Category Archives: Datacenter Management

How to maintain technological and economic control of Azure resources and beyond

Solutions related to the public cloud in recent years have registered considerable interest from many companies, attracted by the possibilities offered and the relative benefits. In fact,, among the main characteristics of the public cloud we find dynamism and speed of provisioning, which can be a great vector of innovation for organizations in the IT field. However, if you decide to apply procedures and practices already consolidated in the on-premise world also to cloud environments, you risk making serious mistakes. The cloud is by nature different and, applying the same processes of the on-premise environment, you are likely to have the same results, the same problems, almost similar implementation times and even higher costs. It is therefore essential to implement a process of Cloud Technical Governance through which to ensure effective and efficient use of IT resources in the cloud environment, in order to best achieve their goals. In particular, Governance of the Azure environment is made possible by a series of solutions specially designed to allow management and constant control of the various Azure resources on a large scale. This article will show some of the main Microsoft solutions to consider to better define and manage the governance of services in the Azure environment and beyond.

Public cloud: a double-edged sword

Talking about public clouds today means referring to resources and services that a company can hardly do without, but in some respects it can be a double-edged sword.

What are the main features and potential strengths, they can hide pitfalls if not governed properly:

The Self-service delega, this means the possibility of delegating the creation of resources to several working groups, greatly increases the agility and speed of provisioning, but at the same time it could lead to a total lack of control if this is not done in a correct and controlled way.
In the public cloud, almost everything is pay-per-consumption. If we combine this feature with the adoption of uncontrolled self-service delegations, where everyone creates resources without an appropriate government, the result can lead to very high and unnecessary costs.
When we talk about public cloud we also know that flexibility and scalability they are two great elements of strength and value, but this flexibility, the fact of being able to adopt hundreds of solutions, operating according to self-service logic, combined with hybrid connectivity environments must also focus our attention on new potential security threats.
Although Azure, as well as major public clouds, has a very large number of certifications, it introduces solutions based on new technologies which may be difficult to reconcile with corporate compliance requirements.

Adopt the cloud with proper Technical Governance

In the light of these considerations, the advice is to adopt solutions in the public cloud to remain competitive in this ever-changing digital world, but with the appropriate practices of Cloud Technical Governance that help the company mitigate risk and create guardrails. Governance policies within an organization, if properly managed, they also act as an early warning system to detect potential problems.

When it comes to cloud governance there are several disciplines that emerge. Thecost management it is one of the fundamental subjects that absolutely must be treated and managed. To this are added equally important arguments, as the definition of security and compliance baselines, the identity management, theacceleration of deployment processes and the standardization of created resources.

Therefore, declining the concept of governance for an ICT system in the cloud means defining, implement and continuously verify all those rules that make it:

with predictable costs;
secure according to the guidelines defined by corporate security at any level, not necessarily technical:
supportable by all working groups involved in the implementations;
subject to audit in terms of compliance with current and company regulations.

The main Microsoft tools for Governance

Cloud governance can be associated with a trip, where Microsoft provides several platform tools to make it run smoothly. The following paragraphs show some of the main solutions to be taken into consideration to implement functional governance.

Cloud Adoption Framework di Azure

From a design point of view, Microsoft provides the Cloud Adoption Framework di Azure, a set of documentation and tools that guide in the best practices of implementations of solutions in the Azure environment. Among these best practices, that it is good to adopt commonly and that it is appropriate to decline specifically for the various customers based on their needs, there is also a specific section for governance. This can be seen as a starting point for applying these practices in detail.

Figure 1 – Design and standardization: Cloud Adoption Framework for Azure

Azure Policy

Azure Policy, natively integrated into the platform, are a key element for governance as they allow you to control the environment and obtain consistency with respect to the activated Azure resources.

Azure Policies allow you to manage:

compliance:
- enable native or custom policies for all resource types;
- real-time policy assessment and enforcement:
- periodic and upon request conformity assessment;
large-scale distribution:
- application of policies to Management Group with control over the whole organization;
- applying multiple policies and aggregating policy states through initiatives;
- exclusion scope;
- Policy as Code con Azure DevOps.
remedies and automations:
- correction of existing assets to scale;
- automatic remediation upon implementation;
- activation of alerts when a resource is not compliant.

Defender for Cloud

The Microsoft Defender for Cloud solution provides a set of features that cover two important pillars of security for modern architectures that adopt cloud components: Cloud Security Posture Management (CSPM) e Cloud workload protection (CWP).

Figure 2 – The security pillars covered by Microsoft Defender for Cloud

WithinCloud Security Posture Management (CSPM) Defender for Cloud can provide the following features:

visibility: to assess the current security situation;
guida all’hardening: to be able to improve security efficiently and effectively.

Thanks to a continuous assessment, Defender for Cloud is able to continuously discover new resources that are distributed and evaluate if they are configured according to security best practices. If not,, assets are flagged and you get a priority list of recommendations on what to fix to improve their security. As regards the scopeCloud Workload Protection (CWP), Defender for Cloud delivers security alerts based onMicrosoft Threat Intelligence. Furthermore, includes a wide range of advanced and intelligent protections for workloads, provided through specific Microsoft Defender plans for the different types of resources present in the subscriptions and in hybrid and multi-cloud environments.

