Category Archives: Datacenter Management

Azure Management services: What's new in June 2021

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

  • New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
  • Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
  • Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Display of amortized costs in the cost analysis preview.
  • Cloudyn is withdrawn from the 30 June.
  • News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for new geographies of the public cloud.
  • The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
  • Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Management services: What's new in June 2021

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

The new Azure Monitor agent and new Data Collection Rules features are available

Azure Monitor introduces, for some months now, a new unified agent (Azure Monitor Agent – AMA) and a new concept to make data collection more efficient (Data Collection Rules – DCR).

Among the various key features added in this new agent we find:

  • Support for Azure Arc server(Windows and Linux) 
  • Virtual Machine Scale Set support (VMSS)
  • Installation via ARM template

With regard to the Data Collection, these innovations have been made:

  • Better control in defining the scope of data collection (e.g.. ability to collect from a subset of VMs for a single workspace)
  • Single collection and sending to both Log Analytics and Azure Monitor Metrics
  • Send to multiple workspaces (multi-homing for Linux)
  • Ability to better filter Windows events
  • Better extension management

All the preview features are ready to be used even in production environments, with the exception of the use of custom Azure Monitor Metrics (still in preview).

Collection of Syslog events from the Azure Monitor agent for Linux distro (preview)

Azure Monitor introduced a new concept for configuring data collection and a new unified agent for Azure Monitor. This new agent (AMA – Azure Monitor Agent) allows you to improve some key aspects of data collection from virtual machines, as reported in the previous paragraph. There was an issue on this front where Syslog data collection was not working as expected. This problem has been solved and the latest version of the agent includes support for the collection of Syslog events from Linux machines (using version 1.10 and later), available for all supported distributions.

Azure Monitor cost changes to achieve significant savings

Microsoft recently made several changes to Azure Monitor Log Analytics costs, which allow for significant savings, if important amounts of data are merged into the workspaces. It should be noted that a new naming has been introduced with regard to capacity reservations, which are now called “commitment tiers”. These changes have been made available since 2 June 2021:

  • New commitment tiers (higher). New engagement levels are introduced for Azure Sentinel and Azure Monitor Log Analytics for data ingestion: 1 TB/Day, 2 TB/Day, and 5 TB/Day.
  • Changes to the billing method for importing data that exceed the commitment tiers. Data imported beyond the commitment tiers will be billed using the actual commitment tiers rate, instead of the pay-as-you-go rate, with consequent cost reduction.
  • Simplification of commitment tiers: it is now possible to select from eight distinct commitment tiers and it is no longer necessary to manage tiers due to minor changes in the data ingestion. As part of this change, all workspaces with a commitment tier greater than 500 GB / day will be reset to the lowest available commitment tier: 500 GB / day, 1 TB / day, 2 TB / day or 5 TB / day.

Govern

Azure Policy

Changes in compliance for Resource Type Policies

Starting from 16 June 2021, the policies in which the resource type is the only evaluation criterion (e.g.. Allowed Resource Types, Disallowed Resource Types) they will have no resources “compliant” in compliance records. This means that if there are no non-compliant resources, the policy will show compliance with the 100%. If one or more non-compliant resources are present, the policy will show it 0% of compliance, with total resources equal to non-compliant resources. This change is to respond to feedback that resource type policies skew overall compliance rate data (which are calculated as compliant resources + exempt from total resources in all policies, deduplicated for unique resource IDs) due to a large number of total resources.

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

  • Display of amortized costs in the cost analysis preview.
  • Cloudyn is withdrawn from the 30 June.
  • News regarding Cost Management Labs.

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

TLS 1.2 enforcement per il MARS backup agent

Starting from September 1st 2020, Azure Backup will enforce the presence of the Transport Layer Security protocol (TLS) version 1.2 or later. To continue using Azure Backup, you need to make sure that all resources use the Microsoft Azure Recovery Services agent (MARS) updated to use TLS 1.2 or superior.

Cross Region Restore of SQL / SAP HANA running on VM in Azure

In Azure Backup, restore between different regions of Azure (Cross-Region Restore – CRR), available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions (paired region) at any time, essential in the event of the unavailability of the primary region. Geo-replicated backup data can then be used to restore SQL and SAP HANA databases running on Azure VMs to the “paired region” from Azure, during planned or unplanned incidents.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:

  • Support for new geographies of the public cloud.
  • The ability to register servers running SQL Server, with SQL VM RP, to automatically install the IaaS SQL agent extension. This feature is available for VMware (without agent), Hyper-V (without agent) and agent-based migrations.
  • Evaluation via CSV file import supports up to 20 disks. Previously, there was a limit of eight disks per server.

Support for Azure private links

Private Link support allows you to connect to the Azure Migrate service privately and securely via ExpressRoute or via a site-to-site VPN. Thanks to this method of connectivity, the instrumentsAzure Migrate: Discovery and Assessment andAzure Migrate: Server Migration, they can be used by connecting privately and securely. This method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Arc for the management of server systems: benefits and usage scenarios

Heterogeneous infrastructures, applications based on different technologies and solutions located on different public clouds are increasingly common elements in corporate IT environments. These complexities, combined with a continuous evolution of their datacenters bring out more and more the need to visualize, govern and protect IT assets, regardless of where they are running. In Microsoft, this customer need was addressed by designing a solution that allows you to manage complex realities, also offering the possibility of bringing cloud innovation even using existing infrastructures: this solution is called Azure Arc. In particular, Azure Arc for servers extends the possibilities offered by Azure in governance and management also to physical machines and virtual systems that reside in environments other than Azure. In this article we will explore the main benefits and implementation scenarios that can be contemplated by adopting Azure Arc in the management of server systems.

