Azure HBv4 and HX-series Virtual Machines (VMs) are now generally available. With the general availability, Microsoft is offering customers the first VMs featuring the latest 4th Gen AMD EPYC™ processors with AMD 3D V-Cache™ technology (codename ‘Genoa-X’), paired with 400 Gigabit NVIDIA Quantum-2 InfiniBand. Azure HBv4 and HX-series VMs offer leadership levels of performance, scaling efficiency, and cost-effectiveness for a variety of HPC workloads such as computational fluid dynamics (CFD), financial services calculations, finite element analysis (FEA), geoscience simulations, weather simulation, rendering, quantum chemistry, and silicon design.
Networking
Azure Application Gateway: using a common port for public and private listeners (preview)
Azure Application Gateway now supports configuring the same port number for public and private listeners in preview. You no longer need to use non-standard ports or customize the backend application. This provision enables you to use a single Application Gateway deployment and easily configure it to serve traffic for both internet-facing and internal clients.
Default Rule Set 2.1 for Regional WAF with Application Gateway (preview)
Announcing the preview of the Default Rule Set 2.1 (DRS 2.1) for regional WAF on Azure Application Gateway. The default rule set is now available on the Azure Application Gateway WAF V2 SKU. DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and extended to include additional proprietary protections rules developed by Microsoft Threat Intelligence team. The Microsoft Threat Intel team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address CVE and reduce false positives.
Storage
Azure Premium SSD v2 Disk Storage in Southeast Asia, UK South, South Central US and West US 3
Azure Premium SSD v2 Disk Storage is now available in Southeast Asia, UK South, South Central US and West US 3 regions. This next-generation storage solution offers advanced general-purpose block storage with the best price performance, delivering sub-millisecond disk latencies for demanding IO-intensive workloads at a low cost. It is well-suited for a wide range of enterprise production workloads, including SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful containers.
Azure NetApp Files double encryption at-rest feature now provides multiple independent encryption layers, protecting against attacks to any single encryption layer. Threats are diminished to the encrypted data, for example: – Single encryption key being compromised – Encryption algorithms with implementation errors – Data encryption configuration errors
This feature is currently available in West Europe, East US 2, East Asia regions and will roll out to other regions as the preview progresses.
Azure Elastic SAN Public Preview improvements
Azure Elastic SAN is currently in preview and several improvements have been made to the service. These include expanded regional availability, simplified multi-session connectivity for optimized volume performance, and native integration with Azure Container Storage (in preview). Azure Container Storage leverages Azure Elastic SAN as the backing storage resource to optimize price versus performance through dynamic resource sharing. Microsoft has also made it easier to migrate to Azure Elastic SAN and other block storage offerings like Premium SSD V2 and Ultra Disk, by including them in the Storage Migration Program.
In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
AKS Network Observability add-on(preview)
The new AKS Network Observability add-on provides the ability to monitor the health of the network and connectivity of the AKS cluster. Integrating seamlessly with Azure-managed Prometheus and Azure-managed Grafana, this add-on provides better monitor capabilities in a unified experience.
These are the main features:
access to cluster-level network metrics, such as packet losses, connection statistics and more;
access to pod-level metrics and network debugging features;
support for all Azure CNIs;
support for all AKS node types: Linux and Windows;
ease of deployment using native Azure tools: AKS CLI, ARM models, PowerShell, etc.;
integration with Azure-managed Prometheus and Grafana offerings.
Azure Monitor Alert resources are now visible in the Azure portal
Historically, alert resources (alert rules, alert processing rules and action groups) have always been hidden resources in the Azure portal. This prevented them from appearing when searching or in the resource list and limited their viewing experience. Now Microsoft is making these resources “first-class citizens” in the Azure portal, so that they become visible in all places where the assets can be viewed in the portal, and more precisely the alerting resources:
appear in the search results in the top search bar of the Azure portal;
they appear when listing resources within a subscription or resource group;
they can now be viewed in a standard resource pane and will soon be editable as well (the same way you edit any other Azure resource).
Azure Monitor container insights for AKS cluster with ARM64 nodes
Container insights is a feature designed to monitor the performance of container workloads deployed in the cloud. Provides performance visibility by collecting processor and memory metrics from controllers, nodes and containers available in Kubernetes through the Metrics API. Azure Monitor container insights is now available for AKS clusters with ARM64 nodes.
Managed identity authentication in Azure Monitor Container Insights
Managed Identity is a secure and streamlined authentication model where the Azure Monitor monitoring agent uses the cluster's managed identity to send data to the Azure Monitor backend. This mechanism replaces the current certificate-based local authentication and eliminates the need to add a monitoring metrics publisher role to the cluster. Managed Identity will now be the default authentication mechanism for Container Insights.
Azure Virtual Desktop Insights powered by Azure Monitor agent(preview)
Administrators working with Azure Virtual Desktop Insights can now use the Azure Monitor Agent (AMA) to collect data from session hosts. This preview introduces the ability to use an updated workbook to help orchestrate configuration and management of all required components.
Govern
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
simplified onboarding of multicloud accounts;
support for private endpoints in malware scanning in Defender for Storage;
updates to NIST standards 800-53 in compliance with regulations;
cloud migration planning with an Azure Migrate business case now includes Defender for Cloud;
express configuration for vulnerability assessments in Defender for SQL is available;
added more scopes to Azure DevOps connectors;
replacing agent-based detection with agentless detection for container capabilities in Defender CSPM.