Microsoft Cost Management

To face the important challenge of being able to always keep under control and optimize the expenses to be incurred for the resources created in the cloud environment, the main tool is Microsoft Cost Management, that allows you to:

Monitor cloud spending: the solution tracks the use of resources and allows you to manage costs, also on AWS and GCP, with a single, unified vision. This allows access to a series of operational and financial information and to make decisions with the right awareness.
Increase accountability: allows you to increase the responsibility of the various company areas through budgets, using cost allocation and with chargeback policies.
Optimize costs: through the application of industry best practices

Microsoft Sustainability Manager

Today, an efficient and effective use of IT resources must also take into consideration the environmental impact and energy consumption. Microsoft Sustainability Manager is a Microsoft Cloud for Sustainability solution that unifies data to better monitor and manage the environmental impact of resources. Regardless of the stage you are in to achieve the zero emissions goal, this solution makes it possible to document and support the process for reducing emissions. In fact,, the solution allows you to:

gain the visibility needed to promote sustainability;
simplify data collection and emissions calculations;
analyze and report more efficiently the environmental impact and progress of a company in terms of sustainability.

Not just Azure, but a governance for all IT assets

In situations where a hybrid or multi-cloud strategy is being adopted, the question arises: “as you can view, govern and protect IT assets, regardless of where they are running?”

The answer to this question can be: “adopting Azure Arc”.

In fact,, the underlying principle of Azure Arc is to extend Azure management and governance practices to different environments and to adopt typically cloud solutions, even for on-premises environments.

Figure 3 – Azure Arc overview

To achieve this, Microsoft has decided to extend the modelAzure Resource Manager so that we can also support hybrid environments, thus facilitating the implementation of the control features present in Azure on all the infrastructure components.

Conclusions

To ensure effective use of the public cloud, it is important to adopt the right cloud governance practices that help mitigate risks and protect the company from improper use of IT resources. There are many disciplines to consider and the governance of your IT environment needs to extend across all resources, regardless of where they are. Microsoft offers a number of tools and solutions to address the governance challenge, however, a lot of experience is needed to implement established and reliable processes.

Azure IaaS and Azure Stack: announcements and updates (March 2023 – Weeks: 09 and 10)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure VMware Solution in Microsoft Azure Government (preview)

Azure VMware Solution is a fully managed service in Azure that customers can use to extend their on-premises VMware workloads more seamlessly to the cloud, while maintaining their existing skills and operational processes. Azure VMware Solution is already available in Azure commercial for any customer, including public sector organizations. With this launch, Microsoft is extending the same benefits of Azure VMware Solution to Azure Government, where US Government customers and their partners can meet their security and compliance needs.

Spot Priority Mix

Spot Priority Mix is a new feature for Virtual Machine Scale Sets (VMSS) with Flexible Orchestration Mode enabled. With Spot Priority Mix, customers can now mix spot and standard virtual machines in their Flexible scale set, providing the high availability of standard virtual machines and the cost savings of Spot virtual machines. This feature also allows customers to autoscale their scale set with a percentage split of Spot and standard virtual machines, providing even more flexibility and cost optimization. With Spot Priority Mix, customers can specify a base number of standard virtual machines and a percentage split of spot and standard virtual machines to be used when the scale set capacity is above the base number of standard virtual machines. This allows customers to ensure that their critical workloads are always running on standard virtual machines, while taking advantage of the cost savings offered by spot virtual machines for non-critical, interruptible workloads.

Networking

Azure Network Watcher: new enhanced connection troubleshoot

As customers bring sophisticated, high-performance workloads into Azure, there is a critical need for increased visibility and control over the operational state of complex networks running these workloads. One such day-to-day common occurring scenario is connectivity.

Although Microsoft Azure Network Watcher provides numerous specialized standalone tools to diagnose and troubleshoot connectivity cases. These tools include:

IP Flow Verify – helping detect blocked traffic due to network security group (NSG) rules restriction
Next Hop – determine intended traffic as per the rules of the effective route
Port Scanner – helping determine any port blocking traffic.

With a one-stop solution to all disjointed operations and actionable insights at the fingertips, the new comprehensive and improved Network Watcher connection troubleshoot aims to reduce mean time to resolution and improve your experience.

New features:

Unified solution for troubleshooting all NSG, user defined routes, and blocked ports
Actionable insights with step-by-step guide to resolve issues
Identifying configuration issues impacting connectivity
NSG rules that are blocking traffic
Inability to open a socket at the specified source port
No servers listening on designated destination ports
Misconfigured or missing routes

Scale improvements and metrics enhancements on Azure’s regional WAF

You can now do more with less using the increased scale limits for Azure’s regional Web Application Firewall (WAF) running on Application Gateway. These increased scale limits allow you greater flexibility, and scale, when configuring your WAF to meet the needs of your applications and network. Application Gateway v2 WAF enabled SKUs running Core Rule Set (CRS) 3.2 or higher now supports a higher number of frontend ports, HTTP load-balancing rules, backend HTTP settings, SSL certificates, number of sites, and redirect configurations. The regional WAF also increased the number of HTTP listeners from 40 to 200. You can leverage the new metrics for Azure’s regional v2 WAF when you use CRS 3.2 or higher, or if your WAF has bot protection and geo-filtering enabled. The regional WAF now allows you to filter the metrics total requests, managed rule matches, custom rule matches, and bot protection matches by the dimensions policy name, policy scope and ruleset name, in addition to the already existing dimensions that the WAF supports.

