Category Archives: Datacenter Management

Azure Management services: what's new in July 2022

Microsoft is constantly announcing news regarding Azure management services and as usual this monthly summary is released. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor for SAP Solutions (preview)

Azure Monitor has launched a new version, called Azure Monitor for SAP solutions (AMS), for the SAP solutions monitor (preview). This new version allows, for SAP workloads in Azure, to collect SAP information and telemetry. This solution is useful for both SAP BASIS teams and infrastructure teams who can consult the information collected in a single location.

Migration tools for the Azure Monitor Agent (preview)

The Azure Monitor Agent (AMA) offers a secure way, economically convenient, simplified and performing for the collection of telemetry data from Azure virtual machines, from Virtual Machine Scale Set, from Arc-enabled servers and Windows clients. Migration from the Log Analytics agent (MMA or OMS agents) it must take place by August 2024. To make this process easier for you, Microsoft is providing dedicated agent migration tools, that allow you to automate the migration process. For further details you can consult the Microsoft's official documentation.

Azure Monitor Agent: support for User-assigned Managed Identity (preview)

The new Azure Monitor Agent (AMA) now supports User-assigned Managed Identities in preview. Thanks to this support, it is possible to use the policies to distribute the extension of the AMA on virtual machines and on virtual machine scale sets. User-assigned Managed Identities allow for greater scalability and resilience than System Assigned Identities, thus becoming the recommended method for large-scale installations using extensions.

Configure

Update management center (preview)

Update management center is the new solution that helps centrally manage and govern updates of all machines. It works without the need for onboarding, as it is a solution that is natively based on the Azure Compute platform and Azure Arc-enabled servers. This solution will soon take the place of Update Management of Azure Automation, removing any dependency on Azure Automation and Log Analytics. Update management center is, today, able to manage and govern updates on:

  • Windows and Linux operating systems
  • Machines residing in Azure, locally and on other cloud platforms, thanks to Azure Arc

Among the main strengths of the new solution we find:

  • Centralized visibility of updates
  • Native integration and zero onboarding
  • Integration with Azure roles and identities
  • High flexibility in managing updates

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Smart tiering: automatic move to the vault-archive tier (preview)

Azure Backup has introduced the ability to configure policies to automate the use of the vault-archive tier for Azure virtual machines and for SQL Server / SAP HANA on board virtual machines. This ensures that the restore points are suitable and recommended (in the case of Azure virtual machines) are automatically moved to the vault-archive tier. This is done periodically and according to the backup policy settings. Furthermore, you can specify the number of days after which you want the recovery points to be moved to the vault-archive tier.

Azure Site Recovery

Mitigated Azure Site Recovery vulnerabilities

Microsoft has corrected a number of Azure Site Recovery vulnerabilities (ASR) releasing updates on 12 July, during Microsoft's regular update cycle. These vulnerabilities affect all customers using ASR in a VMware / Physical to Azure replication scenario. These vulnerabilities have been corrected in the latest version of ASR 9.49. For more information you can consult this bulletin.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 62 which solves various problems and introduces some new features, among which:

  • Support for Linux OS / Azure to Azure: RHEL 8.6 and Cent OS 8.6
  • Support for VMware / Physical to Azure: RHEL 8.6 and Cent OS 8.6
  • Support for configuring “proxy bypass” for VMware and Hyper-V replicas, using private endpoints.

The related details and the procedure to follow for installation can be found in specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (July 2022 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machine restore points

VM restore points provides you with a point in time snapshot of all the managed disks attached to your Virtual Machine. Customers and Azure partners who are looking to build business continuity and disaster recovery solutions can use VM restore points to capture app consistent and crash consistent backups natively on the Azure platform. This can then be used to restore disks and VMs during scenarios such as data loss, data corruption, or disaster recovery.

NVads A10 v5 Virtual Machines

NVads A10 v5 virtual machines (VMs) are now generally available in West Europe, South Central US, and West US3 regions. The NVads A10 v5 VM series enables a wide variety of graphics, video, and AI workloads, including virtual production and visual effects, engineering design and simulation, game development and streaming, virtual desktops/workstations and more. They feature NVIDIA A10 Tensor Core GPUs, up to 72 AMD EPYC™ 74F3-series vCPUs, and are designed to offer the right choice for any workload with optimum configurations for both single user and multi-session environments.

Azure confidential VMs (DCasv5/ECasv5-series VMs)

Azure confidential VMs are designed to offer a new, hardware-based TEE leveraging SEV-SNP, which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. Azure DCasv5/ECasv5 confidential VMs, utilizing 3rd Gen AMD EPYC processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features, are available.

Trusted Launch support for DCsv3 and DCdsv3 series Virtual Machines

Trusted Launch support for DCsv3 and DCdsv3 virtual machines is available. DCsv3 and DCdsv3 series virtual machines provides support for Intel® SGX. With all new hardware-based security paradigm is now just a few clicks away in Azure to deploy DCsv3 virtual machines with trusted launch feature.

