Everything You Need to Know About Azure Infrastructure — April 2018

chrome 2018 03 22 09 49 05
Although there were plenty of announcements in April 2018, most of them were small. We’re just a few weeks away from the Microsoft Build conference, where historically, a lot of announcements are made. Some things might be held back until then. Those of you in the platform and data side of things did have a busy month. The Azure blog has 8 pages of announcements!
 

 

GDPR — Not Just A European Thing!

If you don’t work in IT in the European Union, then there’s a very good chance you don’t know what GDPR is … and that might be a problem! You cannot ignore GDPR if you are outside the USA because this regulation does not care about data location.
In short, the General Data Protection Regulation (GDPR) is a European Union order to protect personally identifiable information (personal data that can identify a person). It’s a big update to the older data protection laws, which were out of date and inconsistent. Any personal data that identifies a European Union citizen is covered – no matter where that data is. The fines for non-compliance are huge, up to €20 million or 4 percent of a company’s global revenue, whichever is higher.
Inside the EU, I got the feeling that most companies have ignored GDPR, expecting it to be pushed back like the end of life of Windows XP. Some of the requirements are actually impossible to comply with today, such as the right to be forgotten, even in backups. But GDPR will become effective on May 25th for all companies all over the world that hold data on EU citizens. GDPR is now the new Y2K, an opportunity to make a fortune by being “an expert”.
The security requirements are a bit vague. It’s full of “do the right thing”, which you can take to be more than just have a firewall and some malware scanning! Data encryption, multi-factor authentication, and so on are important. What is not vague are the requirements of suppliers and service providers (known as “processors” in GDPR) to be compliant and the required openness and speed of reports about breaches.
As a cloud provider and processor, Microsoft has requirements to be compliant with GDPR. It is also providing tools for searching data. A controller/processor must be able to respond to “what data do have you on me” requests from anyone in a timely manner. I cannot imagine how hard this will be to achieve. Microsoft is making some attempts in Azure:

I don’t think any company will be truly compliant on day 1. I also don’t think that GDPR inspectors will be checking every article in the 11 chapters. I suspect that data inventories and proof of consent for data storage will be the first things that will be targeted. This should be a fun time, especially if your company has the social security number, name, address, IP address, MAC address, etc, of any European customers stored on paper or digitally.

Zone Redundant Storage (ZRS) Redefined

I knew for a while that changes were coming to ZRS storage accounts but I hadn’t realized that the information had been made public. ZRS redundancy had a weird definition. asynchronously replicating data across data centers within one to two regions.
Zone redundancy has been redefined, thanks to Availability Zones in Azure. Regions that support availability zones allow you to deploy resources across different data centers (or groups of data centers), where each zone is completely independent of the others, offering a 99.99 percent service level agreement for virtual machines.
Zone redundant storage has been redefined to match the purpose of availability zones. Today, ZRS is supported in general purpose v2 (GPv2) storage accounts with block blobs, non-disk page blobs, files, tables, and queues in:

  • US East 2
  • US Central
  • North Europe
  • West Europe
  • France Central
  • Southeast Asia

Note that classic ZRS storage accounts (block blobs in Gpv1 only) are “planned for depreciation and required migration on March 31, 2021”. An automated migration will be provided and affected customers will be notified.
When working in infrastructure, you typically ignored ZRS and worked with LRS or GRS storage. This might change if you are working with availability zones:

Other Announcements from Microsoft

Here are the various infrastructure announcements from the last month:

My Azure Posts on Petri

Here are the posts that I wrote for Petri.com about Azure since I wrote the March update:

The last article I’ll share isn’t strictly one to do with Azure, but it’s still relevant. After a week of dealing with lots of people who had “talked to experts” I felt like I needed to blow off some steam. A thousand or so words later, I ended up with Stop Taking Advice From “A Person Connected To Microsoft”, which if social media is anything to go by, seemed to resonate with a lot of you. In the era of the ever-changing cloud, finding and using a reliable source of information and continuous education is more important than ever!

And Now for Something Different

I’ve been working with Citrix or Remote Desktop (Terminal) Services since the mid-1990s. It’s about as old-school of a Windows Server solution as you can get, solving legacy thick client and client/server problems. One would think that working in the cloud almost 99 percent of the time, I’d be done with RDS. But the truth is, I never previously priced up or specified as many RDS deployments as I have over the last few years. The cloud has generated more interest in RDS for me and my customers than anything else ever did, forcing me to shake off a lot of cobwebs, and driving my customers to learn about RDS infrastructure.
One thing we’ve learned is that the RDS infrastructure that we’ve had since Windows Server 2008 is creaking at the seams. Microsoft partners, managed services/hosting, or software developers are struggling with the costs of deploying a fault-tolerant infrastructure that can require up to 13 virtual machines before the session hosts (terminal servers) are even deployed!

Multi-tenant RDS Modern Infrastructure deployment [Image Credit: Microsoft]
Multi-Tenant RDS Modern Infrastructure Deployment [Image Credit: Microsoft]
 
Microsoft is working on a solution for that called Remote Desktop Modern Infrastructure (RDMI) that was announced at Ignite last year. Another thing that was recently announced was support for the Remote Desktop Session Host (RDSH) role in Windows Server 2019.
You see, rumors of the death of RDS weren’t true! Be careful of the “experts” who share their “knowledge” about the GUI-less future of Windows and the death of RDS.