Category Archives: Microsoft Azure

Azure IaaS and Azure Stack: announcements and updates (February 2020 – Weeks: 07 and 08)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Firewall Manager now supports virtual networks

Azure Firewall Manager Preview now supports Azure Firewall deployments in virtual networks (also known as hub virtual networks) in addition to its support for Azure Firewall deployments in virtual WAN hubs (also known as secured virtual hubs).

New Azure Firewall certification and features

New Azure Firewall capabilities are available:

  • ICSA Labs Corporate Firewall Certification.
  • Forced tunneling support now in preview.
  • IP Groups now in preview.
  • Customer configured SNAT private IP address ranges now generally available.
  • High ports restriction relaxation now generally available.

Form more detrails you can read this document.

Azure Virtual Network: Network address translation in preview

Azure Virtual Network now offers network address translation (NAT) (in preview) to simplify outbound-only internet connectivity for virtual networks. All outbound connectivity uses the public IP address and/or public IP prefix resources connected to the virtual network NAT. Outbound connectivity is possible without a load balancer or public IP addresses directly attached to virtual machines. Virtual Network NAT Preview is fully managed, highly resilient, and is currently available in the following regions:

  • Europe West
  • Japan East
  • US East 2
  • US West
  • US West 2
  • US West Central 

Preview of Azure Shared Disks for clustered applications

The limited preview of Azure Shared Disks, the industry’s first shared cloud block storage, is available. Azure Shared Disks enables the next wave of block storage workloads migrating to the cloud including the most demanding enterprise applications, currently running on-premises on Storage Area Networks (SANs). These include clustered databases, parallel file systems, persistent containers, and machine learning applications. This unique capability enables customers to run latency-sensitive workloads, without compromising on well-known deployment patterns for fast failover and high availability. This includes applications built for Windows or Linux-based clustered filesystems like Global File System 2 (GFS2). With Azure Shared Disks, customers now have the flexibility to migrate clustered environments running on Windows Server, including Windows Server 2008 (which has reached End-of-Support), to Azure. This capability is designed to support SQL Server Failover Cluster Instances (FCI)Scale-out File Servers (SoFS)Remote Desktop Servers (RDS), and SAP ASCS/SCS running on Windows Server.

Azure Private Link is generally available

Azure Private Link is now generally available. Azure Private Link is a secure and scalable way for you to consume services (such as Azure PaaS,  Partner Service, BYOS) on the Azure platform privately from within your virtual network. Private Link also enables you to create and render your own services on Azure. It enables a true private connectivity experience between services and virtual networks.

Azure Resource Manager template support for NSG flow logs

Now, Azure Resource Manage, the native and powerful way to manage your infrastructure as code, supports the deployment of network security group (NSG) flow logs through templates. NSG flow logs are now an Azure Resource Manager resource so you have the ability to deploy flow logs programmatically and set up Azure Governance policies to verify that flow logs are enabled. 

Azure Network Watcher is generally available in four new regions

Azure Network Watcher is now generally available in UAE North, Switzerland North, Norway West, and Germany West Central regions.

Native Azure Active Directory authentication support and Azure VPN Client 

Native Azure Active Directory (Azure AD) authentication support for OpenVPN protocol, and Azure VPN Client for Windows are generally available for Azure point-to-site (P2S) VPN. Native Azure AD authentication support enables user-based policies, conditional access, and multi-factor authentication (MFA) for P2S VPN. Native Azure AD authentication requires both Azure VPN Gateway integration and a new Azure VPN client to obtain and validate an Azure AD token.

Unified network monitoring with connection monitor in preview

Azure Network Watcher now has a new and improved connection monitor feature. Connection monitor provides unified end-to-end connection monitoring capabilities for hybrid and Azure deployments. Some of the new capabilities include:

  • A single console for configuring and monitoring connectivity and network quality from Azure and on-premises VMs/hosts. 
  • The ability to monitor endpoints within and across Azure regions, on-premises sites, and global service locations. 
  • Higher and configurable probing frequencies and support for more protocols.
  • Faster time to detect and diagnose issues in Azure and hybrid networks.
  • Access to historical monitoring data retained in Log Analytics. 

