Category Archives: Microsoft Azure

Azure management services and System Center: What's New in March 2019

In March there have been several news announced by Microsoft on the Azure management services and System Center. In this summary, that we report on a monthly basis, there are listed all the main news, accompanied by the necessary references to be able to conduct further studies.

Azure Monitor

Availability in Central Canada and UK South

The new service that allows you to monitor the virtual machines, called Azure Monitor for VMsis also available in Central Canada and UK South.

Azure Log Analytics

Availability in new regions

Azure Log Analytics is now available in the regions of Azure China, Australia East and Central Australia. It is also available in Public Preview in the following regions: France Central, Korea Central and North Europe.

Azure Site Recovery

Support for storage accounts protected with firewall rules

In Azure Site Recovery was introduced support for storage accounts that are configured with firewall rules for the Virtual Networks, in replication scenarios from VMware or physical systems to Azure.

Support for managed disks in replication scenarios with VMWare and physical systems

Azure Site Recovery now supports disaster recovery of VMware virtual machines and physical systems, replicating directly towards the managed disks. This avoids creating and managing different storage accounts target for the replica of these systems. The on-premises data are sended to a cache storage account in the target region and written in managed disk by Site Recovery.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 35 which it addresses several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB 4494485.

Azure Backup

In Azure Backup was officially released the functionality to back up the SQL Server installed in Azure IaaS virtual machines.

Figure 1 – Azure Backup Features for SQL Server in Azure VMs

Among the benefits of this solution there are:

  • Recovery Point Objective (RPO) of 15 minutes
  • Point-in-time restores: to make easy and rapid the recovery operations of the DBs.
  • Long-term retention: ability to keep backups for years.
  • Protection of encrypted databases: chance to make the backup of encrypted SQL databases and safely keep via an encryption at rest integrated into the solution. All backup and restore operations are managed by role-based access control mechanism.
  • Auto-protection: is handled automatically the detection and the protection of new databases.
  • Management and monitoring: allows to carry out a centralized management and monitoring the protection status of the systems.
  • Cost savings: are not required infrastructure costs and allows to easily scale to meet your needs.

System Center

Released System Center 2019

The main novelty regarding System Center is the release in general availability of the major release of System Center 2019. This is the release belonging to the long term servicing channel (LTSC) that will be supported for 10 years and that introduces full support for Windows Server 2019.

Starting from this release, Microsoft has decided to change the System Center product release policies. There will be no more releases in the Semi-Annual Channel (SAC) and new features, before the next release Long-Term Servicing Channel (LTSC), can be obtained via Update Rollup.

System Center 2019 supports upgrade from the two recent Semi-Annual Channel releases (SAC), System Center 1801 and System Center 1807 as well as System Center 2016.

Customers who have a valid license of System Center 2019 can download it from the Volume Licensing Service Center (VLSC).

Among the main features of System Center 2019 we find:

Virtual Machine Manager

  • Integration in VMM with Azure Update Management simplifies patching of virtual machines
  • Dynamic Storage Optimization in VMM enables higher availability of workloads
  • VMM now provides health and operational status of storage disks in Hyper Converged as well as disaggregated deployment
  • New RBAC role in VMM ensures that IT admins can be provided access commensurate with their role and no more
  • Support for latest versions of VMware in VMM (to enable migration to Hyper-V)

Operations Manager

  • SCOM supports integration with Azure services – Dependency Map (Service Map) provides comprehensive visibility of dependencies across servers along with health.
  • Azure Management Pack integrates alerts and performance metrics for Azure resources in SCOM
  • Along with modernized and extensible SCOM web console, subscriptions and notifications are now modernized with support for HTML based email
  • Maintenance schedules in SCOM with SQL server AlwaysOn
  • Update and recommendations for Linux workloads enables discovery of up-to-date MPs for Linux environments
  • Linux monitoring is now resilient to SCOM management server failover
  • All Windows Server Management Packs now support Windows Server 2019

Data Protection Manager

  • Faster backups with DPM with a 75% increase in speed and a monitoring experience for key backup parameters via Log Analytics.
  • DPM further supports backup of VMWare VMs including to tape

More news

  • Orchestrator supports PowerShellv4 +
  • Service Manager has an enhanced AD connector
  • Support for service logon across the System Center suite aligning with security best practices

More information about it can be consulted in the article System Center 2019 is now in general availability.