Storage

Live resize for Premium SSD and Standard SSD Disk Storage

Resizing a disk on Azure can provide increased storage capacity and better performance for your applications. As part of our commitment to continuously add new capabilities to our Azure Disk Storage portfolio, live resize for Premium SSD and Standard SSD Disk Storage is now generally available. With live resize, you can dynamically increase the storage capacity of your Premium SSD and Standard SSD disks without causing any disruption to your applications. To reduce costs, you can start with smaller disks and gradually increase their storage capacity without experiencing any downtime.

Azure Premium SSD v2 Disk Storage (preview)

The next generation of Microsoft Azure Premium SSD Disk Storage is available in preview. This new disk offering provides the most advanced block storage solution designed for a broad range of input/output (IO)-intensive enterprise production workloads that require sub-millisecond disk latencies as well as high input/output operations per second (IOPS) and throughput at a low cost. With Premium SSD v2, you can now provision up to 64TiBs of storage capacity, 80,000 IOPS, and 1,200 MBPS throughput on a single disk. With best-in-class IOPS and bandwidth, Premium SSD v2 provides the most flexible and scalable general-purpose block storage in the cloud, enabling you to meet the ever-growing demands of your production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Moreover, with Premium SSD v2, you can provision granular disk sizes, IOPS, and throughput independently based on your workload needs, providing you more flexibility in managing performance and costs.

Networking

TLS 1.3 support on Application Gateway (preview)

The new Predefined and CustomV2 policies on Application Gateway come with TLS v1.3 support. They provide improved security and performance benefits, fulfilling the needs of your enterprise security policies. You may use out-of-the-box predefined policies or configure a preferred cipher-suite list by using the CustomV2 policy.

Azure Stack

Azure Stack HCI

Azure Marketplace for Arc-enabled Azure Stack HCI (preview)

Azure Marketplace for Arc-enabled Azure Stack HCI makes it easy and convenient to download the latest fully patched image to your cluster with just a few clicks in the Azure Portal. This preview focuses on Windows 11 Enterprise multi-session, the image used by Azure Virtual Desktop, and Windows Server 2022 Datacenter Azure Edition, which enables hot-patching (reboot-less patching) for on-premises VMs. More images will follow in the coming months. This preview is available for all in-market Azure Stack HCI.

Remote support for Arc-enabled Azure Stack HCI (preview)

When opening a case, you can now grant Microsoft support engineers remote access to your cluster to gather logs of perform remediation steps themselves. This reduces the back-and-forth that’s typical with on-premises support. New PowerShell cmdlets and Windows Admin Center tools let you precisely control and audit the access that support engineers get, including time limits, allow-listing cmdlets, and comprehensive auditing that’s always on.

Arc-enabled guest VMs with extensions for Azure Stack HCI (preview)

When you deploy a new virtual machine through Azure Arc onto Azure Stack HCI, the guest operating system is now automatically enrolled as an Arc-enabled server instance. This means you can use popular VM extensions like Custom Script to perform configuration inside the VM (like installing an application) as part of VM deployment. To illustrate the usefulness of this capability, Microsoft is providing a sample custom script extension that enrolls a VM into an Azure Virtual Desktop session host pool, eliminating manual configuration of the guest agent as its own step. This preview is available for all in-market Arc-enabled Azure Stack HCI.

Azure Stack HCI version 22H2 (preview)

The operating system at the heart of Azure Stack HCI gets a major update with new features and enhancements every year. Next month, the first significant preview of version 22H2 will become available to clusters enrolled in the public Preview channel. Like version 21H2, the new version 22H2 will be available as a free, non-disruptive, over-the-air update for all subscribers when it reaches general availability later this year. Content-wise, the update is focused on fundamental improvements to the core hypervisor, storage, and networking.

Storage replication in stretch clusters is faster, and you can convert existing volumes from fixed provisioning to thin provisioning.

Network ATC has gained new abilities, including automatic IP addressing for storage networks, support for stretch clusters, and better network proxy support.

Hyper-V live migration is faster and more reliable for switchless 2-node and 3-node clusters.

And for new installations, version 22H2 starts with a stronger default security posture, including a stronger set of protocols and cipher suites, Secured-Core Server, Windows Defender application control, and other well-known security features enabled by default right from the start.

Azure Stack Hub

Azure Well-Architected Framework Assessments (preview)

Two pillars of the Well-Architected Framework are available in Preview for Azure Stack Hub on the Microsoft Assessment Platform: Reliability and Operational Excellence. If you are using Azure Stack Hub to deploy and operate workloads for key business systems, it is now possible to answers questions for these pillars within the assessments platform. After completing the assessments, you will be provided with a maturity or risk score, together with prescriptive guidance and knowledge links that suggest possible improvements you could make to your architecture design and score.

