Category Archives: Datacenter Management

Azure Stack HCI: the constantly evolving hyper-converged solution – edition of November 2021

Azure Stack HCI is the solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment and that provides a strategic connection to various Azure services. Azure Stack HCI is also considered as a hybrid service of Azure and as such it is constantly evolving. Microsoft recently introduced a series of new features that pave the way for new Azure Stack HCI adoption scenarios and allow you to better manage your hybrid infrastructure based on this solution.. This article reports the main aspects that have undergone an evolution and the new features recently introduced in Azure Stack HCI.

New workloads and new benefits

The result that Microsoft intends to pursue with the Azure Stack HCI infrastructure is to be able to run the same workloads as the public cloud in an on-premises environment with the same advantages. To achieve this, Microsoft is bringing the most popular Azure workloads to Azure Stack HCI.

Starting last year, the Azure Kubernetes Service orchestrator can be activated on Azure Stack HCI (AKS), which allows you to automate the distribution and management of containerized applications in an on-premises environment just like in Azure. In addition to being able to run Windows and Linux apps in container, AKS makes the infrastructure available to run selected services of the Azure platform (PaaS) on Azure Stack HCI.

The important news announced in this area are the following.

Figure 1 - New Azure workloads and new benefits in Azure Stack HCI

Azure Virtual Desktop for Azure Stack HCI (preview)

By activating Azure Virtual Desktop in the public cloud, users can access their desktops and applications from anywhere, taking advantage of the familiarity and compatibility guaranteed by Windows 10 and Windows 11. Azure Virtual Desktop is a service hosted and managed by Microsoft, which does not require the configuration of a complex VDI infrastructure.

However, there are situations where applications are sensitive to latency, such as video editing, or scenarios where users need to take advantage of a legacy system present on-premises that cannot be easily reached. To allow you to better deal with situations of this type, Azure Virtual Desktop adds a new hybrid option thanks to Azure Stack HCI.

Azure Virtual Desktop for Azure Stack HCI uses the same cloud management plan as regular Azure Virtual Desktop, but it allows you to create session host pools using virtual machines running on Azure Stack HCI. These virtual machines can run Windows 10 and/or Windows 11 Enterprise multi-session. By placing desktops closer to users, it is possible to enable direct access with low latency and without round trip, using a technology called RDP Shortpath.

Azure benefit for Windows Server

Microsoft offers special benefits when deploying Windows Server in Azure environment and the same benefits, by the end of this year, will also be available on Azure Stack HCI.

First of all, when deploying virtual machines with Windows Server 2022, even in the Azure Stack HCI environment it is possible to activate the Azure Datacenter edition which offers specific features not available in the classic Standard and Datacenter editions. To learn more about the features available in this edition, you can consult this article.

Furthermore, Azure Stack HCI version 21H2 allows you to:

  • Get extended security updates for free, just like in Azure. This applies to Windows Server 2008 / R2 and will soon apply to Windows Server 2012 / R2 as well when we reach end of support, in addition to the corresponding versions of SQL Server.
  • Obtain the license and activate the Windows Server machines as in Azure. Azure Stack HCI as well as allowing you to use your own Datacenter license to enable automatic activation of virtual machines (Automatic VM Activation – AVMA), provides the option to pay the Windows Server license for guest systems through your Azure subscription, just like in Azure environment.

Infrastructure innovation

Microsoft manages some of the world's largest data centers and wants to bring the experience gained and innovation of the cloud to Azure Stack HCI. For these reasons, Azure Stack HCI is a subscription service that receives regular feature updates with the important goal of being able to take advantage on-premises of the technology tested on a large scale in the cloud.

Figure 2 – Infrastructure innovation in Azure Stack HCI

Thanks to the release of the latest update, known as “version 21H2” or as a "feature update 21H2", the following new features are introduced:

  • Quick restart management with Kernel Soft Reboot: improves restart performance, skipping the pre-boot sequence and self-test when turning on the hardware. This also reduces the overall cluster upgrade time (available only on Azure Stack HCI Integrated Systems).
  • Use of GPUs with clustered VMs: provides GPU acceleration to workloads running on clustered VMs. Ideal for AI / ML workloads.
  • Dynamic CPU compatibility mode: the processor compatibility mode has been updated to take full advantage of all the features of the processors in a cluster environment. In fact,, it is possible to combine different generations of processors in the same cluster with minimal degradation. The cluster intelligently calculates the largest common subset of processor functionality that can be exposed to virtual machines.
  • Storage thin provisioning: improves storage efficiency and simplifies management through thin provisioning.
  • Network ATC: simplifies host network configuration management.
  • Adjustable storage repair speed: greater control over the data re-synchronization process.
  • Support for nested virtualization with AMD processors: better flexibility to create test and evaluation environments thanks to the possibility of activating nested virtualization even in the presence of AMD processors.
  • Secured-Core Server: offers transversal security on hardware and firmware, integrated into the functionalities of the operating system, that can help protect servers from advanced threats.

New management features

Another result you want to achieve with Azure Stack HCI is to be able to manage your infrastructure as if it were an extension of the public cloud. Azure Stack HCI integrates natively with Azure Resource Manager and this allows you to project the cluster as a resource in the Azure portal. This allows you to leverage the same processes across all environments and manage Azure Stack HCI resources just like cloud resources.

