Category Archives: Datacenter Management

Azure IaaS and Azure Stack: announcements and updates (June 2022 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

DCsv3 and DCdsv3 series Virtual Machines

Confidential computing DCsv3 and DCdsv3-series virtual machines (VMs) are generally available.

Switzerland North Availability Zones

Availability Zones in Switzerland North are made up of three unique, physically separated, locations or “zones” within a single region which bring higher availability and asynchronous replication across Azure regions for disaster recovery protection. Availability Zones give you additional options for high availability for your most demanding applications and services as well as confidence and protection from potential hardware and software failures.

Azure Ebsv5 now available in 13 additional regions

Azure Virtual Machines Ebsv5 and Ebdsv5 are now available in 13 additional regions: South Africa North, France Central, Central India, Korea Central, Germany West Central, UK West, South India, Canada East, Australia Central, Japan West, Switzerland North, Norway East and UAE North.

Azure NC A100 v4 virtual machines for AI

Azure NC A100 v4 series virtual machines (VMs) are now generally available in US East 2, US East, Southeast Asia, and West Europe. These VMs, powered by NVIDIA A100 80GB Tensor Core PCIe GPUs and 3rd Gen AMD EPYC™ Milan processors, improve the performance and cost-effectiveness of a variety of GPU performance-bound real world AI training and inferencing workloads.

Storage

Storage optimized Azure VMs deliver higher performance for data analytics

Microsoft is announcing the general availability of new storage optimized Azure Virtual Machines. The new Lasv3 and Lsv3 VM series have been engineered to run workloads that require high throughput and high IOPS, including big data applications, SQL and NoSQL databases, distributed file systems, data analytics engines, and more.

Networking

Azure Bastion IP based connection

Azure Bastion now supports connectivity to Azure virtual machines or on-premises resources via specified IP address. When IP based connection feature is enabled, Azure Bastion can be used to RDP/SSH into an on-premises resource over ExpressRoute and Site-to-Site VPN.

Manage Azure Web Application Firewall policies in Azure Firewall Manager (preview)

Azure Firewall Manager now supports Azure Web Application Firewall (Azure WAF) policies for application delivery platforms, Azure Front Door, and Azure Application Gateway.

Enhanced IPv6 functionality for MultiValue profiles in Azure Traffic Manager

Azure Traffic Manager now enables you to specify minimum children property separately for IPv4 and IPv6 endpoints for MultiValue profiles.

Azure Private Link support in Azure API Management

With Azure Private Link support in Azure API Management, you can now integrate clients in a virtual network privately.

Azure Stack

Azure Stack HCI single-node

At Build 2022, Microsoft announces the new single-node offering that provides additional options for business scenarios with different requirements. The new single-node Azure Stack HCI fulfills growing hybrid infrastructure needs in remote locations while maintaining the innovation of native integration with Azure Arc. Specifically, this new configuration offers flexibility to deploy the stack in smaller spaces and with less processing needs, optimizing resources while still delivering quality and consistency.

Additional benefits of Azure Stack HCI single-node include:

  • Smaller Azure Stack HCI solutions for environments with physical space constraints or that don’t require built-in resiliency, like retail stores and branch offices.
  • A smaller footprint reduces hardware and operational costs.
  • Solutions can be built to scale, ranging from single-node up to 16 nodes if needed.

Azure Management services: what's new in May 2022

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements summarized and accompanied by the necessary references to be able to carry out further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Govern

Azure Arc

Support for private endpoints for Azure Arc-enabled servers

Private endpoints for Azure Arc-enabled servers allow you to manage Windows and Linux servers from Azure without having to send network traffic over the Internet, thus ensuring greater security. The servers can be configured for the use of a private endpoint by associating them with an Azure Arc Private Link Scope and connecting the on-premises network to an Azure virtual network using a site-to-site VPN or Express Route.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for Azure virtual machines with trusted launch technologies

Trusted launch is a simple method, to improve the security of second generation virtual machines, which allows you to get protection from advanced attack techniques, combining technologies that can be independently enabled, such as secure boot and the virtualized version of the Trusted Platform Module (vTPM). Azure Backup introduced support for protecting Azure VMs with trusted launch features enabled.

Support for disks that use the Write Accelerator functionality

Azure Backup is now able to protect disks with the Write Accelerator feature enabled. These disks are widely used by Azure customers with virtual machines (VM) M series to improve I / O latency of writes over Azure Premium storage.

Migrate

Azure Migrate

New migration features for applications (preview)

The Azure Migrate tool has been integrated with additional features that simplify the movement of applications from on-premises environments to Azure App Service and to the Azure Kubernetes service. The bulk migration capabilities of Azure App Service allows you to:

  • Do the discovery and assessment of ASP.NET Web apps, ranking which apps are ready for migration
  • Suggest a destination for migration
  • Do the discovery and assessment for the migration of Java Tomcat applications to the Linux App Service services and to the Azure Kubernetes Service.
  • Containerize ASP.NET web apps and move them to Windows containers on App Service or Azure Kubernetes Service.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

SAP solutions in Azure environment: opportunities and advantages to be seized

Microsoft and SAP can boast a partnership of over 25 years dedicated to ensuring customer success in adopting their solutions. In light of the latest announcements made, the synergy between these IT giants is now mainly focused on helping customers to use SAP in a Microsoft Azure environment, so you can grow and innovate even faster. This article describes the main opportunities and benefits that can be obtained by running SAP workloads in Azure.

The reasons for running SAP workloads on Azure

There are several reasons that can push a customer to use Azure, rather than any other public cloud, for the execution of SAP workloads:

Figure 1 - Top reasons for running SAP workloads on Azure

In the following paragraphs we will explore the four main reasons that make Azure emerge as an ideal platform for hosting SAP workloads.

