Category Archives: Microsoft Azure

Azure Management services: what's new in October 2020

In October, Microsoft announced a considerable number of news regarding Azure management services. Our community, through these articles that are released on a monthly basis, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month, a new version of the Log Analytics agent was released for Linux systems, which includes several improvements and ensures greater stability. Among the main changes is support for Red Hat Enterprise Linux 8, CentOS 8, Ubuntu 20.04 and SLES 15 SP1+, as well as an extension of the features for Azure Arc VMs. Also included is support for Python 3 and a new troubleshooting tool.

Monitor Azure Arc-enabled Kubernetes environments

Azure Monitor for Containers now extends support by contemplating alerts related to metrics of azure arc-enabled kubernetes environments. These metric alerts enable an effective monitor of system resources. To see the list of alerts available for Azure Arc-enabled Kubernetes clusters, please consult this document.

Azure Monitor for containers: Network Policy Manager support (Preview)
It is now possible to monitor the networking of AKS clusters using Network Policy Manager (NPM). In this way Azure monitor for containers will collect the metrics and report any anomalies in the configuration or in the performance of the network.

Azure Monitor for containers: persistent volume monitoring support (PV)

Azure Monitor for containers is now able to monitor the capacity of the persistent volume (PV) connected to the AKS cluster, collecting capacity metrics for all PVs, except for kubesystemnamespace.

Azure Monitor Log Analytics data export (preview)

This feature allows you to continuously export data that resides in certain tables in a Log Analytics workspace to an Azure storage account (every hour) or to Azure Event Hub (almost in real time). When exporting to a storage account, each table is stored in a separate container. Similarly, when you export to event hub, each table is exported to a new event hub instance. There is currently no method for filtering data and limiting the export of only certain events. By adopting this feature you can take advantage of the following benefits:

Low cost data retention
Easier compliance when data retention is required for an extended period of time
Integration with third-party solutions such as Azure Data Lake and Splunk
Low-latency export to Event Hub, enabling near real-time monitoring and alerts

Availability in new regions (preview)

Azure Log Analytics is now available in preview in the region of “Brazil Southeast” and “Norway East”. To check the availability of the service in all the Azure regions you can consult this document.

Configure

Azure Automation

Availability in a new region

Azure Automation is now available in the “Switzerland North”. To check the availability of the service in all the Azure regions you can consult this document.

Govern

Azure Policy

Added support for keys, secrets, and certificates in Azure Policy for Key Vault

Azure Policies for Key Vault allow you to control secrets, keys, and certificates stored in the key vault to ensure that set compliance requirements are met. Any secrets, keys, or certificates that do not meet the requirements will appear as non-compliant in the policy compliance dashboard. Furthermore, you can set deny policies to prevent users from creating or importing objects into the key vault that do not comply with the policies that you set. Compliance results can also be published in Azure Security Center.

Azure Cost Management

Azure Cost Management + Billing updates

During this month, news was announced regarding the following areas of Azure Cost Management and Billing:

Azure Advisor

New recommendations

The following recommendations have been added in Azure Adivisor to improve resource performance:

Use the Accelerated Writes feature in your HBase cluster
Review Azure Data Explorer table cache-period (policy)
Optimize MySQL temporary-table sizing
Distribute data in server group to distribute workload among nodes

For further information you can consult this article.

Furthermore, to improve the operation of the Azure environment, the following recommendations have been included:

Ensure that at least one host pool is Validation Environment enabled
Make sure not too many host pools have Validation Environment enabled
Use Traffic Analytics to view insights into traffic patterns across Azure resources

More details are available in this article.

Protect

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 51 which solves several issues and introduces support for the following Linux distributions: SUSE 15 SP2, RHEL 7.9 e Cent OS 7.9. The related details and the procedure to follow for installation can be found in specific KB.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Migrate: how to evaluate your VMware environment to address workloads migration to Azure

The digital transformation process that affects companies often involves the migration of workloads hosted in their data centers to the cloud to obtain better results in terms of governance, security and cost efficiency. The innovation of migrating to the cloud frequently becomes a business priority to the point that this process is no longer a matter of "if" or "when", but the real question now is "how" to deal with this migration? In this regard, Microsoft has developed the Azure Migrate solution that allows you to deal with the most common migration scenarios reducing complexity and costs. This article describes in detail how it is possible to discover and assess virtual machines hosted in a VMware environment with Azure Migrate, so you can better address the migration path.

Azure Migrate Overview

Azure Migrate structure the process of migration in different phase: discovery, assessment, and migration. These three steps fall under the Microsoft Cloud Adoption Framework for Azure which, on the path to adopting cloud solutions, defines six main stages that apply to most organizations:

Strategy: defines the "business justification" and the expected results.
Plan: aligns the cloud adoption plan with business results.
Ready: Prepare your cloud environment for the changes you want.
Adopt: implements the changes you want in your IT and business processes.
- Discovery, assessment, and migrating with Azure Migrate are part of this phase
Manage: implements basic operational guidelines and best practices.
Govern: evaluates and implements best practices in governance.

The Azure Migrate Hub provides all the tools to perform, monitor and analyze your migration path to Azure. This approach provides an integrated experience that provides continuity and provides an overall view of the migration process.

Figure 1 – Overview of Azure Migrate

Azure Migrate Hub includes Azure services and third-party solutions to address different migration scenarios:

Windows and Linux servers
SQL and non-SQL databases
Web apps
Virtual desktop infrastructure
Data

Discovery and assessment for VMware environments

The process of discoverying the VMware environment through Azure Migrate can generate a large amount of information, useful for assessing the status of workloads. The assessment process carries out an assessment of the environment and is able to answer critical questions such as:

Your virtual machine is ready to run in azure environment?

Azure Migrate reports if there are configurations that are not suitable for Azure, for example the operating system version or disk size are not supported. It also provides recommendations on how to correct these situations to avoid problems with the migration.

What size should the VM in Azure have?

Most organizations want to know the size of the virtual machine in Azure in advance to efficiently perform the workload, as sizing helps predict costs. Azure Migrate eliminates the need for calculations and translates CPUs, disk and memory of an on-premises system in an equivalent environment in Azure. The service recommends a specific virtual machine size and disk type based on the performance data collected.