Figure 3 – New Azure Stack HCI management features

Host server Arc-enabled and extensions

From the Azure Stack HCI resource you can locate, add, modify or remove extensions, thanks to which you can easily access the management features. With the availability of Azure Stack HCI version 21H2 the cluster will automatically enable host servers to Arc, at the time of registration, to be able to use the available extensions right away.

Arc-enabled VM management (preview)

In addition to managing the cluster, Azure Arc can now also be used to provision and manage virtual machines running on Azure Stack HCI, directly from the Azure portal. Virtual machines and their associated resources (images, disks, and network) are projected into ARM as separate resources using a new cross-platform technology called Arc Resource Bridge.

In this way you can:

  • achieve consistent management between cloud resources and Azure Stack HCI resources;
  • automate virtual machine deployments using ARM templates;
  • guarantee self-service access thanks to Azure RBAC support.

Azure Backup and Azure Site Recovery

With Azure Stack HCI version 21H2 official support for Azure Backup and Azure Site Recovery was introduced. With MABS v3 UR2 or later it is possible to back up hosts and active virtual machines in Azure Stack HCI. Furthermore, with Azure Site Recovery it is possible to replicate virtual machines from Azure Stack HCI to Azure and activate disaster recovery scenarios.

Conclusions

Thanks to constant improvement, the continuous introduction of new features and the inclusion of new usage scenarios, the proposition for hyper-converged scenarios is increasingly complete, integrated and performing. Azure Stack HCI integrates perfectly with the existing on-premises environment and offers an important added value: the ability to connect Azure Stack HCI with other Azure services to obtain a hybrid hyper-converged solution. This aspect in particular strongly differentiates it from other competitors who offer solutions in this area.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 45 and 46)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Virtual machines selector now generally available

Microsoft want to simplify the process required for you to identify the right VM based on your needs and budget. To that end, virtual machines selector is a web-based tool localized in 26 languages and available worldwide. Using the virtual machines selector you can specify your requirements, such as the category of workload you plan to run in Azure, and the technical specifications of your VM (e.g., OS disks storage options, data disks storage performance, Operating System, deployment region, etc.). After a few simple steps, the tool identifies the best VM and disk storage combination based on the information you enter. You will then be able to view the details of the recommended VMs and their prices. You can then add the selected VMs to the pricing calculator to perform a more comprehensive cost analysis.

New cloud region in Sweden

The new sustainable datacenter region in Sweden, with presence in Gävle, Sandviken and Staffanstorp is available. It includes Azure Availability Zones, which offer you additional resiliency for your applications by designing the region with unique physical datacenter locations with independent power, network, and cooling for additional tolerance to datacenter failures.

Azure VMware Solution now generally available in the France Central Azure Region and in Japan West Azure Region

Azure VMware Solution has expanded availability to Japan West and to France Central. With this release Japan West is now the second region within the Japan sovereign area to become available (joining Japan East).

SQL Server on Azure Virtual Machines: Multi subnet high availability

You can now simplify your SQL Server on Azure Virtual Machines high availability and disaster recovery configuration by deploying virtual machines in multiple subnets, eliminating the need for an Azure Load Balancer. Multi subnet configuration natively helps you match on-premises experience for connecting to your availability group listener or SQL Server failover cluster instance. Additionally, this feature doesn’t have any limitations on unique port or feature interoperability considerations like distributed network name (DNN) for availability group and failover cluster instance. Multi subnet configuration is natively supported by all versions of SQL Server and Windows Server Failover Cluster to simplify deployment, maintenance and improve failover time.

Azure Virtual Machines DCv3-series now available in Europe West and North (preview)

Announcing public preview expansion of the DCv3-series VMs to Europe West and North.

Storage

SFTP support for Azure Blob Storage (preview)

Starting today, SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is available for public preview in select regions. Azure Blob Storage is the only storage platform that supports SFTP over object storage natively in a serverless fashion, enabling you to leverage object storage economics and features. With multi-protocol support, you can run your applications on a single storage platform with no application rewrites necessary, therefore eliminating data silos.

NFSv4.1 support on Azure Files

Azure Files support for NFS v4.1 on premium tier for both locally-redundant storage and zone-redundant storage is available. Now you can deploy these fully POSIX compliant, distributed NFS file shares in your production environments for a wide variety of Linux and container based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and devops pipelines. NFS 4.1 is available in all regions where the premium tier of Azure Files exists.

Azure Archive rehydration priority update

Azure Archive Storage provides a secure, low-cost means for retaining cold data, including backups and archival storage. Data stored in Archive Storage is offline and unavailable for read access until it is rehydrated to the hot or cool tier. You can choose to rehydrate data with standard or high priority, depending on the urgency of the retrieval request. Previously, it was not possible to change the retrieval priority after initiating a rehydration operation; priority had to be determined in advance, and there was no flexibility to update the priority if the retrieval urgency subsequently changed.

Archive Storage now supports updating the retrieval priority from standard to high while a rehydration operation is pending. You can simplify rehydration management and improve cost efficiency by initiating the rehydration operation with standard priority for a set of blobs, then updating the priority to high for any blobs that require faster retrieval.