Azure Virtual Network Manager Event Logging (preview)

Azure Virtual Network Manager (AVNM) event logging is now available for public preview. AVNM is a highly scalable and available network management solution that allows you to simplify network management across subscriptions globally. With this new feature, you can monitor changes in network group membership by accessing event logs. Whenever a virtual network is added to or removed from a network group, a corresponding log is emitted for that specific addition or removal. You can view and interact with these logs using Azure Monitor’s Log Analytics tool in the Azure Portal, or you can store them in your storage account, or send them to an event hub or partner solution.

Storage

More transactions at no additional cost for Azure Standard SSD

Microsoft has made changes to the billable transaction costs per hour that can result in additional cost savings. The total cost of Azure Standard SSD storage depends on the size, number of disks, and the number of transactions. Any transactions that exceed the maximum hourly limit will not incur additional charges. New prices took effect on March 6th, 2023.

Customer Initiated Storage Account Conversion

Microsoft is now supporting the self-service ability to convert storage accounts from non-zonal redundancy (LRS/GRS) to zonal redundancy (ZRS/GZRS). You can now save time by initiating a storage account conversion directly through Azure Portal rather than creating a support ticket. Converting your storage account to zonal redundancy allows you to increase your intra-regional resiliency and availability.

Online live resize of persistent volumes

Live resizing capability allows you to dynamically scale up your persistent volumes without application downtime. Previously, in order to resize the disk, you had to scale down your deployment to zero pods, wait several minutes for the disk to detach, update your persistent volume claim, and then scale back up the deployment. With Live resize of persistent volumes, you can just modify your persistent volume claim directly, avoiding any application downtime.

Azure Ultra Disk Storage in the China North 3 Azure region

Azure Ultra Disk Storage is now available in the China North 3 Azure region. Azure Ultra Disk Storage offers high throughput, high input/output operations per second (IOPS), and consistent low latency disk storage for Azure Virtual Machines. Ultra Disk Storage is well-suited for data-intensive workloads such as SAP HANA, top-tier databases, and transaction-heavy workloads.

Azure Archive Storage now available in West US 3

Azure Archive Storage provides a secure, low-cost means for retaining rarely accessed data including backup and archival storage. Now, Azure Archive Storage is available in West US 3.

Azure Management services: what's new in February 2023

During the month of February some news regarding the Azure management services were announced. This article provides an overview of the month's top news, so that we can stay up to date on these topics and have the necessary references to conduct further insights.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

Protect

Azure Backup

Improved experience for creating and managing private endpoints for Recovery Services vaults

Azure Backup allows you to use private endpoints to perform backups and restores securely, using private IPs of virtual networks. Azure Backup recently introduced several enhancements that provide an easier experience for creating and using private endpoints for Recovery Service vaults. The main improvements made as part of this update are as follows:

Ability to create private endpoints without managed identities
Use fewer private IPs per vault
You no longer need to create separate private endpoints for blob and queue services

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 66 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features. In particular, this month the main news concerns the discovery and assessment support for SQL Server Always On failover cluster instances and Always On availability groups.

Azure Database Migration

Database migrations with login and TDE

The new feature of the Azure SQL Migration extension makes the post database migration experience smoother. In fact,, you can have instance-level object migration support, such as SQL and Windows logins, the permissions, server roles and updated user mapping of previously migrated databases.

Furthermore, you can now perform TDE-enabled database migrations with a wizard that automates the backup process, copying and reconfiguring database encryption keys for Azure SQL Managed Instance targets.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (February 2023 – Weeks: 07 and 08)

Azure

Storage

Create disks from CMK-encrypted snapshots across subscriptions and in the same tenant

To ease manageability, Microsoft makes disks encrypted with customer-managed keys (CMK) more flexible by allowing creation of disks and snapshots from CMK-encrypted source across subscriptions.

Incremental snapshots for Premium SSD v2 Disk Storage (preview)

Incremental snapshots for Premium SSD v2 Disk Storage in the US East and West Europe Azure region are available. This new capability is particularly important to customers who want to create a backup copy of their data stored on disks to recover from accidental deletes, or to have a last line of defense against ransomware attacks, or to ensure business continuity. You can now create incremental snapshots for Premium SSD v2 Disk Storage on Standard HDD. Additionally, snapshot resources can be used to store incremental backups of your disk, create or recover to new disks, or download snapshots to on-premises locations. This new feature adds an extra layer of data protection and flexibility for users.