Protect
Azure Backup
Multiple backups per day for Azure virtual machines
Azure Virtual Machine Backup allows you to create advanced policies to take multiple snapshots per day. This allows you to protect virtual machines with an RPO as low as four hours.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:
security cost savings with Microsoft Defender for Cloud (MDC), using the Azure Migrate business case;
troubleshooting issues affecting performance data collection and accuracy of Azure VM and Azure VMware Solution evaluation recommendations.
Azure Database Migration
Online migrations for Azure Database for MySQL instances
Azure Database Migration Service Online Migration for Azure Database for MySQL now allows you to migrate an Azure Database for MySQL instance – Single Server, a MySQL on-premises instance or MySQL servers in other clouds to Azure Database for MySQL – Flexible Server. This new feature helps minimize the downtime of critical applications and limit the impact on the availability of service levels.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Azure VMware Solution Stretched Clusters with Customer-Managed Keys
Stretched clusters for Azure VMware Solution (AVS) is now Generally Available, providing 99.99% uptime for mission critical applications that require the highest availability. With this release, customers can use Customer-Managed Keys to encrypt the stretched vSAN. By default, virtual machines within vSAN datastore are protected with data-at-rest encryption using FIPS 140-2 compliant Data Encryption Key (DEK) generated for each local disk on ESXi hosts. These DEKs are encrypted by VMware vSAN Key Encryption Key (service-managed key) provided by Microsoft.
Stretched Cluster Benefits:
improved application availability;
provide a zero-recovery point objective (RPO) capability for enterprise applications without needing to redesign them or deploy expensive disaster recovery solutions;
A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to AZ failures.
Azure VMware Solution customer-managed encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys.
Mv2 Virtual Machine: 8TB memory
Mv2 High Memory virtual machines serve largest in-memory workloads providing infrastructure for 6 and 12TB memory needs. Based on customer demand, an 8TB memory virtual machine (VM) Standard_M416ms_8_v2 is now available, that offers an intermediate size to scale between 6TB and 12TB.
NGads V620-series VMs optimized for cloud gaming
NGads V620-series virtual machines (VMs), powered by AMD RadeonTM PRO V620 GPUs and AMD EPYCTM 7763 CPUs, are purpose-built for generating and streaming high quality graphics for an interactive gaming experience hosted on Azure. Featuring GPU partitioning with options for ¼, ½, or 1 full GPU, they allow customers to right-size their choice for the performance and cost of the business need. These VMs also feature the AMD Adrenaline Gaming Driver Cloud Edition that targets the same optimizations available in the consumer gaming version of the Adrenaline driver but is further optimized for the cloud environment.In addition, the NGads V620-series VMs also support graphics-accelerated virtual desktop infrastructure (VDI) and visualization rendering, using the AMD Pro Workstation Driver, Cloud Edition.
Azure VMware Solution now available in North Switzerland
With the introduction of AV36 in North Switzerland, customers will receive access to 36 cores, 2.3 GHz clock speed, 576GB of RAM, and 15.36TB of SSD storage.
Confidential Virtual Machines (VM) support in Azure Virtual Desktop (preview)
Azure Confidential Virtual Machines (VMs) support in Azure Virtual Desktop is in public preview. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that is designed to protect against operator access and encrypts data in use. With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines.
Networking
Private Link support for Application Gateway
Private link configuration for Application Gateway enables incoming traffic to an Azure Application Gateway frontend and can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link.
Azure Load Balancer per VM limit removal
The “Load balancer per VM” limit is now removed for customers using Standard Load Balancer. Previously this limit was 2 load balancers per VM (1 public and 1 internal). Now with this limit removed, you can associate as many load balancers per VM with either types (public or internal) up to the Azure Load Balancer’s limits.
Azure Load Balancer: inbound ICMPv6 pings and traceroute are now supported
Standard Public Load Balancer now supports inbound ICMP pings on IPv6 frontends as well as inbound tracerouting support to both IPv4 and IPv6 frontends. This is an addition to previous announcement of ICMPv4 pings support on Azure Load Balancer. Now, you can ping and traceroute to both IPv4 and IPv6 frontend of a Standard Public Load Balancer like you natively would on an on-premises device without any external software needed. This enables you to troubleshoot network issues, identify network bottlenecks, verify network paths, and monitor network performance between Azure Load Balancer and your client device. This functionality is generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.
Azure Front Door integration with managed identities
Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.
Azure Front Door upgrade from standard to premium
Azure Front Door supports upgrading from Standard to Premium tier without downtime. Azure Front Door Premium supports advanced security capabilities and has increased quota limits, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.
Azure Front Door Migration from classic to standard/premium
In March 2022, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model. The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.
Azure Front Door Standard/Premium in Azure Government (preview)
Azure Front Door (AFD) Standard and Premium tier is now available in Azure Government in public preview, in the regions of Arizona and Texas. After this release, Local Government (US) customers and their partners can benefit from the new and enhanced capabilities on standard and premium. The new and enhanced capabilities include, but are not limited to, better reporting and diagnostic capabilities, expanded rules engine with server variables, enhanced Web Application Firewall (latest DRS rule set, Bot protection, Web Application Firewall Notebook using Sentinel for security investigation and monitoring, Microsoft Sentinel Analytics) and security capabilities (Private Link connectivity to your origin, subdomain takeover prevention) and many upcoming new features.
Storage
Zone Redundant Storage for Azure Disks is now available in more regions
Zone Redundant Storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in Brazil South, UK South, East US, East US 2, and South-Central US regions. Disks with ZRS provide synchronous replication of data across three availability zones in a region, enabling disks to tolerate zonal failures without causing disruptions to your application. This feature enables disks to tolerate zonal failures without causing disruptions to your application. Additionally, it allows you to maximize virtual machine availability without the need for application-level replication of data across zones. You can also use ZRS with shared disks to provide higher availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.
