Over the last couple of weeks, I’ve spotted lots of tiny little changes in the Azure Portal. And my feeds have lit up over the last few hours. There must be a big Microsoft conference happening right around now? Yup, Microsoft Ignite (March 2021) is here and that means there will be lots of cool new things to check out. One of the nice little ones that didn’t get an announcement is a new user interface for Network Security Groups, enabling you to easily select a common higher-level protocol, such as SMTP, and not need to know/specify the transport protocol and port number (TCP 25).
Microsoft announced a preview for Azure Firewall Premium recently. Before we get to the features, we should talk about something that is very clear with this new SKU. Last July, Microsoft made Azure Firewall Policy/Azure Firewall Manager generally available. This new way to managed Azure Firewall configuration and rules originally created a duplicate of what could be done directly in the firewall resource. But then came along a new feature: whitelisting for Threat Intelligence. This was the clue of what was to come – this new feature was only in Azure Firewall Policy and there was no sign of it in the firewall resource. I could read the tea leaves; Azure Firewall were planning on moving the interface to Azure Firewall Policy only. And that’s quite clear with the Premium features – they are available only through a Premium SKU of Azure Firewall Policy.
So what are these new features?
If you have been running things on Azure for a while then there is a chance that February 2024 (3 years away) will be an important date to note. Microsoft made a bunch of announcements about Azure features that will be retired that month:
“Right Aidan, that’s 3 years away and I don’t need to worry”. You might feel like that today – but once you are depending on Azure resources, I find that they are less flexible. You need to make plans, and many of the above-listed resources are the kinds of transformative tech that worm their way into very large and business-driving workloads that take years to modify. Start now, and don’t be stressing out when you get a reminder in January 2024 – and the sooner you get onto the new alternative, the sooner you’ll be able to avail of new features that will otherwise be unavailable to you.
I thought that my days of being an accidental database administrator (DBA) were over.
Once upon a time, there were systems administrators (and infrastructure consultants, like me), programmers, and somewhere in-between were the DBAs; they were the weird people that aren’t quite accepted in either of the polar camps. They don’t write code, but they don’t do the plumbing either. But apps rely on them to make “data happen” and they aren’t doing server stuff.
But it you were an on-premises admin with Windows Server in your life, then you were what my old buddy, Mark Minasi, once used to call “the accidental DBA”. Just about every product that Microsoft released since BackOffice Server required a SQL Server database. And because those products were deemed as infrastructure, they fell into the realm of administration for the mere Windows admin. And what did we know about SQL Server? We were pretty good and clicking Next, getting it installed, placing the data files onto a dedicated data drive, and maybe even configuring a backup – but heaven forbid we had to restore anything from those backups! Wow! I can remember the sweaty afternoons trying to make restores work for customers.
I thought that those days were behind me. Here I am, working in Microsoft Azure. The database is a PaaS thing now, right? Yeah … no quite! Azure SQL is great for bespoke apps but few existing systems will run on it. SQL Server Managed Instance lies somewhere between old fashioned SQL Server and Azure SQL – it’s platform-based but it’s “mostly compatible” with SQL Server … mostly … “I can’t believe it’s not SQL Server!”.
There are differences. For example:
Today I spent a couple of hours trying to restore a database (as part of a migration) to a SQL MI in a secure network. A DBA might have accomplished that task in 10 minutes. But I’m a person who does next>next>next when it comes to SQL Server. And here is the fun bit – much like with Active Directory Domain Services, you pretty much will find that people who have the very limited bit of accidental DBA knowledge that I have are probably in their late 30’s or older. And we can expect those databases to linger around in the heart of the corporate business for 20+ years. As long as I Google-Fu remains strong and I can discern SQL from dentures, I’m probably going to remain employable.