How much will it cost to run in Azure?

Azure Migrate provides an estimate of the monthly costs of running servers in Azure.

Which applications are running on the system and their dependencies?

Thanks to Server Assessment it is possible to analyze cross-server application dependencies and consequently optimize strategies for interdependent movement of servers to Azure. Dependency identification can be performed with agents installed on each virtual machine or in VMware environments it can be performed without agents. When you use the agent-based solution, data is sent to Azure Log Analytics so you can analyze it in great detail to find hidden dependencies that might otherwise escape detection.

To start this VMware environment discovery process, you need to create a new Azure Migrate project, in the "servers" section:

Figure 2 – Creating an Azure Migrate project

After assigning it a name and defining in which geographical area of Azure the metadata sent should reside, it is advisable to choose the tool to carry out the assessment. In this case we have chosen to adopt the Microsoft solution Server Assessment, but you can also adopt solutions from other vendors.

Figure 3 – Choice of the tool to carry out the assessment

In a similar way, it is also possible to choose the tool to be used to perform the migration.

At this point you can start the discovery process.

Figure 4 – Initiation of the discovery process

To identify the servers and workloads to be evaluated, you can import the Azure Migrate appliance into your local environment or use a manual method by importing a CSV file.

In the case of use of the appliance, the process can be summarized with the following steps:

Figure 5 – Discovery and assessment process of VMware environments

The activation of the Azure Migrate appliance for VMware environments is documented in this Microsoft article. After completing the deployment of the OVA template, you need to continue with the following steps.

Figure 6 – Configuring prerequisites

The appliance needs to be registered to the Azure Migrate project created in its subscription. To do this you need to enter a key generated directly from the Azure portal.

Figure 7 – Appliance registration

At the end of the registration it is necessary to provide the vCenter credentials, useful for discovering VMware virtual machines, and details to connect to the vCenter server. Furthermore, you can specify the credentials to use to detect installed applications and various dependencies, all in agentless mode. For further details please visit the Microsoft-specific documentation.

Figure 8 – Managing VMware credentials and sources

At the end of the discovery process it is possible to consult the data collected by the Azure portal.

Figure 9 – Server discovery

The next step involves the creation of the assessment process, going to define the properties according to your needs.

Figure 10 – Properties of the assessment process

Following, you must specify the systems that you intend to migrate, that will be the subject of the assessment.

Figure 11 – Selection of the machines on which to carry out the assessment

The assessment process, if based on performance data collected by the Azure Migrate virtual application, has a level of reliability expressed with a degree of confidence from 1 to 5.

Figure 12 – Assessments carried out and levels of reliability

The assumed sizing for Azure systems is calculated by examining the performance collected in the previous days, in particular:

RAM and CPU usage
IOPS and throughput for each disk connected to the virtual machine.
Network I/O to manage performance-based sizing for each network adapter connected to a virtual machine.

For more information on the assessment process, please consult this Microsoft's document.

The outcome of the assessment can be consulted directly from the Azure portal, where you can also download an Excel sheet with its details.

Figure 13 – Assessment details

For each system it is also possible to explore the various application dependencies:

Figure 14 – Application dependencies of a single server

All application dependencies discovered by Azure Migrate can also be exported from the Azure portal to an Excel sheet.

Conclusions

Easily move VMware workloads to Azure is an increasingly felt need in order to increase productivity thanks to greater elasticity and scalability offered by the public cloud. Using Azure Migrate, you can easily and accurately complete the discovery and assessment phases of your VMware environment. These phases are of fundamental importance in order to face the process of migrating VMware application workloads to Azure in the best possible way.

Azure IaaS and Azure Stack: announcements and updates (October 2020 – Weeks: 41 and 42)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

New cloud datacenter region in Greece

Microsoft has announced plans build its newest datacenter region in Greece. This announcement will also encompass a skilling initiative which will reach a minimum of 100,000 people in Greece, as well as an AI for Cultural Heritage initiative, which will digitize 3D video from the Ancient City of Olympia. The new region is anticipated to include Microsoft Azure, with Microsoft 365, Dynamics 365 and Power Platform to follow.

New Azure Spot Virtual Machines features

In the Azure portal, you can now access the spot price and the eviction rate for the past 28 trailing days for the specific Spot VM you intend to deploy. These new capabilities will enable you to derive estimates about the probability that your workloads will be evicted while providing insights regarding the cost of running interruptible workloads using Spot VMs.

Azure Virtual Machines DCsv2-series expanding within Europe, United Kingdom and United States

Confidential computing DCsv2-series virtual machines (VMs) are now available in North Europe, UK West and US West. Customers in Europe, United Kingdom and United States now have disaster recovery capabilities available. These VMs are backed by the latest generation of Intel XEON E-2288G processor with Software Guard Extensions (SGX) technology, and with the Intel Turbo Boost Technology these machines can go up to 5.0 GHz. Use the DCsv2-series instances to build secure, enclave-based applications to protect your code and data while it’s in use.

Azure DevTest Labs: network isolated lab

An Azure Virtual Network helps ensure that private network traffic is logically isolated from outside traffic. Each lab can be configured with an Azure network to ensure virtual machines and environments created within are isolated from unwanted traffic and follow enterprise networking policies. Lab owners can also now create a network isolated lab. This means, alongside isolating lab virtual machines and environments to a selected network, lab owners can also isolate the lab storage account and key vaults created for certain lab operations. Learn more about how you can create an isolated network lab.

Azure DevTest Labs: available in more regions

Azure DevTest Labs is now available in the UAE North, Germany West Central and Norway East regions. The support includes full Azure DevTest Labs capabilities.

Storage

Azure NetApp Files Manual QoS Capacity Pool (preview)

Microsoft is introducing Azure NetApp Files (ANF) manual quality of service (QoS) capacity pool, which is a new type of capacity pool that allows you to assign the capacity and throughput for a volume independently. The total throughput of all volumes created with a manual QoS capacity pool is limited by the total throughput of the pool. The total throughput of the pool is determined by the combination of the pool size and the service-level throughput. Find more details in the ANF user documentation.