The cost model for Azure Stack HCI

Technologies from different vendors are available on the market that allow you to build hyper-converged infrastructures (HCI). Microsoft in this sector offers an innovative solution called Azure Stack HCI, deployed as an Azure service, that allows you to achieve high performance, the latest security features and native integration with Azure services. This article describes how much you need to invest to get the Azure Stack HCI solution and what aspects you can consider to structure the cost model as you like..

Premise: OPEX vs CAPEX

The term CAPEX (contraction from CAPital EXpenditure, ie capital expenditures) indicates the cost of developing or providing durable assets for a product or system.

Its counterpart, operational expenditure or OPEX (from the English term OPerational EXpenditure) is the cost of managing a product, a solution or a system. These are also called costs O&M (Operation and Maintenance) or operating and management costs.

CAPEX costs usually require a budget and a spending plan. Also for these reasons, companies generally prefer to incur OPEX costs, as they are easier to plan and manage.

Clarify these concepts, now let's see the Azure Stack HCI cost model and how to get a totally OPEX model.

Hardware costs

In order to activate the Azure Stack HCI solution, it is necessary to have on-premise hardware to run the dedicated operating system of the solution and to run the various workloads. There are two possibilities:

  • Azure Stack HCI Integrated Systems: determined by the vendor, offer specially structured and integrated systems for this solution, that provide an appliance-like experience. These solutions also include integrated support, jointly between the vendor and Microsoft.
  • Azure Stack HCI validated nodes: implementation takes place using hardware specifically tested and validated by a vendor. In this way you can customize the hardware solution according to your needs, going to configure the processor, memory, storage and features of network adapters, but respecting the supplier's compatibility matrices. There are several hardware vendors that offer suitable solutions to run Azure Stack HCIand can be consulted by accessing this link. Most implementations are done in this way.

Figure 1 - Hardware deployment scenarios

Also for the hardware it is possible to make some evaluations to adopt a cost model based on rental. In fact,, major vendors such as HPE, Dell and Lenovo, are able to offer the necessary hardware in "infrastructure as-a-service" mode, through a payment model based on use.

Azure costs

Despite being running on premise, Azure Stack HCI provides for billing based on Azure subscription, just like any other service in Microsoft's public cloud.

Azure Stack HCI offers a free trial period that allows you to evaluate the solution in detail. The duration of this period is equal to 60 days and starts from when you complete the registration of the cluster environment in Azure.

At the end of the trial period, the model is simple and costs “10 € / physical core / month"*. The cost is therefore given by the total of physical cores present in the processors of the Azure Stack HCI cluster. This model does not provide for a minimum or a maximum on the number of physical cores licensed, much less limits on the activation duration.

Costs for Windows Server machines

The Azure costs listed in the previous paragraph do not include the operating system costs for guest machines running in the Azure Stack HCI environment. This aspect is also common to other HCI platforms, like Nutanix and VMware vSAN. There are two options for licensing Windows Server guest machines in Azure Stack HCI:

  • Buy Windows Server licenses (CAPEX mode), Standard or Datacenter, which include the right to activate the OS of guest virtual machines. The Standard Edition may be suitable if the number of Windows Server guest machines is limited, while if there are several Windows Server guest systems, it is advisable to evaluate the Datacenter Edition which gives the right to activate an unlimited number of virtualized Windows Server systems.
  • Pay for the Windows Server license for guest systems through your Azure subscription, just like in Azure environment. Choosing this option will incur a cost (OPEX) equal to "22.2 € / physical core / month ”* to be able to activate an unlimited number of Windows Server guest systems in the Azure Stack HCI environment.

*Costs estimated for the West Europe region and subject to change. For more details on the costs of Azure Stack HCI you can consult the Microsoft's official page.

Charges for other workloads running on Azure Stack HCI

The result we intend to pursue with the Azure Stack HCI infrastructure is to be able to run in an on-premises environment, not just virtual machines, but the same Microsoft public cloud workloads. To achieve this Microsoft is bringing the most popular Azure workloads to Azure Stack HCI and the following cost considerations apply to each of them:

  • Azure Kubernetes Service: the configuration of the K8s Arc enabled cluster is free **.
  • Azure Arc-enabled data services:
    • For SQL Server, customers can purchase SQL Server licenses in CAPEX mode or, who already has SQL licenses, can use Azure Hybrid Benefit for Azure Arc-enabled SQL Managed Instance, without having to pay the SQL license again.
    • If you want to switch to an OPEX model, you can obtain Microsoft SQL Server licenses through Microsoft's Azure Arc-enabled data services **.
  • Azure Virtual Desktop:
    • User access rights for Azure Virtual Desktop. The same licenses that grant access to Azure virtual desktops in the cloud also apply to Azure Virtual Desktop in Azure Stack HCI.
    • Azure Virtual Desktop Hybrid Service Fee. This fee is charged for each virtual CPU (vCPU) used by Azure Virtual Desktop session hosts running in Azure Stack HCI environment.

