Category Archives: Microsoft Azure

Azure management services and System Center: What's New in August 2019

Microsoft constantly releases news regarding the Azure management services and System Center. Our community publishes this monthly summary to provide an overview of the top news released in the last month. This allows you to stay up-to-date on these topics and have the necessary references to conduct further investigations.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 39 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Availability in new regions

Azure Site Recovery is now available in these new regions: West India, UAE Central, UAE North, South Africa North, and South Africa West.

Disaster recovery of Azure Disk Encryption-enabled virtual machines

Azure Site Recovery introduced support for virtual machines with disks that use Azure Disk Encryption without using Azure Active Directory app. This feature is currently only supported for Windows virtual machines that use managed disks. Soon will be introduced the support for Linux virtual machines, using managed disks.

Monitor in Log Analytics

The ability to send diagnostic logs to a Log Analytics workspace has been introduced to the Site Recovery vault. These logs are generated in addition to virtual machines in Azure, also from VMware virtual machines and physical systems protected by Azure Site Recovery.

Azure Backup

Availability in new regions

Azure Backup can now also be used in these new regions: West India, UAE Central, UAE North, South Africa North, and South Africa West.

Support for disks up to 30 TB

For Azure Backup has been announced support, currently in limited public preview, for large Managed disks, up to 30TB. For further information you can consult this article.

Soft Delete for protected virtual machines

In order to increase the protection of the backups made by Azure Backup, was introduced the soft delete for IaaS virtual machines. This allows you to have a higher level of protection from accidental or malicious deletions of IaaS VMs backups.

System Center Configuration Manager

New releases for the Technical Preview Branch

For Configuration Manager was released the update 1908 that among the main innovations there is the ability to activate the’High Performance Power Plan during the execution of the task sequence, for performance benefits.

Furthermore, it was released the update 1908.02 that includes the integration with Teams messaging in the Configuration Manager console.

To check the details of what's included in these updates, you can see this document for update 1908 and this document for update 1908.02.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Evaluation of Azure and System Center

To test and evaluate free of charge the service offered by Azure you can access this page, while to try out the various components of System Center you must Access to theEvaluation Center and, after registering, you can start the trial period.

Azure Dedicated Host: the creation of virtual machines on a dedicated system

In Azure was recently announced the availability of the new service Azure Dedicated Host, that allows you to have a physical server in Azure, totally dedicated to your organization, on which to enable Windows or Linux virtual machines. This article describes what are the main features of the service, its benefits and what procedure to follow for activation.

Normally, without the adoption of this new service, in Azure physical hosts are used to host virtual machines of more tenants, and the isolation occurs through the multi-tenant hypervisor. Using Azure Dedicated Host, physical servers can keep running only the workloads of an individual tenant. In this way you can have a wider visibility and a higher control on the hardware on which are running the own virtual machines, with the certainty that the host are not shared with other customers of Azure.

Usage scenarios

The service Azure Dedicated Host can be very useful to meet the following usage scenarios:

  • Need to have an isolation at the host level for compliance reasons, in terms of physical security, data integrity and monitoring.
  • Have visibility and control over the server infrastructure on Azure hosting yours virtual machines. You can in fact define the type of host hardware, the characteristics of the processor and the number of cores, the type and size of the VMs that you plan to deploy, with the ability to choose different sizes for virtual machines, while maintaining the same series selected for the specific host.
  • Govern all maintenance activities at the host level given by the Azure platform, such as physical host operating system updates. By using theAzure Dedicated Host you have the option of choosing the most appropriate time of maintenance, within a maintenance window of 35 days.

If you need to cope with one of the above scenarios, theAzure Dedicated Host is definitely a great option, but if you don't have specific needs you should use the classic methodology for deploying virtual machines Azure, as it has a greater level of flexibility.

Activation of the service

The deployment of a new Azure Dedicated Host requires the presence of a host group. To this group can be added more Host, that will be used to host the new virtual machine in Azure. Deploy Azure Dedicated Host can be done throughARM templateCLIPowerShell, and directly fromAzure Portal. This article shows the steps for creating the service directly from the Azure Portal.