Azure Bastion is available in 20 new regions

Azure Bastion, the managed PaaS service that provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL and without any public IP on your virtual machines, is now generally available in 20 new regions.

Active Directory authentication support on Azure Files (preview)

You can now mount your Azure Files using AD credentials with the exact same access control experience as on-premises. You may leverage an Active Directory domain service either hosted on-premises or on Azure for authenticating user access to Azure Files for both premium and standard tiers. Managing file permissions is also simple. As long as your Active Directory identities are synced to Azure AD, you can continue to manage the share level permission through standard role-based access control (RBAC). For directory and file level permission, you simply configure Windows ACLs (NTFS DACLs) using Windows File Explorer just like any regular file share. 

Azure Stack

Kubernetes on Azure Stack 

Microsoft now supports Kubernetes cluster deployment on Azure Stack, a certified Kubernetes Cloud Provider. Install Kubernetes using Azure Resource Manager templates generated by ACS-Engine on Azure Stack.

Azure IaaS and Azure Stack: announcements and updates (January 2020 – Weeks: 05 and 06)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

New solution for Azure Monitor for virtual machines

The new solution for Azure Monitor for VMs will soon be available in all regions. This update will provide richer monitoring functionality and map data sets for Service Map customers. Once it’s available in your region, it’ll be necessary to upgrade to the new solution in order to continue using Azure Monitor for VMs. Disruption to your workflow should be minimal since Azure Monitor for VMs is still in preview, compared to upgrading after general availability.

Azure Cost Management and billing updates

Here are a few of the latest improvements and updates related to Azure Cost Management in January 2020:

Large file shares (100 TiB) on standard is available world-wide

Large file shares (100 TiB) on standard is available in all regions world-wide, including national clouds (Gov, China, Germany).

Azure DNS private zones is now available in Azure Government and Azure China

Azure DNS private zones is now generally available in Azure Government and Azure China regions. Use Azure DNS private zones for DNS resolution across one or more virtual networks in Azure Government and Azure China clouds. Azure DNS private zones provides a reliable and secure DNS service to manage and resolve domain names in an Azure virtual network without the need to add a custom DNS solution.

Managed identities on lab virtual machines in Azure DevTest Labs

Lab owners can now enable user-assigned managed identities on lab virtual machines in Azure DevTest Labs. Managed identities is a feature of Azure Active Directory that can authenticate any Azure service, including Azure Key Vault, without any credentials in your code. With this feature, lab users can now share Azure resources such as Azure SQL Database in the context of the lab. Once configured, every existing or newly created lab virtual machine will be enabled with this managed identity, and the lab user will be able to access resources once logged in to their machine.

New AMD-based Dav4 and Eav4 Azure VMs are available in additional regions

New Azure Dav4-series and Eav4-series virtual machines based on the latest AMD EPYC™ processor are now available in East US, East US2, West US2, Southeast Asia, North Europe, and West Europe regions. The Dav4-series and Das v4-series Azure VMs are suited for general-purpose workloads. The Eav4-series and Eas v4-series are ideal for memory-intensive workloads.

HBv2-Series VMs are Generally Available

HBv2 VMs are Generally Available in the US South Central region .HBv2 Virtual Machines feature 120 AMD EPYC™ 7002-series CPU cores, 480 GB of RAM, 480 MB of L3 cache, and no simultaneous multithreading (SMT). HBv2 Virtual Machines provide up to 350 GB/sec of memory bandwidth.

Azure management services and System Center: What's New in January 2020

The new year began with several announcements from Microsoft about what's new in Azure management services and System Center. The Cloud Community releases this summary monthly, allowing you to have a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Monitor

New version of Log Analytics Gateway

For Azure Monitor a new version was released of the Log Analytics Gateway introducing greater stability and reliability. To get the new version, you can sign in to the Azure portal, browsing the Log Analytics blade or directly through the Microsoft Download Center.

