Everything You Need to Know About Azure Infrastructure – December 2020 Edition
Happy new year! I’m writing this article at the end of my first day back at work since November. I have barely looked at any work-related stuff in the last month. Writing this article will give me a chance to catch up with thing.
App Service Anti-Virus Logs in Public Preview
Microsoft has announced that Anti-Virus Logs for App Services are in public preview; This feature has been requested for years and will make a lot of Azure customers (or prospective customers) happy. Once a day, at a time you cannot currently control, Windows Defender will scan your Windows or Linux App Service content for malware. The scan logs can be sent, using Diagnostics Settings, to the usual destinations of Blob storage, Log Analytics (useful for reporting and Azure Sentinel), or external systems via Event Hub.
There are some limitations to Defender scans for App Services:
- Only App Services with under 1 GB of content can be scanned.
- Web Apps with less than 10,000 content files will be scanned.
- Only the Premium and Isolated App Service tiers are supported.
The Premium SKU is quietly becoming the main SKU, supplanting the Standard SKU – the Premium SKU is required to use Private Endpoint.
End of Support for IE 11 with Azure Portal
This is a short but important story. The Azure portal is to end support for Internet Explorer 11 on March 31, 2021. Your choices for replacements are:
- Microsoft Edge.
- A supported third-party browser, including Safari, Chrome, and Firefox.
- The Azure Portal mobile app.
- The desktop app for Azure Portal (preview).
Other Announcements from Microsoft
- Infrastructure Encryption for Azure Monitor dedicated clusters now generally available
- Azure resource logs for Azure Storage is now in public preview
- Azure Blob storage—NFS 3.0 protocol support public preview now supports GPV2 storage accounts
- Azure Storage account recovery available via portal is now generally available
Azure Virtual Machines
Azure Resource Manager
- Deployment Scripts for ARM Templates is now Generally Available
- What-If for ARM Template deployments is now Generally Available
- New Azure Monitor Agent and Data Collection Rules capabilities released in public preview
- Public preview: Azure Monitor for containers new Reports(tab) & deployment live logs
Azure Security Center
- Azure Security Center—News and updates for December 2020
- Azure Defender for SQL (in Azure Security Center)—News and updates for December 2020
Microsoft is great at naming products. No – wait – no, they are pretty rubbish. Remember when Surface was a table and then it was a tablet? Or how about “Azure Database for MySQL Server”? The since-abandoned Forefront security product range? Or how about (breathes in) System Center Virtual Machine Manager Self-Service Portal 2.0 Service Pack 1, or SCVMMSSP 2.0 SP1 for short? Or Cortana everything?
I thought that Microsoft Azure was doing a pretty good job on naming. If you need DNS, you can use Azure DNS. If you need a firewall you can use Azure Firewall. If you need a VM, you use VMs – but which one?
Once upon a time, VM naming in Azure was simple – once you understood the system. The first (capital) letter denoted the series, often a slightly veiled reference to the origins or typical use case of the machine, for example, A was the first, D stood for disk or database, G for Goliath (it was the biggest), M for massive, and so on. Then that got expanded to include a specialization – NV for Nvidia virtualization, NC for NVIDIA compute, and so on.
A number originally indicated an ordering of the sizes in that series, but later became a reference to the number of cores or virtual processors (depending on the series) in the VM size.
Finally, some lower-case letters indicated special host hardware features – s for Premium SSD support, r for RDMA networking, i for isolation (the only VM on the host), and so on.
So, if you told me that you were using a Standard_H16mr then I knew:
- It’s a H-Series for high-performance computing (HPC)
- There are 16 cores
- It has more memory than usual for the 16-core size
- The machine has an additional RDMA NIC for low latency & high throughput transfers
Microsoft has announced that the NCas_T4_v3-Series VMs are now generally available. What’s that now? That’s a great question. The naming of Azure VMs has gotten out of control. I get that more specializations are required but this is getting like the old days when you tried to track IBM PC models in an enterprise – 10,000 identical looking machines, and 100+ models with different components, each requiring their own Ghost image (do you oldies remember that nightmare?).
Microsoft has always sucked at naming their products. The term “Defender” about as meaningful as “bread” in a supermarket. I really hope what we are seeing in Azure VMs doesn’t spill over into the rest of Azure and products become random letters in the alphabet or named after some managers home town.