Figure 1 - Starting the procedure of creation of a Host Group

During the Host Group creation process you are requested specific settings such as Availability zones (Optional) and the number of fault domain.

Figure 2 – Parameters required when creating a Host Group

When the Host Group is created you can start the process of setting upAzure Dedicated Host, that will be associated with a specific Host Group.

Figure 3 – Start the process of creating a Dedicated Host

Among the parameters required in the creation of a Dedicated Host there is the family of VMs, that will be hosted by the specific host, the host group membership, the number of Fault Domain and the ability to automatically substitute the host in case of any problems. Furthermore, it requests information necessary to obtain the benefits in terms of licensing, reported in the following paragraph.

Figure 4 – Parameters required when creating a Dedicated Host

Completed the process of setting up Azure Dedicated Host it's possible, during the creation of a virtual machine, host it on a specific system . An important consideration is that the region must be the same as the host and the size of the VM must belong to the VM Host Family configured during creation.

During the virtual machine creation process is present, in the section Host of the tab Advanced, the ability to select the host group and the Dedicated Host.

Figure 5 — Select the Host Group and the Host when creating the VM

Aspects related to licensing

Azure Dedicated Host lets get some advantages in terms of licensing, with the ability to take advantage of theAzure Hybrid Benefit. You can use the licenses available to Windows Server and SQL Servers covered by Software Assurance even in this scenario. Furthermore, customers who have Windows Server Datacenter licenses and Software Assurance may have fired an unlimited number of Windows Server virtual machines in the environment Azure Dedicated Host. Similarly, clients with SQL Server Enterprise Edition licenses and Software Assurance may use unlimited virtualization rights for SQL Server on their dedicated host in Azure. For other vendors like SUSE or RedHat Linux is allowed to use the licenses available with Azure Dedicated Host. In this case it is advisable to check with vendors specific licensing conditions.

With the introduction of this new service, Microsoft is updating accordingly the terms of use of licences in order to clarify the distinction between the on-premises/traditional outsourcing services and cloud services. To get more information about it you can see the Microsoft's official documentation.

Another important aspect to consider is that using the Azure Dedicated Host you can use the service of Extended Security Updates for Windows Server 2008/R2 and SQL Server 2008/R2.

Cost of service

The cost of Azure Dedicated Host is calculated at the host level and not on the basis of the number of virtual machines running on the host. Software licensing costs are calculated separately based on use of individual VMs. To obtain licensing savings you can take into consideration what is reported in the previous paragraph. This is a pay-as-you-go, no activation or termination fee. For more details please visit the official page of costs.

Conclusions

The service Azure Dedicated Host allows you to contemplate new usage scenarios of the Azure platform, and is able to address the needs of those customers who require host isolation, targeted to meet compliance and governance requirements. Very interesting also the possibility to achieve savings in licensing, by using Azure Hybrid Benefit. The advice is to consider using this service only if really necessary for your needs, otherwise you should use the classic method of deployment of virtual machines.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 33 and 34)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Geo Zone Redundant Storage in Azure in preview

Geo Zone Redundant Storage provides a great balance of high performance, high availability, and disaster recovery and is beneficial when building highly available applications or services in Azure. Geo Zone Redundant Storage helps achieve higher data resiliency by doing the following:

  • Synchronously writing three replicas of your data across multiple Azure Availability Zones, such as zone-redundant storage today, protecting from cluster, datacenter, or entire zone failure.

  • Asynchronously replicating the data to another region within the same geo into a single zone, such as locally redundant storage, protecting from a regional outage.

Ultra Disks generally available

Microsoft Azure Ultra Disks is the new managed disks offering which is now generally available for running data intensive business critical workloads on cloud requiring high IO performance and low latency. With the introduction of Ultra Disk Storage, Azure includes four types of persistent disk: Ultra Disk Storage, Premium SSD, Standard SSD, and Standard HDD. This portfolio gives you price and performance options tailored to meet the requirements of every workload.

