Category Archives: Datacenter Management

Azure Management services: what’s new in February 2024

This month, Microsoft introduced a series of significant updates related to Azure management services. Through this series of monthly articles, we aim to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Availability of the Azure Monitor Metrics Data Plane API

As of February, the Azure Monitor Metrics Data Plane API is available for use. This API allows for efficient management and monitoring of Azure resources, improving query efficiency and metric collection capability. It is possible to retrieve metric data for up to 50 resource IDs in the same subscription and region with a single API call, thus optimizing query throughput and reducing the risk of throttling.

Execution of the Azure Monitor Logs connector on an exact time range (preview)

The Azure Monitor Logs connector introduces a new preview feature: the ability to execute queries on an exact time range provided dynamically. This functionality allows for filtering the execution of queries in the Log Analytics workspace or Application Insights components for Logic App triggers or schedules, displaying relevant results. Until now, the time range could be set directly in the query or defined with a relative value, such as the last hour or the last 12 hours. With the exact time range option, it is now possible to dynamically pass the start and end time to respond to scenarios such as alarm diagnostics. When the connector is activated by an alarm, it can receive the alarm’s time range to replicate the results that triggered the alarm and allow for effective investigation.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure SQL migration assessment enabled by Azure Arc (preview)

With the growing adoption of cloud computing, organizations embark on the path of migration to the cloud, facing a complex and articulated challenge that can extend for several months, varying based on the size and complexity of the projects involved. This transition period can result in a delay in accessing the benefits offered by Azure’s capabilities, temporarily limiting operational efficiency and innovation.

To overcome these challenges, Microsoft introduces an innovative solution: SQL Server enabled for Azure Arc. This revolutionary technology allows organizations to begin leveraging the benefits of the cloud from the early stages of the migration process. Through Azure Arc, it is possible to manage SQL Server instances, both on-premise and distributed across multiple clouds, using Azure’s control plane and management services. This approach enables consistent and efficient hybrid management of the SQL Server environment, bringing immediate benefits in terms of operational efficiencies and cost reduction, in addition to ensuring an optimal migration and modernization experience.

In addition to these benefits, Microsoft announces the public preview release of the Azure SQL migration assessment, powered by Azure Arc. This feature, once activated by linking one’s SQL Server to Azure Arc, automatically and continuously provides an assessment of readiness for migration to Azure SQL. This assessment takes into account the evolutions of the work environment and suggests the Azure SQL deployment option best suited to specific needs, optimizing costs. Furthermore, it identifies potential migration risks and proposes mitigation strategies, thus facilitating the transition path to the cloud and improving strategic alignment with business needs.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Regulatory compliance management: through Defender for Cloud, the management of compliance standards is extended to Azure, AWS, and GCP environments, offering a unified experience in creating and managing personalized recommendations through KQL queries.
  • Cloud support for Defender for Containers: the threat detection capabilities specific to Azure Kubernetes Service (AKS) in Defender for Container are now extended to commercial clouds, Azure Government, and Azure China 21Vianet, with the list of supported features updated.
  • Update of the Defender FOR Container agent: a new version of the agent, which brings improvements in terms of performance and security, supports AMD64 and ARM64 architectures (Linux only) and employs Inspektor Gadget for process collection instead of Sysdig. This version is compatible exclusively with Linux kernel version 5.4 or higher, requiring updates for older kernels. ARM64 support is available starting from AKS V1.29.
  • Support for the OCI image format specification: vulnerability assessment now supports the Open Container Initiative (OCI) image format specification for AWS, Azure, and GCP clouds, thanks to Microsoft Defender Vulnerability Management.
  • Retirement of the AWS container vulnerability assessment powered by Trivy: this assessment has been replaced by a new solution powered by Microsoft Defender Vulnerability Management.
  • Recommendations for Azure Stack HCI: four new recommendations specific to Azure Stack HCI, currently in public preview, have been introduced, thus expanding the type of resources manageable through Microsoft Defender for Cloud.

Protect

Azure Backup

Support for Cross-Region recovery of PostgreSQL backups

Support for cross-region recovery of PostgreSQL backups through Azure Backup is now available to all. Using Read-Access Geo-Redundant Storage (RA-GRS), Azure Backup enables a high level of data resilience, allowing access to backups in disaster recovery scenarios and restoration operations from the secondary region at any time. This feature is now available for PostgreSQL backups in all public regions, offering a wide range of durability options for backup data.

Regional Disaster Recovery via Azure Backup for AKS (preview)

Azure Backup for AKS introduces a new feature in preview: Regional Disaster Recovery. This innovation provides advanced protection for containerized application workloads and data through scheduled backups and smooth restorations, ideal for addressing situations such as operational recovery, accidental deletion, and application migration. Thanks to Regional Disaster Recovery, organizations can anticipate and mitigate the impact of catastrophic regional events through the recovery of AKS clusters from backups located in a secondary region, leveraging Azure’s paired regions. This ensures operational continuity even in the face of regional disruptions, complying with the established 3-2-1 backup strategy and providing the resilience needed to ensure data recovery after tenant-compromising events, in addition to meeting compliance requirements imposed by heavily regulated sectors.

Extended support for VMs with Ultra and Premium SSD v2 disks

Azure has announced the general availability launch of extended support of Azure Backup for virtual machines (VMs) that use Ultra and Premium SSD v2 disks. This development represents a significant step forward in strengthening the resilience and recovery capabilities of businesses managing critical enterprise applications and high-intensity I/O in the cloud. Ultra disks, known for their ability to support enterprise-level applications such as SAP HANA, high-end SQL databases, and NoSQL databases, offer organizations the flexibility needed to run demanding workloads with ease. Simultaneously, Premium SSD v2 disks stand out as the most advanced block storage solution, optimized for IO-intensive production workloads that require latencies below one millisecond. The availability of these technologies in Azure Backup meets a fundamental customer demand, eager to ensure operational continuity of their VMs in the event of disasters or ransomware attacks. With the enablement of backup for VMs using both Ultra and Premium SSD v2 disks, Azure positions itself as a robust cloud platform capable of offering solid and efficient recovery solutions. These advanced backup options are designed for a wide spectrum of applications, including SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, and gaming, on virtual machines or stateful containers. The availability of these features in all regions that support the creation of Ultra and Premium SSD v2 disks highlights Azure’s commitment to providing reliable and cutting-edge backup solutions, thus promoting security, resilience, and operational efficiency for businesses globally.

Azure Site Recovery

Enabling replication for data disks added to VMware VMs

Azure Site Recovery now supports enabling replication for data disks added to a VMware VM already enabled for disaster recovery. Thanks to this update, users can ensure greater operational continuity and better data resilience management, extending disaster recovery protection to data disks added after the VM protection is enabled.