Networking

VPN Gateways: increased connection limit

The max number of Site-to-Site/VNet-to-VNet connections on a VPN Gateway has been increased from 30 to 100 tunnels for SKUs VpnGw4, VpnGw5, VpnGw4AZ, and VpnGw5AZ.
This change does not affect legacy gateways with the High Performance SKU.

Azure Bastion: new features available with Standard SKU (preview)

With the new Azure Bastion native client support you can:

  • Connect to your target Azure virtual machine via Azure Bastion using Azure CLI and a native client on your local Windows machine
  • Log into Azure Active Directory-joined virtual machines using your Azure Active Directory credentials

Also, with the new Azure Bastion IP based connection capability you can now connect to any target resource reachable from your Bastion using its private IP address. This includes any reachable resources hosted on-premises or in other clouds, allowing you to achieve more secure global remote connectivity with Azure Bastion.

ExpressRoute now supports Azure Virtual Desktop Shortpath RDP over Private Peering

ExpressRoute Private Peering now supports Azure Virtual Desktop RDP Shortpath. After establishing the reverse connect transport, the client and session host starts the RDP connection. With RDP Shortpath configured, the client will require a direct connectivity with the session host to establish a secure TLS connection. You can leverage ExpressRoute Private peering to setup the direct connection to support RDP Shortpath.

The Azure edition of Windows Server 2022

The new operating system Windows Server 2022 introduced a new special edition dedicated to Azure environments, able to offer specific features not available in the classic Standard and Datacenter editions. This article describes the features available in this edition that allow you to better address certain scenarios in cloud environments.

First of all, the Azure Datacenter edition of Windows Server 2022 is only supported in the following environments:

  • Azure IaaS
  • Azure Stack HCI (21H2)

Windows Server 2022 Datacenter Azure Edition includes all the features of the Datacenter version, in addition it offers the functions described in the following paragraphs, not available outside of these environments.

Azure Extended Networking

This is a feature designed to solve the challenge of moving applications and workloads running on-premises to the cloud, when it is required to keep the same IP addresses associated with virtual machines. Azure Extended Networking allows you to extend an existing on-premises subnet to Azure to allow virtual machines to keep the same private IP addresses. All this is made possible thanks to the fact that the network is extended using a bi-directional VXLAN tunnel between two Windows Server virtual machines. 2022 which cover the role of virtual appliance.

Figure 1 - Generic diagram for extending a subnet in Azure

A virtual appliance must be running in an on-premises environment, while the other must be running in the cloud and must have the Datacenter Azure Edition. Each subnet to be extended requires the presence of a pair of these virtual appliances. In this way, you can keep your private IP addresses in use in the on-premises environment also in Azure and everything works transparently for applications. In this regard it is good to specify that it is advisable to use this feature only in scenarios where it is not possible to proceed otherwise. In fact,, if possible, it is always better to change the IP address and directly connect the migrated systems to existing subnets in Azure. This type of configuration can be done using the procedure reported in Microsoft's official documentation, which provides for the presence of Windows Admin Center connected to Azure.

SMB over QUIC

QUIC is a standard protocol designed to provide a reliable connection over unsecured networks, like the Internet. In fact,, QUIC uses a TLS encrypted tunnel 1.3 on the UDP port 443. With SMB over QUIC all SMB traffic, including the authentication and authorization process, it always remains inside this tunnel and is never exposed on the network. In this scenario, SMB behaves in a standard way inside the tunnel, therefore the user experience and capabilities remain unchanged. SMB over QUIC inWindows Server 2022 Datacenter Azure Edition uses the updated version of the SMB protocol (version 3.1.1). Using SMB over QUIC, users and applications can securely and reliably access data on file servers running in the Azure environment or file servers located on the edges, without having to adopt VPN connections. For more details please visit the Microsoft's official documentation.

Figure 2 - Configuring SMB over QUIC from Windows Admin Center

Hotpatch of Azure Automanage

The Hotpatch feature, part of Azure Automanage, is supported inWindows Server 2022 Datacenter: Azure Edition. Support is currently for Core mode installations, but will also be extended to Desktop installations in the future. Hotpatching is a new mechanism, used to install updates on Windows Server Azure Edition virtual machines, which allows you to reduce the number of reboots required to install updates.

Figure 3 - Hotpatch for a machine Windows Server 2022 in Azure environment

Azure Automanage allows you to orchestrate the installation of security patches on top of a Cumulative Update, which is released every three months. Cumulative Update requires a system restart, but the security patches released between the Cumulative Updates can modify the code running in memory without the need to reboot the machine.

For more information about this feature, you can consult thespecific Microsoft documentation.

Conclusions

Thanks to these features, designed for hybrid environments and fully integrated into the operating system, Windows Server 2022 allows you to significantly increase efficiency and agility. To discover all the new features introduced in Windows Server 2022 you can consult this series of articles.

Azure IaaS and Azure Stack: announcements and updates (November 2021 – Weeks: 43 and 44)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite (November 2021) conference.

Azure

Compute

Zerto Disaster Recovery for Azure VMware Solution

Zerto Disaster Recovery is now available and supported with Azure VMware Solution, delivering data protection and disaster recovery services that eliminate data loss and downtime for vSphere virtual machines running on Azure VMware Solution environment.