Availability in new regions for Service Map

Azure Map functionality in Azure Log Analytics is now also available in the region US Gov Virginia“.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 43 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Support for customer-managed keys

Azure Site Recovery has introduced support for the following scenarios:

Azure Backup

Long term retention for backup of file shares configurable by the Azure portal

Azure Backup allows you to keep on-demand backups of file shares until 10 years. This configuration, made initially possible only by using PowerShell, can now also be done from the Azure portal.

Restore cross region of virtual machines

In Azure Backup has been announced the ability to perform cross region restore of virtual machines to the Azure Paired Region. This feature is currently available in limited preview in West Central United States (WCUS) and the restore can then take place towards the WUS2 region. For further information you can consult this technical documentation.

Protection of SAP HANA in new regions

The Azure Backup solution now allows you to enable the protection of SAP HANA DBs aboard Azure virtual machines in European and Asian region. These are the regions where this feature is active:

  • West Europe (WE), North Europe (NE), France Central, France South, UK West (UKW), Germany North, Germany West Central, Germany Central, Germany North East, Switzerland North, and Switzerland West.
  • Australia Central, Australia Central 2, Australia East (AE), Australia Southeast (ASE), Japan East (JPE), Japan West (JPW), Korea Central (KRC), and Korea South (KRS).

Soft Delete for SQL Server and SAP HANA in Azure VMs

In Azure Backup has been introduced the functionality of soft delete also with regard to the protection of SQL Server and SAP HANA aboard Azure virtual machines. Soft delete is a security feature that allows you to protect your backups even after you delete it. Thanks to Soft delete, in the event that a backup is removed accidentally or for malicious actions, you are guaranteed that the backup data is still maintained for 14 days from the cancellation date. This feature, that doesn't include any additional costs, take to recover any deleted backups within the retention period.

Microsoft Endpoint Manager

New release for the Technical Preview Branch

For Configuration Manager was released in the Technical Preview Branch the update 2001 that among the main changes it introduced different dashboards to monitor the utilization of the new Microsoft Edge and other browser.

To check the details of what's included in these updates, you can see this document.

Please note that Releases in the Technical Preview Branch allow you to preview new Configuration Manager features, and it is recommended that you apply these updates only in test environments.

Evaluation of Azure and System Center

To test for free and evaluate the services provided by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (January 2020 – Weeks: 03 and 04)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Microsoft to launch new cloud datacenter region in Israel

Microsoft announced plans to establish the company’s first cloud region in Israel to deliver its intelligent, trusted cloud services through a local datacenter region. This investment expands the Microsoft global cloud infrastructure to 56 cloud regions in 21 countries, with the new Israel region anticipated to be available starting with Microsoft Azure in 2021, with Office 365 to follow. The new Israel region will adhere to Microsoft’s trusted cloud principles and become part of one of the largest cloud infrastructures in the world, already serving more than a billion customers and 20 million businesses.

Azure is now certified for the ISO/IEC 27701 privacy standard

zure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS). The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. Microsoft’s successful audit can also help enable Azure customers to build upon our certification and seek their own certification to more easily comply with an ever-increasing number of global privacy requirements.

New support for Network Security Group flow logs

Network Security Group (NSG) flow logs, a feature of Azure Network Watcher, allows you to view information about ingress and egress IP traffic. This feature now supports two new Azure Storage configurations:

  • Firewalled Storage accounts. Configuring Storage firewalls provides greater access control and security of your data. NSG flow logs can now be sent to storage accounts with a firewall enabled.
  • Service endpoints for Storage. Azure Virtual Network service endpoints allow you to control how your network interacts with Azure, ensuring that traffic from your virtual network to Azure services remains on the Azure backbone network. NSG Flow Logs can now be sent to Storage accounts accessible through virtual network service endpoints.