Support of Azure Site Recovery for Azure Trusted Launch VMs (preview)

Microsoft has announced the preview of Azure Site Recovery support for Azure Trusted Launch VMs, exclusively for Windows operating systems. These VMs provide basic security for Azure Generation 2 systems, enabling Secure Boot and vTPM capabilities.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 07 and 08)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Windows Admin Center for Azure Virtual Machines

The Windows Admin Center for Azure Virtual Machines marks a significant step forward in cloud management by integrating directly into the Azure Portal. This tool is engineered to streamline the administration of Windows Server Operating Systems for Azure Virtual Machines. By facilitating in-browser RDP and PowerShell sessions, managing files, viewing events, and monitoring performance, it significantly reduces the necessity for remote desktop connections. A standout feature is its integration with Azure Active Directory for single sign-on capabilities, offering a cohesive identity experience across Azure services. This innovation not only simplifies virtual machine deployment and maintenance but also enhances security by minimizing dependence on local administrator accounts.

Compute

NVv5 Series VMs Now Available in Italy North Azure Region

Azure’s NVv5 Series Virtual Machines, equipped with NVIDIA A10 GPUs and AMD EPYC 74F3V CPUs, are now accessible in the Italy North region. These VMs cater to the needs of high-performance computing and graphics-intensive applications, offering a blend of powerful computational resources and graphical processing capabilities. This expansion into the Italy North region underscores Azure’s commitment to providing geographically diverse options for compute-intensive workloads.

Trusted Launch for Azure VMs in China Regions

Microsoft is proud to announce the general availability of Trusted Launch for Azure virtual machines in all Azure regions across China, encompassing China East, China East 2, China East 3, China North, China North 2, and China North 3. This major update introduces a strengthened security framework for Azure Virtual Machines. Trusted Launch enhances foundational VM security by guaranteeing booting to a defined and trusted state, a crucial step in combating sophisticated malware threats, including boot kits and rootkits, by offering kernel-mode level security on par with the operating system.

Furthermore, Trusted Launch activates Credential Guard, a significant security measure that protects user passwords and derived domain credentials via secure boot, virtualization-based security, and vTPM, which are critical for domain controllers. This feature also provides ongoing insights into the health state and boot chain integrity of virtual machines, along with remediation pathways for attestation failures through Microsoft Defender for Cloud.

Especially for Windows 11 virtual machines, Trusted Launch bolsters defense mechanisms against lower layer malware through the support of UEFI, secure boot, and vTPM. This comprehensive security enhancement ensures a more secure and reliable environment for Azure VMs, marking a significant advancement in cloud security measures tailored to meet the evolving threats in the digital landscape.

Networking

Azure Firewall Enhancements: Flow Trace Logs and Autoscaling

Azure Firewall’s new enhancements, including Flow Trace Logs and autoscaling based on the number of connections, provide granular insights and improved scalability. Flow Trace Logs offer detailed visibility into TCP handshake logs, aiding in troubleshooting packet drops and route asymmetry. The autoscaling feature now adjusts firewall resources based on traffic connection counts, alongside throughput and CPU usage, enabling a more responsive and efficient firewall performance.

Parallel IP Group Update Support for Azure Firewall

The introduction of Parallel IP Group update support in public preview marks a significant improvement in Azure Firewall’s configuration management. This feature allows for the simultaneous update of up to 20 IP Groups within a Firewall Policy, streamlining administrative tasks and enabling faster, more scalable changes. This update is particularly beneficial for administrators utilizing dev ops methodologies for configuration changes, enhancing efficiency and agility in firewall management.

Storage

Azure Elastic SAN (General Availability)

Azure Elastic SAN’s transition to general availability signifies a milestone in cloud storage solutions, offering a fully-managed, cloud-native SAN experience. This service is designed for seamless migration of extensive SAN environments to Azure, simplifying the deployment, scaling, management, and configuration of storage area networks in the cloud. It introduces a SAN-like resource hierarchy and provisions resources at the appliance level, dynamically allocating these to accommodate various workloads, including databases, VDIs, and business applications. The integration of Azure Monitor Metrics and Azure Policy aids in managing performance and preventing misconfigurations, respectively, merging the efficiency of traditional SAN systems with the flexibility and scalability of cloud storage.

Azure File Sync Agent Releases: v17.1 and v16.2 (Security Only Updates)

The release of Azure File Sync agent versions 17.1 and 16.2 as security-only updates addresses a critical vulnerability (CVE-2024-21397) that previously allowed unauthorized file creation. These updates underscore Azure’s commitment to security, providing essential patches for Windows Server installations ranging from version 2012 R2 to 2022. Detailed installation instructions are provided (KB5023054 and KB5023052), ensuring users can securely synchronize files across their environments.

Azure Blob Storage Cold Tier: Enhanced Support for Change Feed and Object Replication

The general availability of Azure Blob Storage Cold Tier’s support for Change Feed and Object Replication introduces significant enhancements for data storage and management. This feature enables the capturing of changes to blobs and their metadata within the cold tier, facilitating efficient data replication and access. It represents Azure’s ongoing efforts to provide cost-effective, flexible storage solutions for infrequently accessed data with long-term retention requirements.

Zone Redundant Storage (ZRS) for Azure Disks in Canada Central

The general availability of Zone Redundant Storage for Azure Disk Storage in the Canada Central region provides a robust solution for data resilience and availability. By offering synchronous replication across three availability zones, ZRS enables Azure Disks to withstand zonal failures, ensuring uninterrupted application performance. This feature is particularly valuable for applications requiring high availability without the complexity of application-level data replication.

Azure NetApp Files Standard Network Features

Azure NetApp Files now supports the general availability of Standard network features, allowing for the editing of network features for Azure NetApp Files volumes. This update brings an enhanced Virtual Networking experience, ensuring seamless integration and improved security posture. Users can now edit existing Azure NetApp Files volumes and upgrade from Basic to Standard network features. This enhancement includes increased IP limits for VNets with Azure NetApp Files volumes, aligning them with VM capabilities to facilitate customer integration into existing network topologies. Moreover, it introduces enhanced network security with support for Network Security Groups (NSGs) on Azure NetApp Files delegated subnets, a feature long requested by customers for meeting enterprise security requirements. Enhanced network control is also achieved through support for User-defined routes (UDRs), allowing traffic direction via chosen Network Virtual Appliances. Additionally, connectivity has been improved with Active/Active VPN gateway setup and ExpressRoute FastPath connectivity, ensuring low latency and high bandwidth connectivity from on-premises networks to Azure.

