seamless transition from existing Standard SSD, Standard HDD, or Premium SSD v1 disks to Pv2 with minimal downtime. Notably, this process avoids disk destruction, eliminates the need for snapshots as a staging resource, and bypasses background data copying, making migrations simpler and more efficient.

Enhancements on Elastic SAN: Resiliency, Security, Scalability, and AVS Integration

Azure Elastic SAN, Microsoft’s latest block storage innovation, has been enhanced with new features that improve resiliency, security, scalability, and integration with Azure VMware Solution (AVS).

Key highlights include:

  • Service Level Agreement (SLA): The availability SLA is now published, providing assurance for mission-critical workloads running on Elastic SAN.

  • CRC Protection: Customers can now enable CRC32C checksum verification to maintain data integrity. If enabled on the client side, connections without CRC32C set for both header and data digests will be rejected, ensuring data protection.

  • Public Preview of Autoscale for Capacity: Elastic SAN now supports autoscaling, a first in cloud block storage solutions. This feature simplifies management by allowing users to set a policy for automatic scaling of storage capacity, saving time and controlling TCO by enabling growth on demand with user-defined increments.

  • Integration with Azure VMware Solution (GA): Azure Elastic SAN is now fully integrated with AVS, offering a managed, VMware-certified SAN that is scalable, easy to manage, and cost-efficient. This provides AVS customers with flexible storage options suitable for a range of workloads, including backup and disaster recovery.

Azure File Sync Support for Managed Identities (preview)

Azure File Sync support for managed identities is now available in public preview. This update allows users to leverage system-assigned managed identities provided by Microsoft Entra ID, thereby eliminating the need for shared keys as an authentication method for Azure file shares. By configuring managed identities, Azure File Sync deployments benefit from enhanced security through streamlined authentication processes in three key scenarios:

  • Authentication of the Storage Sync Service to Azure file shares

  • Authentication of registered servers to Azure file shares

  • Authentication of registered servers to the Storage Sync Service

The public preview is accessible in all Azure Public and Gov regions where Azure File Sync is supported, and there is no additional cost for utilizing managed identities in these configurations.

Azure Stack

Azure Stack HCI

Upgrade Your Azure Stack HCI 22H2 Clusters to 23H2

Azure Stack HCI version 22H2 will reach retirement in May 2025. After this date, clusters operating on this version will no longer receive monthly security and quality updates. To maintain compliance and continue receiving updates, it is essential to upgrade the operating system to version 23H2.

The recommended action for customers is to promptly initiate the upgrade process by following these steps:

  1. Upgrade the operating system of your Azure Stack HCI cluster to version 23H2 to ensure continued receipt of monthly security and quality updates.

  2. Apply the solution upgrade to receive ongoing feature updates.

Taking these steps promptly will help ensure cluster stability and continued support.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (November 2024 – Weeks: 43 and 44)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Named a Leader in 2024 Gartner® Magic Quadrant™ for Strategic Cloud Platform Services

Microsoft has once again been recognized by Gartner® as a Leader in the 2024 Gartner® Magic Quadrant™ for Strategic Cloud Platform Services (SCPS), noted for its excellence in Completeness of Vision. Microsoft’s Azure platform stands out for its robust suite of AI and cloud services, supporting organizations in fostering innovation across diverse IT scenarios. Offering both IaaS and PaaS solutions, Azure empowers businesses to seamlessly unify their on-premises, multicloud, and edge environments within the cloud. As AI accelerates transformative capabilities across industries, Azure’s adaptive platform equips businesses with the strategic infrastructure and tools they need to operate efficiently across hybrid, multicloud, and edge environments, and to develop intelligent applications that harness extensive data processing and computing capabilities.

Update on Retirement of TLS 1.0 and TLS 1.1 Versions for Azure Services

In alignment with Microsoft’s November 10, 2023 announcement, Azure continues its phased transition to TLS 1.2 or later, set to complete by August 31, 2025. This move aims to enhance security across all connections to Azure services, although some services will maintain temporary support for TLS 1.0 and TLS 1.1 to minimize disruption for customers. Azure’s TLS 1.0 and TLS 1.1 implementations are not known to be vulnerable; however, the adoption of TLS 1.2 or later introduces stronger security measures, including perfect forward secrecy and more robust cipher suites. Customers who currently rely on TLS 1.0 or 1.1 should prepare to update their workloads to TLS 1.2 or later to ensure seamless service continuity on Azure.

FinOps Toolkit 0.6

The latest release of the FinOps toolkit, version 0.6, was made available, bringing multiple enhancements for optimized financial operations on Azure. Key updates include a new FinOps best practices library and Power BI reports designed to enhance governance and workload optimization. Users can now leverage customizable promoted tags within Power BI, alongside improved ingestion capabilities for prices, reservation details, recommendations, and transactions within FinOps hubs. Performance and scalability of Power BI reports have also been optimized. Additionally, the toolkit introduces a consolidated FinOps workbooks template, updates to the Azure Optimization Engine for security and troubleshooting, and FOCUS 1.1 ServiceSubcategory mapping in the Services open data file. Minor improvements and bug fixes are also included across the toolkit, further refining the user experience.