System Center Configuration Manager

Released version 1902 for the Current Branch

There are many new features in this release designed to enrich and improve different features of the solution. To get the complete list of new features introduced with this build, you can consult this official document. The transition to version 1902 can be done by following the installation checklist, at the end of which it is appropriate to continue with the Checklist post-update.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • System Center Management Pack for Message Queuing version 7.1.10242.0
  • System Center Management Pack for Microsoft Azure Stack version 1.0.3.11
  • System Center Management Pack for SharePoint Server 2019 version 16.0.11426.3000

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure Lab Services: how to create lab environments in the cloud

In Azure there is a service called Azure Lab Services to enable lab environments in the cloud, built from a collection of preconfigured virtual machines, in a simple and rapid way. Thanks to this service you can provide a custom lab environment for training or to work in isolated test and development environments. This article shows how to enable and configure the service and explores the main features of the solution.

Features of the solution

The main features of the solution Azure Lab Services are the following:

  • Users who receive the invitation have immediate access to virtual lab machines. All this is possible without having to provide access permissions on the Azure subscription. Access to the lab is done using a simple user experience, through a dedicated web portal.
  • You have the ability to create customized templates for VMs, from which generates virtual machines for different lab.
  • In order to achieve efficient use of resources, is given the option to schedule the automatic startup shutdown of the VMs and the option to limit the hours of use, using quotas. The end result is an optimization of operating costs.
  • Provides the ability to quickly and easily do the provisioning of systems and to scale in a flexibly way, without having to worry about the infrastructure required.

Possible usage scenarios

The use of theAzure Lab Service is recommended for the following scenarios:

  • Professional training or school classes: to configure the lab VMs in a custom way, according to the requirements of the course, to provide an environment where each participant connect and make practical activities and exercises.
  • Hackathons and hands-on labs: to provide an interactive experience during conferences and events, with the ability to easily scale based on the number of participants.
  • Environments for trial and personalized demo: to provide access at the invitation in a private lab where you can make the demo, before the official release of a software solution.
  • Machines for development and test environments: to provide an environment where you have preconfigured systems, used for purposes of development and application tests.

Configuring the environment

The first configuration needed is the creation of a Lab Account, that it is possible to carry out according to what reported:

Figure 1 – Creating a Lab Account

To create a lab you must have one user who belongs to role Lab Creator of the Lab Account. The user used to create the Lab Account has by default this capability as it belongs to the role Owner, but you can add additional users to the role Lab Creator, as below:

Figure 2 — Add a user to the role Lab Creator

In the Lab Account configuration you can specify whether the resources created in the lab are connected to a specific virtual network, having thus access to resources accessible from it:

Figure 3 – Configuration of access to VNet

As owner of the lab account you can specify which of the Azure Marketplace images you can make available to the Lab Creator for the creation of the lab:

Figure 4 – Selection of usable images from Marketplace

These are images that provide the creation of a single virtual machine, using the deployment Azure Resource Manager (ARM) and do not require additional software licenses.

Completed these configurations you can access the portal dedicated to Azure Lab Services to proceed with the configuration of the lab environment.

Figure 5 – Portal dedicated to Azure Lab Services

Doing with an enabled account (Role Owner, Lab Creator, or Contributor) you can create a new lab, setting its name and the maximum number of VMs:

Figure 6 – Creation of the Lab

Then you are prompted to set the specifications (size, region and image) to create the template, from which the environment of the lab will be generated:

Figure 7 – Specifications for creating the template

In the next step you need to specify the credentials to access the virtual machines:

Figure 8 - Configuring credentials

By selecting the button Create starts the template creation process, based on the selected image and attributes, which can take up to 20 minutes. During the creation process you may see the following screen:

Figure 9 – Template being created

At the end of this creation process you can make changes to the virtual machine template, by directly connecting via Remote Desktop, such as the installation and configuration of additional software.

Figure 10 -Customization of the template

When you feel ready, you can proceed with the template publication:

Figure 11 – Publication of the template

Management and use of the environment

When publishing is complete, by accessing the dashboard, you can manage various aspects of the laboratory:

  • Virtual machines: view the list of virtual machines and their allocation status. For each virtual machine you can manage the start, the shutdown, the cancellation, access via RDP and display how many hours the user has used it.
  • Scheduling: set up a mechanism that allows you to turn on and off automatically the VMs in the lab according to a specific or recurrent scheduling. For full details about schedule management consult this document.
  • Users: manage lab enabled users and obtain its registration link. At the moment Azure Lab Services supports organizational account and Microsoft account. Furthermore, you have the option to set a quota on the maximum working hours of the laboratory by the individual user. For further details please visit the Microsoft documentation.
  • Template: make changes to the template to make a new publication.