Introducing Azure Storage Actions: Serverless Storage Data Management (Preview)

Microsoft has recently announced the public preview of Azure Storage Actions, a fully managed platform specifically crafted to streamline data management tasks for Azure Blob Storage and Azure Data Lake Storage. With the exponential growth of data, organizations find themselves grappling with the complexities of efficiently managing their data assets. Azure Storage Actions seeks to alleviate these challenges by offering a serverless infrastructure that dynamically scales to meet data management demands, eliminating the need for resource provisioning or management.

This innovative platform provides a no-code experience, enabling users to easily define conditional logic for processing data objects. It supports an array of tasks aimed at enhancing data utility and security, such as cost optimization, data protection, rehydration from archives, and tagging, among others. Additional functionalities are expected to be added in future updates, further expanding its capabilities.

Azure Storage Actions facilitates the rapid composition, validation, and deployment of data management tasks. It features an intuitive Azure portal interface that simplifies the process of defining operations and validating them, ensuring a seamless user experience. Moreover, the platform offers robust support for programmatic management through various tools including REST APIs, the Azure SDK, PowerShell, the Azure Command-Line Interface (CLI), and Azure Resource Manager (ARM) templates. This versatility makes Azure Storage Actions a comprehensive solution for managing large-scale data assets across Azure Blob Storage and Azure Data Lake Storage, promising to significantly enhance data management efficiency and effectiveness for organizations worldwide.

Azure Stack

Azure Stack HCI

Supported Azure Stack HCI Scenarios with System Center

The integration of Azure Stack HCI, version 23H2, with System Center Virtual Machine Manager (SCVMM) marks a significant step forward in hybrid cloud management. Azure Stack HCI 23H2 elevates cloud-based management capabilities through Azure Arc, catering to the needs of large-scale datacenter customers who rely on System Center VMM for their virtualization environment management. The recent announcement from the System Center team outlines the supported scenarios in SCVMM for managing Azure Stack HCI 23H2, providing clarity and direction for system administrators and IT professionals.

SCVMM Support for Azure Stack HCI 23H2

The supported scenarios in SCVMM for Azure Stack HCI 23H2 include:

  • Addition and Management of Azure Stack HCI Clusters: SCVMM facilitates the addition of Azure Stack HCI clusters into your management framework, allowing for comprehensive oversight.
  • Virtual Machine Operations: Provisioning, deploying, and performing lifecycle operations on VMs within Azure Stack HCI clusters are fully supported, streamlining virtual machine management.
  • Storage and Volume Management: SCVMM enables the management of storage pool settings, creation of virtual disks, cluster shared volumes (CSVs), and application of Quality of Service (QoS) settings to optimize storage performance.
  • Workload Migration: The migration of VMware and Windows Server-based workloads to Azure Stack HCI is supported, offering flexibility in transitioning to Azure Stack HCI environments.
  • Cluster Management via PowerShell: Azure Stack HCI clusters can be managed using the same PowerShell cmdlets as Windows Server clusters, ensuring a consistent management experience.
  • Azure Integration: Azure-based VM self-serve capabilities and management services are extended through Azure Arc-enabled SCVMM, enhancing cloud connectivity and management.

Limitations and Azure/WAC Exclusive Scenarios

While SCVMM supports a broad range of management functions, certain scenarios remain exclusive to Azure Portal/Windows Admin Center (WAC) for Azure Stack HCI 23H2:

  • Cluster Creation and Registration: The creation and registration processes for Azure Stack HCI clusters are integrated into deployment and exclusively managed through Azure Portal/WAC.
  • Upgrades and Azure Benefits: Upgrading from Azure Stack HCI 22H2 to 23H2 and enabling Azure benefits on VMs are managed only via Azure Portal/WAC.
  • Advanced Features: New features of Azure Stack HCI 23H2, such as GPU-Partitioning and SDN Multi-site, along with previously unsupported features like Stretched clustering with 22H2, are managed outside of SCVMM.

Future Support and Availability

Support for Azure Stack HCI 23H2 in SCVMM is scheduled to be included in the next Long-Term Servicing Channel (LTSC) version of System Center. The general availability of this version is anticipated to align closely with the release of Windows Server 2025, offering forward-looking compatibility and support for Azure Stack HCI environments.

This integration underscores Microsoft’s commitment to hybrid cloud environments, providing the tools necessary for seamless management of virtualized infrastructure both on-premises and in the cloud. As the landscape of Azure Stack HCI evolves, the synergy between Azure Stack HCI and System Center continues to strengthen, offering a robust, scalable, and efficient management solution for modern datacenters.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (February 2024 – Weeks: 05 and 06)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure VMware Solution Now Available in Italy North Region

Azure VMware Solution has been made available in the Italy North Azure Region. This expansion allows customers in Italy to integrate their VMware workloads with Azure services seamlessly, leveraging the global scale, security, and performance of Azure while maintaining the VMware tools and expertise they are accustomed to. This launch supports the growing demand for cloud solutions in the region, enabling local businesses to innovate and scale with the cloud’s flexibility and efficiency.

Italy North Region Added to Azure HDInsight

Azure HDInsight is now generally available in the Italy North region. This expansion enhances Azure’s managed, full-spectrum, open-source analytics service capabilities, allowing enterprises to leverage popular frameworks such as Hadoop, Apache Spark, Apache Hive, LLAP, Apache Kafka, and more within Italy North. The availability of HDInsight in this region enables local and global enterprises to process big data, run real-time analytics, and use machine learning more efficiently with reduced latency.

Networking

Azure Virtual Network Manager Security Admin Rule Configuration Feature

The Azure Virtual Network Manager’s security admin rule configuration feature has reached general availability (GA) across 30 regions. This feature empowers organizations to enforce security policies across their virtual networks (VNets) efficiently, spanning subscriptions and regions worldwide. By prioritizing these rules above network security groups (NSGs), it ensures a standardized approach to security, helping to mitigate misconfigurations and adherence to corporate policies. The introduction of security admin rules streamlines network management, reducing the complexity of operations while enhancing security measures for expanding network infrastructures.

Azure Virtual Network Manager Topology View

Azure Virtual Network Manager (AVNM) topology view has been officially launched and is now generally available. This innovative feature offers a scalable and reliable solution for managing networks across global subscriptions. It integrates with Azure Resource Topology (ART) to provide a comprehensive visualization of network resources, contextualized by AVNM connectivity configurations. The topology view facilitates a deeper understanding of network connections, offering insights into the connectivity among network groups and VNets, thus enhancing confidence in network deployment strategies.

ExpressRoute Guided Portal Experience (preview)

Microsoft announces the public preview of the ExpressRoute guided portal experience, aimed at simplifying the configuration of multi-site resilient ExpressRoute circuits. This new portal experience offers critical information, such as the distance between peering locations and traffic engineering recommendations, to assist customers in making informed decisions. During the preview, users can access this feature globally in the Azure public cloud via the Azure portal flight link. This initiative underscores Microsoft’s commitment to providing intuitive tools for enhancing network resiliency and connectivity.

