I am here to provide a single post for Azure updates on the previous month. In this blog, we will be covering up May month updates from Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I want to call out the most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc.) and have categorised the updates based on high- level sections.
Azure Compute
Enabling IBM WebSphere Application Server on Azure Virtual Machines
This solution enables easy migration of WebSphere workloads to Azure by automating most of the boilerplate resource provisioning tasks to set up a highly available cluster of WebSphere servers on Azure Virtual Machines. The solution is part of a broader partnership between IBM and Microsoft to enable the WebSphere product portfolio on Azure. The partnership aims to cover a range of use cases from mission critical existing traditional workloads to cloud-native applications. Offers target Open Liberty on Azure Red Hat OpenShift (ARO), WebSphere Liberty on ARO, WebSphere Application Server on Virtual Machines, Open Liberty on the Azure Kubernetes Service (AKS), and WebSphere Liberty on AKS.
AKS support for containerd for Windows server containers
Azure Kubernetes Services (AKS) now supports containerd for Windows server containers. This is available for Kubernetes version 1.20 and higher.
During public preview, user will be able to create containerd cluster or add containerd supported node pools onto an existing cluster. Once Windows containerd support is generally available, it will become the only supported container runtime for Windows server containers on AKS. Current users are encouraged to use the preview period to test their workloads on containerd node pools to ensure a smooth transition.
Windows containerd support on AKS is available in 3 regions (East US, UK South West, and Central US) now. Other regions will become available over the next few weeks. This feature is currently on public preview.
Azure RBAC for Kubernetes Authorization in AKS
With Azure role-based access control (RBAC) for Kubernetes authorization, you can achieve unified management and access control across Azure and AKS resources. With this capability, you can now manage RBAC for AKS and its resources using Azure or native Kubernetes mechanisms. When enabled, this integration allows you to use Azure Active Directory (AAD) users, groups, or service principals as subjects in Kubernetes RBAC. However, you still have to set up and manage Azure RBAC and Kubernetes RBAC separately.
This eliminates from having to separately manage user identities and credentials for Kubernetes.
Azure Storage
Azure Storage Blob inventory public preview is now available in all public regions
The Azure Storage blob inventory feature provides an overview of your blob data within a storage account. Use the inventory report to understand your total data size, age, access tiers, and so on. The report provides an overview of your data for business and compliance requirements. Once enabled, an inventory report is automatically created daily.
Blob inventory is supported for both general purpose version 2 (GPv2) and premium block blob storage accounts. This feature is supported with or without the hierarchical namespace feature enabled. Inventory can be used with Azure Synapse to calculate summaries by container.
This feature is currently on preview.
Azure Blob storage—NFS 3.0 protocol support public preview now expands to all regions
Blob storage now supports the Network File System (NFS) 3.0 protocol. This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.
NFS 3.0 protocol support in Azure Blob storage is in public preview.
If you enable NFS 3.0 protocol support, all of the data in your storage account will be stored as block blobs. Block blobs are optimized to efficiently process large amounts of read-heavy data. Block blobs are composed of blocks. Each block is identified by a block ID. A block blob can include up to 50,000 blocks. Each block in a block blob can be a different size, up to the maximum size permitted for the service version that your account uses.
When your application makes a request by using the NFS 3.0 protocol, that request is translated into combination of block blob operations. For example, NFS 3.0 read Remote Procedure Call (RPC) requests are translated into Get Blob operation. NFS 3.0 write RPC requests are translated into a combination of Get Block List, Put Block, and Put Block List.
Azure Storage — Attribute-based Access Control (ABAC) now available for preview
Attribute-based access control (ABAC) is an authorization strategy that defines access levels based on attributes associated with security principals, resources, requests, and the environment. Azure ABAC builds on role-based access control (RBAC) by adding conditions to Azure role assignments in the existing identity and access management (IAM) system. This preview includes support for role assignment conditions on Blobs and ADLS Gen2, and enables you to author conditions based on resource and request attributes.
Role-assignment conditions enable finer-grained access control for storage resources. They can also be used to simplify hundreds of role assignments for a storage resource. The preview enables you to author conditions for storage DataActions, and can be used with built-in or custom roles.
Azure Networking & Security
VNET peering support for Azure Bastion
Azure Bastion and VNet peering can be used together. When VNet peering is configured, you don’t have to deploy Azure Bastion in each peered VNet. This means if you have an Azure Bastion host configured in one virtual network (VNet), it can be used to connect to VMs deployed in a peered VNet without deploying an additional Bastion host.
Azure Bastion works with the following types of peering:
- Virtual network peering: Connect virtual networks within the same Azure region.
- Global virtual network peering: Connecting virtual networks across Azure regions.
Bastion will continue to work for peered VNets across different subscription for a single Tenant. Subscriptions across two different Tenants are not supported.
Azure Security centre updates in May
- Azure Defender for DNS and Azure Defender for Resource Manager released for General Availability (GA)
- Azure Defender for open-source relational databases released for General Availability (GA)
- New alerts for Azure Defender for Resource Manager
- CI/CD vulnerability scanning of container images with GitHub workflows and Azure Defender (preview)
- More Resource Graph queries available for some recommendations
- SQL data classification recommendation severity changed
- New recommendations to enable trusted launch capabilities (in preview)
- New recommendations for hardening Kubernetes clusters (in preview)
- Assessments API expanded with two new fields
- Asset inventory gets a cloud environment filter
Other Azure Services
Run App Service on Kubernetes or anywhere with Azure Arc
Azure App Service can run against Kubernetes clusters in AKS or anywhere with Azure Arc. With this preview, you no longer need to choose between the productivity of App Service and control of Kubernetes. You can now run Web Apps against a range of fully managed App Service plans or choose to deploy against Azure Kubernetes Service or your own Kubernetes clusters connected through Azure Arc that are running on-premises, at the edge, or in other clouds.
App Service features like deployment slots, turn-key auth, CI/CD with GitHub Actions and domain management vastly simplify the development and management of web apps and are delivered with ARM consistency across hosting models. Customers can configure and enable any Kubernetes cluster and select those clusters as a deployment target when creating their Web App.
Thanks for your time, and I hope you had some quick preview of list updates from May month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.