Figure 12 – Laboratory Management Dashboard

After completing the registration process, the user can access to the Azure Lab Services site and use the lab environment virtual machine assigned to him.

Figure 13 – Access to the lab virtual machines assigned

Who manages the lab environment can check the status of assignment of individual VMs and govern the entire lab environment.

Figure 14 – Allocation status of virtual machines

Conclusions

Thanks to this service you can turn on cloud systems quickly and easily, for lab environments for specific scenarios. All this happens by using the power of the cloud with obvious benefits in terms of flexibility, dynamism and without neglecting the aspects of governance of their environment. The service is certainly destined to get rich quickly with new features to further expand the possible scenarios of use and also to meet the needs of more articulated lab environments.

Azure IaaS and Azure Stack: announcements and updates (March 2019 – Weeks: 11 and 12)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

AzCopy support in Azure Storage Explorer

Azure Storage Explorer provides the UI interface for various storage tasks, and now it supports using AzCopy as a transfer engine to provide the highest throughput for transferring your files for Azure Storage.

Service Map is available in Central Canada and UK South

The Service Map feature of Azure Monitor is now available in Central Canada and UK South. Across the world, it’s available in six public regions. Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.

Azure premium blob storage is generally available

Azure premium blob storage is generally available. Premium block blob is a new performance tier in Blob storage, complementing the existing hot, cool, and archive tiers. Premium blob storage is ideal for workloads with high transaction rates or that require very fast access times, such as IoT, telemetry, AI, and scenarios with humans in the loop such as interactive video editing, web content, and online transactions. 

Support for virtual network peering in Azure Security Center

The network map in Azure Security Center now supports virtual network peering. Directly from the network map, you can view allowed traffic flows between peered virtual networks and deep dive into the connections and entities.

Adaptive network hardening in Azure Security Center (Public preview)

Azure Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with network security group (NSG) rule recommendations for your internet-facing virtual machines. This is called adaptive network hardening, and it’s in public preview. It helps you secure connections to and from the public internet (made by workloads running in the public cloud), which are one of the most common attack surfaces.

Windows Virtual Desktop in public preview on Azure

Now available in public preview, Windows Virtual Desktop is the service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes and enjoy built-in security.

Azure IaaS and Azure Stack: announcements and updates (March 2019 – Weeks: 09 and 10)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure South Africa regions are available

Azure services are now available from new cloud regions in Johannesburg (South Africa North) and Cape Town (South Africa West), South Africa. The launch of these regions marks a major milestone for Microsoft as they open their first enterprise-grade datacenters in Africa, becoming the first global provider to deliver cloud services from datacenters on the continent. With 54 regions announced worldwide, the Microsoft global cloud infrastructure will connect the new regions in South Africa with greater business opportunity, help accelerate new global investment, and improve access to cloud and internet services across Africa. The new cloud regions in Africa are connected with Microsoft’s other regions via their global network, which spans more than 100,000 miles (161,000 kilometers) of terrestrial fiber and subsea cable systems to deliver services to customers.

Microsoft Azure Sentinel: intelligent security analytics for the entire enterprise

Security can be a never-ending saga, a chronicle of increasingly sophisticated attacks, volumes of alerts, and long resolution timeframes where today’s Security Information and Event Management (SIEM) products can’t keep pace. Microsoft rethinks the SIEM tool as a new cloud-native solution called Microsoft Azure Sentinel. Azure Sentinel provides intelligent security analytics at cloud scale for your entire enterprise. Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.  It uses the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining, and scaling infrastructure. Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs have also proven to be expensive to own and operate, often requiring you to commit upfront and incur high cost for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs, you pay for what you use.

Virtual network service endpoints for Azure Database for MariaDB are available

virtual network service endpoints for Azure Database for MariaDB are accessible in all available regions. Virtual network service endpoints allow you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. Traffic to Azure Database for MariaDB from the virtual network service endpoints stays within the Azure network, preferring this direct route over any specific routes that take internet traffic through virtual appliances or on-premises.

M-series virtual machines (VMs) are available in the Korea South region and in the China North 2 region

Azure M-series VMs are now available in the Korea South region and in the China North 2 region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure Policy root cause analysis and change tracking features

New functionalities have been added to Azure Policy, including root cause analysis and change tracking features. This means that you’ll be able to see why a resource evaluated as non-complaint and what changes were implemented directly by a policy.

