Category Archives: Datacenter Management

The cost model for Azure Stack HCI (12/2022)

Technologies from different vendors are available on the market that allow you to build hyper-converged infrastructures (HCI). Microsoft in this sector offers an innovative solution called Azure Stack HCI, deployed as an Azure service, that allows you to achieve high performance, with advanced security features and native integration with various Azure services. This article describes how much you need to invest to get the Azure Stack HCI solution and what aspects you can consider to structure the cost model as you like..

Premise: OPEX vs CAPEX

The term CAPEX (contraction from CAPital EXpenditure, ie capital expenditures) indicates the cost of developing or providing durable assets for a product or system.

Its counterpart, operational expenditure or OPEX (from the English term OPerational EXpenditure) is the cost of managing a product, a solution or a system. These are also called costs O&M (Operation and Maintenance) or operating and management costs.

CAPEX costs usually require a budget and a spending plan. Also for these reasons, companies generally prefer to incur OPEX costs, as they are easier to plan and manage.

Clarify these concepts, now let's see the Azure Stack HCI cost model and how to get a totally OPEX model.

Hardware costs

In order to activate the Azure Stack HCI solution, it is necessary to have on-premise hardware to run the dedicated operating system of the solution and to run the various workloads. There are two possibilities:

  • Azure Stack HCI Integrated Systems: determined by the vendor, offer specially structured and integrated systems for this solution, that provide an appliance-like experience. These solutions also include integrated support, jointly between the vendor and Microsoft.
  • Azure Stack HCI validated nodes: implementation takes place using hardware specifically tested and validated by a vendor. In this way you can customize the hardware solution according to your needs, going to configure the processor, memory, storage and features of network adapters, but respecting the supplier's compatibility matrices. There are several hardware vendors that offer suitable solutions to runAzure Stack HCI and can be consulted by accessingthis link. Most implementations are done in this way.

Figure 1 - Hardware deployment scenarios

Also for the hardware it is possible to make some evaluations to adopt a cost model based on rental. In fact,, major vendors such as HPE, Dell and Lenovo, are able to offer the necessary hardware in "infrastructure as-a-service" mode, through a payment model based on use.

Azure costs

Despite being running on premise, Azure Stack HCI provides for billing based on Azure subscription, just like any other service in Microsoft's public cloud.

Azure Stack HCI offers a free trial period that allows you to evaluate the solution in detail. The duration of this period is equal to 60 days and starts from when you complete the registration of the cluster environment in Azure.

At the end of the trial period, the model is simple and costs “10 € / physical core / month"*. The cost is therefore given by the total of physical cores present in the processors of the Azure Stack HCI cluster. This model does not provide for a minimum or a maximum on the number of physical cores licensed, much less limits on the activation duration.

Financial benefits for customers with a Software Assurance agreement

Customers who have Windows Server Datacenter licenses with active Software Assurance, can activate’Azure Hybrid Benefit also for Azure Stack HCI cluster. To activate this benefit, at no additional cost, you will need to exchange a Windows Server Datacenter core license with Software Assurance for an Azure Stack HCI physical core. This aspect allows to zero the Azure costs for the Azure Stack HCI host fee and provides the right to run an unlimited number of Windows Server guest virtual machines on the Azure Stack HCI cluster.

Furthermore, Azure Hybrid Benefits can also be activated for Azure Kubernetes Service (AKS). In this case, Windows Server StandardDatacenter licenses with active Software Assurance are required, or the presence of a Cloud Solution Provider subscription (CSP). Each Windows Server core license entitles you to use an AKS virtual core.

In the following image it is summarized as, customers with Software Assurance, can use Azure Hybrid Benefit to further reduce costs in the cloud, in on-premises datacenters and peripheral offices.

Figure 2 – What is included in the Azure Hybrid Benefit for customers in Software Assurance

Specifically for customers with a Software Assurance agreement, the adoption of Azure Stack HCI translates into a drastic reduction in the costs of modernizing the virtualization environment, making this solution even more competitive from a cost point of view compared to competitors on the market. To consult in detail the licensing requirements you can refer to this document.

Costs for guest VMs

The Azure costs listed in the previous paragraph do not include the operating system costs for guest machines running in the Azure Stack HCI environment. This aspect is also common to other HCI platforms, like Nutanix and VMware vSAN.

The following image shows how the licensing of guest operating systems can take place:

Figure 3 – Licensing of guest operating systems

Costs for Windows Server virtual machines

There are mainly two options for licensing Windows Server guest machines in Azure Stack HCI:

  • Buy Windows Server licenses (CAPEX mode), Standard or Datacenter, which include the right to activate the OS of guest virtual machines. The Standard Edition may be suitable if the number of Windows Server guest machines is limited, while if there are several Windows Server guest systems, it is advisable to evaluate the Datacenter Edition which gives the right to activate an unlimited number of virtualized Windows Server systems.
  • Pay for the Windows Server license for guest systems through your Azure subscription, just like in Azure environment. Choosing this option will incur a cost (OPEX) bet a “€22.4 / physical core / month ”* to be able to activate an unlimited number of Windows Server guest systems in the Azure Stack HCI environment.

*Costs estimated for the West Europe region and subject to change. For more details on the costs of Azure Stack HCI you can consult the Microsoft's official page.

