Category Archives: Datacenter Management

How to modernize your infrastructure and get the benefits of Azure with a single on-premises server

Azure Stack HCI is the Microsoft solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment and that provides a strategic connection to various Azure services. Microsoft recently introduced the ability to create an Azure Stack HCI cluster consisting of a single server. This possibility opens up new scenarios regarding the adoption of this solution. This article reports the main use cases, the aspects to consider and the benefits that can be obtained by activating Azure Stack HCI on a single server system.

In a hyper-converged infrastructure (HCI), several hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. In this way there is a transition from a traditional "three tier" infrastructure, composed of network switches, appliance, physical systems with onboard hypervisors, storage fabric and SAN, toward hyper-converged infrastructure (HCI).

Figure 1 – "Three Tier" Infrastructure vs Hyper-Converged Infrastructure (HCI)

Azure Stack HCI is a stack made up of hardware and software that customers also use for the potential of simple integration with the Microsoft Azure cloud.

Use cases of Azure Stack HCI consisting of multiple nodes

The use of a standard Azure Stack HCI configuration consisting of multiple nodes is suitable if:

  • You want to modernize your infrastructure, adopting a simple hyper-converged architecture based on established technologies. Ideal for both existing workloads in the main datacenter and for branch office scenarios that require high resilience.
  • You want to provide for an extension of the functionality of the on-premises solution, which guarantees resilience, connecting to Azure. This aspect guarantees a constant innovation, the evolution of cloud services and the possibility to take advantage of a common set of tools, simplifying the user experience.
  • You want a suitable solution to host workloads that require high performance and high scalability.
  • It is considered useful to innovate your datacenter, as you have the ability to activate AKS clusters and deploy cloud native apps and Azure Arc-enabled services in high availability. All this thanks to the tight integration of AKS in the Azure Stack HCI environment.

Figure 2 - Use cases of Azure Stack HCI with multiple nodes

Use cases of Azure Stack HCI with a single node

Thanks to the possibility of activating an Azure Stack HCI cluster even with a single server, it is possible to contemplate new usage scenarios, including:

  • Activation of Azure Stack HCI in environments where there are no particular needs in terms of resilience, such as branch offices.
  • Adoption of a solution in environments where the ability to scale easily is required, starting initially from a single node to potentially go up to 16 nodes, if necessary.
  • Need to activate a solution with a small footprint, perhaps in locations with physical space constraints and at the same time allowing to keep hardware costs and operating costs low.
  • Ability to create and maintain test and development environments more easily.

Comparison between single node and multi-node Azure Stack HCI clusters

From the point of view of functionality, Azure Stack HCI clusters made up of a single node offer a feature set that is very similar to traditional clusters made up of multiple nodes, like:

  • Native integration with Azure Arc, key element for innovation and modernization of the infrastructure.
  • Ability to add servers horizontally to increase the scalability of the cluster environment.
  • Integration with Azure services.
  • Support for the same workloads, like Azure Virtual Desktop (AVD) and Azure Kubernetes Service (AKS).

For a complete comparison of the features you can consult this Microsoft's document.

Single node Azure Stack HCI clusters currently have the following limitations:

  • Installation must be done using PowerShell commands and configuration support is not yet available through the Windows Admin Center.
  • They are resilient to some errors, for example the presence of a failed disk, but the limited capabilities in terms of resilience dictate that they must be composed of only one type of disk drive, NVMe or SSD (not combinable with each other). This implies that there is no possibility of having cache levels.
  • Not all hardware vendors currently have supported solutions. To check availability, you can consult the Microsoft catalog of Azure Stack HCI solutions.

Conclusions

The possibility of activating an Azure Stack HCI cluster with only one physical server introduces greater flexibility and greatly expands the possibilities of adopting this solution. Furthermore, this choice denotes how Azure Stack HCI is the future of virtualization and software-defined solutions at Microsoft. By adopting Azure Stack HCI it is possible to bring innovation even within your datacenter thanks to a solution that is constantly updated and able to easily integrate with Azure services.

Azure IaaS and Azure Stack: announcements and updates (July 2022 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Create an additional 5000 Azure Storage accounts within your subscription (preview)

Azure Storage is announcing public preview of the ability to create an additional 5000 Azure Storage accounts per subscription per region. This is a 20 times increase from the current limit of 250 and helps you create several hundred or thousand storage accounts to address your storage needs within a single subscription, instead of creating additional subscriptions.

Azure Stack

Azure Stack HCI

Network ATC is now publicly available with Azure Stack HCI 21H2

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

  • How do I configure or optimize my adapter?
  • Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
  • Are all nodes in the cluster the same?
  • Are we following the best practice deployment models?
  • (And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

  • Reduce host networking deployment time, complexity, and errors
  • Deploy the latest Microsoft validated and supported best practices
  • Ensure configuration consistency across the cluster
  • Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

Azure Management services: what's new in June 2022

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Azure Monitor Agent was released this month (AMA) and of Data Collection Rules (DCR) for Linux systems (v1.19.3), which introduces in particular support for recent distros, like Ubuntu 22.04, Rocky Linux, and AlmaLinux.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Azure Arc

Windows Admin Center from the Azure portal for Azure Arc servers (preview)

Using Windows Admin Center from the Azure portal, it is now also possible to manage the Microsoft Azure Arc-enabled infrastructure.

