Category Archives: Microsoft Azure

Azure Management services: what's new in July 2023

Microsoft is constantly announcing news regarding Azure management services and as usual this monthly summary is released. The aim is to provide an overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

Azure Monitor Agent Health experience (peview)

The Azure Monitor Agent (AMA) is responsible for collecting monitoring data from the guest operating system of the virtual machines, both in Azure and hybrid environments, which are then transmitted to Azure Monitor. Thanks to the Azure Monitor Agent Health experience, it is now possible to easily monitor the health of agents on a large scale, both on Azure, both locally (on-premise) or on other cloud infrastructures.

Improved table-level RBAC checking in Azure Monitor Logs

Azure Monitor Logs offers advanced role-based access management capabilities (RBAC) to enable secure management of sensitive logs in complex environments. Table-level access allows you to allow only a specific group of people to read the data, limiting access to only a selected set of tables. This new method works by assigning permissions to the sub-resource of the table, enabling granular RBAC even for custom log tables and ensuring the use of well-known standard Azure RBAC tools.

Events from Azure Event Hubs to Azure Monitor Logs

Azure Event Hubs provide a simple and powerful way to bring data into your Azure Monitor environment. Thanks to new feature, you can now send events directly from an Event Hub into the Log Analytics workspace. Azure Event Hubs is a big data streaming platform that allows you to collect events from different sources, ready to be processed by various Azure services and other external platforms. This ability to ingest data is particularly beneficial for those who already use queue messaging mechanisms and have an interest in moving the data into a Log Analytics workspace, in Sentinel, or to route them to multiple destinations.

Support for Azure Monitor Sandboxing Pod in Container insights

Container Insights now supports container tracking “Pod Sandboxing”. The concept of Pod Sandboxing represents an effective strategy to protect yourself from situations of “Container Breakout”, where a user, both malicious and legitimate, manages to break through container isolation to access the filesystem, to processes, to network interfaces and other resources on the host machine. In the past, isolation could be achieved through the use of node pools, but this approach generated significant operational overhead and required additional resources, increasing overall costs. Thanks to the adoption of Pod Sandboxing, this issue is addressed through kernel-level workload isolation, providing a more efficient and secure solution.

The Azure Monitor agent supports VM Insights in the Government Cloud (preview)

As part of the public preview, Azure Monitor Agent now supports VM Insights within Azure Government Cloud.

Configure

Update management

Hotpatch available on Windows Server VMs on Azure with Desktop Experience install mode

Hotpatch is now available for Windows Server Azure Edition VMs with Desktop Experience install mode, using the newly released image. Hotpatch is a feature that allows you to patch and install operating system security updates on Windows Server Azure Edition virtual machines on Azure without the need to reboot.
It was previously available for Server Core install mode, but now, Windows Server Azure Edition VMs installed with Desktop Experience installation mode no longer need to reboot every month for security updates, by providing:

less impact on workload with fewer reboots;
faster deployment of updates as packages are smaller, they install faster and have easier patch orchestration with Azure Update Manager;
greater protection, since Hotpatch update packages are limited to Windows security updates that install faster without reboots.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Microsoft is constantly looking for new methodologies to improve Microsoft Cost Management, the solution to provide greater visibility into where costs are accumulating in the cloud, identify and prevent incorrect spending patterns and optimize costs . Inthis article some of the latest improvements and updates regarding this solution are reported.

Azure Arc

Deployment of ESU-derived updates on Azure Arc-enabled servers

On the occasion of Inspire, Microsoft has announced Extended Security Updates (ESU) enable Azure Arc. With Azure Arc, organizations will be able to purchase and distribute Extended Security Updates seamlessly (ESU) in on-premises or multicloud environments, direct from the Azure Portal. As well as providing centralized management of security patches, Azure Arc-enabled ESUs offer greater flexibility with a pay-as-you-go subscription model, compared to the classic ESU offered through the Volume Licensing Center which are purchased annually. For more information, please refer to’dedicated article.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

Microsoft Defender for Cloud development is constantly evolving and improvements are being made on an ongoing basis. To stay up to date on the latest developments, Microsoft updates this page, this provides information about new features, bug fixes and deprecated features. In particular, this month the main news concern:

managing automatic updates of Defender for Endpoint for Linux;
Agentless scanning of virtual machine secrets in Defender for P2 Servers and DCSPM;
new security warning in Defender for Servers plan 2: detection of potential attacks that leverage Azure VM GPU driver extensions;
support for disabling detections of specific vulnerabilities;
availability of Data Aware Security Posture.

Protect

Azure Backup

Restore points of virtual machines consistent with crashes (preview)

Microsoft has announced support, in public preview, of crash consistent mode (on multiple disks) for VM recovery points. This is a workaround (without agent) to store virtual machine configuration and snapshots, consistent in writing order, at a specific time for all managed disks attached to the virtual machine.

Migrate

Azure Migrate

Updating Windows servers in end of support phase (EOS)

Azure Migrate provides a preview of the feature that allows you to upgrade legacy Windows Server systems without disruption. During the Azure migration process, the ability to upgrade legacy servers is introduced, minimizing efforts, downtime and associated risks. This is accomplished by creating a copy of the server in the Azure environment and later upgrading there. Thanks to this approach, the impact on the original server is minimized, ensuring a safe and efficient transition. For more details and in-depth information, I invite you to refer to’dedicated article.

New Azure Migrate releases and features

Azure Migrate is the service in Azure that includes a large portfolio of tools that you can use, through a guided experience, to address effectively the most common migration scenarios. To stay up-to-date on the latest developments in the solution, please consult this page, that provides information about new releases and features.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (July 2023 – Weeks: 29 and 30)

This series of blog posts includes the most important announcements and major updates regarding Azure infrastructure as a service (IaaS) and Azure Stack, officialized by Microsoft in the last two weeks.