Azure File Sync agent v7.2

Azure File Sync agent v7.2 update rollup is on Microsoft Update and Microsoft Download Center.

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.2.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490497.

Azure Files Azure Active Directory Domain Services (Azure AD DS) Authentication

General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced.

Just-in-time (JIT) VM access for Azure Firewall is generally available
Use it to secure your Azure Firewall protected environments in addition to your NSG protected environments.

Azure Firewall: automation to manage your backups

Azure Firewall is the firewall-as-a-service solution exists in the Microsoft public cloud, which allows you to secure the resources present in the Azure Virtual Networks and to govern the related network flows. This article provides a mechanism designed to make the scheduled backup of this component configuration using Azure Automation.

Azure Firewall is a solution that is increasingly being used in Azure architectures, for the advantages over firewall solutions by third party vendors and thanks to a constant enrichment of features offered. From the moment it is adopted, this service becomes the government center of your Azure networking environment and will contain different rules to comprehensively manage the network traffic. It is therefore essential to have a strategy that allows you to restore the configuration of the service quickly. The service currently does not have an integrated feature to make full backup periodically. For this reason I made a runbook in Azure Automation that backup the Azure Firewall configuration on a Azure blob storage account.

In the following paragraphs there is the procedure for enabling periodic configuration backup using this methodology.

Prerequisites

If you do not have an Azure Automation Account is necessary to proceed with its creation:

Figure 1 – Creating Azure Automation Account

It is also necessary to have a blob storage account on which the Azure Firewall backups will be saved.

Figure 2 — Create blob storage account

In the firewall account storage settings must be enabled the exception "Allow trusted Microsoft services to access this storage account".

On the storage account you can also consider creating policies that enable you to prevent the deletion of backups.

Configuring modules on Azure Automation

Azure Automation supports the ability to use the moduleAzure Powershell Az in runbooks. The module AZ is currently not automatically imported into Automation Accounts. For this reason it is necessary procedures with its configuration as described by this Microsoft's document, in particular by following the procedure given below.

Figure 3 – Start process of adding modules

 

Figure 4 - Selection of the necessary modules and starting the import process

These are the modules required for this automation:

Figure 5 – Required modules

Import and publish of runbook

The next step is to create the Runbook in Azure Automation:

Figure 6 – Creation of Runbook

You can find the code of the runbook in this GitHub page. Once you have created the runbook is appropriate to proceed with its publication.

Figure 7 - Publication of the Runbook.

Runbook schedule

As last step you should schedule the periodic execution of the runbook.

Figure 8 - Creation of schedule

 

Figure 9 - Adding the scheduling to the runbook

 

Figure 10 - Configuration of parameters required by the runbook

Backups in JSON format of the Azure Firewall configuration is automatically saved in the storage accounts indicated and are retained for the number of days expressed in the parameter "RetentionDays".

Figure 11 - Azure Firewall Backups inside the container

Restoring your configuration

In case you need to restore the Azure Firewall configuration is sufficient to deploy the JSON file in the specific resource group, using the following command:

New-AzResourceGroupDeployment -name “RestoreAzureFirewall” -ResourceGroupName “AFW-RGNamexxx” -TemplateFile “.xxx-afwxxxxx.json”

 

Conclusions

Thanks to the adoption of this automation is possible to backup Azure Firewall configuration on a Azure blob storage account. All this is particularly useful and strategic in case of wrong modification of the rules, or if there is a partial or total cancellation of Azure Firewall configuration, which can be accidental or carried out by unauthorized persons.

Azure IaaS and Azure Stack: announcements and updates (August 2019 – Weeks: 31 and 32)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Dedicated Host

Azure Dedicated Host is a new Azure service that enables you to run your organization’s Linux and Windows virtual machines on single-tenant physical servers. Azure Dedicated Hosts provide you with visibility and control to help address corporate compliance and regulatory requirements. Azure Dedicated Host is in preview in most Azure regions.

