Another end of month, I`m here to provide a single post for Azure updates on previous month. This blog, we will be covering up September month updates and MS ignite session highlights for Azure. Each update on this blog is not an exhaustive list of all the monthly updates. I would like to call out most specific updates from Infrastructure technologies (compute, storage, networking, identity, monitoring & security, etc..) and have categorised the updates based on high level sections.
Azure Compute
Migrate to Azure Availability Zones
Microsoft has announced support for the selection of Availability Zones while migrating servers using the Azure Migrate: Server Migration tool. Achieve improved resiliency for critical application workloads that you are migrating by pinning individual virtual machines to different Availability Zones in the target Azure region.
This functionality is currently available via the Azure portal. Use this capability and get industry-leading 99.99 percent uptime SLA for your migrated workloads with virtual machines running in two or more Availability Zones in the same region.
In addition, the new agentless software inventory and dependency mapping for migration of workloads, including added support for Availability Zone and UEFI migrations.
Automatic VM guest patching for Windows VMs in Azure
Enabling automatic VM guest patching for Windows VMs helps ease update management by safely and automatically patching virtual machines to maintain security compliance. Automatic VM guest patching has the following characteristics:
- Patches classified as Critical or Security are automatically downloaded and applied on the VM.
- Patches are applied during off-peak hours in the VM’s time zone.
- Patch orchestration is managed by Azure and patches are applied following availability-first principles.
- Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
- Works for all VM sizes.
Automatic VM guest patching is currently in Public Preview. An opt-in procedure is needed to use the public preview functionality described.
Azure Hybrid Benefit – Linux Preview
Azure Hybrid Benefit, available in preview, improves flexibility and enhances user experience for Red Hat and SUSE customers migrating Linux to Azure. Directly in the portal or through CLI, Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) customers will be able to convert existing Linux VMs from pay-as-you-go (PAYG) billing to bring-your-own-subscription (BYOS) billing, making use of their existing Red Hat and SUSE subscriptions.
App Service Environment v3 (ASEv3)
- In ASEv3, the underlying technology is based on Virtual Machine Scale Sets (VMSS) instead of Cloud Services. This opens the door to a number of improvements including better load balancers, zone redundancy and multiple other things.
- Also in ASEv3, Microsoft have eliminated the challenge of managing the ASE dependency traffic. With ASEv3, you no longer have any inbound or outbound management traffic in the customer VNet. This vastly simplifies ASE deployment and management
- In addition to operational improvements, Microsoft also making this new ASE more cost-effective for customers. As part of Isolated v2 plan, Microsoft reducing the PAYG rates and eliminating the per instance stamp fee for ASE v3, reducing the cost of deployment by up to 80%.
Azure Dedicated Hosts capabilities
Azure Dedicated Host now gives customers more control. Customers can schedule host maintenance operations on Dedicated Hosts and isolated VMs as well as control when guest OS image updates are rolled out. Azure Dedicated Host also supports Virtual Machine Scale Sets and simplifies deployment by offering customers the ability to let the platform select the host group where VMs are deployed to.
The feature is:
- Customer can now accelerate the deployment of Azure VMs in Dedicated Hosts by letting the platform select the host group to which the VM will be deployed.
- Customer can also use Virtual Machine Scale Sets in conjunction with Dedicated Hosts. This new capability allows IT organizations to use scale sets across multiple dedicated hosts part of a dedicated hosts group.
Azure Arc enabled servers are now generally available
Customer can manage and govern Windows and Linux servers from a single pane of glass, whether they are on-premises or in other clouds. The functionalities are:
- Run Azure Services on any infrastructure (On-premise, multi-cloud) with Azure Arc-Enabled servers and Azure Arc-Enabled Data services.
- Azure SQL Managed Instance and Azure database for PostgreSQL can now run across on-prem datacenters, multi-cloud and the edge. This new Azure Arc enabled data services is now in preview.
- Azure Arc enabled servers hits general availability. With this, customers can organize and manage Windows and Linux servers (both physical/VMs) across multi-cloud, multi-edge environment from the Azure Portal.
Azure Stack
- Azure Kubernetes Services (AKS) now available on Azure Stack HCI. This allows customers to deploy and manage containerized apps at scale on Azure Stack HCI.