Azure Files scalability improvement for Azure Virtual Desktop and other workloads that open root directory handles
Azure Files has increased the root directory handle limit per share from 2,000 to 10,000 for standard and premium file shares. This improvement benefits applications that keep an open handle on the root directory. For example, Azure Virtual Desktop with FSLogix profile containers now supports 10,000 active users per share.
Zone Redundant Storage for Azure Disks is now available in Japan East and Korea Central
Zone Redundant Storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in Japan East and Korea Central regions.
Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the availability zone of your choice, in alignment with Azure compute and other services in the same zone. With this ‘Populate existing volume’ enhancement you can now obtain and, if desired, populate previously deployed, existing volumes with the logical availability zone information. It will automatically map the physical zone the volumes were deployed in and map it to the logical zone for your subscription. This feature will not move any volumes between zones. With this capability you can enhance workloads that were previously deployed regionally and align them with VMs in the same failure domain, for example to enable HA architectures across availability zones.
Azure AD Support for Azure Files SMB shares REST API (preview)
The public preview of Azure Active Directory (Azure AD) for Azure SMB Shares enables share-level read and write access for users, groups, and managed identities (MI) when accessing through the REST API. With Azure AD support, applications can now access Azure file shares securely, without storing or managing any credentials. Applications can leverage managed identities to securely access the customer-owned file shares. Azure Portal also now supports using Azure AD to authenticate requests to Azure Files. Users can choose Azure AD identity-based authentication method for the actions they take through portal such as browsing their file share contents.
Generation 2 VMs support key features that aren’t supported in generation 1 VMs. These features include increased memory, Intel Software Guard Extensions (Intel SGX), and virtualized persistent memory (vPMEM). You can now run Windows workloads on Generation 2 VMs in production to take advantage of these Generation 2 features.
Azure HX Virtual Machines for HPC
HX-series Virtual Machines (VMs) are optimized for large memory HPC workloads such as backend EDA, finite element analysis, computational geoscience, and big data analytics.
These VMs feature:
Up to 176 AMD EPYC™ 9004-series CPU cores with AMD 3D V-Cache (Genoa-X), 1.4 TB of RAM, clock frequencies up to 3.7 GHz, and no simultaneous multithreading.
Up to 1.4 TB/s of effective memory bandwidth and 2.3 GB L3 cache per VM, up to 12 GB/s (reads) and 7 GB/s (writes) of block device SSD performance.
400 Gb/s NDR InfiniBand from NVIDIA Networking to enable supercomputer-scale MPI workloads.
Storage
Azure Files geo-redundancy for standard large file shares (preview)
Azure Files geo-redundancy for large file shares is now in public preview for standard SMB file shares. Azure Files has supported large file shares for several years which not only provides file share capacity up to 100TiB but improved IO operations per second (IOPS) and throughput as well. Large file shares are widely adopted by customers using locally redundant storage (LRS) and zone-redundant storage (ZRS) but has not been available for geo-redundant storage (GRS) and geo-zone redundant storage (GZRS) until now. Geo-redundancy is critical for meeting various compliance and regulatory requirements. Geo-redundant storage asynchronously replicates to a secondary region and if the primary region becomes unavailable, you can initiate a failover to the secondary region.
New features in Azure Container Storage (preview)
Azure Container Storage, a unique storage service built natively for containers, is introducing several new features in preview to enhance the performance, reliability, and backup experience for its customers. Among the new features are volume snapshot, which allows you to capture the point-in-time state of persistent volumes, enabling you to back up data before applying changes. Additionally, the scalability target of Persistent Volumes has increased, empowering you to easily scale up your storage footprint. This means you can focus on building data services without worrying about the limitations of the underlying infrastructure.
To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements, summarized, accompanied by the necessary references to be able to carry out further investigations.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
Azure Monitor for SAP solutions
Azure Monitor for SAP Solutions is now available. It is a solution for customers running SAP applications in a Microsoft Azure environment and allows end-to-end monitoring. With Azure Monitor for SAP, customers can centrally collect end-to-end telemetry data from SAP NetWeaver, database, Linux Pacemaker clusters in high availability and Linux operating systems. The solution Azure Monitor for SAP can be configured with no infrastructure to implement and maintain for customers. Some new features of Azure Monitor for SAP include SAP Landscape Monitor, which provides a single destination to understand the health of the entire SAP landscape, and SAP Insights (preview), which allows you to easily identify the root cause of SAP application availability or performance issues. Furthermore, Azure Monitor for SAP Solutions offers Transport Layer Security and new CPU performance alert templates, memory and disk I/O, plus many other features. With the release of this release, the version of Azure Monitor for SAP solutions (Classic) will be collected by 31 may.
Availability of the Azure Monitor managed service for Prometheus
Prometheus, the open-source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running Prometheus in self-managed mode is often a great solution for smaller implementations, but scaling it to handle enterprise workloads can be a challenge.
Azure Monitor's fully managed service for Prometheus offers the best of what we like about the open-source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. It is available as a standalone feature of Azure Monitor or as an integrated component of Container Insights, Azure Monitor Alerts and Azure Managed Grafana.
Azure Monitor Managed Service for Prometheus for Kubernetes enabled for Azure Arc (preview)
The Azure Monitor managed service for Prometheus extends support for monitoring Kubernetes clusters managed by Azure Arc. The Azure Arc-enabled Azure Monitor for Prometheus on Kubernetes managed service allows customers to monitor their Kubernetes clusters running anywhere and maintains the same functionality as monitoring Azure Kubernetes Service (AKS).
