Everything You Need to Know About Azure Infrastructure -- April 2018
Although there were plenty of announcements in April 2018, most of them were small. We’re just a few weeks away from the Microsoft Build conference, where historically, a lot of announcements are made. Some things might be held back until then. Those of you in the platform and data side of things did have a busy month. The Azure blog has 8 pages of announcements!
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
GDPR — Not Just A European Thing!
If you don’t work in IT in the European Union, then there’s a very good chance you don’t know what GDPR is … and that might be a problem! You cannot ignore GDPR if you are outside the USA because this regulation does not care about data location.
In short, the General Data Protection Regulation (GDPR) is a European Union order to protect personally identifiable information (personal data that can identify a person). It’s a big update to the older data protection laws, which were out of date and inconsistent. Any personal data that identifies a European Union citizen is covered – no matter where that data is. The fines for non-compliance are huge, up to €20 million or 4 percent of a company’s global revenue, whichever is higher.
Inside the EU, I got the feeling that most companies have ignored GDPR, expecting it to be pushed back like the end of life of Windows XP. Some of the requirements are actually impossible to comply with today, such as the right to be forgotten, even in backups. But GDPR will become effective on May 25th for all companies all over the world that hold data on EU citizens. GDPR is now the new Y2K, an opportunity to make a fortune by being “an expert”.
The security requirements are a bit vague. It’s full of “do the right thing”, which you can take to be more than just have a firewall and some malware scanning! Data encryption, multi-factor authentication, and so on are important. What is not vague are the requirements of suppliers and service providers (known as “processors” in GDPR) to be compliant and the required openness and speed of reports about breaches.
As a cloud provider and processor, Microsoft has requirements to be compliant with GDPR. It is also providing tools for searching data. A controller/processor must be able to respond to “what data do have you on me” requests from anyone in a timely manner. I cannot imagine how hard this will be to achieve. Microsoft is making some attempts in Azure:
- Achieving GDPR Compliance in the Cloud with Microsoft Azure
- GDPR Offers One More Reason to Focus on Your Disaster Recovery Strategy
- Streamlining GDPR Requests with the Azure Portal
I don’t think any company will be truly compliant on day 1. I also don’t think that GDPR inspectors will be checking every article in the 11 chapters. I suspect that data inventories and proof of consent for data storage will be the first things that will be targeted. This should be a fun time, especially if your company has the social security number, name, address, IP address, MAC address, etc, of any European customers stored on paper or digitally.
Zone Redundant Storage (ZRS) Redefined
I knew for a while that changes were coming to ZRS storage accounts but I hadn’t realized that the information had been made public. ZRS redundancy had a weird definition. asynchronously replicating data across data centers within one to two regions.
Zone redundancy has been redefined, thanks to Availability Zones in Azure. Regions that support availability zones allow you to deploy resources across different data centers (or groups of data centers), where each zone is completely independent of the others, offering a 99.99 percent service level agreement for virtual machines.
Zone redundant storage has been redefined to match the purpose of availability zones. Today, ZRS is supported in general purpose v2 (GPv2) storage accounts with block blobs, non-disk page blobs, files, tables, and queues in:
- US East 2
- US Central
- North Europe
- West Europe
- France Central
- Southeast Asia
Note that classic ZRS storage accounts (block blobs in Gpv1 only) are “planned for depreciation and required migration on March 31, 2021”. An automated migration will be provided and affected customers will be notified.