Azure

Compute

Azure Boost (preview)

Azure Boost is one of Microsoft Azure’s latest infrastructure innovations. Azure Boost is a new system that offloads virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built hardware and software, such as networking, storage, and host management. By separating hypervisor and host OS functions from the host infrastructure, Azure Boost enables greater network and storage performance at scale, improves security by adding another layer of logical isolation, and reduces the maintenance impact for future Azure software and hardware upgrades.
This innovation enables Azure customers participating in the preview to achieve a 200 Gbps networking throughput and a leading remote storage throughput up to 10 GBps and 400K IOPS, enabling the fastest storage workloads available today.
Azure Boost allows preview users to achieve this performance through access to experimental SKUs. This preview will be important for many customers and partners to integrate critical components of Azure Boost into their current VM solutions, ensuring smooth operation on this new system in the future.
Azure Boost has been providing benefits to millions of existing Azure VMs in production today, such as enabling the exceptional remote storage performance of the Ebsv5 VM series and networking throughput and latency improvements for the entire Ev5 and Dv5 VM series. Azure Boost will continue to innovate and provide benefits for Azure infrastructure users going forward.

The Classic VMs retirement deadline is now September 6, 2023

The deadline to migrate your Iaas VMs from Azure Service Manager to Azure Resource Manager is now September 6, 2023. To avoid service disruption, we recommend that you complete your migration as soon as possible. Microsoft will not provides any additional extenstions after September 6, 2023.

Networking

Updated default TLS policy for Azure Application Gateway

Microsoft has updated the default TLS configuration for new deployments of the Application Gateway to Predefined AppGwSslPolicy20220101 policy to improve the default security. This recently introduced, generally available, predefined policy ensures better security with minimum TLS version 1.2 (up to TLS v1.3) and stronger cipher suites.

Always Serve for Azure Traffic Manager

Always Serve for Azure Traffic Manager (ATM) is now generally available. You can disable endpoint health checks from an ATM profile and always serve traffic to that given endpoint. You can also now choose to use 3rd party health check tools to determine endpoint health, and ATM native health checks can be disabled, allowing flexible health check setups.

Azure Application Gateway for Containers (preview)

Azure Application Gateway for Containers is a new SKU to the Application Gateway family. Application Gateway for Containers is the next evolution of Application Gateway + Application Gateway Ingress Controller (AGIC), providing application (layer 7) load balancing and dynamic traffic management capabilities for workloads running in a Kubernetes cluster.

Application Gateway for Containers introduces the following improvements over AGIC:

Performance: Achieve near-to-real-time convergence times to reflect add/remove of pods, routes, probes, and other load balancing configuration within Kubernetes yaml configuration.
Scale: push boundaries past current AGIC limits, exceeding 1400 backend pods and 100 listeners with Application Gateway for Containers.
Deployment: enable a familiar deployment of ARM resources via ARM, PowerShell, CLI, Bicep, and Terraform or define all configuration within Kubernetes and have Application Gateway for Containers manage the rest in Azure.
Gateway API support: the next evolution in defining Kubernetes service networking through expressive, extensible, and role-oriented interfaces.
Weighted / Split traffic distribution: enable blue-green deployment strategies and active / active or active / passive routing.

Network observability add-on for AKS (preview)

The new network observability add-on for AKS, now in public preview, provides complete observability into the network health and connectivity of your AKS cluster.

Key benefits:

Get access to cluster level network metrics like packet drops, connections stats and more.
(GA) Access to pod-level metrics and network debuggability features.
Support for all Azure CNIs – AzureCNI and AzureCNI (Powered by Cilium).
Support for all AKS node types – Linux and Windows.
Easy deployment using native Azure tools – AKS CLI, ARM templates, PowerShell, etc.
Seamless integration with the Azure managed Prometheus and Azure-managed Grafana offerings.

Azure Stack

General Availability of Remote Support for Azure Stack systems

Support requests for Azure Stack systems have always been managed through the Azure Portal and covered under your Azure support plan. The next big step is the remote support for all Azure Stack systems.

With remote support, you can temporarily grant Microsoft Support engineers constrained access to your on-premises edge devices to gather logs and fix issues. By default, remote support is off. It’s easy to turn on and off, when needed. After creating an Azure support request, it’s recommended to grant remote support access to enable Microsoft Support to resolve the issue as soon as possible. This takes just a few minutes in only a few steps. Once the support request is closed, you can just as easily turn off remote support access

Remote support for Azure Stack systems provides benefits to both customers and Microsoft Support:

Improved time to resolution: eliminate the back-and-forth hassle of scheduling a call and gathering logs yourself.
Safe and secure: you can grant just-in-time (JIT) authenticated access and define the access level and duration for each incident. You can revoke access anytime.
Audited troubleshooting: Microsoft Support can only run Just Enough Administration (JEA) approved commands and everything they do is recorded for you to audit.
Free: Remote support is included in your Azure subscription at no additional cost. You can get remote support for both unregistered and registered Azure Stack HCI systems.

Version availability:

For Azure Stack Hub, remote support is available for version 2108 and later.
For Azure Stack Edge, remote support is available for version 2110 and later.
For Azure Stack HCI, remote support is available for version 22H2 and later.

Azure by your side: new solutions for Windows Server 2012/R2 end of support

In the era of Artificial Intelligence and native services for the cloud, organizations continue to rely on Windows Server as a secure and reliable platform for their mission-critical workloads. However, it is important to note that support for Windows Server 2012/R2 will end on 10 October 2023. After that date, Windows Server 2012/R2 systems will become vulnerable if action is not taken, as they will no longer receive regular security updates. Recently, Microsoft has announced that Azure offers new solutions to better manage the end of support of Windows Server 2012/R2. These solutions will be examined in detail in this article, after a brief summary to set the context.

The impact of end of support for Windows Server 2012 R2: what it means for companies?

Microsoft has announced the end of support for Windows Server 2012 and 2012 R2, fixed for 10 October 2023. This event represents a turning point for many organizations that rely on these servers to access applications and data. But what exactly does end of support mean (EOL) and what are the implications for companies?

Understanding end of support

Microsoft has a lifecycle policy that provides support for its products, including Windows Server 2012 and 2012 R2. End of support refers to when a product is no longer supported by Microsoft, which means no more security updates will be provided, patches or technical support.

Why companies should care

Without regular updates and patches, companies using Windows Server 2012 and 2012 R2 are exposed to security vulnerabilities, such as ransomware attacks and data breaches. Furthermore, using an unsupported product such as Windows Server 2012 or 2012 R2 can lead to non-compliance issues. Finally, outdated software can cause compatibility issues with newer applications and hardware, hampering efficiency and productivity.