Azure Arc-enabled System Center Virtual Machine Manager (preview)

System Center Virtual Machine Manager (VMM) has been used for several years to configure, manage and transform on-premises data centers. Microsoft has announced the availability of Azure Arc-enabled System Center Virtual Machine Manager. This is a new Azure Arc feature that allows on-premises environments, managed by System Center Virtual Machine Manager, to be connected to Azure, thus unlocking Azure-based self-service. In this way, VMM-controlled on-premises virtual machines can be created, managed and deleted, in on-premises System Center Virtual Machine Manager deployments, via the familiar Azure portal or using ARM templates, thus ensuring a consistent experience.

Machine Learning with Azure Kubernetes Service and Arc-enabled Machine Learning

With a simple distribution of the cluster extension in an AKS environment or on Kubernetes clusters (Arc Kubernetes) Azure Arc enabled, the cluster is supported in Azure ML.

Azure Key Vault secrets provider on cluster Kubernetes Azure Arc enabled

The extension Azure Key Vault (AKV) Secrets Provider allows you to retrieve the secrets, keys and certificates from an Azure Key Vault in a Kubernetes cluster connected to Arc. This feature eliminates the need to store and maintain secrets locally on K8s clusters, relying on AKV as a centralized solution for secret management.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Azure Cosmos DB
  • Defender for SQL on machines in AWS and GCP environments

Protect

Azure Backup

Multiple backups per day for Azure VMs

Azure Backup allows you to create advanced policies to take multiple snapshots of virtual machines per day. Now, to address the need to protect mission-critical workloads aboard virtual machines, there is the possibility of reducing the RPO parameter up to four hours. Thanks to this feature, you can also get a higher retention with regards to instant restore. In fact,, the policy is designed to offer from seven-day instant recovery retention (default duration) up to a maximum of thirty days.

Multi-user authorization for recovery services vault

Multi-user authorization (MUA – Multi User Authorization) for Azure Backup adds an additional layer of protection for critical operations on recovery service vault, providing greater security regarding backups. To provide multi-user authorization, Azure Backup has introduced a resource protection mechanism that ensures that critical operations are performed only if you have obtained the appropriate permission. In this way, Azure Backup provides better protection against operations that could lead to potential loss of backup data, including:

  • Disabling soft delete and hybrid security settings
  • Disabling the protection of multi-user authorization
  • Edit backup policies (to reduce the conservation)
  • Changing the security (to reduce the conservation)
  • Interruption of protection with the deletion of data
  • Changing the MARS security PIN

The backup administrator, which typically holds the recovery services vault, must obtain the role of contributor in the protection of the resources to be able to perform the above protected operations (critical operations). This also requires the action of the resource protection owner to approve and grant the requested access. Furthermore, it is also possible to use Azure AD Privileged Identity Management to manage just-in-time access in resource protection. Finally, it is allowed to create the resource guard in a subscription or tenant other than the one where the recovery services vault resides, to achieve an additional level of isolation.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (June 2022 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch support for virtual machines using Ephemeral OS disks

Trusted launch virtual machine (VM) support for VMs using Ephemeral OS disks improves the security of generation 2 VMs in Azure.

Storage

Azure NetApp Files datastores for Azure VMware Solution (preview)

The public preview of Azure NetApp Files datastores for Azure VMware Solution (AVS) is available. This new integration between Azure VMware Solution and Azure NetApp Files will enable you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and mount the datastores on your private cloud clusters of choice. Along with the integration of Azure disk pools for Azure VMware Solution, this will provide more choice to scale storage needs independently of compute resources. For your storage-intensive workloads running on Azure VMware Solution, the integration with Azure NetApp Files helps to easily scale storage capacity beyond the limits of the local instance storage for AVS provided by vSAN and lower your overall total cost of ownership for storage-intensive workloads.

Azure NetApp Files: feature general availability and feature expansion of regional availability

To meet the demanding requirements of enterprise mission-critical workloads, new features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities are recently generally available and no longer need registration for use: AES encryption for AD authentication, Backup policy users, Administrators privilege users, and Dynamic change of service level. Additionally, feature regional coverage continues to expand for Azure NetApp Files cross-region replication. The following are the cross-region replication region pair additions: Brazil South and South Central US, West US 3 and East US, Australia Central and Australia Central 2, France Central and West Europe. Also, regional coverage has expanded for Azure NetApp Files for standard network features. The following regions are standard network feature additions: Australia Central, Australia Central 2, Australia Southeast, East US 2, France Central, Germany West Central, North Europe, West Europe, West US 2, and UK South.

Networking

Azure Firewall updates

The following updates are available for Azure Firewall:

  • Intrusion Detection and Prevention System (IDPS) signatures lookup
  • TLS inspection (TLSi) Certification Auto-Generation
  • Web categories lookup
  • Structured Firewall Logs
  • IDPS Private IP ranges (preview)

Azure WAF policy and DDoS management in Azure Firewall Manager

Azure Firewall Manager now supports managing DDoS Protection Plans for virtual networks and Azure Web Application Firewall (Azure WAF) policies for application delivery platforms: Azure Front Door and Azure Application Gateway.