Enabling Azure Arc servers allows you to manage physical servers and virtual machines residing outside Azure, on the on-premises corporate network or at other cloud providers. This management experience, valid for both Windows and Linux systems, is designed to provide consistency with the management methodologies of native virtual machines residing in the Azure environment. In fact, connecting a machine to Azure through Arc is considered in all respects as an Azure resource. Each connected machine has a specific ID, it is included in a resource group and benefits from standard Azure constructs.

Figure 1 – Azure Arc Management Overview

Main usage scenarios

The projection of server resources in Azure using Arc is a useful step to take advantage of the management and monitoring solutions described below.

Visibility and organization

In hybrid and multicloud environments, it can be particularly challenging to get a centralized view of all available resources. Some of these resources are running on Azure, some in a local environment, at branch offices or other cloud providers. By connecting resources to Azure Resource Manager via Azure Arc, it is possible to organize, centrally inventory and manage a wide range of resources, include Windows and Linux servers, server SQL, Kubernetes clusters and Azure services running in Azure and outside Azure. This visibility can be obtained directly from the Azure portal and specific queries can be performed using Azure Resource Graph.

Figure 2 - Azure Arc and resources in the Azure portal

Access management

With Azure Arc for servers it is possible to provide access to systems through Azure role-based access control (Azure RBAC). Furthermore, in the presence of different environments and tenants, Azure Arc also integrates with Azure Lighthouse. This scenario can be of particular interest to providers that offer managed services to multiple customers.

Monitor

Through VM Insights it is possible to consult the main performance data, from the guest operating system. Thanks to the powerful data aggregation and filtering functions, it is possible to easily monitor the performance for a very large number of systems and easily identify those that have performance problems. Furthermore, it is possible to generate a map with the interconnections present between the various components residing on different systems. Maps show how VMs and processes interact with each other and can identify dependencies on third-party services. The solution also allows you to check for connection errors, count connections in real time, network bytes sent and received by processes and latencies encountered at the service level.

Figure 3 – Monitoring: Performance

Figure 4 – Monitoring: Map

Azure Policy guest configurations

Guest Configuration Policies allow you to control settings within a system, both for virtual machines running in Azure environment and for "Arc Connected" machines. Validation is performed by the client and by the Guest Configuration extension as regards:

  • Operating system configuration
  • Configuration or presence of applications
  • Environment settings

At the moment, most of the Azure Guest Configuration Policies only allow you to make checks on the settings inside the machine, but they don't apply configurations. For more information on this scenario, you can consult the article Azure Governance: how to control system configurations in hybrid and multicloud environments.

Inventory

This feature allows you to retrieve inventory information relating to: installed software, files, Registry keys in a Windows environment, Windows Services and Linux Daemons. All this can easily be accessed directly from the portal Azure.

Change Tracking

The functionality ofChange Tracking monitors changes made to systems relatively to Daemons, File, Registry, software and services on Windows . This feature can be very useful in particular for diagnosing specific problems and for enabling alerts in the face of unexpected changes.

Figure 5 – Change Tracking e Inventory

Update Management

The solution ofUpdate Management allows you to have an overall visibility on the compliance of updates for both Windows and Linux systems. The solution is not only useful for consultation purposes, but it also allows you to schedule deployments for installing updates within specific maintenance windows.

Figure 6 – Update Management

Azure Defender
The projection of server resources in Azure using Arc is a useful step to ensure that all the machines in the infrastructure are protected by Azure Defender for Server. Similar to an Azure VM, it will also be necessary to deploy the Log Analytics agent on the target system. To simplify the onboarding process this agent is deployed using the VM extension, and this is one of the advantages of using Arc.

Once the Log Analytics agent has been installed and connected to a workspace used by ASC, the machine will be ready to use and benefit from the various security features offered in the Azure Defender for Servers plan.

Deployment Tools

Deployments can be simplified thanks to the use of Azure Automation State Configuration and of Azure VM extensions. This allows you to contemplate post-deployment configurations or software installation using the Custom Script Extension.

Conclusions

Maintain control and manage the security of workloads running on-premises, in Azure and on other cloud platforms it can be particularly challenging. Thanks to Azure Arc for Servers it is possible to easily extend the typical Azure management and monitoring services to workloads residing outside the Azure environment. Furthermore, Azure Arc allows you to obtain detailed information and organize various IT resources in a single centralized console, useful for effectively managing and controlling your entire IT environment.

Azure IaaS and Azure Stack: announcements and updates (June2021 – Weeks: 23 and 24)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Confidential Computing price reduction on DCsv2 virtual machines

DCsv2-series protects the confidentiality and integrity of your data and code while it’s processed in the public cloud. Microsoft is announcing a price reduction on DCsv2-series Azure Virtual Machines by 37%. The new pricing is effective June 1st, 2021, and applies to all the regions where DCsv2-series is available.

