Everything You Need to Know About Azure Infrastructure -- February 2018 Edition
Another month, another truck load of Azure news to summarize. This article will list summarize everything that was announced or changed in the world of Azure infrastructure. This has been a pretty quiet month on the infrastructure side of things, even though the data/PaaS parts of Azure were very busy.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
General Availability: Virtual Network Service Endpoints and Firewalls for Azure Storage
Technically, this is a January story, but it came out on Jan 31st after my January summary article, so some services, such as Azure Storage or Azure SQL, have only been available as “Internet” services. That means, if you deployed a virtual machine and tried to connect an app in that machine to Azure’s storage or database services, that traffic went across the Internet. Some customers won’t like that even if the traffic is encrypted.
Virtual Network Service Endpoints enable you to:
- Enable service endpoints on a virtual network for Azure SQL or storage accounts.
- Connect Azure storage accounts or Azure SQL servers (logical configurations) to a virtual network.
- Route traffic from virtual machines to a storage account or an Azure SQL database across the virtual network with complete privacy.
This will be useful in lots of scenarios, including Azure Service Environment (ASE), the implementation of private Isolated tier Application Services Plans in Azure, which I’ve written some articles about recently (and should appear in coming weeks).
Article on BGP and Active-Active VPN
I just typed BGP and I’m about to fall aslee….
Sorry, I nodded off there. There’s nothing more riveting … sorry, I mean boring, than a conversation about BGP routing. So it takes a lot for me to say that there’s actually a good blog post on the subject. Richard Splitz published an article called Just Enough BGP to Get Your Azure Dual-Redundancy, Active-Active VPN Gateways Up and Running; it’s quite a long read, but a good one. The subject is the active-active VPN gateway, also known as multi-resilient site-site VPN connections and some BGP routing is sprinkled in.
Protecting Managed Disks Between Azure Regions (Preview)
I’ve been an advocate for using managed disks since they became generally available. Yes, the cost is a little higher than un-managed disks (storage accounts) if you are using Standard storage. But there are so many more management features, better resilience with availability sets, coming up with new/unique storage account names is less stressful, and I don’t have to account for how many IOPS I’m using in each storage account (max of 20,000).
There was once exception: if I wanted to replicate virtual machines from one region to another using Azure-to-Azure Site Recovery (A2ASR), currently in preview, then I was forced to stick with the older format because managed disks were not supported … until now.
Now, one can replicate virtual machines with managed disks to another region. So here’s my updated Azure storage advice: USE MANAGED DISKS! The next time you need to copy a virtual machine, do some image deployment, or delete/recreate a virtual machine, and you’ve used managed disks because of this advice, you’ll think of this article with a warm fuzzy feeling. Those of you who stuck with un-managed disks and didn’t convert, will be mired in PowerShell or Azure CLI – best of luck!
Introducing Backup for Azure File Shares
No; I am not advocating Azure Files for end-user file shares. As soon as people hear “Azure Files” they assume this is an end-user file server replacement in the cloud.
Instead, this announcement is part of the build-up of something different and bigger. Azure Files is a component of Azure File Sync, a preview service that allows you to:
- Synchronize file server shares to Azure
- Share that file server data between file servers in different locations
- Use Azure Files as part of a DR solution for your file servers
- Move backup of the file servers to the cloud
And it’s that last bit I’m interested in. Azure File Sync was relying on storage account snapshots for a backup. That’s like saying I’m going to keep my server backups in another disk in the server. If the server gets hit by human error or malware, everything is gone. Likewise, if an admin does something stupid to a storage account, then it and the contained snapshots are gone.
Now, as promised, Azure Backup is entering the picture. Imagine this: your file servers sync content to Azure. Azure Backup then backs up your file server content to a recovery services vault. All backup/restores will happen in the cloud, with up to 99 years of retention. Does that sound interesting? It’s enough for me to start saying that Azure File Sync is a serious feature now.
The Biggest Azure Community Event of the Year
This year, the Global Azure Bootcamp will be held on Saturday 21st of April. This event is held in locations around the globe, bringing expert speakers and attendees together for the single biggest Azure event on the planet.