When working in infrastructure, you typically ignored ZRS and worked with LRS or GRS storage. This might change if you are working with availability zones:
- General Availability: Azure Zone-Redundant Snapshots and Images for Managed Disks
- General Availability: Zone-Redundant Storage
Other Announcements from Microsoft
Here are the various infrastructure announcements from the last month:
- New Microsoft Azure Regions Available for Australia and New Zealand
- Introducing a New Way to Purchase Azure Monitoring Services
- A Flexible New Way to Purchase Azure SQL Database
- SQL Database: Long-Term BBackup Retention Preview Includes Major Updates
- Improvements to SQL Elastic Pool Configuration Experience
- Application Security Groups Now Generally Available in All Azure Regions
- Announcing New Azure Security Center Capabilities at RSA 2018
- Recovery Services Vault Limit Increased to 500 Vaults Per Subscription Per Region
- Transparent Data Encryption with Customer Managed Keys in Azure SQL Database Generally Available
- Azure DDoS Protection for Virtual Networks Generally Available
- Azure Backup Now Supports Storage Accounts Secured with Azure Storage Firewalls and Virtual Networks
- Azure Service Fabric – Announcing Reliable Services on Linux and RHEL Support
- How Azure Security Center Helps Detect Attacks Against Your Linux Machines
- Azure Container Instances Now Generally Available
- General Availability: Azure Network Watcher Connection Monitor in All Public Regions
- General Availability: Global VNet Peering
- General Availability: New Regions for Red Hat Update Infrastructure
- Microsoft Peering on ExpressRoute Standard SKU Now Available
- Public Preview: Read Scale-Out Support for Azure SQL Database
- Azure DevTest Labs Available in Azure Government
- Upload/Download Azure Dashboards
- Alerts Created in the Operations Management Suite Portal Can Extend into Azure
- HTTP/2 Support for Azure App Service Is Now Available
- Recovery Services Vault Limit Increased to 500 Vaults Per Subscription Per Region
- What’s New in Azure DNS – Metrics and Alerting
- General Availability: Azure Database for MySQL
- General Availability: Azure Database for PostgreSQL
- Region Expansion: Global VNet Peering
- Per Disk Metrics for Managed AND Unmanaged Disks Now in Public Preview
- OS Disk Swap for Managed Virtual Machines Now Available
My Azure Posts on Petri
Here are the posts that I wrote for Petri.com about Azure since I wrote the March update:
- Azure Backup Instant VM Recovery and Large Disks
- A Checklist for Pricing Azure Virtual Machines
- Restore Azure Virtual Machine From a Backup Snapshot
- Foundation of Many Microsoft Cloud Services Is Now Open Source
- Serial Console Access for Azure Virtual Machines
- What Is Azure SQL Database Managed Instance?
- Next Generation Alerts Generally Available in Azure
The last article I’ll share isn’t strictly one to do with Azure, but it’s still relevant. After a week of dealing with lots of people who had “talked to experts” I felt like I needed to blow off some steam. A thousand or so words later, I ended up with Stop Taking Advice From “A Person Connected To Microsoft”, which if social media is anything to go by, seemed to resonate with a lot of you. In the era of the ever-changing cloud, finding and using a reliable source of information and continuous education is more important than ever!
And Now for Something Different
I’ve been working with Citrix or Remote Desktop (Terminal) Services since the mid-1990s. It’s about as old-school of a Windows Server solution as you can get, solving legacy thick client and client/server problems. One would think that working in the cloud almost 99 percent of the time, I’d be done with RDS. But the truth is, I never previously priced up or specified as many RDS deployments as I have over the last few years. The cloud has generated more interest in RDS for me and my customers than anything else ever did, forcing me to shake off a lot of cobwebs, and driving my customers to learn about RDS infrastructure.
One thing we’ve learned is that the RDS infrastructure that we’ve had since Windows Server 2008 is creaking at the seams. Microsoft partners, managed services/hosting, or software developers are struggling with the costs of deploying a fault-tolerant infrastructure that can require up to 13 virtual machines before the session hosts (terminal servers) are even deployed!
Microsoft is working on a solution for that called Remote Desktop Modern Infrastructure (RDMI) that was announced at Ignite last year. Another thing that was recently announced was support for the Remote Desktop Session Host (RDSH) role in Windows Server 2019.
You see, rumors of the death of RDS weren’t true! Be careful of the “experts” who share their “knowledge” about the GUI-less future of Windows and the death of RDS.