Storage

Mount Azure Storage as a Local Share in App Service Linux Now Supports NFS

Azure App Service Linux now supports NFS when mounting an Azure File share as a local share for web apps. This update enables more flexible and efficient storage solutions for web applications hosted on Azure, streamlining the integration and management of file storage.

Azure Ultra Disk Storage Now Available in Canada East

Azure Ultra Disk Storage, offering high throughput, high IOPS, and consistent low-latency disk storage, is now available in Canada East. Ideal for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads, Ultra Disk Storage enhances Azure Virtual Machines’ performance and capabilities in the region.

Azure NetApp Files Standard Network Features – Edit Volumes in US Gov Regions

Azure has launched a public preview for editing network features of Azure NetApp Files volumes in US Gov regions, leveraging advanced hardware and software integration. This update introduces Standard Network Features, enhancing the virtual networking experience with improved security for Azure NetApp Files. Users can now upgrade Basic network features to Standard, benefiting from increased IP limits, enhanced network security and control, and improved connectivity options. This preview is available across all US Gov regions (VA, TX, & AZ).

General Availability: Support for up to 100 TB of Storage for the FHIR Service

Azure announces general availability for expanded storage support in the FHIR service, part of Azure Health Data Services, up to 100 TB. This enhancement allows for the storage and exchange of vast amounts of health data, facilitating large-scale analytics, population health management, research, and insights from health data. Organizations requiring storage beyond the default 4 TB can request an increase through the Azure portal.

Azure Stack

Azure Stack HCI

Azure Stack HCI 23H2 General Availability

Microsoft has announced the general availability of Azure Stack HCI version 23H2, marking a significant update in cloud-managed edge infrastructure. This version is ready for production . It introduces several previews, including Azure Migrate and Microsoft Defender for Cloud, specifically designed for Azure Stack HCI environments. However, it’s noteworthy that certain features like stretched clustering and System Center VMM support are temporarily unavailable in some regions. The launch of Azure Stack HCI 23H2 represents a leap forward in Microsoft’s edge infrastructure offerings, providing enterprises with robust, scalable solutions for their hybrid cloud environments.

Key Highlights:

  • Production-Ready: Azure Stack HCI 23H2 is now ready for production environments, offering robust and reliable infrastructure solutions.
  • Seamless Update Process: An update from the previous version 22H2 to 23H2 will soon be available, specifically targeting 23H2 clusters to ensure smooth transitions.
  • Enhanced Solutions Availability: The GA version includes premier and integrated solutions, enriching the ecosystem for Azure Stack HCI users.
  • Azure Virtual Desktop (AVD) for Azure Stack HCI: AVD is now generally available, bringing together the advantages of Azure Virtual Desktop and Azure Stack HCI. This combination allows organizations to run virtualized desktops and apps securely, either on-premises at the edge or within data centers.
  • Azure Migrate Integration (Preview): Azure Stack HCI now supports Azure Migrate in preview, facilitating easier migration of workloads to Azure Stack HCI environments.
  • Microsoft Defender for Cloud Integration (Preview): Enhance your security posture with Microsoft Defender for Cloud for Azure Stack HCI, currently in preview.
  • Guidance on Using Version 22H2: It’s recommended to continue using version 22H2 temporarily if:
    1. The service is not available in your region (currently limited to East US and West Europe).
    2. You require stretched clustering support, which is not available in 23H2.
    3. Your setup relies on System Center VMM, not supported by 23H2.

Additional Information:

  • Currently, 3-node switchless deployments are not supported.
  • The GA version includes proxy support for HCI infrastructure, but not yet for VMs.
  • Updates to 23H2 can be performed through the portal on existing preview clusters or by new deployment.
  • With Windows Defender Application Control (WDAC) enabled by default in Azure Stack HCI 23H2, steps may be needed to allow certain applications to run.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in January 2024

This month, Microsoft has introduced a series of significant updates for Azure management services. This is part of a series of monthly articles aimed at providing an in-depth and detailed analysis of the most relevant innovations. The goal is to keep users always informed about the ongoing evolutions of Azure, providing the essential information to explore these developments further.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Support for Azure Monitor VM Insights Dependency Agent for VM Linux RHEL 8.6

The Dependency Agent of Azure Monitor VM Insights is now supported for Linux Red Hat Enterprise Linux (RHEL) 8.6 VMs. This means that the Dependency Agent can be used to monitor network connections and processes of Linux RHEL 8.6 virtual machines and visualize the dependencies between them in the VM Insights Map function.

Integration of Azure Advisor with Azure Monitor Log Analytics Workspace

Azure Advisor is a cloud tool designed to help users follow best practices in optimizing their workloads in Azure. This solution analyzes resource configurations and telemetry data to provide targeted recommendations to improve four key areas: cost efficiency, performance, reliability, and security of Azure resources. Moreover, to support more effective management of Azure Monitor costs, Microsoft has implemented specific cost optimization recommendations and integrated Azure Advisor into the Log Analytics Workspace management interface.

Dedicated clusters in Azure Monitor logs now support different commitment levels

Microsoft has extended the capabilities of dedicated clusters in Azure Monitor Logs, now supporting any level of commitment, starting from a minimum of 100 GB per day. This new feature offers greater flexibility and customization for users who require specific solutions for their monitoring and logging needs. With this expansion, customers have the option to choose the service level that best fits their needs, ensuring more efficient and tailored data management.

Configure

Update management

Azure Update Manager on Azure Arc-enabled servers: new billing rules

From February 2024, Azure Update Manager will start generating consumption for Azure Arc-enabled servers. Azure Update Manager, formerly known as Azure Automation Update Management, has been available since September 2023. Customers who started using the service from that date will not be subject to costs until February 1, 2024.

Starting February 1, 2024, customers using Azure Update Manager on Azure Arc-enabled servers will be billed daily, with a specific rate per server per day, equivalent to about $5 USD per server per month.

An Azure Arc-enabled server is considered managed by Azure Update Manager on days when it meets both of the following conditions:

it has a connection status with Arc at any time of the day; an update operation is performed on it (patch on demand or via scheduled job, evaluation on demand or via periodic assessment) or it is associated with a schedule.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs.This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Preview of the Azure Arc extension for Visual Studio Code

Microsoft has announced the public preview of the Azure Arc extension for Visual Studio Code. This extension allows developers to easily manage Azure Arc resources and services directly from Visual Studio Code. With this integration, developers can expect greater efficiency and simplified workflows, as they will have the ability to access and manage Azure Arc resources without leaving the Visual Studio Code development environment.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • introduction of agentless container posture for GCP in Defender for Containers and Defender CSPM;
  • public preview of agentless malware scanning for servers;
  • integration of Defender for Cloud with Microsoft Defender XDR;
  • DevOps security annotations for Pull Requests enabled by default for Azure DevOps connectors.