New datacenter region in Arizona

Microsoft is launching a new sustainable datacenter region in Arizona, known as “West US 3.” For more details you can read “Expanding cloud services: Microsoft launches its sustainable datacenter region in Arizona“.

Azure Virtual Machines DCsv2-series are available in Australia

Confidential computing DCsv2-series virtual machines (VMs) are now available in Australia East, Austria Southeast will launch in the coming weeks to provide disaster recovery capabilities.

Storage

Azure Blob index tags

Prior to index tags, solutions that required the ability to quickly find specific objects in a blob container would need to keep a secondary catalog. Blob index tags provides a built in capability to add tags and then quickly query for or filter using this information. This provides a simpler solution without requiring a separate query system. This includes the ability to set index tags both upon upload or after upload. You can utilize these indexes as part of lifecycle management that automates deletion and movement between tiers.

Networking

New Azure private MEC solution announced

An evolution of Private Edge Zones, Azure private multi-access edge compute (MEC) expands the scope of possibilities from a single platform and service to a combination of edge compute, multi-access networking stacks, and the application services that run together at the edge. These capabilities help simplify integration complexity and securely manage services from the cloud for high-performance networking and applications.

In addition to the Azure private MEC solution, we are announcing the following Microsoft and partner services and solutions:

  • New Azure Network Function Manager (public preview) service
  • Metaswitch Fusion Core third-party services on Azure Stack Edge
  • Affirmed Private Network Service third-party service on Azure Stage Edge
  • New Azure Marketplace solutions from our partners’

Default Rule Set 2.0 for Azure Web Application Firewall (preview)

The Default Rule Set 2.0 (DRS 2.0) for Azure Web Application Firewall (WAF) deployments running on Azure Front Door is in preview. This rule set is only available on the Azure Front Door Premium SKU. DRS 2.0 includes the latest changes to our rule set, including the addition of anomaly scoring. With anomaly scoring, incoming requests are assigned an anomaly score when they violate WAF rules and an action is taken only when they breach an anomaly threshold. This helps drastically reduce false positives for customer applications. Also included in DRS2.0 are rules powered by Microsoft Threat Intelligence which offer increased coverage and patches for specific vulnerabilities.

Azure Stack HCI: the constantly evolving hyper-converged solution – June edition 2021

Azure Stack HCI is the solution that allows you to create a hyper-converged infrastructure (HCI) for running workloads in an on-premises environment and that provides a strategic connection to various Azure services. Recently Microsoft has brought a series of new features that open up new scenarios in the adoption of this solution and that allow you to better manage your hybrid infrastructure based on Azure Stack HCI. This article reports the main aspects that have undergone an evolution and the new features recently introduced in Azure Stack HCI.

Azure Kubernetes Service in Azure Stack HCI

One of the main new features is the ability to activate Azure Kubernetes Service (AKS) in Azure Stack HCI. This new on-premises AKS implementation scenario allows you to automate the large-scale execution of modern applications based on micro-services. Thanks to Azure Stack HCI, the adoption of these container-based application architectures can be hosted directly in your own datacenter, adopting the same Kubernetes management experience that you have with the managed service present in the Azure public cloud.

Figure 1 - AKS overview on Azure Stack HCI

Azure Monitor Insights for Azure Stack HCI (preview)

The solution Azure Stack HCI Insights is able to provide detailed information on integrity, on the performance and usage of Azure Stack HCI clusters, version 21H2 connected to Azure and registered for related monitoring. Azure Stack HCI Insights stores its data in a Log Analytics workspace, thus having the possibility to use powerful aggregations and filters to better analyze the data collected over time. There are no specific costs for using Azure Stack HCI Insights, but the cost is calculated based on the amount of data entered in the Log Analytics workspace and the related data retention settings.

You have the option of viewing the monitor data of a single cluster from the Azure Stack HCI resource page or you can use Azure Monitor to obtain an aggregate view of multiple Azure Stack HCI clusters with an overview of the health of the cluster, the state of nodes and virtual machines (CPU, memory and storage consumption), performance metrics and more. This is the same data also provided by Windows Admin Center, but designed to scale up to 500 cluster at the same time.

Figure 2 - Azure Monitor Insights control panel for Azure Stack HCI

Simplification of networking with Network ATC (preview)

Azure Stack HCI networking deployments and operations can be complex and error-prone. Due to the flexibility that is provided in the configuration of the network stack of the hosts that make up the Azure Stack HCI cluster, there are several parts that can be configured not in the best way. Staying up to date with the latest best practices is also a challenge as improvements are continually made to underlying technologies. Furthermore, consistency of the configuration between the nodes of the HCI cluster is an important aspect as it allows for a stable and more reliable environment.

Network ATC makes it easy to create and manage network configuration for Azure Stack HCI nodes, helping to:

  • Reduce the time, the complexity and failures of cluster host networking implementation
  • Deploy the latest best practices validated and supported by Microsoft
  • Ensure configuration consistency across the cluster environment

Automatic activation of Windows virtual machines

Starting with the cumulative update of June 2021, Azure Stack HCI will support the popular automatic virtual machine activation feature (Automatic VM Activation – AVMA) of Hyper-V for Windows Server. Customers who have an activation key of Windows Server 2019 Datacenter Edition can insert them directly into the Azure Stack HCI host using Windows Admin Center or PowerShell. In this way. virtual machines hosted in a clustered environment running Windows Server will automatically inherit activation from the host, without having to manage it for each virtual machine.