Azure Virtual Network Manager in nine new regions (preview)

Azure Virtual Network Manager helps you create your desired topologies like hub and spoke and mesh with just a few clicks. The security admin rules feature allows you to enforce security policies throughout your organization. You can create an Azure Virtual Network Manager instance in nine more regions and manage your virtual networks at scale across regions, subscriptions, management groups, and tenants globally from a single pane of glass.

Private link support in Azure Application Gateway (preview)

With private link support, incoming traffic to an Azure Application Gateway frontend can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link. Traffic between private endpoints in your virtual network and your Application Gateway will traverse a secure and private connection.

ExpressRoute IPv6 Support for Global Reach (preview)

IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.

Network Watcher packet capture support for virtual machine scale sets (preview)

Azure Network Watcher packet capture announces support for virtual machines scale sets. This is as an out of the box, on-demand capability, enabling faster diagnostics and troubleshooting of networking issues.

Connection Monitor Support for virtual machine scale sets

Azure Network Watcher Connection Monitor announces support for virtual machine scale sets which enables faster performance monitoring and network troubleshooting through connectivity checks.

ExpressRoute Direct and Circuit in different subscriptions (preview)

Generate an authorization for the ExpressRoute Direct resource and redeem the authorization to create an ExpressRoute Circuit in a different subscription and/or Azure Active Directory Tenant. This feature is currently available in public preview.

Effective Disaster Recovery plans with Azure

The core business of a company, in most cases, is deeply dependent on the IT solutions used, therefore it becomes important to structure your infrastructure to cope with accidents of any nature, even the most remote, which could cause damage, an interruption or loss of data. This article describes how, thanks to Azure and the solutions offered by Microsoft's public cloud, effective disaster recovery plans can be developed to better protect all environments, even non-homogeneous ones, providing the ability to easily orchestrate and test all scenarios.

Azure Site Recovery overview (ASR)

The solution Azure Site Recovery (ASR) allows you to implement disaster recovery strategies that, in case of necessity, can keep applications running and restore normal working conditions. In fact,, Azure Site Recovery favors the implementation of Disaster Recovery strategies in heterogeneous environments, orchestrating near real-time replicas of systems to Microsoft Azure and, within Azure, between regions or between different availability zones. This solution allows you to minimize downtime and recovery times, all in a safe way and through a simple and economically advantageous management.

Figure 1 - Main features of ASR

If there are outages in the primary data center with ASR, you can start a failover process to keep workloads accessible and available. Furthermore, when it will be possible to use the resources in the primary data center again, ASR will allow you to govern the failback process.

ASR is a complete solution that allows you to cover different protection scenarios:

Figure 2 - Possible scenarios for the adoption of ASR

To evaluate in detail all the features offered by ASR you can consult this official Microsoft document.

Main strengths of ASR and integration with other solutions

Among the main advantages that can be obtained with the adoption of this solution we find:

  • Cost optimization as only the virtual machine disks are replicated on Azure. The activation of VMs, with a consequent generation of consumption, occurs only during tests and in the case of DR.
  • Simplify the process of creating disaster recovery plans. In fact, in the recovery plans is possible to include scripts and runbooks present in Azure Automation so that you can model and customize the DR procedures for applications with complex architectures.
  • High flexibility thanks to the potential of the solution that allows you to orchestrate replicas of virtual machines running in different environments.
  • Thanks to the ability to replicate workloads directly on Azure, you can consider completely eliminating a secondary data center built only for disaster recovery purposes.
  • Periodic execution of failover tests to validate the effectiveness of the recovery plans implemented, without giving any impact to production application environment.

ASR is strongly integrated with various native solutions and technologies of the Azure platform, thus being able to guarantee a complete and secure solution, as shown in the following image:

Figure 3 - Main Azure functionalities that can be used in ASR

Furthermore, ASR can also be easily integrated with other BCDR technologies (Business Continuity and Disaster Recovery) already existing in the company, in order to guarantee a complete and effective DR strategy.

When dealing with the issue of Disaster Recovery, in the presence of VMware environments, it is also possible to evaluate theadoption of the Azure VMware solution (AVS), in particular considering the integration with VMware Site Recovery Manager (SRM), as described in this article.

Furthermore, in the presence of Azure Stack HCI it is possible to take advantage of the disaster recovery features inherent in the solution and, starting with version 21H2 of Azure Stack HCI, there is also official support for Azure Site Recovery.

The business value of Azure Site Recovery

To analyze the return on investment (ROI) associated with the adoption of Azure Site Recovery and Azure Backup, you can consult this IDC white paper sponsored by Microsoft. The paper highlights how Azure is being used by various companies across various industries for:

  • Optimize overall performance, the speed and reliability of operations related to backups and disaster recovery.
  • Reduce unplanned downtime and consequently business risks, increasing productivity up to 93%.
  • Achieve an estimated five-year ROI up to 370%, with higher levels of team efficiency, faster application development and greater savings on personnel and infrastructure costs.

Other important aspects

To make the Disaster Recovery strategy effective and functional, the following aspects must also be taken into consideration:

  • The data protection policies in place to implement an appropriate synergy. In fact, backups can be an integral part of the DR strategy.
  • Enabling a monitor system useful for identifying problems, their impact and causes. Useful aspects for evaluating the need for activation of the DR strategy.
  • Periodic tests, updating of documentation and training on the staff involved.