Charges for other workloads running on Azure Stack HCI

The result we intend to pursue with the Azure Stack HCI infrastructure is to be able to run in an on-premises environment, not just virtual machines, but the same Microsoft public cloud workloads. To achieve this Microsoft is bringing the most popular Azure workloads to Azure Stack HCI and the following cost considerations apply to each of them:

  • Azure Kubernetes Service: the configuration of the K8s Arc enabled cluster is free **.
  • Azure Arc-enabled data services:
    • For SQL Server, customers can purchase SQL Server licenses in CAPEX mode or, who already has SQL licenses, can use Azure Hybrid Benefit for Azure Arc-enabled SQL Managed Instance, without having to pay the SQL license again.
    • If you want to switch to an OPEX model, you can obtain Microsoft SQL Server licenses through Microsoft's Azure Arc-enabled data services **.
  • Azure Virtual Desktop:
    • User access rights for Azure Virtual Desktop. The same licenses that grant access to Azure virtual desktops in the cloud also apply to Azure Virtual Desktop in Azure Stack HCI.
    • Azure Virtual Desktop Hybrid Service Fee. This fee is charged for each virtual CPU (vCPU) used by Azure Virtual Desktop session hosts running in Azure Stack HCI environment.

**For more details on Azure Arc costs you can consult this page.

Support costs

Azure Stack HCI, being in effect an Azure solution, is covered by Azure support with the following features:

  • A choice is provided between several Azure support plans, depending on your needs. Basic support is free, but in certain scenarios it is recommended that you at least consider Standard support, which provides a fixed monthly cost.
  • Technical support is provided by a team of experts dedicated to supporting the Azure Stack HCI solution and can be easily requested directly from the Azure portal.

Conclusions

Azure Stack HCI allows you to bring cloud innovation into your data center and at the same time create a strategic link to Azure. In the era of hybrid datacenters, a solution like Azure Stack HCI, allows you to structure the cost model at will and to have maximum flexibility. There are several vendors on the market offering solutions to build hyper-converged infrastructures (HCI) hybrid, and Azure Stack HCI can be very competitive, not only from the point of view of functionality, but also from the point of view of costs.

Azure IaaS and Azure Stack: announcements and updates (December 2022 – Weeks: 49 and 50)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Dedicated Host: Restart

Azure Dedicated Host gives you more control over the hosts you deployed by giving you the option to restart any host. When undergoing a restart, the host and its associated VMs will restart while staying on the same underlying physical hardware. With this new capability, now generally available, you can take troubleshooting steps at the host level.

New Memory Optimized VM sizes (preview)

The new E96bsv5 and E112ibsv5 VM sizes part of the Azure Ebsv5 VM series offer the highest remote storage performances of any Azure VMs to date. The new VMs can now achieve even higher VM-to-disk throughput and IOPS performance with up to 8,000 MBps and 260,000 IOPS. This enables you to run data intensive workloads more efficiently and process more data on fewer vCPUs, potentially optimizing infrastructure and licensing costs.

Networking

Feature enhancements to Azure Web Application Firewall (WAF)

Azure’s global Web Application Firewall (WAF) running on Azure Front Door, and Azure’s regional WAF running on Application Gateway, now support additional features that help organizations improve their security posture and make it easier to manage logging across resources:

  • SQL injection (SQLi) and cross site scripting (XSS) detection queries: new Azure WAF analytics SQLi and XSS detection rule templates simplify the process of setting up automated detection and response with Microsoft’s security incident & event management (SIEM) service: Microsoft Sentinel.
  • Azure policies for WAF logging: the regional WAF on Application Gateway and the global WAF running on Azure Front Door now have built-in Azure policies requiring resource logs and metrics. This allows organizations to enforce standards for WAF deployments to collect logs and metrics for further analysis and insights related to security events.

In addition, Azure regional WAF on Application Gateway now has:

  • Increased exclusion limit: CRS 3.2 or greater ruleset now supports exclusions limit up to 200, a 5x increase from older versions; allowing for greater customization on how the WAF handles managed rulesets.
  • Bot Manager ruleset exclusion rules: exclusions are extended to Bot Manager Rule Set 1.0. Learn more: WAF exclusions.
  • Uppercase transform on custom rules: you can now handle case sensitivity when creating custom WAF rules using uppercase transform in addition to the lowercase transform.

Storage

Azure NetApp Files cross-zone replication (preview)

The cross-zone replication feature allows you to replicate your Azure NetApp Files volumes asynchronously from one Azure availability zone (AZ) to another in the same region. It uses a combination of the SnapMirror® technology used with cross-region replication and the new availability zone volume placement feature, to replicate data in-region; only changed blocks are sent over the network in a compressed, efficient format. It helps you protect your data from unforeseeable zone failures, without the need for host-based data replication. This feature minimizes the amount of data required to replicate across the zones, therefore limiting data transfers required and also shortens the replication time, so you can achieve a smaller restore point objective (RPO). Cross-zone replication doesn’t involve any network transfer costs, and hence it is highly cost-effective.

How to simplify systems management with Azure Automanage

The adoption of cloud solutions has helped to reduce operating expenses (Opex) and the management costs in numerous areas of IT. In fact,, many systems that previously ran on-premises and were complex to maintain are now simple managed services in the cloud.. At the same time though, the execution of systems located in different environments; and the wide range of new Azure services, can make operational management articulated. Microsoft, to better manage the various services and their configuration, provides the solution Azure Automanage, which appropriately integrated with Azure Arc, allows you to automate various operations during the entire life cycle of the machines, regardless of where they reside. This article lists the characteristics of the solution, showing how Azure Automanage, together with Azure Arc, can facilitate the day-to-day tasks of system administrators and ensure optimal adherence to Microsoft best practices.