Figure 3 – Automatic VM Activation (AVMA) from Windows Admin Center

Trial Period Extension a 60 days

Azure Stack HCI offers a free trial period that allows you to thoroughly evaluate the solution. The duration of this test is extended by 30 days to 60 days and will start from when the registration of the cluster environment is completed. These changes have been applied to all tests since 3 may 2021.

Preview channel

Starting with the cumulative update of June 2021, you have the option of joining the Preview channel with non-production cluster environments, similar to the Windows Insider program but for Azure Stack HCI. It is a program that allows customers to install the next version of the operating system before the official release (build pre-release). This allows you to evaluate the new Azure Stack HCI features and is for evaluation and testing purposes only. Joining this program does not include any cost for Azure Stack HCI and the cluster environment will not have any type of support. The Preview channel will allow you to share feedback on the experience of participating in the channel, useful for enriching and improving the adoption of Azure Stack HCI.

Figure 4 - Join the Preview channel from Windows Admin Center

Availability in China

The Azure Stack HCI team is working to make its service available in other regions and now it is possible to activate it also in Azure China. In fact, you can download Azure Stack HCI from azure.cn, register your cluster in the region China East 2 and take advantage of the advantages of the solution. Integrated systems for Azure Stack HCI are available in China for different vendors, from Lenovo and Dell, as well as from regional partners, ensuring a strong local presence able to provide the best technical advice and the necessary support.

Conclusions

This set of new features introduced demonstrates a major investment by Microsoft in the Azure Stack HCI solution. Thanks to constant improvement, the continuous introduction of new features and the inclusion of new usage scenarios, the proposition for hyper-converged scenarios is increasingly complete, integrated and performing. Azure Stack HCI integrates perfectly with the existing on-premises environment and offers an important added value: the ability to connect Azure Stack HCI with Azure services to obtain a hybrid hyper-converged solution. This aspect in particular strongly differentiates it from other competitors who offer solutions in this area.

Azure IaaS and Azure Stack: announcements and updates (June 2021 – Weeks: 21 and 22)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Azure Storage Blob inventory is now available in all public regions (preview)

Azure blob storage inventory provides you the ability to understand the total number of objects, their size, tier, and other information to gain insight into your object storage estate. Inventory can be used with Azure Synapse to calculate summaries by container. Microsoft has expanded preview to all public regions for blob inventory.

Key Rotation and Expiration Policies

Key rotation is one of the best security practices to reduce the risk of secret leakage for enterprise customers. Customers using Azure Storage account access keys can rotate their keys on demand, in the absence of key expiry dates and policies customers find it difficult to enforce and manage this key rotation automatically. The new feature will allow you to not only set key expiration duration but also add policies that can mandate anyone deploying storage endpoints to specify key rotation duration. Furthermore, you would be able to monitor key expiration and set alerts if a key is about to expire. For accounts that are nearing key expiry, you can rotate the keys using APIs, CLI, Powershell, or Azure Portal.

Networking

ExpressRoute Global Reach Pricing Reduction

Microsoft is annoucing a 50% decrease in the data transfer price for ExpressRoute Global Reach. This pricing change will go into effect as of June 1, 2021. For more information about ExpressRoute Global Reach pricing, visit the ExpressRoute Pricing webpage.

Azure Stack

Azure Stack HCI

Azure Kubernetes Service (AKS) on Azure Stack HCI

Azure Kubernetes Services (AKS) on Azure Stack HCI simplifies the Kubernetes cluster deployment on Azure Stack HCI. It offers hybrid capabilities and consistency with Azure Kubernetes Service for ease of app portability and management. You can take advantage of familiar tools and capabilities to modernize both Linux and Windows .NET apps on-premises. Furthermore, its built-in security enables you to deploy your modern applications anywhere: cloud, on-premises, and edge.

Free Trial Now Available

The Azure Stack HCI team has extended the built-in free software trial from 30 days to 60 days giving more time for customers and partners to evaluate their virtual workloads on Azure Stack HCI in planning their purchase decision. There’s nothing you need to do to enable the trial duration, it’s been automatically extended.

Available in China

Azure Stack HCI is now available in the China cloud – making it very easy to get all the benefits of Azure Stack HCI.

New feature called Network ATC

The next update available to Azure Stack HCI subscribers will be 21H2 which is in preview right now. With this update comes a new feature called Network ATC, which simplifies the deployment and management of networking on your HCI hosts.

If you’ve deployed Azure Stack HCI previously, you know that network deployment can pose a significant challenge. You might be asking yourself:

  • How do I configure or optimize my adapter?
  • Did I configure the virtual switch, VMMQ, RDMA, etc. correctly?
  • Are all nodes in the cluster the same?
  • Are we following the best practice deployment models?
  • (And if something goes wrong) What changed!?