Storage

Edit Network Features for Azure NetApp Files with No Downtime (Public Preview)

The latest public preview introduces the ability to edit network features for Azure NetApp Files volumes without downtime, providing greater flexibility and enhanced networking for users. With Standard Network Features now available in select regions (Australia East, Central India, North Central US, and Switzerland North), users can seamlessly upgrade from Basic to Standard network features, maintaining service continuity. Standard Network Features introduce several improvements, including increased IP limits in VNets with Azure NetApp Files, meeting enterprise security needs with Network Security Groups (NSGs) on delegated subnets, and improved network control through User-defined routes. The feature also supports enhanced connectivity via Active/Active VPN gateway setups and enables high-performance ExpressRoute FastPath connectivity, ensuring low latency and high-bandwidth connectivity between on-premises networks and Azure.

Live Resize for Azure Premium SSD v2 and Ultra Disks

Azure has announced the General Availability of Live Resize for Premium SSD v2 and Ultra Disks, a capability that enables users to dynamically increase storage capacity without application disruption. This feature allows organizations to start with smaller disks and expand their storage as needed, supporting cost management while providing flexibility. With this new feature, Azure customers can adjust resources efficiently without experiencing any downtime.

Expansion of Azure Premium SSD v2 Disk Storage to New Regions

Azure Premium SSD v2 Disk Storage is now accessible in additional regions, including Germany West Central, Israel Central, Italy North, Spain Central, and Mexico Central. This advanced storage solution offers a blend of price performance and ultra-low disk latency, ideal for I/O-intensive workloads like SQL Server, Oracle, SAP, and other enterprise applications. Azure Premium SSD v2’s expansion provides more organizations across the globe with access to reliable, high-performance storage for critical workloads, meeting the needs of industries ranging from big data analytics to gaming and containerized applications.

Azure Stack

Azure Stack HCI

Microsoft Recognized as a Leader in 2024 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure

Microsoft has once again been named a Leader in the 2024 Gartner® Magic Quadrant™ for Distributed Hybrid Infrastructure (DHI), marking its second consecutive year in this position. Microsoft earned top placement for both Completeness of Vision and Ability to Execute. Azure’s adaptive cloud approach and comprehensive infrastructure, spanning cloud and edge, address a wide array of customer requirements that drive digital transformation across industries. Examples such as Coles and Emirates Global Aluminum (EGA) underscore the impact of Azure in various sectors. Coles leverages GPU-enabled Azure Stack HCI and Azure Kubernetes Service (AKS) through Azure Arc for AI-driven video inferencing in-store, enhancing customer experience. EGA’s smart crane operations rely on low-latency, local AI models, optimized for real-time adjustments essential to aluminum casting. These examples highlight Azure’s versatile infrastructure, meeting the performance needs of both retail and manufacturing through advanced AI and machine learning capabilities.

Figure 1 – Magic Quadrant for Distributed Hybrid Infrastructure

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (October 2024 – Weeks: 41 and 42)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

ItalyNorth – New Services Available

Microsoft has expanded the portfolio of services in the Italy North Azure Region, making it an even more robust destination for organizations seeking to leverage cloud technology for migration, modernization, and real-time analytics. Below are the key new services now available in the Italy North Azure Region.

  • Azure VMware Solution (AV64) – The Azure VMware Solution (AV64) is now available in Italy North, allowing businesses to seamlessly migrate their existing VMware-based workloads to Azure. It provides a fully managed VMware environment in the cloud, designed to deliver scalability, security, and operational consistency without requiring businesses to rearchitect their applications. This solution empowers organizations to modernize their infrastructure while preserving the familiar VMware ecosystem.

  • Oracle Database@Azure – Oracle Database@Azure is now available in the ItalyNorth Azure Region. This service operates on Oracle Cloud Infrastructure (OCI) within Microsoft’s data centers, offering high-performance connectivity between Oracle Database and Azure resources. By colocating the services, customers benefit from reduced latency and faster access to their Azure applications. This collaboration enables organizations to take advantage of both Oracle’s and Microsoft’s leading cloud services, ensuring a seamless and efficient cloud experience.

  • Apache Kafka® and Apache Flink® on Confluent Cloud™ – Azure Native ISV Services now includes Apache Kafka® and Apache Flink® on Confluent Cloud™ in Italy North. These services provide powerful, scalable solutions for real-time event streaming and data processing pipelines. The native integration with Azure simplifies the architecture, enabling businesses to build real-time analytics solutions that are secure, scalable, and operationally efficient. This strengthens Italy North’s capabilities in supporting data-driven decisions and analytics.

  • Azure Data Box – Azure Data Box is now available in the ItalyNorth Azure Region, offering businesses a secure and efficient solution to transfer large volumes of data to Azure. Ideal for companies facing bandwidth limitations or performing one-time large-scale data migrations, Azure Data Box simplifies the data transfer process while minimizing downtime. With its availability in ItalyNorth, businesses now have more options for managing their data migration efforts securely and effectively.

These additions mark a significant enhancement to the Italy North Azure Region, empowering organizations to innovate, migrate, and scale their cloud operations with greater efficiency.