Azure Monitor Agent: support for CIS and SELinux hardening
The AMA has introduced support for hardening standards for CIS and SELinux. For SELinux, AMA works by activating a signed built-in policy. Through CIS, AMA supports select distros, also available on the Azure Marketplace.
Alert support for Azure Data Explorer (preview)
Azure Monitor alerts let you monitor Azure and application telemetry to quickly identify issues affecting various services. More specifically, Azure Monitor log alert rules allow you to set up periodic log telemetry queries to identify potential problems and receive notifications or trigger actions.
Until now, these alert rules supported querying Log Analytics and Application Insights data. Now Microsoft is introducing support for querying Azure Data Explorer tables as well (ADX) and to merge data between these data sources into a single query.
Cost optimization with transformations on Log Analytics for troubleshootingof Cosmos DB
Azure Cosmos DB now supports transformations on Log Analytics workspaces. To help reduce costs when you enable Log Analytics to troubleshoot Cosmos DB resources, transformations have been introduced. These transformations in the Log Analytics workspace allow you to filter columns, reduce the number of results returned and create new columns before the data is sent to the destination.
Configure
Azure Automation
Support for Python runbooks 3.8
Azure Automation has introduced support for Python runbooks 3.8. This feature allows you to create and run Python runbooks 3.8 for orchestrating the management tasks of hybrid and multi-cloud environments.
Govern
Azure Cost Management
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Alert to optimize reservation purchases
Azure Reservations can provide cost savings by committing to annual or three-year plans. However, sometimes reservations can remain unused or underused, resulting in financial losses. As a user of a billing account or a reservation, it is possible to examine the percentage of use of the reservations purchased in the Azure portal, but important changes may be missed. Enabling alerts on the use of reservations, solves the problem by receiving email notifications whenever any of the reservations have low usage. This allows for timely intervention and optimization of reservation purchases to achieve maximum cost efficiency.
Secure
Microsoft Defender for Cloud
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:
new alerts in Defender for the Key Vault;
support encrypted disks in AWS for agentless scanning;
inclusion of new AWS Regions;
changes to identity recommendations;
new recommendations of Defender for DevOps to include Azure DevOps scan results;
release of the Vulnerability Assessment of containers based on Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM.
Protect
Azure Backup
Azure Backup Server V4
The V4 version of Microsoft Azure Backup Server (MABS) has been released and introduces the following improvements:
Workload support: Azure Backup Server V4 supports installation on Windows Server 2022 using SQL Server 2022 come database MABS. Furthermore, adds support for backup of virtual machines running on Azure Stack HCI 22H2 and VMware 8.0, as well as Windows Server backup 2022 and SQL Server 2022.
Performance: Azure Backup Server V4 adds the ability to select and restore individual files/folders from online recovery points for Hyper-V and Azure Stack HCI virtual machines running Windows Server, without having to download the entire restore point. MABS V4 also adds support for parallel restores and features more parallel online backup jobs.
Security: with Azure Backup Server V4 you can use private endpoints to send backups to the Recovery Services vault.
Azure Backup Reports: support for more workloads
Azure Backup Reports now includes support for other workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks. Thanks to this update it is now possible to enable the logging of metadata related to the backup (such as job, backup item, policy, usage) for these workloads and retain these records for a customizable period of time depending on compliance and audit requirements. This way you can take advantage of the reporting views, already provided natively by the Backup Reports solution, to view information about protected items corresponding to these workloads.
Soft deletion of recovery points for Azure Backup (preview)
Azure Backup's soft delete feature now supports soft deletion of recovery points. This feature allows you to recover data from recovery points that may have been deleted as a result of backup policy changes. Soft deleting recovery points allows you to keep these recovery points for an additional duration, based on the retention specified for soft delete in the vault settings.
Support for confidential virtual machines using Customer Managed Keys(private preview)
Azure Backup is introducing support for backup of operating system disk encrypted confidential VMs, done using customer managed keys.
Azure Site Recovery
New Update Rollup
For Azure Site Recovery was released theUpdate Rollup 67 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment of SQL Server.
Azure Database Migration
Database Migration Service Pack for Oracle (preview)
The Database Migration Service Pack for Oracle is a collection of four extensions that provide a complete solution to modernize Oracle workloads and migrate them to databases in the Azure environment. This extension pack offers several benefits, including in-depth end-to-end assessments, correct sizing of Azure resources, code conversion, remediation planning and near real-time data migration in Azure environment (see next paragraph).
Data Migration for Oracle (preview)
The Data Migration for Oracle extension is a powerful tool that allows you to easily migrate Oracle databases to the Azure platform. This solution offers a seamless migration experience, from the source Oracle database to the target platform (SQL), using Azure Database Migration Service. The extension offers both offline and online data migration for critical databases, ensuring minimal downtime for the migration process.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Azure VMware Solution will become generally available on May 17, 2023, to US Federal and State and Local Government (US) customers and their partners, in the regions of Arizona and Virgina. With this release, Microsoft is combining world-class Azure infrastructure together with VMware technologies by offering Azure VMware Solutions on Azure Government, which is designed, built, and supported by Microsoft.
Networking
Routing Intent and Virtual WAN Integrated Firewall NVAs
Routing intent allows you to set up simple and declarative routing policies to configure Virtual WAN to route traffic to bump-in-the-wire security solutions such as Azure Firewall, Integrated Firewall NVA and SaaS deployed in the Virtual WAN hub. This feature delivers two critical use cases: inter-region/inter-hub traffic inspection and branch-to-branch (on-premises to on-premises traffic inspection). With the General Availability of routing intent feature, the Virtual WAN team also extended routing intent capabilities to Next Generation Firewall NVA’s integrated within the Virtual WAN hub. As a result, the Virtual WAN team is also announcing the General Availability of the first two integrated Firewall NVA’s in Virtual WAN: Check Point CloudGuard Network Security and Fortinet NGFW.
