Azure Backup & Azure Firewall

Once something I covered only in theory for my posts here, Azure Firewall has become a reality in my working life. A concern with introducing a new firewall into an Azure virtual machine deployment is that I might break how other services work, particularly something like Azure Backup.

The good news regarding Azure Backup for Azure virtual machines and Azure Firewall is split into two pieces:

• Back up of virtual machines is done at the fabric level. These backup jobs that protect the entire machine are unaffected by what we do with firewalls, such as Azure Firewall.
• Protection of services inside of virtual machines (just SQL Server today) relies on outbound data transfer from the virtual network to “Internet” (Azure in this case). There is a built-in infrastructure tag for Azure Backup that allows you to create an outbound exception (FQDN tags in Application Rules) to allow this traffic.

2019 – The Year of Upgrades

Windows 7, Windows Server 2008/R2, and SQL Server 2008/R2 all have end-of-support dates in the next 12 months. That means no more security fixes unless you pony up some large piles of money for extended security fix support.

Microsoft has promised that customers that move Windows Server 2008/R2 or SQL Server 2008/R2 to Azure (or Azure Stack) will continue to get free security fixes for up to 3 years.

Ideally, one won’t just move old stuff to the cloud and leave it like that. The idea here is that you should do one of the following, in this order of preference:

1. Try to find a cloud-native (PaaS or SaaS) alternative, such as SQL Managed Instance or App Services.
2. Upgrade to a newer version of SQL Server/Windows Server
3. Migrate the virtual machine to Azure as-is and try 1 or 2 later.

You can read about Microsoft’s resolution for 2019 here: Our 2019 Resolution: Help you transform your 2008 server applications with Azure!

Other Announcements from Microsoft

Here are other Azure IaaS headlines from the past month:

• New Azure Migrate and Azure Site Recovery enhancements for cloud migration
• Announcing the general availability of Azure Data Box Disk
• Questions on data residency and compliance in Microsoft Azure? We got answers!
• Azure Backup now supports PowerShell and ACLs for Azure Files
• Regulatory compliance dashboard in Azure Security Center now available
• What’s new in Azure Log Analytics – January 2019
• Azure Security Center can detect emerging vulnerabilities in Linux
• Azure Site Recovery: Disaster Recovery as a Service (DRaaS) for Azure, by Azure

My Azure Posts on Petri

Here are my Azure posts from the month of November:

• An Azure Infrastructure Year in Review – 2018
• How To Convert A Virtual Machine’s Disk Tiers
• The Easy Ways to Restore Azure VMs From Backup
• How To Host a DNS Domain in Azure
• How to Deploy Traffic Manager for Azure App Services for Disaster Recovery
• Static Website Hosting on an Azure Storage Account

And Now for Something Different

Another cloud outage happened this month, this time affecting some European customers of Office 365 for up to 2 days. Am I still bullish on The Cloud – you betcha!

The argument that I used to convince my last employer to move from on-premises Exchange to Office 365 was this: If Exchange breaks, I can reboot the VM and hope for the best. If Office 365 breaks, the people who write it will fix it.

I’ve been using Office 365 at home (one of the business plans) and at work for many years – I actually forget how long! I’ve seen the occasional glitch but it’s better than me running a mail server – which I used to do at home (nerd!) and was a great/expensive home heating appliance. That thing required so much attention that it was silly. Since I moved to Office 365 I have had a pretty smooth experience.

However, Microsoft really does need to step back and do another one of their seismic shifts – to focus on quality this time … previously it was The Cloud, security, and The Internet.