Azure Managed Lustre (preview)

Azure Managed Lustre is a managed, pay-as-you-go file system purpose-built for high-performance computing (HPC) and AI workloads. This high-performance distributed parallel file system delivers hundreds of GBps storage bandwidth and solid-state disk latency and integrates fully with Azure services such as Azure HPC Compute, Azure Kubernetes Service, and Azure Machine Learning.

Use this system to:

Simplify operations
Reduce setup costs
Eliminate complex maintenance

Azure NetApp Files updates (preview)

Azure NetApp Files volume user and group quotas: in some scenarios you may want to limit this storage consumption of users and groups within the volume. With Azure NetApp Files volume and group quotas you can now do so. User and/or group quotas enable you to restrict the storage space that a user or group can use within a specific Azure NetApp Files volume. You can choose to set default (same for all users) or individual user quotas on all NFS, SMB, and dual protocol-enabled volumes. On all NFS-enabled volumes, you can set default (same for all users) or individual group quotas.
You can now create Azure NetApp Files large volumes between 100TiB to 500TiB in size.
Azure NetApp Files now supports smaller 2TiB capacity pool sizes, lowered from 4TiB, when used with volumes using standard network features.
Azure NetApp Files volumes now support encryption with customer-managed keys (CMK), using Azure Key Vault for key storage, to enable an extra layer of security for data at rest.

Activate the Disaster Recovery of your workloads quickly and easily thanks to Azure VMware Solution

In an era where companies increasingly depend on computer systems for their functioning, data protection and business continuity are elements that must necessarily be taken into consideration. Unforeseen events such as natural disasters, hardware failures, cyber attacks and human errors can cause disruption of IT services, resulting in significant financial losses. This is where the Disaster Recovery plan comes into play (DR), that allows companies to quickly restore IT services and minimize the impact of unexpected events on the business. For large companies with heterogeneous and complex IT environments, it can be particularly challenging to activate a Disaster Recovery plan. This article explains how Azure VMware Solution (AVS), thanks to its characteristics, can be the ideal solution for developing a Disaster Recovery plan quickly and easily.

The importance of a DR plan in the company

The presence of a good Disaster Recovery strategy may seem obvious, but many companies continue to neglect its importance. Among the main factors to be considered for the DR we find:

Business continuity: DR plan allows companies to quickly restore IT systems, minimizing the impact of unforeseen events and ensuring business continuity.
Minimization of financial losses: IT service outages can cause significant financial loss. The DR plan allows you to minimize these losses, restoring IT systems as quickly as possible.
Regulatory compliance: many regulations require companies to have a DR plan in place to protect data and ensure business continuity.
Customer trust: business continuity is an important factor in customer trust. A DR plan can demonstrate to customers that the company can handle unexpected events and ensure continuity of services.

Challenges to face in the activation of a DR plan

The importance is understood, however, it is true that companies often find themselves facing various challenges when they have to activate a Disaster Recovery plan (DR). Some of the more common challenges are:

Recovery site availability: usually Disaster Recovery (DR) is activated at a dedicated recovery site separate from the corporate headquarters. This recovery site may be located in a different geographical area to provide greater protection against catastrophic events that could affect the geographical area where the company headquarters is located. The recovery site must be adequate, equipped and configured to support critical business operations, so that these can be restored as quickly as possible.
Recovery times: the time it takes to restore IT systems is one of the biggest challenges in the event of a service outage. Businesses must do everything possible to reduce downtime and restore IT services as quickly as possible.
Data access: in the event that the IT service disruption is caused by a natural disaster, a cyber attack or human error, access to data may be compromised. It is important that businesses protect their data and that backups are kept in a safe place, to ensure the recovery of information.
Staff training: company personnel must be adequately trained to be able to manage recovery procedures effectively. This requires an investment in staff training and development.

Introduction to the adoption of Azure

Microsoft Azure was designed from the ground up to help customers reduce costs, complexity and to improve the reliability and efficiency of your IT environment.

Figure 1 – The comprehensive approach to building an infrastructure designed for different workloads

There is no one-size-fits-all way to adopt cloud solutions, but it makes sense to give customers the ability to embrace the cloud at their own pace, in some cases even adopting the same technological solutions that they are currently using in their on-premises environment. Provide platform symmetry (on-premises – cloud), where appropriate, it is useful for addressing workload migration scenarios, but also to activate Disaster Recovery plans.

In this article it will be considered Azure VMware Solution (AVS) the designed service, built and supported by Microsoft, and approved by VMware, which allows customers to use physical VMware vSphere clusters hosted in Azure.

Azure VMware Solution: why use it for Disaster Recovery

Azure VMware Solution is a service that allows the provisioning and execution of an environment VMware Cloud Foundation full on Azure. VMware Cloud Foundation is VMware's hybrid cloud platform for managing virtual machines and orchestrating containers, where the entire stack is based on a hyper-converged infrastructure (HCI).

