Category Archives: Datacenter Management

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 51 and 52)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This release marks the final update for the year 2023, and I take this opportunity to wish everyone the best for the upcoming year 2024!

Azure

General

Microsoft Cloud for Sovereignty

Microsoft has announced the general availability of Microsoft Cloud for Sovereignty, a significant advancement in cloud technology for government agencies. This new offering is designed to meet the unique compliance, security, and policy requirements of governments while leveraging cloud capabilities to deliver enhanced value to citizens.

Key Highlights:

  • Compliance and Security: Microsoft Cloud for Sovereignty is built on over 60 cloud regions, providing industry-leading cybersecurity and the broadest compliance coverage. It enables governments to implement policies that align with national or regional data residency requirements.
  • Sovereign Controls: The platform offers sovereign controls to protect and encrypt sensitive data. This includes sovereign landing zones and Azure Confidential Computing, which secures data in memory in hardware-based trusted execution environments.
  • Policy Initiatives: Governments can adopt sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements. This includes the Azure Cloud Security Benchmark and Sovereignty Policy Baseline, among others.

New Capabilities:

  • Drift Analysis Tool: Identifies non-compliant settings and helps maintain policy compliance.
  • Transparency Logs: Provides visibility into instances where Microsoft engineers access customer resources.
  • Configuration Tools in Azure Portal: Simplifies the creation of sovereign landing zones.

This development marks a significant step in enabling governments to harness the power of cloud technology while maintaining strict control over data sovereignty and regulatory compliance.

Compute

Red Hat Enterprise Linux 8.9 on Azure Virtual Machines

Azure now supports Red Hat Enterprise Linux (RHEL) 8.9 on its Virtual Machines, marking the latest minor release of RHEL 8. This version offers enhanced stability, security, and performance for production environments. Key features include streamlined deployment and migration options, new metrics in the performance co-pilot, and new Application Streams for Node.js 20, Java-21, and compiler toolkits. RHEL 8.9’s release emphasizes Azure’s commitment to providing a versatile and efficient operating environment for varied infrastructures.

Networking

Security Update for Azure Front Door WAF CVE-2023-50164

Azure has deployed a new managed rule for its global Web Application Firewall (WAF) customers to address the security vulnerability CVE-2023-50164. This update is crucial for applications potentially impacted by this vulnerability. The fix has been implemented in the ruleset versions 2.1, 2.0, and earlier. The rule, identified as ID 99001017 in the MS-ThreatIntel-CVEs Rule Group, is initially set to ‘Disabled’ with an ‘Anomaly Score’ action, and users are advised to enable it if their application is vulnerable. This update underscores Azure’s commitment to providing robust security for web applications.

Security Update for Application Gateway WAF CVE-2023-50164

Azure has announced the general availability of a security update for the Application Gateway WAF to address the CVE-2023-50164 vulnerability. This update is vital for regional WAF customers to safeguard their applications. The update includes changes to the Default Ruleset (DRS) and Core Ruleset (CRS), with the rule ID 99001017 now set to ‘Enabled’ and ‘Log’ action. It’s important to note that the ‘Anomaly Score’ action is not supported for this rule, and users with older WAFs running CRS 3.1 should upgrade to enable ‘Block’ mode.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 49 and 50)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Support Plan offer extended

Microsoft Azure has announced an extension of its Azure Support offer. Starting from January 1, 2024, all new and renewing Azure customers who purchase an Enterprise Agreement (EA or EES) or are part of the field-led Microsoft Customer Agreement (MCA) will receive free Azure Standard support. This promotion, designed to assist customers in their cloud journey, will be available until June 30, 2024, at no additional charge. The offer aims to provide an extra level of access to expert technical support, enhancing the Azure experience for enterprise customers. Existing customers will automatically benefit from this offer, with no additional action required. The terms of the promotion can be viewed on the Azure website, with updates to be visible from January 1, 2024.

Compute

Intel TDX based confidential VMs now available in Azure (preview)

Microsoft Azure has introduced the public preview of DCesv5 and ECesv5-series confidential virtual machines (VMs), marking a significant advancement in cloud computing security. These VMs, powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX), are now accessible through the Azure portal, Azure CLI, and ARM templates. This development enables organizations to bring confidential workloads to the cloud without necessitating code changes to applications. Initially available in select regions including Europe West, Central US, and East US 2, these VMs represent a leap forward in Azure’s confidential computing capabilities. The introduction of these VMs underscores Azure’s commitment to providing secure and innovative cloud solutions.

Networking

Delaying domain Front Block on Azure Front Door and CDN Services

Microsoft Azure has announced the postponement of the enforcement of blocking domain fronting on Azure Front Door and Azure CDN Standard from Microsoft (classic) to January 22, 2024. This decision, influenced by customer feedback, aims to provide additional time for users to adapt to the upcoming changes. Azure plans to introduce two log fields, “SNI” and “Result,” by December 25, 2023, to assist customers in identifying domain fronting behavior in their resources. The enforcement of this block is intended to enhance security by preventing traffic that attempts to bypass domain fronting checks. It’s important to note that this change will not affect regular users accessing the service through compliant browsers, APIs, SDKs, etc., and is focused on enhancing the security of Azure’s network services.

Storage

Azure File Sync agent v17 release: enhanced performance and expanded features

Microsoft has announced the release of Azure File Sync agent v17, now in flighting and accessible on the Microsoft Update Catalog. This latest update introduces significant improvements and fixes, enhancing the overall performance and functionality of Azure File Sync. Key enhancements include:

  • Sync Upload performance improvements: users will experience notable improvements in sync upload performance, especially beneficial during file share migrations and high churn events where a large number of files need uploading.

  • Expanded character support for file and directory names: the update extends the list of supported characters for file and directory names in SMB File shares, aligning with the NTFS file system’s capabilities for valid Unicode characters. This expansion allows for greater flexibility in naming conventions.

  • New Cloud Tiering low disk space mode metric: a new feature enables users to configure alerts for servers in low disk space mode, enhancing monitoring capabilities.

  • Resolved agent update issue: the update addresses and resolves a previous issue where the agent update process would hang, improving reliability.

  • Miscellaneous reliability and telemetry improvements: the release also includes various enhancements for cloud tiering and sync, focusing on reliability and telemetry.

Additional Release Information:

  • The v17 release is compatible with Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.
  • Windows Server 2012 R2 users must have .NET Framework version 4.6.2 or higher.
  • The agent version for this release is 17.0.0.0.

For installation instructions and further details, users can refer to KB5023053 in the Microsoft knowledge base. This release marks a significant step forward in the Azure File Sync service, offering enhanced performance and expanded capabilities to users.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Stack HCI: the continuously evolving Hyper-Converged solution – December 2023 Edition

In the rapidly evolving current technological landscape, the need for flexible and scalable IT infrastructures has never been more pressing. Azure Stack HCI emerges as a response to this need, offering a hyper-converged (HCI) solution that enables the execution of workloads in on-premises environments while maintaining a strategic connection with various services offered by Azure. Azure Stack HCI is not just a hyper-converged solution, but is also a strategic component of the Azure services ecosystem, designed to integrate and amplify the capabilities of existing IT infrastructure.

As part of Azure’s hybrid offering, Azure Stack HCI is constantly evolving, adapting to the changing needs of the market and user expectations. The recent wave of innovations announced by Microsoft testifies to the company’s commitment not only to maintaining but also improving its position as a leader in the HCI solutions sector. These new features, which will be explored in detail in this article, promise to open new paths for the adoption of Azure Stack HCI, significantly improving the management of hybrid infrastructures and offering new opportunities to optimize the on-premises environment.