Zerto Disaster Recovery for Azure VMware Solution supports the following 3 scenarios:

  • On-premises VMware to Azure VMware Solution for Hybrid disaster recovery
  • Azure VMware Solution to Azure VMware Solution for cloud-based disaster recovery
  • Azure VMware Solution to Azure IaaS for cloud-based disaster recovery

Azure Spot Virtual Machines: Try to restore functionality

You can now opt-in and use this feature while deploying Spot VMs using Virtual Machine Scale Sets. This new feature will automatically try to restore an evicted Spot VM to maintain the desired target compute capacity (e.g., number of VMs) in a scale set.

Storage

Azure File Sync agent v14

Improvements and issues that are fixed in the v14 release:

  • Improved server endpoint deprovisioning guidance in the portal. When removing a server endpoint via the portal, we now provide step by step guidance based on the reason behind deleting the server endpoint, so that you can avoid data loss and ensure your data is where it needs to be (server or Azure file share).
  • Invoke-AzStorageSyncChangeDetection cmdlet improvements. Microsoft has improved the Invoke-AzStorageSyncChangeDetection cmdlet and the 10,000 item limit no longer applies when scanning the entire share.
  • Azure File Sync is now supported in West US 3 region.
  • Reduced transactions when a file consistently fails to upload due to a per-item sync error.
  • Reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

  • This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
  • A restart is required for servers that have an existing Azure File Sync agent installation if the agent version is less than version 12.0.
  • The agent version for this release is 14.0.0.0.
  • Installation instructions are documented in KB5001872.

Ephemeral OS disks for Azure VMs support additional VM sizes

You now can choose where to store Ephemeral OS disks, either in VM temp disk or on VM cache. This feature enables Ephemeral OS disks to be created for all the VMs, which don’t have cache or have an insufficient cache (such as Dav3, Dav4, Eav4, and Eav3) but has sufficient temp disk to host the Ephemeral OS disk.

Networking

New Azure Firewall Premium capabilities

Several new Azure Firewall Premium capabilities are available:

  • Azure Firewall Premium availability in more regions. Azure Firewall Premium is now available in both Microsoft Government Cloud and Azure China 21Vianet. This expansion makes Azure Firewall Premium now available in 44 Azure regions.
  • Terraform support for Firewall Policy Premium. Azure Firewall Premium supports a range of DevOps tools including Azure CLI, PowerShell, REST API. Customers can now use Terraform, a popular open-source tool used by DevOps for implementing infrastructure as code, to manage their Azure Firewall Premium.
  • Web categories Category Check (in preview). Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Often customers want to check what categories does a specific URL fall under. Customers can now use the convenience of Azure Portal to determine URL web categories and share feedback if the category is not accurate.

  • Migrate to Premium SKU using Stop/Start approach. If you use Azure Firewall Standard SKU with Firewall Policy, you can use the Allocate/Deallocate method to upgrade your Firewall SKU to Premium. This migration approach is supported on both VNET Hub and Secure Hub Firewalls. Secure Hub deployments will be upgraded while preserving the public IP of the firewall.

Extended regional availability for Private Link NSG Support and for Private Link UDR Support

Private Endpoint support for Network Security Groups (NSGs) and Private Endpoint support for User Defined Routes (UDRs) are now in public preview.

  • Private Endpoint support for Network Security Groups (NSGs) enhancement will provide you with the ability to enable advanced security controls on traffic destined to a private endpoint.
  • Private Endpoint support for User Defined Routes (UDRs) enhancement will provide you with the ability to apply custom routes to traffic destined to a private endpoint with a wider subnet range.

At this time, this features are available in the following regions: UsEast2Euap, UsCentralEuap, WestCentralUS, WestUS, WestUS2, EastUS, EastUS2, Asiaeast, Australiaeast, Japaneast, Canadacentral, Europenorth, Koreacentral, Brazilsouth, Uksouth, US South, US North, and France Central.

ExpressRoute IPv6 Support for Private Peering

IPv6 support for ExpressRoute Private Peering is now generally available with ExpressRoute circuits and Azure environments globally. IPv6 support will unlock hybrid connectivity for you as you look to expand into mobile and IoT markets with Azure, or to address IPv4 exhaustion in your on-premise networks.

Azure Management services: what's new in October 2021

In October, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released on a monthly basis I want to provide an overall overview of the main news of the month, so that you can always stay up to date on these topics and have the necessary references to carry out further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Availability and support of availability zones in new regions

Azure Monitor Log Analytics is available in the following new regions:

  • West US 3
  • Korea South
  • Canada East 

To check the availability of the service in all the Azure regions you can consult this document.

Furthermore, support for Availability Zones was introduced in the region of West US 2 for Azure Monitor Log Analytics and Application Insights, which allows to ensure greater availability for the logs present in the Workspace.

Azure Monitor container insights: updating the user experience from the portal

The user experience from the portal for Azure Monitor container insights has been updated and allows you to:

  • Get detailed information about containers more easily
  • View resource usage as allocable capacity
  • Take advantage of new metrics and new recommended alerts

Azure Monitor Query SDK

Microsoft has released the Azure Monitor Query SDK for .NET, Java, JavaScript/TypeScript e Python. This new SDK allows developers to build applications that perform read-only queries on Azure Monitor logs and metrics, so that they can analyze and visualize the data in customized ways. The SDK has been modernized to follow the Azure SDK guidelines and be idiomatic for each programming language. Furthermore, introduces a number of updates and new features.