Azure is a proven and certified cloud platform for SAP

With Azure you can easily get agility and efficiency thanks to a SAP tested and certified cloud platform. In fact,, Azure allows you to run mission-critical SAP applications with performance, the scalability and reliability required by the most demanding companies.

Azure is available in addition 65 geographic areas around the world, more than any other cloud service provider, and Microsoft owns one of the largest global networks, with over 175.000 miles of fiber (on land and underwater). Furthermore, are present beyond 160 edge sites and pairing points that allow customers to easily extend their networking in hybrid mode.

The following map outlines the Azure deployment globally:

Figure 2 - Azure on a global scale

The list of Azure regions and edge sites is constantly expanding.

Microsoft, having worked closely with SAP and its customers, is now able to provide awide range of options to activate SAP certified virtual machines. In fact,, no matter how big or small your SAP workload is and if you are running SAP on SQL, Oracle or SAP HANA, in Azure you always have the option to choose the option that best suits your needs. Azure was also the first cloud to introduce bare metal solutions using SAP HANA Large instances in the distant past 2016 and now boasts the ability to activate Optane Large instances.

Figure 3 - Scalable options for SAP workloads

In addition to scalability, it is also important to take into account the availability of SAP workloads. With Azure you can evaluate options like a true leader in the sector, ranging from 99,9% of SLA for a non-mission-critical system on a single virtual machine, up to the 99,99% SLA for a pair of virtual machines distributed on different Azure availability zones. Furthermore, it is possible to contemplate disaster recovery plans using different regions of Azure.

Figure 4 - Industry-leading options for SLA and high availability

SAP workloads, as well as requiring high performance from a computational point of view, also need high performance storage for persistence and, in the case of AnyDB, also for transaction processing. Also in the storage area, Azure is able to offer different options to meet your important SAP performance needs, up to the adoption of Azure Ultra Disks, also certified for SAP HANA. Those who use NetApp in an on-premises environment for SAP workloads, in order to guarantee the same set of features, can evaluate the adoption of Azure NetApp Files, the bare metal storage offering created by Microsoft and NetApp, which is certified for scale-out of the SAP HANA VM with a standby node.

Figure 5 - Storage options for demanding SAP performance

The management of the IT environment, both in the cloud and in an on-premises environment, is complex and demanding. Azure offers a complete set of services and tools to organize, manage and govern physical machines and virtual systems present in different environments.

Figure 6 - Bult-in options in Azure for SAP resource management

In particular, Azure offers the following possibilities for SAP workloads:

  • Monitoring: throught Azure Monitor Log Analytics, Application Insights, Network Watcher and other monitoring tools. With Azure Monitor for SAP HANA it is possible to combine data from SAP HANA systems with data from the rest of the infrastructure.
  • Automation: ability to create automations and standardize deployment processes and techniques.
  • High availability: possibility to use Azure Backup and Azure Site Recovery solutions for SAP workloads. In particular, Azure Backup makes it easy to back up and restore SAP HANA databases running on Azure virtual machines and isBackInt certificate from SAP. For more information about SAP HANA backups on Azure VMs you can consult the Microsoft's official documentation.
  • Governance: as part of the governance of SAP workloads in Azure, it is possible to address the following disciplines:
    • Cost management
    • Security and compliance baseline
    • Identity management
    • Acceleration of deployment processes and consistency of the resources created

All of these solutions are integrated into the Azure platform and no third party solutions are required.

Azure offers world-class security and compliance solutions

Microsoft provides Azure to customers as a cloud platform, but at the same time, being also a security provider, can guarantee first-rate security and compliance features. Microsoft's approach to security in Azure has the following characteristics:

  • Integrated: the security features are perfectly integrated into the Azure platform, in all cloud resources and on all levels of architecture. Activation is simple and offers centralized management, with the ability to manage automations to respond effectively to security attacks.
  • Modern: the security features are also based on artificial intelligence, analyzing trillions of signals collected across Microsoft's entire security portfolio, and take full advantage of the scalability of the cloud.
  • Holistic: It's not limited to Azure security alone, but it extends to the entire organization. It works by adapting to the environment to be protected, also for hybrid environments and distributed on multiple clouds and on different platforms, providing advanced controls and global visibility.

Microsoft offers security levels that act on different fronts:

Figure 7 - Areas and related security solutions

In addition to the security of the infrastructure, it is known that identity is at the heart of security and therefore must be properly managed. With Azure Active Directory, you have the ability to federate the Active Directory environment on-premises and to offer Single Sign-On functionality for all applications.

Figure 8 - Azure Active Directory to manage identity security

This means that you can offer users a’unique and secure login experience to all business applications, both locally and in the cloud. In particular, for an in-depth analysis of possible scenarios and how to manage utilities when you have Microsoft and SAP in the company, I refer you to this interesting article "SAP and Microsoft user management".

In addition to security, there are other strengths of Azure that pertain to the privacy and the transparency on how Microsoft manages the cloud environment. In fact,, Microsoft has a large portfolio of compliance and, with over 90 international and industry-specific certifications, is a leader in this sector.

Figure 9 - Example of some Azure compliance certifications

For further information you can consult theAzure Trust Center.

Azure enables application innovation

Once customers run SAP workloads in Azure environment in a secure and compliant manner, can better manage the integration of SAP data and applications with non-SAP data, so you can get more information and drive digital transformation. Data is a strategic resource for the company and, as the Harvard Business Review Analytic Services report, companies that embrace a data-driven culture experience a four-fold improvement in revenue performance and better customer satisfaction.

Here is a typical path that a customer who uses SAP in an Azure environment can take:

Figure 10 - Path to increase business value with SAP on Azure

In the first stage a greater value to the data. In fact,, in Azure, customers can use advanced technologies to do data analysis and machine learning solutions to take advantage of traditional data silos in their organization.

At a later stage you can start the’application innovation. In fact,, digital transformation can also be achieved by integrating SAP applications with other environments, like Teams or Azure IoT, going to create new user experiences.