Compute

Azure Cobalt 100 Arm-based Virtual Machines

Microsoft has announced the general availability of the new Cobalt 100 Arm-based virtual machines (VMs). These VMs include the general-purpose Dpsv6-series and Dplsv6-series, as well as the memory-optimized Epsv6-series. The Cobalt 100 VMs deliver up to 50% better price-performance compared to the previous generation of Arm-based VMs, making them ideal for scale-out and cloud-native Linux-based workloads. These workloads include data analytics, web and application servers, open-source databases, and in-memory caches. Additionally, these VMs provide significant performance improvements: up to 1.4x better CPU performance, 1.5x improved performance on Java-based workloads, and up to 2x higher performance for web servers, .NET applications, and cache applications. They also feature 4x the local storage IOPS with NVMe and up to 1.5x better network bandwidth compared to earlier models.

ED25519 SSH Key Support for Linux VMs

Azure now supports ED25519 SSH keys for Linux VMs, offering a more secure and compact alternative to the traditional RSA keys. Previously, only RSA keys were available for secure SSH connections to Linux VMs on Azure. With this update, customers can now choose between RSA and ED25519 keys, allowing for more flexible and secure authentication options. The Azure Portal simplifies key management by enabling the creation of ED25519 keys directly. Additionally, Azure CLI and PowerShell support this key type, giving customers more ways to integrate ED25519 keys into their workflows. While RSA remains the default, the introduction of ED25519 enhances security and deployment efficiency for Linux VMs on Azure.

Networking

ExpressRoute Metro

ExpressRoute Metro is now generally available, offering a new private connectivity architecture designed to enhance network resiliency for Azure customers. ExpressRoute Metro provides dual-homed connections to two separate edge sites within the same city, ensuring improved redundancy and reliability. This feature is particularly valuable for maintaining uninterrupted service in the event of site-wide disruptions, ensuring business continuity for critical operations. Currently available in Amsterdam, Singapore, and Zurich, with upcoming launches in cities such as Atlanta, Milan, and Madrid, ExpressRoute Metro simplifies the setup process through a guided Azure portal, making configuration straightforward and user-friendly.

Custom IPv4 Prefixes (BYOIP) Can Be Used in Global/Regional Configuration

Microsoft has announced the availability of custom IPv4 prefixes using the bring-your-own-IP (BYOIP) feature in both global and regional configurations. This capability, now available in all public and US government regions, allows customers to bring public IPv4 ranges as small as /24 for global use across Azure. These ranges can be divided into regional subnets as small as /26, enabling users to associate smaller portions of the range with specific regions for redundancy and load balancing. This feature provides flexibility in IP address management, allowing for more efficient use of resources across multiple Azure regions while maintaining global availability.

Private Endpoint Support Without NVA Source Network Address Translation

Azure now offers private endpoint support without requiring source network address translation (SNAT) for traffic passing through a network virtual appliance (NVA). By configuring a specific tag on the NVA virtual machines, users can opt into this feature, which eliminates the need for SNAT for traffic destined for private endpoints. This enhancement simplifies the configuration process and ensures symmetric routing without affecting nonprivate endpoint traffic. Additionally, this feature supports internal compliance standards by maintaining traffic source information in logs. It is recommended to enable this feature during a maintenance window, as it may cause a one-time reset of long-running private endpoint connections traversing the NVA.

ExpressRoute Guided Configuration Experience

Microsoft has announced the general availability of the ExpressRoute guided configuration experience, designed to simplify the process of setting up multi-site resiliency circuits and connections. The guided experience focuses on making resiliency a key aspect of configuring ExpressRoute circuits and virtual network gateway connections. Customers can choose from three resiliency options: maximum, high, and standard. Maximum resiliency offers redundancy across and within peering locations, high resiliency provides redundancy across peering locations but not within, and standard resiliency focuses on redundancy within a single peering location. The experience also provides insights, such as the distance between peering locations and traffic engineering recommendations, to assist in informed decision-making. This guided configuration is available via the Azure portal, PowerShell scripts, and ARM templates, enhancing flexibility and ease of use for users when configuring ExpressRoute circuits.

Storage

Storage Account Default Egress Limit Increase to 200 Gbps

Microsoft has increased the default maximum egress limit for general-purpose v2 and Blob storage accounts from 120 Gbps to 200 Gbps across various regions. This increase applies to both new and existing storage accounts, allowing for greater data transfer capacity, especially for high-volume workloads. The enhanced limit ensures improved performance and scalability for customers relying on Azure storage services for data-intensive operations.

Azure Elastic SAN for Azure VMware Solution

Azure Elastic SAN for Azure VMware Solution (AVS) is now generally available. Azure Elastic SAN provides a fully managed, VMware Certified storage area network (SAN) for AVS customers, offering massive scalability, simplified management, and built-in redundancy at a low total cost of ownership (TCO). With Azure Elastic SAN, customers can scale their storage independently of performance requirements, enabling cost-effective expansion for use cases like backups and disaster recovery. Priced at $0.06-0.08 per GiB per month, this storage solution offers an economical yet robust option for AVS environments while delivering sufficient performance for a wide range of workloads.