Conclusions

Often we are faced with a challenging activity aimed at determining which solution is most appropriate to meet your needs in the activation of disater recovery plans. Microsoft, as a proprietary provider of Data protection as a service solutions (DPaaS) on the Azure platform, can accurately meet various corporate data protection requirements. In particular, with Azure Site Recovery it is possible to contemplate different protection scenarios in an effective and flexible way, ensuring high standards regarding the security of data and sensitive information.

Azure IaaS and Azure Stack: announcements and updates (June 2022 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

DCsv3 and DCdsv3 series Virtual Machines

Confidential computing DCsv3 and DCdsv3-series virtual machines (VMs) are generally available.

Switzerland North Availability Zones

Availability Zones in Switzerland North are made up of three unique, physically separated, locations or “zones” within a single region which bring higher availability and asynchronous replication across Azure regions for disaster recovery protection. Availability Zones give you additional options for high availability for your most demanding applications and services as well as confidence and protection from potential hardware and software failures.

Azure Ebsv5 now available in 13 additional regions

Azure Virtual Machines Ebsv5 and Ebdsv5 are now available in 13 additional regions: South Africa North, France Central, Central India, Korea Central, Germany West Central, UK West, South India, Canada East, Australia Central, Japan West, Switzerland North, Norway East and UAE North.

Azure NC A100 v4 virtual machines for AI

Azure NC A100 v4 series virtual machines (VMs) are now generally available in US East 2, US East, Southeast Asia, and West Europe. These VMs, powered by NVIDIA A100 80GB Tensor Core PCIe GPUs and 3rd Gen AMD EPYC™ Milan processors, improve the performance and cost-effectiveness of a variety of GPU performance-bound real world AI training and inferencing workloads.

Storage

Storage optimized Azure VMs deliver higher performance for data analytics

Microsoft is announcing the general availability of new storage optimized Azure Virtual Machines. The new Lasv3 and Lsv3 VM series have been engineered to run workloads that require high throughput and high IOPS, including big data applications, SQL and NoSQL databases, distributed file systems, data analytics engines, and more.

Networking

Azure Bastion IP based connection

Azure Bastion now supports connectivity to Azure virtual machines or on-premises resources via specified IP address. When IP based connection feature is enabled, Azure Bastion can be used to RDP/SSH into an on-premises resource over ExpressRoute and Site-to-Site VPN.

Manage Azure Web Application Firewall policies in Azure Firewall Manager (preview)

Azure Firewall Manager now supports Azure Web Application Firewall (Azure WAF) policies for application delivery platforms, Azure Front Door, and Azure Application Gateway.

Enhanced IPv6 functionality for MultiValue profiles in Azure Traffic Manager

Azure Traffic Manager now enables you to specify minimum children property separately for IPv4 and IPv6 endpoints for MultiValue profiles.

Azure Private Link support in Azure API Management

With Azure Private Link support in Azure API Management, you can now integrate clients in a virtual network privately.

Azure Stack

Azure Stack HCI single-node

At Build 2022, Microsoft announces the new single-node offering that provides additional options for business scenarios with different requirements. The new single-node Azure Stack HCI fulfills growing hybrid infrastructure needs in remote locations while maintaining the innovation of native integration with Azure Arc. Specifically, this new configuration offers flexibility to deploy the stack in smaller spaces and with less processing needs, optimizing resources while still delivering quality and consistency.

Additional benefits of Azure Stack HCI single-node include:

  • Smaller Azure Stack HCI solutions for environments with physical space constraints or that don’t require built-in resiliency, like retail stores and branch offices.
  • A smaller footprint reduces hardware and operational costs.
  • Solutions can be built to scale, ranging from single-node up to 16 nodes if needed.

Azure Management services: what's new in May 2022

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements summarized and accompanied by the necessary references to be able to carry out further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Govern

Azure Arc

Support for private endpoints for Azure Arc-enabled servers

Private endpoints for Azure Arc-enabled servers allow you to manage Windows and Linux servers from Azure without having to send network traffic over the Internet, thus ensuring greater security. The servers can be configured for the use of a private endpoint by associating them with an Azure Arc Private Link Scope and connecting the on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for Azure virtual machines with trusted launch technologies

Trusted launch is a simple method, to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure Backup introduced support for protecting Azure VMs with trusted launch features enabled.

Support for disks that use the Write Accelerator functionality

Azure Backup is now able to protect disks with the Write Accelerator feature enabled. These disks are widely used by Azure customers with virtual machines (VM) M series to improve I / O latency of writes over Azure Premium storage.

Migrate

Azure Migrate

New migration features for applications (preview)

The Azure Migrate tool has been integrated with additional features that simplify the movement of applications from on-premises environments to Azure App Service and to the Azure Kubernetes service. The bulk migration capabilities of Azure App Service allows you to:

  • Do the discovery and assessment of ASP.NET Web apps, ranking which apps are ready for migration
  • Suggest a destination for migration
  • Do the discovery and assessment for the migration of Java Tomcat applications to the Linux App Service services and to the Azure Kubernetes Service.
  • Containerize ASP.NET web apps and move them to Windows containers on App Service or Azure Kubernetes Service.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

SAP solutions in Azure environment: opportunities and advantages to be seized

Microsoft and SAP can boast a partnership of over 25 years dedicated to ensuring customer success in adopting their solutions. In light of the latest announcements made, the synergy between these IT giants is now mainly focused on helping customers to use SAP in a Microsoft Azure environment, so you can grow and innovate even faster. This article describes the main opportunities and benefits that can be obtained by running SAP workloads in Azure.