Locations, 161 confirmed and 46 pending (at the time of writing) span North, Central, and South America, Africa, Europe, the Middle East, Asia, and Australia/New Zealand. I will be flying into Birmingham, UK from a class I’m teaching in Amsterdam to do two Azure talks.
Other Announcements from Microsoft
Here are some other announcements by Microsoft about Azure infrastructure from the last month:
- Integrate Azure Security Center Alerts into SIEM Solutions
- OMS Monitoring Solution for Azure Backup Using Azure Log Analytics
- Application Consistent Backup for Linux VMs Using Azure Backup Is Generally Available
- New Reference Architecture for Jenkins on Azure
- Public Preview: Automatic OS Image Updates in Virtual Machine Scale Sets
- Provide Cross Region Low-latency Service Based on Azure Global VNET Peering
- Securing IaaS Workloads for Department of Defense
- Find Unused Managed Disks
- Azure Load Balancer to Become More Efficient
- Deploying WordPress Application Using VSTS and Azure – Part One
My Azure Posts on Petri
Here are my Azure posts from the month of February:
- Design Considerations for Azure Web Apps
- How Do I Apply NSG Policies To Applications in Azure?
- Stress Testing Azure Accelerated Networking
- Azure SQL Backups
- How to Develop and Test Software with Azure VMs
- How Can I Store Secrets in Azure?
It’s All About Growth
It’s not really tech news, and strictly speaking its financial news, but it dropped on January 31st after my end of January article was published.
Microsoft’s Q2 results for FY18 (Oct-Dev 2017) were released and as usual, Microsoft’s cloud services made the headlines. Azure revenues were up by 98 percent, continuing the catch-up with AWS in the “platform” space. Microsoft is the biggest single cloud vendor once you add in Office 365, CRM 365, etc. It is ahead of AWS, Google, IBM, etc, even though many in the press either aren’t aware of this or refuse to type it on their outdated MacBooks. That 98 percent was higher than that expected 80 percent and the previous quarter’s growth of 90 percent.
Where is all the growth coming from? That’s impossible to say. Microsoft won’t even put a dollar number on the size of its Azure business. But we do know a few things:
- Approximately 90 percent of Microsoft revenue has a Microsoft partner involvement.
- There has been a huge focus on the Cloud Solution Provider (CSP) business through Microsoft partners.
- Microsoft is getting some big wins in the last year.
I am seeing big growth in Azure but from what I hear, that’s not universal across Microsoft markets; some countries are behind the curve, while others (the Nordics) are always looking for an edge over the competition.
Want to Pass the Azure 70-533 Exam?
If you want to sit the 70-533 Azure infrastructure exam, then the Exam-Ref 70-533 Implementing Microsoft Azure Infrastructure Solutions Second Edition book might be for you. This isn’t a review or recommendation but materials for this exam are in short supply.
Microsoft changed 70-533 in November 2016 to remove the classic Azure Service Management (ASM) content and Azure SQL content and went with an all-ARM (Resource Manager) curriculum. Since then, the only study materials were Microsoft documentation, videos, and blog posts. This second edition book is an update to reflect the materials. I wouldn’t expect to see too many books. It was probably already out of date before it was “sent to press”, and writing “printed” materials on cloud content is the new mission impossible.
Everyone Enjoys Accounting
This accounting stuff can be pretty dull but it’s important if your job includes budgeting for the cloud.
A lot of Azure services share the price on a per-hour basis, even if they are charged per-minute, such as virtual machines. Companies don’t think about per-minute or per-hour costs. They want per-month or per-year costs.
When I started working with Azure four years ago, an average Azure month was 744 hours long. A few months ago, Azure moved closer to the sun,and the shorter orbit resulted in a 732 hour average month. 732 hours was the average number of hours in a month during a leap year:
(24 hours * 366 days) / 12 months = 732 hours per month.
However, Microsoft quietly adjusted the Azure calendar again, and now an average month is 730 hours, based on a non-leap year:
(24 hours * 365 days) / 12 months = 730 hours per month.