So, what does Network ATC actually set out to solve? Network ATC can help:

  • Reduce host networking deployment time, complexity, and errors
  • Deploy the latest Microsoft validated and supported best practices
  • Ensure configuration consistency across the cluster
  • Eliminate configuration drift

Network ATC does this through some new concepts, namely “intent-based” deployment. If you tell Network ATC how you want to use an adapter, it will translate, deploy, and manage the needed configuration across all nodes in the cluster.

Azure Management services: What's new in May 2021

To stay constantly updated on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the news, presented in a synthetic way and accompanied with the necessary references to be able to conduct further studies.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Log Analytics workspace insights

Microsoft has announced the availability of Log Analytics workspace insights which allows you to obtain detailed information on the Log Analytics workspaces, providing a comprehensive overview of the following aspects: usage, performance, integrity, agents, query and change logs.

These are the main questions to which the solution can provide an answer:

  • What are the main tables, those where most of the data is imported?
  • Which resource sends the most logs to the workspace?
  • How long does it take for the logs to reach the workspace?
  • How many agents are connected to the work area? How many are in a health state?
  • Query control: how many queries run in the workspace? What are their response codes and duration time? What are the slow and inefficient queries that require workspace overhead?
  • Who has set a daily limit? When data retention has changed?
    • Useful for keeping a log of changes in workspace settings.

Export of Azure Monitor logs to multiple destinations (preview)

You now have the option to create up to 10 data export rules in each Log Analytics workspace, having the flexibility to decide which tables to export and to which destination (storage accounts oppure event hubs). This configuration possibility makes it possible to address these aspects:

  • Event hub rate limit
  • Single storage account rate limit
  • Different logs can be exported to different destinations.

Updates related to the user interface(UI)

The following user interface updates have been introduced in Log Analytics(UI):

  • Consultation of custom logs: it is now possible to control and manage the table and the custom fields from a new dedicated panel, offering a new user interface that improves the experience of consulting custom logs.
  • Azure Dashboard: the parts of Log Analytics added to Azure dashboards support integration with filters.

Query packs in Azure Monitor (preview)

Query packages have been made available in Azure Monitor , which are essentially ARM objects containing several queries. Among the main features we find:

  • Being ARM objects, precise control of permissions is provided and can be distributed via code and incorporated into policies.
  • They work in all contexts and in all environments, with the ability to upload them to multiple subscriptions.
  • They allow organizations to better organize queries based on their taxonomy, thanks to the presence of new metadata.
  • The clear experience, harmonized and contextual to the environment is incorporated in Log Analytics.

Availability in new regions

Azure Monitor Log Analytics is now also available in the South India region. To check the availability of the service in all the Azure regions you can consult this document.

Secure

Azure Security Center

Integration con GitHub Actions (in public preview)

The integration of Azure Security Center (ASC) with GitHub Actions, in public preview, allows you to easily incorporate security and compliance early in the software development lifecycle. With this integrated experience, you can gain greater visibility into IT operations and IT security, both in the pipeline CI / CD, both in the security scans of container registry within ASC. Furthermore, end-to-end traceability makes it easier for developers to identify issues, improving resolution times and strengthening your cloud security posture.

Re-scanning of containers

Azure Security Center has introduced a new scan for containers that analyzes images to identify vulnerabilities before the push action occurs within the Azure container registries. In the future, ASC will also provide recommendations if you detect workflows that send Docker images without enabling scan actions CI / CD.

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Backup for Azure Blobs

Azure Blob Backup is a managed data protection solution, this helps protect block blobs from various data loss scenarios. The data is stored locally within the source storage account and can be restored from a certain time when necessary. This feature provides a simple means, safe and economical to protect blobs.

Azure Site Recovery

Enable Azure Site Recovery (ASR) when creating virtual machines

While creating new virtual machines from the Azure portal, you can now also enable the Azure Site Recovery replication process. This possibility is included in the virtual machine management options along with those already available, such as Monitoring, Identity, and Backup.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news is the migration of virtual machines and physical servers with operating system disks up to 4 TB, which is now supported using the migration method based on the presence of the agent.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 19 and 20)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Storage

Zone redundant storage (ZRS) option for Azure managed disks (preview)

Zone redundant storage (ZRS) option for Azure managed disks is now available on Premium SSDs and Standard SSDs in public preview in: West Europe, North Europe, West US 2 and France Central regions. Disks with ZRS provide synchronous replication of data across the zones in a region, enabling disks to tolerate zonal failures which may occur due to natural disasters or hardware issues. Disks with ZRS maintain three consistent copies of the data in distinct Availability Zones in a region, making them tolerant to outages. They also allow you to maximize your virtual machine availability without the need for application-level replication of data across zones, which is not supported by many legacy applications such as old versions of SQL or industry-specific proprietary software. This means that, if a virtual machine becomes unavailable in an affected Zone, you can continue to work with the disk by mounting it to a virtual machine in a different zone. You can also use the ZRS option with shared disks to provide improved availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS or GFS2.

Lower pricing for provisioned throughput on Azure Ultra Disks

Microsoft is announcing a price reduction on provisioned throughput for Azure Ultra Disks by 65%. The new pricing is effective May 1st, 2021, and applies to all the regions where Ultra Disks are available. Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure Virtual Machines (VMs).