Azure Blob: Soft Delete for Containers preview region expansion

Soft delete for containers expands upon Azure Blob Storage’s existing capabilities such as blob versioning, soft delete for blobs, account delete locking, and immutable blobs, making our data protection and restore capabilities even better. When container soft delete is enabled for a storage account, any deleted container and their contents are retained in Azure Storage for the period that you specify. During the retention period, you can restore previously deleted containers and any blobs within them. Microsoft is expanding the public preview to all public Azure regions. There is no additional charge to enable container soft delete. Data in soft deleted containers is billed at the same rate as active data.

Azure Files premium tier is now available in more regions with LRS, ZRS, and NFS support

Azure Files premium tier storage offers highly-performant, highly available file services, that is built on solid-state drives (SSD). Premium tier is optimized to deliver consistent performance for IO-intensive workloads that require high-throughput and low latency. More Azure Files premium tier regions, more premium files regions with locally redundant storage (LRS), zone redundant storage (ZRS) support, and Network File System (NFS 4.1) public preview support. Stay up to date on the premium tier region availability through the Azure region availability page.

Networking

Standard Load Balancer and Public IP addresses support resource group move

Standard Load Balancers and Standard Public IP addresses now support being moved across resource groups within the same subscription. Moving a resource only moves it to a new resource group. It doesn’t change the location of the resource or the subscription. Moving Standard Load Balancers and Public IP addresses across resource groups is supported in all Azure public cloud regions.

Azure IaaS and Azure Stack: announcements and updates (October 2020 – Weeks: 39 and 40)

In this dedicated post you can find the most important announcements and major updates officialized last week during Microsoft Ignite 2020 conference.

Azure

Compute

The new Azure VMware Solution is now generally available

Designed, built, and supported by Microsoft, Cloud Verified by VMware, running VMware Cloud Foundation technologies, Azure VMware Solution enables customers to extend or migrate VMware workloads to the cloud seamlessly. Organizations can maintain existing VMware skills and operational processes, running VMware Cloud Foundation technologies, and leverage the benefits of Azure, all at the same time.

Azure Availability Zones in more regions

Azure Availability Zones, high-availability solutions for mission-critical applications, are now generally available in Australia East and Canada Central.

Azure DevTest Labs: Encrypt OS disks in your lab

Server-side encryption (SSE) protects your data and helps you meet your organizational security and compliance commitments. SSE automatically encrypts your data stored on managed disks in Azure (OS and data disks) at rest by default when persisting it to the cloud. Within DevTest Labs, all OS disks and data disks created as part of a lab are encrypted using platform-managed keys. As a lab owner you can now choose to encrypt lab virtual machine OS disks using your own keys. If you choose to manage encryption with your own keys, you can specify a customer-managed key to use for encrypting data in lab OS disks.

Storage

Price reduction on the Azure Files premium tier by 33%

The new pricing is effective October 1st and applies to all the regions/redundancy options for the premium tier. The price reduction on the premium tier, coupled with the recent introduction of two new hot and cool tiers, makes customers’ decision easier to choose the right files storage tier that fits best their workload’s needs while offering a most cost effective storage. Azure Files premium tier hosted on SSD storage, with no additional cost for transactions, is best suited for workloads that are IO intensive, with high throughput and low latency needs. The three standard tiers (transaction optimized, hot, and cool) are best suited for workloads that do not need high throughput or IOPS but require a reliable lower cost storage.

Shared disks on Azure Disk Storage is now available in broader set of regions

With shared disks, Azure Disk Storage is the only shared block storage in the cloud that supports both Windows and Linux based clustered or high-availability applications. Shared disks is now available for Premium SSDs in all regions and available for Ultra Disks in all regions that support Ultra Disks. Shared disks allows a single disk to be attached to multiple virtual machines, enabling customers to run their most demanding enterprise applications in the cloud like clustered databases, parallel file systems, persistent containers, and machine learning applications, without compromising on well-known deployment patterns for fast failover and high availability.

Azure Ultra Disk is now available in more regions

Azure Ultra Disks offer high throughput, high IOPS, and consistent low latency disk storage for Azure VMs. Azure Ultra Disk is now available in Australia Central, India Central, Korea Central and US Gov Texas.

Azure Management services: what's new in September 2020

Also in September, Microsoft announced news regarding Azure management services. Our community publishes this summary monthly to provide an overview of these new features. In this way you can stay up-to-date on these topics and have the necessary references to conduct further investigations.

Monitor

Azure Monitor

New agent version for Windows Systems

A new version of the Log Analytics agent has been released this month for Windows systems, which introduces several improvements and greater stability.

New unified Agent and data collection rules (preview)

Azure Monitor is introducing a new concept for configuring data collection and a new unified agent for Azure Monitor in public preview. The new agent and data collection rules improve some key areas of data collection from virtual machines in Azure Monitor, including:

Send data to both Log Analytics and Azure Monitor metrics.
Data collection scoping for a subset of virtual machines for a single workspace.
Sending data to multiple workspaces for Linux VMs (multi-homing).
Improvements in Windows event filters.

New agent for containers

The new version of the Azure Monitor agent for containers introduces these changes:

Allows you to monitor the status of your deployments and Horizontal Pod Autoscaler (HPA) via workbook.
Accessing the tab Health (limited preview)
Bug fixes such as displaying node status “not ready”.

Azure Resource Health

Azure Cloud Services support

In Azure Resource Health real-time health status and status history are now reported for Azure Cloud Services, in particular:

Help diagnose and get support for Azure Cloud Service.
Reports the current and past status of resources at the level of Deployment, Role & Role Instance.
Provides detailed reasons for health status changes.
Sets alerts when health status changes.

Govern

Azure Cost Management

Cost Management for Amazon Web Services (AWS)

Adopting a multi-cloud strategy usually results in high complexity in cost control, often given by the different management of different cost models and different billing cycles. Keeping the costs of workloads residing on different cloud providers under control can be difficult to understand as they require the use of different dashboards and views.