One of the reasons customers choose to run SAP solutions on Azure is the ability to integrate this environment with other solutions in the Microsoft product ecosystem, which allows you to accelerate the adoption of cloud technology and the time for innovation.

Figure 11 - Integration of SAP solutions into the Microsoft ecosystem

Established and trusted partnership capable of delivering enterprise-class SAP cloud solutions

The cloud partnership between SAP and Microsoft is able to offer a solid basis for developing a structured ERP system migration project in Microsoft Azure environment. The two companies work closely together following a joint path of innovation and integration.

Figure 12 - Elements of value given by the partnership

Furthermore, the fact that SAP chose Microsoft Azure to migrate their core business processes to the public cloud and alike, Microsoft running the main business processes on SAP in the Azure environment is an important signal of collaboration and mutual trust. Finally, a collaborative support model has been developed and the 25 years of customer support ensure that there is also all the necessary experience to support SAP in the Microsoft Azure environment.

Benefits

Many customers migrating their workloads to Azure report significant cost savings:

Figure 13 - SAP cost optimization thanks to Azure

These savings are mainly given by:

  • Absence of over-provisioning: moving SAP workloads to Azure, customers realize savings by switching from a CapEx model and over-provisioning, to a flexible OpEx model, where they pay only for what they really use and need.
  • Automated activities: eliminating the need to manage common data centers and maintain hardware, customers are able to dedicate their IT staff to the most value-added activities.

In addition to making costs more efficient, IT can respond faster to the business and help achieve better business results. Among the immediate benefits is a general performance improvement and one more flexibility to scale dynamically. Finally, moving data to the cloud, it's possible simplify the analysis processes and have greater ability to innovation.

Some successful cases

There are numerous customers, from every sector and from every part of the world, who run their SAP solutions in a Microsoft Azure environment to manage their core business activities.

Figure 14 - Customers running SAP solutions on Azure

Analyzing these customers, we see the presence of a large number of companies that fall into Fortune 500, the annual list compiled and published by Fortune magazine that ranks the 500 largest US corporate firms measured by their turnover.

Finally, to explore the business results and cost savings that companies achieve with SAP in Azure you can consult this study, commissioned and conducted by Forrester Consulting. The study shows how an organization was able to obtain an expected return on investment of the 112% in three years.

Conclusion

Those who manage on-premises SAP workloads may have perplexities and concerns when wondering if the cloud can truly meet the needs of these mission-critical environments. Microsoft Azure, thanks to the possibilities offered in terms of scalability, availability and performance is certainly the ideal choice to ensure an exceptional experience in running SAP workloads. Furthermore, the ability to manage these infrastructures with simple tools, to ensure a secure and robust ecosystem for SAP data, coupled with potential cost savings, are all elements that proclaim Azure as the ideal platform for hosting SAP workloads, more than any other public cloud.

The evolution of a traditional file server thanks to the potential offered by Azure

The file server continues to be a strategic and heavily used component in our customers' datacenters. Often we are looking for modern solutions that allow you to effectively and functionally centralize the network folders of your infrastructure, while maintaining characteristics in terms of performance, compatibility and flexibility. This article explores the features of the Azure File Sync solution, which allows you to benefit from the potential offered by the Microsoft Azure public cloud as regards synchronization, the provision and protection of file server contents.

The challenges of traditional file servers

Using file servers in traditional mode to provide users with a repository to store content, we often find ourselves in the conditions of:

  • adopt legacy solutions that are inflexible and inefficient
  • having to host a large number of rarely accessed archive folders in their data centers
  • deliver content in an ineffective way in multi-site contexts
  • have difficulty in quickly restoring the provision of the service in the event of faults, security issues or major outages

The principles of operation of Azure File Sync

Azure File Sync is a solution that allows you to centralize the network folders of your infrastructure in Azure Files, maintaining flexibility, the performance and compatibility of a traditional Windows file server. Although there is the possibility to choose to keep a complete copy of your data in an on-premises environment, Azure File Sync allows you to transform Windows Server into a "cache" to quickly access the content on a given Azure file share: in this case all the files are present in the cloud, while the most recent files are also present on the on-premises file server.

Figure 1 – Azure File Sync architecture

Local access to data can occur with any protocol available in Windows Server, such as SMB and NFS. Furthermore, you have the possibility of having multiple "cache" servers located in different geographic locations. Finally, is allowed to directly access content on the File Share from other Azure resources (IaaS and PaaS).

Figure 2 - Access to content in Azure File share

Benefits of Azure File Sync

Among the benefits that can be obtained by adopting the Azure File Sync solution we find:

  • Cloud tiering: are maintained locally only recently accessed data. This allows you to control the amount of disk space used on-premises for storing content. Consequently, cost savings for local storage are achieved, as only part of the data will be stored locally. Files in the cloud can always be quickly retrieved on demand, without interruptions for the user, thus ensuring an optimal experience.
  • Synchronization and multi-site access: you have the option to sync between different sites, allowing to write access to the same data between different Windows Server and Azure Files.
  • Disaster recovery and business continuity: you have the possibility to immediately restore the file metadata and to recall only the necessary data, for faster service reactivation in Disaster Recovery scenarios. Furthermore, Azure File offers several possibilities when it comes to data redundancy.
  • Backup cloud-side: becomes invalid the need to back up data on premises. Content protection can be done directly in the cloud, as described in the following paragraph. This means that it is possible to obtain a reduction in costs with regard to the hardware and software used to perform the on-premises backup.

Azure File share protection

The ability to enable the Cloud Tiering makes Azure File Sync a particularly interesting solution, but this aspect in particular requires making the necessary considerations as regards the data protection strategy. As well as antivirus solutions, backup solutions may cause files stored in the cloud to be recalled through the Cloud Tiering feature. Microsoft recommends a cloud backup solution to back up Azure File share instead of an on-premises backup solution. Among the various workloads supported by Azure Backup, Azure Files is also included:

Figure 3 - Overview of Azure Backup and its features

Azure Backup uses different backup technologies for each workload it can protect. Going into detail, the protection of the Azure File shares used by Azure File Sync can be done using Azure Backup, according to the following architecture:

Figure 4 – Architecture for the protection of Azure File shares

For more details please visit the Microsoft's official documentation.