Azure Monitor application insights in Azure Spring Cloud

Thanks to this new integration in Azure Monitor Application Insights it is possible to enable the monitoring of Java Spring Boot applications running in Azure Spring Cloud with a few simple steps and without making any changes to the code.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Multiple backups during the day for Azure Files

Keeping RPO low is often a key requirement for Azure Files that contain frequently updated business-critical data. To ensure minimal data loss, in the event of an emergency or unwanted content changes, organizations may need to back up more frequently than once a day. Azure Backup now allows you to create backup policies to take multiple snapshots per day. With this feature it is also possible to define the duration of the backup processes.

Support for Archive storage for the backup of VMs and SQL on board VMs using the Azure portal

Azure Backup announced in August the ability to move recovery points to the Azure Storage Vault-Archive tier to save costs and retain backup data for a longer duration. This feature is available for Azure VMs and SQL Servers installed on board Azure VMs. Initially this possibility was only given using Azure PowerShell, while now it is possible to move these backups from the standard tier to the new archive tier also from the Azure portal.

When moving backup data from vault-standard to vault-archive, Azure Backup converts incremental data into full backup. This procedure involves an increase in the total GB used, but costs are reduced due to the huge difference in cost per GB between the two storage tiers. To simplify this process, Azure Backup provides advice on Recovery Points (RPs) for which migration to the vault-archive is recommended. Restores can always be done in an integrated way from the Azure portal, with a simple and intuitive process.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, This month, the main changes concern support for new geographical areas.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New centralized management experience for Azure Hybrid Benefit for SQL Server (preview)

Azure Hybrid Benefit for SQL Server helps reduce costs by allowing existing on-premises licenses with active Software Assurance to be assigned to Azure. Now there’s an easier way to manage the benefit, optimize cost savings, and sustain compliance for the entire organization. Instead of assigning the benefit to each individual Azure resource (e.g. virtual machine), billing admins can now assign and manage SQL Server licenses at an Azure subscription or entire Azure account level.

Cross region replication for Azure NetApp Files

With this disaster recovery capability, you can replicate your Azure NetApp Files volumes between select Azure standard and non-standard region pairs continuously in a fast and cost-effective way, protecting your data from unforeseeable regional failures. Azure NetApp Files cross region replication leverages NetApp SnapMirror technology so only changed blocks are sent over the network in a compressed, efficient format. This technology reduces the amount of data required to replicate across the regions with up to 50% or more, therefore saving Azure NetApp Files customers data transfer cost. It also shortens the replication time so you can achieve a smaller Restore Point Objective.

Networking

Azure Firewall Premium now generally available in five new Azure regions

Azure Firewall Premium provides next generation firewall capabilities that are required for highly sensitive and regulated environments, and it is now generally available in the following new Azure Cloud regions: USGov Texas, USGov Arizona, USGov Virginia, China North 2 and China East 2.

Azure Stack

Azure Stack HCI

New feature update

Feature updates for Azure Stack HCI are released periodically to enhance the customer experience. This month’s feature update for Clusters running Azure Stack HCI, version 21H2 are:

The management of Kubernetes environments with Azure Arc

The principle behind Azure Arc is to extend Azure management and governance practices to different environments and to adopt solutions and techniques, which are typically used in a cloud environment, even for on-premises environments. This article discusses how Azure Arc allows you to deploy and configure Kubernetes applications homogeneously across all environments, adopting modern DevOps techniques.

Thanks to Azure Arc-enabled Kubernetes it is possible to connect and configure Kubernetes clusters located inside or outside the Azure environment. By connecting a Kubernetes cluster to Azure Arc, this:

  • It appears in the Azure portal with an Azure Resource Manager ID and a managed identity.
  • It is inserted within an Azure subscription and a resource group.
  • Allows it to be associated with tags like any other Azure resource.

To connect a Kubernetes cluster to Azure, the agents must be installed on the various nodes. Such agents:

  • They run in the Kubernetes namespace "azure-arc".
  • They manage connectivity to Azure.
  • They collect Azure Arc logs and metrics.
  • They check for configuration requests.

Figure 1 - Agent architecture Azure Arc-enabled Kubernetes

Azure Arc-enabled Kubernetes supports SSL to protect data in transit. Furthermore, to ensure the confidentiality of inactive data, these are stored in an encrypted way in an Azure Cosmos DB database.

Azure Arc agents on Kubernetes systems do not require the opening of inbound ports on firewall systems, but you only need to be enabled to access outbounds to specific endpoints.

For more details on this and for the procedure to follow to connect a Kubernetes cluster to Azure Arc you can consult this official Microsoft documentation.

Supported distributions

Azure Arc-enabled Kubernetes can be enabled with any certified Kubernetes cluster Cloud Native Computing Foundation (CNCF)". In fact,, the Azure Arc team collaborated with leading industry partners to validate compliance of their Kubernetes distributions with Azure Arc-enabled Kubernetes.