Azure Cost Management introduced the ability to centrally manage AWS costs in addition to Azure. This feature allows you to avoid budget surpluses, to maintain control and better manage cloud cost responsibility.

Secure

Azure Security Center

Introduction to Azure Defender

Threat protection services in the Azure Security Center have been renamed to Azure Defender. Furthermore, thanks to the new dashboards, a better experience is offered for detecting security threats and their responses.

Securing SQL databases and virtual machines at any location

With Azure Arc support, Azure Defender can now protect SQL servers located on-premises and in multicloud environments, as well as virtual machines hosted in other public clouds.

Advanced protection for containers

The growing popularity of the adoption of containers and Kubernetes has led to an evolution in Azure Defender for Kubernetes. In fact,, to ensure adequate workload protection in the Kubernetes environment, Azure Defender has included Kubernetes policy management, hardening and application of admission controls.

Furthermore, thanks to the introduction of a mechanism that allows continuous scanning of container images, the possibility of maliciously exploiting the running containers is reduced to a minimum.

IoT protection

Azure Defender for IoT, thanks to the recent acquisition of CyberX, can provide security for IoT devices in agentless mode. The solution provides continuous detection of IoT assets / OT, vulnerability management and threat monitoring for both greenfield and brownfield devices.

Protect

Azure Backup

Backup Center

The new Backup Center solution, currently available in public preview, provides a unique experience designed for centralized backup management at scale. With Backup Center, you can dynamically explore large backup inventories between vaults, subscriptions, locations and even different tenants. The Backup Center can also govern any actions related to backups.

Backup Center supports the following types of workloads:

Azure Virtual Machines
SQL in Azure Virtual Machines
Azure Database for PostgreSQL servers
Azure Files

Cross Region Restore

Recovery between different Azure regions, available for virtual machines, has also been extended to support SQL and SAP HANA. Cross Region Restore allows customers to restore their data to secondary regions at any time, essential in the event of the unavailability of the primary region.

Long-term protection of Azure Database for PostgreSQL

Azure Backup and Azure Database Services have merged to provide an enterprise-class backup solution for Azure Database for PostgreSQL (preview). Through managed backup policies you can enable backup retention for up to ten years.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 50 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Introduced support for Availability Zones

In the tool Azure Migrate: Server Migration the support for Availability Zones was introduced when migrating server systems to Azure. The Azure Availability Zones are a mechanism for achieving high availability, protecting applications and data from failure that might occur in Azure datacenters. With this new opportunity, you can achieve better resiliency for application workloads that migrate to your Azure environment.

Support for Windows Virtual Desktop and ASP.NET web applications included

Azure Migrate has recently expanded support to include in migration scenarios:

Windows Virtual Desktop. This migration process helped companies provide a secure and reliable remote desktop experience, simplifying the path to the adoption of cloud solutions.
ASP.NET Web Applications. By migrating on-premises .NET-based web applications to managed services provided by the Azure platform, such as App Service and Azure SQL, customers are able to reduce costs and simplify application management.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (Microsoft Ignite 2020 – Special Edition)

This special edition includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft this week during Microsoft Ignite 2020 conference. Microsoft announced several important additions to its Azure infrastructure as a service (IaaS) portfolio and the Microsoft infrastructure services continue to evolve to optimize the experience of running business-critical workloads.

Azure

Compute

Availability Zones deployed to more Azure Regions

Azure Availability Zones (AZs) provide a high-availability option for comprehensive business-continuity and disaster-recovery strategies (BCDR), 99.99% uptime service-level agreement (SLA) on virtual machines, flexible high-performance architecture and multizone support with built-in security. Microsoft continues to expand deployment of Availability Zones in datacenter regions worldwide, with a roadmap to provide Availability Zone options in each country it operates datacenters in over the next 24 months. In September, Availability Zones will be available in two more existing regions, Canada Central and Australia East, bringing the total number of Microsoft’s AZ-enabled regions to 14.

Zone to zone disaster recovery for azure virtual machines

Zone to Zone disaster recovery allows customers to replicate, failover and failback their business-critical virtual machines within the same region with zones. The capability adds options for scenarios such as metro-based disaster-recovery strategy while customers are hosting applications on-premises and are looking to mimic that after migrating applications over to Azure; those that have complicated networking infrastructure and want to avoid the cost and complexity of recreating it in a secondary region; and those in regions that prefer not to use paired region disaster recovery options.

New Azure Spot VM features

New Azure Spot VM features, in preview soon in the Azure portal, enable customers to access and review the price history of Spot VMs and eviction rate for the past 28 trailing days. Also, not only allow customers to derive estimates about the probability that their workloads will be evicted, but also enable better estimates for the cost of running interruptible workloads using Spot VMs.

Azure Hybrid Benefit for Linux workload (preview)

Azure Hybrid Benefit, available in preview, improves flexibility and enhances user experience for Red Hat and SUSE customers migrating Linux to Azure.Directly in the portal or through CLI, Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) customers will be able to convert existing Linux VMs from pay-as-you-go (PAYG) billing to bring-your-own-subscription (BYOS) billing, making use of their existing Red Hat and SUSE subscriptions. This is a unique capability that allows customers to first deploy a POC in Azure using the convenience of on-demand PAYG Linux VMs, and when testing is complete, convert it to long-term production using RHEL and SLES subscriptions. This removes the headache of production redeployment, preserves existing investments in on-premises RHEL and SLES subscriptions, and reduces migration planning worries.

A new Azure-supported Linux distribution

Flatcar Container Linux by Kinvolk, is now available in Azure Marketplace. Flatcar is an immutable Linux distribution and is compatible with Core OS (which reached its end of service on May 26, 2020), making Flatcar Container Linux a viable and straightforward migration choice for container workloads running on Azure.

Azure Image Builder

Azure Image Builder, generally available by the end of this year, is a free image-building service that streamlines the creation, update, patch, management and operation of Linux and Windows images. Azure Image Builder will deploy resources into your subscription when used, and you pay only for the virtual machines and associated storage and networking resources consumed when running your image-building pipeline.