**For more details on Azure Arc costs you can consult this page.

Support costs

Azure Stack HCI, being in effect an Azure solution, is covered by Azure support with the following features:

  • A choice is provided between several Azure support plans, depending on your needs. Basic support is free, but in certain scenarios it is recommended that you at least consider Standard support, which provides a fixed monthly cost.
  • Support is provided by a team of experts dedicated to supporting the Azure Stack HCI solution.
  • You can easily request technical support directly from the Azure portal.

Conclusions

Azure Stack HCI allows you to bring cloud innovation into your datacenter and at the same time create a bridge to Azure. In the era of hybrid datacenters, a solution like Azure Stack HCI, allows you to structure the cost model as you wish and to have maximum flexibility. There are several vendors on the market offering solutions to build hyper-converged infrastructures (HCI) hybrid, and Azure Stack HCI can be very competitive, not only from the point of view of functionality, but also from the point of view of costs.

Azure IaaS and Azure Stack: announcements and updates (July 2022 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Ephemeral OS disk support for confidential virtual machines (preview)

The support to create confidential VMs using Ephemeral OS disks is available. This enables customers using stateless workloads to benefit from the trusted execution environments (TEEs). Trusted execution environments protect data being processed from access outside the trusted execution environments.

Azure Archive Storage now available in South Africa North

Azure Archive Storage provides a secure, low-cost means for retaining rarely accessed data including backup and archival storage. Now, Azure Archive Storage is available in South Africa North.

Azure Active Directory authentication for exporting and importing Managed Disks (preview)

Azure already supports disk import and export locking only from a trusted Azure Virtual Network (VNET) using Azure Private Link. For greater security, Microsoft is launching the integration with Azure Active Directory (AD) to export and import data to Azure Managed Disks. This feature enables the system to validate the identity of the requesting user in Azure AD and verify that the user has the required permissions to export and import that disk.

Networking

Azure Gateway Load Balancer

Gateway Load Balancer is a fully managed service enabling you to deploy, scale, and enhance the availability of third party network virtual appliances (NVAs) in Azure. You can add your favorite third-party appliance whether it is a firewall, inline DDoS appliance, deep packet inspection system, or even your own custom appliance into the network path transparently.
With Gateway Load Balancer, you can easily add or remove advanced network functionality without additional management overhead. It provides bump-in-the-wire technology that ensures all traffic heading to a public endpoint is sent to an appliance before it reaches an application. Gateway Load Balancer supports flow symmetry and source IP preservation. As a result, packets traverse the same network path in both directions, enabling stateful appliances, and your traffic remains transparent to both your appliances and your application.
Gateway Load Balancer is now generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.

Disaster recovery with Azure VMware Solution

The adoption of flexible and cutting-edge solutions to achieve greater stability, continuity and resilience of the main application workloads that support the company business is an important goal to pursue. Azure VMware Solution (AVS) is the service designed, made and supported by Microsoft and approved by VMware, which allows customers to use physical VMware vSphere clusters hosted in Azure. This article describes the main Azure VMware Solution adoption scenarios to meet disaster recovery needs.

The Azure VMware solution can be contemplated to address different scenarios, including the implementation of disaster recovery and business continuity plans (BCDR). The following diagram is useful for guiding the possible choices in this area at a high level:

Figure 1 - Diagram to guide choices in the BCDR area

Disaster Recovery Strategies Considerations

First of all, it helps to align business requirements with RPO, RTO and with the availability of IT resources. An effective Disaster Recovery plan must be designed to achieve these goals by adopting the most appropriate technologies. About this, the adoption of native BCDR solutions for applications can be evaluated, for example SQL Always On availability group or SAP HANA System Replication (HSR), or non-native solutions such as VMware Site Recovery Manager (SRM) and Azure Site Recovery.

Azure VMware solution should be evaluated if, in enterprise environments, there are particularly stringent requirements in terms of RPO and RTO. Otherwise, you can use Azure Site Recovery or rely on system recovery using the Data Protection solution you are using.

Disaster Recovery Solutions using Azure VMware Solution

To implement disaster recovery plans using Azure VMware Solution, it is possible to adopt native VMware solutions or third-party solutions.

VMware Site Recovery Manager (SRM)

VMware Site Recovery Manager is an automation solution, which integrates with underlying replication technology, able to offer:

  • Recovery test without service interruptions
  • Workflow able to carry out the orchestration of DR plans in an automated way
  • Automatic reset of network and security settings (integration with VMware NSX)

The solution offers the possibility to insure, in a simple and reliable way, restore and move virtual machines between multiple VMware sites with little or no downtime.

Site Recovery Manager requires one of the following replication technologies to orchestrate virtual machine recovery operations:

  • VMware vSphere Replication: replication focused on VMs and based on the hypervisor. It is the solution natively integrated with Site Recovery Manager and included in most versions of vSphere.
  • Third party solutions: Site Recovery Manager uses plug-in SRA (Storage Replication Adapter) developed by storage partners for integration with third-party systems.