Advantages of protecting Azure File shares with Azure Backup

The Azure File share protection process using Azure Backup offers the following benefits:

  • Zero infrastructure: no infrastructure is required to enable environmental protection.
  • Security: Azure Backup ensures that backup data is stored securely by leveraging the Azure platform's built-in security features such as RBAC and encryption. Furthermore, with the soft-delete functionality you get advanced protection from any accidental and harmful attempts to delete backups.
  • Customizing retention policies: backups can be configured with data retention policies daily, weekly, monthly and yearly, based on your needs.
  • Built-in management capabilities: you can schedule your backups and specify the retention period you want in a way that is fully integrated into the platform.
  • Instant Restore: Azure File Share backup uses snapshots, this allows you to select only the files you want to restore instantly.
  • Alerts and reports: you can configure alerts for backup and restore operations that present errors. You can also use the reporting solution provided by Azure Backup to get detailed information about backup jobs.

Conclusions

Thanks to the adoption of Azure File Sync, it is possible to evolve traditional file servers with modern and functional features such as cloud tiering, synchronization between multiple sites, the quick DR, direct access in the cloud environment and integration with cloud backup.

How to deal with the migration of the datacenter to Azure

The adoption of solutions and services in the public cloud is rapidly and steadily increasing and this increase is mainly due to the fact that many organizations have realized that moving existing workloads to Azure can bring significant benefits. These include the ability to rapidly deploy applications allowing you to benefit from an infrastructure present on a global scale, the reduction of maintenance requirements and costs and performance optimization. In this article we will examine the main aspects to consider in order to adopt a strategic approach regarding the migration of your IT infrastructure to Azure and how, thanks to this approach, you can take advantage of all the benefits of Microsoft's public cloud.

Main triggers for migration

Among the main aspects that lead customers to face a migration of their workloads to cloud solutions we find:

  • the deadlines of the data center contracts in use;
  • the need to quickly integrate new acquisitions;
  • the urgent need for skills and resources;
  • the need to keep the software and hardware in use updated;
  • the willingness to respond effectively to potential security threats;
  • compliance needs (e.g.. GDPR);
  • the need to innovate their applications and make them available faster;
  • the end of the software support purpose for certain products and the need to obtain extended security updates free of charge, also for Windows Server 2008/R2, both for Windows Server 2012 / R2, in addition to the corresponding versions of SQL Server.

Figure 1 – Main triggers for migration

Finding yourself in at least one of these triggers that could initiate a migration process is very common. To undertake this migration in the best possible way, it is necessary to take into consideration what is reported in the following paragraphs.

The path of adopting cloud solutions

In the path of adoption of cloud solutions defined in the Microsoft Cloud Adoption Framework for Azure six main actions emerge that should be considered:

  • Strategy definition: definition of the business justification and the expected results.
  • Plan: aligning the cloud adoption plan to business results, through:
    • Inventory of digital assets: cataloging of workloads, applications, data sources, virtual machines and other IT resources and assessments to determine the best way to host them in the cloud.
    • Create a cloud adoption plan by prioritizing workloads based on their business impact and technical complexity.
    • Definition of skills and support needs, to ensure that the company is prepared for change and new technologies.
  • Ready: preparation of the cloud environment.
  • Adopt: implementation of desired changes in IT and business processes. Adoption can take place through:
    • Migration: focuses on moving existing on-premises applications to the cloud based on an incremental process.
    • Innovation: focuses on the modernization of digital assets to drive business and product innovation. Modern approaches to implementation, operations and infrastructure governance make it possible to quickly bridge the gap between development and operations.
  • Govern: evaluation and implementation of best practices in governance.
  • Manage: implementation of operational guidelines and best practices.

Azure Landing Zone

Regardless of the migration strategy that you decide to adopt, it is advisable to prepare the Landing Zone, which represents, in the cloud adoption journey, the destination in the Azure environment. It is a horizontally scalable architecture designed to allow the customer to manage functional cloud environments, while maintaining best practices for security and governance. The architecture of the Landing Zone must be defined on the basis of business requirements and the necessary technical requirements.

Figure 2 – Conceptual example of an Azure landing zone

There are several options to implement the Landing Zone, thanks to which it will be possible to meet the deployment and operational needs of the cloud portfolio.

A structured and methodological approach and migration strategies

There are several paths for adopting solutions in Azure. To best address each of these paths, it is recommended to develop a complete business case and project plan in advance, containing information on benefits and costs (TCO) of moving workloads to the Microsoft Azure cloud, as well as recommendations on how to optimize the use model of Microsoft Azure services.

Figure 3 – Paths of adoption of cloud solutions

Based on the company's cloud strategy and general business objectives, it is advisable to examine the distribution and use of the workloads in use and evaluate their "cloud-ready" status to determine the best options and the most appropriate methods (lift&shift, refactor, rearchitect and rebuild) with a view to consolidation and migration to Microsoft Azure cloud services.

Figure 4 – Possible migration strategies

* These migration strategies are reported by Gartner research. Gartner also defines a fifth strategy called " Replace".

The following paragraphs describe the main migration strategies that can be useful.

Rehost application (i.e., lift & shift)

It involves redistributing an existing application on a cloud platform without modifying its code. The application is migrated “as well as”, which provides basic cloud benefits without facing high risk and without incurring the costs of making changes to the application code.

This migration technique is usually used when:

  • You need to quickly move applications from on-premise to the cloud
  • When application is necessary, but the evolution of its capabilities is not a corporate priority
  • For applications that have already been designed to take advantage of Azure IaaS scalability
  • In the presence of specific application or database requirements, that can only be satisfied using IaaS virtual machines in an Azure environment.
Example

Moving a line of business application on board virtual machines residing in the Azure environment.