Multiple new Azure Infrastructure features

Multiple new Azure Infrastructure features are now available:

New Azure Virtual Machines (VMs) are now generally available featuring Intel Cascade Lake processors for general purpose and memory-intensive workloads. These VMs provide up to 20% greater CPU performance compared to the prior generation.
Azure Dedicated Host now gives customers more control. Customers can schedule host maintenance operations on Dedicated Hosts and isolated VMs as well as control when guest OS image updates are rolled out. Azure Dedicated Host also supports Virtual Machine Scale Sets and simplifies deployment by offering customers the ability to let the platform select the host group where VMs are deployed to.

Storage

New Azure Disk Storage updates

New Azure Disk Storage updates, including:

Azure Private Link integration which enables secure import and export of data over a private virtual network for enhanced security
Support for 512E on Azure Ultra Disks to enable migration of legacy databases to Azure.

Networking

Cisco SD-WAN with Azure Virtual and Global Load Balancer feature (preview)

Azure networking enhancements announced at Ignite include the addition of Cisco Software-Defined Wide Area Network (SD-WAN) native support within the Azure Virtual WAN hubs, and the Global Load Balancer feature for Azure Load Balancer. Both are available in preview.

The use of Cisco SD-WAN with Azure Virtual WAN aligns with networking trends to leverage technologies such as SD-WAN to improve performance through intelligent path selection and central policies. They work to eliminate traditional networking backhauls by sending traffic directly from branch to the cloud via local breakouts and allow you to leverage your chosen vendor’s path selection and policy management.

With Global Load Balancer, customers can use the feature in the Azure Load Balancer to distribute traffic to their global applications, improving performance and availability.

Azure orbital: a new managed service that provides access to physical satellite communication (private preview)

Azure Orbital is a new managed service that provides access to physical satellite communication capabilities to process and analyze data in Microsoft Azure. Take advantage of a low-latency global fiber network when working with large satellite datasets. Azure Orbital is available now to select customers in private preview. Azure Orbital enables satellite operators to schedule contacts with their spacecrafts and directly downlink data into their virtual network (VNet) in Azure.

Azure Stack

Azure Stack Edge

Two new Azure Stack Edge rugged devices are available

Customers can perform machine learning and gain quick insights at the edge by running the Azure Stack Edge Pro R with NVIDIA’s powerful T4 GPU and the lightweight, portable Azure Stack Edge Mini R. Both devices are designed to operate in the harshest environments at remote locations.

Azure Stack Edge is now available with GPUs

Customers can run visualization, inferencing, and machine learning at the edge with the Azure Stack Edge Pro series powered by the NVIDIA T4 Tensor Core GPU. This unlocks a broad set of new edge scenarios, such as automatically recognizing license plates for efficient retail curbside pickup, and detecting defects in real time in products on a manufacturing assembly line.

Azure Stack HCI

Preview of Azure Kubernetes Services (AKS) on Azure Stack HCI

AKS on Azure Stack HCI enables customers to deploy and manage containerized apps at scale on Azure Stack HCI, just as they can run AKS within Azure. This now provides a consistent, secure, and fully managed Kubernetes experience for customers who want to use Azure Stack HCI within their datacenters. Sign up for the preview of AKS on Azure Stack HCI.

Azure Stack Hub

Azure Stack Hub is now available with GPUs

To power visualization intense apps, we’ve partnered with AMD to bring the AMD Mi25 GPU to Azure Stack Hub, which allows users to share the GPU in an efficient way. The NVIDIA V100 Tensor Core GPU enables customers to run compute intense machine learning workloads in disconnected or partially connected scenarios. The NVIDIA T4 Tensor Core GPU provides visualization, inferencing, and machine learning for less compute intense workloads

The new way to keep Windows virtual machines up to date in Azure

Common corporate cybersecurity practices involve timely application of software updates that eliminate vulnerabilities that enable the implementation of specific cyberattacks on business systems. To facilitate the application of patches to virtual machines located in Azure, Microsoft recently announced the availability of a new feature called "Automatic VM guest patching". This article describes the characteristics and peculiarities of this solution that helps simplify the management of updates and achieve compliance in the security field.

The main features of Automatic VM guest patching are the following:

Are automatically downloaded and applied to virtual machines in Azure patches classified as Critical or of security.
Patches are applied during non-peak hours considering the time zone set on the virtual machine.
Patch orchestration is managed by the Azure platform and patches are applied taking into account the native Azure availability principles.
The health of the virtual machine, determined through Azure platform health signals, is monitored to detect any errors in the application of patches.
Works for all Windows virtual machines, regardless of the configured size.

How to Install Updates on Windows Virtual Machines

Azure Windows Virtual Machines, thanks to the introduction of this new feature, support three different ways to install updates:

Automatic managed by the operating system (Automatic Updates). This is the default method set for Windows virtual machines.
Automatic managed by the Azure platform. This is the mode recently introduced and described in this article. This mode provides for the disabling of automatic updates on board the virtual machine. Enabling this mode on the virtual machine will install the extension CPlat.Core.WindowsPatchExtension, fully managed by the Azure platform.
Manual. This mode, configured when different system patching solutions are adopted, disabling Automatic Updates.

Figure 1 – Choices for installing patches when creating a new VM

Requirements

Enabling the feature Automatic VM guest patching requires that the following requirements be met on the virtual machine:

The Azure VM Agent must be installed.
The Windows Update service must be running.
Windows Update or Windows Server Update Services server endpoints must be reachable (WSUS).
Compute APIs must be version 2020-06-01 or higher.

How the auto-update mechanism works?

Enabling the feature Automatic VM guest patching only critical and security-classified patches are automatically downloaded and applied to the system. This periodic update process starts automatically every month when new patches are released through Windows Update. The scanning mechanism ensures that all missing patches on the system are discovered as soon as possible, updates can be installed at any day during off-peak hours, and it happens within 30 days after Microsoft's monthly release of updates. This means that you do not have complete control over when you install updates. The upgrade process also involves restarting the virtual machine if it is required by patching.