Azure Container Registry firewall rules and Virtual Network

Firewall rules and Virtual Network support in Azure Container Registry are available in preview.  Limit registry access to your resources in Azure, or specific on-premises resources, including Express Route connected devices. Virtual Network access is provided through the Azure Container Registry premium tier. General availability pricing will be announced at a later date. 

Azure Lab Services

Azure Lab Services is generally available. With Azure Lab Services, you can easily set up and provide on-demand access to preconfigured virtual machines (VMs) to teach a class, train professionals, run hackathons or hands-on labs, and more. Simply input what you need in a lab and let the service roll it out to your audience. Your users go to a single place to access all their VMs across multiple labs, and connect from there to learn, explore, and innovate.

Azure Availability Zones in East US

Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available in East US.

Global VNet Peering in Azure Government regions

Global VNet Peering is generally available in all Azure Government cloud regions. This means you can peer virtual networks across the Azure Government cloud regions. You cannot peer across Azure Government cloud and Azure public cloud regions.

Global VNet Peering supports Standard Load Balancer

Previously, resources in one virtual network could not communicate with the front-end IP address of an internal load balancer over a globally peered connection. The virtual networks needed to be in the same region. This is no longer the case. You can communicate with the internal IP address of a Standard Load Balancer instance across regions from resources deployed in a globally peered virtual network. This support is in all Azure regions, including Azure China and Azure Government regions.

New capabilities in Azure Firewall

Two new key capabilities in Azure Firewall:

  • Threat intelligence based filtering: Azure Firewall can now be configured to alert and deny traffic to and from known malicious IP addresses and domains in near real-time. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Threat intelligence-based filtering is default-enabled in alert mode for all Azure Firewall deployments, providing logging of all matching indicators. Customers can adjust behavior to alert and deny.
  • Service tags filtering: a service tag represents a group of IP address prefixes for specific Microsoft services such as SQL Azure, Azure Key Vault, and Azure Service Bus, to simplify network rule creation. Microsoft today supports service tagging for a rich set of Azure services which includes managing the address prefixes encompassed by the service tag, and automatically updating the service tag as addresses change. Azure Firewall service tags can be used in the network rules destination field.
Azure File Sync in Japan East, Japan West, and Brazil South

Azure File Sync is now supported in Japan East, Japan West, and Brazil South regions.

Azure Premium Blob Storage public preview

Premium Blob Storage is a new performance tier in Azure Blob Storage, complimenting the existing Hot, Cool, and Archive tiers. Premium Blob Storage is ideal for workloads with high transactions rates or requires very fast access times, such as IoT, Telemetry, AI and scenarios with humans in the loop such as interactive video editing, web content, online transactions, and more. Premium Blob Storage has higher data storage cost, but lower transaction cost compared to data stored in the regular Hot tier. This makes it cost effective and can be less expensive for workloads with very high transaction rates.

Update rollup for Azure File Sync Agent: March 2019

An update rollup for the Azure File Sync agent was released today which addresses the following issues:

  • Files may fail to sync with error 0x80c8031d (ECS_E_CONCURRENCY_CHECK_FAILED) if change enumeration is failing on the server
  • If a sync session or file receives an error 0x80072f78 (WININET_E_INVALID_SERVER_RESPONSE), sync will now retry the operation
  • Files may fail to sync with error 0x80c80203 (ECS_E_SYNC_INVALID_STAGED_FILE)
  • High memory usage may occur when recalling files
  • Cloud tiering telemetry improvements

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 5.1.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4481060.
 

Azure Stack

Azure App Service on Azure Stack 1.5 (Update 5) Released

This release updates the resource provider and brings the following key capabilities and fixes:

  • Updates to **App Service Tenant, Admin, Functions portals and Kudu tools**. Consistent with Azure Stack Portal SDK version.
  • Updates to **Kudu** tools to resolve issues with styling and functionality for customers operating **disconnected** Azure Stack.
  • Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

All other fixes and updates are detailed in the App Service on Azure Stack Update Five Release Notes.

Azure storage: Disaster Recovery and failover capabilities

Microsoft recently announced a new feature that allows, for geo-redundant Azure storage account, to carry out a piloted failover. This feature increases control on this type of storage accounts, allowing greater flexibility in Disaster Recovery scenarios. This article shows the working principle and the procedure to follow in order to use this new feature.