An opportunity to review IT strategy

Companies should use the EOL event as an opportunity to review their IT strategy and determine the desired business goals for their technology. In this way, they can align the technology with their long-term goals, leveraging the latest cloud solutions and improving operational efficiency.

The strategies that can be adopted to deal with this situation, thus avoiding exposing your IT infrastructure to security issues, have already been addressed in the article: How the End of Support of Windows Server 2012 can be a great opportunity for CTOs.

About this, Microsoft has introduced two new options, provided through Azure, to help manage this situation:

updating servers with Azure Migrate;
distribution on Azure Arc-enabled servers of updates deriving from the ESU (Extended Security Updates).

The following paragraphs describe the characteristics of these new options.

Updating Windows servers in end of support phase (EOS) with Azure Migrate

Azure Migrate is a service offered by Microsoft Azure that allows you to assess and migrate on-premises resources, as virtual machines, applications and databases, towards the Azure cloud infrastructure. Recently, Azure Migrate has introduced support for in-place upgrades for Windows Server 2012 and later, when moving to Azure. This allows organizations to move their legacy applications and databases to a fully supported operating system, compatible and compliant as Windows Server 2016, 2019 or 2022.

Key benefits of Azure Migrate's OS update feature

Risk mitigation: Azure Migrate creates a replica of the original server in Azure, allowing the OS to be updated on the replica while the source server remains intact. In case of problems, customers can easily go back to the original operating system.

Compatibility Test: Azure Migrate provides the ability to perform a test migration in an isolated environment in Azure. This is especially useful for OS updates, allowing customers to evaluate the compatibility of their operating system and updated applications without impacting production. This way you can identify and fix any problems in advance.

Reduced effort and downtime: integrating OS updates with cloud migration, customers can significantly save time and effort. With only one additional data, the version of the target operating system, Azure Migrate takes care of the rest, simplifying the process. This integration further reduces downtime of the server and applications hosted on it, increasing efficiency.

No separate Windows licenses: with the Azure Migrate OS update, you do not need to purchase an operating system license separately to upgrade. That the customer uses Azure Hybrid Benefits (AHB) o PAYG, is covered when migrating to an Azure VM using Azure Migrate.

Large-scale server upgrade: Azure Migrate supports large-scale server OS upgrades, allowing customers to upgrade up to 500 server in parallel when migrating to Azure. Using the Azure portal, you will be able to select up to 10 VMs at a time to set up replicas. To replicate multiple VMs you can use the portal and add VMs to be replicated in multiple batches of 10 VMs, or use the Azure Migrate PowerShell interface to configure replication.

Supported OS versions

Azure Migrate can handle:

Windows Server 2012: supports upgrading to Windows Server 2016;
Windows Server 2012 R2: supports upgrading to Windows Server 2016, Windows Server 2019;
Windows Server 2016: supports upgrading to Windows Server 2019, Windows Server 2022;
Windows Server 2019: supports upgrading to Windows Server 2022.

Deployment of ESU-derived updates on Azure Arc-enabled servers

Azure Arc is a set of Microsoft solutions that help businesses manage, govern and protect assets in various environments, including on premise, edge e multi-cloud, extending the management capabilities of Azure to any infrastructure.

For organizations unable to modernize or migrate before Windows Server 2012/R2 end of support date, Microsoft has announced Extended Security Updates (ESU) enable Azure Arc. With Azure Arc, organizations will be able to purchase and distribute Extended Security Updates seamlessly (ESU) in on-premises or multicloud environments, direct from the Azure Portal.

To get Extended Security Updates (ESU) for Windows Server 2012/R2 and SQL Server 2012 enable Azure Arc, you need to follow the steps below:

Preparing the Azure Arc environment: first of all, you need an Azure environment and a working Azure Arc infrastructure. Azure Arc can be installed on any server running Windows Server 2012/R2 or SQL Server 2012, provided that the connectivity requirements are met.
Server registration in Azure Arc: once the Azure Arc environment is set up, you need to register your Windows servers or SQL Server systems in Azure Arc. This process allows systems to become managed resources in Azure, making them eligible for ESUs.
Purchase of ESUs: once the servers are registered in Azure Arc, ESUs can be purchased, for each server you want to protect, through Azure.
ESU activation: after the purchase of the ESUs, you need to activate them on the servers. This process involves installing a license key and downloading security updates from Windows Update or your local update distribution infrastructure.
Installing updates: finally, once the ESUs are activated, you can install security updates on servers. This process can be managed manually or by automating it through update management tools.

Note: ESUs only provide critical and important security updates, they do not include new features or performance improvements. Furthermore, ESUs are only available for a limited time after Microsoft's end of support. Therefore, we recommend that you consider migrating to newer versions of servers to have access to all features, in addition to security updates.

Conclusions

This year, Microsoft celebrates the 30th anniversary of Windows Server, a goal achieved thanks to relentless innovation and customer support. However, customers must commit to keeping their Windows Server systems up-to-date near the end of support. In particular, the end of support for Windows Server 2012 and 2012 R2 poses a significant risk to companies, but it also presents an opportunity to review and improve their IT strategy. Identifying desired business goals, engaging in strategic planning e, if necessary, using these new solutions offered by Azure, companies can ensure a smooth and successful transition, optimizing their IT infrastructure to achieve their long-term goals.

Azure IaaS and Azure Stack: announcements and updates (July 2023 – Weeks: 27 and 28)

Azure

Compute

Latest generation burstable VMs – Bsv2, Basv2, and Bpsv2 (preview)

The Bsv2, Basv2, and Bpsv2 series virtual machines are the latest generation of Azure burstable general purpose VMs, providing a baseline level of CPU utilization and capable of expanding to higher CPU utilization as workload volume increases. This is ideal for many applications such as development and test servers, low traffic web servers, small databases, micro services, servers for proof-of-concepts, build servers, and code repositories. These new B series v2 virtual machines, compared to B series v1, offer up to >15% better price-performance, up to 5X higher network bandwidth with accelerated networking and 10X higher remote storage throughput.

Azure Dedicated Host – Resize (preview)

With Azure Dedicated Host’s new ‘resize’ feature, you can easily move your existing dedicated host to a new Azure Dedicated Host SKU (e.g., from Dsv3-Type1 to Dsv3-Type4). This new ‘resize’ feature minimizes the impact and effort involved in configuring VMs when you want to upgrade your underlying dedicated host system.