Refactor application (i.e., repackaging)

This migration strategy involves minimal changes to the application code or configuration changes, necessary to optimize the application for Azure PaaS and make the most of the cloud.

This migration technique is usually used when:

  • You want to leverage an existing code base
  • Code portability is an important element
  • The application can be easily packaged to run in an Azure environment
  • The application must be more scalable and rapidly deployable
  • We want to promote business agility through continuous innovation (Devops)
Example

An existing application is refactored by adopting services such as App Service or Container Services. Furthermore, SQL Server is refactored to Azure SQL Database.

Rearchitect application

The re-design technique consists of modifying or extending the architecture and code base of the existing application, optimizing it for the cloud platform and thus ensuring better scalability.

This migration technique is usually used when:

  • The application needs major revisions to incorporate new features or to work more effectively on a cloud platform
  • They want to leverage the investments made in existing applications
  • There is a need to minimize the management of VMs in the cloud
  • You intend to meet your scalability requirements in a cost-effective way
  • We want to promote business agility through continuous innovation (Devops)
Example

Breakdown of a monolithic application into microservices in an Azure environment that interact with each other and are easily scalable.

Rebuild application

The rebuild of the application from scratch involves the use of cloud-native technologies on Azure PaaS.

This migration technique is usually used when:

  • Rapid development is needed and the existing application is too limiting in terms of functionality and duration
  • We want to take advantage of the new innovations present in the cloud as serverless, Artificial intelligence (AI) e IoT
  • You have the skills to build new cloud-native applications
  • We want to promote business agility through continuous innovation (Devops)
Example

Creation of green field applications with innovative cloud native technologies, such as Azure Functions, Logic Apps, Cognitive Service, Azure Cosmos DB and more.

Azure Cloud Governance

In the successful adoption of services in the public cloud, as well as requiring a structured and methodological approach, it becomes essential to adopt a precise strategy to migrate not only applications, but also governance and management practices, adapting them appropriately.

For this reason it becomes essential to put in place a process of Cloud Technical Governance through which it is possible to guarantee the Customer an effective and efficient use of IT resources in the Microsoft Azure environment, in order to achieve their goals. To do this, it is necessary to apply controls and measurements to help the client mitigate risks and create boundaries. Governance policies, within the customer's environment, they will also act as an early warning system to detect potential problems.

Conclusions

The digital transformation process that affects companies often involves the migration of workloads hosted in their data centers to the cloud to obtain better results in terms of governance, security and cost efficiency. The innovation given by the migration to the cloud frequently becomes a business priority, for this reason it is advisable to adopt your own structured approach, to address various migration scenarios, which allows to reduce complexity and costs.

Azure IaaS and Azure Stack: announcements and updates (May 2022 – Weeks: 17 and 18)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Lab Services April 2022 update (preview)

IT departments, administrators, educators, and students can utilize the following updated features in Azure Lab Services:

  • Enhanced lab creation and improved backend reliability
  • Access performance
  • Extended virtual network support
  • Easier labs administration via new roles
  • Improved cost tracking via Azure Cost Management service
  • Availability of PowerShell module
  • .NET API SDK for advanced automation and customization
  • Integration with Canvas learning management system

Storage

Azure File Sync agent v15

Azure File Sync agent v15 is available and it’s now on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • Reduced transactions when cloud change enumeration job runs
  • View Cloud Tiering status for a server endpoint or volume
  • New diagnostic and troubleshooting tool
  • Immediately run server change enumeration to detect files changes that were missed by USN journal
  • Miscellaneous improvements

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 15.0.0.0.
  • Installation instructions are documented in KB5003882.

Object replication on premium blob storage and rule limit increased

Object replication now supports premium block blobs to replicate your data from your blob container in one storage account to another anywhere in Azure. The destination storage account can be a premium block blob or a general-purpose v2 storage account.

You can also specify up to 1000 replication rules (increased from 10) for each replication policy for both general-purpose v2 and premium block blob storage accounts.

Object replication unblocks a set of common replication scenarios for block blobs:

  • Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
  • Optimizing costs: after your data has been replicated, you can reduce costs by moving it to the archive tier using life cycle management policies.

Networking

Controls to block domain fronting behavior on customer resources

Effective April 29, 2022,you will be able to stop allowing domain fronting behavior on your Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources in alignment with Microsoft’s commitment to secure the approach to domain fronting within Azure.

Virtual Network NAT health checks available via Resource Health

Virtual Network NAT (VNet NAT) is a fully managed and highly resilient network address translation (NAT) service. With Virtual Network NAT, you can simplify your outbound connectivity for virtual networks without worrying about the risk of connectivity failures from port exhaustion or your internet routing configurations.

Support for Resource Health check with Virtual Network NAT helps you monitor the health of your NAT gateway as well as diagnose or troubleshoot outbound connectivity.

With Azure Resource Health, you can:

  • View a personalized dashboard of the health of your NAT gateway

  • Set up customizable resource health alerts to notify you in near real-time of when the health status of your NAT gateway changes

  • See the current and past health history of your NAT gateway to help you mitigate issues

  • Access technical support when you need help with Azure services, such as diagnosing and solving issues

Virtual Network NAT Resource Health is available in all Azure public regions, Government cloud regions, and China Cloud regions.

Enhancements to Azure Web Application Firewall

Microsoft offers two options, global WAF integrated with Azure Front Door and regional WAF integrated with Azure Application Gateway, for deploying Azure WAF for your applications and APIs.