Types of storage accounts

In Azure there are different types of storage account with distinct replication characteristics, to obtain different levels of redundancy. If you wish to keep the data present on the storage account even in the face of failures of an entire region of Azure it is necessary to adopt the geo-redundant storage account, among them there are two different types:

  • Geo-redundant storage (GRS): the data is replicated asynchronously into two geographical region of Azure, distant hundreds of miles between them.
  • Read-access geo-redundant storage (RA-GRS): it follows the same replication principle as previously described, but with the characteristic that the secondary endpoint can be accessed to read the replicated data.

Using these types of storage account are maintained three copies of the data in the primary region of Azure, selected during the configuration phase, and an additional three asynchronous copies of the data in another region of Azure, following the principle of Azure Paired Regions.

Figure 1 - Normal operation of the storage type GRS/RA-GRS

For more information about the different types of storage account and its redundancy you can consult the Microsoft's official documentation.

Characteristics of storage account failover process

Thanks to this new feature, the administrator has the option to start the account failover process deliberately, when deemed appropriate. The failover process update the public DNS record of the storage account, in this way, the requests are routed to the endpoint of the storage account in the secondary region.

Figure 2 – Failover process for a GRS/RA-GRS storage account

After the failover process, the storage account is configured to be a locally redundant storage (LRS) and it is necessary to proceed with its configuration to make geo-redundant again.

An important aspect to keep in mind, when you decide to take a failover of the storage account, is that this operation can result in a loss of data, because replication between the two regions of Azure is done asynchronously. Because of this aspect, in case of unavailability of the primary region, may not have been replicated to the secondary region all changes. To verify this condition you can refer to the property Last Sync Time that indicates when it is guaranteed that the data was successfully replicated to the secondary region.

Storage account failover procedure from the Azure Portal

Following, shows the steps to fail over to a storage account directly from the Azure Portal.

Figure 3 – Storage failover process account

Figure 4 – Storage account failover process confirmation

The procedure to start the failover of a storage account can be carried out not only by the portal Azure, but also through PowerShell, Azure CLI, or by using the API for the Azure Storage resources.

How to identify the problems on the storage account

Microsoft recommends that applications that use the storage accounts are designed to support possible errors in the writing stage. In this way, the application should expose any failures encountered in writing, in order to be alerted to the possible unavailability in gaining access to storage in a given region. This would allow take corrective actions, such as the failover of the GRSRA-GRS storage account.

Natively the platform , through the service Azure Service Health, provides detailed information if you experience conditions that affect the operation of its services available in Azure, including storage. Thanks to the complete integration of Service Health on Azure Monitor, which holds the alerting engine of Azure, you can configure specific Alerts if there are issues on Azure side, that impact on the operation of the resources present on your own subscription.

Figure 5 - Create Health alert in the Service Health Service

Figure 6 - Notification rule of issues on storage

The notification occurs through Action Groups, following which it is possible to evaluate the real need to take the storage account failover process.

Conclusions

Before the release of this feature, with GRS/RA-GRS storage account type, failover still had to be driven by Microsoft staff against a storage fault of an entire Azure region. This feature provide to the administrator the ability to failover, providing greater control over storage account. At the moment this feature is available for preview and only for storage accounts created in certain Azure regions. As with other Azure functionality in preview it is best to wait for the official release before using it for workloads in a production environment.

Azure management services and System Center: What's New in February 2019

The month of February was full of news and there are different updates that affected the Azure management services and System Center. This article summarizes to have a comprehensive overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Monitor

Multi-resource support for metric alerts

With this new feature, you can configure a single metric alert rule to monitor:

  • A list of virtual machines in an Azure region.
  • All virtual machines in one or more resource groups in an Azure region.
  • All virtual machines of a subscription, present in a given Azure region.

Azure Automation

The runbook Update Azure Modules is open source

Azure Automation allows you to update the Azure PowerShell modules imported into an automation account with the latest versions available in the PowerShell Gallery. This possibility is provided through the actionUpdate Azure Moduleson the page Modules of the Automation Account, and is implemented through a hidden runbook. In order to improve diagnostics and troubleshooting activity and provide the ability to customize the module, this has been made open source.

Support for the Azure PowerShell module Az

Azure Automation introduces support for the PowerShell module Az, thanks to which you can use the updated Azure modules within runbooks, to manage the various Azure services.

Azure Log Analytics

New version of the agent for Linux

This month the new OMS Agent version for Linux systems solves a specific bug during installation. To obtain the updated OMS agent version you can access at the GitHub official page.