Figure 2 – Azure VMware Solution overview

This architecture model ensures consistent infrastructure and operation across any private and public cloud, including Microsoft Azure. The solution Azure VMware allows customers to adopt a full set of VMware features, with the guarantee of holding the validation "VMware Cloud Verified". This solution helps to achieve consistency, performance and interoperability for existing VMware workloads, without sacrificing speed, scalability and availability of Azure global infrastructure. Among the main scenarios of adoption of Azure VMware Solution we find the Disaster recovery.

Talking to enterprise customers, we see a variety of drivers driving the adoption of a solution such as Azure VMware Solution to activate an effective DR strategy:

Speed: AVS allows you to implement DR plans quickly and efficiently thanks to a hybrid cloud architecture, virtual machine replication and advanced automation features you can adopt. These elements allow companies to reduce the time required to activate a DR plan and to restore critical operations in the event of a disaster.
Costs and complexity: Azure VMware Solution can help reduce the cost of setting up a disaster recovery site (DR). In fact,, AVS enables companies to extend their on-premises VMware solutions to Azure, creating a hybrid cloud DR environment that offers flexibility and scalability. Instead of purchasing expensive hardware and infrastructure for a separate DR site, companies can use Azure as a recovery site and pay only for the cloud resources they actually use while enabling DR. This allows companies to reduce the initial costs of DR activation and to simplify the IT infrastructure with consequent benefits also from the point of view of maintenance. Furthermore, thanks to AVS it is possible to resize the infrastructure dynamically, based on your needs, and ensure greater operational efficiency.
People, processes and tools: AVS lets you leverage your existing investments in skills and tools to manage your on-premises VMware environments. To implement disaster recovery plans using Azure VMware Solution, it is possible to adopt native VMware solutions or third-party solutions. In fact,, Microsoft, in order to guarantee its customers the opportunity to make the most of the investments made in skills and technologies, has collaborated with some of the main partners in the sector, to ensure integration and support. For more information on this, you can consult the article "Disaster recovery with Azure VMware Solution – Cloud Community".

Conclusions

Azure VMware Solution represents an ideal solution to address Disaster Recovery cases (DR), for enterpise realities, thanks to its flexibility, scalability and reliability. Using this solution, companies can create environments in Azure that are compatible and integrated with on-premises VMware infrastructure, ensuring business continuity and emergency recovery in the event of a disaster. Furthermore, the solution allows you to simplify and automate DR management, reducing costs and increasing recovery speed. Therefore, if you are looking for a solution to implement efficient and effective DR plans, Azure VMware Solution is definitely a solution to consider.

The importance of a modern approach to networking and effective network governance in the cloud era

Networking is one of the pillars in the IT world, because it supports the infrastructure, allows the exchange of all the data necessary for the business, both inside and outside the company, and enables the creation and adoption of new solutions. You can easily understand how networking is a delicate area, complex and constantly evolving. However, what we are witnessing in many companies is the obstinacy to a traditional approach to networking that is now limiting and not very effective. This article lists the main challenges of a traditional approach to networking in the modern era and gives some suggestions for adopting a different approach and for structuring effective network governance.

The challenges of traditional networking in the modern era

Going into the merits of the main challenges that customers face every day in the networking field we find:

an increase in complexity and management effort: the rapid proliferation of cloud environments, of mobile devices and the IoT has effectively eroded the boundaries of modern networks, making them more difficult to manage and more vulnerable;
expansion of the attack surface: in this regard, the question to which it is advisable to be able to answer is «how is it possible to guarantee effective network protection without interfering with the growth and fluctuations of workloads in cloud and multi-cloud environments?»;
fragmented and inconsistent visibility and integration between local data centers and cloud environments: adding isolated monofunctional network products to deal with communication problems increases the complexity, IT staff costs and workload;
changes in branch office connectivity: the trend of corporate realities, geographically distributed, sees the replacement of expensive MPLS connections with more affordable direct Internet connections, but which do not always allow to reach the same levels of quality and performance.

All of this translates into specific critical points that I have encountered with our customers over time:

High costs and a lot of complexity
Many network solution vendors with poor integration
Too many alerts with slow and manual responses
Lack of properly trained internal IT personnel

Adopting a modern approach to networking

In the light of these considerations, it becomes essential to adopt a modern approach to networking able to better face all these challenges, going to reduce complexity and improve efficiency. Identify and implement network architectures designed for digital transformation must occur through:

A networking based on security which guarantees and speeds up the network and user experience.
A dynamic and transversal management of any environment to secure and control on-premises infrastructure and applications, in hybrid environments and public clouds.
Integrated solutions to connect the components of the entire network infrastructure, helping organizations adapt to a changing and increasingly challenging environment.
A monitored and controlled ecosystem to detect and respond to malfunctions, to security threats and to optimize operations, lightening the workload on staff.

How to structure networking governance

In the context of IT governance, it certainly deserves a dedicated chapter network governance which must contemplate a set of processes through which it is possible to guarantee an organization a effective and efficient use of IT resources in the networking field, in order to achieve their goals.