Azure marketplace charges are available in Azure Cost Management for Pay-As-You-Go customers

Azure marketplace charges within Cost Analysis tool for Pay-As-You-Go customers are available. As a part of this preview you can analyze marketplace charges alongside Azure service charges within Cost Analysis and reconcile Azure marketplace invoice using both Cost Analysis and a new usage csv download API.

Network security group improvements

New improvements have been added to network security group (NSG), which filters network traffic to and from various Azure resources:

  • Specify ICMP as the protocol in your NSG rules, in addition to TCP, UDP, or Any.
  • Override the default Azure platform considerations by creating an NSG rule with the following service tags. Please exercise caution when using these tags.
    • ​​AzurePlatformDNS for DNS
    • AzurePlatformIMDS for IMDS
    • AzurePlatformLKM for Windows licensing (Key Management Service)
Azure File Sync agent v7.1 update rollup

Azure File Sync agent v7.1 update rollup is on Microsoft Update and Microsoft Download Center. Improvements and issues that are fixed:

  • Accessing or browsing a server endpoint location over SMB is slow on Windows Server 2012 R2.
  • Increased CPU utilization after installing the Azure File Sync v6 agent.
  • Cloud tiering telemetry improvements.
  • Miscellaneous reliability improvements for cloud tiering and sync.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 7.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4490496.

Most cost-effective storage offering

Microsoft has dropped Azure Archive Storage prices by up to 50 percent in some regions. The new pricing is effective immediately.

New AMD-based Azure VMs for general purpose and memory intensive workloads

New Azure virtual machines part of the Dv3 and Ev3-series, optimized for general purpose and memory intensive workloads, are in Preview. The new general purpose Da_v3 and Das_v3 Azure VM-series provide up to 64 vCPUs, 256 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Das_v3 Azure VM-series supports Premium SSD disk storage. The new memory optimized Ea_v3 and Eas_v3 Azure VM-series provide up to 64 vCPUs, 432 GiBs of RAM and 1,600 GiBs of SSD-based temporary storage. Eas_v3 Azure VM-series supports Premium SSD disk storage.

M-series virtual machines (VMs) are generally available in the Brazil South Region

Azure M-series VMs are available in the Brazil South region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure Geo and Zone Redundant Storage in public preview

Azure Geo and Zone Redundant Storage (GZRS) helps customers achieve higher data resiliency by Synchronously writing three replicas of your data across multiple Availability Zones and Asynchronously replicating the data to another region within the same geo into a single zone (like LRS today) protecting from a regional outage.

Azure Files Active Directory (Azure AD) authentication with Azure AD domain services is generally available

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard SMB protocol. Integration with Azure AD enables SMB access to Azure file shares using Azure AD credentials from Azure AD domain services domain joined Windows VMs.

Azure Firewall feature updates for July 2019

Here are the Azure Firewall feature updates for July 2019:

  • Multiple public IPs is generally available in all Azure public regions.
  • Availability Zones is now generally available.
  • SQL FQDN filtering is now in preview in all Azure regions.
  • Azure HDInsight FQDN tag is now in preview in all Azure public regions.
  • Central management using partner solutions

Azure management services and System Center: What's New in July 2019

Microsoft announces constantly news about Azure management services and System Center. As usual our community releases this monthly summary that provides a general overview of the main new features of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Log Analytics

Availability in new regions
Azure Log Analytics is now also possible to activate it in these new regions: South Africa North, Brazil South, UK West and North Central US.

New search capabilities in Azure Monitor Log

Azure Log Monitor has introduced the ability to check the logs directly on specific Azure resources, thereby allowing you the ability to filter it more easily on the resource. The logs are also aggregated from all workspaces that contain logs associated with that specific resource.

What's new in the interface

In July there have been several innovations in the interface of Log Analytics, described in detail in this article.

Azure Automation

Azure Update Management: non-targeted in Azure

In Azure Update Management it was introduced the feature that allows dynamic targeting, with systems not in Azure environment, for deployments of patches. The machines not in the Azure environment can be dynamically added to the patch distributions based on the criteria specified in a saved search in Log Analytics.