Availability in new region of Azure

It is possible to activate a Log Analytics workspace also in the Azure regions of West US 2, Australia East and Central Australia. In this way the data is kept and processed in this regions.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 33 introducing new versions of the following components:

  • Microsoft Azure Site Recovery Unified Setup (version 9.22.5109.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3900.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services Agent (version 2.0.9155.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is possible on all systems running Microsoft Azure Site Recovery Service providers, by including:

  • Microsoft Azure Site Recovery Provider for System Center Virtual Machine Manager (3.3.x. x).
  • Microsoft Azure Site Recovery Hyper-V Provider (4.6.x. x).
  • Microsoft Azure Site Recovery Provider (5.1.3500.0) and later.

The Update Rollup 33 for Microsoft Azure Site Recovery Unified Setup applies to all systems that have installed the version 9.17.4860.1 or later.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult thespecific KB 4489582.

Protection of Storage Space Direct cluster

In Azure Site Recovery (ASR) is introduced, with the Update Rollup 33, also the support for the protection of Storage Space Direct cluster, used to realize Guest Cluster in Azure environment.

Azure Backup

In Azure Backup has been released the feature of Instant Restorefor the virtual machines in Azure, that allows using the stored snapshots for the VMs recovery. Also it is given the option to configure the time of retention for the snapshots in the backup policy (from one to five days, the default is two days). This increases control over the protection of the resources, adapting it to specific requirements and depending on the criticality of the same.

Figure 1 – Retention period of the snapshot

System Center Configuration Manager

Released versions 1902 and 1902.2 for the Technical Preview Branch

Among the main new features of this release is included the ability to manage more effectively the restart notifications on systems managed by Configuration Manager.

For full details of what's new in this release you can consult this document. Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • Microsoft System Center 2016 Management Pack for Microsoft Azure version 1.6.0.7
  • Microsoft System Center Management Pack for SQL Server 2017+ Reporting Services version 7.0.12.0
  • Log Analytics Management Pack forSCOM 1801 version7.3.13288.0 and SCOM 2016 version7.2.12074.0
  • System Center Management Pack for Windows DNS Server version 10.0.9.3

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure IaaS and Azure Stack: announcements and updates (February 2019 – Weeks: 07 and 08)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Serial console for Azure Virtual Machines (feature update)

The serial console for Azure Virtual Machines enables you to reboot your VM from within the console experience. This ability will help you if you want to reboot a stuck VM or enter the boot menu of your VM.

Azure File Sync v5 release

Improvements and issues that are fixed:

  • Support for Azure Government cloud
    • Added preview support for the Azure Government cloud. This requires a white-listed subscription and a special agent download from Microsoft.
  • Support for Data Deduplication
    • Data Deduplication is now fully supported with cloud tiering enabled on Windows Server 2016 and Windows Server 2019. Enabling deduplication on a volume with cloud tiering enabled lets you cache more files on-premises without provisioning more storage.
  • Support for offline data transfer (e.g. via Data Box)
    • Easily migrate large amounts of data into Azure File Sync via any means you choose. You can choose Azure Data Box, AzCopy and even third party migration services. No need to use massive amounts of bandwidth to get your data into Azure, in the case of Data Box.
  • Improved sync performance
    • Customers with multiple server endpoints on the same volume may have experienced slow sync performance prior to this release. Azure File Sync creates a temporary VSS snapshot once a day on the server to sync files that have open handles. Sync now supports multiple server endpoints syncing on a volume when a VSS sync session is active. No more waiting for a VSS sync session to complete so sync can resume on other server endpoints on the volume.
  • Improved monitoring in the portal
    • Charts have been added in the Storage Sync Service portal to view:
      • Number of files synced
      • Size of data transferred
      • Number of files not syncing
      • Size of data recalled
      • Agent connectivity status
  • Improved scalability and reliability
    • Maximum number of file system objects (directories and files) in a directory has increased to 1,000,000. Previous limit was 200,000.
    • Sync will try to resume data transfer rather than retransmitting when a transfer is interrupted for large files

Agent installation notes:

  • The Azure File Sync agent is supported on Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
  • Azure File Sync agent version 4.0.1.0 or a later version is required to upgrade existing agent installations.
  • A restart may be required if files are in use during the installation.
  • The agent version for the v5 release is 5.0.2.0.

Installation instructions are documented in KB4459989.