Seamlessly upgrade your Application Gateway V2 WAF configuration to a policy
Azure’s regional Web Application Firewall (WAF) on Application Gateway now supports a fully automated experience when upgrading your WAF from a configuration to a policy. WAF policies offer you multiple benefits over WAF configurations including:
richer feature set: Advanced features like newer managed rule sets, custom rules, per rule exclusions, bot protection rules, and more;
higher scale and performance with our next generation WAF engine;
simplified management experience: WAF policy allows you to define your WAF setup once, and share it across multiple gateways, listeners, and URL paths;
latest features: you can keep up to date with the latest features and enhancements.
Policy analytics for Azure Firewall
As application migration to the cloud accelerates, it’s common to update Azure Firewall configuration daily (sometimes hourly) to meet the growing application needs and respond to a changing threat landscape. Frequently, changes are managed by multiple administrators spread across geographies. Over time, the firewall configuration can grow sub optimally impacting firewall performance and security. It’s a challenging task for any IT team to optimize firewall rules without impacting applications and causing serious downtime. Policy analytics help address these challenges faced by IT teams by providing visibility into traffic flowing through the firewall with features such as firewall flow logs, rule to flow match, rule hit rate, and single rule analysis. IT admins can refine Azure Firewall rules in a few simple steps through the Azure portal.
Inbound ICMPv4 pings are now supported on Azure Load Balancer
Standard Public Load Balancer now supports inbound ICMP pings on IPv4 frontends. Previously, to determine reachability of a Load Balancer’s frontend, a TCP-based ping tool like Psping would need to be used. This added complexity as external software was needed on each client machine. Now, you can ping the IPv4 frontend of a Standard Public Load Balancer like you natively would on an on-premises device without any external software needed. This enables you to troubleshoot network traffic between Azure Load Balancer and your client device.
Azure Bastion now support shareable links
With the Azure Bastion shareable links feature, you can now connect to a target resource (virtual machine or virtual machine scale set) using Azure Bastion without accessing the Azure portal. This feature will solve two key pain points:
administrators will no longer have to provide full access to their Azure accounts to one-time VM users—helping to maintain their privacy and security;
users without Azure subscriptions can seamlessly connect to VMs without exposing RDP/SSH ports to the public internet.
Now generally available, the shareable links feature is supported for peered VNETs across subscriptions and across regions. It is also supported for national clouds.
Azure DNS Private Resolver is available in additional regions
Azure DNS Private Resolver is now available in West US, Canada East, Qatar Central, UAE North, Australia Southeast, Norway East, Norway East, and Poland Central.
Always Serve for Azure Traffic Manager (preview)
Always Serve for Azure Traffic Manager (ATM) is now available in public preview. You can disable endpoint health checks from an ATM profile and always serve traffic to that given endpoint. You can also now choose to use 3rd party health check tools to determine endpoint health, and ATM native health checks can be disabled, allowing flexible health check setups.
Storage
Azure Container Storage (preview)
Azure Container Storage, now in preview, is a unique volume management service built natively for containers. It provides a consistent experience across different types of storage offerings, including Managed option (backed by Azure Elastic SAN), Azure Disks, and ephemeral disk on container services. This simplifies the deployment of persistent volumes and offers a highly scalable, cost-effective, high-performance and resilient storage solution. With Azure Container Storage, you can easily create and manage block storage volumes for production-scale stateful container applications and run them on Kubernetes, ensuring consistent experiences across different environments. The solution is optimized to enhance the performance of stateful workloads on Azure Kubernetes Service (AKS) clusters by accelerating the deployment of stateful containers with persistent volumes and improving quality with reduced pod failover time through fast attach/detach. Additionally, by efficiently deploying and managing persistent volumes on backend storage options, you can reduce the total cost of ownership (TCO) associated with container storage.
Azure NetApp Files Standard Network Features – Edit Volumes (preview)
Standard Network Features provide you with an enhanced Virtual Networking experience for a seamless and consistent experience along with security posture for Azure NetApp Files. You are now able to edit existing ANF volumes and upgrading Basic network features to Standard network features.
In the context of today's digital landscape, the adoption of cloud computing has opened up new opportunities for organizations, but at the same time new challenges have emerged in terms of security of cloud resources. The adoption of a Cloud Security Posture Management solution (CSPM) is critical to ensuring that cloud resources are configured securely and that security standards are properly implemented. Microsoft Azure offers Defender for Cloud, a complete solution that combines the power of a CSPM platform with advanced security features to help organizations protect their cloud resources effectively. This article dives into the CSPM features offered by Defender for Cloud.
The pillars of security covered by Microsoft Defender for Cloud
The features of Microsoft Defender for Cloud are able to contemplate three major pillars of security for modern architectures that adopt cloud components:
DevOps Security Management (DevSecOps): Defender for Cloud helps you incorporate security best practices early in the software development process. In fact,, helps secure code management environments (GitHub and Azure DevOps), the development pipelines and allows to obtain information on the security posture of the development environment. Defender for Cloud currently includes Defender for DevOps.
Cloud Security Posture Management (CSPM): it is a set of practices, processes and tools aimed at identifying, monitor and mitigate security risks in cloud resources. CSPM offers broad visibility into the security posture of assets, enabling organizations to identify and correct non-compliant configurations, vulnerabilities and potential threats. This proactive approach reduces the risk of security breaches and helps maintain a secure cloud environment.