The patch installation process is orchestrated globally by Azure for all virtual machines on which is enabled the feature Automatic VM guest patching and the principles of availability provided by Azure are covered.

For a group of virtual machines involved in the upgrade process, Azure platform will orchestrate updates taking into account the following principles.

Cross-distribution of updates on regions:

To avoid errors globally in the distribution of updates, they will be released gradually on the different regions.
An update phase can affect one or more regions and it can move on to the next phases only if the updates are completed successfully.
The geo-paired regions are never updated at the same stage to avoid the simultaneous installation of updates.

Deploying updates within a region:

VMs residing in different Availability Zones are not updated at the same time.
VMs that are not part of an Availability Zones are grouped together to prevent updates from being distributed simultaneously on all VMs belonging to a specific subscription.

Deploying updates within an Availability Zone:

VMs belonging to the same Availability Zones are not updated at the same time and updates will be installed in accordance with the Update Domain principle.

Conclusions

This new method provided by the Azure platform allows you to keep Windows systems updated in a simple way, direct and with very little administrative effort. However, often there is a need to have much greater control regarding the distribution of updates on systems and in the Azure environment it is possible to adopt the alternative and more complete solution called Update Management. This solution, compared to the feature Automatic VM guest patching, allows you to have total visibility on the compliance of updates for both Windows and Linux systems and allows you to schedule deployments for the installation of updates by defining specific maintenance windows.

Azure IaaS and Azure Stack: announcements and updates (September 2020 – Weeks: 37 and 38)

Azure

Compute

Azure Virtual Machines DCsv2-series are available in Southeast Asia

Confidential computing DCsv2-series virtual machines (VMs) are available in Southeast Asia in multiple availability zones.

Storage

Azure Blob storage object replication

Object replication is a new capability for block blobs that lets you replicate your data from your blob container in one storage account to another anywhere in Azure.

Object replication unblocks a new set of common replication scenarios:

Minimize latency: users consume the data locally rather than issuing cross-region read requests.
Increase efficiency: compute clusters process the same set of objects locally in different regions.
Optimize data distribution: data consolidated in a single location for processing/analytics and then distribute only resulting dashboards to your offices worldwide.
Minimize cost: tier down your data to Archive upon replication completion using lifecycle management policies to minimize the cost.

Change feed support is generally available for Azure Blob Storage

Change feed provides a guaranteed, ordered, durable, read-only log of all the creation, modification, and deletion change events that occur to the blobs in your storage account. Change feed is the ideal solution for bulk handling of large volumes of blob changes in your storage account, as opposed to periodically listing and manually comparing for changes. It enables cost-efficient recording and processing by providing programmatic access such that event-driven applications can simply consume the change feed log and process change events from the last checkpoint.

Azure Blob storage lifecycle management now supports append blobs

Azure Blob storage lifecycle management offers a rich, rule-based policy for Azure storage accounts. You can use the policy to transition your data to the appropriate access tiers or expire at the end of the data’s lifecycle. Azure Blob storage lifecycle management now supports expiration of append blobs.

Azure Blob access time tracking and access time-based lifecycle management (preview)

Once access time tracking is enabled, each blob has a new property called last access time which is updated when the blob is read. Azure Blob lifecycle management supports using last access time as a filter to transition data between access tiers and manage data retention. You can minimize your storage cost automatically by setting up a policy based on last access time to:

Transition your data from a hotter access tier to a cooler access tier (hot to cool, cool to archive, or hot to archive) if there is no access for a period.
Transition your data from the cool tier to the hot tier immediately if there is an access on the data.
Delete your data if there is no access for an extended period.

NFS 4.1 support for Azure Files (preview)

NFS file system is very popular choice for Linux applications and end users for their shared storage needs. Having a fully managed NFS file system in Azure will enable customers to easily lift-and-shift their enterprise workloads and leverage the elasticity, scale and cost savings of cloud. Azure Files is built on Azure Storage platform which by nature is highly durable, highly available and highly secure. It is backed by same Azure Storage SLA. NFS on Azure Files is being offered first on the highly performant SSD backed Premium Files tier enabling customers to run their most demanding enterprise applications. The NFS file system can grow and shrink to meet your scale and performance requirement from 100 GiB to 100 TiB per volume. Azure Files NFS can be accessed from a variety of clients like Azure VM Linux distros like Ubuntu, RHEL, SUSE etc., Azure Kubernetes Service(AKS), Azure Container Instances (ACI), Azure VMWare Service (AVS), VMSS, etc. NFS has a broad range of use cases.

Azure NetApp Files: cross region replication (preview)

With this new disaster recovery capability, you can replicate your Azure NetApp Files volumes from one Azure region to another in a fast and cost-effective way, protecting your data from unforeseeable regional failures.

The new Microsoft solution for hyper-converged scenarios

Very frequently to the strong tendency to move workloads to the public cloud for cost benefits, efficiency and innovation, alongside the need to maintain specific on-premises application environments. The reasons can be different and range from compliance reasons, specific needs in terms of latency or for certain business reasons. Microsoft, aware of these needs, recently announced the release of a new version of Azure Stack HCI, the solution that allows you to build a hyper-converged infrastructure (HCI) to run virtual machines in an on-premises environment and that involves an easy and strategic connection to Azure services. This article lists the main features that will be introduced in the new version of Azure Stack HCI.

What is Azure Stack HCI?

With the arrival of Windows Server 2019, Microsoft introduced the solution Azure Stack HCI, which allows the execution of virtual machines and a wide access to different services offered by Azure.

This is a hyper-converged infrastructure (HCI), where different hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. In this way there is a transition from a traditional "three tier" infrastructure, composed of network switches, appliance, physical systems with onboard hypervisors, storage fabric and SAN, toward hyper-converged infrastructure (HCI).

Figure 1 – "Three Tier" Infrastructure vs Hyper-Converged Infrastructure (HCI)

Azure Stack HCI belongs to the Azure Stack family, which includes a comprehensive and flexible range of solutions to meet the different needs for implementing infrastructure. The Azure Stack portfolio ranges from Azure Stack Hub, which is an Azure extension that can bring the agility and innovation of cloud computing to the on-premises environment, to Azure Stack Edge, a managed Azure appliance that can bring computational power, cloud storage and intelligence in a remote edge of the customer. For more information about the Azure Stack portfolio, see this article.