Site Recovery Manager (SRM) for Azure VMware Solution (AVS) is able to automate and orchestrate failover and failback processes in the following Disaster Recovery scenarios:

  • On-premise VMware to Azure VMware Solution private cloud disaster recovery.
  • Primary Azure VMware Solution to a secondary disaster recovery Azure VMware Solution private cloud.

Furthermore, thanks to the possibility of carrying out failover tests, without generating interruptions on the production environment, it is possible to periodically guarantee the achievement of the objectives, related to the recovery time, required for disaster recovery plans. In this scenario SRM is licensed and supported directly by VMware.

For further details you can consult this Microsoft's document.

VMware HCX Disaster Recovery (DR)

Although the VMware HCX solution can be used with the Azure VMware Solution private cloud as a recovery target or destination, this possibility should only be considered in particular cases. In fact,, the adoption of this solution is not recommended for large environments, as the orchestration of activities during disaster recovery is totally manual. Currently the AVS solution does not have runbooks or features that can support failover operations during a disaster recovery. For enterprise DR scenarios it is therefore recommended to use the VMware Site Recovery Manager solution (SRM) or the third-party solutions described in the following paragraph. For more details about DR with VMware HCX you can consult this Microsoft's document.

Third party solutions

Microsoft, in order to guarantee its customers the opportunity to make the most of the investments made in skills and technologies, has partnered with some of the industry's leading partners to ensure integration and support. Among the main third-party solutions that can be used we find:

The adoption of some of these solutions, like JetStream, can also be advantageous in terms of cost, as Azure Blob Storage is used to keep copies of virtual machines and related data.

Figure 2 - DR operations with solutions such as JetStream

The data written by the virtual machines locally is replicated directly to an Azure Blob Storage and the resources of the DR infrastructure are not needed until a disaster occurs (or when a test is required) which prompts you to initiate the disaster recovery procedure. This approach implies that costs are minimized, with a consequent reduction in infrastructure costs compared to alternative DR solutions.

When an event occurs that involves the activation of the DR plan, the application and configuration data stored in the Blob Storage come quickly “rehydrated” in a vSphere cluster activated in AVS, allowing applications to resume operation in AVS.

Conclusions

When you need to develop a disaster recovery solution, each company has specific requirements to be respected and unique preferences on where to place workloads and how to manage the emergency plan. Azure VMware Solution (AVS) can be used flexibly according to different implementation models, easily integrating with both native VMware solutions and third-party solutions. This allows, to organizations at the enterprise level, to be able to rely on Azure VMware Solution for their DR scenarios, with the guarantee of obtaining effective protection and respecting corporate objectives in the Disaster Recovery field.

How to modernize your infrastructure and get the benefits of Azure with a single on-premises server

Azure Stack HCI is the Microsoft solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment and that provides a strategic connection to various Azure services. Microsoft recently introduced the ability to create an Azure Stack HCI cluster consisting of a single server. This possibility opens up new scenarios regarding the adoption of this solution. This article reports the main use cases, the aspects to consider and the benefits that can be obtained by activating Azure Stack HCI on a single server system.

In a hyper-converged infrastructure (HCI), several hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. In this way there is a transition from a traditional "three tier" infrastructure, composed of network switches, appliance, physical systems with onboard hypervisors, storage fabric and SAN, toward hyper-converged infrastructure (HCI).

Figure 1 – "Three Tier" Infrastructure vs Hyper-Converged Infrastructure (HCI)

Azure Stack HCI is a stack made up of hardware and software that customers also use for the potential of simple integration with the Microsoft Azure cloud.

Use cases of Azure Stack HCI consisting of multiple nodes

The use of a standard Azure Stack HCI configuration consisting of multiple nodes is suitable if:

  • You want to modernize your infrastructure, adopting a simple hyper-converged architecture based on established technologies. Ideal for both existing workloads in the main datacenter and for branch office scenarios that require high resilience.
  • You want to provide for an extension of the functionality of the on-premises solution, which guarantees resilience, connecting to Azure. This aspect guarantees a constant innovation, the evolution of cloud services and the possibility to take advantage of a common set of tools, simplifying the user experience.
  • You want a suitable solution to host workloads that require high performance and high scalability.
  • It is considered useful to innovate your datacenter, as you have the ability to activate AKS clusters and deploy cloud native apps and Azure Arc-enabled services in high availability. All this thanks to the tight integration of AKS in the Azure Stack HCI environment.