The lifecycle of updates and upgrades of Azure Stack HCI

A fundamental aspect of Azure Stack HCI is its predictable and manageable upgrade and update experience. Microsoft’s strategy for Azure Stack HCI updates is designed to ensure both security and continuous innovation of the solution. Here’s how it works:

  • Monthly quality and security updates: Microsoft regularly releases monthly updates focused on quality and security. These updates are essential to maintain the integrity and reliability of the Azure Stack HCI environment.
  • Annual feature updates: in addition to monthly updates, an annual feature update is released. These annual updates aim to improve and enrich the capabilities of Azure Stack HCI with new features and optimizations.
  • Timing for installing updates: to keep the Azure Stack HCI service in a supported state, users have up to six months to install updates. However, it is recommended to install updates as soon as they are released to ensure maximum efficiency and security of the system.
  • Support from Microsoft’s Hardware Partners: Microsoft’s hardware solution partners support Azure Stack HCI’s “Integrated Systems” and “Validated Nodes” with hardware support services, security updates, and assistance, for at least five years.

In addition to these established practices, during Microsoft Ignite 2023, a significant new development was announced: the public preview of Azure Stack HCI version 23H2. This latest version represents an important step in the evolution of Azure Stack HCI. The final version of this updated solution will be released in early 2024, slightly behind the planned release cycle. This delay is attributable to significant changes made to the solution, aimed at further improving the capabilities and performance of Azure Stack HCI. Initially, Azure Stack HCI version 23H2 will be available exclusively for new installations. Over the course of the year, it is expected that most users currently on Azure Stack HCI version 22H2 will have the opportunity to upgrade their clusters to the new version 23H2.

Figure 1 – Azure Stack HCI update release cycles

Activation and management of different workloads

Modern organizations often find themselves managing a wide range of applications: some based on containers, others on virtual machines (VMs), some running in the cloud, others in edge environments. Thanks to Azure Arc and an adaptive approach to the cloud, it’s possible to use common tools and implement uniform operational practices for all workloads, regardless of where they are executed. The 23H2 version of Azure Stack HCI provides all the necessary Azure Arc infrastructure, automatically configured as part of the cluster deployment, including the Arc Resource Bridge and other management agents and components. This means that, from the start, it’s possible to begin deploying Arc-enabled virtual machines, Azure Kubernetes Service clusters, and Azure Virtual Desktop session hosts.

Virtual Machines

The 23H2 version of Azure Stack HCI offers the ability to activate general-purpose VMs with flexible sizing and configuration options to meet the needs of different applications. Users can use their own custom Linux or Windows images or conveniently access those available in the Azure Marketplace. When creating a new virtual machine (VM) using the Azure portal, the Command Line Interface (CLI), or an ARM template, it is automatically equipped with the Connected Machine Agent. This includes the integration of extensions like Microsoft Defender, Azure Monitor, and Custom Script, thus ensuring uniform and integrated management of all machines, both in the cloud and at the edge.

Azure Kubernetes Service

The 23H2 version of Azure Stack HCI offers the Azure Kubernetes Service, a managed Kubernetes solution that operates in a local environment. The Azure Kubernetes Service is automatically configured as part of the Azure Stack HCI deployment and includes everything needed to start deploying container-based workloads. The Azure Kubernetes Service runs its control plane in the same Arc Resource Bridge as the general-purpose VMs and uses the same storage paths and logical networks. Each new Kubernetes cluster deployed via the Azure portal, CLI, or an ARM template is automatically configured with Azure Arc Kubernetes agents inside to enable extensions such as Microsoft Defender, Azure Monitor, and GitOps for application deployment and CI/CD.

Azure Virtual Desktop for Azure Stack HCI (Preview)

The 23H2 version of Azure Stack HCI has been optimized to support the deployment of virtualized desktops and applications. Azure Virtual Desktop, a Microsoft-managed desktop virtualization service with centralized control in the cloud, offers the experience and compatibility of Windows 11 and Windows 10. This service is distinguished by its multi-session capability, which increases efficiency and reduces costs. With Azure Virtual Desktop integrated into Azure Stack HCI, it is possible to position desktops and apps (session hosts) closer to end-users to reduce latency, and there is also the option for GPU acceleration. The 23H2 version introduces an updated public preview that offers provisioning of host pools directly from the Azure portal, simpler guest operating system activation, and updated Marketplace images with pre-installed Microsoft 365 apps. Microsoft will soon share more information on timings and pricing for general availability.

Advanced security

The increase in applications and infrastructures in edge environments requires organizations to adopt advanced security measures to keep pace with increasingly sophisticated threats from attackers. The 23H2 version of Azure Stack HCI facilitates this process with advanced security settings enabled by default, such as native integration with Microsoft Defender for Cloud and the option to protect virtual machines with Trusted Launch.

Integrated and Default-Enabled Security

The new 23H2 version of Azure Stack HCI presents a significantly strengthened security posture. Leveraging the foundations of Secured Core Server, over 300 settings in the hypervisor, storage system, and network stack are pre-configured following Microsoft’s recommendations. This covers 100% of the applicable settings in the Azure security baseline, doubling the security measures compared to the previous version 22H2. Any deviations from the settings are detected and automatically corrected to maintain the desired security posture over time. For enhanced protection against malware and ransomware, application control is activated by default, using a base policy provided by Microsoft.

Integration with Microsoft Defender for Cloud

In Microsoft Defender for Cloud, in addition to workload protection for Kubernetes clusters and VMs, new integrated security recommendations provide coverage for the Azure Stack HCI infrastructure as part of the Cloud Security Posture Management plan. For example, if the hardware is not set up for Secure Boot, if clustered storage volumes are not encrypted, or if application control is not activated, these issues will be highlighted in the Microsoft Defender for Cloud portal. Furthermore, it is possible to easily view the security status of host clusters, nodes, and workloads in a unified view. This greatly improves the ability to control and correct the security posture efficiently on a large scale, making it suitable for environments ranging from a limited number to hundreds of locations.

Trusted launch for Azure Arc-Enabled Virtual Machines

Trusted launch is a security feature designed to protect virtual machines (VMs) from direct attacks on firmware and bootloaders. Initially available only in Azure’s cloud, it has now been extended to the edge with Azure Stack HCI version 23H2. When creating an Azure Arc-enabled VM, this security option can be selected using the Azure portal, the Command Line Interface (CLI), or an ARM template. Trusted launch provides VMs with a virtual Trusted Platform Module (TPM), useful for the secure storage of keys, certificates, and secrets. Additionally, Secure Boot is enabled by default. VMs using Trusted launch also support automatic failover and live migration, transparently maintaining the state of the vTPM when moving the VM between cluster nodes. This implementation represents a significant step towards introducing confidential computing into edge computing.

Innovations in edge management

Sectors like retail, manufacturing, and healthcare often face the challenge of managing physical operations across multiple locations. In fact, integrating new technologies in places such as stores, factories, or clinics can become a complex and costly process. In this context, an edge infrastructure that can be rapidly deployed and centrally managed becomes a decisive competitive advantage. Tools enhanced with artificial intelligence, capable of scaling to thousands of resources, offer unprecedented operational efficiency.

With the 23H2 version of Azure Stack HCI, fundamental lifecycle operations such as deployment, patching, configuration, and monitoring are entirely managed from the cloud. This significantly reduces the need for on-site tools and personnel, making it easier to manage edge infrastructures.

Cloud-based Deployment

The 23H2 version of Azure Stack HCI simplifies large-scale deployment. At edge sites, once new machines arrive with the operating system pre-installed, local staff can simply connect them and establish the initial connection with Azure Arc. From that point on, the entire infrastructure, including clusters, storage, and network configuration, is deployed from the cloud. This minimizes the time and effort required on-site. Using the Azure portal, it’s possible to create an Azure Stack HCI cluster or scale it with a reusable Azure Resource Manager (ARM) template, with unique parameters for each location. This infrastructure-as-code approach ensures consistent configuration of Azure Stack HCI on a large scale.