Networking

Azure’s cross-region Load Balancer is now generally available

Azure Load Balancer’s Global tier is a cloud-native global network load balancing solution. With cross-region Load Balancer, you can distribute traffic across multiple Azure regions with ultra-low latency and high performance. Azure cross-region Load Balancer provides customers a static globally anycast IP address. Through this global IP address, you can easily add or remove regional deployments without interruption.

ExpressRoute private peering support for BGP communities

ExpressRoute private peering now supports the use of custom Border Gateway Protocol (BGP) communities with virtual networks connected to your ExpressRoute circuits. Once you configure a custom BGP community for your virtual network, you can view the regional and custom community values on outbound traffic sent over ExpressRoute when originating from that virtual network. These values can be used when applying filters or specifying routing preferences for traffic sent to your on-premises from your Azure environment.

Azure Virtual Network encryption

With Virtual Network encryption, customers can enable encryption of traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network and between regionally and globally peered virtual networks. This new feature enhances the existing encryption in transit capabilities in Azure.

Sensitive Data Protection for Application Gateway Web Application Firewall logs (preview)

Azure’s regional Web Application Firewall (WAF) running on Application Gateway now supports sensitive data protection through log scrubbing. When a request matches the criteria of a rule, and triggers a WAF action, that event is captured within the WAF logs. WAF logs are stored as plain text for debuggability, and any matching patterns with sensitive customer data like IP address, passwords, and other personally identifiable information could potentially end up in logs as plain text. To help safeguard this sensitive data, you can now create log scrubbing rules that replace the sensitive data with “******”.

Storage

Azure Managed Lustre now generally available

Azure Managed Lustre is a managed file system, designed specifically for HPC and AI workloads on a pay-as-you-go model. It delivers high-performance distributed parallel file system with hundreds of GBps storage bandwidth and solid-state disk latency. The system fully integrates with Azure services such as Azure HPC Compute, Azure Kubernetes Service, and Azure Machine Learning.

Key benefits include:

a customizable Lustre file system that can be deployed on demand in minutes;
the high throughput needed for computationally intensive workloads;
easy integration with other Azure services;
managed pay-as-you-go model that allows organizations to save costs on maintenance and infrastructure setup.

Azure Premium SSD v2 Disk Storage is now available in more regions

Azure Premium SSD v2 Disk Storage is now available in Switzerland North, Japan East, Korea Central, South Africa North, Sweden Central, Canada Central and Central US regions. This next-generation storage solution offers advanced general-purpose block storage with the best price performance, delivering sub-millisecond disk latencies for demanding IO-intensive workloads at a low cost. It is well-suited for a wide range of enterprise production workloads, including SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful containers.

Microsoft Azure and Nutanix: a strategic partnership for hybrid cloud

In the last few years, the adoption of cloud computing has grown exponentially, revolutionizing the way organizations manage their IT assets. One of the key concepts that has gained popularity is the “hybrid cloud”, an operating model that combines the best of public and private cloud services in a single flexible solution. To deliver new hybrid cloud solutions that combine application agility with unified management between private cloud and Azure, Microsoft has entered into a strategic partnership with Nutanix, leader in hyperconverged infrastructure. This article will explore the key details of this strategic partnership, illustrating how hybrid cloud solutions offered by Azure and Nutanix can help companies achieve their digital transformation goals, while ensuring security, reliability and efficiency, essential for success in the cloud era.

Recognizing the need to offer solutions that fit specific customer needs, Microsoft Azure was designed from the ground up with the goal of reducing cost and complexity, while improving reliability and efficiency. This vision has materialized into a comprehensive platform that offers choice and flexibility for your IT environment.

Figure 1 – Overview of the possibilities offered by Microsoft Azure in terms of infrastructure

Moving to the cloud is not always a smooth process and there are situations where existing on-premises platforms continue to play a vital role. Azure enables customers to adopt the cloud at their own pace, ensuring continuity in the use of already known local platforms. This opportunity has long been available for VMware and is now also available for Nutanix.

What are Nutanix Cloud Clusters (NC2)?

Nutanix Cloud Cluster (NC2) are bare metal instances that are physically located within public clouds, including Microsoft Azure and AWS. NC2 runs the core of the Nutanix HCI stack, which includes the following main components:

Nutanix Acropolis Hypervisor (AHV): the Kernel-based Virtual Machine-based hypervisor (KVM) open source;
Nutanix Acropolis Operating System (AOS): the operating system that abstracts the Nutanix components to the end user, such as KVM, virsh, qemu, libvirt and iSCSI, and which manages the entire backend configuration;
Prism: the solution that provides administrators with centralized access to configure, easily monitor and manage Nutanix environments.

Figure 2 – Overview of Nutanix Cloud Cluster on Azure

The Nutanix cluster on Azure will consist of at least three nodes. SKUs available for NC2 on Azure, with core details, RAM, storage and network are available at this link.

The connection of the on-premise environment to Azure is supported both via Express Route, both via VPN Gateway.

An example of implementation of NC2 is shown, from a networking point of view, in Azure:

Figure 3 – Example implementation of NC2 in Azure

Main adoption scenarios

The adoption of the Nutanix solution in Azure can take place to address the following scenarios:

disaster recovery and business continuity;
need to expand your data center;
need to quickly and easily migrate your Nutanix workloads to Azure

Benefits of this solution

The main benefits that can be obtained by adopting this solution are reported.

Adopt a consistent hybrid deployment strategy: a consistent hybrid deployment strategy can be established, combining on-premises resources with Nutanix clusters in Azure. This allows you to operate in a homogeneous way and without diversity between the two environments.
Easy activation and scalability: with Azure, you have the ability to easily activate and scale applications and services without encountering particular limitations. Indeed, the global infrastructure of Azure provides the scalability and flexibility necessary to meet changing business needs.
Optimization of investments made: you can continue to leverage your investment in Nutanix tools and expertise.
Modernization through the potential of Azure: with Azure, it is possible to modernize the architecture through the integration with innovative and cutting-edge services. In fact,, once customers activate their Nutanix environment, can benefit from further integration with Azure, enabling application developers to access the full ecosystem of services offered by Azure.