Azure NetApp Files: Application Consistent Snapshot tool (AzAcSnap)

The Azure Application Consistent Snapshot tool (AzAcSnap) is a command-line tool enables you to simplify data protection for third-party databases (SAP HANA) in Linux environments (for example, SUSE and RHEL). Since the January 2021 preview announcement, AzAcSnap has seen wide adoption among enterprise customers for fast backup of Azure NetApp Files volumes including multi-TB databases and scale-out scenarios for SAP HANA. Now it is available.

Azure File Sync agent v12.1

The v12.0 agent release had two bugs which are fixed in this release:

  • Agent auto-update fails to update the agent to a later version.
  • FileSyncErrorsReport.ps1 script does not provide the list of per-item errors.

If agent version 12.0 is installed on your servers, you will need to update to v12.1 using Microsoft Update or Microsoft Update Catalog (see installation instructions in KB4588751).

More information about this release:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations.
  • The agent version for this release is 12.1.0.0.
  • A restart may be required if files are in use during the installation.
  • Installation instructions are documented in KB4588751.

Networking

Virtual Network peering support for Azure Bastion

Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional Bastion host.

Azure VPN Client for macOS (preview)

Azure VPN Client for macOS, with support for native Azure AD, certificate-based, and RADIUS authentication for OpenVPN protocol is in public preview. Native Azure AD authentication support is highly desired by organizations as it enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN gateway integration and the Azure VPN Client to obtain and validate Azure AD tokens. With the Azure VPN Client for macOS, customers can use user-based policies, Conditional Access, as well as Multi-factor Authentication (MFA) for their Mac devices.

Application Gateway Mutual Authentication (preview)

Azure Application Gateway now supports the ability to perform frontend mutual authentication. In addition to the client authenticating Application Gateway in a request, Application Gateway can now also authenticate the client. You can upload multiple client Certificate Authority (CA) certificate chains for Application Gateway to use for client authentication. Additionally, Application Gateway also allows you to configure listener specific SSL policies. You can choose to enable mutual authentication at a per listener level on your gateway, as well as choose to pass client authentication information to the backends through server variables. This feature enables scenarios where Application Gateway needs to authenticate the client in addition to the client authenticating Application Gateway.

Azure ExpressRoute: 5 New Peering Locations Available

New peering locations are now available for ExpressRoute:

  • Bogota
  • Madrid
  • Sao Paulo
  • Rio de Janeiro
  • Toronto2

With this announcement, ExpressRoute is now available across 75 global commercial Azure peering locations.

Azure IaaS and Azure Stack: announcements and updates (May 2021 – Weeks: 17 and 18)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Hybrid Benefit for Linux with RI and VMSS Support

Azure Hybrid Benefit is available for Linux, extending the ability to easily migrate RHEL and SLES servers to Azure beyond existing pay-as-you-go instances to include support for Azure Reserved Instance (RI) and virtual machine scale set (VMSS).

While previous Bring-Your-Own-Subscription cloud migration options available to Red Hat and SUSE customers allowed them to use their pre-existing RHEL and SLES subscriptions in the cloud, Azure Hybrid Benefit for Linux improves upon this with several capabilities unique to Azure making enterprise Linux cloud migration even easier than before:

  • Applies to all Red Hat Enterprise Linux and SUSE Linux Enterprise Server pay-as-you-go images available in the Azure Marketplace or Azure Portal. No need to provide your own image.
  • Save time with seamless post-deployment conversions—production redeployment is unnecessary. Simply convert the pay-as-you-go images used during your proof-of-concept testing to bring-your-own-subscription billing.
  • Lower ongoing operational costs with automatic image maintenance, updates, and patches: Microsoft maintains the converted RHEL and SLES images for you.
  • Enjoy the convenience of unified user interface integration with the Azure CLI, providing the same UI as other Azure virtual machines, as well as scalable batch conversions.
  • Get co-located technical support from Azure, Red Hat, and SUSE with just one ticket.
  • Combine with recently announced Red Hat and SUSE support for Azure shared disks to lift-and-shift failover clusters and parallel file systems, like Global File System.
  • Fully compatible with Azure Arc, providing end-to-end hybrid cloud operations management for Windows, RHEL, and SLES servers in one solution.

New Azure VMs for general purpose and memory intensive workloads (preview)

The new Dv5, Dsv5, Ddv5, Ddsv5, and Ev5, Edv5 series Azure Virtual Machines, now in preview, are based on the 3rd Generation Intel® Xeon® Platinum 8370C (Ice Lake) processor in a hyper-threaded configuration. This custom processor can reach an all-core Turbo clock speed of up to 3.5GHz and features Intel® Turbo Boost Technology 2.0, Intel® Advanced Vector Extensions 512 (Intel® AVX-512) and Intel® Deep Learning Boost. These new offerings deliver a better value proposition for general-purpose, and memory intensive workloads compared to the prior generation (e.g., increased scalability and an upgraded CPU class) including better price to performance.

The Dv5, Dsv5, Ddv5, Ddsv5 VM sizes offer a combination of vCPUs and memory able to meet the requirements associated with most general-purpose workloads and can scale up to 96 vCPUs. The Ddv5 and Ddsv5 VM sizes feature high performance, large local SSD storage (up to 2,400 GiB). The Dv5 and Dsv5 VM series offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Ddv5 or Ddsv5 Azure virtual machines, which are also in Preview.