Azure Stack

Azure Stack HCI

New Features for Azure Virtual Desktop on Azure Stack HCI

Azure Virtual Desktop on Azure Stack HCI has introduced a series of powerful features aimed at improving scalability, cost management, flexibility, and monitoring for IT administrators. These new capabilities are now generally available and offer a seamless experience through the Azure Virtual Desktop management interface. Below is an overview of the key updates and their benefits.

  • Autoscale for Host Pools – The new Autoscale feature allows organizations to automatically scale session hosts up or down based on a predefined schedule, optimizing deployment costs. This feature, which was previously available for Azure Virtual Machines, can now be applied to Azure Stack HCI, enabling better resource management and cost savings.

  • Start VM on Connect – This feature reduces operational costs by powering on session host VMs only when they are needed for active user connections and shutting them down when not in use. It allows organizations to maintain high efficiency by running virtual desktops only when required, thereby minimizing resource consumption.

  • Windows 11 and Windows 10 Enterprise Single-Session Images from Azure Marketplace – IT administrators now have the ability to download and deploy Windows 11 and Windows 10 Enterprise single-session images from Azure Marketplace directly to their Azure Stack HCI clusters. This flexibility enables better customization of the virtual desktop environment to fit specific user requirements and workloads.

  • Azure Virtual Desktop Insights Support – Azure Virtual Desktop Insights provides a centralized monitoring solution that allows IT admins to detect, diagnose, and resolve issues within their Azure Virtual Desktop environments. Now available for Azure Stack HCI, this tool enhances operational oversight by offering detailed performance metrics and troubleshooting capabilities.

  • Per-User Access Pricing for Azure Virtual Desktop on Azure Stack HCI – Azure Virtual Desktop now supports a per-user access pricing model for Azure Stack HCI, enabling organizations and independent software vendors (ISVs) to provide external users with access to their virtual desktop solutions. This pricing flexibility allows businesses to offer cost-effective virtual desktop services tailored to their users’ needs.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (October 2024 – Weeks: 39 and 40)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Invests €4.3B to Boost AI Infrastructure and Cloud Capacity in Italy

Microsoft has announced its largest investment in Italy to date, committing €4.3 billion over the next two years to expand its AI and cloud infrastructure in the country. This initiative will significantly boost the capacity of its hyperscale datacenter region in Northern Italy and provide AI and cloud-based digital skills training to over 1 million Italians by 2025. The expansion aims to support Italy’s growing demand for AI-driven solutions, enabling advancements across industries such as manufacturing, healthcare, finance, and public administration. By embracing AI, Italy can address demographic challenges and foster innovation, particularly among small and medium-sized enterprises. The investment will also fortify Italy’s cybersecurity posture and ensure compliance with European data boundary requirements. As part of its AI Access Principles, Microsoft is committed to fostering innovation and competition while ensuring AI technology is accessible for the public good. This infrastructure will serve as a key data hub for the Mediterranean and North Africa, supporting broader international collaboration efforts.

Compute

Azure confidential VMs with NVIDIA Tensor Core GPUs

Azure announces the general availability of Azure confidential VMs featuring NVIDIA H100 Tensor Core GPUs, now ready for production deployment. These VMs, under the NCC H100 v5 SKU, are powered by AMD 4th Gen EPYC™ processors with SEV-SNP technology combined with NVIDIA H100 Tensor Core GPUs. This configuration enables customers to securely migrate GPU-intensive workloads to Azure while maintaining optimal performance and requiring no code modifications. The NCC H100 v5 VMs provide a hardware-based Trusted Execution Environment (TEE), which enhances guest protection by securing VM memory and state from potential hypervisor or host management code access. With this capability, Azure customers can issue attestation requests to ensure that VMs are running on a properly configured TEE before deploying sensitive applications or releasing encryption keys, safeguarding against unauthorized operator access. This release enables organizations to run their most confidential GPU workloads with heightened security on Azure.

Save up to 56% on the Latest Linux VMs in Most Azure Regions for a Limited Time

Microsoft has introduced a promotional offer allowing customers to save up to 56% on the latest Linux virtual machines (VMs) in Azure. This limited-time promotion, valid from October 1, 2024, to March 31, 2025, offers an additional 15% discount on top of the existing one-year Azure Reserved Virtual Machine Instances discount. The offer applies to qualified VM SKUs and regions, making it an excellent opportunity for businesses to reduce costs on Linux-based VMs. By purchasing a one-year Azure Reserved Virtual Machine Instance, organizations can significantly cut down their cloud infrastructure expenses compared to the standard pay-as-you-go model.

New FX series VMs – FXmsv2 and FXmdsv2 (preview)

Azure has introduced the latest members of the FX virtual machine subfamily: the FXmsv2 and FXmdsv2 series. These VMs are powered by the 5th Generation Intel® Xeon® Platinum 8473C (Emerald Rapids) processor, operating in a hyper-threaded configuration that is optimized for both memory and compute-intensive workloads. This processor delivers an all-core turbo clock speed of 3.0 GHz, supported by Intel® Turbo Boost Technology, Intel® Advanced-Vector Extensions 512 (Intel® AVX-512), and Intel® Deep Learning Boost, making it a suitable choice for high-performance computing. The FXmsv2 and FXmdsv2 series are designed for workloads requiring high CPU clock speeds and a significant memory-to-CPU ratio, such as electronic design automation (EDA) workloads. These virtual machines offer up to 96 vCPUs and 1832 GiB of RAM, providing substantial power and flexibility. Additionally, customers have the option to choose between VM configurations with or without local disks, allowing for tailored optimization according to the specific needs of each workload.

Azure NMads MA35D-Series Virtual Machines (preview)

Microsoft has introduced the public preview of the Azure NMads MA35D-Series virtual machines (VM) in the East US region, marking Azure’s first VM SKU equipped with specialized hardware designed for video transcoding workloads. Powered by Xilinx MA35D “Supernova” ASIC video processing units (VPUs), this VM is optimized for both batch and real-time video transcoding tasks. With a combination of 16 vCPUs, 32GB of RAM, and 76GB of temporary storage, it also features advanced codecs such as AV1 for improved video processing efficiency. Compared to general-purpose CPU or GPU solutions, the NMads MA35D-Series offers superior throughput and lower latency, reducing the total cost of ownership (TCO) for customers. This new SKU presents a powerful, cost-effective option for video transcoding workloads, enhancing performance and efficiency for cloud-based video processing.

Azure NVads V710 v5-Series Virtual Machines (preview)

Microsoft has announced the public preview of the Azure NVads V710 v5-series virtual machines (VMs), which are powered by AMD Radeon™ Pro V710 GPUs and AMD EPYC 9V64 (Genoa) CPUs. With base frequencies of 3.95 GHz and maximum frequencies of 4.3 GHz, these VMs leverage AMD Simultaneous Multithreading technology to assign dedicated vCPU threads to each VM. The series offers five configuration options, ranging from 1/6 of a GPU with a 4-GiB frame buffer to a full V710 GPU with a 28GB GDDR6 PCIe card. These VMs do not require additional GPU licensing and support NVMe for ephemeral local storage. This series is optimized for GPU-accelerated graphics applications and cloud-based virtual desktops, providing cost-effective, high-performance options for graphics-enabled workloads. It is also well-suited for interactive cloud-based gaming and small to medium AI/ML inference workloads such as semantic indexing and recommendation systems.

Networking

Azure Virtual Network Monitoring IP Address Management (preview)

The new public preview of Azure Virtual Network Monitoring IP address management enhances Azure’s network management suite by simplifying IP address planning and allocation. This feature offers centralized control over IP addresses, helping organizations manage complex network environments more efficiently. It provides capabilities to automatically assign non-overlapping addresses, reserve IP addresses for specific use cases, and prevent Azure address space from overlapping with on-premises or multi-cloud environments. Users can now monitor IP usage and allocation in real time, ensuring seamless and well-organized network operations. This new feature is critical for maintaining a clear overview of network resources and preventing IP conflicts across different environments.

Azure Retirement in Networking Services

Azure continues to evolve its networking services to align with security standards and enhance overall performance. As part of this ongoing transformation, several key networking features and services are being retired or updated. Customers are encouraged to stay informed of these changes to ensure a smooth transition and avoid service disruptions. Below is a summary of the upcoming retirements and their timelines, along with recommended migration paths and improvements:

  • Starting from January 1, 2025, the creation of new gateways on VpnGw1-5 (Non-AZ SKUs) will no longer be possible. To ensure a smooth transition, Microsoft will be seamlessly migrating all existing gateways on VpnGw1-5 (Non-AZ SKUs) to VpnGw1-5 (AZ SKUs) between April 2025 and October 2026. As part of this process, prices on the AZ SKUs will be reduced to facilitate the migration for customers.
  • Additionally, starting June 30, 2025, new NSG flow logs will no longer be supported. Microsoft recommends migrating to virtual network flow logs in Network Watcher, which provide enhanced capabilities and overcome the limitations of NSG flow logs.
  • As part of Azure’s ongoing security enhancements, from August 31, 2025, all connections to Azure Application Gateway must use Transport Layer Security (TLS) 1.2 or later. TLS 1.0 and 1.1 will no longer be supported, and TLS 1.2 and above offer improved security features, such as perfect forward secrecy and stronger cipher suites.
  • Similarly, connections to Azure Front Door must also adhere to TLS 1.2 or later, with support for TLS 1.0 and 1.1 being discontinued from December 1, 2024. The later versions of TLS improve security with enhanced encryption features.
  • In addition, Azure CDN Standard from Microsoft (classic) will be retired on September 30, 2027. Customers using this service must migrate to Azure Front Door Standard or Premium before this date to avoid service disruptions.
  • Finally, on September 30, 2027, Inbound NAT rule V1 for Azure Virtual Machines and Azure Virtual Machine Scale Sets in Azure Load Balancer will be retired. Users are advised to migrate to Inbound NAT rule V2 by this date to prevent any interruptions to their services.

gRPC and Frontend mTLS Now Available for Application Gateway for Containers

Azure has introduced two important updates for Application Gateway for Containers, enhancing security and communication capabilities. Frontend mutual authentication (mTLS) is now supported, ensuring that only specific clients are authenticated before their requests are forwarded to the backend service. This update brings feature parity for customers using the Application Gateway Ingress Controller and adds an additional layer of security, complementing the already available backend mutual authentication.

Moreover, gRPC support is now available for Application Gateway for Containers. With gRPC, customers can benefit from four advanced communication methods between the client and the Application Gateway: unary, client streaming, server streaming, and bidirectional streaming. These capabilities offer flexible and efficient communication options for modern application architectures.

Storage

Azure File Sync Agent v19 Release Now Available

The Azure File Sync agent v19 is now generally available for download via Microsoft Update and Microsoft Download Center, bringing key improvements and new features. With this release, server provisioning times for Azure File Sync server endpoints have been drastically reduced, providing faster setup for new servers. Additionally, managed identity support (preview) has been introduced, allowing Azure File Sync to authenticate using system-assigned identities from Microsoft Entra ID, eliminating the need for shared keys. The update also delivers significant sync performance improvements, particularly for file share migrations and metadata changes, and introduces support for Windows Server 2025. This release includes other reliability and telemetry enhancements for cloud tiering and sync operations. The agent version for this release is 19.1.0.0, and a restart is required for servers running earlier versions. Full installation instructions can be found in KB5040924.

Azure Stack

Azure Stack HCI

Announcing the Public Preview of Azure Migrate for VMware to HCI migrations (preview)

Microsoft has introduced the public preview of Azure Migrate’s new feature that facilitates the migration of virtual machines (VMs) from VMware environments to Azure Stack HCI. This enhancement extends Azure’s migration capabilities to the edge, aligning with Microsoft’s adaptive cloud strategy. Key advantages include agent-less replication, which allows VM migration without the need to install agents, reducing potential disruptions. The platform also enables workload configuration during migration, allowing users to adjust properties such as CPU and RAM. Additionally, Azure Migrate ensures no workload impact during replication by utilizing technologies like LEDBAT++ and vCenter API interaction, providing a seamless, disruption-free migration experience. Importantly, data remains on-premises throughout the process, ensuring compliance and control. With minimal cutover time, this solution is designed to maintain business continuity while transitioning to Azure Stack HCI.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in October 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM Health Monitoring with VM Watch for Azure VMs (preview)

VM Watch, now available in public preview, is a lightweight and adaptable service for monitoring the health of virtual machines (VMs) and VM Scale Sets in Azure. This service performs health checks within the VM at configurable intervals, sending results to Azure via a uniform data model. The collected data is used by Azure’s AI Operations (AIOps) engines to detect and prevent regressions. VM Watch is deployed through the Application Health VM extension, simplifying management and adoption for customers, and it is offered at no additional cost. The service is compatible with both Linux and Windows environments, suitable for individual VMs or VMSS. Additionally, VM Watch ensures efficient monitoring without compromising system performance, thanks to limits on CPU and memory usage. The service includes a set of predefined tests, easily configurable for specific scenarios, making monitoring ready-to-use right out of the box.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Security Findings for GitHub Repositories without GitHub Advanced Security: Starting October 21, 2024, GitHub offers security findings for repositories even without GitHub Advanced Security. This new feature enables users to identify and fix Infrastructure-as-Code (IaC) misconfigurations, container vulnerabilities, and code weaknesses, providing greater protection and visibility without the advanced license. However, secret scanning, code scanning with CodeQL, and dependency scanning remain exclusive to GitHub Advanced Security.
  • Deprecation of Compliance Standards in Defender for Cloud: Starting November 17, 2024, three compliance standards will be removed from Defender for Cloud: SWIFT CSP-CSCF 2020 (replaced by version 2022), CIS Microsoft Azure Foundations 1.1.0 and 1.3.0 (updated to versions 1.4.0 and 2.0.0, respectively). These updates reflect the latest best practices, and users can consult the Defender for Cloud documentation for an overview of currently supported standards.
  • Deprecation of Defender for Cloud Standards for AWS and GCP: As of November 17, 2024, Defender for Cloud will deprecate three standards specific to AWS and GCP (AWS CSPM, GCP CSPM, and GCP Default). These checks have been integrated into the Microsoft Cloud Security Benchmark (MCSB), which becomes the default, unified standard for all multi-cloud security assessments.
  • Binary Drift Detection in Containers: Since October 9, 2024, binary drift detection is available for Defender for Containers. This feature detects any suspicious changes within containers in real-time, ensuring greater security for deployments on all versions of Azure Kubernetes Service (AKS).
  • Updated Recommendations for Container Runtime (Preview): Recommendations for addressing vulnerabilities in containers running on AWS, Azure, and GCP have been unified to reduce duplication and optimize result analysis.
  • Kubernetes Identity and Access View in the Security Graph (Preview): Kubernetes identities and access configurations are now visible in the security graph, showing nodes, service accounts, roles, and connections illustrating permissions among Kubernetes objects.
  • Identity-Based Kubernetes Attack Paths (Preview): Using RBAC data, Defender for Cloud can identify attack paths across Kubernetes clusters, detecting lateral movement.
  • Enhanced Attack Path Analysis for Containers: Attack path analysis now also supports containers, providing a more detailed view of potential attack patterns in cloud environments.
  • Complete Discovery of Container Images in Supported Registries: Defender for Cloud now detects all container images in supported registries, improving visibility and allowing in-depth searches through Cloud Security Explorer to identify images based on metadata.
  • Container Software Inventory with Cloud Security Explorer: Cloud Security Explorer now provides a comprehensive inventory of software installed within containers and images, facilitating the quick identification of potential vulnerabilities, including zero-day threats, before CVEs are published.