Network governance must also include the application of:

controls that help the company mitigate risk and create “guardrails”
measurements to check for potential problems

The main disciplines that emerge in the Network Governance are:

Compliance and security baseline
Vulnerability management
Identity management and access control
Acceleration, control and consistency in the deployment and change processes of network solutions
Optimization and efficiency of wired and wireless networks

Importantly, all of this needs to be done for IT resources in scope networking in any environment, both on-premise and in cloud and multi-cloud realities with a structured approach, consolidated and holistic.

Microsoft, also in this area, offers different tools and solutions that allow you to face the challenge of network governance in the Azure environment, to which it is necessary to support experience to implement consolidated and reliable processes.

Conclusions

In recent years, the adoption of hybrid architectures has attracted considerable interest from many companies, attracted by the possibilities offered and the benefits. In order to best create these environments and promote innovation, it is also essential to adapt the approach to the use of network resources and extend the governance processes of the IT environment to the networking area.

Azure IaaS and Azure Stack: announcements and updates (February 2023 – Weeks: 05 and 06)

Azure

Compute

New planned datacenter region in Saudi Arabia (Saudi Arabia Central)

Microsoft will establish a new datacenter region in the country, offering organizations in Saudi Arabia local data residency and faster access to the cloud, delivering advanced data security and cloud solutions. The new datacenter region will also include Availability Zones, providing customers with high availability and additional tolerance to datacenter failures.

Azure Kubernetes Service introduces two pricing tiers: Free and Standard

To better communicate the benefits and use cases for the two control plane management options, today, Azure Kubernetes Service (AKS) is introducing two pricing tiers: Free tier and Standard tier. Previously, few customers were aware of the uptime SLA support, and many did not have the uptime SLA feature enabled for critical production workload. With the Standard tier, Microsoft hopes to help increase customer awareness and allow customers to gain the full benefits of the Standard tier for production workload to minimize disruption.

AKS’s unique Free tier allows you to only pay for the virtual machines, and associated storage and networking resources consumed, and you get the managed Kubernetes control plane for free. This allows you to deploy unlimited free test clusters to decide if AKS is right for your needs and allows you to configure and test your infrastructure set-up before running critical production workloads. The Free tier is recommended for clusters with less than 10 nodes and for experimenting, learning, and simple testing.

The new Standard tier is the recommended control plane management pricing option which comes with greater control plane resources, scalability and the existing uptime SLA support. Customers currently signed up for the uptime SLA support will automatically be moved to the Standard tier with no change in cost or action needed. Standard tier not only includes the uptime SLA, but it will also include additional features such as support for up to 5000 nodes per cluster and API server autoscaling.

Microsoft Azure Load Testing is now Generally Available

Azure Load Testing is a fully managed load-testing service that enables you to generate high-scale load, gain actionable insights, and ensure the resiliency of your applications and services. The service simulates traffic for your applications, regardless of where they’re hosted. Developers, testers, and quality assurance (QA) engineers can use it to optimize application performance, scalability, or capacity.

Trusted launch for Azure VMs in Azure for US Government regions

Trusted launch for Azure virtual machines is available in all Azure for US Government regions: US Gov Virginia, US Gov Arizona US Gov Texas, US DoD East, US DoD Central. Trusted launch for Azure VMs allows you to bolster the security posture of an Azure Virtual Machine.

Storage

Azure File Sync agent v16

The Azure File Sync agent v16 release is being flighted to servers which are configured to automatically update when a new version becomes available.

Improvements and issues that are fixed:

Improved Azure File Sync service availability: Azure File Sync is now a zone-redundant service which means an outage in a zone has limited impact while improving the service resiliency to minimize customer impact. To fully leverage this improvement, configure your storage accounts to use zone-redundant storage (ZRS) or Geo-zone redundant storage (GZRS) replication.
Sync upload performance improvements: this improvement will mainly benefit file share migrations (initial upload) and high churn events on the server in which a large number of files need to be uploaded.
Immediately run server change enumeration to detect files changes that were missed on the server.
Miscellaneous reliability and telemetry improvements for cloud tiering and sync.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

More information about this release:

This release is available for Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022 installations.
The agent version for this release is 16.0.0.0.
Installation instructions are documented in KB5013877.

Azure storage access tiers to append blobs and page blobs with blob type conversion

Azure Storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it’s being used. Azure Storage access tiers include hot tier, cool tier, and archive tier. Azure Storage access tiers support only block blobs natively. When you need to save cost of storing append blobs or page blobs, you can convert them to block blobs then move them into the most cost-efficient tiers based on your access patterns. Blob type conversion along with tiering is now supported by PowerShell, CLI and AzCopy.

How to prepare your IT environment for new hybrid and multicloud scenarios

Many companies are engaged in the diffusion and adoption of applications that can work in different environments: on-premises, across multiple public clouds and at the edges. Such an approach requires adequate preparation of the corporate IT environment to ensure compliance and efficient management of large-scale server systems, of applications and data, while maintaining high agility. In this article, the main aspects to be taken into consideration for the adoption of hybrid and multicloud technologies are introduced, in order to best meet the business needs.