Cost model

Customers must bear costs to purchase Nutanix software and must pay Microsoft for use of cloud resources. Nutanix software on clusters can be licensed in several ways:

BYO licenses (Bring Your Own): this type of license allows customers to use their own Nutanix licenses they already own or are purchasing. In this way, customers can port their on-premises licenses to NC2. It is important to note that the Nutanix AOS license must be of the Pro or Ultimate type, since the AOS Starter license cannot be used with NC2.
PAYG (Pay-As-You-Go): this licensing model provides hourly payments based on the number of cores used or SSD usage. Customers pay only for resources actually used during the time the cluster is active.
Cloud Commit: this model requires a minimum commitment from the customer for a specific period of time. Customers commit to using Nutanix resources on NC2 for a specific period and receive preferential rates based on that commitment.

Support options

Microsoft offers support for NC2 bare metal infrastructure on Azure. To request assistance, simply open a specific request directly from the Azure portal. Nutanix, instead, provides support for NC2 Nutanix software on Azure. This level of support is called Production Support for NC2.

Conclusions

Thanks to the collaboration between Microsoft and Nutanix, this solution offers customers who already have a Nutanix on-premises environment the possibility to take advantage of the same features also in the Microsoft public cloud, also allowing you to access the wide range of services offered by Azure. This solution makes it possible to adopt a consistent operating model, which can increase agility, the speed of deployment and resiliency of critical workloads.

Azure IaaS and Azure Stack: announcements and updates (July 2023 – Weeks: 25 and 26)

Azure

Compute

Azure HBv4 and HX Series VMs for HPC

Azure HBv4 and HX-series Virtual Machines (VMs) are now generally available. With the general availability, Microsoft is offering customers the first VMs featuring the latest 4th Gen AMD EPYC™ processors with AMD 3D V-Cache™ technology (codename ‘Genoa-X’), paired with 400 Gigabit NVIDIA Quantum-2 InfiniBand. Azure HBv4 and HX-series VMs offer leadership levels of performance, scaling efficiency, and cost-effectiveness for a variety of HPC workloads such as computational fluid dynamics (CFD), financial services calculations, finite element analysis (FEA), geoscience simulations, weather simulation, rendering, quantum chemistry, and silicon design.

Networking

Azure Application Gateway: using a common port for public and private listeners (preview)

Azure Application Gateway now supports configuring the same port number for public and private listeners in preview. You no longer need to use non-standard ports or customize the backend application. This provision enables you to use a single Application Gateway deployment and easily configure it to serve traffic for both internet-facing and internal clients.

Default Rule Set 2.1 for Regional WAF with Application Gateway (preview)

Announcing the preview of the Default Rule Set 2.1 (DRS 2.1) for regional WAF on Azure Application Gateway. The default rule set is now available on the Azure Application Gateway WAF V2 SKU. DRS 2.1 is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and extended to include additional proprietary protections rules developed by Microsoft Threat Intelligence team. The Microsoft Threat Intel team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to address CVE and reduce false positives.

Storage

Azure Premium SSD v2 Disk Storage in Southeast Asia, UK South, South Central US and West US 3

Azure Premium SSD v2 Disk Storage is now available in Southeast Asia, UK South, South Central US and West US 3 regions. This next-generation storage solution offers advanced general-purpose block storage with the best price performance, delivering sub-millisecond disk latencies for demanding IO-intensive workloads at a low cost. It is well-suited for a wide range of enterprise production workloads, including SQL Server, Oracle, MariaDB, SAP, Cassandra, MongoDB, big data analytics, gaming on virtual machines, and stateful containers.

Azure NetApp Files double encryption at-rest (preview)

Azure NetApp Files double encryption at-rest feature now provides multiple independent encryption layers, protecting against attacks to any single encryption layer. Threats are diminished to the encrypted data, for example:
– Single encryption key being compromised
– Encryption algorithms with implementation errors
– Data encryption configuration errors

This feature is currently available in West Europe, East US 2, East Asia regions and will roll out to other regions as the preview progresses.

Azure Elastic SAN Public Preview improvements

Azure Elastic SAN is currently in preview and several improvements have been made to the service. These include expanded regional availability, simplified multi-session connectivity for optimized volume performance, and native integration with Azure Container Storage (in preview). Azure Container Storage leverages Azure Elastic SAN as the backing storage resource to optimize price versus performance through dynamic resource sharing. Microsoft has also made it easier to migrate to Azure Elastic SAN and other block storage offerings like Premium SSD V2 and Ultra Disk, by including them in the Storage Migration Program.

Azure Management services: what's new in June 2023

In June, Microsoft announced a considerable number of news regarding Azure management services. Through these articles released monthly we want to provide an overall overview of the main news, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Monitor

Azure Monitor

AKS Network Observability add-on (preview)

The new AKS Network Observability add-on provides the ability to monitor the health of the network and connectivity of the AKS cluster. Integrating seamlessly with Azure-managed Prometheus and Azure-managed Grafana, this add-on provides better monitor capabilities in a unified experience.

These are the main features:

access to cluster-level network metrics, such as packet losses, connection statistics and more;
access to pod-level metrics and network debugging features;
support for all Azure CNIs;
support for all AKS node types: Linux and Windows;
ease of deployment using native Azure tools: AKS CLI, ARM models, PowerShell, etc.;
integration with Azure-managed Prometheus and Grafana offerings.

Azure Monitor Alert resources are now visible in the Azure portal

Historically, alert resources (alert rules, alert processing rules and action groups) have always been hidden resources in the Azure portal. This prevented them from appearing when searching or in the resource list and limited their viewing experience. Now Microsoft is making these resources “first-class citizens” in the Azure portal, so that they become visible in all places where the assets can be viewed in the portal, and more precisely the alerting resources:

appear in the search results in the top search bar of the Azure portal;
they appear when listing resources within a subscription or resource group;
they can now be viewed in a standard resource pane and will soon be editable as well (the same way you edit any other Azure resource).

Azure Monitor container insights for AKS cluster with ARM64 nodes

Container insights is a feature designed to monitor the performance of container workloads deployed in the cloud. Provides performance visibility by collecting processor and memory metrics from controllers, nodes and containers available in Kubernetes through the Metrics API. Azure Monitor container insights is now available for AKS clusters with ARM64 nodes.