Azure Site Recovery

Added support for disks of size up to 8 TB

In Azure Site Recovery you can now protect data disks of size up to 8 TB. This functionality is available for all virtual machines with Azure managed disks and also for all the on-premises machines that are replicated on managed disks.

System Center Configuration Manager

New release for the Technical Preview Branch

For Configuration Manager was released the update 1907 that among the main innovations provides the ability to search in the Task Sequence Editor, useful when you have a particularly complex Task Sequence.

To verify the details about what's new in this update you can see this document.

Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

Desktop Analytics available in Public Preview

The solution Desktop Analytics is available in public preview. It is a tool that can provide useful information and provide the automation necessary to keep update your Windows machines. The possible integration of Desktop Analytics with System Center Configuration Manager, adds the value given by the cloud solution to the local infrastructure.

Released version 1906 for the Current Branch

There are many new features in this release designed to enrich and improve different features of the solution. The main innovation is the integration with Desktop Analytics. To get the complete list of new features introduced with this build, you can consultthis official document. The transition to version 1906 can be done by following theinstallation checklist, at the end of which it is appropriate to continue with theChecklist post-update.

Evaluation of Azure and System Center

To test and evaluate free of charge the service offered by Azure you can access this page, while to try out the various components of System Center you must Access to theEvaluation Center and, after registering, you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure File Sync supports the firewall and virtual network setting on storage accounts

To configure your Azure File Sync deployment to work with the firewall and virtual network setting, perform the following steps:

  • Go to the storage account you want to secure.
  • Click on the settings menu called Firewalls and virtual networks.
  • Click on allow access from Selected networks.
  • To enable servers to sync to the Azure file share, verify the server’s IP address or virtual network has been added.
  • To enable the Storage Sync Service to access the storage account and Azure file share, verify the Allow trusted Microsoft services to access this storage account is selected.
  • Click Save to save your settings.

This feature works with any Azure File Sync agent version.

Azure File Sync agent v7.2 update

Improvements and issues that are fixed:

  • Storage Sync Agent (FileSyncSvc) crashes if the proxy configuration is null.
  • Server endpoint will start BCDR (error 0x80c80257 – ECS_E_BCDR_IN_PROGRESS) if multiple endpoints on the server have the same name.
  • Cloud tiering reliability improvements.

To obtain and install this update, configure your Azure File Sync agent to automatically update when a new version becomes available or manually download the update from the Microsoft Update Catalog.

New features to IPv6 support for Azure VNets

In addition to the preview capabilities announced on April 23, IPv6 for Azure VNET public preview now includes:  

  • Standard IPv6 Public Load Balancer support to create resilient, scalable applications which includes:
    • IPv6 health probe to determine which backend pool instances are healthy and thus can receive new connections. 
    • Outbound Rules provide full declarative control over outbound connectivity to precisely tune your network for scale and resiliency.
    • Multiple Front-end Configurations enable a single load balancer to use multiple IPv6 Public IP addresses – the same frontend protocol and port can be reused across frontend addresses.
  • Instance-level Public IP provides IPv6 Internet connectivity directly to Individual VM’s
  • Azure Portal support for the preview now includes interactive create/edit/delete of dual stack (IPv4/IPv6) Virtual Networks and subnets, IPv6 Network Security Group Rules, IPv6 User defined routes, and IPv6 Public IP’s. 

Azure Security Center launched new network recommendations

There are new and updated Azure Security Center networking recommendations. For more information, see the Network Recommendations section in the Azure Security Center documentation.

Proximity placement groups are in preview

A proximity placement group is an Azure Virtual Machine logical grouping capability that you can use to decrease network latency among VMs. When the VMs are deployed within the same proximity placement group, the VMs are physically located as close as possible to each other. Proximity placement groups are particularly useful to address the requirements of latency-sensitive workloads.