Cloud-based update management

Keeping the system up to date is now simpler. The 23H2 version introduces the new Lifecycle Manager, which organizes all applicable updates into a single monthly package, covering the operating system, agents, services, and even drivers and firmware for participating hardware solutions. Lifecycle Manager ensures that the cluster always runs a combination of software validated by Microsoft and its partners, reducing the risk of problems or incompatibility. Update management for Azure Stack HCI clusters is integrated with Azure Update Manager, providing a unified tool for all machines across the cloud and edge.

Cloud-based monitoring

Azure Monitor provides an integrated and comprehensive view for applications and infrastructure, covering both cloud and on-premises environments. This now includes logs, metrics, and alert coverage for Azure Stack HCI version 23H2. Over 60 standard metrics are available, including CPU and memory usage, storage performance, network bandwidth, and more. Azure Stack HCI health issues, such as a failed disk or a misconfigured network port, are reported as new platform alerts, customizable to trigger notifications or actions. Additionally, Azure Monitor Insights, powered by Data Collection Rules and Workbooks, provides pre-configured views to help administrators monitor specific features, such as storage deduplication and compression.

Useful references

For all the details regarding the 23H2 version of Azure Stack HCI, you can consult the official Microsoft documentation.

Conclusions

Azure Stack HCI represents a milestone in the landscape of IT infrastructures, offering a robust, scalable, and secure solution for organizations navigating today’s complex technological ecosystem. With its approach, Azure Stack HCI effectively adapts to the needs of hybrid infrastructures, enabling seamless integration between on-premises environments and the Azure cloud. Its advanced features, such as optimized workload management, cutting-edge security, and ease of edge system management, not only meet current challenges but also open new possibilities for future innovation. The constant updating of its capabilities, highlighted by the 23H2 version, demonstrates Microsoft’s commitment to keeping pace with the evolving market needs and user expectations. Azure Stack HCI is not just a solution for current needs but a strategic investment to bring cloud innovation into one’s on-premises environment.

Azure IaaS and Azure Stack: announcements and updates (December 2023 – Weeks: 47 and 48)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

Storage

Encryption at Host for Premium SSD v2 and Ultra Disks

Azure has announced the general availability of encryption at host for Premium SSD v2 and Ultra Disks. This feature, already available for other Azure Disk types, ensures that data on the Virtual Machine (VM) host is encrypted at rest and remains encrypted during transit to the Storage service. The encryption at host for Premium SSD v2 and Ultra Disks enhances data security and privacy, providing an additional layer of protection for sensitive information stored on Azure. This update is a significant step forward in Azure’s commitment to offering secure and reliable cloud storage solutions.

Azure NetApp Files support for 2 TiB Capacity Pools

Azure NetApp Files now supports the creation of capacity pools with a minimum size of 2TiB, a feature that has reached general availability. This enhancement is particularly useful for workloads such as SAP shared files and VDI, which require lower capacity pool sizes for their capacity and performance needs. Customers can now start with a 2TiB pool and increase in 1TiB increments, providing a more cost-effective solution for managing capacities less than 3TiB. This update is supported in all regions with standard network features, offering customers the flexibility to re-evaluate volume planning and take advantage of the savings associated with smaller capacity pools.

User and Group quota management in Azure NetApp Files

Azure NetApp Files has reached general availability with its user and group quota management feature. This functionality allows administrators to control storage consumption by setting capacity limits for individual users or groups within a specific Azure NetApp Files volume. It supports NFS, SMB, and dual protocol-enabled volumes, offering both default and individual user quotas. For NFS-enabled volumes, default or individual group quotas can be defined. This feature is now available in Azure commercial regions and US Government regions, providing a robust solution for managing capacity consumption and ensuring efficient storage utilization.

Azure NetApp Files: standard network features support in US Government Regions

Azure NetApp Files now offers general availability of standard network features in US Government regions, including Virginia, Texas, and Arizona. This enhancement delivers an improved Virtual Networking experience for non-Azure host-based workloads like Azure NetApp Files. Key features include increased route scale for VNets with ANF volumes, enhanced network security with support for Network Security Groups (NSGs) on ANF delegated subnets, and improved network control through User Defined Routes (UDRs). Additionally, it facilitates on-premises connectivity, ExpressRoute FastPath connectivity, cross-region mount volumes, and support for Private Link and service endpoints. This update significantly enhances the networking capabilities and security for Azure NetApp Files in US Government regions.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS). These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in November 2023

November has brought a series of significant updates in the Azure management services landscape. In this monthly recap, the most relevant innovations are highlighted, thus allowing for a specific deep dive into the new functionalities and optimizations introduced.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figures 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

Azure Monitor System Center Operations Manager (SCOM) Managed Instance

Azure Monitor SCOM Managed Instance brings the capabilities of SCOM monitoring and configurable health models to Azure Monitor. As an integrated feature in Azure Monitor, SCOM Managed Instance provides a cloud-based alternative for SCOM customers, ensuring continuity of monitoring for both cloud and on-premises environments. SCOM Managed Instance is now available to everyone and since its preview, it has added multiple features, such as the integration of SCOM alerts with Azure Monitor alerts, the ability to send integrated alerts to IT service management tools, the capability to view service health from the Azure portal, and an improved onboarding experience.

Azure Monitor Agent integrated with Connection Monitor

Azure Monitor Agent, integrated with Connection Monitor, offers an effective solution for network connectivity monitoring. This integration simplifies the management of monitoring agents by consolidating multiple functions into a single agent. It enables the collection of network connectivity and performance data for both Azure and on-premises environments enabled with Azure Arc. New features include improved support for Azure Arc on-premises endpoints and simpler management of monitoring extensions. Additionally, there are plans to expand support for additional Azure resources and enhance performance metrics.

Azure Monitor Log Storage up to 12 Years

More than a year ago, Azure Monitor Logs launched a log storage solution that allows logs to be retained for up to seven years at a reduced cost. This feature has been valuable for many customers with regulations requiring long-term data retention. Since the introduction of this storage capability, there has been a steady increase in the number of customers utilizing log storage and in the duration of data retention. There has also been demand from many customers for longer storage periods beyond the supported seven years. Examples include tax authorities and healthcare regulations in some countries, which require data retention for 10-12 years. After extensive technical discussions and evaluations, Microsoft has extended the supported retention period, and Azure Monitor Logs now supports up to 12 years of data retention.

Adding dynamic values in custom alert fields

Microsoft recently introduced a new feature for Azure Monitor alerts, which now allows the addition of dynamic values in custom fields. This feature is particularly useful for customizing alarm notifications, allowing users to include values dynamically extracted from the alert payload or a combination of both. This update significantly improves the flexibility and effectiveness of alarm notifications, allowing for more customization in actions triggered by action groups, such as webhook actions, Azure function, or logic app. This new capability enhances the precision and relevance of alarm notifications, improving the management and monitoring of infrastructure and applications on Azure.

OpenTelemetry deployment for ASP.NET Core Applications

Microsoft announced the general availability of Azure Monitor’s OpenTelemetry deployment for ASP.NET Core applications. Part of the Azure Monitor ecosystem, this offering is designed for native cloud application monitoring, enabling customers to observe failures, bottlenecks, and usage patterns to more quickly resolve incidents and reduce downtime. The OpenTelemetry deployment of Azure Monitor includes a thin wrapper for easy implementation with a single line of code, along with specific Azure features for an optimized experience on the platform. This deployment is open and extensible, allowing data to be sent to multiple destinations and extended with a rich set of OpenTelemetry instrumentation libraries that collect data from a wide range of frameworks and environments.

Latency Metrics for Azure Disks and Performance Metrics for Temporary Disks on Azure Virtual Machines (preview)

Microsoft recently announced the introduction of the capability to monitor latency across OS, data, and temporary disks using the SCSI protocol, with support for the NVMe protocol coming soon. This improvement is particularly important for high-performance applications such as SAP Hana and OLTP databases, where latency plays a crucial role in read and write operations. It is now possible to track latency operations on OS, data, and temporary disks using Azure Monitor metrics. Additionally, temporary disks, which are by nature non-persistent and typically found in Virtual Machine (VM) families marked with a ‘d’ in their name, are now accessible for performance monitoring on Azure Monitor. It is now easy to monitor queue depth, IOPS, and throughput for these temporary disks, even though their storage does not persist beyond the lifecycle of the associated VM.