Supported scenarios

Enabling Azure Arc-enabled Kubernetes The following scenarios are supported:

  • Connecting Kubernetes clusters running in environments other than Azure, to perform inventory operations, grouping and tagging.
  • Application distribution and configuration management based on GitOps mechanisms. Related to Kubernetes, GitOps is the practice of declaring the desired state of Kubernetes cluster configurations (deployments, namespaces, etc.) in a repository Git. This declaration is followed by a poll and pull-based deployment of these cluster configurations using an operator. The Git repository can contain:
    • YAML format manifest describing any valid Kubernetes resources, including Namespaces, ConfigMaps, Deployments, DaemonSets, etc.
    • Chart Helm for application distribution.

Flux, a popular open source tool from GitOps, can be deployed on the Kubernetes cluster to facilitate the flow of configurations from a Git repository to a Kubernetes cluster.

For more details on the CI / CD workflow using GitOps for Azure Arc-enabled Kubernetes clusters you can refer to this Microsoft documentation.

  • View and monitor cluster environments using Azure Monitor for containers.
  • Threat Protection using Azure Defender for Kubernetes. The extension components collect the Kubernetes audit logs from all the nodes of the cluster control plane and send them to the back-end ofAzure Defender for Kubernetesin the cloud for further analysis. The extension is registered with a Log Analytics workspace that is used for the data pipeline, but the audit logs are not stored in the Log Analytics workspace. The extension allows you to protect Kubernetes clusters located at other cloud providers, but it does not allow you to contemplate their managed Kubernetes services.
  • Apply settings via Azure Policy for Kubernetes.
  • Creation of custom locations used as targets for the deployment of Azure Arc-enabled Data Services, App Services on Azure Arc (which includes web, function, and logic apps) and Event Grid on Kubernetes.

Azure Arc-enabled Kubernetes also supports Azure Lighthouse, which allows service providers to access their tenant to manage subscriptions and resource groups delegated by customers.

Conclusions

Companies that need to operate in a hybrid environment thanks to this technology will be able to minimize the effort of managing containerized workloads, extending services such as Azure Policy and Azure Monitor to Kubernetes clusters located in on-premises environments. Finally, through the GitOps approach, you will be able to simplify updates to cluster configurations in all environments, minimizing the risks associated with configuration problems.

Azure IaaS and Azure Stack: announcements and updates (October 2021 – Weeks: 39 and 40)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

What’s new in Azure VMware Solution

  • Azure VMware Landing Zone is now publically available. It is Microsoft’s prescriptive, opinionated and best-practices backed guidance for deploying and managing workloads running on Azure VMware solution.
  • It’s soon possible to use Azure NetApp Filesas NFS datastore for Azure VMware Solution. It’s a great option for using the same NetApp VSAN datastores as used in on-premise environments in Azure now.
  • It is possible now to do HCX migration over VPN and SD-SWAN. Customers can get an additional option besides Azure ExpressRoute for driving migrations.  
  • Azure VMware Solution is now included as part of Azure Workload Acquisition & Nurture incentive Partners can take advantage of multiple benefits available under the program to drive Azure VMware Solution projects.
  • New enhancements, global expansion, partner integration are now available as documented here.

Availability Zones now generally available in new regions

Azure Availability Zones are now generally available in the South Africa North, Norway East and Korea Central region. These new zones provide customers with options for additional resiliency and tolerance to infrastructure impact.

Storage

Azure NetApp Files waitlist removal

Azure NetApp Files, one of the fastest growing bare-metal Azure services is now available to Azure customers directly from the Azure portal, CLI, API or with SDK, without having to go through waitlist approval process.

Standard network features for Azure NetApp Files (preview)

Standard network features for Azure NetApp Files volumes is now in public preview in select regions. This includes support for increased IP limits, Network Security Groups, User-defined routes, and additional connectivity patterns like connectivity over Active/Active VPN gateway and ExpressRoute FastPath.

Azure NetApp Files Backup capability (preview)

Azure NetApp Files backup expands the data protection capabilities of Azure NetApp Files by providing fully managed backup solution for long-term recovery, archive, and compliance.
Azure NetApp Files online snapshots are now enhanced with backup of snapshots. With this new backup capability, you can offload your Azure NetApp Files snapshots to Azure blob storage in a fast and cost-effective way, further protecting your data from accidental deletion.

Enable hierarchical namespace for existing Azure Storage accounts

Accelerating value through data analytics by enabling the Azure Data Lake Storage (ADLS) hierarchical namespace for existing Azure Storage accounts is now generally available. The benefits of the ADLS hierarchical namespace in providing enhanced performance and features that are dedicated to maximizing the value of data analytics is well established. You can now get this benefit for existing accounts and data by enabling the hierarchical namespace in place.

Object replication for Premium Block Blob Storage (preview)

Object replication allows you to replicate your premium block blob data at the blob level from one storage account to another anywhere in the Azure.
Object replication unblocks a new set of common replication scenarios for premium block blobs:

  • Minimize latency: have your users consume the data locally rather than issuing cross-region read requests.
  • Increase efficiency: have your compute clusters process the same set of objects locally in different regions.
  • Optimize data distribution: have your data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.

Azure China: the aspects to know for a successful choice

For European and US companies with part of their business in China, the adoption of cloud solutions is becoming increasingly attractive. Microsoft offers the possibility of adopting Azure solutions also in China and a large number of important companies of the caliber of Coca Cola, BMW and Heineken have already landed on the Azure platform in China. However, there are important aspects and some peculiarities, covered in this article, which is good to take into consideration to make an informed choice when you intend to proceed with the deployment of line of business applications in the areas from China to Azure.

