Starting of month, reminds me about providing a single post for Azure updates on previous month. This blog, we will be covering up June month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I would like to call out most specific updates from Infrastructure technologies (compute, storage, networking, identity, containers & security, etc..).
The list of updates (June 2020) covered in this post are below:
New Azure Virtual Machines with high-performance local SSD are in GA
The new Dd & Ed v4 series Azure Virtual machine are available with max of 64vCPUs and based on Intel Xenon Platinum (8272CL) processor. This series virtual machines features up to 504 GB of Memory, in addition to fast and large local SSD Storage with max of 2400BG.
This is part of memory intensive virtual machine series in Azure. To use Ultra Disk Storage or Premium SSD disk storage, select the Dds v4-series of VMs.
In addition to above new D v4-series and E v4-series Azure Virtual Machines are based on the Intel® Xeon® Platinum 8272CL custom processor, which can achieve up to 3.4 Ghz all core turbo frequency. These new virtual machines (VMs) don’t provide any temporary storage.
Azure Dedicated Hosts now support additional Azure Virtual Machines
The Azure dedicated host provides single tenant physical serves to host Azure virtual machines and these physical server capacities is not shred with other customers.
Run M-series, NV v3-series, and NV v4-series virtual machines (VMs) on Dedicated Hosts. New Dedicated Host SKUs featuring new hardware types are now generally available as well.
CNI security vulnerability in older AKS clusters and mitigation steps
A security vulnerability has been identified in AKS clusters running in Container Networking implementation (CNI) plugin version v0.8.6 and older are affected. Windows nodes are not affected this vulnerability. Azure has released a fix and mitigation for this vulnerability. This update gives more confidence to customers in Azure with security and vulnerability patches.
Azure Kubernetes Service (AKS) support for proximity placement groups is now available
Application performance can be boosted with proximity placement groups, by reducing the network latency among virtual machines. Azure Kubernetes supports for proximity placement groups, which means now we have the capability to associate a proximity placement group with an AKS node pool in order to co-locate agent nodes and minimize node-to-node latency.
Azure geo-zone-redundant storage is now generally available
Geo-zone-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS) are now generally available, offering intra-regional and inter-regional high availability and disaster protection for csutomer applications.
GZRS writes three copies of data synchronously across multiple Azure Availability zones, similar to zone-redundant storage (ZRS), providing customer continued read and write access even if a datacenter or availability zone is unavailable. In addition, GZRS asynchronously replicates data to the secondary geo-pair region to protect against regional unavailability. RA-GZRS exposes a read endpoint on this secondary replica allowing customer to read data in the event of primary region unavailability.
Azure Storage account failover is now generally available
Earlier to this update, storage account failover for GRS, RA-GRS is controlled by Microsoft. Customer-initiated Storage account failover is now generally available, allowing customer to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes.
Azure App Service regional virtual network integration for Linux apps is now available
The VNet Integration feature enables customer apps to access resources in or through a Azure VNet. VNet Integration doesn’t enable your apps to be accessed privately. VNet integration is used for multi-tenant apps. Now Azure App service supports Linux apps with Vnet integration.
Azure Kubernetes Service—Integrated application gateway feature now available
The Application Gateway ingress controller (AGIC) is now available in preview as an add-on in Azure Kubernetes Service (AKS). Use it to easily create or attach an existing Application Gateway instance to your AKS clusters. The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. By using Application Gateway as the entry point to the AKS applications you won’t have to self-manage a networking tool like Nginx.
Public Preview for Azure Monitor for VMs & AKS on Arc Enabled Servers
Azure monitor now supports Virtual machines and AKS on Azure ARC. Azure Monitor for Containers on Azure Arc-enabled Kubernetes gives customer similar capabilities as Azure Kubernetes Service (AKS) monitoring as performance visibility, alerts and visualization.
Azure Monitor for VMs is available for Arc enabled servers in regions where the Arc extension service is available. Users must be running version 0.9 or above of the Arc Agent to enable Azure Monitor for VMs on their Arc enabled servers.
Database engine auditing for Azure Database for MySQL & MariaDB is now available
Audit logs to store database activity and events such as connection and quires are supported for Azure Database for MySQL & Maria DB is now available. These logs can be retained in storage accounts and integrated with third party tools via event hubs.
Azure Front door – updates.
Azure Front door rules engine provides options to customize how http requests are handled at the edge and have more control over their web application behaviour. Previously, routing rules in Front Door allowed customer to specify a pattern to match and either forward or redirect traffic from your frontend / domain to a specific backend pool. Use rules engine to create and associate a rule engine configuration to desired customer routing rules, so customer can customize what happens to the requests hitting frontends.
Azure Web Application Firewall for Azure Front Door Service now has a match details field in the logs to provide insights on why a request triggered a Web Application Firewall rule.
Azure Migrate – updates.
Azure Migrate supports the assessment of servers imported using a CSV file without the need to deploy an appliance. This is useful if you’re looking for a quick assessment using configuration-management database (CMDB) inventory or if you’re waiting for approvals to deploy the Azure Migrate appliance. Performance-based assessments can be run as well by specifying utilization values in the CSV.
Azure Migrate now supports adding multiple credentials for the discovery and assessment of physical servers (in preview). In addition, the number of servers that can be discovered per appliance has been increased from 250 to 1,000.
The appliance for physical servers can be installed on an existing server running Windows Server 2016. While configuring the appliance, you have the ability to provide multiple credentials for discovery and assessment of Windows and Linux servers on-premises. The appliance can be also used to discover and assess virtual machines when there’s no access to the hypervisor, as well as virtual machines on any other cloud.
Azure migrate server assessment tool now supports migration from on-premise to Azure VMware Solution. This provides readiness for migration, assess suitability, cost planning, performance-based sizing and application dependencies.
Azure Monitor – updates.
Azure has announced number of important updates as below:
Thanks for your time and hope you had some quick preview of list updates from June month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