Azure Monitor Agent and JSON Log Collection (preview)

Azure Monitor Agent (AMA) now supports the collection of logs in JSON format for ingestion into Log Analytics. This new feature is designed to enable customers to collect their JSON-formatted logs generated in their services or applications and insert them into a Log Analytics workspace table for analysis. The AMA agent is required to use custom JSON logs.

Integration of Azure Monitor alerts with Event Grid for Azure Key Vault System Events (preview)

Microsoft recently announced a new feature in public preview: the integration of Azure Monitor Alerts with Event Grid for Azure Key Vault system events. This integration represents a significant step in the evolution of event and alert management services in Azure. Azure Monitor alerts are essential for detecting and addressing issues before users become aware, proactively notifying when Azure Monitor data indicates there might be a problem with the infrastructure or application. The integration with Event Grid enables efficient communication of events that indicate changes in the system state. This approach is common in decoupled architectures, such as those using microservices. With Azure Monitor alerts as a destination in Event Grid event subscriptions, it is possible to receive critical event notifications through action groups such as SMS, email, push notifications, and more. This feature, currently available only for Azure Key Vault system events, combines Event Grid’s low-latency event delivery with the flexibility and direct-to-customer notifications of Azure Monitor alerts.

Configure

Azure Automation

Azure Automation now supports PowerShell 7.2

Azure Automation has announced the general availability of PowerShell 7.2 runbooks. Users can now create runbooks in the long-term supported version of PowerShell, using the Azure Automation extension for Visual Studio Code, enhanced by GitHub Copilot, and run them on a secure and reliable platform.

Govern

Azure Advisor

Enhancing the reliability of Azure Disks with the introduction of Zone Redundant Storage

Microsoft has announced the general availability of a new Azure Advisor recommendation that enhances the reliability of Azure disks through the use of Zone Redundant Storage (ZRS). Disks with ZRS offer synchronous data replication across three Availability Zones within a region, significantly increasing resilience. By adopting this recommendation, users can now design their solutions using ZRS disks, ensuring that their disks can withstand a zonal outage. This update brings a notable improvement in the resilience of solutions, preventing downtime and interruptions.

Azure Cost Management

Exporting costs via the FOCUS Schema (preview)

The FinOps Open Cost and Usage Specification (FOCUS) is an innovative initiative aimed at establishing a common, provider- and service-agnostic format for billing data. This format allows organizations to better understand cost and usage patterns and optimize spending and performance across multiple cloud offerings, software as a service (SaaS), and even on-premises solutions. Microsoft Cost Management is introducing support for exporting cost and usage data aligned with the FOCUS schema as part of a limited preview ahead of the upcoming major release of FOCUS.

Updates related to Microsoft Cost Management

Microsoft is continually seeking new methods to enhance Microsoft Cost Management, the solution for providing greater visibility into where costs are accumulating in the cloud, identifying and preventing incorrect spending patterns, and optimizing costs. This article details some of the latest improvements and updates regarding this solution.

Azure Arc

VMware vSphere rnabled by Azure Arc

VMware vSphere enabled by Azure Arc helps users simplify the management of their hybrid IT environment spread across VMware vSphere and Azure. Customers can begin by connecting Azure Arc to resources in VMware vSphere deployments, thus facilitating the large-scale installation of agents and enabling Azure’s management, monitoring, and security solutions on on-premises systems.

Self-Service capabilities of System Center Virtual Machine Manager (SCVMM) in Azure with Azure Arc

The self-service capabilities of System Center Virtual Machine Manager (SCVMM) are now generally available in Azure through Azure Arc. Once connected with Azure Arc, customers can manage and control their SCVMM environments on Azure and perform self-service operations on virtual machines (VMs) directly from the Azure portal. This provides customers with a consistent management experience across Azure for both cloud and hybrid environments.

New features for SQL Server enabled by Azure Arc

The enhancements to SQL Server enabled by Azure Arc provide additional management capabilities for SQL Server systems operating outside of Azure:

  • Monitoring for SQL Server Enabled by Azure Arc (preview). The monitoring for SQL Server enabled by Azure Arc, now in preview, will allow customers to gain visibility across their entire SQL Server infrastructure, both in on-premises data centers and in the cloud. This enhances the performance of databases and allows for quicker diagnosis of issues.
  • Improved High Availability and Disaster Recovery (HA/DR) Management for SQL Server Enabled by Azure Arc (Preview). With Azure Arc, customers can now improve operational continuity and the availability of SQL Server by viewing and managing Always On availability groups, failover cluster instances, and backups directly from the Azure portal.
  • Extended Security Updates for SQL Server Enabled by Azure Arc. These updates, which provide critical security updates for up to three years after the end of extended support, are now available as a service through Azure Arc.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updatesthis page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • DevOps Security Insights for GitHub, Azure DevOps, and GitLab. Users will gain deep visibility into the security posture of their applications on GitHub, Azure DevOps, and GitLab within Defender for Cloud. In addition to advanced security for GitHub and Azure DevOps, with the preview of GitLab Ultimate integration, Defender for Cloud now supports the three main development platforms.
  • Integration with Microsoft Entra Permissions Management. Users will get a centralized view of the Permissions Creep Index, implement access controls based on the principle of least privilege for cloud resources, and proactively analyze attack paths by linking access permissions to other potential vulnerabilities on Azure, Amazon Web Services (AWS), and Google Cloud.
  • Enhanced Container Security in Multicloud Environments. Users will be able to anticipate risks in containerized applications and prioritize misconfigurations and exposures in their Kubernetes deployments with the expansion of contextual graph-based capabilities of the Defender Cloud Security Posture Management (CSPM) to Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (NGO) clusters.
  • Proactive Attack Path Analysis and Faster Risk Mitigation. Users can efficiently remediate critical risks with a risk-based attack path analysis engine to identify and prioritize the resolution of more complex risks, such as cross-cloud attack paths.
  • Improved Security Posture for APIs. With the general availability of the Defender for APIs plan in Defender for Cloud, administrators will be able to gain visibility into critical business APIs, prioritize the remediation of vulnerabilities, and rapidly detect active real-time threats for APIs published in Azure API Management. New preview capabilities aimed at sensitive data classification supported by Microsoft Purview and curated attack paths will further assist security administrators in protecting data from API risks.
  • Microsoft Security Copilot. Users will be able to gain efficiency in discovering and resolving risks with the power of AI-generated guidance.

Protect

Azure Backup

Azure Backup for AKS

Microsoft has announced the general availability of Azure Backup for Azure Kubernetes Service (AKS). This native Azure solution provides simple and secure protection for containerized applications deployed on AKS, enabling customers to protect their mission-critical workloads.

Customer-Managed Key Encryption for Backup Vaults (Preview)

Microsoft Azure has introduced the capability to use customer-managed encryption keys (CMKs) for backing up data security. This feature, supported for Recovery Services Vaults, has been extended to Backup Vaults. It is now possible to use CMKs when creating a new backup vault or updating the encryption settings of an existing vault to use CMKs.

Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (November 2023 – Weeks: 45 and 46)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks. This week marks a significant milestone with the occurrence of the Microsoft Ignite event, bringing with it a substantial number of important updates and innovations announced by Microsoft. To delve deeper into the specific developments unveiled during this conference in these areas, I invite you to read the dedicated article: Unveiling the future: key insights from Microsoft Ignite on Azure IaaS and Azure Stack.