Microsoft Sustainability Calculator provides insights into IT carbon emissions

The Microsoft Sustainability Calculator is a Power BI application for Azure enterprise customers that provides new insight into carbon emissions data associated with their Azure services. For the first time, those responsible for reporting on and driving sustainability within their organizations will have the ability to quantify the carbon impact of each Azure subscription over a period of time and datacenter region, and to see estimated carbon savings from running those workloads in Azure versus on-premises datacenters. This data is crucial for reporting existing emissions and will help drive additional decarbonization efforts.

Red Hat Enterprise Linux gold images now available on Azure

Red Hat Enterprise Linux (RHEL) bring-your-own-subscription images, also referred to as RHEL gold images, are now available in Azure with a simple, automated sign-up process.

Azure Stack

Azure App Service on Azure Stack Hub Update 8 Released

This release updates the resource provider and brings the following key capabilities and fixes:

  • Updates to App Service Tenant, Admin, Functions portals and Kudu tools. Consistent with Azure Stack Portal SDK version.
  • Managed disk support for all new deployments: all new deployments of Azure App Service on Azure Stack Hub will make use of managed disks for all Virtual Machines and Virtual Machine Scale Sets.  All existing deployments will continue to use unmanaged disks.
  • Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.
  • TLS 1.2 Enforced by Front End load Balancers

All other fixes and updates are detailed in the App Service on Azure Stack Update Eight Release Notes.

Azure Hybrid Cloud: overview of the new Azure Stack portfolio

In a corporate reality the adoption of solutions totally based in the cloud is not always be a viable choice or the absolute best, hybrid solutions often have to be adopted, which in any case include the possibility of using the innovations introduced by the cloud. Microsoft, aware of that, has recently announced several innovations in the proposition of its solutions in Hybryd Cloud extending its portfolio to make it more complete and more adaptable to the needs of customers. This article describes how the range of Microsoft solutions in Azure Stack has been expanded and changed.

Currently, the solutions included in the Azure Stack portfolio are as follows::

  • Azure Stack Hub (previously called only "Azure Stack")
  • Azure Stack Edge (previously called "Azure Data Box Edge")
  • Azure Stack HCI

Figure 1 – Azure Stack product family

Azure Stack Hub

Azure Stack Hub and, prior to this product portfolio review, was known by the name Azure Stack continues to be the offering for enterprise customers and for the public sector customers, needing a cloud environment but disconnected from the Internet, or need to meet specific regulatory and compliance requirements. Azure Stack Hub It allows you to deliver the Azure services in the location you want. The solution continues to evolve to cover an increasingly broad range of services, including:

  • Kubernetes with Azure Kubernetes Service integration (AKS) to automate the creation, upgrading and scaling cluster environments.
  • Support for N-Series virtual machines that include GPU support.
  • Event Hubs (expected the preview this year)
  • Azure Stream Analytics (expected the preview this year)
  • Windows Virtual Desktop (WVD) (expected the preview this year)
  • Azure Data Services with Azure Arc (expected the preview this year)

Azure Stack Edge

Azure Stack Edge, previously known as Azure Databox Edge, is an Azure managed appliance that can bring computational power, cloud storage and intelligence in a remote edge of the customer. The customer can place the order and the provisioning of Azure Stack Edge direct from the Azure Portal, and then use the classic Azure management tools to monitor and perform updates. No upfront costs are required to obtain this appliance, but it will be covered monthly in the billing of Azure services. The big news about Azure Stack Edge is that new features will be supported, among the main ones we find:

  • Execution of virtual machines
  • Cluster Kubernetes
  • NVIDIA GPU support
  • High availability support

Azure Stack Edge will also be available in a "rugged" version, to withstand extreme environmental conditions, and in a battery-powered version, to be easily transported.