Figure 2 – Azure Stack portfolio

The new Azure Stack HCI solution, deployed as an Azure hybrid service is named Azure Stack HCI version 20H2 and includes important news.

Figure 3 - Overview of Azure Stack HCI version 20H2 components

Full stack for a Hyper-Converged infrastructure

The operating system of the new Azure Stack HCI solution is based on the core components of Windows Server and has been specially designed and optimized to provide a powerful Hyper-converged platform. The new version of Azure Stack HCI adopts well-established Windows Server technologies such as Hyper-V, software-defined networking and Storages Spaces Direct, and adds new specific features. Following, the innovation areas of this solution are reported.

Dedicated and solution-specific operating system

The operating system of the new solution Azure Stack HCI it is a specific operating system with a simplified composition and newer components than Windows Server 2019.

This operating system does not include roles that are not required for the solution, such as the print server, DNS role, DHCP server, Active Directory Domain Services, services relating to certificates and federated services.

Furthermore, there is the most recent hypervisor also used in the Azure environment, with software-defined networking and storage technologies optimized for virtualization.

The local user interface is minimal and is designed to be managed remotely.

Figure 4 - Azure Stack HCI OS interface

Disaster Recovery Features and virtual machine failover inherent in the solution

In the new version of Azure Stack HCI is included the ability to create stretched clusters to extend a cluster of Azure Stack HCI in two different locations (rooms, buildings or even two cities). This feature provides a replica of storage (synchronous or asynchronous) and contemplates encryption, on-premises site resiliency and automatic failover of virtual machines.

Figure 5 – Stretched cluster in a hyper-converged Azure Stack HCI architecture

In the build phase of creating a new cluster, you can select whether it is an implementation on a single site or stretched on two different sites.

Figure 6 – Options when creating an Azure Stack HCI cluster

If there is a stretched cluster, when creating a volume, you can configure storage replication between the two sites.

Figure 7 – Volume replication options when there is stretched cluster

Optimized the Storage Spaces resync process

In Azure Stack HCI version 20H2 has been completely re-engineered the Storage Spaces Resync, used for storage space repair, to the point where the length of the process is significantly reduced (up to 4-5 times). This improvement makes it possible to speed up the restart of the various systems after the updates are applied.

Figure 8 - Comparison of the times for the monthly application of operating system patches

Updates of the entire stack covered by the solution (full-stack updates)

To reduce the complexity and operational costs of the solution update process, in the new version of Azure Stack HCI a process is contemplated that involves full-stack updating (Firmware / driver along with the operating system) for certain selected partners.

Figure 9 – Solution updates of a Dell EMC-branded Azure Stack HCI solution

Azure Hybrid Service

This new version of Azure Stack HCI is provided as an Azure service, applying a subscription-based licensing model and offering integrated hybrid capabilities.

To expand the capabilities of your solution, you can use Azure solutions to monitor, activate disaster recovery scenarios, manage backup protection, as well as a centralized view of the various implementations of Azure Stack HCI direct from the Azure Portal. Following, details about this Azure hybrid service are reported.

Native integration in Azure

The new Azure Stack HCI natively integrates with Azure services and Azure Resource Manager (ARM). No agent is required for this integration, but Azure Arc is integrated directly into the operating system. This allows you to view, direct from the Azure Portal, the cluster Azure Stack HCI on-premises exactly like an Azure resource.

Figure 10 – Azure Stack HCI integration scheme in Azure

By integrating with Azure Resource Manager, you can take advantage of the following benefits of Azure-based management:

Adopting Standard Azure Resource Manager-Based Constructs (ARM)
Classification of Clusters with Tags
Organizing Clusters in Resource Groups
Viewing all clusters Azure Stack HCI in one centralized view
Managing access using Azure Identity Access Management (IAM)

Billing based on a subscription model

Despite being running on-premises, Azure Stack HCI provides invoicing based on Azure subscription, just like any other Azure cloud service. The model is simple and has a cost of 10$ / core / Month, which depends on the cores of the physical processor. In the new pricing model there is no minimum or maximum on the number of licensed cores, much less in the activation duration.

Figure 11 – New licensing model applied for Azure Stack HCI

Dedicated Azure Support Team

Azure Stack HCI becomes an Azure solution, therefore it will be covered by Azure support with the following features:

You can easily request technical support directly from the Azure portal.
Support will be provided by a new team of experts dedicated to supporting the new solution Azure Stack HCI.
You can choose from different support plans, depending on your needs.

For more information, you can access this page.

Familiarity in management and operation

The Azure Stack HCI solution can be activated on different hardware models of your choice and does not require specific software tools to be administered.

Choosing and customizing your hardware

There are several hardware vendors that offer suitable solutions to run Azure Stack HCI and can be consulted by accessing this link. The choice is wide and falls on more than 200 solutions of more than 20 different partners. Azure Stack HCI requires hardware that is specifically tested and validated by various vendors.

The solutions Azure Stack HCI included in the catalog are composed of:

A server system
An host bus adapter
A family of network adapters

Furthermore, you can customize your hardware solution to suit your needs, going to configure the processor, memory, storage and features of network adapters, always respecting the supplier's compatibility matrices.

Figure 12 – Hardware composition for Azure Stack HCI solutions

Management and integration tools

The administrative management of Azure Stack HCI does not require specific software, but you can use existing management tools such as Admin Center, PowerShell, System Center Virtual Machine Manager and even third-party tools.

Using the Windows Admin Center, you can install and configure new architectures Azure Stack HCI and activate virtual systems. Furthermore, With native Windows Admin Center integration with Azure, you can extend functionality with different Azure services, including:

Azure Site Recovery to implement disaster recovery scenarios.
Azure Monitor to monitor, in a centralized way, what happens at the application level, on the network and in its hyper-converged infrastructure, with advanced analysis using artificial intelligence.
Azure Backup for offsite protection of your infrastructure.
Azure Security Center for monitoring and detecting security threats in virtual machines
Azure Update Management to make an assessment of the missing updates and proceed with its distribution, for both Windows and Linux systems, regardless of their location, Azure or on-premises.
Cloud Witness to use Azure storage account as cluster quorum.