Azure

General

Azure to End Support for TLS 1.0 and 1.1 by 31 October 2024

Microsoft Azure has announced that it will end support for Transport Layer Security (TLS) versions 1.0 and 1.1 by 31 October 2024. This decision is part of Azure’s ongoing efforts to enhance security and provide best-in-class encryption for customer data. From this date, interactions with Azure services will require TLS 1.2 or later. While the Microsoft implementation of older TLS versions is not known to be vulnerable, TLS 1.2 and subsequent versions offer improved security features, such as perfect forward secrecy and stronger cipher suites. Customers are advised to confirm that their resources interacting with Azure services are using TLS 1.2 or later to avoid potential service disruptions. If resources are already exclusively using TLS 1.2 or later, no further action is required. However, if there is still a dependency on TLS 1.0 or 1.1, it is recommended to transition to TLS 1.2 or later by the specified deadline. Microsoft provides additional resources and support to assist with this transition.

Compute

Ubuntu Server to Ubuntu Pro in-place upgrade now available

Microsoft Azure has announced the general availability of an in-place upgrade from Ubuntu Server to Ubuntu Pro. This upgrade can be added as a subscription to your Azure Virtual Machines (VMs), enabling the transition without the need to redeploy or take VMs offline. Ubuntu Pro offers an extended support period of 10 years for over 2,300 Main and 23,000+ Universe packages, with the 18.04 version recently entering extended support. This upgrade enhances VMs with additional security and compliance features, making it a robust choice for enterprise environments. For detailed instructions on the upgrade process, Azure users can refer to the official documentation, and pricing information for Ubuntu Pro is available on the Azure pricing page.

Introducing NGads V620 Series VMs Optimized for Gaming Scenarios

Microsoft Azure has announced the general availability of the NGads V620 series VMs, a new addition optimized for gaming scenarios. These GPU-enabled virtual machines are powered by AMD Radeon™ PRO V620 GPUs and AMD EPYC 7763 (Milan) CPUs, designed to deliver a high-quality, interactive gaming experience hosted in Azure. The NGads V620 VMs feature GPU Partitioning, allowing VMs to access ¼, ½, or a whole GPU, enabling customers to tailor their performance and cost according to their business needs. Additionally, these VMs come standard with NVMe drives, offering up to 1025 GB of temp storage for rapid local data access. A key component of the NGads V620 series is the AMD Software: Cloud Edition. This software targets optimizations available in the consumer gaming version of the AMD Adrenaline driver, further tested and optimized for cloud environments. It is frequently updated to support the latest game releases. The software also supports accelerated virtual desktop environments, with Radeon PRO optimizations for high-end workstation applications in design or rendering.

Networking

Application Gateway: using a common port for Public and Private listeners

Microsoft Azure has announced the general availability of the feature that allows configuring the same port number for public and private listeners on your Application Gateway. This update simplifies the use of Application Gateway deployments to serve both internet-facing and internal clients without the need for non-standard ports or backend application customizations. The feature is available in all public regions, including Azure China and Azure Government cloud regions. Note that additional configuration may be necessary for inbound rules when using Network Security Groups.

Rate-Limit Rules for Application Gateway Web Application Firewall

Azure has introduced rate-limit custom rules for its regional Web Application Firewall (WAF) on Application Gateway, now generally available. This feature allows the detection and blocking of unusually high levels of traffic aimed at your application. Rate-limiting is instrumental in mitigating various types of denial-of-service attacks, managing misconfigured clients sending excessive requests, or controlling traffic from specific geographical locations. This enhancement bolsters the security and management of your web applications.

Application Gateway Supports IPv6 Frontend (preview)

Azure’s Application Gateway v2 is now in public preview for supporting dual-stack (IPv4 and IPv6) connections at the frontend. This upgrade enables the Application Gateway to manage traffic from both IPv4 and IPv6 clients, enhancing flexibility and connectivity options. This feature is particularly beneficial for addressing IPv4 address exhaustion and meeting various regulatory requirements. Users can now set up a new Application Gateway with both IPv4 and IPv6 addresses, reflecting Azure’s commitment to delivering top-notch service and customer experience.

Storage

Azure NetApp Files Datastores for Azure VMware Solution in US Government Regions

Azure NetApp Files datastores have achieved general availability in US Government Cloud regions to support storage-intensive workloads on Azure VMware Solution (AVS). This advancement allows users to create datastores through the Azure VMware Solution resource provider with Azure NetApp Files NFS volumes, which can be attached to any selected private cloud clusters. With the ability to scale storage independently of compute and surpass the local instance storage limits provided by vSAN, this feature aims to reduce the total cost of ownership. This service is now available in the US Gov Virginia and US Gov Arizona regions.

Azure Elastic SAN Updates – Snapshots, Security, and Usability (preview)

Azure Elastic SAN, currently in preview, has received new updates to enhance its performance and security. The updates include live volume resizing, force delete capabilities, and Server-Side Encryption with Customer Managed Keys (SSE with CMK) for improved security. As a VMware Certified datastore, Elastic SAN offers scalable storage and performance, which optimizes total cost of ownership and scalability. These improvements are part of Azure’s ongoing efforts to provide seamless integration with other native Azure products and a robust, secure storage solution.

Azure Stack

Azure Stack HCI

AKS on Azure Stack HCI and Windows Server 2023-10-30

The AKS HCI management cluster has been updated to Kubernetes version 1.26.6, laying the groundwork for future Kubernetes versions for workload clusters. This release includes security updates to address vulnerabilities, enhancements to Azure Arc onboarding prechecks for better network resilience, and several bug fixes. Users are encouraged to try AKS on Azure Stack HCI or Windows Server using the evaluation guide and to contribute feedback and follow the AKS hybrid roadmap through GitHub.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Unveiling the future: key insights from Microsoft Ignite 2023 on Azure IaaS and Azure Stack HCI

In this article, I take you through the latest technological advancements and updates announced at the recent Microsoft Ignite event. With a focus on Azure Infrastructure as a Service (IaaS) and Azure Stack, my aim is to provide a thorough and insightful overview of the innovative solutions and strategic initiatives unveiled by Microsoft. This pivotal event, renowned for its groundbreaking revelations in the tech sphere, has introduced a range of new features, enhancements, and visionary developments within the Microsoft ecosystem. I invite you to join me in exploring these developments in detail, as I offer my personal insights and analysis on how they are set to shape the future of cloud infrastructure and services.

Azure

General

Microsoft recently unveiled Copilot for Azure, an AI companion designed to enhance the design, operation, optimization, and troubleshooting of applications and infrastructure, from cloud to edge. Leveraging large language models and insights from Azure and Arc-enabled assets, Copilot offers new insights and functionality while prioritizing data security and privacy.

In AI infrastructure updates, Microsoft is optimizing its hardware and software stack, collaborating with industry leaders to offer diverse AI inferencing, training, and compute options. Key developments include:

  • Custom silicon chips, Azure Maia and Azure Cobalt, for AI and enterprise workloads, enhancing performance and cost-effectiveness.
  • Azure Boost, enhancing network and storage performance, is now generally available.
  • ND MI300 v5 virtual machines with AMD chips, optimized for generative AI workloads.
  • NC H100 v5 virtual machines with NVIDIA GPUs, improving mid-range AI training and inferencing efficiency.

Additionally, Microsoft and Oracle have announced the general availability of Oracle Database@Azure, integrating Oracle database services with Microsoft Azure’s security and services, starting in the US East Azure region in December 2023 and expanding further in early 2024.

Compute

Azure is introducing new AMD-based virtual machines (VMs), now in preview, featuring the 4th Generation AMD EPYC™ Genoa processor. These VMs offer enhanced performance and reliability across various series, each with different memory-to-core ratios catering to general purpose, memory-optimized, and compute-optimized needs.

For SAP HANA workloads, the Azure M-series Mv3 family, powered by 4th-generation Intel® Xeon® Scalable processors and Azure Boost, provides faster insights and improved price-performance. They also offer improved resilience, faster data load times for SAP HANA OLAP workloads, and higher performance per core for SAP OLTP workloads. Azure Boost enhances these VMs with improved network and storage performance and security.