Protect

Azure Site Recovery

Support for Azure VMs with Premium SSD v2

Azure Site Recovery now supports Azure VMs equipped with Premium SSD v2. This feature is available as a private preview in selected Azure regions. Premium SSD v2 disks represent Azure’s most advanced block storage solution, ideal for high I/O intensity enterprise workloads, offering sub-millisecond latencies, high IOPS, and throughput. This addition responds to a frequent customer request to be able to use Azure Site Recovery with Azure VMs on Premium SSD v2. Thanks to this feature, customers can ensure greater data security and operational continuity of applications and workloads, even in case of planned or unplanned interruptions.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 03 and 04)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Cloud Services (Classic) Retirement

Microsoft has announced the retirement of its Azure Cloud Services (Classic) deployment model, effective August 31, 2024. This decision marks a significant shift towards more advanced and modern cloud solutions. Users of Azure Cloud Services (Classic) are encouraged to migrate their services to Cloud Services (Extended Support) in Azure Resource Manager, which offers new capabilities and improved efficiency. This transition is vital for maintaining service continuity and accessing enhanced features.

Compute

Automatic Image Creation

Azure has announced the general availability of its Automatic Image Creation service. This feature simplifies the process of creating and managing virtual machine images, allowing for automation and streamlining of deployments. The general availability of this service underscores Azure’s commitment to providing efficient and user-friendly solutions in cloud computing.

Upgrade of Azure Gen1 VMs to Gen2-Trusted Launch (private preview)

Microsoft has announced a private preview that allows users to upgrade their existing Azure Generation 1 (Gen1) virtual machines (VMs) to Generation 2 (Gen2) with Trusted Launch support. This upgrade enhances the foundational security of existing Azure VMs by enabling features like Secure Boot and vTPM capabilities, integral to the Trusted Launch service. Trusted Launch provides a robust security framework for Azure VMs, ensuring boot integrity and protection against advanced threats. The service works by ensuring that only signed operating systems and drivers can boot, establishing a root of trust for the VM software stack. It supports a wide range of compute-optimized, memory-optimized, and storage-optimized VM sizes, as well as multiple operating systems including various versions of Linux and Windows. Notably, this upgrade doesn’t increase existing VM pricing, making it an attractive option for users seeking enhanced security without additional costs.

Networking

Azure Virtual Network Encryption

Microsoft has released the general availability of Azure Virtual Network Encryption, providing an additional layer of security for data in transit. This new feature ensures that data moving within a virtual network is encrypted, enhancing protection against potential threats and unauthorized access. The availability of this feature signifies Microsoft’s ongoing commitment to offering robust security solutions in its cloud services.

Load Balancer in Azure API Management (preview)

Microsoft has introduced a public preview of the Load Balancer in Azure API Management. This feature aims to optimize the distribution of user requests across various servers, ensuring efficient resource utilization and improved response times. The introduction of this load balancer in the preview phase allows users to test and provide feedback, helping Microsoft enhance the feature before its full-scale release.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (January 2024 – Weeks: 01 and 02)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Customer-Managed Keys for Azure NetApp Files volume encryption

Azure NetApp Files now supports customer-managed keys for volume encryption, enhancing data security and control. This feature allows users to manage their encryption keys, providing an additional layer of security for sensitive data stored in the cloud. The integration of customer-managed keys with Azure NetApp Files ensures that data encryption aligns with organizational policies and regulatory requirements, offering a secure and compliant storage solution.

Premium SSD v2 and Ultra Disks support with Trusted Launch

Azure introduces the general availability of Premium SSD v2 and Ultra disks support for Trusted Launch virtual machines. This integration enhances security and performance for Azure virtual machines. Trusted Launch provides foundational security with features like Secure Boot and vTPM, protecting against advanced threats. The Ultra disks offer high-performance storage ideal for data-intensive workloads, while Premium SSD v2 disks provide a cost-effective solution for a broad range of enterprise applications.

Zone Redundant Storage for Azure Disks in more regions

Azure has expanded the availability of Zone Redundant Storage (ZRS) for Azure Disk Storage. Now available in West US3 and Germany West Central regions, ZRS enables synchronous data replication across three availability zones. This feature enhances data resilience and application uptime by mitigating the impact of zonal failures. ZRS is compatible with Azure Premium SSDs and Standard SSDs, ensuring high availability for critical workloads.

Azure Ultra Disk Storage Now Available in UK West and Poland Central

Azure has expanded its Ultra Disk Storage to the UK West and Poland Central regions, offering high throughput, high IOPS, and consistent low-latency disk storage. Azure Ultra Disk Storage is ideal for handling data-intensive workloads like SAP HANA, top-tier databases, and transaction-heavy processes. This expansion provides users in these regions with access to Azure’s most advanced storage solutions, optimizing performance for critical applications.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in December 2023

This month, Microsoft introduced a series of significant updates to the Azure management services. Through this series of monthly articles, the aim is to offer an overview of the most relevant news. The goal is to keep you constantly informed about these developments, providing you with the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Configure

Azure Automation

Retirement of Azure Automation Services – August 31, 2024

Microsoft has announced that on August 31, 2024, two services in Azure Automation will be retired: the Update Management service and the Change Tracking and Inventory service, both using the Log Analytics agent.

  1. Retirement of the Azure Automation Update Management service: This service, currently used for update management and system maintenance, will no longer be available after August 31, 2024. Users are encouraged to migrate to alternative solutions offered by Azure to maintain effectiveness in managing their system updates.
  2. Retirement of the Change Tracking and Inventory service with Log Analytics Agent: Similarly, the Change Tracking and Inventory service, which utilizes the Log Analytics agent in Azure Automation, will end its operations on the same date. Customers are invited to explore and adopt other solutions provided by Azure to effectively manage change tracking and inventory management of IT resources.

Microsoft urges its users to take timely action to ensure a smooth transition to the new proposed solutions, thus ensuring continuity and efficiency in managing their IT infrastructures.

