Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

Everything You Need to Know About Azure Infrastructure – May 2019 Edition

May revealed some interesting Azure developments to us – Sony is now an Azure customer! This post will summarize the infrastructure news for the last month.

VNet Peering Limits Increased

There was no announcement to this increase that I saw – I learned about it when in a meeting with some of the engineers & program managers of Azure networking. And some of you might think “that’s not all that important”. But this was the big Azure announcement for me and my customers.

VNet peering allows you to connect one virtual network to another. For mid-large enterprises, this allows us to reuse expensive resources such as firewalls, VPN/ExpressRoute connections, and other shared services such as domain controllers. VNet peering is the networking feature that makes the Virtual Data Center concept possible – applications or services are deployed into their own virtual network and connect to a shared services hub using peering.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Before this increase, a single virtual network (or hub) was limited to 100 peered connections. That limited the capacity of a single virtual data center to under 100 applications or services. But now, a single virtual network can connect to 500 other virtual networks. That means that I can have up to 500 applications/services sharing the expensive resources that I host in a single hub, deriving more value, and reducing the amount of governance, operations, and security work that must be done.

RBAC for Azure Monitor Logs

A fair question to ask is “what the heck is Azure Monitor Logs”. Azure Monitor Logs is this month’s name for Log Analytics or what many incorrectly called OMS (which was a license bundle that included Log Analytics). Azure Monitor Logs is powered by the same Workspace as before, with the same per-GB or per-instance pricing as before, but it just reveals some of the Workspace solutions in Azure Monitor – the other Workspace solutions still require you to use KQL queries in the Workspace as before.

In a large environment, there were some security challenges with Azure Monitor Logs. A common-sense design would be to have one Workspace that gathered all monitoring and management data into one place – I have learned that Microsoft Premier Support can require this.  But here’s a problem for you: what if you have 200 monitored services each with their own groups of delegated owners/admin and they should only see the monitoring/management data for their own resources? Do you create a single workspace for each service? That was the case, and it would make centralized operations using native tools nearly impossible.

But now, the Workspace understands role-based access control:

  • Data is automatically permissioned based on the permissions of the monitored & managed resources. Users of the workspace can only see data for resources that they have access to.
  • You can add further permissions to collections of data to reduce or extend the default access rights.

This means that the single, central workspace is a possibility for enterprises that implement RBAC. Note that workspaces deployed before or during March 2019 must have this functionality enabled, and workspaces created after March 2019 have it enabled by default.

Other Announcements from Microsoft

Here are other Azure IaaS headlines from the past April:

And Now for Something Different

Seriously? Sony signed up to use Microsoft Azure? Yup, it appears so. It’s been widely reported now that Sony (owners of PlayStation) have agreed with Microsoft (owners of Xbox) to use Microsoft Azure in some ways. The announcement was deliberately vague, but it appears that PlayStation Network is move from AWS to Azure. This announcement comes with the news that Sony could not come to a deal with AWS.

Recently we have seen several stories where competitors of Amazon have chosen Azure, partly because it is not owned by Amazon.

In the end, even if the Xbox market is one third the size of the PlayStation market, Microsoft wins. This is similar to the mobile market; Windows Phone was wiped from the face of the Earth, but Microsoft Azure continues to complete for the cloud business that powers all the apps and services that run on those tablets and smartphones. The era of cloud in console computing is really only beginning. Today we can play against/with others (while offensive comments are hurled) through The Cloud and we can purchase digital copies of games which are downloaded from The Cloud. But things like Microsoft’s xCloud will allow us to play/stream games online to any kind of device (in theory) with the compute happening in The Cloud, and the user experience being on the device. Everyone seems to be getting in on the game: Microsoft, Google, AWS, and, obviously, Sony need to do this too. It appears that Sony have chosen Azure to build their own streaming system, which is quite the win for Microsoft.

This story also tells us a lot about Satya Nadella’s Microsoft. Microsoft and Sony aren’t enemies; they compete in one line of business. In other lines, they have been partners. And in other ways, Sony is a customer of Microsoft.  Mature people can compete and still get along. I don’t think that this could have happened in the Gates/Ballmer era, at least not successfully. Stories like “Microsoft Loves Linux”, “VMware running in Azure”, and “Sony Uses Azure” shouldn’t be surprising, but I guess those of us who remember the “fun days” will always be surprised.

This story about Sony reminds us that the Cloud is more than just mail boxes and running VMs in The Cloud. There are all kinds of interesting ways to use Azure, and the companies that innovate on it to be unique and competitive will bring us new and, sometimes, unexpected things.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: