Category Archives: Datacenter Management

Azure IaaS and Azure Stack: announcements and updates (September 2021 – Weeks: 35 and 36)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

On-demand capacity reservations for Azure Virtual Machines (preview)

On-demand capacity reservations for Azure Virtual Machines, now in public preview, enable IT organization to reserve compute capacity for a VM size. The reservation can be for any length of time in any public Azure region or Availability Zone and supports most VM series. You can create and cancel an on-demand capacity reservation at any time, no commitment is required. The ability for you to access compute capacity, with SLA guarantees when on-demand capacity reservations become generally available, ahead of actual VM deployments is particularly important to ensure the availability of business-critical applications running on Azure. On-demand capacity reservations can be combined with Azure Reserved VM Instances (RIs) to significantly reduce costs.

Run Commands for Azure VMware Solution (preview)

Run commands are a collection of PowerShell packages available in the Azure VMware Solution portal that simplify the execution of certain operations on vCenter. With this announcement your cloud administrator can now more easily run management tasks that require elevated privileges.

Automatic scaling with Azure Virtual Machine Scale Sets flexible orchestration mode (preview)

Microsoft has enabled elastic virtual machine profile and automatic scaling for Azure Virtual Machine Scale Sets with flexible orchestration elastic profile and automatic scaling. The features are now in public preview, and provide:

  • Up to 1000 instances in a scale set (general purpose virtual machine sizes only)
  • Ability to manually add VM instances to the scale set
  • The option to spread instances across fault domains automatically, or specify a fault domain
  • Place on demand and Spot VMs in the same scale set
  • (New) Define a VM profile and specify instance count
  • (New) Automatically scale out and scale in based on metrics, schedule, or AI prediction (private preview)
  • (New) In guest patching that respects high availability / FD constraints
  • (New) Automatic extension updates
  • (New) Automatic instance repair/replacement of unhealthy instances
  • (New) Terminate notification for on demand and Spot VMs
  • (New) Secure by default networking – customers must explicitly define outbound connectivity
  • (New) Improved scale out and scale in reliability, latency, and elasticity

Storage

Azure Files: SMB 3.1.1 support, SMB Multichannel and storage capacity reservation

Server Message Block (SMB) 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.

Server Message Block (SMB) Multichannel enables you to improve the IO performance of your SMB client 2-4x, increasing performance and decreasing total cost of ownership.

Storage capacity reservations for Azure Files enable you to significantly reduce the total cost of ownership of storage by pre-committing to storage utilization. To achieve the lowest costs in Azure, you should consider reserving capacity for all production workloads.

Zone redundant storage (ZRS) for Azure Disk Storage

Zone redundant storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. They also enable you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.

Automatic key rotation of customer-managed keys for encrypting Azure disks

Azure Disk Storage now enables you to automatically rotate keys for encryption of your data.

Change performance tiers for Azure Premium SSDs with no downtime

On Azure Premium SSDs, you can now change the performance tiers without any downtime to your application (generally available). You can change the performance tier of a disk even when it is attached to running virtual machines. For planned events like a seasonal sales promotion or running a training environment, you need to achieve sustained higher performance for a few hours or days and then return to the normal performance levels. With performance tiers on Premium SSDs, you have the flexibility to scale the disk performance without increasing the disk size by selecting a higher performance tier. You can also change tiers to bring it back to your baseline performance tier, enabling you to achieve higher performance and cost savings.

Networking

New updates to Azure Firewall

New Azure Firewall capabilities:

  • Azure Firewall supports US West 3, Jio India West, and Brazil Southeast.
  • Auto-generated self-signed certificates for Azure Firewall Premium SKU.
  • Secure Hub now supports Availability Zones.
  • Deploy Azure Firewall without public IP in Forced Tunnel mode.
  • Configure pre-existing Azure Firewalls in Force Tunnel mode using stop or start commands.

Azure Route Server

Azure Route Server simplifies dynamic routing between your network virtual appliance (NVA) and your virtual network. When you establish a Border Gateway Protocol (BGP) peering between your NVA and Azure Router Server, you can advertise IP addresses from your NVA to your virtual network. Your NVA will also learn what IP addresses your virtual network has. Azure Route Server is a fully managed service and is configured with high availability.

Several key Azure Route Server benefits include:

  • Simplify network appliance operations
  • Deploy it in your existing setup
  • Support any network appliance
  • Enable new network topology

Private Link Network Security Group Support (preview)

Private Endpoint support for Network Security Groups (NSGs) is now in public preview. This feature enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Private Link UDR Support (preview)

Private Endpoint support for User Defined Routes (UDRs) is now in public preview. This feature enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to Enabled. In addition to toggling this property, you will need to also register for the Microsoft.Network/AllowPrivateEndpointNSG feature.

Address changes on an Azure virtual network that has active peerings (preview)

You can now update your virtual network address space without needing to remove the peering links on their virtual networking and incurring any downtime.

Azure ExpressRoute: new ExpressRoute Direct and Peering locations

New locations are available for ExpressRoute Direct:

  • Denver
  • Newport (Wales)
  • Pune

The new locations support dual 10Gbps or 100Gbps connectivity into Microsoft’s global network.

New peering locations are available for ExpressRoute:

  • Chicago2
  • Pune
  • Seoul2

Azure Management services: what's new in August 2021

Microsoft constantly releases news about Azure management services. By publishing this summary, we want to provide an overall overview of the main news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The IT Service Management Connector is certified with the Quebec version of ServiceNow

The IT Service Management Connector (ITSM) of Azure Monitor is now certified for the Quebec version of ServiceNow. This connector allows you to establish a two-way connection between Azure and ITSM tools, useful for managing incidents and solving problems faster. Furthermore, it is possible to create work items in the ITSM tool, based on Azure alerts(Metric Alerts, Activity Log Alerts, e Log Analytics alert).

Lower levels for reservations for Azure Monitor dedicated clusters

Microsoft has reduced the capacity reservation (capacity reservation) minimum required for Azure Monitor dedicated clusters, bringing it from 1.000 GB to 500 GB per day. This allows you to take advantage of advanced features such as customer-managed keys, lockbox, and infrastructure encryption, even to customers with lower data entry volume.

The retirement of the Log Analytics agent has been announced

Microsoft announced that the 31 August 2024 the Log Analytics agent used in Azure Monitor will be retired. Therefore, before that date, you should use the new Azure Monitor agent (AMA) and data collection rules (DCR) of Azure Monitor to monitor virtual machines and servers.

Configure

Azure Automation

New features coming soon to be released

Microsoft has announced that the following new features will soon be released for Azure Automation:

  • Azure AD support: ability to use Azure AD-based authentication for public automation endpoints
  • Support for Powershell 7: ability to run Azure Automation runbooks, in production scenarios, using PowerShell 7.1
  • Azure Automation Hybrid Worker Extension for Azure and for Azure Arc machines: possibility of onboarding hybrid workers using the hybrid extension for Azure and Azure Arc machines.
  • Support for Availability Zones, useful for increasing the levels of reliability and resilience.
  • Native support of the Powershell Az module.

Govern

Azure Policy

Azure Guest Configuration Policy: possibility of applying settings within the systems as well (preview)

Guest Configuration Policies allow you to control settings within a machine, both for virtual machines running in Azure environment and for "Arc Connected" machines. At the moment, most of the Azure Guest Configuration Policies only allow you to make checks on the settings inside the machine, but they do not apply configurations. However, Microsoft has announced in preview the possibility to apply configurations provided by Microsoft or to create your own configuration packages using PowerShell DSC version 3.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Azure Security Center

Azure Defender for SQL available from Azure SQL Virtual Machine blade

This new Azure Defender information browsing experience for SQL VMs, allows you to view, directly from the SQL virtual machine panel, information about security best practices for related SQL Server databases.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for Archive storage for backup of VMs and SQL on board VMs

In Azure Backup, you can now move recovery points to save costs and keep your backup data longer. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Using Azure PowerShell, it is possible to move these backups from the standard tier to the new archive tier.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can be done in an integrated way from the Azure portal, with a simple and intuitive process.

Azure Site Recovery

ASR support for global disaster recovery

Azure Site Recovery (ASR) introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected.

Extended the date of withdrawal of Hard coded IP address

Microsoft has extended the retirement date for hard coded IP addresses to connect with Azure Site Recovery services to 31 August 2024. This allows you to have more time to adjust the configurations of the environments to use the Azure service tags.

Migrate

Azure Migrate

Software inventory and agentless dependency analysis

In Azure Migrate it is now possible to inventory applications, roles and features installed and perform dependency analysis, on Windows and Linux servers, without installing any agent. Agentless dependency analysis allows you to identify and understand dependencies between servers, supporting data collection for up to 1000 servers at the same time.

Discovery and assessment of ASP.NET Web Apps with Azure Migrate (preview)

Azure Migrate now allows you to identify and assess ASP.NET Web Apps running on the on-premises IIS Web server and manage their migration. Until now, it was necessary to use tools such as App Service Migration Assistant to evaluate the Web Apps. Thanks to the introduction of this feature in Azure Migrate, it is possible to discover the .NET Web Apps running in your VMware environment and create assessments to manage the migration to Azure IaaS or Azure App Service.

Containerization of apps and migration to AKS or Azure App Service

The Azure Migrate app containerization tool allows you to modernize existing ASP.NET and Java web applications, using a containerization approach that requires little or no application changes. The tool groups existing applications running on servers in a container image and allows them to be deployed in containers running in Azure Kubernetes Service(AKS) or in Azure App Service. As part of the migration process, the tool allows you to parameterize the application configurations, outsource file system dependencies using persistent volumes and configure the containerized application monitor using Application Insights.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult the this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (August 2021 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Placement polices for Azure VMware Solution (preview)

Placement policies are used to define constraints for running virtual machines in the Azure VMware Solution software-defined data center (SDDC). These constraints allow you to decide where and how the virtual machines should run within the SDDC clusters. Placement polices are used to support performance optimization of virtual Machines (VMs) through policy, and help mitigate the impact of maintenance operations to policies within the SDDC cluster. When you create a placement policy, it creates a vSphere Distributed Resource Scheduler (DRS) rule in the specified vSphere cluster. It also includes additional logic for interoperability with Azure VMware Solution operations.

New VM series supported by Azure Batch

The selection of VMs that can be used by Azure Batch has been expanded, allowing newer Azure VM series to be used. The following additional VM series can now be specified when Batch pools are created:

Azure Virtual Machines: retired series

Microsoft is retiring:

  • H-series Azure Virtual Machine sizes (H8, H8m, H16, H16r, H16m, H16mr, H8 Promo, H8m Promo, H16 Promo, H16r Promo, H16m Promo, and H16mr Promo) on 31 August 2022.
  • ND-series virtual machine sizes on 31 August 2022.
  • Basic and Standard A-series VMs on 31 August 2024.

Azure Government Top Secret now generally available for US national security missions

Azure Government Top Secret is available for US and this is a significant milestone in Microsoft commitment to bringing unmatched commercial innovation to US government customers across all data classifications. This announcement, together with new services and functionality in Azure Government Secret, provides further evidence of Microsoft’s relentless commitment to the mission of national security, enabling customers and partners to realize the vision of a multi-cloud strategy and achieve greater agility, interoperability, cost savings, and speed to innovation.

Storage

Azure Blob storage inventory

Inventory provides an easy way to gain insights into the containers and all block, append, and page blobs stored within an account. Blob Inventory can be selected to provide a full listing of all blobs and containers on a daily or weekly basis. Prior to Inventory, either a separate catalog system or, listing of all blobs and analyzing added complexity and cost to solutions that used blob storage. With inventory, all blobs and containers that match an optional filter will be listed on a daily or weekly basis to a CSV or Parquet file that can then be processed for insights.

Azure Archive Storage events for easy rehydration of archived blobs

The Azure Archive Storage provides a secure, low-cost means for retaining cold data including backups and archival storage. When your data is stored in Archive Storage, the data is offline and not available for read until it is moved to the hot or cool tier. Previously, the only way to determine when blob rehydration was complete and available to be read was to repeatedly poll the status of the rehydration operation, increasing complexity and cost. Azure Event Grid now supports events that fire when a blob is rehydrated from the archive tier. The Microsoft.Storage.BlobCreated event fires when a blob is copied from the archive tier to a new destination blob in the hot or cool tier. The Microsoft.Storage.BlobTierChanged event fires when the archived blob’s tier is changed to hot or cool. Your application can handle these events in order to respond to blob rehydration.

Azure Blob storage: last access time tracking

Last access time tracking integrates with lifecycle management to allow the automatic tiering and deletion of data based on when individual blobs are last accessed. This allows greater cost control as well as an automatic workflow including deletion of data after it is no longer used. Last access time can also be used without lifecycle management by any solution that needs to understand when individual blobs are last read and then take action. Lifecycle management with last access time tracking is available in all public regions for accounts with flat namespace used. Azure Data Lake Storage Gen2 will be supported later this year.

Networking

Network Insights: enhanced troubleshooting experiences for additional resources

You now have access to rich insights and enhanced troubleshooting experiences for four additional networking resources in Network Insights: Private Link, NAT Gateway, Public IP, and NIC.

With the onboarding of these resources, customers can access:

  • A resource topology showing resource health and connected resources
  • A pre-built workbook showing all key metrics along multiple
  • Direct links to documentation and troubleshooting help

Everything you need to know about Windows Server 2022 – Part 2 of 2

The new operating system Windows Server 2022, based on the solid foundation of the predecessor Windows Server 2019, brings numerous innovations in the field of security, in integration and hybrid management in the Azure environment, and as an application platform. The article is divided into two parts, in first part the available editions have been discussed, functionalities for hybrid environments and aspects related to the application platform. This second part shows the main features of the new server operating system in the security and storage area, but not only.

Security

Windows Server 2022 combines different security features in different areas to provide advanced multi-layered protection capable of effectively countering increasingly sophisticated security threats.

Secured-core server

Windows Server 2022 is part of the program Secured-Core of Microsoft. This program was initially launched with PC hardware partners and then extended to the server area as well. Secured-core offers transversal security on hardware and firmware, integrated into the functionalities of the operating system, that can help protect servers from advanced threats.

Using a combination of identity features, virtualization, operating system and hardware defenses, Secured-Core servers offer both hardware and software protection. With Windows Defender System Guard, integrated into Windows Server 2022, Secured-Core servers allow organizations to have guarantees on the integrity of the operating system and checks to help prevent firmware attacks.

Secured-core server is based on three fundamental pillars:

  • Simplified security: when purchasing hardware from an OEM for Secured-core servers, you can be sure that the vendor provides a hardware set with firmware and drivers capable of fulfilling the Secured-core promise. Furthermore, the Windows Server configuration experience will be simple and the Secured-core security features can be enabled directly from the Windows Admin Center.
  • Advanced security by contemplating the following areas:
    • Root-of-trust hardware (TPM 2.0 come standard)
    • Firmware protection
    • Virtualization-based security (VBS)
  • Preventive defense: enabling the Secured-core functionality helps to proactively defend oneself and to interrupt many of the paths that attackers can use to compromise a system.

Secure connectivity

To increase the level of security in communications, in Windows Server 2022 the following new features have been introduced:

  • Transport: HTTPS e TLS 1.3 enabled by default
  • Secure DNS: DNS name resolution requests encrypted with DNS-over-HTTPS
  • Server Message Block (SMB): introduced support for AES-256 encryption for the SMB protocol
  • SMB: East-West SMB encryption controls for internal communications of cluster systems. Failover clusters now support granular control of intra-node communication encryption and signing for Cluster Shared Volumes (CSV) and for the storage bus layer (SBL). This means that when using Storage Spaces Direct, you can decide to encrypt or sign east-west communications within the cluster itself for greater security.
  • SMB over QUIC. QUIC is a standard protocol designed to provide a more reliable connection over unsecured networks, like the Internet. QUIC uses a TLS encrypted tunnel 1.3 on the UDP port 443. Inside this tunnel all SMB traffic, including the authentication and authorization process, it is never exposed on the network and SMB behaves in a completely normal way offering the usual capabilities. SMB over QUIC in Windows Server 2022 Datacenter: Azure Edition uses the updated version of the SMB protocol (version 3.1.1). Using SMB over QUIC in conjunction with TLS 1.3, users and applications can securely and reliably access data on file servers running in the Azure environment, without having to adopt VPN connections.

Storage innovations

In the storage field Windows Server 2022 brings the following news:

  • Storage Migration Service: there are several improvements regarding this service, useful for simplifying storage migrations to both Windows Server and Azure, including:
    • Migration of local users and groups to the new server.
    • Storage migration between failover clusters, and migration between standalone servers and failover clusters.
    • Storage migration from Linux servers using Samba.
    • Easier synchronization of migrated shares with Azure, using Azure File Sync.
    • Easier migration to new environments, such as Azure.
    • Migration of NetApp CIFS servers from NetApp FAS arrays to Windows servers and clusters.
  • Storage Space Direct introduces the new feature User adjustable storage repair speed which gives you greater control over the data resync process by allocating resources to repair copies of the data (resilience) or to run active workloads (performance).
  • SMB compression: thanks to improvements on the SMB side in Windows Server 2022 and Windows 11 files can be compressed during network transfer, thus obtaining benefits in transfer times.
  • Storage bus cache is also available for standalone servers. This feature can significantly improve read and write performance, maintaining high storage efficiency and low operating costs. As is the case in its implementation for Storage Spaces Direct, this function merges the fastest media (for example, NVMe or SSD) with slower media (for example, HDD) to create different tiers. Some of the faster media is reserved for the cache.

More new features

In addition to the aspects covered in the previous paragraphs, the following features have been announced:

  • La Nested Virtualization in Windows Server 2022 it is also available for AMD processors, thus expanding the choice of hardware for your environment.
  • Microsoft Edge is included with Windows Server 2022, in place of Internet Explorer. Edge can be used with the Server Core and Server with Desktop Experience installation options.

Conclusions

Windows Server 2022 evolves the mature and consolidated Windows Server platform by introducing a series of innovative updates in different areas. There are therefore various advantages for companies to evaluate the adoption of this new server operating system, in particular, for those who use Windows Server in an Azure environment.

Everything you need to know about Windows Server 2022 – Part 1 of 2

The new operating system Windows Server 2022, based on the solid foundation of the predecessor Windows Server 2019, brings numerous innovations in the field of security, in integration and hybrid management in the Azure environment, and as an application platform. The article is divided into two parts, this first part shows the main features of the new server operating system relating to the editions available, the features designed for hybrid environments and the new aspects related to the application platform.

Editions

Windows Server 2022 is characterized by the following aspects relating to the editions:

  • Windows Server 2022 will have a Standard edition, a Datacenter edition and a new version called Azure Datacenter.
  • The Azure Datacenter edition of Windows Server 2022 it will only be supported on Azure (Azure IaaS or Azure Stack HCI – 21H2) and offers specific features not available outside of these environments (hotpaching, SMB over QUIC, and Azure Extended Networking).
  • For all editions Windows Server 2022 there are both Core and Desktop installation options.
  • You will be able to upgrade in place Windows Server 2019 Datacenter Edition to bring it to the new Windows Server 2022 Datacenter Azure edition. Nevertheless, the upgrade in place for server operating systems is a practice to be carefully evaluated and, if possible, to be avoided.
  • Microsoft recently updated its servicing model for server operating systems. In fact, Microsoft has decided to abandon the semi-annual versions of Windows Server and, starting with Windows Server 2022, there is only one main release channel, the Long-Term Servicing Channel. With the Long-Term Servicing Channel, a new major version of Windows Server is released every 2-3 years. Users are entitled to 5 years of mainstream support and 5 years of extended support. This channel provides systems with prolonged maintenance and functional stability. The Long-Term Servicing Channel receives security and non-security updates, but it does not receive new features and new functionalities. The Semi-Annual Channel, available in previous versions of Windows Server, it was suitable for containers and microservices. In these areas, innovation will continue with Azure Stack HCI. In this regard, please note that the operating system of the Azure Stack HCI solution is a specific and dedicated operating system with a simplified composition, which includes only the roles needed by the solution.

Hybrid Functionality

Using Windows Server 2022 it is possible to increase efficiency and agility by using features designed for hybrid environments and fully integrated into the operating system.

Azure Automanage – Hotpatch

The Hotpatch feature, part of Azure Automanage, is supported in Windows Server 2022 Datacenter: Azure Edition. Support is currently for installations made in Core mode, but will also be extended to Desktop installations in the future. Hotpatching is a new mechanism, used to install updates on Windows Server Azure Edition virtual machines, which allows you to reduce the number of reboots required to install updates.

Azure Automanage allows you to orchestrate the installation of security patches on top of a Cumulative Update, which is released every three months. Cumulative Update requires a system restart, but the security patches released between the Cumulative Updates can modify the code running in memory without the need to reboot the machine.

For more information about this feature, you can consult the specific Microsoft documentation.

Windows Admin Center

Windows Admin Center (WAC) introduces specific improvements for management of Windows Server 2022, among which WAC allows you to check the status of the Secured-core and, where applicable, allows its enabling.

Azure Arc

Also Windows Server 2022 allows Azure Arc to be enabled for management, physical servers and virtual machines residing outside Azure (on the on-premises corporate network or at other cloud providers), consistent with the management methodologies of native virtual machines residing in the Azure environment. In fact, connecting a machine to Azure through Arc is considered in all respects as an Azure resource. Each connected machine has a specific ID, it is included in a resource group and benefits from standard Azure constructs.

Application platform

There are several improvements that Windows Server 2022 brings to the application field, among the main ones we find:

  • Reducing the size of the Windows Container image down to 40%, which leads to a faster boot time than the 30% and better performance.
  • Ability to run applications that depend on Azure Active Directory with group Managed Services Accounts (gMSA) without having to join the host container domain.
  • Windows Container support of Microsoft Distributed Transaction Control (MSDTC) and Microsoft Message Queuing (MSMQ).
  • Simplification of the Windows Container experience in the Kubernetes environment, including: support for host-process containers for node configuration, IPv6 and the implementation of network policies with Calico.
  • In addition to the platform improvements, Windows Admin Center has been updated to simplify containerization of .NET applications. Once the application is in a container, you can host it in an Azure Container Registry and then deploy it to other Azure services, even Azure Kubernetes Service (AKS).
  • Thanks to the support of Intel Ice Lake processors, Windows Server 2022 supports large-scale business-critical applications, such as SQL Server, which take up to 48 TB of memory e 2.048 logical cores running on 64 physical sockets. Using Intel Secured Guard Extension Confidential computing technology (SGX) available on Intel Ice Lake, you can get an improvement in the area of ​​application security, isolating them from each other through memory protection.

The second part of the article reports the main features of the new server operating system in the security and storage area, but not only.

Azure IaaS and Azure Stack: announcements and updates (August 2021 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Automatic Azure VM extension upgrade capabilities

Azure Virtual Machine extensions are small applications that provide post-deployment configuration and automation on Azure VMs. The ability to automatically upgrade VM extensions is now available for Azure Virtual Machines and Virtual Machine Scale Sets. If the automatic extension upgrade feature is enabled for an extension on a VM or a VM scale set, the extension is upgraded automatically whenever the extension publisher releases a new version. Azure manages the upgrade rollout and the upgrades are safely applied following availability-first principles, keeping your environments more secure and up to date.

Storage

Azure File Sync agent v13

Improvements and issues that are fixed in the v13 release:

  • Authoritative upload: authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
  • Portal improvements to view cloud change enumeration and sync progress: when a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
  • Support for server rename: if a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
  • Support for Windows Server 2022 Preview: the Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
  • Miscellaneous improvements:
    • Reliability improvements for sync, cloud tiering and cloud change enumeration.
    • If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
    • The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
    • Explorer.exe is now excluded from cloud tiering last access time tracking.
    • New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 13.0.0.0.
  • Installation instructions are documented in KB4588753.

Networking

Re-size Azure virtual networks that are peered (preview)

Virtual networks in Azure have had a long-standing constraint where any address space change is only allowed if the virtual network does not have any peerings. Microsoft is announcing that this limitation has been lifted, and customers can freely resize their virtual networks without incurring any downtime. With this feature, existing peerings on the virtual network do not need to be deleted prior to adding or deleting an address prefix on the virtual network.

Azure VPN Client for macOS

Azure VPN Client for macOS is available with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol.

Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, you can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for your Mac devices.

Azure ExpressRoute Global Reach: 2 new locations

There are 2 new locations for ExpressRoute Global Reach:

  • South Africa (Johannesburg only)
  • Taiwan

For more information about ExpressRoute Global Reach and available locations, visit ExpressRoute Global Reach webpage.

Azure VMware Solution: Disaster Recovery scenarios using VMware Site Recovery Manager

The corporate business is heavily dependent on IT solutions and often these are not properly structured to deal with incidents of any kind, even the most remote, which could cause damage, an interruption or loss of data. VMware Site Recovery Manager (SRM) is a disaster recovery solution that allows you to minimize the downtime of workloads in the VMware environment in the event of a disaster. SRM is very popular for customers who use VMware at on-premises datacenters and recently the possibility of using the same solution with Azure VMware Solution was announced (AVS). This article describes how SRM for AVS can simplify the management of Disaster Recovery strategies, ensuring rapid and predictable recovery times.

What is VMware Site Recovery Manager (SRM)?

VMware Site Recovery Manager is an automation solution, which integrates with underlying replication technology, able to offer:

  • Recovery test without service interruptions
  • Workflow able to guarantee the orchestration of DR plans in an automated way
  • Automatic reset of network and security settings (integration with VMware NSX)

The solution offers the possibility to insure in a simple and reliable way, restore and move virtual machines between multiple VMware sites with little or no downtime.

Site Recovery Manager allows you to natively take advantage of VMware vSphere and use the SDDC architecture (Software-Defined Data Center) integrating with other VMware solutions, such as VMware NSX (network virtualization) and VMware vSAN.

Site Recovery Manager requires one of the following underlying replication technologies to orchestrate virtual machine recovery operations:

  • VMware vSphere Replication: replication focused on VMs and based on the hypervisor. It is the solution natively integrated with Site Recovery Manager and included in most versions of vSphere.
  • Third party solutions: Site Recovery Manager uses plug-in SRA (Storage Replication Adapter) developed by storage partners for integration with third-party systems.

How to purchase SRM

Site Recovery Manager is available in two versions: Standard ed Enterpirse. Both versions of Site Recovery Manager are licensed “per protected virtual machine”.

  SRM STANDARD SRM ENTERPRISE
Licenses As far as 75 Protected VMs per site No license limit on the number of protected VMs
Exclusive features   –          Integration with VMware NSX

–          VMotion orchestrated movement between multiple vCenter instances

–          Extended storage support

–          Policy-based storage management

 

What is Azure VMware Solution (AVS)?