The reasons for running SAP workloads on Azure

There are several reasons that can push a customer to use Azure, rather than any other public cloud, for the execution of SAP workloads:

Figure 1 - Top reasons for running SAP workloads on Azure

In the following paragraphs we will explore the four main reasons that make Azure emerge as an ideal platform for hosting SAP workloads.

Azure is a proven and certified cloud platform for SAP

With Azure you can easily get agility and efficiency thanks to a SAP tested and certified cloud platform. In fact,, Azure allows you to run mission-critical SAP applications with performance, the scalability and reliability required by the most demanding companies.

Azure is available in addition 65 geographic areas around the world, more than any other cloud service provider, and Microsoft owns one of the largest global networks, with over 175.000 miles of fiber (on land and underwater). Furthermore, are present beyond 160 edge sites and pairing points that allow customers to easily extend their networking in hybrid mode.

The following map outlines the Azure deployment globally:

Figure 2 - Azure on a global scale

The list of Azure regions and edge sites is constantly expanding.

Microsoft, having worked closely with SAP and its customers, is now able to provide awide range of options to activate SAP certified virtual machines. In fact,, no matter how big or small your SAP workload is and if you are running SAP on SQL, Oracle or SAP HANA, in Azure you always have the option to choose the option that best suits your needs. Azure was also the first cloud to introduce bare metal solutions using SAP HANA Large instances in the distant past 2016 and now boasts the ability to activate Optane Large instances.

Figure 3 - Scalable options for SAP workloads

In addition to scalability, it is also important to take into account the availability of SAP workloads. With Azure you can evaluate options like a true leader in the sector, ranging from 99,9% of SLA for a non-mission-critical system on a single virtual machine, up to the 99,99% SLA for a pair of virtual machines distributed on different Azure availability zones. Furthermore, it is possible to contemplate disaster recovery plans using different regions of Azure.

Figure 4 - Industry-leading options for SLA and high availability

SAP workloads, as well as requiring high performance from a computational point of view, also need high performance storage for persistence and, in the case of AnyDB, also for transaction processing. Also in the storage area, Azure is able to offer different options to meet your important SAP performance needs, up to the adoption of Azure Ultra Disks, also certified for SAP HANA. Those who use NetApp in an on-premises environment for SAP workloads, in order to guarantee the same set of features, can evaluate the adoption of Azure NetApp Files, the bare metal storage offering created by Microsoft and NetApp, which is certified for scale-out of the SAP HANA VM with a standby node.

Figure 5 - Storage options for demanding SAP performance

The management of the IT environment, both in the cloud and in an on-premises environment, is complex and demanding. Azure offers a complete set of services and tools to organize, manage and govern physical machines and virtual systems present in different environments.

Figure 6 - Bult-in options in Azure for SAP resource management

In particular, Azure offers the following possibilities for SAP workloads:

  • Monitoring: throught Azure Monitor Log Analytics, Application Insights, Network Watcher and other monitoring tools. With Azure Monitor for SAP HANA it is possible to combine data from SAP HANA systems with data from the rest of the infrastructure.
  • Automation: ability to create automations and standardize deployment processes and techniques.
  • High availability: possibility to use Azure Backup and Azure Site Recovery solutions for SAP workloads. In particular, Azure Backup makes it easy to back up and restore SAP HANA databases running on Azure virtual machines and isBackInt certificate from SAP. For more information about SAP HANA backups on Azure VMs you can consult the Microsoft's official documentation.
  • Governance: as part of the governance of SAP workloads in Azure, it is possible to address the following disciplines:
    • Cost management
    • Security and compliance baseline
    • Identity management
    • Acceleration of deployment processes and consistency of the resources created

All of these solutions are integrated into the Azure platform and no third party solutions are required.

Azure offers world-class security and compliance solutions

Microsoft provides Azure to customers as a cloud platform, but at the same time, being also a security provider, can guarantee first-rate security and compliance features. Microsoft's approach to security in Azure has the following characteristics:

  • Integrated: the security features are perfectly integrated into the Azure platform, in all cloud resources and on all levels of architecture. Activation is simple and offers centralized management, with the ability to manage automations to respond effectively to security attacks.
  • Modern: the security features are also based on artificial intelligence, analyzing trillions of signals collected across Microsoft's entire security portfolio, and take full advantage of the scalability of the cloud.
  • Holistic: It's not limited to Azure security alone, but it extends to the entire organization. It works by adapting to the environment to be protected, also for hybrid environments and distributed on multiple clouds and on different platforms, providing advanced controls and global visibility.

Microsoft offers security levels that act on different fronts:

Figure 7 - Areas and related security solutions

In addition to the security of the infrastructure, it is known that identity is at the heart of security and therefore must be properly managed. With Azure Active Directory, you have the ability to federate the Active Directory environment on-premises and to offer Single Sign-On functionality for all applications.

Figure 8 - Azure Active Directory to manage identity security

This means that you can offer users a’unique and secure login experience to all business applications, both locally and in the cloud. In particular, for an in-depth analysis of possible scenarios and how to manage utilities when you have Microsoft and SAP in the company, I refer you to this interesting article "SAP and Microsoft user management".