Simplify the configuration and management of systems wherever they reside

Azure Automanage Automatically implement best practices in machine management while ensuring security compliance, corporate compliance and business continuity. Furthermore, Azure Arc for servers extends the possibilities offered by Azure in the field of governance and management also to physical machines and virtual systems that reside in environments other than Azure. To learn more about the implementation guidelines, Microsoft's proven best practices and tools designed to accelerate your cloud adoption journey should be referenced Microsoft Cloud Adoption Framework.

Quickly configure Windows and Linux server

By adopting this solution, you can detect, integrate and configure different Azure services during the entire life cycle of the machines, making a distinction between Production environments and DevTest environments. Azure services automatically managed by Azure Automanage and related specifications are available in this Microsoft documentation:

Figure 1 – Overview of services managed by Azure Automanage

The inclusion of machines in the service can take place on a large scale or individually, with the certainty that if the systems do not comply with the best practices imposed, Azure Automanage will be able to detect and correct them automatically.

The service can be activated directly from the Azure portal and requires a few simple steps.

The choice of configuration profiles

Azure Automanage uses configuration profiles to determine which Azure services should be enabled on the selected systems. Two configuration profiles are currently available by default, one for the DevTest environment and one for the Production environment. The two profiles are distinguished by the types of services to be enabled on the different workloads. Furthermore, in addition to the standard profiles it is allowed to configure some custom profiles with a certain subset of preferences regarding the various services.

After you enable the service Azure Automanage The process that leads the machines back to the best practices specified in the chosen configuration profile is started.

The status of the VMs after activation of the service can be of different types, here described.

Azure Automanage also recently introduced new profile customization options and more supported operating systems, including Windows 10/11, Red Hat Enterprise Linux, Canonical Ubuntu and SUSE Linux Enterprise Server.

Configure Windows and Linux servers in Azure environments, hybrid or multi-cloud through Azure Arc

Azure Automanage can be enabled on both Azure VMs and Azure Arc-enabled servers. Furthermore, Azure Automanage for Windows Server offers new features specific to Windows Server Azure Edition, that improve the uptime of Windows Server VMs in Azure and Azure Stack HCI environment. These features include:

  • Hotpatch
  • SMB over QUIC
  • Azure Extended Networking

Advantages of the solution

The adoption of Azure Automanage involves several advantages for the customer that can be summarized in the following points:

  • Cost reduction, automating machine management
  • Optimize workload uptime by performing tasks in an optimized way
  • Control over the implementation of security best practices

Conclusions

Machine life cycle management, especially in heterogeneous and large environments, can be very expensive in terms of time and costs. Furthermore, activities that are repeated frequently can be prone to errors, leading systems to a non-optimal configuration. Thanks to this integration between Azure Automanage and Azure Arc it is possible to simplify and automate all the operations necessary to ensure that the systems adhere to the desired requirements.

Azure IaaS and Azure Stack: announcements and updates (December 2022 – Weeks: 47 and 48)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure HX series and HBv4 series virtual machines (preview)

The Azure HX series and HBv4 series virtual machines (VMs) are now in preview in the East US region. These VMs, powered by AMD 4th gen EPYCTM “Genoa” CPUs, improve the performance and cost-effectiveness of a variety of memory performance bound, compute bound, and massively parallel workloads. These new VMs deliver more performance, value-adding innovation, and cost-effectiveness to every Azure HPC customer.

Networking

Azure Bastion now support shareable links (preview)

With the new Azure Bastion shareable links feature in public preview and included in Standard SKU, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal.

This feature will solve two key pain points:

  • Administrators will no longer have to provide full access to their Azure accounts to one-time VM users, helping to maintain their privacy and security.
  • Users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.

Storage

Azure File Sync agent v15.2

Azure File Sync agent v15.2 is now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • Fixed a cloud tiering issue in the v15.1 agent that caused the following symptoms:
    • Memory usage is higher after upgrading to v15.1
    • Storage Sync Agent (FileSyncSvc) service intermittently crashes
    • Files are failing to recall with error ERROR_INVALID_HANDLE (0x00000006)
  • Fixed a health reporting issue with servers configured to use a non-Gregorian calendar

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations
  • The agent version for this release is 15.2.0.0
  • Installation instructions are documented in KB5013875

Azure Management services: what's new in November 2022

In November, Microsoft released some important news regarding Azure management services. Through these articles released on a monthly basis, we want to provide an overall overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Configure

Azure Automation

Support for Availability Zones

Azure Automation has introduced support for Availability Zones so that it can provide greater resiliency and reliability to the service, runbooks and other automation resources. In case a zone is inactive, no user action is required to recover from a zone fault, in fact, the service will be made accessible through the other available areas. In addition to high availability, this feature is useful for implementing a disaster recovery strategy for the Automation Account, often a key component in DR plans in Azure.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Ability to use tag inheritance to group subscriptions and resource groups.
  • View cost change over previous period, in the cost analysis preview.

Azure Advisor: new cost recommendations for Virtual Machine Scale Sets

Azure Advisor has expanded the recommendations to include cost optimizations for Virtual Machine Scale Sets as well. Recommendations will include recommendations for shutting down resources that are not being used, recommendations for changing the SKU and downscaling for underutilized resources versus provisioning.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Protecting containers in a GCP environment with Defender for Containers
  • Ability to validate Defender for Containers protections via sample alerts
  • Governance rules at scale (preview)

Protect

Azure Backup

Cross-subscription recovery for VMs in Azure (preview)

The Cross Subscription Restore feature was announced in preview and allows you to restore Azure virtual machines, by creating or restoring new disks, in any subscription, starting from the restore point created by Azure Backup. By default, Azure Backup restores in the same subscription where the recovery points are available. With this new feature, you get the flexibility to perform restores in any subscription of the tenant. Cross Subscription Restore is also supported for restore with Managed System Identities (MSI), while it is not currently supported for Azure encrypted virtual machines and Trusted Launch VMs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for using a sudo account to perform agentless dependency analysis on Linux servers running in environments VMware, Hyper-V and for physical systems or in other cloud environments.
  • Support for selecting VNets and Subnets during test migration (Using PowerShell) for the agentless VMware scenario.
  • OS disk swap support for agentless VMware scenario.
  • Support for pausing and resuming replicas using PowerShell for VMware agentless scenario.