Azure VMware Solution (AVS) is a service that enables provisioning and execution of an environmentVMware Cloud Foundationfull in Azure.VMware Cloud Foundation is VMware's hybrid cloud platform for managing virtual machines and orchestrating containers, where the entire stack is based on a hyperconverged infrastructure (HCI). This architecture model ensures consistent infrastructure and operation across any private and public cloud, including Microsoft Azure.

Figure 1 – Azure VMware Solution Overview

The solutionAVS allows customers to adopt a full set of VMware features, with the guarantee of holding the validation "VMware Cloud Verified". At the same time the platform is maintained by Microsoft and automatic and regular updates are guaranteed, that allow you to take advantage of the latest feature sets, as well as obtaining high security and stability.

Thanks to this solution it is therefore possible to have consistency, performance and interoperability for existing VMware workloads, without sacrificing speed, the scalability and availability of the global Azure infrastructure.

An Azure VMware Solution Private Cloud includes:

  • vCenter server for managing ESXi and vSAN
  • Dedicated bare-metal servers provided with ESXi VMware hypervisor
  • VMware vSAN datastore for vSphere vMs
  • VMware NSX-T software defined networking for vSphere vMs
  • VMware HCX for workload mobility management

Figure 2 - Azure VMware Solution interconnection with the on-premises and Azure environment

Azure Private Cloud infrastructure contains vSphere clusters on dedicated bare metal systems, able to scale from 3 to 16 host. It also provides the ability to have multiple clusters in a single Azure Private Cloud. The hosts are high-end and equipped with two Intel processors 18 core of 2,3 GHz and 576 GB RAM.

VMware Site Recovery Manager (SRM) with Azure VMware Solution (AVS)

Site Recovery Manager (SRM) for Azure VMware Solution (AVS) is able to automate and orchestrate failover and failback processes in the following Disaster Recovery scenarios:

  • On-premise VMware to Azure VMware Solution private cloud disaster recovery
  • Primary Azure VMware Solution to a secondary disaster recovery Azure VMware Solution private cloud

Furthermore, thanks to the ability to perform failover tests without generating disruption to the production environment, it is possible to periodically guarantee the achievement of the recovery time objectives required for the disaster recovery plans.

Figure 3 - Diagram of a DR scenario between two Azure VMware Solution environments

Also in this scenario SRM is licensed and supported directly by VMware. Customers cannot reuse SRM licenses from the on-premises environment even in AVS environments, but new SRM licenses must be available for AVS environments.

Azure VMware Solution also provides a mechanism to simplify the installation and management of the SRM life cycle. In fact, by accessing the navigation menu in the AVS private cloud it is possible to install VMware SRM with vSphere Replication as an additional service. To do this, simply select “VMware Site Recovery Manager (SRM) - vSphere Replication ”from the Disaster Recovery Solution menu and follow the relevant instructions.

Figure 4 - Enabling of “VMware Site Recovery Manager (SRM) – vSphere Replication” from Disaster Recovery Solution menu of AVS

Use cases

This integration between Azure VMware Solution and Site Recovery Manager can be activated to implement the following types of recovery scenarios:

  • Planned migration. This is an orderly migration of virtual machines from the protected site to the recovery site where no data loss is expected during the guided migration of workloads.
  • Disaster Recovery. SRM activates the DR plan when the primary site unexpectedly goes offline. Site Recovery Manager orchestrates the recovery process with replication mechanisms, to minimize data loss and environment downtime.
  • Bidirectional protection. Bi-directional protection uses a single set of paired SRM sites to protect virtual machines in both directions. Each site can be a protected site and a recovery site at the same time, but for a different set of virtual machines.

Conclusions

Thanks to the introduction of this feature in AVS, starting from the automation functionality of VMware Site Recovery Manager recovery plans and the hypervisor-based replication capabilities of vSphere Replication, you can take advantage of an end-to-end Disaster Recovery solution, able to accelerate the enabling of the protection, as well as simplifying the operations necessary to implement DR plans. In this way, you can make the most of the agility and convenience of this solution in an Azure environment.

Azure IaaS and Azure Stack: announcements and updates (July 2021 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Shared disks on Azure Disk Storage are now generally available on all Premium SSD and Standard SSD sizes

Shared disks can now be leveraged on smaller Premium SSDs from 4GiB to 128 GiB and all Standard SSDs from 4 GiB to 32 TiB. This expands shared disk support to Ultra Disk, Premium SSD, and Standard SSD enabling you to optimize for different price and performance options based on your workload needs.

Immutable storage with versioning for Blob Storage (preview)

Immutable storage with versioning for Blob Storage is now available in preview. Immutable storage provides the capability to store data in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can’t be deleted until after that period has elapsed. Additionally, legal holds can be placed on data to make that data non-erasable and non-modifiable until the hold is removed. Immutable storage with versioning adds the capability to set an immutable policy on the container or object level. It also allows for the immutable protection of all past and current versions of any blob.

Networking

Next-generation firewall capabilities with Azure Firewall Premium

Microsoft Azure Firewall Premium is now available with this key features:

  • TLS inspection: Azure Firewall Premium terminates outbound and east-west transport layer security (TLS) connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.
  • IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic or known malicious instruction sequences used by malware.
  • Web categories: Allows administrators to filter outbound user access to the internet based on categories (for example, social networking, search engines, gambling, and so on), reducing the time spent on managing individual fully qualified domain names (FQDNs) and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
  • URL filtering: Allow administrators to filter outbound access to specific URLs, not just FQDNs. This capability works for both plain text and encrypted traffic if TLS inspection is enabled.