The reasons that lead to the adoption of hybrid and multicloud solutions

There are many reasons why customers choose to deploy their digital assets in hybrid and multicloud environments. Among the main ones we find:

Minimize or remove data lock-in from a single cloud provider
Presence of business units, subsidiary companies or acquired companies that have already made choices to adopt different cloud platforms
Different regulatory and data sovereignty requirements in different countries
Need to improve business continuity and disaster recovery by distributing workloads between two different cloud providers
Needs to maximize performance by allowing applications to run close to where users are

What aspects to consider?

There are several options for preparing an IT environment suitable for hosting hybrid and multicloud deployments, reason why before setting up your Azure environment or any other public cloud, it is important to identify how the cloud environment should support your scenario:

Figure 1 – Diagram showing how different customers distribute workloads between cloud providers

In the image above, each dark blue point represents a workload and each blue circle is a business process, supported by a separate environment. Depending on the cloud-mix, a different configuration of the Azure environment may be required:

Hybrid-first customer: most of the workloads remain in place, often in a combination of hosting models with traditional and hybrid resources. Some specific workloads are deployed on the edge, in Azure or other cloud service providers.
Azure-first customer: most of the workloads reside in Azure. However, some workloads remain local. Furthermore, certain strategic decisions lead some workloads to reside in the edges or in multicloud environments.
Multicloud-first customer: most workloads are hosted on a public cloud other than Azure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP). However, some strategic decisions have led some workloads to be placed in Azure or at the edges.

Depending on the hybrid and multicloud strategy you decide to undertake for applications and data, this will have to direct certain choices.

How to prepare the Azure environment

Microsoft Azure is an enterprise-grade cloud service provider and best able to support public environments, hybrid and multicloud.

To prepare an IT environment and make it effective for any hybrid and multicloud deployment, the following key aspects should be considered:

Network topology and connectivity
Governance
Security and compliance
Automation disciplines, development experiences and DevOps practices

When dealing with the issue of preparing your IT environment for new hybrid and multicloud scenarios, it is advisable to define the Azure "Landing Zone" which represents, in the cloud adoption journey, the point of arrival. It is an architecture designed to allow you to manage functional cloud environments, contemplating the following aspects:

Scalability
Security governance
Networking
Identity
Cost management
Monitoring

The architecture of the Landing Zone must be defined based on specific business and technical requirements. It is therefore necessary to evaluate the possible implementation options of the Landing Zone, thanks to which it will be possible to meet the deployment and operational needs of the cloud portfolio.

Figure 2 – Conceptual example of an Azure landing zone

What tools to use?

Cloud Adoption Framework

The Cloud Adoption Framework of Microsoft provides a rich set of documentation, guidelines for implementation, best practices and helpful tools to accelerate your cloud adoption journey. Among these best practices, which it is advisable to adopt and which it is advisable to specifically decline for the various customers according to their needs, there is one specific section concerning hybrid and multicloud environments. This section covers the different best practices that can help facilitate various cloud mixes, ranging from environments totally in Azure to environments where the infrastructure at the Microsoft public cloud is not present or is limited.

Azure Arc as an accelerator

Azure Arc consists of a set of different technologies and components that allow you to have a single control mechanism to manage and govern all your IT resources in a coherent way, wherever they are. Furthermore, with Azure Arc-enabled services, you have the flexibility to deploy fully managed Azure services anywhere, on-premises or in other public clouds.

Figure 3 – Azure Arc overview

TheAzure Arc-enabled servers Landing Zone, present in the Cloud Adoption Framework, allows customers to increase security more easily, governance and compliance status of servers deployed outside of Azure. Together with Azure Arc, services like Microsoft Defender for Cloud, Azure Sentinel, Azure Monitor, Azure Policy and many others can be extended to all environments. For this reason Azure Arc should be considered as an accelerator for your Landing Zones.

Azure Arc Jumpstart has grown a lot and allows you to better evaluate Azure Arc, with over 90 automated scenarios, thousands of visitors per month and a very active open source community sharing their knowledge about Azure Arc. As part of Jumpstart, ArcBox was developed, an automated sandbox environment for everything related to Azure Arc, deployable to customers' Azure subscriptions. As an accelerator for the landing zone of Azure Arc-enabled servers it has been developed ArcBox per IT pro, which serves as a sandbox automation solution for this scenario, with services like Azure Policy, Azure Monitor, Microsoft Defender for Cloud, Microsoft Sentinel and more.

Figure 4 – Architecture of ArcBox per IT pro

Conclusions

The adoption of consistent operating practices across all cloud environments, associated with a common control plan, allows you to effectively address the challenges inherent in hybrid and multicloud strategies. To do this, Microsoft provides various tools and accelerators, one among which is Azure Arc which makes it easier for customers to increase security, the governance and compliance status of IT resources deployed outside of Azure.

Azure Management services: what's new in January 2023

The new year started with several announcements from Microsoft regarding news related to Azure management services. The monthly release of this summary allows you to have an overall overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Monitor

Azure Monitor

Certificate the IT Service Management Connector (ITSMC) with ServiceNow Tokyo version (preview)

The IT Service Management Connector (ITSMC) is certified on the Tokyo version of ServiceNow. This connector provides a two-way connection between Azure Monitor and ServiceNow, useful to help you track and fix problems faster.