New 48 vCPUs Azure Virtual Machine sizes are available

New 48 vCPUs sizes for the Dv3, Dsv3, Ev3, Esv3, Fsv2, and Lsv2 Azure Virtual Machines (VMs) are available so you can better match your workload requirements.

Azure Mv2-series VMs up to 6 TB of memory are available for the US West 2 region

Azure Mv2-series virtual machines are hyper-threaded and feature Intel® Xeon® Platinum 8180M 2.5 GHz (Skylake) processors, offering up to 208 vCPU in 3 TB and 6 TB memory configurations. Mv2 virtual machines provide unparalleled computational performance to support large in-memory databases and workloads such as SAP HANA and SQL Hekaton. Mv2 VMs are available in US East, US East 2 regions, and US West 2 regions. Mv2 VMs in Europe West, Europe North, and Southeast Asia regions will become available in the coming months.

Availability Zones support is available for Azure Kubernetes Service (AKS) in preview

Availability Zones support is now available for AKS in preview. Protect applications and data from datacenter failures with redundancies across Availability Zones and achieve higher availability and resiliency for worker nodes with Availability Zones, used in conjunction with Azure Standard Load Balancer.

Network Performance Monitor in Central India

Network Performance Monitor is now available in Central India region.

Azure Lab Services updates

  • Azure Lab Services has a new instance size available: Medium (nested virtualization)
  • Azure Lab Services has removed the unlimited option from quota per user so lab owners can intentionally choose a specific number of hours needed for each lab to help save costs.
  • Azure Lab Services supports the ability to reset passwords and to provide added support for Ubuntu images.

Azure Stack

Azure Stack 1907 update

Azure Stack 1907 Update is available. Check the release notes for more details.

Azure Data Share: the service to share data in a safe manner

Microsoft recently announced the availability of the new managed service Azure Data Share, specially designed for sharing data between different organizations. Azure Data Share allows you to share and combine data in an easy way, in order to ensure effective business collaboration between different realities, in respect of safety and governance. In this article are covered the principles of operation and shows the procedure to be followed for the corresponding configuration.

To date, the most commonly used solutions for the exchange and sharing of corporate data are based on the File Transfer Protocol (FTP) or on custom Web API, which in addition to having to manage a specific infrastructure, are unable to adhere to corporate standards in terms of security and governance. Furthermore, these solutions are not suitable for the exchange of large volumes of data. Azure Data Share is a fully managed service with the aim of simplifying, secure and controlled the process of sharing data between different business realities. Is not required to configure any specific infrastructure and service can rapidly scale to meet big data sharing needs. Meanwhile, your safety is critical for a service of this kind and Azure Data Share exploits the main intrinsic safety measures in Azure for data protection.

Activation of the service

The activation of the service Azure Data Share must be carried out primarily by those who must share data, as follows.

Figure 1 - Starting the process of creation

Figure 2 - Parameters required by the creation process

The deployment is very fast and after activating the service you can begin the process of sharing data.

Using the solution

Azure Data Share has an intuitive interface, can be used directly from the Azure portal, and with a few simple steps you can choose what information to share and with whom to share them.

Figure 3 – Start the process of sharing

Figure 4 – Definition of the name and details of the share

It is possible to govern the use of the data by binding specific terms of use for each share that is created. To allow receiving data, recipients must accept the terms of use specified.

Figure 5 – Added the Dataset and the selection of the type

For data sharing today you can use as Dataset Azure Blob Storage and Azure Data Lake Storage, but soon will be introduced also new Azure data sources.

Figure 6 – Selection of the container that contains the data to be shared

Figure 7 - Added email address of the person you share files

The service also provides the ability to schedule the sharing of new content or changes, while maintaining complete control of any share.

Figure 8 - Scheduling of snapshots

Figure 9 - Review and creation of the share

The recipient will receive at the end of the sharing process a notification by email.

Figure 10 - Notification received via email from the person to whom you want to send data

Figure 11 - Invitation of Data Share from the Azure portal

One who receives the shared data must have a service Azure Data Share to see the shared data.