Application Gateway: new features for Web Application Firewall (WAF)

  • Bot protection: Web Application Firewall (WAF) bot protection feature on Application Gateway allows users to enable a managed bot protection rule set for their WAF to block or log requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. This rule set can be used alongside the OWASP core rule sets (CRS) to provide additional protection.

  • Geomatch custom rules: Web Application Firewall (WAF) geomatch custom rule feature on Application Gateway allows users to restrict access to their web applications by country/region. As with all custom rules, this logic can be compounded with other rules to suit the needs of your application.

Azure ExpressRoute: 3 New Peering Locations Available

Three new peering locations are available for ExpressRoute:

  • Campinas
  • Sao Paulo2
  • Dublin2

With this announcement, ExpressRoute is now available across 79 global commercial Azure peering locations.

New insights in Traffic Analytics

Azure Network Watcher Traffic Analytics solutions is used to monitor network traffic. It now provides WHOIS and Geographic data for all Public IPs interacting with your deployments and further adds DNS domain, threat type & threat description for Malicious IPs. Now, it also supports inter-zone traffic and VMSS level traffic insights.

Azure Management services: What's new in July 2021

Microsoft constantly announces news regarding Azure management services and as usual this monthly summary. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New built-in policies for Log Analytics workspaces and linked automation accounts

When designing and deploying Azure Monitor Log Analytics workspaces, it is advisable to adopt specific criteria to distribute them consistently, in compliance with the compliance of their environment. Thanks to a new built-in policy it is possible to automate and control the distribution of Log Analytics workspaces and the Automation Accounts connected to them in your own environments.

Better integration between Azure Monitor and Grafana

Grafana is a very popular open source visualization and analysis software, which allows you to query, view and explore various metrics from multiple data sources in a centralized way. Recently, some updates have been made to the Azure Monitor plug-in for Grafana that allow you to enable additional data sources and easier authentication via managed identity. Among the main improvements we find:

  • Azure Resource Graph in the Azure Monitor Grafana data source. Azure Resource Graph (ARG) is a service in Azure that allows you to perform large-scale queries on a given subscription set, so that you can effectively govern your environment. With Grafana 8.0, Azure Monitor data source supports querying ARG.
  • Managed Identities are supported for the Grafana data source hosted in Azure and for Azure Monitor. Customers hosting Grafana on Azure (e.g.. App Service, Azure Virtual Machine) and have enabled managed identity on their virtual machine, they will be able to use it to configure Azure Monitor in Grafana. This aspect simplifies the configuration of the data source, requiring it to be securely authenticated without having to manually configure credentials through app registrations in Azure AD for each data source.
  • Direct links to the Azure portal for Grafana metrics. To allow easy exploration of Azure Monitor metrics directly from Grafana, when a user selects the result of a query, a menu appears with a link to “View in the Azure portal”. Selecting it will redirect you to the corresponding chart in the Azure Metrics Explorer portal.

Direct proxy and Log Analytics gateway support for the new agent

Following the recent announcement on the availability of the new Azure Monitor agent (AMA) and data collection rules (Data Collection Rules), support for direct proxies and support for Log Analytics gateways is introduced for this agent.

Configure

Azure Automation

Support for User Assigned Managed Identities (preview)

Azure Automation has introduced support for User Assigned Managed Identities, which allows you to eliminate the effort of managing RunAs Accounts for runbooks. A User Assigned Managed Identities is an independent Azure resource that can be assigned to the Azure Automation account, which can have multiple associated user-assigned identities. The same identity can be assigned to multiple Azure Automation accounts.

Govern

Azure Policy

Azure Policy built-in for Network Watcher Traffic Analytics

Traffic Analytics is based on the analysis of NSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment. The following new built-in policies have been introduced to facilitate the deployment of Traffic Analytics:

  • An audit policy: Flag flow logs resource without traffic analytics enabled
  • DeployIfNotExists policies: Enable Traffic Analytics on NSGs in an Azure region of a subscription or resource group

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent erroneous spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 56 that solves several issues and introduces some improvements. In particular, this update introduces the following new features:

  • Microsoft Azure Site Recovery (services): Improvements have been made to enable replication and new protection operations to be faster than 46%.
  • Microsoft Azure Site Recovery (portal): Replication between any two Azure regions around the world can now be enabled. You are no longer limited to enabling replication on your continent.

The details and the procedure to follow for the installation can be found in the specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (July 2021 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Free Extended Security Updates only on Azure for Windows Server 2012/R2and SQL Server 2012

On-premises Windows Server and SQL Server customers looking to migrate and modernize can take advantage of the extension of free Extended Security Updates (ESUs) for Windows Server 2012/R2 and SQL Server 2012, as follows:

  • Windows Server 2012 and 2012 R2 Extended Support (ESU) will end on October 10, 2023. Extended Support for SQL Server 2012 ends July 12, 2022. Customers that cannot meet this deadline can protect their apps and data running on these releases for three additional years when they migrate to Windows Server and SQL Server on Azure and take advantage of free ESUs on Azure. Customers running Windows Server and SQL Server on these releases and on-premises will have the option to purchase ESUs.
  • Windows Server and SQL Server 2008 and 2008 R2 three-year ESUs are coming to an end on January 10, 2023, and July 12, 2022, respectively. Customers who need more time to migrate and modernize will be able to take advantage of a Windows Server and SQL Server 2008 and 2008 R2 on Azure, we will now provide one addiitonal year of extended security updates only on Azure.