Cloud Workload Protection Platform (CWPP): Proactive security principles require implementing security practices that protect workloads from threats. Defender for Cloud includes a wide range of advanced and intelligent protections for workloads, provided through specific Microsoft Defender plans for the different types of resources present in the Azure subscriptions and in hybrid and multi-cloud environments.
Figure 1 – The security pillars covered by Microsoft Defender for Cloud
CSPM in Defender for Cloud
Defender for Cloud is the advanced security solution from Microsoft Azure that contemplates the CSPM scope to offer a wide range of security features and controls for cloud resources. With Defender for Cloud, organizations can get complete visibility into their assets, identify and resolve vulnerabilities and constantly monitor the security posture of resources. Some of the key features offered by Defender for Cloud include:
Configuration analysis: Defender for Cloud examines cloud resource configurations for non-compliant settings and provides recommendations to fix them. This ensures that resources are configured securely and that security standards are met.
Identification of vulnerabilities: the solution continuously scans cloud resources for known vulnerabilities. Recommendations and priorities are provided to address these vulnerabilities and reduce the risk of exploitation by potential threats.
Continuous monitoring: Defender for Cloud constantly monitors the security posture of cloud resources and provides real-time alerts in the event of insecure configurations or suspicious activity. This enables organizations to respond promptly to threats and maintain a secure cloud environment.
Automation and orchestration: Defender for Cloud automates much of the process of managing the security posture of cloud environments, allowing organizations to save valuable time and resources.
Defender for Cloud offers core CSPM capabilities for free. These features are automatically enabled on any subscription or account that has onboarded Defender for Cloud. If deemed necessary, it is possible to expand the set of features by activating the plan Defender CSPM.
The optional Defender CSPM plan offers advanced security posture management capabilities, among the main ones we find:
Security Governance: security teams are responsible for improving the security posture of their organizations, but they may not have the resources or authority to actually implement the security recommendations. Assigning managers with expiration dates and defining governance rules create accountability and transparency, so you can lead the process of improving your organization's security.
Regulatory compliance: with this feature, Microsoft Defender for Cloud simplifies the process of meeting regulatory compliance requirements, providing a specific dashboard. Defender for Cloud continuously assesses the environment to analyze risk factors based on the controls and best practices of the standards applied to the subscriptions. The dashboard reflects your compliance status with these standards. The Microsoft cloud security benchmark (MCSB) instead it is automatically assigned to subscriptions and accounts when you sign in to Defender for Cloud (foundational CSPM). This benchmark builds on the cloud security principles defined by the Azure Security Benchmark and applies them with detailed technical implementation guidance for Azure, for other cloud providers (such as AWS and GCP) and for other Microsoft clouds.
Cloud Security Explorer: allows you to proactively identify security risks in your cloud environment by graphically querying the Cloud Security Graph, which is the context definition engine of Defender for Cloud. Requests from the security team can be prioritized, taking into account the context and the specific rules of the organization. With the Cloud Security Explorer it is possible to interrogate the security problems and the context of the environment, such as resource inventory, Internet exposure, the permissions and the “lateral movement” across resources and across multiple clouds (Azure and AWS).
Attack path analysis: analyzing attack paths helps address security issues, related to the specific environment, which represent immediate threats with the greatest potential for exploitation. Defender for Cloud analyzes which security issues are part of potential attack paths that attackers could use to breach the specific environment. Furthermore, highlights security recommendations that need to be addressed to mitigate them.
Agentless scanning for machines: Microsoft Defender for Cloud maximizes coverage of OS posture issues and goes beyond the coverage provided by specific agent-based assessments. Get instant visibility with agentless scanning for virtual machines, wide and unobstructed regarding potential posture problems. All without having to install agents, meet network connectivity requirements or impact machine performance. Agentless scanning for virtual machines provides vulnerability assessment and software inventory, both through Microsoft Defender Vulnerability Management, in Azure and Amazon AWS environments. Agentless scanning is available in both Defender Cloud Security Posture Management (CSPM) both in Defender for Servers P2.
Conclusions
In the increasingly complex context of IT asset security, especially in the presence of hybrid and multi-cloud environments, the Cloud Security Posture Management (CSPM) has become an essential component of an organizations security strategy. Defender for Cloud in Microsoft Azure offers an advanced CSPM solution, which combines configuration analysis, identification of vulnerabilities, continuous monitoring and automation to ensure that IT assets are adequately protected. Investing in a CSPM solution like Defender for Cloud enables organizations to mitigate security risks and protect IT assets.
Microsoft Azure available from new cloud region in Poland
The newest cloud region in Poland is available with Azure Availability Zones and provides customers with the highest standards of security, privacy, and regulatory-compliant data storage in the country.
Ebsv5 and Ebdsv5 NVMe-enabled VM sizes
The Ebsv5 and Ebdsv5 VM series are the first Azure VM series to support NVMe storage protocol. NVMe support enables these series to achieve the highest Disk Storage IOPS and throughput of any Azure VMs to date. NVMe is a high-performance storage interface that is faster and more efficient compared to other traditional storage protocols like SCSI, which is the only other protocol that most Azure VMs use currently. With NVMe interface supported, customers can now use these VMs to achieve even higher VM-to-disk throughput and IOPS performance per core, with up to 8,000 MBps and 260,000 IOPS. This enables customers that process extremely data-intensive workloads to process more data on fewer core compute resources, potentially saving them money on infrastructure and commercial software licensing costs.
DCesv5 and ECesv5-series Confidential VMs with Intel TDX (preview)
There is an expansion of Confidential VM family with the launch of the DCesv5-series and ECesv5-series in preview. Featuring 4th Gen Intel® Xeon® Scalable processors, these VMs are backed by an all-new hardware-based Trusted Execution Environment called Intel® Trust Domain Extensions (TDX). Organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications.