On March 29, Microsoft announced the general availability of managed Default Rule Set 2.0 with anomaly scoring, Bot Manager 1.0, and security reports on global WAF. Additional features on regional WAF are available, that offer you better security, improved scale, easier deployment, and better management of your applications and APIs:

  • Reduced false positives with Core Rule Set 3.2 integrated with Azure Application Gateway. The older CRS 2.2.9 ruleset is being phased out in favor of the newer rulesets.
  • Improved performance and scale with the next generation of WAF engine, released with CRS 3.2
  • Increased size limits on regional WAF for body inspection up to 2MB and file upload up to 4GB
  • Advanced customization with per rule exclusion and attribute by names support on regional WAF
  • Native consistent experience with WAF policy, new deployments of Application Gateway v2 WAF SKU now natively utilizes WAF policies instead of configuration
  • Advanced analytics capabilities with new Azure Monitor metrics on regional WAF

Azure Management services: what's new in April 2022

Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Windows client support for the Azure Monitor agent (preview)

Azure Monitor agent and data collection rules now support client devices, Windows 10 and Windows 11, via a new installation setup (MSI). This allows you to extend the use of the same agent for telemetry and for security aspects (using Sentinel).

Support for custom logs and IIS logs for the Azure Monitor agent (preview)

The Azure Monitoring Agent (AMA) natively provides the ability to collect log files (custom and IIS logs) in a Log Analytics workspace. This feature is particularly useful for easily consulting the custom logs generated by services or applications and IIS logs and for carrying out specific analyzes..

Integration between Azure Monitor and Azure Managed Grafana(preview)

Microsoft announced Azure Managed Grafana, a service managed by Microsoft that allows customers to run Grafana natively within the Azure platform. Azure Managed Grafana allows you to extend integrations with Azure Monitor, providing the ability to easily view Azure monitor data in Grafana dashboards.

Configure

Azure Automation

Diagnostic audit log for Automation account

Also for Automation Accounts, has been enabled the ability to send audit data to blob storage accounts, Event Hub and workspace of Azure Monitor Log Analytics. This possibility allows you to monitor the main activities that are carried out on the Automation Account for security and compliance purposes. By enabling the Audit event collection mechanism, it is possible to collect telemetry data regarding operations of creation, updating and deleting of Automation Account runbooks and assets.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Support for vault-archive storage for VMs backup, even in the presence of SQL and SAP HANA

Azure Backup announced the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and keep backup data for longer. This feature is available for Azure VMs, even in the presence of SQL Server and SAP HANA installed on board the VMs. When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, through a simple and intuitive process.

Metrics and related alerts for Azure Blob storage (preview)

In recent months Azure Backup has released the ability to consult the health metrics of backups and restores for Azure virtual machines, SQL/HANA databases on board Azure virtual machines and Azure File. Now, Azure Backup also supports these metrics for storage blobs.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (April 2022 – Weeks: 15 and 16)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Recommended alert rules for virtual machines (preview)

The Azure portal experience now allows you to easily enable a set of recommended and out-of-the-box set of alert rules for your Azure resources. Currently in preview for virtual machines, you can simply enable a set of best practice alert rules on an unmonitored VM with just a few clicks.

Storage

Rehydrate an archived blob to a different storage account

You can now rehydrate an archived blob by copying it to a different storage account, as long as the destination account is in the same region as the source account. Rehydration across storage accounts enables you to segregate your production data from your backup data, by maintaining them in separate accounts. Isolating archived data in a separate account can also help to mitigate costs from unintentional rehydration.

Azure Archive Storage now available in Switzerland North

Azure Archive Storage provides a secure, low-cost means for retaining cold data including backup and archival storage. Now, Azure Archive Storage is available in Switzerland North.

Networking

Service tags support for user-defined routing

Specify a service tag as the address prefix parameter in a user-defined route for your route table. You can choose from tags representing over 70 Microsoft and Azure services to simplify and consolidate route creation and maintenance. With this release, using service tags in routing scenarios for containers is also supported. User-defined routes with service tags will update automatically to include any changes that services make to their list of IPs and endpoints.

DNS reservations to prevent subdomain takeover in Cloud Services deployments

Microsoft Azure is a cloud platform integrated with data services, advanced analytics, and developer tools and services. When you build on, or migrate IT assets to Azure, Microsoft provides a secure, consistent application platform to run your workloads. To strengthen your security posture, Microsoft rolled out DNS reservations to prevent subdomain takeover in Cloud Services deployments. Subdomain takeovers enable malicious actors to redirect traffic intended for an organization’s domain to a site performing malicious activity.

Azure Stack

Azure Stack HCI

Windows Server guest licensing offer

To facilitate guest licensing for Azure Stack HCI customers, take advantage of a new offer that brings simplicity and increased flexibility. This licensing is through an all-in-one place Azure subscription and in some cases may be less expensive than the traditional licensing model. The new Windows Server subscription for Azure Stack HCI is generally available as of April 1, 2022. With this offer, you can purchase unlimited Windows Server guest licenses for your Azure Stack HCI cluster through your Azure subscription. You can sign up and cancel anytime. There is a free 60-day trial after which the offer will be charged at $23.30 per physical core per month.

How to strengthen security posture in the public cloud, in hybrid and multi-cloud environments thanks to Defender for Cloud

The adoption of infrastructures and services in cloud environments, useful for businesses to accelerate the digital transformation process, it requires us to adapt the solutions as well, the processes and practices that are adopted to ensure and maintain a high degree of security of IT resources. Everything must be done independently of the deployment models used, strengthening the overall security posture of your environment and providing advanced threat protection for all workloads, wherever they reside. This article reports how the Defender for Cloud solution is able to control and improve the security aspects of the IT environment where resources are used in the public cloud, in hybrid and multi-cloud environments.