The Ev5 and Edv5 VM sizes feature up to 672 GiB of RAM and are ideal for memory-intensive enterprise applications. You can attach Standard SSDs and Standard HDDs disk storage to these VMs. If you prefer to use Premium SSD or Ultra Disk storage, please select the Esv5 and Edsv5 VM series, which will be in preview in the near future. The Ev5 and Esv5 VMs offer a lower price of entry since they do not feature any local temporary storage. If you require temporary storage select the latest Edv5 VM series which are also in preview, or the Edsv5 VM series, which will be in preview in the near future.

New NPv1 virtual machines

NPv1 series virtual machines are a new addition to the Azure product offering. These instances are powered by Xilinx Alveo U250 FPGAS. These highly-programmable accelerators benefit a variety of computationally intensive workloads such as genomics, image-processing, security, data analysis and more. The NP series offering is based upon the commercially available U250 from Xilinx and uses a standard shell easing the difficulties of migrating existing FPGA workloads & solutions to the cloud. New Xilinx Alveo U250 FPGA NPv1 VMs are now generally available in West US 2, East US, West Europe, and Southeast Asia.

Microsoft acquires Kinvolk to accelerate container-optimized innovation

Microsoft is excited to bring the expertise of the Kinvolk team to Azure and having them become key contributors to the engineering development of Azure Kubernetes Service (AKS), Azure Arc, and future projects that will expand Azure’s hybrid container platform capabilities and increase Microsoft’s upstream open source contributions in the Kubernetes and container space. Microsoft is also committed to maintaining and building upon Kinvolk’s open source culture. The Kinvolk team will continue to remain active in their existing open source projects and will be essential to driving further collaboration between Azure engineering teams and the larger open source container community.

Storage

Azure Blob storage: NFS 3.0 protocol support public preview now expands to all regions

Azure Blob storage is the only public cloud storage platform that supports NFS 3.0 protocol over object storage natively (no gateway or data copying required), with object storage economics. This new level of support is optimized for high-throughput, read-heavy workloads where data will be ingested once and minimally modified further, such as large-scale analytic data, backup and archive, media processing, genomic sequencing, and line-of-business applications. Azure Blob Storage NFS 3.0 preview supports general purpose v2 (GPV2) storage accounts with standard tier performance in all publicly available regions. Further, Microsoft is enabling a set of Azure blob storage features in premium blockblob accounts with NFS 3.0 feature enabled such as blob service REST API and lifecycle management.

Attribute-based Access Control (ABAC) in preview

Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This preview includes support for role assignment conditions on Blobs and ADLS Gen2, and enables you to author conditions based on resource and request attributes.

Prevent Shared Key authorization for an Azure Storage account

Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key. Microsoft is announcing the general availability of the ability to disable Shared Key authorization for Azure Storage.

Append blob support in Azure Data Lake Storage

Append blobs provide a simple and effective way of adding new content to the end of a file or blob when the existing content does not need to be modified. This makes append blobs great for applications such as logging that need to add information to existing files efficiently and continuously. Until now, only block blobs were supported in Azure Data Lake Storage accounts. Applications can now also create append blobs in these accounts and write to them using Append Block operations. These append blobs can be read using existing Blob APIs and Azure Data Lake Storage APIs.

Networking

Multiple features for Azure VPN Gateway

The following features for Azure VPN Gateway are general available:

  • Multiple authentication types for point-to-site VPN – You can now enable multiple authentication types on a single gateway for OpenVPN tunnel type. Azure AD, certificate-based and RADIUS can all be enabled on a single gateway.
  • BGP diagnostics – You can now see the Border Gateway Protocol session status, route advertised and routes learnt by the VPN Gateway.
  • VPN packet capture in Azure portal – Support for packet capture on the VPN Gateway is now availbe in the Azure portal.
  • VPN connection management – With new enhancements in VPN connection management capabilities, you can now reset an individual connection instead of resseting the whole gateway. You can also set the Internet Key Exchange (IKE) mode of the gateway to responder-only, initiator-only or both and view the Security Association (SA) of a connection.

Azure Management services: What's New in April 2021

Microsoft is constantly announcing news regarding Azure management services. This summary, released on a monthly basis, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Window systemss. The new version includes a new tool for troubleshooting and handles changes to certificates in Azure services differently.

The uniqueness of the name of the Log Analytics workspaces is now per resource group

In the past, the uniqueness of the Azure Monitor Log Analytics workspace was globally for all subscriptions. This meant that when a workspace name was used by a customer, it could not be reused by others. Microsoft has changed the way in which the uniqueness of the workspace name is requested and is now managed in the context of the resource group.

New definitions built-in of the Azure Policy for data encryption in Azure Monitor

Azure Monitor provides built-in policies for data encryption governance and control over the key used for encryption at rest. Here are the new built-in policies available for data encryption:

  • Azure Monitor logs clusters should be encrypted with customer-managed key – Audit if log analytics cluster is defined with customer-managed key.
  • Azure Monitor logs clusters should be created with infrastructure-encryption enabled (double encryption) – Audit log analytics cluster is created with Infrastructure enabled.
  • Azure Monitor logs for application insights should be linked to a log analytics workspace – Audit if application insights is linked to store data in log analytics workspace. Workspace can then be linked to a log analytics cluster for customer-managed key settings.
  • Saved-queries in Azure Monitor should be saved in customer storage account for logs encryption – Audit if workspace has linked storage account, which allows the encryption using customer-managed key.
  • Log alert queries in Azure Monitor will be saved in customer storage account, if workspace has linked storage account, which allows the encryption using customer-managed key.