Networking
Cloud Next-Generation Firewall (NGFW) Palo Alto Networks – an Azure Native ISV Service
Cloud NGFW Palo Alto Networks is the first ISV next-generation firewall service natively integrated in Azure. Developed through a collaboration between Microsoft and Palo Alto Networks, this service delivers the cutting-edge security features of Palo Alto Networks NGFW technology while also offering the simplicity and convenience of cloud-native scaling and management. NGFWs provide superior network security by offering enhanced capabilities compared to traditional firewalls. These include deep packet inspection, advanced visibility and control features, and the use of AI to improve threat detection and response.
Palo Alto Networks SaaS Cloud NGFW Integration with Virtual WAN (preview)
Palo Alto Networks Cloud NGFW is the first security software-as-a-service (SaaS) solution to be integrated in Azure Virtual WAN, allowing you to enjoy the simplicity of a SaaS security offering without the hassles of managing provisioning, scaling, resiliency, software updates, or routing.
Cloud NGFW SaaS integration with Virtual WAN provides you with the following benefits:
protect workloads with a highly available NGFW powered by machine learning to
detect and stop known, unknown and zero-day threats;
fully managed infrastructure and software lifecycle under SaaS model; consumption-based pay-as-you-go billing;
dedicated and streamlined support channel between Azure and Palo Alto Networks to provide a delightful customer support experience;
simple one-click routing to inspect on-premises, Azure VNets and Internet traffic;
deep and cohesive integration with Azure that provides a cloud-native experience.
Application Gateway V1 will be retired on 28 April 2026
Because Application Gateway V1 retires on 28 April 2026, please transition to Application Gateway V2 by that date.
Alongside the Application Gateway V1 features you already use, Application Gateway V2 provides:
additional features – Autoscaling, zone redundancy, URL rewrite, mutual authentication mTLS , Azure Kubernetes Service Ingress Controller, Keyvault integration;
enhanced security – Faster update of security rules, WAF custom rules and policy associations, bot protection-
From now through 28 April 2026, you can continue using Application Gateway V1 but begin transitioning to Application Gateway V2.
New customers (customers who doesn’t not have Application Gateway V1 SKU in their subscriptions in the month of June 2023) won’t be able to create V1 gateways from 1st July 2023.
Existing customers with subscriptions containing V1 gateways, will no longer be able to create V1 gateways after 28th August 2024. However, they can manage V1 gateways until the retirement date of 28 April 2026. After 28 April 2026, Application Gateway V1 will not be supported.
Storage
Cross-region service endpoints for Azure Storage
Cross-region service endpoints is now generally available for Azure Blob and Data Lake Storage in all Azure regions. Virtual Network (VNet) service endpoints provide secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Service endpoints in Azure Storage already allow the ability to connect to a storage account to VNets in the same or paired region. With this release, cross-region service endpoints can be configured to allow access to an Azure Blob or Data Lake storage account from VNets in any region. This is valuable for customer scenarios such as global storage resource and access management.
Azure Blob Storage adds a new online access: Cold Storage (preview)
Azure Blob Storage is optimized for storing massive amounts of unstructured data. With blob access tiers, you can store your blob data in the most cost-effective manner based on how frequently it will be accessed and how long it will be retained. Now Azure Blob Storage adds a new online access tier, cold, in addition to hot, cool and archive.
Cold tier pricing is positioned between cool and archive, with 90-day early deletion policy. See the prices in Azure Blob Storage pricing. You can seamlessly use the cold tier the way you use hot and cool, through REST API, SDK, tools, and lifecycle management policy. Cold public preview is now available in Canada Central, Canada East, France Central and Korea Central.
Microsoft is constantly announcing news regarding Azure management services. This summary, published monthly, allows you to have an overall overview of the main news of the current month, in order to stay up to date on these news and have the necessary references to conduct further study.
The following diagram shows the different areas related to management, which are covered in this series of articles:
Figure 1 – Management services in Azure overview
Monitor
Azure Monitor
Azure Monitor for Prometheus has updated the AKS add-on to support Windows nodes
Azure Monitor for Prometheus managed service has updated the AKS metrics add-on to support collection of Prometheus metrics from Windows nodes in AKS clusters. Azure Monitor Metrics add-on integration allows Windows pod DaemonSets to start running on node pools. Are supported both Windows Server 2019 also Windows Server 2022.
Azure Monitor Metrics Dataplane API released
The Azure Metrics Dataplane API is a new approach to Azure Monitor that improves the collection of resource information enabling greater query capacity and efficiency. With this API it is possible to retrieve data on metrics, for a maximum of 50 ID of resources in the same subscription and region, in one batch API call. This improves query throughput, reduces the risk of throttling and provides a smoother experience for customers who want to gather information about Azure resources.
Configure
Update management center
Hotpatch availability for Windows Server VMs in Azure with Desktop Experience Hotpatch is now available for preview images of Windows Server Azure Edition virtual machines with the Desktop Experience installation mode.
Hotpatch is a feature that allows you to patch and install updates to Windows Server Azure Edition virtual machines in an Azure environment, without requiring a restart. It was previously available for Server Core installation mode, but now also Windows Server Azure Edition virtual machines installed with Desktop Experience installation mode can take advantage of this security update installation mode, by providing:
less impact on workloads by having to do fewer reboots;
faster deployment of updates, as the packages are smaller, they install faster and patch orchestration is easier with Azure Update Manager;
better protection, because hotpatch update packages are dedicated to Windows security updates that install faster without reboots.