Service tags are available in Azure Firewall network rules

A service tag represents a group of IP address prefixes to help minimize complexity for security rule creation. You cannot create your own service tag, nor specify which IP addresses are included within a tag. Microsoft manages the address prefixes encompassed by the service tag, and automatically updates the service tag as addresses change. Azure Firewall service tags can be used in the network rules destination field. You can use them in place of specific IP addresses. Service tags are fully supported in all public regions using PowerShell/REST/CLI by simply including the tag string in a network rule destination field. Portal support is being rolled out and will incrementally be available in all public regions in the near future.

Azure IaaS and Azure Stack: announcements and updates (February 2019 – Weeks: 05 and 06)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Standard Load Balancer and Standard Public IP are available in Azure Government

Azure Standard Load Balancer and Standard Public IP are now generally available in Azure Government cloud regions. Standard Load Balancer offers resiliency and ease of use for all your virtual machine resources inside a virtual network. It supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications. You can use load-balancing rules with TCP/HTTP/HTTPS health probes, HA port load-balancing rules for network virtual appliances, inbound NAT rules for port forwarding, and outbound rules to scale and tune your outbound connectivity.

Global VNet Peering in Azure China cloud

Global VNet Peering is generally available in all Azure China cloud regions. This means you can peer virtual networks across the China cloud regions. You cannot peer across Azure China and Azure public cloud regions.

General availability of the Lsv2-series Azure Virtual Machines (VMs)

The Lsv2-series is well suited for your high throughput and high IOPS workloads including big data applications, SQL and NoSQL databases, data warehousing, and large transactional databases. The Lsv2-series features high throughput, low latency, and directly mapped local NVMe storage. The Lsv2 VMs run on the AMD EPYCTM 7551 processor with an all core boost of 2.55GHz. The Lsv2-series VMs offer various configurations from 8 to 80 vCPUs with simultaneous multi-threading. Each VM features 8 GiB of memory and one 1.92TB NVMe SSD M.2 device per 8 vCPUs, with up to 19.2TB (10 x 1.92TB) available on the 80vCPU L80s v2.

M-series virtual machines (VMs) are available in Australia Central 2 region

Azure M-series VMs are now available in the Australia Central 2 region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Account failover for Azure Storage (public preview)

The preview for account failover for customers with geo-redundant storage (GRS) enabled storage accounts is available. Customers using GRS or RA-GRS accounts can take advantage of this functionality to control when to failover from the primary region to the secondary region for their storage accounts. If the primary region for your geo-redundant storage account becomes unavailable for an extended period of time, you can force an account failover. When you perform a failover, all data in the storage account is failed over to the secondary region, and the secondary region becomes the new primary region. The DNS records for all storage service endpoints – blob, Azure Data Lake Storage Gen2, file, queue, and table – are updated to point to the new primary region. Once the failover is complete, clients can automatically begin writing data to the storage account using the service endpoints in the new primary region, without any code changes.

Reserved instances applicable to classic VMs, cloud services, and Dev/Test subscriptions

Classic VMs, Cloud Services users, Enterprise Dev/Test and Pay-As-You-Go Dev/Test subscriptions can now benefit from the RI discounts.

Resource group control for Azure DevTest Lab

As a lab owner, you now have the option to configure all your lab virtual machines (VMs) to be created in a single resource group. This helps prevent you from reaching resource group limits on your Microsoft Azure subscription. The feature will also help by enabling you to consolidate all your lab resources within a single resource group. In result this will simplify tracking those resources and applying policies to manage them at the resource group level.

Azure Stack

Azure Stack 1901 update

The update includes improvements, fixes, and new features for Azure Stack. This update package is only for Azure Stack integrated systems. Do not apply this update package to the Azure Stack Development Kit. The Azure Stack 1901 update build number is 1.1901.0.95.

Azure IaaS and Azure Stack: announcements and updates (January 2019 – Weeks: 03 and 04)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Azure Guest OS Family 6 (Windows Server 2019)

Azure Guest OS Family 6, based on Windows Server 2019, is now generally available. Windows Server 2019 is the operating system that bridges on-premises environments with Azure, adding layers of security while helping you modernize your applications and infrastructure.

Azure Availability Zones in East US 2

Azure Availability Zones, a high-availability solution for mission-critical applications, is generally available in East US 2.

Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, Microsoft offers a service-level agreement (SLA) of 99.99% for uptime of virtual machines.

Update rollup for Azure File Sync Agent: January 2019

An update rollup for the Azure File Sync agent was released and addresses the following issues:

  • Files are not tiered after upgrading the Azure File Sync agent to version 4.x.
  • AfsUpdater.exe is now supported on Windows Server 2019.
  • Miscellaneous reliability improvements for sync.