Azure Stack HCI

With the arrival of Windows Server 2019, Microsoft introduced the solution Azure Stack HCI, which allows the execution of virtual machines and a wide access to different services offered by Azure. This is a hyper-converged infrastructure (HCI), where different hardware components are removed, substitutes from the software, able to combine the layer of compute, storage and network in one solution. This is the evolution of the Windows Server Software-Defined solution (WSSD) available in the past with Windows Server 2016. Azure Stack HCI with Windows Server 2019, allows the use of Hyper-V, a solid and reliable hypervisor, along with Software Defined Storage and Software-Defined Networking solutions. To this is added Windows Admin Center, that allows you to fully manage and with a graphical interface the hyper-converged environment.

Azure Stack HCI shares the same software-defined technologies also used by Azure Stack Hub and requires the adoption of hardware tested and validated specifically for the solution. In order to obtain certification, the hardware is subjected to rigorous validation tests, that guarantee the reliability and stability of the solution. To see the different Azure Stack HCI solutions of the various hardware vendors, you can access this page. Azure Stack HCI can be used for smaller environments with a minimum of two nodes and can scale up to a maximum of 16 nodes. This makes it a suitable solution for different usage scenarios.

Conclusions

To better meet the needs of different clients in this area, Microsoft has revisited its product portfolio. The Azure Stack portfolio combined with Azure Arc, provides an environment where Azure services and management are reflected on validated and integrated infrastructure models, all in a complementary way.

How to activate an SFTP service in Azure based on Container

A communication protocol that is commonly used for transferring files between different business realities is certainly SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol). To date, Azure does not have a fully managed platform service that allows you to provide access over the SFTP protocol. Activating a virtual machine in Azure that hosts the SFTP service incurs activation costs and a significant management effort. This article provides a solution that you can use to deliver the SFTP service to Azure in an Azure environment., Azure Container Instances (ACI) and Azure File Shares.

The proposed solution is based on the following components::

  • Azure Container Instances (ACI), It is the easiest and quickest way in Azure to run containers on-demand in a managed serverless environment. All this is made possible without having to activate specific virtual machines and the necessary maintenance is almost negligible. The solution Azure Container Instances is eligible in scenarios that require isolated containers, without the need to adopt an orchestration system. The service Azure Container Instances costs depend on the number of vCPUs and memory GBs used by the container group.. For more details on costs please visit the Microsoft official page.
  • Azure File, the managed Azure service that allows you to access file shares in the cloud through the Server Message Block (SMB).

Figure 1 – Azure architecture

You will then be activated Linux-based docker container to deliver the SFTP service through Azure Container Instance (ACI). In order to have a persistent storage access from the container it will be made the mount of an Azure Files Shares. Files transferred via the SFTP service will therefore also be accessible via SMB protocol, managing the appropriate permissions, also stopping the execution of the container created.

To deploy this solution, you can use the referenced templates as a starting point in this Microsoft's document. These are two templates, where the first also involves creating a storage account, but of type V1.

Figure 2 – Deployment via custom template

In order to get a proper integration with existing Azure environments and to ensure a filtered access to the SFTP service you must deploy instances of containers inside an Azure virtual network. To do this, you need to enable a feature in preview, and as such has some limitations, between which does not support peering of virtual networks. In this scenario, if the SFTP service is required to be published to the internet, this will necessarily have to take place via Azure Firewall, as it is not supported directly assigning Public IP to Azure Container configured in Virtual Network. In order to improve the security postures of your Azure environment, it is also recommended that:

  • Take a micro-segmentation and granular perimeter definition approach in Azure network architecture. To do this, addition to the adoption of Azure Firewall, you need to plan for the use of the Network Security Groups (NSGs), the tool used to segregate network traffic internally with the Azure Virtual Network. Through deny and permit rules can be filtered communications between different subnets where different application workloads are attested.
  • Predicting the use of Virtual Network (VNet) service endpoints to increase the security level of the Storage Account, preventing unauthorized access. The vNet Service Endpoints allow you to isolate the Azure services, allowing access to them only by one or more subnets defined in the Virtual Network. This feature also ensures that all traffic generated from the VNet towards the Azure services will always remain within the Azure backbone network.

