Everything You Need to Know About Azure Infrastructure - January 2018 Edition
It’s a new year and it’s time for new things. This month I’m starting a monthly series to summarize some notable things that have happened in Azure IaaS.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Nothing to See Here!
If you’ve just come back from Mars via a craft with no processors, then (a) welcome home and (b) there was some news about something called Spectre and Meltdown.
Microsoft quietly let the news out before the holidays that Azure services would be scheduled to reboot starting on January 9th. At the start of the month, some news started to leak that there was a big security flaw in Intel processors. On January 3rd, Intel and Google (who found the flaw) confirmed the security flaw in the Intel processors and ARM & AMD too.
Microsoft quickly sent out emails to let people know the reboots were brought forward and they started on January 3rd.
Since then, Microsoft has issued guidance for mitigating the “speculative execution side-channel vulnerability”, or Meltdown, on Azure virtual machines. Microsoft did patch its Hyper-V hosts in Azure. This should not impact the performance of most virtual machines. However, anyone with machines with larger networking loads might see a reduction in performance. If so, Microsoft recommends:
… turning on Azure Accelerated Networking (Windows, Linux), which is a free capability available to all Azure customers.
Sadly, you cannot “turn on” Accelerated Networking. You will have to redeploy the virtual machine and NIC with the existing disks.
I feel OK about the whole thing. Intel has confirmed all is well.
Azure Virtual Machine Reference
A new site, running on Azure App Services, has appeared with a very handy listing/comparison of all the Azure virtual machine series and sizes.
Azure Site Recovery (ASR) Improvements
ASR got a couple of nice improvements this month:
- The on-premises appliance for VMware migration/DR is now … an appliance. This OVF format appliance can be downloaded, deployed on VMware, and have you operational within “30 minutes”.
- The Overview in the Recovery Services Vault has an improved presentation of health/status/performance information, based on feedback from some larger customers, as was shared at a session at the Ignite 2017 conference.
Azure Backup Improvements
I wonder how many people either never do backups of their Azure virtual machines, or forget to enable it afterward (once the only option). Enabling Azure Backup is now an option while creating a new virtual machine in the Azure Portal. There are no excuses anymore!
The Overview of Recovery Services vault, shared with ASR, has also improved the status information for Azure Backup, providing you with a quick view of utilization and health.
If you use Bitlocker Encryption Key (BEK) to secure the disks of your Azure virtual machines, then I have good news: Azure Backup now supports protecting those machines! With this news, I don’t have to worry about The Donald reading my emails! Sorry … but that was just too easy.
Azure Standard Support Cost Reduction
If you are buying Azure through Credit Card (you’re crazy!), Open, or Enterprise Agreement, then you must purchase support for Azure separately. Support is built-in when acquiring Azure through the Cloud Solution Provider (CSP) Direct and Indirect channels.
- A price drop to $100 per month
- A reduced response time of 1 hour for critical business impact (Sev A) cases.
More bang for your buck!
More Regions for Global VNet Peering
- Korea South
- UK South
- UK West
- Canada East
- India South
- India Central
- India West
- US West Central
- Canada Central
- US West 2
Zune Isn’t Crippling Action Groups Anymore!
Action Groups are a feature that is getting more important for generating alerts in Azure Monitor. An Action Group allows you to create a set of notifications/actions that can be triggered by an alert. One of the notification types is SMS texting, which was restricted to just the USA (The Curse of Zune). I complained to the product group about this in a conversation and was told to go back and look at the blade in Azure Monitor. A bunch more countries have been added and are now supported for SMS alerting between the time I had last checked the Azure Portal and the time I complained. Sometimes, it’s nice being wrong!
Network Security Group (NSG) Improvements
Some feedback has turned into changes – nothing new here in Azure! NSGs now:
- Allow you to specify Azure storage and Azure SQL services using services tags or locations. Now you can block outbound traffic to the Internet without bricking your Azure virtual machines during reboot.
- Application Security Groups allow you to group virtual machines and then apply rules to those groups, enabling scaled out services to be secured more easily.
Accelerated Networking GA on Linux
Microsoft Acquired Avere
It was announced on January 3rd that Microsoft acquired a cloud storage company called Avere. I’m guessing that Microsoft bought this company to acquire some IP to improve existing hybrid cloud storage solutions, instead of adding another hardware appliance (versus StorSimple) or hybrid cloud storage solution (Azure File Sync). Avere appears to help customers, lots of mentions of animation and media companies in the press release. Verticals such as Finance and Oil/Gas are also mentioned and we know that those are two verticals Microsoft is targeting with its Intelligent Cloud/Intelligent Edge push.
Other Announcements from Microsoft
Here are some other announcements from the world of Azure IaaS and management:
- ITSM Connector for Azure is now generally available
- Launching the Azure Storage Solution showcase
- Azure Zone Redundant Storage in public preview
- Zone Redundant Virtual Machine Scale Sets now available in public preview
- Keeping your environment secure with Update Management
- Serious about cloud security? Check out this new training on Azure Security Center
- How Azure Security Center helps analyze attacks using Investigation and Log Search
- Azure Security Center adds support for custom security assessments
- Azure Security Center and Microsoft Web Application Firewall Integration
- Migration checklist when moving to Azure App Service
- Network Watcher Connection Troubleshoot now generally available
My Azure Posts on Petri
Here are my Azure posts from the month of January:
- Expanded Azure Virtual Machine Availability and Locations
- My Azure Infrastructure Highlights of 2017
- Azure App Services on Linux
- Azure Accelerated Network Is Generally Available
- Adding WebJobs to Azure App Service
- Blocking Internet Access
- Backing Up Azure App Service
Stanislav Zhelyazkov, MVP, is well known in the System Center world and has specialized in OMS/Log Analytics over the last few years. He wrote a post recently to share some tips and tricks on getting started with Azure Security Center.
Virtual PC Guy Is No More
I’ve been a user of Hyper-V since the beta in Windows Server 2008 and I became a Hyper-V MVP many moons ago. As such, I got to know Ben Armstrong, the public face of Hyper-V for many years, through his helpful posts on Hyper-V and in-person. Ben was best known as “The Virtual PC Guy”. That was his Microsoft blog’s name and his Twitter handle based on his history in virtualization, which started before Microsoft acquired Connectix (the foundation of Virtual PC, Virtual Server, and eventually Hyper-V) in 2003. Ben has been incredibly helpful to all Hyper-V admins, directly or indirectly over the years and he’s bailed my tail out on more occasions than either of us care to remember. If you read my posts or follow me on Twitter, then there’s a good chance that Ben has rescued you at some point too.
What Ben does in Microsoft has changed, so he’s not as involved with the things he used to blog about. That’s handled by his team now. From now on, Ben is “American Boffin”, as he explains on his new personal blog. For us Hyper-V veterans, it’s the end of an era but we are comforted in knowing that interesting tech posts are still being shared.