Azure also introduces new confidential VMs with Intel processors, featuring Intel® Trust Domain Extensions (TDX) for secure processing of confidential workloads in the cloud. These VMs support a range of new features, including RHEL 9.3 for AMD SEV-SNP confidential VMs, Disk Integrity Tool for disk security, temporary disk encryption for AMD-based VMs, and expanded regional availability. The NCCv5 series confidential VMs, equipped with NVIDIA H100 Tensor Core GPUs, are unique in the cloud sphere. They offer AI developers the ability to deploy GPU-powered applications confidentially, ensuring data encryption in both CPU and GPU memory and providing attestation reports for data privacy.

Also, Azure has introduced two new features in public preview:

  • Azure VMSS Zonal Expansion: this feature allows users to transition their VMs from a regional to a zonal configuration across Azure availability zones, significantly enhancing business continuity and resilience.
  • VM Hibernation: Azure now offers a VM hibernation feature, allowing users to save on compute costs. When a VM is hibernated, its in-memory state is preserved in the OS disk, and the VM is deallocated, incurring charges only for storage and networking resources. Upon reactivation, the VM resumes its applications and processes from the saved state, allowing for quick continuation of work.

These updates reflect Azure’s commitment to offering advanced, secure, and versatile cloud computing options.

Storage

Azure has announced several updates to its storage services to enhance data management, performance, and cloud migration:

  • Azure Ultra Disk Storage: the IOPS and throughput for Azure Ultra Disk Storage have been increased, now supporting up to 400,000 IOPS and 10,000 MB/s per disk. This enhancement allows a single disk to support the largest VMs, reducing the need for multiple disks and enabling shared disk configurations.
  • Azure Storage Mover: this service, now generally available, facilitates the migration of on-premises file shares to Azure file shares and Azure Blob Storage. It includes new support for SMB share migration and a VMware agent image.
  • Azure Native Qumulo Scalable File Service: the ANQ V2 offers improved economics and scalability, separating performance from capacity. It simplifies cloud file services, enabling rapid deployment and management through a unified namespace.
  • Amazon S3 Shortcuts: now generally available, these shortcuts allow the integration of data in Amazon S3 with OneLake, enabling a unified virtualized data lake without data duplication.
  • Azure Data Lake Storage Gen2 Shortcuts: these shortcuts, also generally available, enable connection to external data lakes in ADLS Gen2 into OneLake. This allows data reuse without duplication and enhances interoperability with Azure Databricks and Power BI.

Networking

Azure introduces several updates aimed at enhancing network security, flexibility, and performance:

  • Private Subnet: a new feature allowing the disabling of default outbound access for new subnets, enhancing security and aligning with Azure’s “secure by default” model.
  • Customer-controlled maintenance: this public preview feature allows scheduling gateway maintenance during convenient times across various gateway resources.
  • Azure Virtual Network Manager Security Admin Rule: now generally available in select regions, it enforces standardized security policies globally across virtual networks, enhancing security management and reducing operational complexities.
  • ExpressRoute Direct and Circuit in different subscriptions: this general availability feature allows ExpressRoute Direct customers to manage network costs and connect circuits from multiple subscriptions, improving resource management.
  • ExpressRoute as a Trusted Service: now customers can store MACsec secrets in Azure KeyVault with Firewall Policies, restricting public access while enabling trusted service access.
  • ExpressRoute seamless gateway migration: this feature enables a smooth migration from a non-availability zone to an Availability-zone (AZ) enabled Gateway SKU, eliminating the need to dismantle existing gateways.
  • Rate Limiting on ExpressRoute Direct Circuits: this public preview feature allows rate-limiting on circuits, optimizing bandwidth usage and improving network performance.
  • ExpressRoute Scalable Gateway: The new ErGwScale Virtual Network Gateway SKU offers up to 40 Gbps connectivity and features auto-scaling based on bandwidth usage, enhancing flexibility and efficiency in network connectivity.

Azure Stack

Azure Stack HCI

Azure Stack HCI version 23H2

At Microsoft Ignite 2023, the company announced the public preview of Azure Stack HCI version 23H2, introducing several advancements. Key features include cloud-based deployment, update management, and monitoring, enhancing the ease and efficiency of managing infrastructure at scale. With version 23H2, deployment from the cloud is now possible, simplifying the setup process and minimizing on-site expertise requirements. The new Lifecycle Manager consolidates updates into a monthly package, streamlining update management and reducing compatibility issues. Azure Stack HCI now offers comprehensive monitoring with Azure Monitor, providing detailed insights into system performance and health.

The update also emphasizes central management of diverse workloads, whether container-based, VM-based, cloud, or edge-run, through Azure Arc and an adaptive cloud approach. Version 23H2 supports a variety of virtual machines and introduces Azure Kubernetes Service for edge-based container management. Additionally, Azure Virtual Desktop for Azure Stack HCI is in preview, offering enhanced virtualized desktops and apps with improved latency and optional GPU acceleration.

Significant attention is given to security with Azure Stack HCI version 23H2. It ensures a secure deployment by default and integrates with Microsoft Defender for Cloud for comprehensive security management. The Trusted launch feature for Azure Arc-enabled virtual machines, previously exclusive to the Azure cloud, is now available at the edge, providing additional protection against firmware and bootloader attacks.

While the 23H2 version is currently available for preview, it is not yet recommended for production use, with general availability (GA) expected in early 2024. Microsoft advises customers to continue using version 22H2 for production environments, with an update path from 22H2 to 23H2 to be detailed later. For more detailed information on Azure Stack HCI version 23H2, readers are encouraged to visit this article.

Conclusion

As we wrap up our exploration of the latest updates from Microsoft Ignite, it’s clear that the advancements in Azure IaaS and Azure Stack are not just incremental; they are transformative. Microsoft’s commitment to innovation and its vision for a more integrated, efficient, and scalable cloud infrastructure is evident in every announcement and feature update. These developments promise to redefine how businesses and developers leverage cloud computing, enhancing agility, security, and sustainability.

The implications of these updates extend beyond mere technical enhancements; they signal a shift towards a future where cloud infrastructure is more accessible, resilient, and adaptive to evolving business needs. As I conclude this article, I am left with a sense of excitement and anticipation for what these changes mean for the industry. The journey of cloud computing is ever-evolving, and with Microsoft’s recent announcements at Ignite, we are witnessing a significant leap forward in that journey.

Thank you for joining me in this deep dive into Microsoft’s latest innovations. I look forward to continuing this discussion and exploring how these advancements will unfold and impact our digital world in the days to come.

Azure IaaS and Azure Stack: announcements and updates (November 2023 – Weeks: 43 and 44)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Azure Integration with Canonical’s Snapshot Service (preview)

Microsoft has announced a public preview of Azure’s integration with Canonical’s Snapshot Service, marking a significant step forward in the deployment of secure and resilient Canonical workloads on Azure. This collaboration positions Azure as the first cloud provider to integrate with Canonical’s snapshot service. The integration aims to streamline the update process for Linux operating systems, enhancing security and reliability across Azure services. The Azure Guest Patching Service (AzGPS) and Azure Kubernetes Service (AKS) will utilize this new feature to apply consistent updates across different regions using Safe Deployment Principles (SDP). This initiative underscores Microsoft’s commitment to providing a secure and up-to-date environment for Linux-based applications on Azure.

Compute

Extension of Azure Compute Reservations Exchange Period

Microsoft Azure has announced a significant extension of the exchange period for Azure Compute Reservations, which includes Azure Reserved Virtual Machine Instances, Azure Dedicated Host reservations, and Azure App Services reservations. Initially set to end on January 1, 2024, the exchange period has been extended until at least July 1, 2024. This extension provides an additional grace period, allowing users to exchange their Azure Compute Reservations to better suit their resource needs and planning. Launched in October 2022, the Azure Savings Plan for Compute aims to offer greater flexibility, accommodating changes such as virtual machine series and regions. After the grace period, it will no longer be possible to exchange instance series or regions for the mentioned reservations. Users can choose to convert their Azure Compute Reservations into a savings plan or continue to use and purchase reservations for predictable and stable workloads.