Azure Database Migration

Offline Azure SQL Database migrations with the Azure SQL Migration extension

To perform offline migrations of SQL Server databases running on-premises, SQL Server on Azure virtual machines or any virtual machine running in the cloud (private, public) to Azure SQL Database you can use the extension Azure SQL Migration

New Azure SQL Migration extension migration feature provides an end-to-end experience to modernize SQL Servers in Azure SQL Database. The extension allows you to check the readiness of the migration with actions for: remedying possible migration blocks, export assessment results and get appropriate Azure recommendations.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (November 2022 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

What’s new in Azure VMware Solution

Recent updates for Azure VMware Solution:

  • Stretched Clusters for Azure VMware Solution, now in preview, provides 99.99 percent uptime for mission critical applications that require the highest availability. In times of availability zone failure, your virtual machines (VMs) and applications automatically failover to an unaffected availability zone with no application impact.
  • Azure NetApp Files Datastores is now generally available to run your storage intensive workloads on Azure VMware Solution. This integration between Azure VMware Solution and Azure NetApp Files enables you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and attach the datastores to your private cloud clusters of choice.
  • Customer-managed keys for Azure VMware Solution is now in preview, both supporting higher security for customers’ mission-critical workloads and providing you with control over your encrypted vSAN data on Azure VMware Solution. With this feature, you can use Azure Key Vault to generate customer-managed keys as well as centralize and streamline the key management process.
  • New node sizing for Azure VMware Solution. Start leveraging Azure VMware Solution across two new node sizes with the general availability of AV36P and AV52 in AVS. With these new node sizes organizations can optimize their workloads for memory and storage with AV36P and AV52.

Virtual Machine software reservations

The new Virtual Machine software reservations enable savings on your Virtual Machine software costs when you make a one- to three-year commitment for plans offered by third-party publishers such as Canonical, Citrix, and Red Hat.

Arm-based VMs now available in four additional Azure regions

The Dpsv5, Dplsv5, and Epsv5 VMs are available in the following additional four Azure regions: West US, North Central US, UK South, and France Central

Storage

Encrypt managed disks with cross-tenant customer-managed keys

Encrypting managed disks with cross-tenant customer-managed keys (CMK) enables you to encrypt managed disks with customer-managed keys using Azure Key Vault hosted in a different Azure Active Directory (AD) tenant.

Networking

New capabilities for Azure Firewall

Azure Firewall is a cloud-native firewall as a service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach.

Several key Azure Firewall capabilities are now generally available:

  • New GA regions in Qatar central, China East, and China North: Azure Firewall Standard, Azure Firewall Premium, and Azure Firewall Manager are now generally available in three new regions: Qatar Central, China East, and China North
  • IDPS Private IP ranges: in Azure Firewall Premium IDPS, Private IP address ranges are used to identify traffic direction (inbound, outbound, or internal) to allow accurate matches with IDPS signatures. By default, only ranges defined by Internet Assigned Numbers Authority (IANA) RFC 1918 are considered private IP addresses. To modify your private IP addresses, you can now easily edit, remove, or add ranges as needed.
  • Single Click Upgrade/Downgrade (preview): With this new capability, customers can easily upgrade their existing Firewall Standard SKU to Premium SKU as well as downgrade from Premium to Standard SKU. The process is fully automated and has zero service downtime.
  • Enhanced Threat Intelligence (preview): Threat Intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and FQDNs. With the new enhancement, Azure Firewall Threat Intelligence has more granularity for filtering based on malicious URLs. This means that customers may have access to a certain domain through a specific URL in this domain will be denied by Azure Firewall if identified as malicious.
  • KeyVault with zero internet exposure (preview): in Azure Firewall Premium TLS inspection, customers are required to deploy their intermediate CA certificate in Azure KeyVault. Now that Azure firewall is listed as a trusted Azure KeyVault service, customers can eliminate any internet exposure of their Azure KeyVault.

Azure Front Door: new features in preview

New features are available for Azure Front Door (preview):

  • Azure Front Door zero downtime migration. In March of this year, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model. The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.
  • Upgrade from Azure Front Door Standard to Premium tier: Azure Front Door supports upgrading from Standard to Premium tier without downtime. Azure Front Door Premium supports advanced security capabilities and has increased quota limit, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.
  • Azure Front Door integration with managed identities. Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.

Default Rule Set 2.1 for Azure Web Application Firewall

Default Rule Set 2.1 (DRS 2.1) on Azure’s global Web Application Firewall (WAF) running on Azure Front Door is available. This rule set is available on the Azure Front Door Premium tier.
DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes additional proprietary protections rules developed by Microsoft Threat Intelligence team. As with previous DRS releases, DRS 2.1 rules are also tailored by Microsoft Threat Intelligence Center (MSTIC). The MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address those issues while also reducing false positives to our customers.