Govern

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly looking for innovative ways to enhance Microsoft Cost Management, their solution designed to provide greater transparency on cloud costs, identify and prevent inefficient spending patterns, and optimize overall costs. During 2023, numerous improvements and significant updates have been implemented to this solution. These updates aim to make Microsoft Cost Management even more effective in providing its users with the information and tools necessary to manage cloud expenses more efficiently and consciously.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, and improvements are introduced on an ongoing basis. To stay up-to-date on the most recent developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Defender for Servers at the resource level: it is now possible to manage Defender for Servers on specific resources within one’s subscription, allowing full control over the protection strategy. This capability allows for configuring specific resources with custom settings different from those configured at the subscription level.
  • Retirement of the classic multi-cloud connectors: the experience of the classic multi-cloud connectors has been retired, and data is no longer transmitted to connectors created through that mechanism. The new native multi-cloud connectors, available for AWS and GCP since March 2022 without additional costs, completely replace the value of these classic connectors.
  • Release of the coverage workbook: this tool allows monitoring which Defender for Cloud plans are active on which parts of the environment, helping to ensure complete protection of environments and subscriptions.
  • Vulnerability assessment for Container Images in Azure Government and Azure managed by 21Vianet: vulnerability assessment for Linux container images in Azure is now also available in Azure Government and Azure managed by 21Vianet.
  • Support for Windows in the Container Vulnerability Assessment (preview): support for Windows images has been released in public preview as part of the vulnerability assessment for Azure and Azure Kubernetes Services container registries.
  • Agentless container security posture for AWS in Defender for Containers and Defender CSPM (preview): the new agentless capabilities of container security posture are now available for AWS.
  • Support for PostgreSQL Flexible Server in the Defender plan for open-source relational databases: Microsoft has announced support for PostgreSQL Flexible Server in the Microsoft Defender plan for open-source relational databases.

Protect

Azure Backup

Crash Consistent Multi-Disk VM Restore Points

Microsoft recently announced the introduction of support for the ‘Crash Consistent’ multi-disk mode in virtual machine (VM) restore points. This feature provides an agentless solution that captures and preserves both the VM configuration and write- and timing-consistent snapshots for all managed disks connected to the VM. The captured state is equivalent to that of the data present in the VM in the event of a power outage or system crash. This innovation aims to significantly improve reliability and data management in Azure infrastructures.

Azure Site Recovery

New Update Rollup

Update Rollup 70 has been released for Azure Site Recovery. This update brings significant improvements in terms of functionality and service stability, consolidating Azure Site Recovery’s position as a reliable solution for disaster recovery. The related details and the procedure to follow for installation can be found in the specific KB.

Migrate

Azure Migrate

‘As on-premises’ in Azure Migrate SQL Discovery and Assessment (preview)

Azure Migrate has introduced the new ‘As on-premises’ sizing policy for SQL instance assessments. This feature allows for quick and accurate analysis of SQL instances identified by the Azure Migrate appliance. The ‘As on-premises’ policy is based on the source SQL instance configuration to provide appropriate sizing recommendations for the target Azure SQL service. Additionally, if performance data is available, an assessment can be carried out based on these performances to obtain customized SKU recommendations for the source workload on Azure. In cases where performance data is not available for some specific instances, the ‘As on-premises’ sizing is employed to ensure precise and reliable target sizing.

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 51 and 52)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This release marks the final update for the year 2023, and I take this opportunity to wish everyone the best for the upcoming year 2024!

Azure

General

Microsoft Cloud for Sovereignty

Microsoft has announced the general availability of Microsoft Cloud for Sovereignty, a significant advancement in cloud technology for government agencies. This new offering is designed to meet the unique compliance, security, and policy requirements of governments while leveraging cloud capabilities to deliver enhanced value to citizens.

Key Highlights:

  • Compliance and Security: Microsoft Cloud for Sovereignty is built on over 60 cloud regions, providing industry-leading cybersecurity and the broadest compliance coverage. It enables governments to implement policies that align with national or regional data residency requirements.
  • Sovereign Controls: The platform offers sovereign controls to protect and encrypt sensitive data. This includes sovereign landing zones and Azure Confidential Computing, which secures data in memory in hardware-based trusted execution environments.
  • Policy Initiatives: Governments can adopt sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements. This includes the Azure Cloud Security Benchmark and Sovereignty Policy Baseline, among others.

New Capabilities:

  • Drift Analysis Tool: Identifies non-compliant settings and helps maintain policy compliance.
  • Transparency Logs: Provides visibility into instances where Microsoft engineers access customer resources.
  • Configuration Tools in Azure Portal: Simplifies the creation of sovereign landing zones.

This development marks a significant step in enabling governments to harness the power of cloud technology while maintaining strict control over data sovereignty and regulatory compliance.

Compute

Red Hat Enterprise Linux 8.9 on Azure Virtual Machines

Azure now supports Red Hat Enterprise Linux (RHEL) 8.9 on its Virtual Machines, marking the latest minor release of RHEL 8. This version offers enhanced stability, security, and performance for production environments. Key features include streamlined deployment and migration options, new metrics in the performance co-pilot, and new Application Streams for Node.js 20, Java-21, and compiler toolkits. RHEL 8.9’s release emphasizes Azure’s commitment to providing a versatile and efficient operating environment for varied infrastructures.

Networking

Security Update for Azure Front Door WAF CVE-2023-50164

Azure has deployed a new managed rule for its global Web Application Firewall (WAF) customers to address the security vulnerability CVE-2023-50164. This update is crucial for applications potentially impacted by this vulnerability. The fix has been implemented in the ruleset versions 2.1, 2.0, and earlier. The rule, identified as ID 99001017 in the MS-ThreatIntel-CVEs Rule Group, is initially set to ‘Disabled’ with an ‘Anomaly Score’ action, and users are advised to enable it if their application is vulnerable. This update underscores Azure’s commitment to providing robust security for web applications.

Security Update for Application Gateway WAF CVE-2023-50164

Azure has announced the general availability of a security update for the Application Gateway WAF to address the CVE-2023-50164 vulnerability. This update is vital for regional WAF customers to safeguard their applications. The update includes changes to the Default Ruleset (DRS) and Core Ruleset (CRS), with the rule ID 99001017 now set to ‘Enabled’ and ‘Log’ action. It’s important to note that the ‘Anomaly Score’ action is not supported for this rule, and users with older WAFs running CRS 3.1 should upgrade to enable ‘Block’ mode.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 49 and 50)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Support Plan offer extended

Microsoft Azure has announced an extension of its Azure Support offer. Starting from January 1, 2024, all new and renewing Azure customers who purchase an Enterprise Agreement (EA or EES) or are part of the field-led Microsoft Customer Agreement (MCA) will receive free Azure Standard support. This promotion, designed to assist customers in their cloud journey, will be available until June 30, 2024, at no additional charge. The offer aims to provide an extra level of access to expert technical support, enhancing the Azure experience for enterprise customers. Existing customers will automatically benefit from this offer, with no additional action required. The terms of the promotion can be viewed on the Azure website, with updates to be visible from January 1, 2024.