What is Azure China?

To offer cloud services in China and ensure consistent quality of service globally, you have the option to adopt Azure China, which has the following characteristics:

  • It is independently managed and sold by 21Vianet in mainland China. Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”) is a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd.
  • This is a physically separate instance of cloud services located in China.
  • Compared to Microsoft-managed Azure Public Areas, Azure subscriptions from Chinese regions can only be created by a Chinese entity. This means that to activate Azure services in these geographic areas it is necessary to collaborate with a local organization in mainland China. In fact,, during the registration process, you are asked to specify a telephone number and an address in China. After creating the account, subscription management is the same as for any other Azure region, using a dedicated Azure portal.

To allow customers and partners to examine all important aspects, before activating workloads in Azure China, Microsoft has published this list of activities.

Datacenter

Azure China datacenters are located in eastern and northern China and are geographically separated by more 1.000 kilometres. Also for these datacenters there is support for geographic replication and business continuity, allowing to obtain high data reliability for Azure services. The following regions are currently available on the Chinese territory: China North, China North 2, China East e China East 2.

New Azure region coming to China in 2022

To meet the growing public cloud service needs of the Chinese market, Microsoft announced that in the 2022 a new Azure region will be available in North China, always managed by its local operating partner 21Vianet. This expansion is expected to double the capacity of Microsoft's cloud portfolio in China in the coming years, which in addition to Azure includes Microsoft Office 365, Dynamics 365 and Power Platform. All of this will help fuel further innovation and digital transformation for developers, partner, and customers in China and around the world.

Availability of services

There is a gap between the services that can be activated in Azure China and the global services of Azure. Taking this into account, you can check the services available in the regions of China in this page. Furthermore, releases of new services, Azure versions and new features have their own history in China.

Connectivity and access to resources

First of all, It is good to specify that the workloads distributed in Azure China are potentially accessible anywhere globally.

However, please note that Azure Global Regions and Azure Chinese Regions are physically disconnected. Therefore, to privately connect the resources located in the subscriptions in Azure China with those in the global areas of Azure, it is necessary to provide the activation of VPN site-to- site or ExpressRoute.

The adoption of a hybrid architecture allows you to extend applications and workloads located in Azure China and provide connectivity and interoperability globally.

The following connections are supported:

  • VPN or Azure ExpressRoute to create a direct network connection between Azure China and the on-premises environment located in China.
  • Site-to-site VPN to connect an Azure site in China to the on-premises environment outside China. ExpressRoute is not supported for direct network connectivity to an external site outside of China (Azure global is also considered external).

Figure 1 – Cross-border connectivity

In this regard, it is necessary to consider that the purchase of the connectivity service must be done by contacting qualified telecommunications operators who have a license issued by the Ministry of Industry and Information Technology (MIIT).

Free ExpressRoute circuit for China

Azure China ExpressRoute offers a free circuit among the following paired regions: China North (N1) – China North 2 (N2) e China East (E1) – China East 2 (E2). This allows for minimal network latency, similar to being within the same region. The ExpressRoute crossover N1-E2, E1-N2 requires ExpressRoute Premium and is subject to a cross-data transfer charge.

Network latency

Between China and the rest of the world, high network latencies, low bandwidth, unstable connections and high costs are situations that occur in most cases.

All of this happens because of the intermediary technologies that regulate internet traffic that crosses the border. Among these the “Great Firewall of China” which protects Chinese Internet access and filters traffic to China. In fact,, almost all traffic going from the Republic of China outside of China, with the exception of special administration areas such as Hong Kong and Macao, go through the Great Firewall. Traffic passing through Hong Kong and Macao does not fully hit the Great Firewall, but it is managed by a subset of the Great Firewall.

Figure 2 - Interconnections with China

To improve interconnections with China, it is also possible to use the Azure Virtual WAN service, as detailed in this Microsoft documentation.

Figure 3 - Example of architecture with Azure Virtual WAN

Furthermore, to improve the performance and responsiveness of websites with streaming media and other rich media content, it is possible to evaluate the adoption of an Azure CDN (Azure Content Delivery Network). According to Chinese law, the use of the CDN service in China could also subject an offshore website to the ICP registration. It is not recommended to use a global CDN service that does not have a point of presence (PoP) within mainland China.

Purchase options, costs and support

For information regarding the purchasing process and end-to-end onboarding for both Chinese and foreign users who are considering the adoption of Microsoft Azure services managed by 21Vianet in China (“Azure Services in China”) you can consult this guide, made following the customer's perspective.

The details on the costs of the various Azure China services can be found in this dedicated portal.

To get a complete view of the support plans in Azure China you can consult this page.

Conclusions

To ensure an effective distribution of your workloads in Azure China there are several aspects to consider such as which legal entity will manage your Azure China account, the level of compatibility of your applications with Azure services running in China, the Great Firewall and the migration and replication strategy to use. However, there are several companies that have long relied on Azure China and it is possible to consult the many success stories in this page.

