Everything You Need to Know About Azure Infrastructure -- March 2018 Edition
Month 3 of 2018 brought us some interesting news in Azure IaaS. Some things that have been in the oven for a while are starting to rise and there’s lots more evidence of the new and open Microsoft.
Microsoft Doesn’t Want Access To Your Data
In a time when the future of American-owned clouds has been put in doubt, Microsoft is trying its hardest to make it impossible to access your data. The latest of these ventures is self-service storage encryption. With this feature, you can supply your own encryption keys to secure data and secure those keys in Key Vault, a FIPS 140-2 Level 2 validated Hardware Security Module (HSM) service in Azure.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
The US Versus Microsoft
And why does Microsoft want no access to your data? It’s because if Microsoft has no access to your data, then it cannot respond to warrants from the US government that should have been issued to you in the first place.
A long-running case of the US government versus Microsoft, where the FBI is trying to force Microsoft to hand over a mailbox from Dublin, Ireland recently hit the US Supreme Court. The FBI could have gotten the mailbox contents years ago via the MLAT Treaty but instead is attempting to force Microsoft to break Irish and European Union law. Interestingly, a future breach of Irish law could cost Microsoft up to €20,000,000 under the EU General Data Protection Regulation.
American politics is not the focus of this article but something interesting was reported earlier this week. The US government has passed a new law called CLOUD (Clarifying Lawful Overseas Use of Data Act). I’m no lawyer, but the UK’s Financial Times has an interesting and maybe worrying take on the new law:
- The US will have easier access to foreign-located data if the country where the data is located has a mutual law.
- How this law will be adjudicated will be under the control of the US Congress, which isn’t known as a bastion of common sense or effectiveness.
If the US government has opened the sluice gates on foreign data, then Microsoft will be looking for a real estate agent pretty soon, either to sell off Redmond (with a move to Vancouver) or to pass on 40+ data center regions.
Microsoft — The Open Source Company
Open source stuff – that’s what we think of when we think of Microsoft, right? If you don’t, then it’s time to start. Microsoft released Service Fabric, the foundation of many of Microsoft’s cloud services, as an open-source product under MIT licensing. And this month’s news (below) is full of talk of Linux, PHP, Java OpenJDK, Tomcat, Node, MySQL, and more. Microsoft is doing more “open-source” hardware development and are talking more about SONiC, the Microsoft Linux distro (!) that powers the virtual networking of Azure. Steve Ballmer would be rolling in his grave if he had one.
Other Announcements From Microsoft
It’s been another quiet month in Azure … wait … oh … no, it was actually pretty crazy and it’s still a month until the Microsoft Build conference starts. There’s always a huge set of Azure announcements at Build.
- Azure portal updates: March 2018
- StorSimple Data Manager Now Generally Available
- Announcing the General Availability of Azure Files Share Snapshot
- Announcing Backup and Restore Performance Improvements and Support for Large Disk Backup
- General availability: Application Consistent Backup for Linux VMs by Using Azure Backup
- Azure Security Center and Discovery of Partner Solutions
- Security Center Playbooks and Azure Functions Integration with Firewalls
- Just-in-Time VM Access Is Generally Available
- Heuristic DNS Detections in Azure Security Center
- Confidently Plan Your Cloud Migration: Azure Migrate Is Now Generally Available!
- Public Preview of Java on App Service, Built-in Support for Tomcat and OpenJDK
- Major Version Updates for App Service on Linux
- App Service Updating PHP to Latest Versions
- Update Management, Inventory, and Change Tracking in Azure Automation Now Generally Available
- Faster Metric Alerts for Logs Now in Limited Public Preview
- The Next Generation of Azure Alerts Has Arrived
- Visibility into Network Activity with Traffic Analytics — Now in Public Preview
- Azure Monitor Metrics Integration
- Announcing Azure Service Health General Availability –- Configure Your Alerts Today
- New Isolated VM Sizes Now Available
- NCv3 VMs Generally Available, Other GPUs Expanding Regions
- General Availability: Azure Scheduled Events
- Virtual Machine Serial Console Access
- Migrate Your Databases to a Fully Managed Service with Azure SQL Database Managed Instance
- Azure SQL Database Offers Preview of Zone Redundant Premium Databases and Elastic Pools
- Azure Database Migration Service: March Update
- Announcing General Availability of Azure Database Services for MySQL and PostgreSQL
- Securing Azure Database for MySQL and Azure Database for PostgreSQL
- Compliance Offerings for Azure Database for MySQL and Azure Database for PostgreSQL
- Project Denali to Define Flexible SSDs for Cloud-Scale Applications
- Microsoft Creates Industry Standards for Datacenter Hardware Storage and Security
- SONiC, the Network Innovation Powerhouse Behind Azure
- Public Preview: Azure DNS Private Zones
- General Availability: Disable BGP Route Propagation for Virtual Network Routes
- General Availability: Standard Load Balancer
- The New Azure Load Balancer — 10x Scale Increase
My Azure Posts on Petri
Here are my Azure posts from the month of March:
- Is Azure SQL Highly Available?
- What Is App Service Environment?
- How to Connect Azure Web Apps To On-Premises
- Deploying Azure DevTest Labs
- Controlling Resource Usage and Costs in Azure DevTest Labs
- Deploy Azure App Service Environment With A Public IP
- Deploy Azure App Service Environment with Internal Load Balancer
- Architecting Availability Zones for Azure VMs
- The Architecture of Azure File Sync
And Now for Something Different
Cosmos Darwin, a program manager for Windows Server storage/clustering, has posted that Microsoft has observed 10,000 Storage Spaces Direct (S2D) clusters in the wild. That number is based on telemetry from outside of Microsoft and obvious non-production environments (such as Azure Stack development kits). Think of it this way – this is similar to saying that HPE sold 10,000 new SANs in the first 18 months.
And that’s just the first 18 months with Windows Server 2016. Later this year (probably at or soon after Microsoft Ignite), Microsoft will be launching Windows Server 2019. Microsoft just launched the first preview of WS2019. One of the pillars of the next long-term servicing channel (LTSC) release will be hyper-converged infrastructure (HCI), namely S2D. a market that grew 64 percent in 2016 (IDC) and will be worth $5 billion by 2019 (Gartner).