Figure 2 - Use cases of Azure Stack HCI with multiple nodes

Use cases of Azure Stack HCI with a single node

Thanks to the possibility of activating an Azure Stack HCI cluster even with a single server, it is possible to contemplate new usage scenarios, including:

  • Activation of Azure Stack HCI in environments where there are no particular needs in terms of resilience, such as branch offices.
  • Adoption of a solution in environments where the ability to scale easily is required, starting initially from a single node to potentially go up to 16 nodes, if necessary.
  • Need to activate a solution with a small footprint, perhaps in locations with physical space constraints and at the same time allowing to keep hardware costs and operating costs low.
  • Ability to create and maintain test and development environments more easily.

Comparison between single node and multi-node Azure Stack HCI clusters

From the point of view of functionality, Azure Stack HCI clusters made up of a single node offer a feature set that is very similar to traditional clusters made up of multiple nodes, like:

  • Native integration with Azure Arc, key element for innovation and modernization of the infrastructure.
  • Ability to add servers horizontally to increase the scalability of the cluster environment.
  • Integration with Azure services.
  • Support for the same workloads, like Azure Virtual Desktop (AVD) and Azure Kubernetes Service (AKS).

For a complete comparison of the features you can consult this Microsoft's document.

Single node Azure Stack HCI clusters currently have the following limitations:

  • Installation must be done using PowerShell commands and configuration support is not yet available through the Windows Admin Center.
  • They are resilient to some errors, for example the presence of a failed disk, but the limited capabilities in terms of resilience dictate that they must be composed of only one type of disk drive, NVMe or SSD (not combinable with each other). This implies that there is no possibility of having cache levels.
  • Not all hardware vendors currently have supported solutions. To check availability, you can consult the Microsoft catalog of Azure Stack HCI solutions.

Conclusions

The possibility of activating an Azure Stack HCI cluster with only one physical server introduces greater flexibility and greatly expands the possibilities of adopting this solution. Furthermore, this choice denotes how Azure Stack HCI is the future of virtualization and software-defined solutions at Microsoft. By adopting Azure Stack HCI it is possible to bring innovation even within your datacenter thanks to a solution that is constantly updated and able to easily integrate with Azure services.

Azure IaaS and Azure Stack: announcements and updates (July 2022 – Weeks: 25 and 26)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Create an additional 5000 Azure Storage accounts within your subscription (preview)

Azure Storage is announcing public preview of the ability to create an additional 5000 Azure Storage accounts per subscription per region. This is a 20 times increase from the current limit of 250 and helps you create several hundred or thousand storage accounts to address your storage needs within a single subscription, instead of creating additional subscriptions.

Azure Stack

Azure Stack HCI

Network ATC is now publicly available with Azure Stack HCI 21H2

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

  • How do I configure or optimize my adapter?
  • Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
  • Are all nodes in the cluster the same?
  • Are we following the best practice deployment models?
  • (And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

  • Reduce host networking deployment time, complexity, and errors
  • Deploy the latest Microsoft validated and supported best practices
  • Ensure configuration consistency across the cluster
  • Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

Azure Management services: what's new in June 2022

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

A new version of the Azure Monitor Agent was released this month (AMA) and of Data Collection Rules (DCR) for Linux systems (v1.19.3), which introduces in particular support for recent distros, like Ubuntu 22.04, Rocky Linux, and AlmaLinux.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Azure Arc

Windows Admin Center from the Azure portal for Azure Arc servers (preview)

Using Windows Admin Center from the Azure portal, it is now also possible to manage the Microsoft Azure Arc-enabled infrastructure.

Azure Arc-enabled System Center Virtual Machine Manager (preview)

System Center Virtual Machine Manager (VMM) has been used for several years to configure, manage and transform on-premises data centers. Microsoft has announced the availability of Azure Arc-enabled System Center Virtual Machine Manager. This is a new Azure Arc feature that allows on-premises environments, managed by System Center Virtual Machine Manager, to be connected to Azure, thus unlocking Azure-based self-service. In this way, VMM-controlled on-premises virtual machines can be created, managed and deleted, in on-premises System Center Virtual Machine Manager deployments, via the familiar Azure portal or using ARM templates, thus ensuring a consistent experience.

Machine Learning with Azure Kubernetes Service and Arc-enabled Machine Learning

With a simple distribution of the cluster extension in an AKS environment or on Kubernetes clusters (Arc Kubernetes) Azure Arc enabled, the cluster is supported in Azure ML.

Azure Key Vault secrets provider on cluster Kubernetes Azure Arc enabled

The extension Azure Key Vault (AKV) Secrets Provider allows you to retrieve the secrets, keys and certificates from an Azure Key Vault in a Kubernetes cluster connected to Arc. This feature eliminates the need to store and maintain secrets locally on K8s clusters, relying on AKV as a centralized solution for secret management.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

  • Defender for Azure Cosmos DB
  • Defender for SQL on machines in AWS and GCP environments

Protect

Azure Backup

Multiple backups per day for Azure VMs

Azure Backup allows you to create advanced policies to take multiple snapshots of virtual machines per day. Now, to address the need to protect mission-critical workloads aboard virtual machines, there is the possibility of reducing the RPO parameter up to four hours. Thanks to this feature, you can also get a higher retention with regards to instant restore. In fact,, the policy is designed to offer from seven-day instant recovery retention (default duration) up to a maximum of thirty days.