More information about this update rollup:

  • This update is available for Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 installations that have Azure File Sync agent version 4.0.1.0 or later installed.
  • The agent version of this update rollup is 4.3.0.0.
  • A restart may be required if files are in use during the update rollup installation.
  • Installation instructions are documented in KB4481059.

Azure Migrate is available in Asia and Europe

Azure Migrate now supports Asia and Europe as migration project locations. This means that you can now store your discovered metadata in Asia (Southeast Asia) and Europe (North Europe/West Europe) regions.

In addition to Asia and Europe, Azure Migrate also supports storing the metadata in United States and Azure Government geographies. Support for other Azure geographies is planned for the future.

Note that the project geography does not restrict you from planning your migration for a different target location. Azure Migrate supports more than 30 regions as assessment target locations. The project geography is only used to store the discovered VM metadata.

M-series virtual machines (VMs) are available in Australia Central region

Azure M-series VMs are  available in the Australia Central region. M-series VMs offer configurations with memory from 192 GB to 3.8 TiB (4 TB) RAM and are certified for SAP HANA.

Azure Governance: introduction to Azure Policy

IT governance is the process through which an organization can ensure an effective and efficient use of IT resources, in order to achieve their goals. Azure Policy is a service available in the Microsoft public cloud that can be used to create, assign and manage policies to control the resources in Azure. Azure Policy, natively integrated into the platform, are a key element for the governance of the cloud environment. In this article, the principles of operation and features of the solution are reported.

In Azure environments you can find different subscriptions on which develop and operate several groups of operators. The common requirement is to standardize, and in some cases impose, how to configure the resources in the cloud. All this is done to obtain specific environments that meet compliance regulations, monitor security, resource costs and standardize the design of different architectures. These goals can be achieved with a traditional approach, that includes a block of operators (Dev/Ops) in the direct access to cloud resources (through the portal, API or cli). This traditional approach is, however, inflexible, because it involves a loss of agility in controlling the deployment of resources. Instead, using the mechanism that comes natively from Azure platform is possible to drive the governance to achieve the desired control, without impacting speed, the basic element in the operations of the modern IT.

Figure 1 – Traditional approach vs cloud-native governance

In Azure Policy you can do the following reported:

  • Enable built-in policy or configure them to meet your needs.
  • Perform real-time evaluation of the criteria set out in the policy and force execution.
  • Assess the compliance of the policy periodically or on request.
  • Enable audit policy on the virtual machine guest environment (Vm In-Guest Policy).
  • Apply policies on Management Groups in order to gain control over the entire organization.
  • Apply multiple criteria and aggregate the various states of the policies.
  • Configure scope over which the exclusions are applied.
  • Enable real-time remediation steps, also for existing resources.

All this translates into the ability to apply and enforce policy compliance on a large scale and its remediation actions.

The working mechanism of the Azure Policy is simple and integrated into the platform. When a request is made for an Azure resource configuration using ARM, this is intercepted by the layer containing the engine that performs the evaluation of policy. This engine makes an assessment based on active Azure policies and establishes the legitimacy of the request.

Figure 2 – Working principle of Azure Policy in creating resources

The same mechanism is then repeated periodically or upon request, to assess the compliance of existing resources.

Figure 3 – Working principle of Azure Policy in resource control

Azure already contains many built-in policies ready to be applied. Furthermore, in this GitHub repository you can find different definitions of Azure Policies, that can be used directly or modified to suit your needs. The definition of the Azure Policy is made in JSON and follows a well defined structure, described in this Microsoft's document. You also have the possibility of creating Initiatives, they are a collection of multiple policies.

Figure 4 – Example of defining a Azure Policy

When you have the desired policy definition, it is possible to assign it to a subscription and possibly in a more limited way to a specific Resource Group. You also have the option of excluding certain resources from the application of the policy.

Figure 5 – Process of assigning an Azure Policy

Following the assignment, you can evaluate the State of compliance in detail and if it is necessary apply remediation actions.

Figure 6 – State of compliance

Figure 7 -Example of remediation action

 

Conclusions

Through the use of Azure Policy you can totally control your own Azure environment, in a simple and efficient way. Statistics provided by Microsoft cite that considering the 100 top Azure Customers, 92 these use Azure Policy to control their environment. This is because, when you increase the complexity and amount of services on Azure is essential to adopt instruments, as Azure Policy, to have effective governance policies.