Managed identity authentication in Azure Monitor Container Insights

Managed Identity is a secure and streamlined authentication model where the Azure Monitor monitoring agent uses the cluster's managed identity to send data to the Azure Monitor backend. This mechanism replaces the current certificate-based local authentication and eliminates the need to add a monitoring metrics publisher role to the cluster. Managed Identity will now be the default authentication mechanism for Container Insights.

Azure Virtual Desktop Insights powered by Azure Monitor agent (preview)

Administrators working with Azure Virtual Desktop Insights can now use the Azure Monitor Agent (AMA) to collect data from session hosts. This preview introduces the ability to use an updated workbook to help orchestrate configuration and management of all required components.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

simplified onboarding of multicloud accounts;
support for private endpoints in malware scanning in Defender for Storage;
updates to NIST standards 800-53 in compliance with regulations;
cloud migration planning with an Azure Migrate business case now includes Defender for Cloud;
express configuration for vulnerability assessments in Defender for SQL is available;
added more scopes to Azure DevOps connectors;
replacing agent-based detection with agentless detection for container capabilities in Defender CSPM.

Protect

Azure Backup

Multiple backups per day for Azure virtual machines

Azure Virtual Machine Backup allows you to create advanced policies to take multiple snapshots per day. This allows you to protect virtual machines with an RPO as low as four hours.

Migrate

Azure Migrate

New Azure Migrate releases and features

security cost savings with Microsoft Defender for Cloud (MDC), using the Azure Migrate business case;
troubleshooting issues affecting performance data collection and accuracy of Azure VM and Azure VMware Solution evaluation recommendations.

Azure Database Migration

Online migrations for Azure Database for MySQL instances

Azure Database Migration Service Online Migration for Azure Database for MySQL now allows you to migrate an Azure Database for MySQL instance – Single Server, a MySQL on-premises instance or MySQL servers in other clouds to Azure Database for MySQL – Flexible Server. This new feature helps minimize the downtime of critical applications and limit the impact on the availability of service levels.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure IaaS and Azure Stack: announcements and updates (June 2023 – Weeks: 23 and 24)

Azure

Compute

Azure VMware Solution Stretched Clusters with Customer-Managed Keys

Stretched clusters for Azure VMware Solution (AVS) is now Generally Available, providing 99.99% uptime for mission critical applications that require the highest availability. With this release, customers can use Customer-Managed Keys to encrypt the stretched vSAN. By default, virtual machines within vSAN datastore are protected with data-at-rest encryption using FIPS 140-2 compliant Data Encryption Key (DEK) generated for each local disk on ESXi hosts. These DEKs are encrypted by VMware vSAN Key Encryption Key (service-managed key) provided by Microsoft.

Stretched Cluster Benefits:

improved application availability;
provide a zero-recovery point objective (RPO) capability for enterprise applications without needing to redesign them or deploy expensive disaster recovery solutions;
A private cloud with stretched clusters is designed to provide 99.99% availability due to its resilience to AZ failures.

Azure VMware Solution customer-managed encryption is supported through integration with Azure Key Vault. You can create your own encryption keys and store them in a Key Vault, or you can use Azure Key Vault API to generate encryption keys.

Mv2 Virtual Machine: 8TB memory

Mv2 High Memory virtual machines serve largest in-memory workloads providing infrastructure for 6 and 12TB memory needs. Based on customer demand, an 8TB memory virtual machine (VM) Standard_M416ms_8_v2 is now available, that offers an intermediate size to scale between 6TB and 12TB.

NGads V620-series VMs optimized for cloud gaming

NGads V620-series virtual machines (VMs), powered by AMD RadeonTM PRO V620 GPUs and AMD EPYCTM 7763 CPUs, are purpose-built for generating and streaming high quality graphics for an interactive gaming experience hosted on Azure. Featuring GPU partitioning with options for ¼, ½, or 1 full GPU, they allow customers to right-size their choice for the performance and cost of the business need. These VMs also feature the AMD Adrenaline Gaming Driver Cloud Edition that targets the same optimizations available in the consumer gaming version of the Adrenaline driver but is further optimized for the cloud environment.In addition, the NGads V620-series VMs also support graphics-accelerated virtual desktop infrastructure (VDI) and visualization rendering, using the AMD Pro Workstation Driver, Cloud Edition.

Azure VMware Solution now available in North Switzerland

With the introduction of AV36 in North Switzerland, customers will receive access to 36 cores, 2.3 GHz clock speed, 576GB of RAM, and 15.36TB of SSD storage.

Confidential Virtual Machines (VM) support in Azure Virtual Desktop (preview)

Azure Confidential Virtual Machines (VMs) support in Azure Virtual Desktop is in public preview. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that is designed to protect against operator access and encrypts data in use. With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines.

Networking

Private Link support for Application Gateway

Private link configuration for Application Gateway enables incoming traffic to an Azure Application Gateway frontend and can be secured to clients running in another Azure Virtual Network, Azure subscription, or Azure subscription linked to a different Azure Active Directory tenant through Azure Private Link.

Azure Load Balancer per VM limit removal

The “Load balancer per VM” limit is now removed for customers using Standard Load Balancer. Previously this limit was 2 load balancers per VM (1 public and 1 internal). Now with this limit removed, you can associate as many load balancers per VM with either types (public or internal) up to the Azure Load Balancer’s limits.

Azure Load Balancer: inbound ICMPv6 pings and traceroute are now supported

Standard Public Load Balancer now supports inbound ICMP pings on IPv6 frontends as well as inbound tracerouting support to both IPv4 and IPv6 frontends. This is an addition to previous announcement of ICMPv4 pings support on Azure Load Balancer. Now, you can ping and traceroute to both IPv4 and IPv6 frontend of a Standard Public Load Balancer like you natively would on an on-premises device without any external software needed. This enables you to troubleshoot network issues, identify network bottlenecks, verify network paths, and monitor network performance between Azure Load Balancer and your client device. This functionality is generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.

Azure Front Door integration with managed identities

Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported.

Azure Front Door upgrade from standard to premium

Azure Front Door supports upgrading from Standard to Premium tier without downtime. Azure Front Door Premium supports advanced security capabilities and has increased quota limits, such as managed Web Application Firewall rules and private connectivity to your origin using Private Link.