Virtual Machine (VM) bursting is now generally available on more VM types

Virtual machine level disk bursting is a now enabled for our Dsv4, Dasv4, Ddsv4, Esv4, Easv4, Edsv4, Fsv2 and B-series VM families, which allows your virtual machine to burst its disk IO and MiB/s throughput performance for a short time daily. This enables your VMs to handle unforeseen spikey disk traffic smoothly and process batched jobs with speed. There is no additional cost associated with this new capability or adjustments on the VM pricing and it comes enabled by default.

HPC Cache on E-Series VMs Support of Blob NFS 3.0

The Azure Blob team recently announced that Blob NFS 3.0 protocol support is generally available and now, Azure HPC Cache will follow suit with general availability using E-Series VMs.

Storage

Azure File Sync agent v13

The Azure File Sync agent v13 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed in the v13 release:

  • Authoritative upload. Authoritative upload is a new mode available when creating the first server endpoint in a sync group. It is useful for the scenario where the cloud (Azure file share) has some/most of the data but is outdated and needs to be caught up with the more recent data on the new server endpoint. This is the case in offline migration scenarios like DataBox, for instance. When a DataBox is filled and sent to Azure, the users of the local server will keep changing / adding / deleting files on the local server. That makes the data in the DataBox and thus the Azure file share, slightly outdated. With Authoritative Upload, you can now tell the server and cloud, how to resolve this case and get the cloud seamlessly updated with the latest changes on the server. No matter how the data got to the cloud, this mode can update the Azure file share if the data stems from the matching location on the server. Be sure to avoid large directory restructures between the initial copy to the cloud and catching up with Authoritative Upload. This will ensure you are only transporting updates. Changes to directory names will cause all files in these renamed directories to be uploaded again. This functionality is comparable to semantics of RoboCopy /MIR = mirror source to target, including removing files on the target that no longer exist on the source. Authoritative Upload replaces the “Offline Data Transfer” feature for DataBox integration with Azure File Sync via a staging share. A staging share is no longer required to use DataBox. New Offline Data Transfer jobs can no longer be started with the AFS V13 agent. Existing jobs on a server will continue even with the upgrade to agent version 13.
  • Portal improvements to view cloud change enumeration and sync progress. When a new sync group is created, any connected server endpoint can only begin sync, when cloud change enumeration is complete. In case files already exist in the cloud endpoint (Azure file share) of this sync group, change enumeration of content in the cloud can take some time. The more items (files and folders) exist in the namespace, the longer this process can take. Admins will now be able to obtain cloud change enumeration progress in the Azure portal to estimate an eta for completion / sync to start with servers.
  • Support for server rename. If a registered server is renamed, Azure File Sync will now show the new server name in the portal. If the server was renamed prior to the v13 release, the server name in the portal will now be updated to show the correct server name.
  • Support for Windows Server 2022 Preview. The Azure File Sync agent is now supported on Windows Server 2022 Preview build 20348 or later. Note: Windows Server 2022 adds support for TLS 1.3 which is not currently supported by Azure File Sync. If the TLS settings are managed via group policy, the server must be configured to support TLS 1.2.
  • Miscellaneous improvements:
    • Reliability improvements for sync, cloud tiering and cloud change enumeration.
    • If a large number of files is changed on the server, sync upload is now performed from a VSS snapshot which reduces per-item errors and sync session failures.
    • The Invoke-StorageSyncFileRecall cmdlet will now recall all tiered files associated with a server endpoint, even if the file has moved outside the server endpoint location.
    • Explorer.exe is now excluded from cloud tiering last access time tracking.
    • New telemetry (Event ID 6664) to monitor the orphaned tiered files cleanup progress after removing a server endpoint with cloud tiering enabled.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 Preview installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 13.0.0.0.
  • Installation instructions are documented in KB4588753.

Azure Blob storage: container Soft Delete

Administrators can set a retention policy and recover data from a deletion of a blob container without contacting support.

HPC Cache for NVME-based Storage, Storage Target Management, and HIPAA Compliance

The latest release of HPC Cache adds support for high throughput VMs as well as enhancements to storage target operations.

Disk pool for Azure VMware Solution (preview)

With disk pool, Azure VMware Solution customers can now access Azure Disk Storage for high-performance, durable block storage. Customer can scale their storage independent of compute and handle their growing data needs more cost-effectively.

Networking

Azure Bastion Standard SKU public (preview)

With the new Azure Bastion Standard SKU, you can now perform/configure the following: 

  • Manually scale Bastion host Virtual Machine instances: Azure Bastion supports manual scaling of the Virtual Machine (VM) instances facilitating Bastion connectivity. You can configure 2-50 instances to manage the number of concurrent SSH and RDP sessions Azure Bastion can support. 

  • Azure Bastion admin panel: Azure Bastion supports enabling/disabling features accessed by the Bastion host. 

Azure Web Application Firewall: OWASP ModSecurity Core Rule Set 3.2 (preview)

Open Web Application Security Project (OWASP) ModSecurity Core Rule Set 3.2 (CRS 3.2) for Azure Web Application Firewall (WAF) deployments running on Application Gateway is in preview. This release offers improved security from web vulnerabilities, reduced false positives, and improvements to performance. Microsoft is also announcing an increase in the file upload limit and request body size limit to 4GB and 2MB respectively.