To complete this solution, you must also have a data protection strategy that is placed on the storage account through the SFTP service. Content transferred via SFTP service to Azure file shares can be backed up using the Azure Backup. Again, this is at the time of a feature in preview, so you can have a protection with a daily frequency.

To date, as an alternative to this solution, you can adopt third-party solutions available in the Azure marketplace to deliver the SFTP service. These are significantly more expensive solutions that typically require more effort to deploy and manage them.

Conclusions

Waiting for Microsoft to release a fully managed SFTP service in Azure, this solution enables this service quickly and easily, with reduced costs and without having to maintain and manage virtual machines. The adoption of this solution need integration with other Azure services platform to implement it effectively, without neglecting the safety aspect. At the time you may need to use services in preview, but not officially supported in a production environment.

Azure IaaS and Azure Stack: announcements and updates (January 2020 – Weeks: 01 and 02)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Lab Services updates

Azure DevTest Labs recently released different updates:

  • Enables multiple owners to manage a lab.
  • Added the ability to automatically shut down virtual machines when a users’ remote desktop (RDP) session is disconnected (Windows).
  • Integration with Azure Bastion, enabling you to connect to your lab virtual machines through a web browser.
  • It automatically installs the necessary GPU drivers for you when you create a lab with GPU machines. You no longer have to figure out which GPU driver to use on your own.

Azure File Sync agent version 5.x will expire on February 12th

To continuously improve Azure File Sync, Microsoft can only support old versions of the agent for a limited time. On February 12, 2020, Azure File Sync agent version 5.x will be expired and stop syncing. If you have servers with agent version 5.x, update to a supported agent version (6.x or later). If you don’t update your servers before February 12, 2020, they will stop syncing. To resume syncing, the agent must be updated to a supported version.

Azure IaaS and Azure Stack: announcements and updates (December 2019 – Weeks: 51 and 52)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Serial console for Azure Virual Machines available in US Government Cloud

Serial console is available in preview in the Azure US Government Cloud, allowing customers in the government-only clouds to access the serial console of their VMs or virtual machine scale set instances.

Azure Data Box Disk is available in the East Asia

Data Box Disk is an SSD-disk-based option for offline data transfer to Azure. It’s ideal for a recurring or one-time data migration of up to 40 TB to Azure and is especially well suited for data migration from multiple remote or branch offices. Azure Data Box Disk is now available in the East Asia (Hong Kong) region. This is in addition to the other Azure regions where Data Box Disk is already available: US, EU, Canada, Australia, Japan, Korea, Singapore, and Azure Government (US).

Azure Bastion generally available in East US 2 and West US 2

Azure Bastion is generally available in two more Azure public cloud regions, East US 2 and West US 2. Azure Bastion is a managed PaaS service that provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL and without any public IPs on your virtual machines.

Azure management services and System Center: What's New in December 2019

In December have been announced, by Microsoft, a significant number of news regarding Azure management services and System Center. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

Azure Monitor

Improvements in Azure Monitor for containers

The new Azure Monitor agent for containers, introduces several improvements in resource utilization and data volume optimization, thus helping to reduce costs. This update also changes some tables where data is consolidated and you may need some changes to existing queries if they use these fields: Name and Image in the table ContainerLog.

New features in Azure Monitor Metrics Explorer

For Azure Monitor, the Metrics Explorer component has seen the release of the following new features:

  • More flexibility in chart generation.
  • The resource selector supports the ability to choose multiple resources in scoping.
  • More granular charts such as number of data points.
  • Improved Chart Legends.

For more details you can refer this article.

Azure Backup

Azure Backup: resource group management for virtual machines

Azure Backup introduces the ability to customize the name of the resource group created by the service, acting on the backup policy for protecting virtual machines. Azure Backup creates a specific resource group where restore point collections are placed, hosting the instant recovery points of the managed VMs. Of dafault the naming of this resource group is as follows: AzureBackupRG_Geo_n, but now you get the ability to customize it.