In addition to security, there are other strengths of Azure that pertain to the privacy and the transparency on how Microsoft manages the cloud environment. In fact,, Microsoft has a large portfolio of compliance and, with over 90 international and industry-specific certifications, is a leader in this sector.

Figure 9 - Example of some Azure compliance certifications

For further information you can consult theAzure Trust Center.

Azure enables application innovation

Once customers run SAP workloads in Azure environment in a secure and compliant manner, can better manage the integration of SAP data and applications with non-SAP data, so you can get more information and drive digital transformation. Data is a strategic resource for the company and, as the Harvard Business Review Analytic Services report, companies that embrace a data-driven culture experience a four-fold improvement in revenue performance and better customer satisfaction.

Here is a typical path that a customer who uses SAP in an Azure environment can take:

Figure 10 - Path to increase business value with SAP on Azure

In the first stage a greater value to the data. In fact,, in Azure, customers can use advanced technologies to do data analysis and machine learning solutions to take advantage of traditional data silos in their organization.

At a later stage you can start the’application innovation. In fact,, digital transformation can also be achieved by integrating SAP applications with other environments, like Teams or Azure IoT, going to create new user experiences.

One of the reasons customers choose to run SAP solutions on Azure is the ability to integrate this environment with other solutions in the Microsoft product ecosystem, which allows you to accelerate the adoption of cloud technology and the time for innovation.

Figure 11 - Integration of SAP solutions into the Microsoft ecosystem

Established and trusted partnership capable of delivering enterprise-class SAP cloud solutions

The cloud partnership between SAP and Microsoft is able to offer a solid basis for developing a structured ERP system migration project in Microsoft Azure environment. The two companies work closely together following a joint path of innovation and integration.

Figure 12 - Elements of value given by the partnership

Furthermore, the fact that SAP chose Microsoft Azure to migrate their core business processes to the public cloud and alike, Microsoft running the main business processes on SAP in the Azure environment is an important signal of collaboration and mutual trust. Finally, a collaborative support model has been developed and the 25 years of customer support ensure that there is also all the necessary experience to support SAP in the Microsoft Azure environment.

Benefits

Many customers migrating their workloads to Azure report significant cost savings:

Figure 13 - SAP cost optimization thanks to Azure

These savings are mainly given by:

  • Absence of over-provisioning: moving SAP workloads to Azure, customers realize savings by switching from a CapEx model and over-provisioning, to a flexible OpEx model, where they pay only for what they really use and need.
  • Automated activities: eliminating the need to manage common data centers and maintain hardware, customers are able to dedicate their IT staff to the most value-added activities.

In addition to making costs more efficient, IT can respond faster to the business and help achieve better business results. Among the immediate benefits is a general performance improvement and one more flexibility to scale dynamically. Finally, moving data to the cloud, it's possible simplify the analysis processes and have greater ability to innovation.

Some successful cases

There are numerous customers, from every sector and from every part of the world, who run their SAP solutions in a Microsoft Azure environment to manage their core business activities.

Figure 14 - Customers running SAP solutions on Azure

Analyzing these customers, we see the presence of a large number of companies that fall into Fortune 500, the annual list compiled and published by Fortune magazine that ranks the 500 largest US corporate firms measured by their turnover.

Finally, to explore the business results and cost savings that companies achieve with SAP in Azure you can consult this study, commissioned and conducted by Forrester Consulting. The study shows how an organization was able to obtain an expected return on investment of the 112% in three years.

Conclusion

Those who manage on-premises SAP workloads may have perplexities and concerns when wondering if the cloud can truly meet the needs of these mission-critical environments. Microsoft Azure, thanks to the possibilities offered in terms of scalability, availability and performance is certainly the ideal choice to ensure an exceptional experience in running SAP workloads. Furthermore, the ability to manage these infrastructures with simple tools, to ensure a secure and robust ecosystem for SAP data, coupled with potential cost savings, are all elements that proclaim Azure as the ideal platform for hosting SAP workloads, more than any other public cloud.

The evolution of a traditional file server thanks to the potential offered by Azure

The file server continues to be a strategic and heavily used component in our customers' datacenters. Often we are looking for modern solutions that allow you to effectively and functionally centralize the network folders of your infrastructure, while maintaining characteristics in terms of performance, compatibility and flexibility. This article explores the features of the Azure File Sync solution, which allows you to benefit from the potential offered by the Microsoft Azure public cloud as regards synchronization, the provision and protection of file server contents.

The challenges of traditional file servers

Using file servers in traditional mode to provide users with a repository to store content, we often find ourselves in the conditions of:

  • adopt legacy solutions that are inflexible and inefficient
  • having to host a large number of rarely accessed archive folders in their data centers
  • deliver content in an ineffective way in multi-site contexts
  • have difficulty in quickly restoring the provision of the service in the event of faults, security issues or major outages

The principles of operation of Azure File Sync

Azure File Sync is a solution that allows you to centralize the network folders of your infrastructure in Azure Files, maintaining flexibility, the performance and compatibility of a traditional Windows file server. Although there is the possibility to choose to keep a complete copy of your data in an on-premises environment, Azure File Sync allows you to transform Windows Server into a "cache" to quickly access the content on a given Azure file share: in this case all the files are present in the cloud, while the most recent files are also present on the on-premises file server.