Bot Manager Rule Set 1.0 on regional Web Application Firewall

A new bot protection rule set (Microsoft_BotManagerRuleSet_1.0) is now generally available for Azure Web Application Firewall (WAF) with Azure Application Gateway. Added to this updated rule set are three bot categories: good, bad, and unknown. Bot signatures are managed and dynamically updated by Azure WAF. The default action for bad bot groups is set to Block, for the verified search engine crawlers group it’s set to Allow, and for the unknown bot category it’s set to Log. You may overwrite the default action with Allow, Block, or Log for any type of bot rule

Per Rule Actions on regional Web Application Firewall

Azure’s regional Web Application Firewall (WAF) with Application Gateway running the Bot Protection rule set and Core Rule Set (CRS) 3.2 or higher now supports setting actions on a rule-by-rule basis. This gives you greater flexibility when deciding how the WAF handles a request that matches a rule’s conditions.

Azure Stack

Azure Stack HCI

Network HUD

Network HUD is a new feature, available with the November update on Azure Stack HCI that detects operational network issues causing stability issues or degrade performance. It distills the various indicators of problems generated by event logs, performance counters, the physical network and more, to proactively identify issues and alert you with contextual messages that you can act on. It also integrates with the existing alerting mechanisms you’re already used to and leverages Network ATC for intent-based analytics and remediation.

Azure Stack HCI: the constantly evolving hyper-converged solution – edition of November 2022

Azure Stack HCI is the solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment and that provides a strategic connection to various Azure services. Azure Stack HCI is also considered as a hybrid service of Azure and as such it is constantly evolving. Microsoft recently introduced a series of new features that pave the way for new Azure Stack HCI adoption scenarios and allow you to better manage your hybrid infrastructure based on this solution.. This article reports the main aspects that have undergone an evolution and the new features recently introduced in Azure Stack HCI.

Financial benefits for customers with a Software Assurance agreement

Customers who have Windows Server Datacenter licenses with active Software Assurance, can activate’Azure Hybrid Benefit also for Azure Stack HCI cluster. To activate this benefit, at no additional cost, you will need to exchange a Windows Server Datacenter core license with Software Assurance for an Azure Stack HCI physical core. This aspect allows to zero the Azure costs for the Azure Stack HCI host fee and provides the right to run an unlimited number of Windows Server guest virtual machines on the Azure Stack HCI cluster.

Furthermore, Azure Hybrid Benefits can also be activated for Azure Kubernetes Service (AKS). In this case, Windows Server StandardDatacenter licenses with active Software Assurance are required, or the presence of a Cloud Solution Provider subscription (CSP). Each Windows Server core license entitles you to use an AKS virtual core.

In the following image it is summarized as, customers with Software Assurance, can use Azure Hybrid Benefit to further reduce costs in the cloud, in on-premises datacenters and peripheral offices.

Figure 1 – What is included in the Azure Hybrid Benefit for customers in Software Assurance

Specifically for customers with a Software Assurance agreement, the adoption of Azure Stack HCI translates into a drastic reduction in the costs of modernizing the virtualization environment, making this solution even more competitive from a cost point of view compared to competitors on the market. To consult in detail the licensing requirements you can refer to this document.

22H2 update

The new update, known as “version 22H2” or “22H2 feature update”, has been officially released and is ready for use in the production environment. This version brings higher quality on several fronts of the solution.

The following points summarize the various features and the various improvements introduced to the Azure Stack HCI operating system, version 22H2:

  • Network ATC v2 is able to automatically assign IP addresses to intra-cluster storage networks and automatically name cluster networks based on their intended use. It can also manage the live migration settings, such as network selection, transport and bandwidth allocation.
  • Storage management is more flexible as existing storage volumes can be modified to increase their resilience (for example, passing from a two-way to a three-way mirror) or perform an in-place conversion from fixed provisioning to a thin one.
  • Storage replication in a stretched cluster is faster with the new optional compression capability.
  • Hyper-V live migration is more reliable for clusters to 2 and 3 nodes without the presence of specific switches.
  • On the networking side, a new tag-based network segmentation option is also available, which helps protect virtualized workloads from threats based on custom tags that are assigned.

To consult all the details relating to the 22H2 version you can consult this document.

All existing Azure Stack HCI clusters can receive the 22H2 update as a free over-the-air update and you can apply the update without interruption thanks to the cluster-aware update. Microsoft recommends version 22H2 for all new Azure Stack HCI implementations.

The management tools have also been revamped to support the functionality of this new update. In fact,, you can use Windows Admin Center to manage version 22H2. Furthermore, compatibility with System Center Virtual Machine Manager and Operations Manager is maintained, thanks to the first Update Rollup (UR1) for System Center 2022, which will add official support for Azure Stack HCI, version 22H2.

Azure Arc-enabled VM management

By adopting Azure Stack HCI and Azure Arc, cloud management models can also be applied to the on-premises environment. Earlier this year, Microsoft released the public preview for managing Azure Arc-enabled virtual machines, which allows you to deploy virtual machines on Azure Stack HCI via ARM, Azure CLI and Azure portal.

In this context, important new features have been introduced:

  • In addition to the use of customized images, images can now be accessed directly from the Azure Marketplace. This allows you to quickly deploy the latest fully updated Microsoft images, including Windows Server 2022 Azure Edition with hotpatching and Windows 11 Enterprise multi-session for Azure Virtual Desktop. Third party images will also be available in the future. This feature is natively integrated into Azure Arc and is designed to respect network bandwidth. In fact,, the images are optimized to minimize file size and you only need to download them once to create even several virtual machines.
  • When deploying a new VM in Azure Stack HCI through Azure Arc, the guest operating system is now automatically Arc-enabled. This means it is possible to use extensions for VMs, as Domain Join or Custom Script to deploy and configure applications. Other extensions will also be available in the future.