Azure Front Door Migration from classic to standard/premium

In March 2022, Microsoft announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium are native, modern cloud content delivery network (CDN) catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model. The migration capability enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps or five simple steps if your Azure Front Door (classic) instance has custom domains with your own certificates. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as number of domains, backend pools, routes, and other configurations.

Azure Front Door Standard/Premium in Azure Government (preview)

Azure Front Door (AFD) Standard and Premium tier is now available in Azure Government in public preview, in the regions of Arizona and Texas. After this release, Local Government (US) customers and their partners can benefit from the new and enhanced capabilities on standard and premium. The new and enhanced capabilities include, but are not limited to, better reporting and diagnostic capabilities, expanded rules engine with server variables, enhanced Web Application Firewall (latest DRS rule set, Bot protection, Web Application Firewall Notebook using Sentinel for security investigation and monitoring, Microsoft Sentinel Analytics) and security capabilities (Private Link connectivity to your origin, subdomain takeover prevention) and many upcoming new features.

Storage

Zone Redundant Storage for Azure Disks is now available in more regions

Zone Redundant Storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in Brazil South, UK South, East US, East US 2, and South-Central US regions. Disks with ZRS provide synchronous replication of data across three availability zones in a region, enabling disks to tolerate zonal failures without causing disruptions to your application. This feature enables disks to tolerate zonal failures without causing disruptions to your application. Additionally, it allows you to maximize virtual machine availability without the need for application-level replication of data across zones. You can also use ZRS with shared disks to provide higher availability for clustered or distributed applications like SQL FCI, SAP ASCS/SCS, or GFS2.

Azure Files scalability improvement for Azure Virtual Desktop and other workloads that open root directory handles

Azure Files has increased the root directory handle limit per share from 2,000 to 10,000 for standard and premium file shares. This improvement benefits applications that keep an open handle on the root directory. For example, Azure Virtual Desktop with FSLogix profile containers now supports 10,000 active users per share.

Zone Redundant Storage for Azure Disks is now available in Japan East and Korea Central

Zone Redundant Storage (ZRS) for Azure Disk Storage is now generally available on Azure Premium SSDs and Standard SSDs in Japan East and Korea Central regions.

Azure NetApp Files Availability zone volume placement enhancement: populate existing volume (preview)

Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the availability zone of your choice, in alignment with Azure compute and other services in the same zone. With this ‘Populate existing volume’ enhancement you can now obtain and, if desired, populate previously deployed, existing volumes with the logical availability zone information. It will automatically map the physical zone the volumes were deployed in and map it to the logical zone for your subscription. This feature will not move any volumes between zones. With this capability you can enhance workloads that were previously deployed regionally and align them with VMs in the same failure domain, for example to enable HA architectures across availability zones.

Azure AD Support for Azure Files SMB shares REST API (preview)

The public preview of Azure Active Directory (Azure AD) for Azure SMB Shares enables share-level read and write access for users, groups, and managed identities (MI) when accessing through the REST API. With Azure AD support, applications can now access Azure file shares securely, without storing or managing any credentials. Applications can leverage managed identities to securely access the customer-owned file shares. Azure Portal also now supports using Azure AD to authenticate requests to Azure Files. Users can choose Azure AD identity-based authentication method for the actions they take through portal such as browsing their file share contents.

Azure IaaS and Azure Stack: announcements and updates (June 2023 – Weeks: 21 and 22)

Azure

Compute

Generation 2 VM for Windows

Generation 2 VMs support key features that aren’t supported in generation 1 VMs. These features include increased memory, Intel Software Guard Extensions (Intel SGX), and virtualized persistent memory (vPMEM). You can now run Windows workloads on Generation 2 VMs in production to take advantage of these Generation 2 features.

Azure HX Virtual Machines for HPC

HX-series Virtual Machines (VMs) are optimized for large memory HPC workloads such as backend EDA, finite element analysis, computational geoscience, and big data analytics.

These VMs feature:

Up to 176 AMD EPYC™ 9004-series CPU cores with AMD 3D V-Cache (Genoa-X), 1.4 TB of RAM, clock frequencies up to 3.7 GHz, and no simultaneous multithreading.
Up to 1.4 TB/s of effective memory bandwidth and 2.3 GB L3 cache per VM, up to 12 GB/s (reads) and 7 GB/s (writes) of block device SSD performance.
400 Gb/s NDR InfiniBand from NVIDIA Networking to enable supercomputer-scale MPI workloads.

Storage

Azure Files geo-redundancy for standard large file shares (preview)

Azure Files geo-redundancy for large file shares is now in public preview for standard SMB file shares. Azure Files has supported large file shares for several years which not only provides file share capacity up to 100TiB but improved IO operations per second (IOPS) and throughput as well. Large file shares are widely adopted by customers using locally redundant storage (LRS) and zone-redundant storage (ZRS) but has not been available for geo-redundant storage (GRS) and geo-zone redundant storage (GZRS) until now. Geo-redundancy is critical for meeting various compliance and regulatory requirements. Geo-redundant storage asynchronously replicates to a secondary region and if the primary region becomes unavailable, you can initiate a failover to the secondary region.

New features in Azure Container Storage (preview)

Azure Container Storage, a unique storage service built natively for containers, is introducing several new features in preview to enhance the performance, reliability, and backup experience for its customers. Among the new features are volume snapshot, which allows you to capture the point-in-time state of persistent volumes, enabling you to back up data before applying changes. Additionally, the scalability target of Persistent Volumes has increased, empowering you to easily scale up your storage footprint. This means you can focus on building data services without worrying about the limitations of the underlying infrastructure.

Azure Management services: what's new in May 2023

To stay up to date on news regarding Azure Management services, this summary is released monthly, allowing you to have an overview of the main new features of the month. In this article you will find the announcements, summarized, accompanied by the necessary references to be able to carry out further investigations.

The following diagram shows the different areas related to management, which are covered in this series of articles:

Monitor

Azure Monitor

Azure Monitor for SAP solutions

Azure Monitor for SAP Solutions is now available. It is a solution for customers running SAP applications in a Microsoft Azure environment and allows end-to-end monitoring. With Azure Monitor for SAP, customers can centrally collect end-to-end telemetry data from SAP NetWeaver, database, Linux Pacemaker clusters in high availability and Linux operating systems. The solution Azure Monitor for SAP can be configured with no infrastructure to implement and maintain for customers. Some new features of Azure Monitor for SAP include SAP Landscape Monitor, which provides a single destination to understand the health of the entire SAP landscape, and SAP Insights (preview), which allows you to easily identify the root cause of SAP application availability or performance issues. Furthermore, Azure Monitor for SAP Solutions offers Transport Layer Security and new CPU performance alert templates, memory and disk I/O, plus many other features. With the release of this release, the version of Azure Monitor for SAP solutions (Classic) will be collected by 31 may.