Figure 1 – Azure File Sync architecture

Local access to data can occur with any protocol available in Windows Server, such as SMB and NFS. Furthermore, you have the possibility of having multiple "cache" servers located in different geographic locations. Finally, is allowed to directly access content on the File Share from other Azure resources (IaaS and PaaS).

Figure 2 - Access to content in Azure File share

Benefits of Azure File Sync

Among the benefits that can be obtained by adopting the Azure File Sync solution we find:

  • Cloud tiering: are maintained locally only recently accessed data. This allows you to control the amount of disk space used on-premises for storing content. Consequently, cost savings for local storage are achieved, as only part of the data will be stored locally. Files in the cloud can always be quickly retrieved on demand, without interruptions for the user, thus ensuring an optimal experience.
  • Synchronization and multi-site access: you have the option to sync between different sites, allowing to write access to the same data between different Windows Server and Azure Files.
  • Disaster recovery and business continuity: you have the possibility to immediately restore the file metadata and to recall only the necessary data, for faster service reactivation in Disaster Recovery scenarios. Furthermore, Azure File offers several possibilities when it comes to data redundancy.
  • Backup cloud-side: becomes invalid the need to back up data on premises. Content protection can be done directly in the cloud, as described in the following paragraph. This means that it is possible to obtain a reduction in costs with regard to the hardware and software used to perform the on-premises backup.

Azure File share protection

The ability to enable the Cloud Tiering makes Azure File Sync a particularly interesting solution, but this aspect in particular requires making the necessary considerations as regards the data protection strategy. As well as antivirus solutions, backup solutions may cause files stored in the cloud to be recalled through the Cloud Tiering feature. Microsoft recommends a cloud backup solution to back up Azure File share instead of an on-premises backup solution. Among the various workloads supported by Azure Backup, Azure Files is also included:

Figure 3 - Overview of Azure Backup and its features

Azure Backup uses different backup technologies for each workload it can protect. Going into detail, the protection of the Azure File shares used by Azure File Sync can be done using Azure Backup, according to the following architecture:

Figure 4 – Architecture for the protection of Azure File shares

For more details please visit the Microsoft's official documentation.

Advantages of protecting Azure File shares with Azure Backup

The Azure File share protection process using Azure Backup offers the following benefits:

  • Zero infrastructure: no infrastructure is required to enable environmental protection.
  • Security: Azure Backup ensures that backup data is stored securely by leveraging the Azure platform's built-in security features such as RBAC and encryption. Furthermore, with the soft-delete functionality you get advanced protection from any accidental and harmful attempts to delete backups.
  • Customizing retention policies: backups can be configured with data retention policies daily, weekly, monthly and yearly, based on your needs.
  • Built-in management capabilities: you can schedule your backups and specify the retention period you want in a way that is fully integrated into the platform.
  • Instant Restore: Azure File Share backup uses snapshots, this allows you to select only the files you want to restore instantly.
  • Alerts and reports: you can configure alerts for backup and restore operations that present errors. You can also use the reporting solution provided by Azure Backup to get detailed information about backup jobs.

Conclusions

Thanks to the adoption of Azure File Sync, it is possible to evolve traditional file servers with modern and functional features such as cloud tiering, synchronization between multiple sites, the quick DR, direct access in the cloud environment and integration with cloud backup.

How to deal with the migration of the datacenter to Azure

The adoption of solutions and services in the public cloud is rapidly and steadily increasing and this increase is mainly due to the fact that many organizations have realized that moving existing workloads to Azure can bring significant benefits. These include the ability to rapidly deploy applications allowing you to benefit from an infrastructure present on a global scale, the reduction of maintenance requirements and costs and performance optimization. In this article we will examine the main aspects to consider in order to adopt a strategic approach regarding the migration of your IT infrastructure to Azure and how, thanks to this approach, you can take advantage of all the benefits of Microsoft's public cloud.

Main triggers for migration

Among the main aspects that lead customers to face a migration of their workloads to cloud solutions we find:

  • the deadlines of the data center contracts in use;
  • the need to quickly integrate new acquisitions;
  • the urgent need for skills and resources;
  • the need to keep the software and hardware in use updated;
  • the willingness to respond effectively to potential security threats;
  • compliance needs (e.g.. GDPR);
  • the need to innovate their applications and make them available faster;
  • the end of the software support purpose for certain products and the need to obtain extended security updates free of charge, also for Windows Server 2008/R2, both for Windows Server 2012 / R2, in addition to the corresponding versions of SQL Server.

Figure 1 – Main triggers for migration

Finding yourself in at least one of these triggers that could initiate a migration process is very common. To undertake this migration in the best possible way, it is necessary to take into consideration what is reported in the following paragraphs.