Figure 12 – Accept invitation to Date Share

In accepts the invitation you must specify the target, in this case the storage account, on which to bring the data received. Such content you can choose to keep it synchronized according to the scheduling specified by the sender.

Figure 13 - Configuration of the storage account target

Figure 14 - Detail of a receipt sharing

In the received shares it is also given the option to manually trigger a snapshot (full or incremental).

Conclusions

In a world where the amount, the type and variety of data is growing, you must have services that enable organizations to work together by sharing information of any kind and size. Thanks to the Azure Data Share you can share data, between different companies, in a simple way, safe and respecting the governance policies. Adding new datasets for data sharing, expected in the short term, will make this service even more complete and effective.

Azure Governance: introduction to Azure Resource Graph

The Azure governance is possible thanks to a series of specially designed services to enable a management and a constant control of the various Azure resources on a large scale. Among these services are Resource Graph, a powerful tool that allows you to quickly obtain via command-line details regarding the different Azure artifacts. Using Resource Graph you can retrieve information that previously required necessarily complex and iterative scripting. This article lists the characteristics of the solution and how you can use it to find out the details of Azure resources on large scale.

Characteristics of the service

In the presence of complex Azure environments who see the presence of many subscriptions, maintain overall visibility of all Azure resources can be complex without the use of tools specifically developed. These requirements which typically need to be addressed:

  • Ability to view resources and their properties in a transversal way among different subscriptions.
  • Be able to efficiently perform queries on resources by setting filters, groupings and by imposing a specific sort order on their properties.
  • Explore iteratively the different resources.
  • Assessing the impact achieved by applying policies on a large number of cloud resources.

The service Azure Resource Graph allows, thanks to the use of an efficient and powerful language to perform the following actions:

  • Query on resources by applying filters, complex groupings and sorts.
  • Explore iteratively resources based on the governance requirements.
  • Assess the impact given by the application of the policy in a vast cloud.
  • Detailing the changes that are made to the Azure resource properties. Recently was introduced the ability to view the last 14 days of history regarding the changes made to resources, to identify which properties have been changed and when. This feature is particularly useful in the process of troubleshooting, to detect any change events in a specific time slot. Furthermore, it is functional to understand the properties that were changed when a resource has changed the status of compliance, to consider adopting Azure Policy to properly manage such properties. For further details please visit the Microsoft's official documentation.

All these actions provide important aspects in order to govern the most of their Azure environment.

When an Azure resource is updated, Resource Graph Resource Manager is notified by the relevant changes and updates its database accordingly. Resource Graph also regularly performs a complete scan of resources to ensure that your information is up to date in case of missing notifications or updates that take place outside of Resource Manager.

How to use Resource Graph

The query of Azure Resource Graph are based on the Kusto language, also used by Azure Data Explorer, Application Insights and Azure Log Analytics. For more details on using the query language of Azure Resource Graph you can see the Microsoft's official documentation, that shows how it is structured and what are the operators and supported features.

Resource Graph supports theAzure CLIAzure PowerShell and Azure SDK for .NET. Querying Resource Graph requires the addition of the relative extension in the Azure CLI environment , while in Azure PowerShell the installation of the Resource Graph module is required. The queries are always structured in an identical manner, regardless of where they are performed.

The use of Resource Graph requires that the user with which it performs the query has at least read permissions, through Role-based access control (RBAC), about resources that you intend to query. If you don't have at least read permission on specific resources, queries will not return results related to them.

The service Azure Resource Graph is also used when performing research in the search bar of the Azure portal, in the new list of resources (‘All resources’) and in the change history of Azure Policy.

Figure 1 – Experience of ‘All resources’ using Azure Resource Graph

Sample Query

Below are some examples of query of Resource Graph and its result.

Figure 2 - Query to count by resources type (Resource Type)

Figure 3 - Query to count the resources by geographic location

The query of Azure Resource Graph have the advantage that besides being able to achieve the desired result in a simple way, they are also very performant:

Figure 4 - Running time of the query to count the resources based on location

If anyone wanted to achieve this result using the classic PowerShell method in complex Azure environments, should join to the single Azure subscription, search the necessary information and move to the next subscription. This approach was the only possible until the arrival of Resource Graph, but it was more labor intensive and much less powerful.