Multi-user authorization for recovery services vault

Multi-user authorization (MUA – Multi User Authorization) for Azure Backup adds an additional layer of protection for critical operations on recovery service vault, providing greater security regarding backups. To provide multi-user authorization, Azure Backup has introduced a resource protection mechanism that ensures that critical operations are performed only if you have obtained the appropriate permission. In this way, Azure Backup provides better protection against operations that could lead to potential loss of backup data, including:

  • Disabling soft delete and hybrid security settings
  • Disabling the protection of multi-user authorization
  • Edit backup policies (to reduce the conservation)
  • Changing the security (to reduce the conservation)
  • Interruption of protection with the deletion of data
  • Changing the MARS security PIN

The backup administrator, which typically holds the recovery services vault, must obtain the role of contributor in the protection of the resources to be able to perform the above protected operations (critical operations). This also requires the action of the resource protection owner to approve and grant the requested access. Furthermore, it is also possible to use Azure AD Privileged Identity Management to manage just-in-time access in resource protection. Finally, it is allowed to create the resource guard in a subscription or tenant other than the one where the recovery services vault resides, to achieve an additional level of isolation.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (June 2022 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Trusted launch support for virtual machines using Ephemeral OS disks

Trusted launch virtual machine (VM) support for VMs using Ephemeral OS disks improves the security of generation 2 VMs in Azure.

Storage

Azure NetApp Files datastores for Azure VMware Solution (preview)

The public preview of Azure NetApp Files datastores for Azure VMware Solution (AVS) is available. This new integration between Azure VMware Solution and Azure NetApp Files will enable you to create datastores via the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes and mount the datastores on your private cloud clusters of choice. Along with the integration of Azure disk pools for Azure VMware Solution, this will provide more choice to scale storage needs independently of compute resources. For your storage-intensive workloads running on Azure VMware Solution, the integration with Azure NetApp Files helps to easily scale storage capacity beyond the limits of the local instance storage for AVS provided by vSAN and lower your overall total cost of ownership for storage-intensive workloads.

Azure NetApp Files: feature general availability and feature expansion of regional availability

To meet the demanding requirements of enterprise mission-critical workloads, new features are constantly added to Azure NetApp Files and previously released preview features are moved into general availability. The following capabilities are recently generally available and no longer need registration for use: AES encryption for AD authentication, Backup policy users, Administrators privilege users, and Dynamic change of service level. Additionally, feature regional coverage continues to expand for Azure NetApp Files cross-region replication. The following are the cross-region replication region pair additions: Brazil South and South Central US, West US 3 and East US, Australia Central and Australia Central 2, France Central and West Europe. Also, regional coverage has expanded for Azure NetApp Files for standard network features. The following regions are standard network feature additions: Australia Central, Australia Central 2, Australia Southeast, East US 2, France Central, Germany West Central, North Europe, West Europe, West US 2, and UK South.

Networking

Azure Firewall updates

The following updates are available for Azure Firewall:

  • Intrusion Detection and Prevention System (IDPS) signatures lookup
  • TLS inspection (TLSi) Certification Auto-Generation
  • Web categories lookup
  • Structured Firewall Logs
  • IDPS Private IP ranges (preview)

Azure WAF policy and DDoS management in Azure Firewall Manager

Azure Firewall Manager now supports managing DDoS Protection Plans for virtual networks and Azure Web Application Firewall (Azure WAF) policies for application delivery platforms: Azure Front Door and Azure Application Gateway.

Azure Virtual Network Manager in nine new regions (preview)

Azure Virtual Network Manager helps you create your desired topologies like hub and spoke and mesh with just a few clicks. The security admin rules feature allows you to enforce security policies throughout your organization. You can create an Azure Virtual Network Manager instance in nine more regions and manage your virtual networks at scale across regions, subscriptions, management groups, and tenants globally from a single pane of glass.

Private link support in Azure Application Gateway (preview)

With private link support, incoming traffic to an Azure Application Gateway frontend can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link. Traffic between private endpoints in your virtual network and your Application Gateway will traverse a secure and private connection.

ExpressRoute IPv6 Support for Global Reach (preview)

IPv6 support for Global Reach unlocks connectivity between on-premise networks, via the Microsoft backbone, for customers with dual-stack workloads. Establish Global Reach connections between ExpressRoute circuits using IPv4 subnets, IPv6 subnets, or both. This configuration can be done using Azure Portal, PowerShell, or CLI.

Network Watcher packet capture support for virtual machine scale sets (preview)

Azure Network Watcher packet capture announces support for virtual machines scale sets. This is as an out of the box, on-demand capability, enabling faster diagnostics and troubleshooting of networking issues.

