Everything You Need to Know About Azure Infrastructure – March 2021 Edition
Microsoft ran another virtual edition of the Ignite conference in March. As usual there were a large number of Azure infrastructure announcements.
Availability Zones Expansion
Microsoft has committed to introducing availability zones to all Azure regions by the end of 2021.
An Azure region (supposedly) is made up of one or more physical data centers – a few, such as Norway West are rack space rented from third-party hosting providers. Some regions have many data centers, some beside each other, some spread across a city (within 2 milliseconds of latency). Before availability zones were added to Microsoft Azure, a facilities outage (power, networking, cooling) to one building could bring down all the data centers in the region. With compute and storage, we have been able to use locally-redundant storage (LRS) and availability sets (anti-affinity) to spread data replicas and compute instances across different nodes, but they were constrained to the same co-lo (the Microsoft term for a room) in a single data center in the region. One faulty temperature or climate sensor could bring down that room, and all replicas for your workload – this has happened in Microsoft Azure.
Availability zones create a boundary between sets of the physical data centers in a region. Each availability zone has independent power, cooling, and networking. Compute resources can be spread across zones and storage can use zone-redundant storage (ZRS) to place the data replicas across 3 availability zones. It sounds great, but only a few Azure regions have supported availability zones. This limitation affects things other than availability and SLAs; some features, such as VPN over ExpressRoute for encryption, are only possible in Azure regions that support availability zones.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Microsoft has promised:
- All regions will support availability zones by the end of 2021. I wonder if or how that will be possible in regions such as Norway West.
- Every new region will support availability zones.
- In 2021 all “foundational and mainstream” services in Azure will support availability zones.
Windows Server Lives!
Microsoft also announced that Windows Server 2022 is now available in preview. Isn’t this an Azure article? Why are we talking about Windows Server? I don’t know about you, but most of what I deploy/migrate in Microsoft Azure is based on Windows Server so the guest OS is still quite relevant to my day.
I was recently asked if I could discuss the new features of Windows Server in a podcast. I had to admit that I was the wrong person – the improvements in the guest OS have had no impact on my work since 2016. I work with things like Active Directory Domain Services, File Services, Network Policy Server, and IIS. When was the last big improvement in any of those? Anyway, here’s a quick breakdown of what is new:
- TPM 2.0 is used to secure the OS, firmware protection is added, and virtualization based-security/hypervisor-based code integrity are in a “secured-core server”. This reads like extra protections for Azure Stack HCI.
- There is a vague statement about new network connectivity security.
- New improvements in Windows Admin Center.
- The Storage Migration Service adds a new “to-Azure” scenario for migrating file servers.
- A smaller image size for containers.
- A new containerization tool in Windows Admin Center.
To be honest, getting a listing of the new features that aren’t written in marketing-speak is pretty hard.
Other Announcements from Microsoft
- What’s New in Azure Disk Storage at Microsoft Ignite 2021
- Announcing the preview of Zone Redundant Storage (ZRS) option for Azure managed disks
- On-demand disk bursting for Premium SSDs now in public preview
- Public preview: Automatic key rotation of customer-managed keys for encrypting Azure managed disks
- Public preview: Change performance tiers for Premium SSD managed disks with no downtime
- Azure Defender for Storage powered by Microsoft threat intelligence
- Backup for Azure Managed Disk is now generally available
- Encryption scopes in Azure Storage now generally available
- Azure Load Balancer support for IP-based backend pool management is now generally available
- Public preview: Azure Route Server
- Multiple new features for Azure VPN Gateway in public preview
- General availability: New Simplified NSX networking experience for Azure VMware Solution
- Technical Sessions now available on key Azure Networking services
- Architect and optimize your internet traffic with Azure routing preference
- Monitor your hybrid network with Network insights
- Public preview: IPv6 Support for ExpressRoute Private Peering
- Public preview: Service Tags for User Defined Routing
- General availability: ExpressRoute monitoring in Azure Monitor network insights
Azure Virtual Machines
- Improve Azure Spot Virtual Machines runtime and simulate evictions with new features in public preview
- Automatic VM guest patching is now in public preview for Linux VMs
- Azure trusted launch for Virtual Machines now in public preview
- More performance and choice with new Azure HBv3 virtual machines for HPC
- Azure and AMD announce landmark in confidential computing evolution
- General availability: Virtual machine (VM) level disk bursting available on all Dsv3 and Esv3 families
- Proactive Crash Monitoring in Azure App Service
- Public preview: App Service Managed Certificates now supports apex domains
Azure Backup & Site Recovery
- Azure Backup: Operational backup for Azure Blobs is now in public preview
- Azure Backup for SAP HANA: Incremental backup is now generally available
- Backup Reports is now generally available
- Azure Monitor Alerts for Azure Backup is in public preview
- Backup Center is now generally available
- Limited preview: Azure Backup now supports archive tier for backup of Azure Virtual Machines and SQL Server in Azure VMs
- General availability: Azure Backup supports backup and restore of Azure Dedicated Host
- General availability: Announcing private Azure Marketplace
- Public preview: Announcing new capabilities for Azure Automanage
- Azure Resource Mover now generally available: Move seamlessly between Azure regions
- Enhanced Dashboard experiences for Azure Monitor Log Analytics
- Generally available: Monitor your spending through forecasted cost alerts with Azure Cost Management and Billing
- General availability: Enhanced Azure Dashboards experience for pinned Log Analytics parts
- General availability: Publishing VM Images from Shared Image Gallery to Azure Marketplace
- General availability: Azure Monitor for Windows Virtual Desktop
Azure Security Center
- Azure Security Center: General availability updates for February 2021
- Azure Security Center: Public preview updates for February 2021
- AzureRM will retire by 29 February 2024
- New planned datacenter region in China (China North 3)
- General availability: Assessments for migration to Azure VMware SolutionAzure expands PCI DSS certification
- Azure portal February 2021 update
And Now for Something Different
Did you know that there is Microsoft Ignite and there is also “Microsoft Ignite”? Does that sound confusing to you? Maybe it makes sense to whoever is planning the content for Microsoft Ignite, the event that you can (virtually) attend, but it’s confusing to the rest of us.
I signed up to (virtually) attend Microsoft Ignite. And when the session planner came out I was left wondering “if this was an in-person event, would I attend any sessions?”. This is the first time that there was a Microsoft TechEd/Ignite conference and I had no interest in any of the sessions.
I am interested in the work that Microsoft is focused on. I work with clients that want to use Microsoft Azure or are planning on moving all workloads/data to Azure. I typically work on the cutting edge. So, you’d expect that a Microsoft conference on enterprise IT would be of interest to me. But the Microsoft Ignite sessions were a bunch of 30 minutes, level 100 marketing dumps, with little information of interest to me. I did put a few sessions in my planner, but I didn’t attend a single one.
But just like the previous virtual Ignite, something odd happened. Some product teams released “Microsoft Ignite” sessions outside of the scope of the actual Microsoft Ignite. It was like there was a shadow “Microsoft Ignite” being run in spite of the session planners of the official Microsoft Ignite. In these shadow sessions, one could find technical content with content that had real value.
I’ve heard some people wonder if Microsoft will run Ignite as an in-person conference once it is safe to travel and meet up again. If sessions are going to be as poor as they were in the last virtual Microsoft Ignite then I can imagine 20,000+ disappointed paying attendees.