- Azure Stack Hub now available with GPUs. Microsoft partnered with AMD to bring the AMD Mi25 GPU to Azure Stack Hub. The NVIDIA V100 Tensor Core GPU and T4 Tensor Core GPU options are also available.
Azure Database
Automate Always On availability group deployments with SQL Virtual Machine resource provider
SQL VM resource provider enables dynamic updates of SQL Server metadata and orchestrates multi-VM deployments required for SQL Server HADR architectures. SQL VM resource provider also enables SQL Server specific browse and monitoring experiences. With SQL VM resource provider, we are introducing three new resource types:
Microsoft.SqlVirtualMachine/SqlVirtualMachine represents SQL Server configurations on an Azure VM. Once created, it links to the existing VM resource with the VirtualMachineResourceId property and gets SQL Server configurations from SQL IaaS Extension properties. SqlVirtualMachine resource type has a property to represent the SQL Server License type. By setting the SQL Server License type to AHUB or PAYG, the SQL Server license can be dynamically updated even after the VM instance is deployed without any downtime.
Microsoft.SqlVirtualMachine/SqlVirtualMachineGroup represents a group of SQL VMs that will participate in an HADR architecture. Today we support SQL Server 2016 and SQL Server 2017 Always ON Availability Groups on an Active Directory domain joined windows failover cluster with Windows Server 2016. Creating a resource of SqlVirtualMachineGroups type will configure the windows failover cluster to host Always ON AG.
Microsoft.SqlVirtualMachine/Sql Virtual Machine Groups/Availability Group Listener represents an Always ON Availability Group Listener which can be connected from any VM in the same VNet.
This feature is in public preview as of today.
User-initiated failover for application fault resiliency in Azure SQL Managed Instance is now generally available
High availability is a fundamental part of the SQL Database and SQL Managed Instance platform that works transparently for database application. Now we can manually trigger a failover by calling a special API to restart a database, an elastic pool, or a managed instance. In the case of a zone redundant database or elastic pool, the API call would result in redirecting client connections to the new primary in an Availability Zone different from the Availability Zone of the old primary. So in addition to testing how failover impacts existing database sessions, we you can also verify if it changes the end-to-end performance due to changes in network latency. Because the restart operation is intrusive and a large number of them could stress the platform, only one failover call is allowed every 30 minutes for each database, elastic pool, or managed instance. A failover can be initiated using PowerShell, REST API, or Azure CLI.
Azure Database for MySQL Flexible Server in preview
Azure Database for MySQL Flexible Server is a new deployment option for Azure Database for MySQL that provides better control and flexibility of database server parameters, more options for high availability, and cost optimization controls. Flexible Server offers maximum control through custom maintenance windows and additional configuration parameters for fine grained tuning. Now you can benefit from zone redundant high availability and control the timing for patches and upgrades. In addition, guided experiences simplify end-to-end deployment.
Azure Storage
Azure Blob access time tracking and access time-based lifecycle management preview
Azure Blob lifecycle management supports using last access time as a filter to transition data between access tiers and manage data retention. The feature provides access date policy control over which tier an object is placed in or deleted from. This allows customers to reduce costs and create a complete lifecycle around their objects.
You can minimize your storage cost automatically by setting up a policy based on last access time to:
- Transition your data from a hotter access tier to a cooler access tier (hot to cool, cool to archive, or hot to archive) if there is no access for a period.
- Transition your data from the cool tier to the hot tier immediately if there is an access on the data.
- Delete your data if there is no access for an extended period.
Azure Networking & Security
Network Virtual Appliances from Cisco can be installed directly into the Virtual WAN hub
Network Virtual Appliance (NVA) in the Virtual WAN hub is an integrated service offering that allows customers to deploy a third-party NVA directly into the Virtual WAN Hub. With this offering, customers can connect their Customer Premise equipment (CPE) to the same third-party appliance in the hub allowing them to take advantage of each vendor’s proprietary path selection and policy management capabilities.