Compute

Intel TDX based confidential VMs now available in Azure (preview)

Microsoft Azure has introduced the public preview of DCesv5 and ECesv5-series confidential virtual machines (VMs), marking a significant advancement in cloud computing security. These VMs, powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX), are now accessible through the Azure portal, Azure CLI, and ARM templates. This development enables organizations to bring confidential workloads to the cloud without necessitating code changes to applications. Initially available in select regions including Europe West, Central US, and East US 2, these VMs represent a leap forward in Azure’s confidential computing capabilities. The introduction of these VMs underscores Azure’s commitment to providing secure and innovative cloud solutions.

Networking

Delaying domain Front Block on Azure Front Door and CDN Services

Microsoft Azure has announced the postponement of the enforcement of blocking domain fronting on Azure Front Door and Azure CDN Standard from Microsoft (classic) to January 22, 2024. This decision, influenced by customer feedback, aims to provide additional time for users to adapt to the upcoming changes. Azure plans to introduce two log fields, “SNI” and “Result,” by December 25, 2023, to assist customers in identifying domain fronting behavior in their resources. The enforcement of this block is intended to enhance security by preventing traffic that attempts to bypass domain fronting checks. It’s important to note that this change will not affect regular users accessing the service through compliant browsers, APIs, SDKs, etc., and is focused on enhancing the security of Azure’s network services.

Storage

Azure File Sync agent v17 release: enhanced performance and expanded features

Microsoft has announced the release of Azure File Sync agent v17, now in flighting and accessible on the Microsoft Update Catalog. This latest update introduces significant improvements and fixes, enhancing the overall performance and functionality of Azure File Sync. Key enhancements include:

  • Sync Upload performance improvements: users will experience notable improvements in sync upload performance, especially beneficial during file share migrations and high churn events where a large number of files need uploading.

  • Expanded character support for file and directory names: the update extends the list of supported characters for file and directory names in SMB File shares, aligning with the NTFS file system’s capabilities for valid Unicode characters. This expansion allows for greater flexibility in naming conventions.

  • New Cloud Tiering low disk space mode metric: a new feature enables users to configure alerts for servers in low disk space mode, enhancing monitoring capabilities.

  • Resolved agent update issue: the update addresses and resolves a previous issue where the agent update process would hang, improving reliability.

  • Miscellaneous reliability and telemetry improvements: the release also includes various enhancements for cloud tiering and sync, focusing on reliability and telemetry.

Additional Release Information:

  • The v17 release is compatible with Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.
  • Windows Server 2012 R2 users must have .NET Framework version 4.6.2 or higher.
  • The agent version for this release is 17.0.0.0.

For installation instructions and further details, users can refer to KB5023053 in the Microsoft knowledge base. This release marks a significant step forward in the Azure File Sync service, offering enhanced performance and expanded capabilities to users.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Stack HCI: the continuously evolving Hyper-Converged solution – December 2023 Edition

In the rapidly evolving current technological landscape, the need for flexible and scalable IT infrastructures has never been more pressing. Azure Stack HCI emerges as a response to this need, offering a hyper-converged (HCI) solution that enables the execution of workloads in on-premises environments while maintaining a strategic connection with various services offered by Azure. Azure Stack HCI is not just a hyper-converged solution, but is also a strategic component of the Azure services ecosystem, designed to integrate and amplify the capabilities of existing IT infrastructure.

As part of Azure’s hybrid offering, Azure Stack HCI is constantly evolving, adapting to the changing needs of the market and user expectations. The recent wave of innovations announced by Microsoft testifies to the company’s commitment not only to maintaining but also improving its position as a leader in the HCI solutions sector. These new features, which will be explored in detail in this article, promise to open new paths for the adoption of Azure Stack HCI, significantly improving the management of hybrid infrastructures and offering new opportunities to optimize the on-premises environment.

The lifecycle of updates and upgrades of Azure Stack HCI

A fundamental aspect of Azure Stack HCI is its predictable and manageable upgrade and update experience. Microsoft’s strategy for Azure Stack HCI updates is designed to ensure both security and continuous innovation of the solution. Here’s how it works:

  • Monthly quality and security updates: Microsoft regularly releases monthly updates focused on quality and security. These updates are essential to maintain the integrity and reliability of the Azure Stack HCI environment.
  • Annual feature updates: in addition to monthly updates, an annual feature update is released. These annual updates aim to improve and enrich the capabilities of Azure Stack HCI with new features and optimizations.
  • Timing for installing updates: to keep the Azure Stack HCI service in a supported state, users have up to six months to install updates. However, it is recommended to install updates as soon as they are released to ensure maximum efficiency and security of the system.
  • Support from Microsoft’s Hardware Partners: Microsoft’s hardware solution partners support Azure Stack HCI’s “Integrated Systems” and “Validated Nodes” with hardware support services, security updates, and assistance, for at least five years.

In addition to these established practices, during Microsoft Ignite 2023, a significant new development was announced: the public preview of Azure Stack HCI version 23H2. This latest version represents an important step in the evolution of Azure Stack HCI. The final version of this updated solution will be released in early 2024, slightly behind the planned release cycle. This delay is attributable to significant changes made to the solution, aimed at further improving the capabilities and performance of Azure Stack HCI. Initially, Azure Stack HCI version 23H2 will be available exclusively for new installations. Over the course of the year, it is expected that most users currently on Azure Stack HCI version 22H2 will have the opportunity to upgrade their clusters to the new version 23H2.

Figure 1 – Azure Stack HCI update release cycles

Activation and management of different workloads

Modern organizations often find themselves managing a wide range of applications: some based on containers, others on virtual machines (VMs), some running in the cloud, others in edge environments. Thanks to Azure Arc and an adaptive approach to the cloud, it’s possible to use common tools and implement uniform operational practices for all workloads, regardless of where they are executed. The 23H2 version of Azure Stack HCI provides all the necessary Azure Arc infrastructure, automatically configured as part of the cluster deployment, including the Arc Resource Bridge and other management agents and components. This means that, from the start, it’s possible to begin deploying Arc-enabled virtual machines, Azure Kubernetes Service clusters, and Azure Virtual Desktop session hosts.

Virtual Machines

The 23H2 version of Azure Stack HCI offers the ability to activate general-purpose VMs with flexible sizing and configuration options to meet the needs of different applications. Users can use their own custom Linux or Windows images or conveniently access those available in the Azure Marketplace. When creating a new virtual machine (VM) using the Azure portal, the Command Line Interface (CLI), or an ARM template, it is automatically equipped with the Connected Machine Agent. This includes the integration of extensions like Microsoft Defender, Azure Monitor, and Custom Script, thus ensuring uniform and integrated management of all machines, both in the cloud and at the edge.