Azure Hybrid Kubernetes Service

Many enterprises have a mix of deprecated virtualization applications and new container-based applications. By adopting Azure Kubernetes Service (AKS) in the Azure Stack HCI environment it is possible to distribute and manage containerized applications in parallel with virtual machines, on the same physical server or cluster environment.

The update of September 2022 for AKS on Azure Stack HCI has introduced some significant improvements, including:

  • The Linux container base image has been updated to Mariner 2.0, which is smaller in size and safer.
  • The integration of software-defined networking (SDN) is available and ready for use in the production environment.
  • The procedure for connecting GPUs to containers has been simplified.
  • Introduces the ability to use any account in the system Administrators group to manage AKS.

The ability to provision hybrid AKS clusters directly from Azure was also recently introduced, using an AAD identity. The distribution of new Kubernetes clusters in the on-premises environment is done through the Arc Resource Bridge, very similar to managing Arc-enabled virtual machines. This is an important evolution towards a simple and consistent end-to-end application provisioning experience, that embraces the cloud and the edge.

Hardware designed, shipped and supported directly by Microsoft

Microsoft announced that in the 2023 will offer a hardware-based Azure Stack HCI system designed, shipped and supported directly from the house in Redmond.

The solution, called “Pro 2”, has the following features:

  • Compact form factor of only 2U at half depth, also ideal for deployments outside the data center (ex. retail, manufacturing and healthcare environments).
  • Tamper resistant.
  • Quiet enough for an office environment, generating less than 60 dBA of acoustic noise.
  • Orderable directly from the Azure portal and supplied with pre-installed Azure Stack HCI.
  • Available in different configurations, with specifications suitable for different use cases.
  • Hardware management fully integrated with existing cluster management tools, including a new Windows Admin Center extension under development.

This upcoming release enables customers to adopt a consistent business model between the cloud and the edge: an OPEX payment model with the possibility of using Azure commitments to obtain a complete Microsoft solution, including hardware.

Conclusions

Thanks to constant improvement, the continuous introduction of new features and the inclusion of new usage scenarios, Microsoft's proposition for hyper-converged scenarios is increasingly complete, integrated and performing. Azure Stack HCI integrates perfectly with the existing on-premises environment and offers an important added value: the ability to connect Azure Stack HCI with other Azure services to obtain a hybrid hyper-converged solution. This aspect in particular strongly differentiates it from other competitors who offer solutions in this area.

Azure IaaS and Azure Stack: announcements and updates (November 2022 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Attribute-based access control for standard storage accounts

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, and requests. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This release makes generally available role assignment conditions using request and resource attributes on Blobs, ADLS Gen2 and storage queues for standard storage accounts.

Premium SSD v2 disks available on Azure Disk CSI driver

Premium SSD v2 is the next-generation Azure Disk Storage optimized for performance-sensitive and general-purpose workloads that need consistent low average read and write latency combined with high IOPS and throughput. Premium SSD v2 is now available with the Azure Disk CSI driver to deploy stateful workloads in Kubernetes on Azure.

Ephemeral OS disk support for confidential virtual machines

The support to create confidential VMs using Ephemeral OS disks is available. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.

Encrypt storage account with cross-tenant customer-managed keys

The ability to encrypt storage account with customer-managed keys (CMK) using an Azure Key Vault hosted on a different Azure Active Directory tenant is available. You can use this solution to encrypt your customers’ data using an encryption key managed by your customers.

Availability zone volume placement for Azure NetApp Files (preview)

Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the logical availability zone of your choice to support enterprise, mission-critical high availability (HA) deployments across multiple availability zones.

Networking

Azure Virtual WAN announcements

Multiple areas of Azure Virtual WAN (vWAN) have key announcements:

  • Remote user connectivity (also known as point-to-site VPN)

    • Multipool user group support preview

  • Routing

    • Secure hub routing intent preview

    • Hub routing preference (HRP) is generally available

    • Bypass next hop IP for workloads within a spoke VNet connected to the virtual WAN hub generally available

    • Border Gateway Protocol (BGP) Peering with a virtual hub is generally available

  • Branch connectivity (also known as site-to-site VPN)

    • BGP dashboard is now generally available

    • Virtual Network Gateway VPN over ExpressRoute private peering (AZ and non-AZ regions) is generally available

    • Custom traffic selectors (portal)

    • High availability for Azure VPN client using secondary profile is generally available

  • Private connectivity (also known as ExpressRoute)

    • ExpressRoute circuit with visibility of Virtual WAN connection

  • Third-Party Network Virtual Appliance Integrations

    • Fortinet SDWAN is generally available

    • Aruba EdgeConnect Enterprise SDWAN preview

    • Checkpoint NG Firewall preview

Custom IP Prefixes (BYOIP) available in US Government regions

The ability to bring your own public IP ranges is now available in all US Government regions.

Azure Management services: what's new in October 2022

In October, Microsoft announced a considerable number of news regarding Azure management services, accomplice also the Microsoft Ignite conference 2022. Through these articles, issued on a monthly basis, I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New migration tools for the Azure Monitor agent

The Azure Monitor Agent (AMA) provides a way that is secure , economical and performing to collect telemetry data from Azure virtual machines, scale set, Azure Arc-enabled servers and Windows client devices. Microsoft has announced that it is necessary to migrate from the log analytics agent (MMA or OMS agent) to this agent before August 2024. To address this migration you can use the following migration tools:

  • AMA migration helper: an Azure Monitor workbook-based solution that helps you find out what to migrate and monitor progress in moving from legacy agents to the new Azure Monitor agent.
  • DCR config generator: the Azure Monitor agent relies only on data collection rules (data collection rule) for configuration, while the legacy agent extracted all its configuration from the Log Analytics workspaces. Using this script, it is possible to analyze the configuration of the legacy agent from the workspaces and automatically generate the corresponding rules. You will be able to associate these rules with systems running the new agent, using the integrated association criteria.