Azure Defender
- Azure Security Center’s cloud workload protection features are now Azure Defender, the XDR for Azure and hybrid resources, including virtual machines, databases, containers and IoT. The threat protection services in Azure Security Center are now rebranded as Azure Defender, and there is a new Azure Defender extended detection and response dashboard experience within Azure Security Center
- Microsoft Defender now integrates with cloud-native SIEM Azure Sentinel for visibility and actionable insights enterprise-wide.
Azure Security Centre
- Azure security centre enhancements include multi-cloud posture management with Azure Arc, Azure Defender and Azure security centre inventory.
- Customers can quickly see which Azure resources are protected and upgrade protection to ensure all cloud resources are protected.
Other Azure Services
Visualize and Manage your AWS costs in Azure Cost Management
With Amazon Web Services (AWS) Cost and Usage report (CUR) integration, customer monitor and control AWS spending in Azure Cost Management. The integration allows a single location in the Azure portal where you monitor and control spending for both Azure and AWS.
This integrator feature is currently in preview. Cost Management for AWS is charged at 1% of the total AWS managed spend. Every month, you will be charged 1% of your previous month’s AWS costs under management. The charges will be pro-rated for the first month of service and will renew monthly at the beginning of each month. The service renews every month, and you may cancel subsequent renewals at any time. Accessing AWS APIs may incur additional costs.
Preview of Zonal redundant Storage for Backup data from Azure Backup
With the release of the ZRS public preview, Azure Backup offers a compelling set of durability options for your backup data including ZRS for intra-region high durability, locally-redundant storage (LRS) for low-cost single region durability, and geo-redundant storage (GRS) for high durability across regions when the primary region is unavailable. By opting in for the Cross Region Restore feature, you can also access the secondary region backup data at all times from Azure Backup.
ZRS is currently supported for all Azure Backup workloads through On-premises workloads, Azure VMs, SQL in Azure VMs, SAP HANA in Azure VMs and Azure File shares.
Currently this feature is available in UK south (UKS and South East Asia (SEA).
Azure Backup Center
Azure Backup has enabled a new native central management capability to manage your entire Backup estate from a single pane of glass. Backup Center provides with the capability to monitor, operate, govern, and optimize data protection at scale in a unified manner consistent with core Azure native management paradigms.
Backup Center supports the following workload types: Azure Virtual Machines, SQL in Azure Virtual Machines, Azure Database for PostgreSQL servers, and Azure Files.
It provides an aggregated view of your inventory across subscriptions, locations, resources groups, vaults, and even tenants using Lighthouse. Backup Center is also an action center from where you can trigger your backup related activities – configuring backup, restore, creation of policies or vaults from a single place.
Azure Auto manage:
- Its a new Azure service in preview that helps customers significantly reduce day-to-day management tasks with automated operations across the entire lifecycle of Windows Server virtual machines (VMs) on Azure
- Automate frequent, time-consuming, and error-prone management tasks such as onboarding and configuration of Azure Backup and Security Center to realize operational savings.
- Windows Admin Center, the server management tool, is now available in preview in the Azure Portal. This new capability allows customers to perform deep Windows Server OS management on their VMs in Azure right from Azure Portal. It is always kept up to date with the newest features.
Azure Advisor Score is now in preview. Azure Advisor Score is a new measurement tool in the Azure portal designed to help customers optimize cost, security, reliability, performance and operational excellence across all their Azure resources based on Azure best practices.
Azure VMWARE Solution (AVS)
Azure VMware Solution empowers customers to seamlessly extend or migrate their existing on-premises VMware applications to Azure without the cost, effort or risk of re-architecting applications or retooling operations. The next generation of Azure VMware Solution (AVS) is now generally available today in US East, US West, West Europe and Australia, with more locations coming soon.
Azure Resource mover
Azure Resource Mover, in public preview, is a new service offering that helps customers move multiple Azure resources between regions to help take advantage of the most relevant datacenter regions and meet evolving data residency needs.
Azure Resource Mover is a new service offering that helps customers move multiple Azure resources between regions to help take advantage of the most relevant datacenter regions and meet evolving data residency needs.
Thanks for your time and hope you had some quick preview of list updates from Septermber month.
Santhosh has over 15 years of experience in the IT organization. Working as a Cloud Infrastructure Architect and has a wide range of expertise in Microsoft technologies, with a specialization in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualization, storage, networks, automation and DevOps.