Connection Monitor Support for virtual machine scale sets

Azure Network Watcher Connection Monitor announces support for virtual machine scale sets which enables faster performance monitoring and network troubleshooting through connectivity checks.

ExpressRoute Direct and Circuit in different subscriptions (preview)

Generate an authorization for the ExpressRoute Direct resource and redeem the authorization to create an ExpressRoute Circuit in a different subscription and/or Azure Active Directory Tenant. This feature is currently available in public preview.

Effective Disaster Recovery plans with Azure

The core business of a company, in most cases, is deeply dependent on the IT solutions used, therefore it becomes important to structure your infrastructure to cope with accidents of any nature, even the most remote, which could cause damage, an interruption or loss of data. This article describes how, thanks to Azure and the solutions offered by Microsoft's public cloud, effective disaster recovery plans can be developed to better protect all environments, even non-homogeneous ones, providing the ability to easily orchestrate and test all scenarios.

Azure Site Recovery overview (ASR)

The solution Azure Site Recovery (ASR) allows you to implement disaster recovery strategies that, in case of necessity, can keep applications running and restore normal working conditions. In fact,, Azure Site Recovery favors the implementation of Disaster Recovery strategies in heterogeneous environments, orchestrating near real-time replicas of systems to Microsoft Azure and, within Azure, between regions or between different availability zones. This solution allows you to minimize downtime and recovery times, all in a safe way and through a simple and economically advantageous management.

Figure 1 - Main features of ASR

If there are outages in the primary data center with ASR, you can start a failover process to keep workloads accessible and available. Furthermore, when it will be possible to use the resources in the primary data center again, ASR will allow you to govern the failback process.

ASR is a complete solution that allows you to cover different protection scenarios:

Figure 2 - Possible scenarios for the adoption of ASR

To evaluate in detail all the features offered by ASR you can consult this official Microsoft document.

Main strengths of ASR and integration with other solutions

Among the main advantages that can be obtained with the adoption of this solution we find:

  • Cost optimization as only the virtual machine disks are replicated on Azure. The activation of VMs, with a consequent generation of consumption, occurs only during tests and in the case of DR.
  • Simplify the process of creating disaster recovery plans. In fact, in the recovery plans is possible to include scripts and runbooks present in Azure Automation so that you can model and customize the DR procedures for applications with complex architectures.
  • High flexibility thanks to the potential of the solution that allows you to orchestrate replicas of virtual machines running in different environments.
  • Thanks to the ability to replicate workloads directly on Azure, you can consider completely eliminating a secondary data center built only for disaster recovery purposes.
  • Periodic execution of failover tests to validate the effectiveness of the recovery plans implemented, without giving any impact to production application environment.

ASR is strongly integrated with various native solutions and technologies of the Azure platform, thus being able to guarantee a complete and secure solution, as shown in the following image:

Figure 3 - Main Azure functionalities that can be used in ASR

Furthermore, ASR can also be easily integrated with other BCDR technologies (Business Continuity and Disaster Recovery) already existing in the company, in order to guarantee a complete and effective DR strategy.

When dealing with the issue of Disaster Recovery, in the presence of VMware environments, it is also possible to evaluate theadoption of the Azure VMware solution (AVS), in particular considering the integration with VMware Site Recovery Manager (SRM), as described in this article.

Furthermore, in the presence of Azure Stack HCI it is possible to take advantage of the disaster recovery features inherent in the solution and, starting with version 21H2 of Azure Stack HCI, there is also official support for Azure Site Recovery.

The business value of Azure Site Recovery

To analyze the return on investment (ROI) associated with the adoption of Azure Site Recovery and Azure Backup, you can consult this IDC white paper sponsored by Microsoft. The paper highlights how Azure is being used by various companies across various industries for:

  • Optimize overall performance, the speed and reliability of operations related to backups and disaster recovery.
  • Reduce unplanned downtime and consequently business risks, increasing productivity up to 93%.
  • Achieve an estimated five-year ROI up to 370%, with higher levels of team efficiency, faster application development and greater savings on personnel and infrastructure costs.

Other important aspects

To make the Disaster Recovery strategy effective and functional, the following aspects must also be taken into consideration:

  • The data protection policies in place to implement an appropriate synergy. In fact, backups can be an integral part of the DR strategy.
  • Enabling a monitor system useful for identifying problems, their impact and causes. Useful aspects for evaluating the need for activation of the DR strategy.
  • Periodic tests, updating of documentation and training on the staff involved.

Conclusions

Often we are faced with a challenging activity aimed at determining which solution is most appropriate to meet your needs in the activation of disater recovery plans. Microsoft, as a proprietary provider of Data protection as a service solutions (DPaaS) on the Azure platform, can accurately meet various corporate data protection requirements. In particular, with Azure Site Recovery it is possible to contemplate different protection scenarios in an effective and flexible way, ensuring high standards regarding the security of data and sensitive information.