Support for encrypted VMs larger than 4TB

The ability to back up and restore encrypted virtual machines larger than 4 TB has been extended to all Azure regions. In this way, the experience and capabilities provided by Azure Backup to protect these machines is the same, regardless of size.

Microsoft Endpoint Manager

New Update for Microsoft Endpoint Configuration Manager (current branch)

Configuration Manager has officially released the update 1910 that formalizes that Configuration Manager is now part ofMicrosoft Endpoint Manager. The new version also introduces several changes aimed at enriching and improving different features of the solution.

To verify the details about what's new in this update you can see this document.

New release for the Technical Preview Branch

For Configuration Manager was released in the Technical Preview Branch the update 1912 and one of the main innovations allows a device to upload its client logs to the site server. All this is possible by sending a client notification action from the Configuration Manager console.

To check the details of what's included in these updates, you can see this document.

Please note that Releases in the Technical Preview Branch allow you to preview new Configuration Manager features, and it is recommended that you apply these updates only in test environments.

Evaluation of Azure and System Center

To test for free and evaluate the services provided by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure Arc: a new approach to hybrid environments

The use of hybrid architectures in enterprise reality is more and more predominant, they allow you to continue to benefit from investments made in your on-premises environment and, at the same time, use the innovation introduced by the cloud. The adoption of hybrid solutions is a winner if it takes into account a shared policy for distribution, component management and security. Without consistency in the management of different environments, the costs and complexities are likely to grow exponentially. Microsoft has decided to respond to this need with the solution Azure Arc, involving a range of technologies with the aim of developing new hybrid scenarios, where Azure services and management principles are extended to any infrastructure. This article presents the approach adopted by Azure Arc for hybrid environments.

The complexity of IT environments is constantly expanding to the point where we find reality with applications based on different technologies, active on heterogeneous infrastructures and maybe that adopt solutions in different public cloud. The need for customers is to be able to adopt a solution that centrally allows them to inventory, organize and enforce control policies on their IT resources wherever they are.

The principle behind Azure Arc is to extend Azure management and governance practices to different environments and to adopt typically cloud solutions, as DevOps techniques (infrastructure as code), even for on-premises environments.

Figure 1 – Azure Arc overview

To achieve this, Microsoft has decided to extend the model Azure Resource Manager so that we can also support hybrid environments, this makes it easier to implement the security features in Azure on all infrastructure components.

Figure 2 – Azure Management for all resources

Azure Arc consists of a set of different technologies and components that allows you to:

  • Manage applications in Kubernetes environments: it provides the ability to deploy and configure Kubernetes applications in a consistent manner across all environments, adopting modern DevOps techniques.
  • Allow Azure data services to run on any infrastructure: everything is based on the adoption of kubernetes and allows achieving more easily meet compliance criteria, to improve the security of data and to have considerable flexibility in deployment time. At the time the services covered are Azure SQL Database and Azure Database for PostgreSQL.
  • Organize, manage and govern all server systems: Azure Arc extends Azure governance and management capabilities to physical machines and virtual systems in different environments. This solution is specifically called Azure Arc for servers.

Figure 3 – Azure Arc Technologies

Azure Arc involves the use of specific Resource Provider for Azure Resource Manager and the installation of Azure Arc agents is required.

By logging in to the portal, you can see that Azure Arc for Servers is already currently available in public preview, while you need to register to manage Kubernetes environments and data services in preview.

Figure 4 – Azure Arc in the Azure portal

Thanks to the adoption of Azure Arc which introduces an overall view, you can reach, for hybrid architectures, the following objectives, difficult to achieve otherwise:

  • Standardization of operations
  • Organization of resources
  • Security
  • Cost Control
  • Business Continuity
  • Regulatory and corporate compliance

Figure 5 – Cloud-native governance with Azure Arc

Conclusions

Azure Arc was recently announced and although still in an embryonic phase, I think that will evolve significantly enough to revolutionize the management and development of hybrid environments. To keep up to date on how this solution will develop you can register at this page.