Govern

Azure Cost Management

Management of billing accounts for EA customers

For Enterprise Agreement customers (EA) “indirect” the ability to manage your billing accounts directly from Cost Management and Billing has been introduced. All relevant information regarding department, account and subscription are available directly from the Azure portal. Furthermore, from the same point it is possible to view the properties and manage the policies of the indirect EA enrollments.

Updates related toMicrosoft Cost Management

Azure Arc

Active Directory Connector for Arc-enabled SQL MI

Azure Arc-enabled data services introduced Active Directory support (AD) for the management of Identity and Access Management (IAM). Indeed, the Arc-enabled SQL Managed instance can use an Active Directory domain (AD) existing on-premises for authentication. To facilitate this, Azure Arc-enabled data services introduce a new Custom Resource Definition (CRD) native Kubernetes called Active Directory Connector. This provides Azure Arc-enabled SQL Managed Instances running on the same data controller the ability to perform Active Directory authentication.

View SQL Server databases using Azure Arc (preview)

Today, customers and partners manage a large number of databases. For each of these databases, it is essential to be able to create an accurate mapping of the configurations. This may be for inventory or reporting purposes. Centralizing database inventory in Azure using Azure Arc allows you to create a unified view of all your databases in one place, regardless of the infrastructure in which they are located: in Azure, in the data center, at edge sites or even other clouds.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

the endpoint protection component (Microsoft Defender for Endpoint) it is now accessible on the Settings and monitors page;
new version of the recommendation to find missing system updates;
cleanup of deleted Azure Arc machines in linked AWS and GCP accounts.

Protect

Azure Backup

Updates and improvements regarding SAP HANA

The following updates and improvements have been made recently to Azure Backup for SAP HANA, the certified solution Backint for protecting SAP HANA databases residing in Azure virtual machines:

Long-term retention for backups “adhoc”: it is now possible to provide customized retention for backups that occur on demand, outside the scheduled policies.
Partial restore-as-files: Azure Backup for HANA allows recovery points to be restored as a file. If you download the entire chain for one recovery point and want to repeat the operation for another adjacent recovery point, you don't need to download the entire chain again. It is also possible to restore only the files you want.
Integration with native clients and with other tools: previously, for certain scenarios, it was necessary to deactivate backint before the request and reactivate it afterwards, thereby increasing the RPO. With the improvements introduced, these additional steps are no longer necessary and it will be sufficient to activate the requests from the native clients or from the other tools used.

Azure Site Recovery

Ability to use Azure Backup Center for ASR monitor

Azure Backup Center is the point of reference for those who use the native backup features of the Azure platform and allows them to govern, to monitor, manage and analyze backup tasks. Microsoft has extended its capabilities by including monitor capabilities for Azure Site Recovery, which:

Viewing the inventory of replicated items, from a single view, for all vaults.
Consultation through a control panel of all the replication jobs.

Azure Backup Center supports ASR replication scenarios involving Azure virtual machines, VMware and physical machines.

Migrate

Azure Migrate

New Azure Migrate releases and features

Possibility to plan savings with the ASP savings option (Azure Savings Plan for compute) with the Azure Migrate business case and assessment.
Support for exporting the business case report to an .xlsx workbook from the portal.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (January 2023 – Weeks: 03 and 04)

Azure

Compute

Classic VM retirement: extending retirement date to September 1st 2023

Microsoft is providing an extended migration period for IaaS VMs from Azure Service Manager to Azure Resource Manager. To avoid service disruption, plan and migrate IaaS VMs from Azure Service Manager to Resource Manager 1 September 2023. There are multiple steps to this transition, so we recommend that you plan your migration promptly to avoid potential system interruption.

Networking

Application security groups support for private endpoints

Private endpoint support for application security groups (ASGs) is now available. This feature enhancement will allow you to add granular controls on top of existing network security group (NSG) rules by attaching an ASG to the private endpoint network interface. This will increase segregation within your subnets without losing security rules. In order to leverage this feature, you will need to set a specific subnet level property, called PrivateEndpointNetworkPolicies, to enabled on the subnet containing private endpoint resources.

Storage

5 GB Put Blob

Azure Storage is announcing the general availability of 5 GB Put Blob. This allows you to upload nearly 20x the previous limit of Put Blob uploads while increasing the maximum size of Put Blob from 256 MiB to 5000 MiB.

Mount Azure Storage as a local share in App Service Windows Code

Mounting Azure Storage File share as a network share in Windows code (non-container) in App Service is now available.

Incremental snapshots for Ultra Disk Storage (preview)

The preview of incremental snapshots for Ultra Disk in the Sweden Central and US West 3 Azure region is available. This new capability is particularly important to customers who want to create a backup copy of their data stored on disks to recover from accidental deletes, or to have a last line of defense against ransomware attacks, or to ensure business continuity. You can now create incremental snapshots for Ultra Disk on Standard HDD. Additionally, snapshot resources can be used to store incremental backups of your disk, create or recover to new disks, or download snapshots to on-premises locations.