Protect

Azure Backup

Reduced Rates for SAP HANA Backup Protected Instances

As of September 1, 2024, Azure introduced a significant rate reduction for Protected Instances (PIs) related to the SAP HANA backup service on Azure VMs. This update is aimed at enhancing cost efficiency, offering a more affordable service for protecting critical data for companies without compromising quality or performance. Specifically, the backup streaming rate for SAP HANA has been set at a standard price of $80 per instance (in the East US2 region), with a standard regional surcharge, regardless of the HANA database size. For snapshot backups, the cost is $80 per 5 TB increment, with the same regional surcharge. This change allows enterprises to protect their data in a more economically sustainable way.

GRS and CRR Support for Azure VMs with Premium SSD v2 and Ultra Disk in Azure Backup

Azure has announced support for the backup of virtual machines on Premium SSD v2 and Ultra Disk using GRS (Geo-Redundant Storage) vaults. These offerings represent the most advanced storage solutions, designed to meet the needs of IO-intensive enterprise applications requiring sub-millisecond latencies, high IOPS, and throughput. With GRS support and cross-region restore capabilities, users can protect their virtual machines from data loss during disaster events, as well as perform periodic audits by restoring data on demand in the secondary region. Currently, GRS vault enablement for virtual machines using Premium SSD v2 and Ultra Disk is available in various regions, including Southeast Asia, East Asia, North Europe, West Europe, East US, West US, and West US 3. Support will be extended to other public regions in the coming months.

Immutable WORM Storage for Backups in Azure Recovery Services Vaults (preview)

Azure backup introduces the capability to use immutable WORM (Write Once, Read Many) storage for backups within Recovery Services Vaults. This option ensures that a recovery point, once created, cannot be deleted or altered during its retention period, up to the designated expiration date, helping to meet compliance requirements. WORM support will be applicable to all vaults, both new and existing, and is currently available in preview in specific regions.

Transition to Azure Business Continuity Center for Large-Scale BCDR Management (preview)

Starting October 3, 2024, Azure made the new “Azure Business Continuity Center” (ABCC) available in public preview, a centralized solution for large-scale backup and disaster recovery management. This tool arises from evolving customer needs, influenced by the growing threat of ransomware attacks, which have led many companies to seek out multiple vendors for data protection. The ABCC, which will replace the previous Backup Center, offers unified management for Azure and hybrid environments, integrating the functionalities of Azure Backup and Azure Site Recovery. The transition is immediate and at no additional cost: users can immediately view their protection status in the new center without needing to take specific actions. Simply log into the Azure portal and search for the Business Continuity Center. The Backup Center has been removed from global search results in the Azure portal but remains accessible through an option within the ABCC.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features. This month’s main update is that the import of the RVTools XLSX file enables reading storage data, where available, from the vPartition and vMemory sheets (for storage space required for unreserved memory).

Azure Database Migration

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure Management services: what’s new in September 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, the aim is to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, providing you with essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Monitor Metrics Export (preview)

Azure Monitor Metrics Export is now available in Public Preview and configurable via Data Collection Rules (DCR), allowing Azure resource metric data to be directed to Azure Storage Accounts, Azure Event Hubs, and Azure Log Analytics Workspaces for 18 types of resources and in 10 public Azure regions. Some of the key benefits of Azure Monitor Metrics Export include:

  • Scalability: DCR, the data collection configuration mechanism in Azure Monitor, allows you to configure collection once and apply it at scale to many resources, supporting management across multiple subscriptions.
  • Flexibility in data collection: Customers can select specific metrics or all metrics for a given set of resources, thus controlling volumes and associated costs.
  • Full-fidelity, low-latency export: Metric data is exported with dimensional information to facilitate correlation, significantly improving export latency (~70%) compared to diagnostic settings.

Configure

Update management

Retirement of Automated Patching and introduction of Azure Update Manager

As of September 15, 2027, the Automated Patching feature has been retired and replaced with Azure Update Manager. This decision was made to ensure a more efficient and centralized update management process. Azure Update Manager is an enterprise-level tool that offers several advanced features:

  • Centralized update management: Provides a unified dashboard to view and manage updates across the entire environment, including virtual machines, on-premises servers, and hybrid scenarios.
  • Custom scheduling: You can create custom update schedules based on business needs, whether they are weekly, monthly, or scheduled on specific dates.
  • Patch compliance reports: Azure Update Manager generates detailed reports on patch compliance, keeping users informed about the status of updates across the entire infrastructure.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Container Storage enabled by Azure Arc Edge Volumes (preview)