Figure 5 - List of VMs with the OS disk not Managed

Conclusions

Azure Resource Graph allows you to quickly and efficiently explore and analyze Azure resources, allowing to maintain a total visibility even on particularly complex Azure environments, consisting of several subscriptions, each of which with a large number of elements. Particularly useful is the functionality that allows you to see the history of changes to Azure resources. Azure Resource Graph is a tool that allows you to make a significant contribution for the governance of the Azure environment.

Azure IaaS and Azure Stack: announcements and updates (July 2019 – Weeks: 27 and 28)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Pubic preview for large file shares (100 TiB) on standard tier

Announced the public preview of large file shares for Azure Files standard tier. Azure File Sync, until now, scaling cloud file shares beyond 5 TiB required changing the paradigm for accessing data. The preview of a larger and higher scale standard tier for Azure Files, is available to all Azure customers. This preview significantly improves your experience by increasing standard file shares’ capacity and performance limits. In select regions, standard file shares in general purpose accounts can support the following larger limits:

Azure Files Before (standard tier) New (standard tier)
Capacity per share 5 TiB 100 TiB (20x increase)
Max IOPS per share 1,000 IOPS 10,000 IOPS (10x increase)
Max throughput per share Up to 60 MiB/s Up to 300 MiB/s (5x increase)

Performance limits for a single file remain the same at 1 TiB, 1000 IOPS, and 60 MiB/s. Standard file shares are backed by hard disk drives. If the workload is latency sensitive, you should consider Azure Files premium tier, that is backed by solid-state drives.

New larger B-series VM sizes with flexible CPU usage

Microsoft has released three new B-series sizes: B12ms, B16ms and B20ms. These are lower cost VMs with flexible CPU usage.

Azure Data Box Heavy is generally available

Azure Data Box Heavy has reached general availability in the US and EU. Data Box Heavy is designed for a much larger scale than the original Data Box. Data Box Heavy’s one petabyte of raw capacity and multiple 40 Gbps connectors mean that a datacenter’s worth of data can be moved into Azure in just a few weeks.

Network Watcher is Generally Available in South Africa

Network Watcher is a cloud based solution for troubleshooting and monitoring networks in Azure. Azure Network Watcher is generally available in South Africa North region.

Azure Ephemeral OS Disk is Generally Available

Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage. Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures, but are more affected by VM deployment time or reimaging the individual VM instances. With Ephemeral OS disk, you get lower read/write latency to the OS disk and faster VM reimage. Ephemeral OS disk is free i.e., you incur no storage cost for the OS disk. You can still be charged for any data disks attached to the VM. You can use either the Marketplace or Custom or Gallery Images to deploy VM/VM Scale Set (VMSS) with Ephemeral OS Disk. This functionality is available in all Azure regions.

Azure Monitor for VMs is available in East and South East Australia regions

Azure Monitor for VMs is now available in East Australia and South East Australia. Azure Monitor for VMs monitors your Azure virtual machines and virtual machine scale sets. The service analyzes the performance and health of your Windows and Linux VMs, monitoring their processes and their dependencies on other resources and external processes.

Azure Migrate is enhanced

Azure Migrate is now enhanced and can help you discover, assess, and migrate applications, infrastructure, and data from your on-premises environments to Azure. You can centrally track progress of your migration journey across multiple Microsoft and Independent Software Vendor (ISV) tools in Azure Migrate.

This release includes the following functionality:

  • Extensible approach with choice across Microsoft and popular ISV assessment and migration tools

  • Integrated experience for discovery, assessment, and migration with end-to-end progress tracking for servers and databases

  • Server Assessment and Server Migration for large-scale VMware, Hyper-V, and physical server migrations

  • Database Assessment and Database Migration across various database targets including Azure SQL Database and Managed Instance