Support of the Azure Monitor agent also for Windows clients

Azure Monitor agent and data collection rules now support client devices Windows 10 and 11. Client devices running the agent must be connected to AAD or hybrid AAD, since the agent relies on the identity of the AAD device for authentication. For client devices, while deploying the same agent that uses data collection rules to manage the configuration, only association is allowed (or targeting) at the AAD tenant level. Granular device targeting is not yet available. Furthermore, the agent is the same used for virtual machines or servers, that is, it has no specific optimization for client devices (ex. for the battery, the network, etc.).

Azure Service Map retirement announced

Microsoft announced that Azure Service Map will be officially retired on 30 September 2025. To monitor connections between servers, processes and connection latencies need to use Azure MonitorVM insights. The experience provided by VM Insights includes the same features as Service Map, beyond:

  • Improved scalability and support for more complex maps.
  • More detailed metrics for connections.
  • Integrated support for grouping machines.

Azure Monitor predictive autoscale for Azure Virtual Machine Scale Sets

The predictive autoscale uses machine learning to help manage and scale Azure Virtual Machine Scale Sets with cyclical workload models. This feature allows you to predict the overall CPU load for the set of virtual machines based on historical CPU usage patterns. This allows scale-out to be done in time to meet demand.

There are several key features released:

  • New virtual machine set instances are added when the system expects the CPU percentage to exceed the scale-out limit.
  • You can configure how far in advance you want to provision new instances.
  • It is possible to view the CPU usage forecasts without activating the scaling action, using the forecast-only mode.

Azure Monitor Logs: functionality to add value to data and reduce costs

For Azure Monitor Logs, interesting log analysis features have been announced that will help increase the cost effectiveness of logs:

  • Basic Logs: an economical solution for high-volume verbose logs. It is now possible to configure high-volume verbose log tables as basic logs and reduce the cost of storing data used for debugging, problem solving and auditing.
  • Long-term archiving of logs for security and compliance. The archiving of the logs allows you to extend the retention period of the Log Analytic table and to archive the logs up to seven years with a significant reduction in prices.
  • Archived logs can be accessed by using a search job or by temporarily restoring a set of logs.
  • Search Log: a new tool that asynchronously scans petabytes of data and retrieves all relevant records in a new persistent Log Analytics table.
  • Restoration: an operation that makes a specific time interval of table data available in the hot cache, to run high performance queries.

Azure Monitor Logs: RBAC creation in granular way for custom tables
Today, data access control can be managed at the workspace level, resource and table, but only for Azure standard tables. Previously, custom tables only supported one authorization method: “all or nothing”. The Log Analytics product team added the functionality to allow workspace administrators to manage more granular access to data, supporting table-level read permission, for both Azure tables and customer tables.

Integration of the Azure Monitor Agent with Connection Monitor (preview)
Connection Monitor is a multi-agent monitoring solution that can monitor connectivity in Azure and hybrid environments and measure packet loss, latency and jitter. Connection Monitor provides useful information for diagnosing and resolving network problems and provides end-to-end path visibility with a unified topology.

Microsoft's goal is to consolidate multiple monitor agents into a single agent. This feature allows you to meet the needs of collection of monitor logs related to connectivity and metrics on Azure and on on-premises Arc-enabled computers, eliminating the costs of managing and enabling multiple monitor agents. Furthermore, the Azure Monitor Agent offers improved security and performance features, real cost savings and easier problem solving. Thanks to this support, the dependence on the Log Analytics agent is eliminated, while increasing the coverage of on-premises computers with the support of Arc-enabled endpoints.

Azure Monitor Managed Service for Prometheus (preview)

Prometheus, the open source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running self-managed Prometheus is often a great solution for smaller deployments, though scaling to manage workloads can be a major challenge. The new Prometheus-compatible and fully managed Azure Monitor service offers the best of what you like about the open source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. This service is available as a standalone Azure Monitor service or as an integrated component of Container Insights and Azure Managed Grafana.

Rules for Azure Kubernetes Service resources and for Log Analytics (preview)

The Azure portal now allows you to easily enable a set of alert rules pertaining to the best practices recommended for Azure Kubernetes Service resources (AKS) and for Log Analytics workspace.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Automatic extension update for Azure Arc-enabled servers

Microsoft has made the extension automatic update functionality available for Azure Arc-enabled servers.

Azure Automanage for Azure virtual machines and Arc-enabled servers
Azure Automanage is a service that automates the configuration of virtual machines to Azure services, as well as security operations and management of the entire life cycle of VMs in Azure or hybrid environments (enabled through Azure Arc). This saves time, reduce risks and improve workload uptime, automating daily configuration and management tasks. Azure Automanage is now available for Azure virtual machines and Arc-enabled servers.

Microsoft has added new features to further automate the configuration and management of any virtual machine, including:

  • the application of improved backup settings and different auditing modes for server baselines;
  • the ability to specify custom Log Analytics workspaces and Azure tags to identify resources;
  • support for Windows virtual machines 10;
  • support for enabling Microsoft Antimalware.