Microsoft has announced the Public Preview of Azure Container Storage enabled by Azure Arc Edge Volumes, a versatile new feature designed to improve data management in edge environments. Azure Arc Edge Volumes offers two main functionalities: Local Shared Volume and Cloud Ingest Volume. Local Shared Volume provides high-availability storage with failover capabilities, remaining operational even without cloud connectivity, making it ideal for temporary storage and local application state data. Cloud Ingest Volume, on the other hand, allows transparent ingestion of unlimited file data from edge environments into Blob Storage, including ADLSgen2 and OneLake. The storage capacity for ingestion is user-defined, ensuring available space even during disconnections, with the option to delete local data once uploading to Blob is complete. Both solutions are based on advanced features to maintain data integrity, optimize the use of local resources, and are ideal for IoT applications. With Edge Volumes, it is possible to write to a local file system using standard I/O APIs, simplifying application code.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Improvements to Cloud Security Explorer experience: Increased performance, enriched data for each cloud asset, and enhanced CSV export with more details on exported assets.
  • General Availability of File Integrity Monitoring (FIM): Now available as part of Defender for Servers Plan 2, allowing real-time monitoring of critical files and logs to comply with regulations and detect suspicious changes.
  • FIM migration experience: A new in-product feature has been released to migrate FIM configurations from the Log Analytics Agent (MMA) to Defender for Endpoint, easing the transition.
  • Deprecation of MMA auto-provisioning: Starting in September 2024, MMA auto-provisioning will be progressively disabled, with full deactivation by November 2024.
  • Integration with Power BI: Allows the creation of custom reports and dashboards to analyze security posture and compliance recommendations.
  • Updates to multicloud CSPM requirements: New IP addresses to improve multicloud discovery services, requiring IP whitelist updates by October 2024.
  • Deprecation of Defender for Servers features: Adaptive application controls and Adaptive network hardening are now deprecated.
  • Compliance with the Spanish ENS standard: Added the ability to monitor compliance with the National Security Scheme (ENS) standard in Defender for Cloud’s compliance dashboard.
  • Remediation of system updates and patches: It is now possible to apply update recommendations to Azure Arc machines and Azure VMs via Azure Update Manager.
  • Integration with ServiceNow: The integration now includes the configuration compliance module, enabling the identification and resolution of cloud asset configuration issues.
  • Deprecation of Defender for Storage (classic): As of February 5, 2025, transaction protection plans will no longer be available for new subscriptions.
  • General availability of Azure Policy guest configuration: Now available for multicloud customers of Defender for Servers Plan 2, offering unified management of security configurations on Windows and Linux machines.
  • Support for Docker Hub in Defender for Containers: In public preview, enabling the scanning of Docker Hub images to identify and mitigate security threats.

Protect

Azure Backup

Backup Center will no longer be available in Azure portal’s global search

The new Azure Business Continuity Center (ABCC), introduced in Public Preview in November 2023, offers centralized and simplified management for data protection and recovery in Azure and hybrid environments, progressively replacing the previous Backup Center. Designed as an advanced evolution of Backup Center, ABCC allows unified management of solutions like Azure Backup and Azure Site Recovery. Access to the service is immediate, with no prerequisites or additional costs. Even for Backup Center users, no specific actions are required: Azure Business Continuity Center is already available directly from the Azure portal.

Azure Site Recovery

Update Rollup 75 for Azure Site Recovery has been released, addressing various issues and introducing some improvements. The relevant details and procedure for installation can be found in the specific KB.

Automatic certificate renewal for Azure Site Recovery from on-premises to Azure

Azure Site Recovery has introduced a new feature that enables automatic certificate renewal for data protection from on-premises to Azure in disaster recovery scenarios. Certificates are crucial to ensure communication between the various components involved in the recovery process and must be regularly renewed to avoid interruptions in Azure Site Recovery operations, such as data replication. As of August 2024, certificates used for replication from VMware to Azure, introduced in the 2021 Public Preview, will begin to expire. Thanks to this new automatic renewal capability, customers can avoid interruptions during data replication as long as the mobility agent and components within the appliance are updated to the latest available version. If communications or updates are missed, automatic renewal may fail, generating errors in the health of the appliance or agent. Customers are encouraged to follow official documentation to manually renew certificates if needed.

Support for Azure Trusted Launch VMs – Linux OS (preview)

Support for Azure Site Recovery for Azure Trusted Launch virtual machines running Linux operating systems is available in Private Preview. Azure Trusted Launch VMs offer advanced security for Azure generation 2 VMs, enabling features such as Secure Boot and vTPM. This Private Preview focuses exclusively on supporting virtual machines with Linux operating systems, while support for Windows OS VMs is already in General Availability. This new feature provides enhanced protection and recovery options for businesses using virtual machines with advanced security requirements in Linux environments.

Retirement of Classic Alerts

Azure Site Recovery recently introduced a new and improved alert management solution based on Azure Monitor. This solution offers several advantages, including:

  • Notification configuration: Allows notifications to be sent using a wide range of channels.
  • Notification scenario selection: Enables you to choose which scenarios to receive notifications for.
  • Programmable alert management: Offers the ability to programmatically manage alerts and notifications.
  • Consistent alert management experience: Ensures consistent alert management across various Azure services, including backup.

The next step involves retiring the previous Classic Alerts solution for Azure Site Recovery, set for September 23, 2027. If you are using the old classic alert solution, it is recommended to migrate to Azure Monitor Alerts. A guided experience is available through the Business Continuity Center and the Recovery Services Vault to migrate to Azure Monitor Alerts in a few clicks.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.