The challenges of security in modern infrastructures

Among the main challenges that must be faced in the security field by adopting modern infrastructures that use components in the cloud we find:

  • Rapid and constantly evolving workload. This aspect is certainly a double-edged sword of the cloud in that, on the one hand, end users have the ability to get more from solutions in cloud environments, on the other hand, it becomes complex to ensure that rapidly and constantly evolving services are always up to their standards and that they follow all security best practices.
  • Increasingly sophisticated security attacks. Regardless of where your workloads are running, security attacks adopt sophisticated and advanced techniques that require reliable protections to be implemented to counter their effectiveness.
  • Resources and expertise in the field of security not always up to par to intervene in the face of security alerts and to ensure that the environments are adequately protected. In fact,, IT security is an ever-changing front and staying up-to-date is a constant and difficult challenge to achieve.

The pillars of security covered by Microsoft Defender for Cloud

The capabilities of Microsoft Defender for Cloud are able to contemplate two great pillars of security for modern architectures that adopt cloud components: Cloud Security Posture Management (CSPM) e Cloud workload protection (CWP).

Figure 1 – The pillars of security covered by Microsoft Defender for Cloud

Cloud Security Posture Management (CSPM)

In the field of Cloud Security Posture Management (CSPM) Defender for Cloud can provide the following features:

    • Visibility: to assess the current security situation.
    • Hardening Guide: to be able to improve security efficiently and effectively

Thanks to a continuous assessment, Defender for Cloud is able to continuously discover new resources that are distributed and evaluate if they are configured according to security best practices. If not,, the resources are flagged and you get a priority list of advice related to what should be corrected to improve their protection. This list of recommendations is taken and supported by Azure Security Benchmark, the Azure-specific set of guidelines created by Microsoft, this contains security and compliance best practices based on common frameworks, with a focus on cloud-centric security. This benchmark may cover the controls of the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST) and it can be customized according to the standards to be respected.

Figure 2 - Examples of recommendations

Defender for Cloud assigns a global score to the environment, defined Secure Score, which allows you to evaluate the risk profile (the higher the score, the lower the level of risk identified) and to take action to take remediation actions.

Figure 3 - Secure score example

Cloud workload protection (CWP)

Regarding this area, Defender for Cloud delivers security alerts based on Microsoft Threat Intelligence. Furthermore, includes a wide range of advanced and intelligent protections for workloads, provided through specific Microsoft Defender plans for the different types of resources present in the subscriptions and in hybrid and multi-cloud environments:

Figure 4 – Workloads protected by Defender for Cloud

Defender for Cloud therefore allows you to meet the following three needs, considered essential when managing the security of resources and workloads residing in the cloud and in on-premises environments:

Figure 5 - Security needs covered by Microsoft Defender for Cloud

Defender for Cloud also includes, as part of the advanced security features, vulnerability assessment solutions for virtual machines, container registry and SQL server. Some scans are done using the Qualys solution, that can be used without specific licenses and without dedicated accounts, but everything is included and managed through Defender for Cloud.

Which environments can be protected with Defender for Cloud?

Defender for Cloud is an Azure native service, which allows you to protect not only the resources present in Azure, but also hybrid and multi-cloud environments.

Figure 6 - Cross protection on different environments

Azure environment protection

  • Azure IaaS and services Azure PaaS: Defender for Cloud can detect threats targeting virtual machines and services in Azure, including Azure App Service, Azure SQL, Azure Storage Account, and others. Furthermore, allows you to detect anomalies in Azure activity logs (Azure activity logs) through native integration with Microsoft Defender for Cloud Apps (known as Microsoft Cloud App Security).
  • Azure data services: Defender for Cloud includes features that allow you to automatically classify data in Azure SQL. Furthermore, it is possible to carry out assessments to detect potential vulnerabilities in Azure SQL and Storage services, accompanied by recommendations on how to mitigate them.
  • Network: the application of the Network Security Group (NSG) to filter the traffic to and from the resources attested on the Azure virtual networks, is essential to guarantee network security. However, there may be some cases where the actual traffic passing through the NSGs affects only a subset of the defined NSG rules. In these cases, the functionality of Adaptive network hardening allows to further improve the security posture by strengthening the NSG rules. Using a machine learning algorithm that takes into account actual traffic, the configuration, threat intelligence and other indicators of compromise, is able to provide advice to adjust the configuration of the NSG to allow only the strictly necessary traffic.

Hybrid Environment Protection

In addition to protecting the Azure environment, Defender for Cloud functionality can also be extended to hybrid environments to protect in particular servers that do not reside on Azure. Through Azure Arc Microsoft Defender plans can be extended to non-Azure machines.

Protection of resources running on other public clouds

Microsoft Defender for Cloud may also include resources present in Amazon Web Services (AWS) and Google Cloud Platform (GCP). To protect resources on other public clouds with this solution, a new native mechanism and, through an approach agentless, allows you to connect to AWS and GCP environments. This new method of interfacing take advantage of the AWS and GCP APIs and it has no dependence on other solutions, for example AWS Security Hub.

Real case of protection with Defender for Cloud

Assuming a customer environment with resources located in Azure, on-premises and in AWS, with Defender for Cloud you can extend protection to all resources, independently of where they reside.

In fact,, by connecting an Amazon Web Services account (AWS) to an Azure subscription, it is possible to enable the following protections:

  • The functionalities CSPM di Defender for Cloud are also extended to AWS resources, allowing you to evaluate the resources present in the Amazon cloud, according to AWS specific security recommendations. Furthermore, resources are evaluated for compliance with AWS specific standards such as: AWS CIS, AWS PCI DSS e AWS Foundational Security Best Practices. All of this is considered by influencing the overall security score.
  • Microsoft Defender for Servers offers threat detection and enables advanced defenses for EC2 Windows and Linux instances as well.
  • Microsoft Defender for Kubernetes extends advanced defenses to Amazon EKS Linux clusters and enables the detection of threats on containers present in those infrastructures.

These protections will be added to the features listed above available for Azure environments and for resources residing on-premises.

Conclusions

Defender for Cloud is able to respond effectively to challenges, in the security field, given by the adoption of modern infrastructures. In fact, thanks to the use of Microsoft Defender for Cloud, you have a solution capable of identifying the weaknesses in the security field in cloud configurations, strengthen the overall security posture of the environment and protect workloads in hybrid and multi-cloud environments.