Govern
Azure Cost Management
Azure Advisor: advice for the right sizing of VM/VMSSwith a custom reference time
Customers using Azure Advisor can improve the relevance of recommendations to make them more actionable, resulting in additional cost savings. In fact,, right sizing recommendations help optimize costs, identifying idle or underutilized virtual machines based on their CPU activity, storage and network over the default seven-day reporting period. Now, thanks to the latest update, customers can set the reporting period to get recommendations based on 14, 21, 30, 60 or even 90 days of use. The configuration can be applied at the subscription level. This feature is especially useful when workloads peak biweekly or monthly.
Updates related toMicrosoft Cost Management
Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.
Secure
Microsoft Defender for Cloud
Integration between Azure API Management and Microsoft Defender for API (preview)
It is now possible to obtain a higher level of API security thanks to the integration between Azure API Management and Microsoft Defender for APIs. This integration enables a comprehensive defense strategy for:
gain visibility into Azure APIs;
understand their security posture;
prioritize vulnerability fixes;
detect and respond to active threats in runtime, using anomalous and suspicious API usage detections based on machine learning.
New features, bug fixes and deprecated features of Microsoft Defender for Cloud
Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features.
Protect
Azure Backup
Support for Azure VMs using Premium SSD v2 (preview)
In Azure Backup it is now possible to enable the protection of Azure virtual machines that use Premium SSD v2. Enabling these backups is currently available in select regions, and Microsoft plans to add support in more regions in the coming weeks..
Azure Site Recovery
Large disk support for disaster recovery of Hyper-V virtual machines
In Azure Site Recovery it is now possible to enable disaster recovery of Hyper-V virtual machines with data disks up to 32 TB. This applies to Hyper-V VMs replicating to managed disks in any Azure region.
Migrate
Azure Migrate
New Azure Migrate releases and features
Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concern:
possibility to create a business case by importing the list of servers through a .csv file;
building a business case using Azure Migrate for:
servers and workloads running in Microsoft Hyper-V and physical/bare-metal environments, as well as IaaS services from other public clouds;
SQL Server Always On Failover Cluster instances and Always On availability groups.
Evaluation of Azure
To test for free and evaluate the services provided by Azure you can access this page.
Hotpatch for Windows Server VMs on Azure with desktop experience
Hotpatch is now available for Windows Server Azure edition VMs running the desktop experience. Hotpatch is a feature that allows you to patch and install updates to Windows Server Azure Edition virtual machines on Azure without requiring a reboot. It was previously available for the server core installation mode, but now, Windows Server Azure edition VMs installed with the desktop experience mode (the Windows Explorer shell, Start Menu, etc.) will no longer reboot every month for security updates, providing:
lower workload impact with less reboots;
faster deployment of updates as the packages are smaller, install faster, and have easier patch orchestration with Azure Update Manager;
better protection, as the hotpatch update packages are scoped to Windows security updates that install faster without rebooting.
Trusted launch on existing Azure Gen2 VMs (preview)
Trusted launch provides a seamless way to improve the security of Azure Generation 2 VMs. It protects against advanced and persistent attack techniques by combining technologies which can be independently enabled like secure boot and virtualized version of trusted platform module (vTPM). The preview is available to support to enable Trusted launch on existing Gen2 VMs by upgrading the security type of the Gen2 VM to Trusted launch. This will help improve the foundational security of existing Gen2 VMs.
Networking
Azure CNI overlay in generally available
Azure CNI overlay addresses performance, scalability and IP exhaustion challenges while using traditional Azure Container Networking Interface (CNI). With Azure CNI overlay AKS clusters can be scaled to very large sizes by assigning pod IP addresses from user defined overlay address space which are logically different from VNet IP address space hosting the cluster nodes. Additionally, user defined private CIDR can be reused in different AKS clusters, truly extending the IP space available for containerized applications in AKS. Pod and node traffic within the cluster use an overlay network via Azure Software Defined Network (SDN) without any additional encapsulation. Network Address Translation (using the node’s IP address) is used to reach resources outside the cluster.
Storage
Azure Storage Mover is now Generally Available
Azure Storage Mover is a new, fully managed migration service that enables you to migrate your files and folders to Azure Storage while minimizing downtime for your workload. You can use Storage Mover for different migration scenarios such as lift-and-shift, and for cloud migrations that you have to repeat occasionally. Azure Storage Mover also helps maintain oversight and manage the migration of all your globally distributed file shares from a single storage mover resource.
Support for Linux clients to use identity-based access to Azure file shares over SMB
Azure Files now supports Linux clients to use identity-based authentication over Server Message Block (SMB). Previously only Windows clients were supported by Azure Files.
In order to leverage identity based authentication and authorization, the clients need to be domain joined to one of the following Domain Services:
On-premises Active Directory Domain Services (AD DS)
Azure Active Directory Domain Services (Azure AD DS)
Azure Active Directory (Azure AD) Kerberos for hybrid identities is NOT supported yet for Linux clients. This capability will enable customers who are moving a mix of Windows and Linux environments to cloud to have a consistent identity system across both Windows and Linux workstations.
Azure Elastic SAN Public Preview is now available in more regions
Azure Elastic SAN, which is currently in preview, is available with locally redundant storage (LRS) in several regions, including Australia East, Southeast Asia, France Central (including ZRS), North Europe (including ZRS), Sweden Central, UK South, West Europe (including ZRS), East US, East US 2, South Central US, West US 2 (including ZRS), and West US 3. By combining SAN-like capabilities with the advantages of being a cloud-native service, Azure Elastic SAN provides a storage solution that is highly scalable, cost-effective, high-performing, and resilient. It caters to various storage needs, whether you’re migrating your on-premises SAN to the cloud or creating your application directly in the cloud.