Azure Kubernetes Service

The 23H2 version of Azure Stack HCI offers the Azure Kubernetes Service, a managed Kubernetes solution that operates in a local environment. The Azure Kubernetes Service is automatically configured as part of the Azure Stack HCI deployment and includes everything needed to start deploying container-based workloads. The Azure Kubernetes Service runs its control plane in the same Arc Resource Bridge as the general-purpose VMs and uses the same storage paths and logical networks. Each new Kubernetes cluster deployed via the Azure portal, CLI, or an ARM template is automatically configured with Azure Arc Kubernetes agents inside to enable extensions such as Microsoft Defender, Azure Monitor, and GitOps for application deployment and CI/CD.

Azure Virtual Desktop for Azure Stack HCI (Preview)

The 23H2 version of Azure Stack HCI has been optimized to support the deployment of virtualized desktops and applications. Azure Virtual Desktop, a Microsoft-managed desktop virtualization service with centralized control in the cloud, offers the experience and compatibility of Windows 11 and Windows 10. This service is distinguished by its multi-session capability, which increases efficiency and reduces costs. With Azure Virtual Desktop integrated into Azure Stack HCI, it is possible to position desktops and apps (session hosts) closer to end-users to reduce latency, and there is also the option for GPU acceleration. The 23H2 version introduces an updated public preview that offers provisioning of host pools directly from the Azure portal, simpler guest operating system activation, and updated Marketplace images with pre-installed Microsoft 365 apps. Microsoft will soon share more information on timings and pricing for general availability.

Advanced security

The increase in applications and infrastructures in edge environments requires organizations to adopt advanced security measures to keep pace with increasingly sophisticated threats from attackers. The 23H2 version of Azure Stack HCI facilitates this process with advanced security settings enabled by default, such as native integration with Microsoft Defender for Cloud and the option to protect virtual machines with Trusted Launch.

Integrated and Default-Enabled Security

The new 23H2 version of Azure Stack HCI presents a significantly strengthened security posture. Leveraging the foundations of Secured Core Server, over 300 settings in the hypervisor, storage system, and network stack are pre-configured following Microsoft’s recommendations. This covers 100% of the applicable settings in the Azure security baseline, doubling the security measures compared to the previous version 22H2. Any deviations from the settings are detected and automatically corrected to maintain the desired security posture over time. For enhanced protection against malware and ransomware, application control is activated by default, using a base policy provided by Microsoft.

Integration with Microsoft Defender for Cloud

In Microsoft Defender for Cloud, in addition to workload protection for Kubernetes clusters and VMs, new integrated security recommendations provide coverage for the Azure Stack HCI infrastructure as part of the Cloud Security Posture Management plan. For example, if the hardware is not set up for Secure Boot, if clustered storage volumes are not encrypted, or if application control is not activated, these issues will be highlighted in the Microsoft Defender for Cloud portal. Furthermore, it is possible to easily view the security status of host clusters, nodes, and workloads in a unified view. This greatly improves the ability to control and correct the security posture efficiently on a large scale, making it suitable for environments ranging from a limited number to hundreds of locations.

Trusted launch for Azure Arc-Enabled Virtual Machines

Trusted launch is a security feature designed to protect virtual machines (VMs) from direct attacks on firmware and bootloaders. Initially available only in Azure’s cloud, it has now been extended to the edge with Azure Stack HCI version 23H2. When creating an Azure Arc-enabled VM, this security option can be selected using the Azure portal, the Command Line Interface (CLI), or an ARM template. Trusted launch provides VMs with a virtual Trusted Platform Module (TPM), useful for the secure storage of keys, certificates, and secrets. Additionally, Secure Boot is enabled by default. VMs using Trusted launch also support automatic failover and live migration, transparently maintaining the state of the vTPM when moving the VM between cluster nodes. This implementation represents a significant step towards introducing confidential computing into edge computing.

Innovations in edge management

Sectors like retail, manufacturing, and healthcare often face the challenge of managing physical operations across multiple locations. In fact, integrating new technologies in places such as stores, factories, or clinics can become a complex and costly process. In this context, an edge infrastructure that can be rapidly deployed and centrally managed becomes a decisive competitive advantage. Tools enhanced with artificial intelligence, capable of scaling to thousands of resources, offer unprecedented operational efficiency.

With the 23H2 version of Azure Stack HCI, fundamental lifecycle operations such as deployment, patching, configuration, and monitoring are entirely managed from the cloud. This significantly reduces the need for on-site tools and personnel, making it easier to manage edge infrastructures.

Cloud-based Deployment

The 23H2 version of Azure Stack HCI simplifies large-scale deployment. At edge sites, once new machines arrive with the operating system pre-installed, local staff can simply connect them and establish the initial connection with Azure Arc. From that point on, the entire infrastructure, including clusters, storage, and network configuration, is deployed from the cloud. This minimizes the time and effort required on-site. Using the Azure portal, it’s possible to create an Azure Stack HCI cluster or scale it with a reusable Azure Resource Manager (ARM) template, with unique parameters for each location. This infrastructure-as-code approach ensures consistent configuration of Azure Stack HCI on a large scale.

Cloud-based update management

Keeping the system up to date is now simpler. The 23H2 version introduces the new Lifecycle Manager, which organizes all applicable updates into a single monthly package, covering the operating system, agents, services, and even drivers and firmware for participating hardware solutions. Lifecycle Manager ensures that the cluster always runs a combination of software validated by Microsoft and its partners, reducing the risk of problems or incompatibility. Update management for Azure Stack HCI clusters is integrated with Azure Update Manager, providing a unified tool for all machines across the cloud and edge.

Cloud-based monitoring

Azure Monitor provides an integrated and comprehensive view for applications and infrastructure, covering both cloud and on-premises environments. This now includes logs, metrics, and alert coverage for Azure Stack HCI version 23H2. Over 60 standard metrics are available, including CPU and memory usage, storage performance, network bandwidth, and more. Azure Stack HCI health issues, such as a failed disk or a misconfigured network port, are reported as new platform alerts, customizable to trigger notifications or actions. Additionally, Azure Monitor Insights, powered by Data Collection Rules and Workbooks, provides pre-configured views to help administrators monitor specific features, such as storage deduplication and compression.

Useful references

For all the details regarding the 23H2 version of Azure Stack HCI, you can consult the official Microsoft documentation.

Conclusions

Azure Stack HCI represents a milestone in the landscape of IT infrastructures, offering a robust, scalable, and secure solution for organizations navigating today’s complex technological ecosystem. With its approach, Azure Stack HCI effectively adapts to the needs of hybrid infrastructures, enabling seamless integration between on-premises environments and the Azure cloud. Its advanced features, such as optimized workload management, cutting-edge security, and ease of edge system management, not only meet current challenges but also open new possibilities for future innovation. The constant updating of its capabilities, highlighted by the 23H2 version, demonstrates Microsoft’s commitment to keeping pace with the evolving market needs and user expectations. Azure Stack HCI is not just a solution for current needs but a strategic investment to bring cloud innovation into one’s on-premises environment.