Networking

Default Rule Set 2.1 for Regional WAF with Application Gateway

Microsoft Azure has reached a new milestone with the general availability of Default Rule Set (DRS) 2.1 for the regional Web Application Firewall (WAF) on Azure Application Gateway. This release is based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and is enhanced with additional proprietary protection rules developed by the Microsoft Threat Intelligence team. The team’s analysis of Common Vulnerabilities and Exposures (CVEs) has been instrumental in adapting the CRS to address these vulnerabilities while minimizing false positives. This update reflects Microsoft’s dedication to providing robust security measures for applications deployed on Azure, ensuring that they are safeguarded against a wide array of threats.

Azure Bastion for Developers (Preview)

Azure Bastion now offers a developer-focused preview that enables secure and seamless RDP and SSH access to virtual machines over the Azure platform. This service is designed to provide a more integrated and streamlined experience for developers, with features that cater specifically to their workflows and access requirements. The preview aims to enhance productivity and security for development environments hosted on Azure.

Storage

Azure Blob Storage Cold Tier

Azure Blob Storage has announced the general availability of its Cold Tier support for Blob Batch operations as of August 10th, 2023. This new online access tier is the most cost-effective option within Azure Blob Storage for storing infrequently accessed data that requires long-term retention while still providing instant access. Blob Batch operations have been enhanced to support tiering operations for the cold tier, allowing for the efficient management of large volumes of data. For more information on optimizing performance and cost with the Cold Tier, users can refer to the Azure documentation.

TLS 1.2 to Become the Minimum TLS Version for Azure Storage

In a move to align with evolving technology and regulatory standards, Azure Storage is set to deprecate support for TLS versions 1.0 and 1.1. Starting from November 1, 2024, the minimum supported version will be TLS 1.2. This update is crucial as TLS 1.2 offers enhanced security and speed over its predecessors, which do not support modern cryptographic algorithms and cipher suites. The change will affect both existing and new storage accounts that are currently using the older TLS versions across all Azure clouds.

To prevent any service disruptions, users of Azure Storage are required to transition to TLS 1.2 and eliminate any dependencies on the older versions. Azure Storage already supports and defaults to TLS 1.2, so customers using it will not experience any impact due to this update. However, for those utilizing TLS 1.0 or 1.1, it is imperative to update operating systems, development libraries, frameworks, and any other solutions to the latest versions that support TLS 1.2 before October 31, 2024.

Azure has provided a set of recommendations and resources to facilitate this migration. For further details and guidance, users can navigate to the Azure updates page.

Azure Premium SSD v2 Disk Storage Now Available in More Regions

Azure Premium SSD v2 Disk Storage has expanded its availability, now including Poland Central, China North 3, and US Gov Virginia regions. This next-generation storage solution provides sub-millisecond disk latencies and is designed to support IO-intensive workloads at a cost-effective price point. It is ideal for a variety of enterprise production workloads such as SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, and big data analytics. For more information on Premium SSD v2 Disk Storage and pricing, users can refer to the Azure Managed Disks pricing page.

Azure NetApp Files Standard Storage with Cool Access (preview)

Azure has introduced a new feature in public preview for Azure NetApp Files, standard storage with cool access. This innovative feature allows users to configure a standard capacity pool with cool access, effectively moving cold (infrequently accessed) data transparently to an Azure storage account. This transition aims to reduce the cost of storage while maintaining the same throughput to and from the volume.

However, users should note that there might be a difference in data access latency, as data blocks could be tiered to the Azure storage account. The cool access feature offers options for the “coolness period” to optimize network transfer costs based on specific workload and read/write patterns. This functionality is provided at the volume level.

During the preview phase, this feature is available in several regions, including East US2, East Asia, Central India, Canada Central, Australia East, North Europe, Brazil South, France Central, Australia Southeast, and Canada East. More regions will be added as the preview progresses.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.

Azure Management services: what’s new in October 2023

This month, Microsoft has introduced a series of significant updates to the Azure management services. Through this series of monthly articles, I aim to provide an overview of the most relevant new features. The goal is to keep you constantly informed about these developments, giving you the essential information to further explore these topics.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Overview of Management Services in Azure

Monitor

Azure Monitor

VM insights: migration to Azure Monitor agent by August 31, 2024

On August 31, 2024, VM insights based on the Log Analytics agent will be retired. It is recommended to migrate to the Azure Monitor agent for VM insights, which offers several improvements, including:

  • Enhanced security and performance.
  • Data collection rules to help reduce costs.
  • A simplified management experience, facilitating troubleshooting.

Integrated Azure Monitor alerts for Azure Site Recovery (preview)

Microsoft recently announced the preview availability of integrated Azure Monitor alerts for Azure Site Recovery. This new feature allows Azure users to more effectively monitor the status and performance of their disaster recovery environments. The integrated alerts enable rapid detection of potential issues, ensuring more efficient and proactive management of resources in emergency recovery situations. With this integration, users can configure custom alerts based on specific performance and status parameters, improving resilience and operational readiness for their systems. This feature is particularly useful for organizations requiring high standards of operational continuity and data integrity.

Govern

Azure Policy

Protection of critical infrastructures from large-scale accidental deletions with Policies

Microsoft has introduced “DenyAction” in Azure Policy. This new feature allows blocking requests based on actions taken on the resource, rather than just its configuration or properties. In practice, with Deny Action, it is possible to protect infrastructures by preventing unwanted deletion calls. While in the past Azure Policy only offered the “deny” function, which blocked requests based on specific resource configurations, now with the addition of Deny Action, the blocking capability has been extended to actions included in the request.

Azure Cost Management

Updates related to Microsoft Cost Management

Microsoft is constantly seeking new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns, and optimize costs. This article reports some of the latest improvements and updates regarding this solution.

Azure Arc

Azure Arc-enabled SCVMM (preview)

With the recent introduction of “Azure Arc-enabled System Center Virtual Machine Manager (SCVMM)”, it is now possible to manage SCVMM VMs more efficiently directly from Azure. This innovative solution facilitates the discovery, integration, and management of VMs. Microsoft is expanding the capabilities for SCVMM enabled in Azure Arc. Thanks to this update, Azure Arc-enabled SCVMM VMs receive full support for Azure management services. This includes protection offered by Microsoft Defender for Cloud, monitoring via Azure Monitor, and updates provided by Azure Update Manager. These new features offer customers a simpler and more effective management experience of their System Center-managed assets, all through Azure.

Secure

Microsoft Defender for Cloud

New features, bug fixes, and deprecated features of Microsoft Defender for Cloud

The development of Microsoft Defender for Cloud is constantly evolving, with continuous improvements being introduced. To stay updated on the latest developments, Microsoft updates this page, which provides information on new features, bug fixes, and deprecated features. Specifically, this month’s main news includes:

  • Public preview availability of recommendations for managing DevOps security posture;
  • Release of the CIS Azure Foundations Benchmark v2.0.0 in the Regulatory Compliance dashboard.

Protect

Azure Backup

Backup Vaults with MUA (Multi-User Authorization)

Azure Backup has announced the availability of backup vaults with MUA (Multi-User Authorization). These vaults offer an integrated backup solution that protects business data through a series of advanced access features. With this release, the backup administrator, who is usually the owner of the Backup vault, needs to obtain the collaborator role on the protected resource to perform certain operations. This requires an action by the owner of the protection resource to approve and grant the requested access. Additionally, it is possible to use Azure Active Directory Privileged Identity Management to manage just-in-time access on the protected resource.