Availability of the Azure Monitor managed service for Prometheus

Prometheus, the open-source project of the Cloud Native Computing Foundation, is considered the de-facto standard when it comes to monitoring containerized workloads. Running Prometheus in self-managed mode is often a great solution for smaller implementations, but scaling it to handle enterprise workloads can be a challenge.

Azure Monitor's fully managed service for Prometheus offers the best of what we like about the open-source ecosystem, while automating complex tasks such as scaling, high availability and long-term data retention. It is available as a standalone feature of Azure Monitor or as an integrated component of Container Insights, Azure Monitor Alerts and Azure Managed Grafana.

Azure Monitor Managed Service for Prometheus for Kubernetes enabled for Azure Arc (preview)

The Azure Monitor managed service for Prometheus extends support for monitoring Kubernetes clusters managed by Azure Arc. The Azure Arc-enabled Azure Monitor for Prometheus on Kubernetes managed service allows customers to monitor their Kubernetes clusters running anywhere and maintains the same functionality as monitoring Azure Kubernetes Service (AKS).

Azure Monitor Agent: support for CIS and SELinux hardening

The AMA has introduced support for hardening standards for CIS and SELinux. For SELinux, AMA works by activating a signed built-in policy. Through CIS, AMA supports select distros, also available on the Azure Marketplace.

Alert support for Azure Data Explorer (preview)

Azure Monitor alerts let you monitor Azure and application telemetry to quickly identify issues affecting various services. More specifically, Azure Monitor log alert rules allow you to set up periodic log telemetry queries to identify potential problems and receive notifications or trigger actions.

Until now, these alert rules supported querying Log Analytics and Application Insights data. Now Microsoft is introducing support for querying Azure Data Explorer tables as well (ADX) and to merge data between these data sources into a single query.

Cost optimization with transformations on Log Analytics for troubleshooting of Cosmos DB

Azure Cosmos DB now supports transformations on Log Analytics workspaces. To help reduce costs when you enable Log Analytics to troubleshoot Cosmos DB resources, transformations have been introduced. These transformations in the Log Analytics workspace allow you to filter columns, reduce the number of results returned and create new columns before the data is sent to the destination.

Configure

Azure Automation

Support for Python runbooks 3.8

Azure Automation has introduced support for Python runbooks 3.8. This feature allows you to create and run Python runbooks 3.8 for orchestrating the management tasks of hybrid and multi-cloud environments.

Govern

Azure Cost Management

Updates related toMicrosoft Cost Management

Alert to optimize reservation purchases

Azure Reservations can provide cost savings by committing to annual or three-year plans. However, sometimes reservations can remain unused or underused, resulting in financial losses. As a user of a billing account or a reservation, it is possible to examine the percentage of use of the reservations purchased in the Azure portal, but important changes may be missed. Enabling alerts on the use of reservations, solves the problem by receiving email notifications whenever any of the reservations have low usage. This allows for timely intervention and optimization of reservation purchases to achieve maximum cost efficiency.

Secure

Microsoft Defender for Cloud

New features, bug fixes and deprecated features of Microsoft Defender for Cloud

new alerts in Defender for the Key Vault;
support encrypted disks in AWS for agentless scanning;
inclusion of new AWS Regions;
changes to identity recommendations;
new recommendations of Defender for DevOps to include Azure DevOps scan results;
release of the Vulnerability Assessment of containers based on Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM.

Protect

Azure Backup

Azure Backup Server V4

The V4 version of Microsoft Azure Backup Server (MABS) has been released and introduces the following improvements:

Workload support: Azure Backup Server V4 supports installation on Windows Server 2022 using SQL Server 2022 come database MABS. Furthermore, adds support for backup of virtual machines running on Azure Stack HCI 22H2 and VMware 8.0, as well as Windows Server backup 2022 and SQL Server 2022.
Performance: Azure Backup Server V4 adds the ability to select and restore individual files/folders from online recovery points for Hyper-V and Azure Stack HCI virtual machines running Windows Server, without having to download the entire restore point. MABS V4 also adds support for parallel restores and features more parallel online backup jobs.
Security: with Azure Backup Server V4 you can use private endpoints to send backups to the Recovery Services vault.

Azure Backup Reports: support for more workloads

Azure Backup Reports now includes support for other workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks. Thanks to this update it is now possible to enable the logging of metadata related to the backup (such as job, backup item, policy, usage) for these workloads and retain these records for a customizable period of time depending on compliance and audit requirements. This way you can take advantage of the reporting views, already provided natively by the Backup Reports solution, to view information about protected items corresponding to these workloads.

Soft deletion of recovery points for Azure Backup (preview)

Azure Backup's soft delete feature now supports soft deletion of recovery points. This feature allows you to recover data from recovery points that may have been deleted as a result of backup policy changes. Soft deleting recovery points allows you to keep these recovery points for an additional duration, based on the retention specified for soft delete in the vault settings.

Support for confidential virtual machines using Customer Managed Keys (private preview)

Azure Backup is introducing support for backup of operating system disk encrypted confidential VMs, done using customer managed keys.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 67 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

New Azure Migrate releases and features

Azure Database Migration

Database Migration Service Pack for Oracle (preview)

The Database Migration Service Pack for Oracle is a collection of four extensions that provide a complete solution to modernize Oracle workloads and migrate them to databases in the Azure environment. This extension pack offers several benefits, including in-depth end-to-end assessments, correct sizing of Azure resources, code conversion, remediation planning and near real-time data migration in Azure environment (see next paragraph).

Data Migration for Oracle (preview)

The Data Migration for Oracle extension is a powerful tool that allows you to easily migrate Oracle databases to the Azure platform. This solution offers a seamless migration experience, from the source Oracle database to the target platform (SQL), using Azure Database Migration Service. The extension offers both offline and online data migration for critical databases, ensuring minimal downtime for the migration process.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.