Azure Management services: what's new in September 2021

In September there were several news announced by Microsoft regarding Azure management services. In this summary, which I report on a monthly basis, major announcements are listed, accompanied by the necessary references to be able to conduct further studies on.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Support for Availability Zones is available

Azure Monitor has introduced support for Availability Zones that help protect applications and data from datacenter failures and can provide resilience for Azure Monitor features such as Application Insights and any other functionality that relies on a Log Analytics workspace. When a workspace is linked to an availability zone, Azure Monitor remains active and operational even if a specific datacenter is not functional or completely inactive. Azure Monitor currently supports Availability Zones for the following regions: East US 2 and West US 2.

Cross query between Azure Monitor and Azure Data Explorer

The ability to query between Azure Monitor and Azure Data Explorer allows you to query data exported to Azure Data Explorer or Azure blob storage and merge them with any Azure Monitor Log Analytics workspace.

Among the various features recently released we find the ability to perform queries:

  • Between Azure Data Explorer and Azure Monitor services (Log Analytics / Application Insights) and vice versa
  • On Azure Monitor logs exported from an Azure blob storage account using Azure Data Explorer

In Azure Monitor Log Analytics, the maximum data retention time frame is limited to 2 years. This aspect can be limiting in some areas, to the point that certain compliance criteria are not met. To overcome this limitation, you can export logs to an Azure blob storage. This new feature allows you to cross-query by including data exported to Azure blob storage in an integrated way.

Support for Windows Server 2022 for the Azure Monitor Agent

The Azure Monitor Agent is now also supported for Windows Server 2022 such as virtual machines, virtual machine scale sets and Arc enabled servers (in on-premise environments and / or non-Azure servers).

New version of the agent for Linux systems

A new version of the Log Analytics agent has been released this month for Linux systems where several improvements and greater stability are introduced. Furthermore, the OMI component has been updated to version 1.6.8 and introduced support for AWS 2 / Centos 8.4 Linux.

Configure

Azure Automation

Support for the Az module

Azure Automation introduces support for the module “Az”, available by default for all new Automation Accounts. Furthermore, the option is present in the Azure portal “Update Az Modules” which allows you to update the modules to “Az” for existing Automation Accounts.

Govern

Azure Policy

Support for AKS custom policy (preview)

Microsoft has announced in preview support for custom policies for Azure Kubernetes Service clusters (AKS). With this feature, it is possible to create and assign custom policy definitions and constraint templates to AKS clusters, see advanced information about any errors, use the embedded constraint template embedded within the policy definition and more.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.

Protect

Azure Backup

New alerts and management in the Backup center (preview)

Azure Backup has released a new Azure Monitor based alerting solution, which allows you to take advantage of the notification capabilities offered by Azure to monitor and effectively act on critical backup incidents. These alerts can also be managed directly by Azure Backup center.

Oracle snapshot with Azure Backup

Azure Backup now allows you to run pre-post scripts to deactivate and reactivate Oracle databases. This allows you to have consistent backups and take advantage of all the advantages of Azure VM backup also for Oracle systems. Database-consistent snapshots can be used for restores from Oracle, they are verifiable by Oracle database clients such as RMAN and have economic advantages as the backup of Azure VMs is intrinsically incremental. The ability to take consistent snapshots at the Oracle database level also means there is no need to stream the full daily data to a storage target, therefore it is possible to significantly reduce the I / O demand on the machine and on the network, as well as reducing the need for large storage spaces. Furthermore, the use of these snapshots guarantees the ability to quickly create clones of Oracle production VMs and it is not necessary to perform intensive I / O operations such as a datapump.

Offline backup with Azure Data Box

Microsoft has made the Azure Offline Backup functionality available using Azure Data Box, which allows you to use Azure Data Box to seed large initial backups offline in an Azure Recovery Service vault.

Azure Site Recovery

New features to simplify the DR scenarios of VMs in a VMware environment (preview)

The following changes have been released in preview in ASR to help improve the activation of Disaster Recovery scenarios for VMware environments:

  • Automatic updates for the ASR replication appliance and for the Mobility agent. A limitation of the current ASR architecture is the need to manually update the various components of the configuration server and the Mobility service. To make things easier, Microsoft has introduced the ability to update automatically: when an update is made available, both the appliance (configuration server) and the Mobility service can be updated automatically. Furthermore, to perform automatic updates, the machine's root / admin credentials are no longer required.
  • Scalability improvements. The appliance becomes a single management unit where all its components have been converted into microservices hosted in an Azure environment. Not only will this make troubleshooting a lot easier, but managing the scalability of the solution will also be easier.
  • High availability for the appliance. Appliance resilience is a required feature and, thanks to this review, it is no longer necessary to perform regular backups of the appliance, but just start a new appliance and transfer all protected machines to the new appliance, without having to repeat a full replication.

Upgrade al TLS 1.2 or later

As part of the Microsoft initiative that provides for Azure to use TLS 1.2 by default and removing dependencies from previous versions, Azure Site Recovery is moving away from legacy protocols to ensure greater security for replication data. Therefore, TLS 1.0 e TLS 1.1 they will no longer be supported. These changes will take effect on 15 November 2021. To continue using Azure Site Recovery without interruption, you should make sure that all the resources that use the Microsoft Azure Recovery Services agent (MARS) are enabled for the use of TLS 1.2 or later.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.