Enhanced Soft Delete

Azure has announced the availability of the “Enhanced Soft Delete” feature for Azure Backup. This feature offers additional protection against data loss, ensuring that backup data remains available for recovery, even if the backup source is deleted. The Enhanced Soft Delete feature protects against accidental deletions and malicious activities. This adds an extra layer of security and resilience to backup data.

Regional Disaster Recovery for Azure Backup for AKS (preview)

Azure Backup for AKS allows customers to protect their containerized workloads along with application data deployed on AKS clusters. The solution enables scheduled backups of AKS clusters and their restoration in various scenarios. Customers also want to use their AKS backups to recover applications in the event of a regional disaster, following industry best practices for the 3-2-1 backup strategy. With this in mind, the Azure Backup service is announcing the private preview of the regional disaster recovery capability of AKS Backup. Using this feature, it is possible to recover the AKS cluster from backups in a secondary region, such as an Azure paired region, in the event of a regional disaster.

Migrate

Azure Migrate

New releases and features of Azure Migrate

Azure Migrate is the service in Azure that includes a broad portfolio of tools that can be used, through a guided user experience, to effectively address the most common migration scenarios. To stay updated on the latest developments of the solution, you can consult this page, which provides information on new releases and new features.

Azure Evaluation

For those who wish to explore and personally evaluate the services offered by Azure, a unique opportunity is available: by accessing this page, you can test various features and services for free. This will allow you to better understand how Azure can adapt and improve your IT operations, while ensuring security and innovation.

Azure IaaS and Azure Stack: announcements and updates (October 2023 – Weeks: 41 and 42)

This blog post series highlights the key announcements and major updates related to Azure Infrastructure as a Service (IaaS) and Azure Stack, as officially released by Microsoft in the past two weeks.

Azure

General

Microsoft Azure achieves HITRUST CSF v11.0.1 certification

I am thrilled to announce that Microsoft Azure has achieved HITRUST CSF v11.0.1 certification across 162 Azure services and 115 Azure Government services. This certification covers all GA Azure regions across both Azure and Azure Government clouds. This monumental achievement stands as a testament to Azure’s unwavering commitment to enhancing its security and compliance offerings, especially for valued customers in the healthcare sector.

HITRUST CSF v11.0.1 is the latest iteration of the framework, incorporating new requirements and updates from authoritative sources such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and more. Moreover, HITRUST CSF v11.0.1 introduces innovative features and enhancements, including a maturity scoring model, risk factor analysis, an expanded inheritance program, improved assessment scoping tools, and more. By securing this certification, Azure reinforces its dedication to providing secure and compliant cloud services for customers in the healthcare industry.

Compute

Azure Dedicated Host – Resize

With the introduction of Azure Dedicated Host’s new ‘resize’ feature, users can now effortlessly transition their existing dedicated host to a different Azure Dedicated Host SKU, for instance, moving from Dsv3-Type1 to Dsv3-Type4. This innovative ‘resize’ feature significantly reduces the complexities and efforts associated with reconfiguring VMs when there’s a need to upgrade the foundational dedicated host system. One of the standout features is the ability to automatically create a new host, migrate all pre-existing VMs, and subsequently delete the old host. This eliminates the need for any manual interventions during the upgrade process of the dedicated host. Additionally, this could lead to potential cost savings, as users gain the capability to operate more VMs on the newly introduced dedicated host SKUs.

VMSS Automatic Instance Repairs – Reimage, Restart Repair Actions (preview)

Automatic instance repairs help Virtual Machine Scale Set customers achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. Microsoft has announced that customers can now choose between Replace, Reimage (Preview), or Restart (Preview) as the default repair action performed in response to an “Unhealthy” application signal. These new options provide a less-impactful repair process, ensuring higher application availability while preserving VM properties and metadata for customers with sensitive workloads.

Networking

Default Outbound Access for VMs in Azure Will Be Retired

Microsoft has recently announced that starting from 30 September 2025, the default outbound access connectivity for all new virtual machines in Azure will be retired. This decision is in line with Azure’s move towards a secure-by-default model, which means that the default outbound access to the internet will be turned off. Consequently, after the mentioned date, Azure will no longer assign a default implicit IP for VMs to communicate with the internet. However, it’s important to note that existing VMs will not be affected by this retirement. For those who require outbound access post this date, Azure will provide an easy way to enable outbound internet access using explicit outbound methods. Additionally, for VMs currently having default outbound access and wishing to transition to a secure configuration after this date, Azure will offer a mechanism for easy opt-in. Users already utilizing explicit outbound connectivity methods will remain unaffected by this retirement. Azure emphasizes the benefits of explicit outbound connectivity methods, including greater control over internet connections, protection from public IP address changes, and traceable IP address resources beneficial for measurement and troubleshooting. Azure will be sending periodic updates to subscription owners impacted by this change in the coming months.

ExpressRoute Traffic Collector now generally available

Microsoft Azure has announced the general availability of the ExpressRoute Traffic Collector. This feature allows users to capture information about IP flows sent over ExpressRoute direct circuits. The ExpressRoute Traffic Collector supports flow logs capture for both Private and Microsoft peering. The captured flow logs data is sent to a Log Analytics workspace, enabling users to create custom log queries for in-depth analysis.

Some of the primary use cases for flow logs include:

  • Network Monitoring: gain near real-time visibility into network throughput and performance, perform network diagnosis, and forecast capacity.
  • Network Usage and Cost Optimization: analyze traffic trends by filtering sampled flows by IP, port, or applications. Identify top talkers for a source IP, destination IP, or applications. Optimize network traffic expenses by analyzing traffic patterns.
  • Network Forensics Analysis: identify potentially compromised IPs by analyzing all associated network flows. Users can also export flow logs to a SIEM tool of their choice to monitor and correlate events.

It’s important to note that the flow logs collected by the ExpressRoute Traffic Collector do not impact network throughput or latency. Users can enable or stop flow logs collection without any risk of affecting the network performance of an ExpressRoute direct circuit.

Azure Private Link for MySQL – Flexible Server

Azure Private Link allows users to connect to various PaaS services, such as Azure Database for MySQL – Flexible Server, in Azure, via a private endpoint. Private Link brings Azure services inside your private virtual network (VNet). Using the private IP address, the Azure Database for MySQL – Flexible Server becomes accessible just like any other resource within the VNet. This feature is now available for general use.

Storage

Azure Files improved support for Unicode characters

Azure Files has undergone enhancements to now support all valid Unicode characters. This development allows for the creation of SMB File shares with file and directory names that align with the NTFS file system, specifically for valid Unicode characters. This expanded character set support includes:

  • Control characters that are supported by NTFS.
  • Trailing dot (.) characters at the end of directory and file names.
  • Characters that function individually but were previously blocked when used in combination, especially in non-English languages.

Such advancements facilitate tools like AzCopy and Storage mover to migrate all files into Azure Files using the REST protocol. This expanded character support is now accessible in all Azure regions.

Zone Redundant Storage for Azure Disks in More Regions

Microsoft has announced the general availability of Zone Redundant Storage (ZRS) for Azure Disk Storage on Azure Premium SSDs and Standard SSDs in the Norway East and UAE North regions. Disks with ZRS offer synchronous replication of data across three availability zones within a region. This ensures that the disks can withstand zonal failures without disrupting the associated applications. The feature not only enhances the resilience of disks against zonal failures but also eliminates the need for application-level replication of data across zones. Furthermore, ZRS can be combined with shared disks to provide even higher availability for clustered or distributed applications, including SQL FCI, SAP ASCS/SCS, and GFS2.

Conclusion

Over the past two weeks, Microsoft has introduced a slew of updates and announcements pertaining to Azure Infrastructure as a Service (IaaS) and Azure Stack. These developments underscore the tech giant’s unwavering commitment to enhancing its cloud offerings and adapting to the ever-evolving needs of businesses and developers. Users of Azure can anticipate improved functionalities, streamlined services, and enriched features as a result of these changes. Stay tuned for more insights as I continue to monitor and report on Azure’s progression in the cloud sphere.