Azure IaaS and Azure Stack: announcements and updates (April 2022 – Weeks: 13 and 14)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

On-demand capacity reservations

On-demand capacity reservations let you reserve compute capacity for one or more VM size(s) in an Azure region or availability zone for any length of time.

Azure Batch supports Spot Virtual Machines

Azure Batch offers Spot Virtual Machines in user-subscription Batch accounts. The Spot Virtual Machines are available as single-instance virtual machines (VMs) or Virtual Machine Scale Sets. In addition, you get unique Azure pricing and benefits when running Windows Server workloads on Spot Virtual Machine’s.

Azure Virtual Machines increase storage throughput by up to 300%

The new memory optimized Ebs v5 and Ebds v5 Azure Virtual Machines, now generally available, feature the latest 3rd Gen Intel Xeon Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. These VMs deliver up to 300% increase in VM-to-Disk Storage throughput and IOPS compared to the previous generation D/Ev4 VM series. The new VM series feature sizes from 2 to 64 vCPUs with and without local temporary storage best match your workload requirements. These new VMs offer up to 120,000 IOPS and 4,000 MB/s of remote disk storage throughput. The increased storage throughput is ideal for the most demanding data-intensive workloads, including large relational databases such as SQL Server, high-performance OLTP scenarios, and high-end data analytics applications.

New planned datacenter region in India (India South Central)

Microsoft has announced plans to bring a new datacenter region to India, including availability zones.

Azure Virtual Machines DCsv3 available in Switzerland and West US (preview)

DCsv3-series virtual machines (VMs) are available (in preview) in Switzerland North and West US. The DCsv3 and DCdsv3-series virtual machines help protect the confidentiality and integrity of your code and data while it processes in the public cloud. By leveraging Intel® Software Guard Extensions and Intel® Total Memory Encryption – Multi Key, you can ensure your data is always encrypted and protected in use.

Storage

Cross-region snapshot copy for Azure Disk Storage

Cross-region snapshot copy allows you to copy disk snapshots to any region for disaster recovery.
Incremental snapshots are cost-effective point-in-time backups of Azure Disk Storage. They are billed for the changes to disks since the last snapshot and are always stored on the most cost-effective storage, Standard HDD storage, irrespective of the storage type of the parent disk. Now, you can copy incremental snapshots to any region of your choice for disaster recovery using cross-region snapshot copy. Azure manages the copy process and ensures that only changes since the last snapshot in the target region are copied, reducing the data footprint and recovery point objective (RPO).

Copy data directly to Archive Storage with Data Box

You can now use Data Box to copy data directly to Archive tier by indicating this when ordering and then copying to the corresponding share on the Data Box.

Azure Ultra Disk Storage in Sweden Central

Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads.

Azure storage table access using Azure Active Directory

Azure Active Directory (Azure AD) support to authorize requests for Azure Table Storage is now generally available. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to any security principal, which can include a user, group, application service principal, or managed identity. The security principal is authenticated by Azure AD to return an OAuth 2.0 token. The token can then be used to authorize a request against the Table service. Authorizing requests against Azure Storage Tables with Azure AD provides superior security and ease of use over shared key authorization. Microsoft recommends using Azure AD authorization with your table applications when possible to assure access with minimum required privileges.

Azure File Sync agent v15

Improvements and issues that are fixed:

  • Reduced transactions when cloud change enumeration job runs
  • View Cloud Tiering status for a server endpoint or volume
  • New diagnostic and troubleshooting tool
  • Immediately run server change enumeration to detect files changes that were missed by USN journal
  • Miscellaneous improvements

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 15.0.0.0.
  • Installation instructions are documented in KB5003882.

Networking

Bring your own public IP ranges to Azure

When planning a potential migration of on-premises infrastructure to Azure, you may want to retain your existing public IP addresses due to your customers’ dependencies (for example, firewalls or other IP hardcoding) or to preserve an established IP reputation. Now you can bring your own IP addresses (BYOIP) to Azure in all public regions. Using the Custom IP Prefix resource, you can now bring your own public IPv4 ranges to Azure and use them like any other Azure-owned public IP ranges. Once onboarded, these IPs can be associated with Azure resources, interact with private IPs and VNETs within Azure’s network, and reach external destinations by egressing from Microsoft’s Wide Area Network.

The new Azure Front Door: a modern cloud CDN service

The new Azure Front Door is a Microsoft native, unified, and modern cloud content delivery network (CDN) catering to dynamic and static content acceleration. This service includes built in turnkey security and a simple pricing model built on Microsoft’s massive scale private global network. There are two Azure Front Door tiers: standard and premium. They combine the capabilities of Azure Front Door (classic) and Azure CDN from Microsoft (classic) and attach with Azure Web Application Firewall (WAF). This provides a unified and secure solution for delivering your applications, APIs, and content on Azure or anywhere at scale.

Several key capabilities have been released:

  • Improved automation and simplified provisioning with DNS TXT based domain validation
  • Auto generated endpoint host name to prevent subdomain takeover
  • Expanded Private Link support in all Azure regions with availability zones to secure backends
  • Web Application Firewall enhancements with DRS 2.0 RuleSet and Bot manager
  • Expanded rules engine with regular expressions and server variables
  • Enhanced analytics and logging capabilities
  • Integration with Azure DNS, Azure Key Vault, Azure Policy and Azure Advisor
  • A simplified and predictable cost model

Azure Bastion native client support

With the new Azure Bastion native client support, available with Standard SKU, you can now:

  • Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local machine
  • Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials
  • Access the features available with your chosen native client (ex: file transfer)

Azure Bastion support for Kerberos authentication (preview)

Azure Bastion support for Kerberos authentication, available with both basic and standard SKUs, is now in public preview.