Improvements for Log Alerts

Log Alerts are available in Azure Monitor that allow users to use a Log Analytics query to evaluate the resources logs at a set frequency and activate an alert based on the results obtained. Rules can trigger one or more actions using Action Groups. In this context, two new highly requested features have been released (in preview):

  • Stateful Log Alert: with this feature enabled, activated alerts are automatically resolved once the condition is no longer satisfied. In this way, the same behavior is adopted as in the alerts related to metrics.
  • Frequency of 1 minute: with this feature enabled, the alert query is evaluated every minute to verify the specified condition, thus reducing the overall time for activating a Log Alert.

Availability in new regions

Azure Monitor Log Analytics is also available in the region South India.

To check the availability of the service in all the Azure regions you can consult this document.

Container insights: support for the monitor of Kubernetes Azure Arc enabled environment (preview)

Containers insights in Azure Monitor has extended its monitor capabilities to Azure Arc Kubernetes clusters as well, providing the same monitoring capabilities present for the Azure Kubernetes service (AKS), which:

  • Visibility on the performance of the environment, through the memory and processor metrics for the controllers, nodes and containers.
  • View information collected through workbooks and in the Azure portal.
  • Alert and possibility of querying historical data for problem solving.
  • Ability to verify Prometheus metrics.

Configure

Azure Automation

Availability in new regions

Azure Automation is also available in the region South India.

Support for System Assigned Managed Identities for cloud and Hybrid job (public preview)

Azure Automation has introduced support for System Assigned Managed Identities for cloud and Hybrid jobs. Among the advantages of using Managed Identities we find:

  • The ability to authenticate to any Azure service that supports Azure AD authentication.
  • Elimination of the management overhead associated with managing Run As accounts in runbook code. This makes it possible to access resources via the Managed Identity of an Automation account from a runbook, without having to worry about creating RunAsCertificate, RunAsConnection, etc.
  • It is not necessary to renew the certificate used by the Automation Run As account.

Govern

Azure Cost Management

Updates related toAzure Cost Management and Billing

Microsoft is constantly looking for new methodologies to improve Azure Cost Management and Billing, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported, including:

Secure

Azure Security Center

New features, bug fixes and deprecated features of Azure Security Center

Azure Security Center development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Azure Dedicated Host protection support

Azure Backup has introduced support for the backup and recovery of virtual machines residing on Azure Dedicated Host, physical servers dedicated to your organization whose capacity is not shared with other customers. This feature is available in all Azure regions where Azure Dedicated Host can be activated.

Azure VM Scale sets protection with orchestration templates (preview)

Azure Backup now allows you to backup and restore Azure VM Scale sets with orchestration models, which provide a logical grouping of virtual machines managed by the platform.

Improvements in encryption using customer managed keys (preview)

Azure Backup now allows you to use your own keys to encrypt backup data residing in the Recovery Services vaults. This new feature allows you to increase the control of the encryption of your data. Furthermore, you can use the Azure Policy to control and apply encryption using keys managed directly by the customer.

Azure Site Recovery

Support for Azure Policy (preview)

The ability to use Azure Policy is now provided to enable large-scale use of Azure Site Recovery for virtual machines. After creating a disaster recovery policy for a resource group, all new virtual machines that will be added to this resource group will have Site Recovery enabled automatically. Furthermore, through a Remediation process, Site Recovery can also be enabled for all virtual machines already present in the Resource Group.

Support for cross-continental disaster recovery (for 3 region pairs)

Azure Site Recovery introduced support for cross-continental disaster recovery. Thanks to this feature, a virtual machine can be replicated from an Azure region in one continent to a region in another continent. In the event of a planned or unplanned outage, you will be able to fail over the virtual machine on all continents and, once the interruption has been mitigated, it can be brought back to the continent of origin (fail-back) and protected. This feature is currently available for the following 3 pairs of intercontinental regions:

  • Southeast Asia and Australia East
  • Southeast Asia and Australia Southeast
  • West Europe and South Central US

Support of “proximity placement groups” in hybrid and cloud disaster recovery scenarios

Azure Site Recovery introduced support for “proximity placement groups (PPG)” in hybrid and cloud disaster recovery scenarios. With this support it will be possible to replicate an on-premises physical or virtual machine or an Azure virtual machine within a PPG, in the chosen Azure target area. Upon activation of the failover plan, Site Recovery will activate the failover VM within the target PPG selected by the user. This functionality is available both through the Azure portal and through PowerShell and REST API, across all Azure regions.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this new release was released this month:

  • The tools Azure Migrate: Discovery and Assessment and Azure Migrate: Server Migration can be used by connecting privately and securely to the Azure Migrate service via ExpressRoute or via a site-to-site VPN, using Azure private links. This connectivity method is recommended to use when there is an organizational requirement to access the Azure Migrate service and other Azure resources without crossing public networks or if you want to get better results in terms of bandwidth or latency.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.