New features for Azure Arc-enabled SQL Servers

Azure Arc-enabled SQL Servers have several new features that increasingly allow customers to leverage a cloud-like experience, including:

  • single sign-on experience that integrates with Azure Active Directory (Azure AD).
  • improved security thanks to Microsoft Defender which allows customers to
    evaluate and secure SQL Server properties in hybrid and multicloud environments.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Microsoft Defender for DevOps, a new solution that will provide visibility across multiple DevOps environments. This solution will make it possible to centrally manage security, strengthen cloud resource configurations in code and prioritize critical troubleshooting in code in multi-pipeline and multicloud environments. With this preview, major platforms such as GitHub and Azure DevOps are already supported and other major DevOps platforms will be supported shortly.
  • Microsoft cloud security benchmark: the complete multicloud security framework is now available with Microsoft Defender for Cloud, as part of the free Cloud Security Posture Management experience. This integrated benchmark is able to map best practices across different clouds and various industry frameworks, enabling security teams to ensure multicloud security compliance.
  • Microsoft Defender for Servers, as well as an agent-based approach to virtual machines (VM) in Azure e AWS, will support agentless scanning.
  • Defender for Servers P2 will provide the premium features of Microsoft Defender Vulnerability Management.
  • Microsoft Defender for Containers will expand multicloud threat protection with agentless scanning in AWS Elastic Container Registry.

Protect

Azure Backup

Smart tiering: automatic move to the vault-archive tier

Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.

Support for zone-rendundant storage

In Azure Backup, support for redundant zone type vaults has been introduced. When configuring resource protection using a zone-redundant storage vault (ZRS), backups are synchronously replicated across three Availability Zones within a region. This allows you to perform data restores even in the event of outages in a specific area.

Immutable vaults for Azure Backup

With immutable vaults, Azure Backup offers an option to ensure that the recovery points created cannot be deleted before the expected deadline. Azure Backup does this by preventing any operation that could lead to the loss of backup data. This helps protect backups from threats such as ransomware attacks and malicious actors, preventing operations such as deleting backups or reducing retention in backup policies.

Soft delete functionality enhancements for Azure Backup

It is now possible to ensure better protection of backups against various threats, making soft delete irreversible. Furthermore, the soft delete functionality allows you to provide a customizable retention period for which deleted data must be kept.

Support for HANA System Replication in Azure Backup for HANA (preview)

Azure Backup protects HANA databases on Azure virtual machines with a streaming database backup solution, Backint certified. Previously, if the HANA database had HANA System Replication (HSR) as a disaster recovery solution (DR), after each failover, manual intervention was required to activate the backups. Now, with this new feature in preview, you get instant and continuous protection for your HANA System Replication configuration, without the need for any manual intervention.

Azure Site Recovery

New DR architecture for VMware machines

In ASR it has been made easier, reliable and modern mechanism to protect VMware virtual machines. Among the main improvements it is worth mentioning:

  • Stateless ASR Replication Appliance: the Configuration Server and its local components have been converted to a stateless ASR replication appliance. This choice simplifies the discovery and failback process, introducing the option to select any appliance, without having to configure any master target server or process server.
  • Automatic updates for the ASR replication appliance and for the mobility agent. A problem felt with the classic architecture was the need to manually update the various components of the Configuration Server and the mobility agents. To make things easier, automatic updates have been introduced.
  • More flexible scalability. The replication appliance constitutes a single management unit and all its components have been converted into microservices hosted in an Azure environment. This not only makes it easier to troubleshoot any problems, but managing scalability is also much easier.
  • High availability for appliances. With modern architecture, it is no longer necessary to perform regular backups of the appliance. In fact,, just start another appliance and switch all machines to the new appliance. The replicated items will be transferred to the new appliance, without having to repeat the full replication.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 64 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Discovery and assessment aimed at migrating SQL Server to Azure

The new SQL discovery and assessment capabilities in Azure Migrate allow you to map the environment and evaluate availability, the costs and any blocks in moving these instances to Azure IaaS and PaaS. Thanks to this tool it is possible to detect the most valid and convenient Azure target for the analyzed SQL instances. Furthermore, this information can be downloaded in a specific report.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Azure Database Migration

Migration from Oracle to Azure with Database Migration Assessment for Oracle
Database Migration Assessment for Oracle, an Azure Data Studio extension powered by Azure Database Migration Service, now allows you to do an assessment for migration from Oracle Database to Azure Database for PostgreSQL. The assessment includes recommendations for database migration and an assessment of the code complexity of the databases. Through the same tool, customers can get recommendations on targeted sizing for Oracle Database migration to Azure Database for PostgreSQL and Azure SQL, including Azure SQL Database Hyperscale, ideal for large workloads up to 100 TB. With these new features, Migration planning is made easier for Oracle customers who want to modernize their data assets with Azure-managed databases.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (October 2022 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (October 2022) conference.

Azure

Compute

Azure savings plan for compute

Azure savings plan for compute is an easy and flexible way to save significantly on compute services, compared to pay-as-you-go prices. The savings plan unlocks lower prices on select compute services when customers commit to spend a fixed hourly amount for one or three years. Choose whether to pay all upfront or monthly at no extra cost. As you use select compute services across the world, your usage is covered by the plan at reduced prices, helping you get more value from your cloud budget. During the times when your usage is above your hourly commitment, you’ll be billed at your regular pay-as-you-go prices. With savings automatically applying across compute usage globally, you’ll continue saving even as your usage needs change over time.

Storage

SFTP support for Azure Blob Storage

SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is now generally available. Azure Blob Storage now supports SFTP, enabling you to leverage object storage economics and features for your SFTP workloads. With just one click, you can provision a fully managed, highly scalable SFTP endpoint for your storage account. This expands Blob Storage’s multi-protocol access capabilities and eliminates data silos, meaning you can run different applications, requiring different protocols, on a single storage platform with no code changes.