The path of adopting cloud solutions

In the path of adoption of cloud solutions defined in the Microsoft Cloud Adoption Framework for Azure six main actions emerge that should be considered:

  • Strategy definition: definition of the business justification and the expected results.
  • Plan: aligning the cloud adoption plan to business results, through:
    • Inventory of digital assets: cataloging of workloads, applications, data sources, virtual machines and other IT resources and assessments to determine the best way to host them in the cloud.
    • Create a cloud adoption plan by prioritizing workloads based on their business impact and technical complexity.
    • Definition of skills and support needs, to ensure that the company is prepared for change and new technologies.
  • Ready: preparation of the cloud environment.
  • Adopt: implementation of desired changes in IT and business processes. Adoption can take place through:
    • Migration: focuses on moving existing on-premises applications to the cloud based on an incremental process.
    • Innovation: focuses on the modernization of digital assets to drive business and product innovation. Modern approaches to implementation, operations and infrastructure governance make it possible to quickly bridge the gap between development and operations.
  • Govern: evaluation and implementation of best practices in governance.
  • Manage: implementation of operational guidelines and best practices.

Azure Landing Zone

Regardless of the migration strategy that you decide to adopt, it is advisable to prepare the Landing Zone, which represents, in the cloud adoption journey, the destination in the Azure environment. It is a horizontally scalable architecture designed to allow the customer to manage functional cloud environments, while maintaining best practices for security and governance. The architecture of the Landing Zone must be defined on the basis of business requirements and the necessary technical requirements.

Figure 2 – Conceptual example of an Azure landing zone

There are several options to implement the Landing Zone, thanks to which it will be possible to meet the deployment and operational needs of the cloud portfolio.

A structured and methodological approach and migration strategies

There are several paths for adopting solutions in Azure. To best address each of these paths, it is recommended to develop a complete business case and project plan in advance, containing information on benefits and costs (TCO) of moving workloads to the Microsoft Azure cloud, as well as recommendations on how to optimize the use model of Microsoft Azure services.

Figure 3 – Paths of adoption of cloud solutions

Based on the company's cloud strategy and general business objectives, it is advisable to examine the distribution and use of the workloads in use and evaluate their "cloud-ready" status to determine the best options and the most appropriate methods (lift&shift, refactor, rearchitect and rebuild) with a view to consolidation and migration to Microsoft Azure cloud services.

Figure 4 – Possible migration strategies

* These migration strategies are reported by Gartner research. Gartner also defines a fifth strategy called " Replace".

The following paragraphs describe the main migration strategies that can be useful.

Rehost application (i.e., lift & shift)

It involves redistributing an existing application on a cloud platform without modifying its code. The application is migrated “as well as”, which provides basic cloud benefits without facing high risk and without incurring the costs of making changes to the application code.

This migration technique is usually used when:

  • You need to quickly move applications from on-premise to the cloud
  • When application is necessary, but the evolution of its capabilities is not a corporate priority
  • For applications that have already been designed to take advantage of Azure IaaS scalability
  • In the presence of specific application or database requirements, that can only be satisfied using IaaS virtual machines in an Azure environment.
Example

Moving a line of business application on board virtual machines residing in the Azure environment.

Refactor application (i.e., repackaging)

This migration strategy involves minimal changes to the application code or configuration changes, necessary to optimize the application for Azure PaaS and make the most of the cloud.

This migration technique is usually used when:

  • You want to leverage an existing code base
  • Code portability is an important element
  • The application can be easily packaged to run in an Azure environment
  • The application must be more scalable and rapidly deployable
  • We want to promote business agility through continuous innovation (Devops)
Example

An existing application is refactored by adopting services such as App Service or Container Services. Furthermore, SQL Server is refactored to Azure SQL Database.

Rearchitect application

The re-design technique consists of modifying or extending the architecture and code base of the existing application, optimizing it for the cloud platform and thus ensuring better scalability.

This migration technique is usually used when:

  • The application needs major revisions to incorporate new features or to work more effectively on a cloud platform
  • They want to leverage the investments made in existing applications
  • There is a need to minimize the management of VMs in the cloud
  • You intend to meet your scalability requirements in a cost-effective way
  • We want to promote business agility through continuous innovation (Devops)
Example

Breakdown of a monolithic application into microservices in an Azure environment that interact with each other and are easily scalable.

Rebuild application

The rebuild of the application from scratch involves the use of cloud-native technologies on Azure PaaS.

This migration technique is usually used when:

  • Rapid development is needed and the existing application is too limiting in terms of functionality and duration
  • We want to take advantage of the new innovations present in the cloud as serverless, Artificial intelligence (AI) e IoT
  • You have the skills to build new cloud-native applications
  • We want to promote business agility through continuous innovation (Devops)
Example

Creation of green field applications with innovative cloud native technologies, such as Azure Functions, Logic Apps, Cognitive Service, Azure Cosmos DB and more.

Azure Cloud Governance

In the successful adoption of services in the public cloud, as well as requiring a structured and methodological approach, it becomes essential to adopt a precise strategy to migrate not only applications, but also governance and management practices, adapting them appropriately.

For this reason it becomes essential to put in place a process of Cloud Technical Governance through which it is possible to guarantee the Customer an effective and efficient use of IT resources in the Microsoft Azure environment, in order to achieve their goals. To do this, it is necessary to apply controls and measurements to help the client mitigate risks and create boundaries. Governance policies, within the customer's environment, they will also act as an early warning system to detect potential problems.

Conclusions

The digital transformation process that affects companies often involves the migration of workloads hosted in their data centers to the cloud to obtain better results in terms of governance, security and cost efficiency. The innovation given by the migration to the cloud frequently becomes a business priority, for this reason it is advisable to adopt your own structured approach, to address various migration scenarios, which allows to reduce complexity and costs.