Conclusions

The innovations introduced in Microsoft's new hyper-converged solution are very interesting and concern various areas. Azure Stack HCI integrates seamlessly with the existing on-premises environment and offers an important added value: the ability to connect Azure Stack HCI with Azure services to achieve a hybrid hyper-converged solution. This aspect in particular strongly differentiates it from other competitors who offer solutions in this area. Thanks to the changes introduced by this new version it is possible to obtain a complete and more integrated and performing proposition for hyper-converged scenarios.

Azure IaaS and Azure Stack: announcements and updates (September 2020 – Weeks: 35 and 36)

Azure

Compute

Azure Dedicated Hosts now support new Azure Virtual Machines series

Azure Dedicated Host provides a single-tenant physical server to host your Azure Virtual Machines for Windows and Linux. The server capacity is not shared with other customers. Address specific organizational compliance requirements or plan your maintenance window by deploying your workloads on Azure Dedicated Hosts. You can now deploy Dsv4, Ddsv4, Esv4, and Edsv4 Azure Virtual Machines on Dedicated Hosts. New Azure Dedicated Host SKUs featuring new hardware types for the Dsv3 and Esv3 Azure VM series are now generally available as well. With this update, we continue to expand the range of general purpose and memory intensive workloads that you can run on Azure Dedicated Hosts while providing greater performance.

New Azure VMs for general purpose and memory intensive workloads

The new D v4 and E v4 series Azure Virtual Machines, now generally available, are based on the Intel Xeon Platinum 8272CL custom processor, which can achieve up to 3.4Ghz all core turbo frequency. These new Azure Virtual Machines do not provide any temporary storage. If you require temporary storage select the latest Dd v4 and Ed v4 Azure virtual machines, which are also generally available.

The D v4 / Ds v4 virtual machine sizes offer a combination of vCPUs and memory able to meet the requirements associated with most general-purpose workloads. You can attach Standard SSDs and Standard HDDs disk storage to the D v4 virtual machines. If you prefer to use Premium SSD or Ultra Disk storage, please select the Ds v4 virtual machines.
The E v4 / Es v4 virtual machines feature up to 504 GiB of RAM and are ideal for various memory-intensive enterprise applications. You can attach Standard SSDs and Standard HDDs disk storage to the E v4 VMs. If you prefer to use Premium SSD or Ultra Disk storage, please select the Es v4 virtual machines.

Automated deployment of Always On availability groups through the Azure portal (Public preview)

A new, automated way to deploy Always On availability groups is now in preview for SQL Server on Azure Virtual Machines (VMs) using the SQL VM resource provider. The VM resource provider simplifies configuring Always On availability groups by handling infrastructure and network configuration details. It offers a reliable deployment method with the correct resource dependency settings and internal re-try policies. Deploying automated Always On availability groups with SQL VM resource provider today will improve availability for SQL Server on Azure Virtual Machines. Learn more about Always On availability group deployments.

Storage

AzCopy: new version available

AzCopy v10.6 has released with support for:

Sync command now includes access control lists (ACLs) between supported resources (e.g. Windows and Azure Files) using persist-smb-permissions flag
Sync also includes SMB properties (Created Time, Last Write Time, and attributes such as Read Only) between supported resources (e.g. Windows and Azure Files) using the persist-smb-info flag
Support for higher block & blob size. Blob block size up to 4,000 MiB supported. This provides block blob sizes up to 190.7 TiB (4,000 MiB x 50,000 blocks)
Support for Blob Versioning using list-of-versions flag for both download and delete operations

Azure Data Lake Storage Gen2: access control list recursive update (public preview)

The ability to recursively propagate access control list (ACL) changes from a parent directory to its existing child items for Azure Data Lake Storage (ADLS) Gen2 is now available in public preview. This public preview is available globally in all Azure regions, through PowerShell, .NET SDK, and Python SDK.

Azure Blob versioning is now general available

Azure storage strives to protect your business critical data from any accident or attack. To support that goal, Microsoft is announcing the general availability of Azure Blob versioning. Azure Blob Versioning automatically maintains previous versions of an object and identifies them with version IDs. You can list both the current blob and previous versions using version ID timestamps. You can also access and restore previous versions as the most recent version of your data if it was erroneously modified or deleted by an application or other users.

Networking

Azure DNS: Introducing automatic child zone delegation

A new update released to general availability in all clouds that makes it easier for you to create Child Zones which are easily attached to Parent Zones. Prior to this release, when a customer was creating a new child zone, they would add their resource records to the newly created zone but often missed the step adding the complicated nameserver records back to the parent zone, causing name resolution failure when the customer would try to test the newly created zone. This update creates an option for you to identify their new zone as a child (please see illustration) of an existing zone in Azure DNS. When this selection has been made, the name server records for the child zone will be automatically populated in the parent, saving you 4 additional steps. For a quick explanation on how to create child zones, please check out our tutorial guide.

Upcoming changes to Standard Public IPs and Standard Load Balancers

With Network API version 2020-08-01, zone behavior for Standard SKU resources (Azure Load Balancer and Public IP addresses) will be updated such that:

when no zone is specified, a non-zonal resource is created
when a single zone is specified, a zonal resource is created
when multiple zones are specified in a region with Availability Zones, a zone-redundant resource is created

A zone-redundant resource can only be created in regions where Availability Zones are supported.

Azure Stack

Azure Stack Hub

Stream Analytics can be run on Azure Stack Hub

Azure Stream Analytics now can be run on Azure Stack Hub as an IoT Edge module. Configurations have been added to the IoT Edge module which allows it to interact with blob storage, Event Hubs, and IoT Hubs running in an Azure Stack Hub subscription. Customers can build truly hybrid architectures for stream processing in your own private, autonomous cloud, which can be connected or disconnected with cloud-native apps using consistent Azure services on-premises.