Everything You Need to Know About Azure Infrastructure – May 2019 Edition

Microsoft Azure cloud hero
May revealed some interesting Azure developments to us – Sony is now an Azure customer! This post will summarize the infrastructure news for the last month.

VNet Peering Limits Increased

There was no announcement to this increase that I saw – I learned about it when in a meeting with some of the engineers & program managers of Azure networking. And some of you might think “that’s not all that important”. But this was the big Azure announcement for me and my customers.
VNet peering allows you to connect one virtual network to another. For mid-large enterprises, this allows us to reuse expensive resources such as firewalls, VPN/ExpressRoute connections, and other shared services such as domain controllers. VNet peering is the networking feature that makes the Virtual Data Center concept possible – applications or services are deployed into their own virtual network and connect to a shared services hub using peering.

Before this increase, a single virtual network (or hub) was limited to 100 peered connections. That limited the capacity of a single virtual data center to under 100 applications or services. But now, a single virtual network can connect to 500 other virtual networks. That means that I can have up to 500 applications/services sharing the expensive resources that I host in a single hub, deriving more value, and reducing the amount of governance, operations, and security work that must be done.

RBAC for Azure Monitor Logs

A fair question to ask is “what the heck is Azure Monitor Logs”. Azure Monitor Logs is this month’s name for Log Analytics or what many incorrectly called OMS (which was a license bundle that included Log Analytics). Azure Monitor Logs is powered by the same Workspace as before, with the same per-GB or per-instance pricing as before, but it just reveals some of the Workspace solutions in Azure Monitor – the other Workspace solutions still require you to use KQL queries in the Workspace as before.
In a large environment, there were some security challenges with Azure Monitor Logs. A common-sense design would be to have one Workspace that gathered all monitoring and management data into one place – I have learned that Microsoft Premier Support can require this.  But here’s a problem for you: what if you have 200 monitored services each with their own groups of delegated owners/admin and they should only see the monitoring/management data for their own resources? Do you create a single workspace for each service? That was the case, and it would make centralized operations using native tools nearly impossible.
But now, the Workspace understands role-based access control:

  • Data is automatically permissioned based on the permissions of the monitored & managed resources. Users of the workspace can only see data for resources that they have access to.
  • You can add further permissions to collections of data to reduce or extend the default access rights.

This means that the single, central workspace is a possibility for enterprises that implement RBAC. Note that workspaces deployed before or during March 2019 must have this functionality enabled, and workspaces created after March 2019 have it enabled by default.

Other Announcements from Microsoft

Here are other Azure IaaS headlines from the past April:

And Now for Something Different

Seriously? Sony signed up to use Microsoft Azure? Yup, it appears so. It’s been widely reported now that Sony (owners of PlayStation) have agreed with Microsoft (owners of Xbox) to use Microsoft Azure in some ways. The announcement was deliberately vague, but it appears that PlayStation Network is move from AWS to Azure. This announcement comes with the news that Sony could not come to a deal with AWS.
Recently we have seen several stories where competitors of Amazon have chosen Azure, partly because it is not owned by Amazon.
In the end, even if the Xbox market is one third the size of the PlayStation market, Microsoft wins. This is similar to the mobile market; Windows Phone was wiped from the face of the Earth, but Microsoft Azure continues to complete for the cloud business that powers all the apps and services that run on those tablets and smartphones. The era of cloud in console computing is really only beginning. Today we can play against/with others (while offensive comments are hurled) through The Cloud and we can purchase digital copies of games which are downloaded from The Cloud. But things like Microsoft’s xCloud will allow us to play/stream games online to any kind of device (in theory) with the compute happening in The Cloud, and the user experience being on the device. Everyone seems to be getting in on the game: Microsoft, Google, AWS, and, obviously, Sony need to do this too. It appears that Sony have chosen Azure to build their own streaming system, which is quite the win for Microsoft.
This story also tells us a lot about Satya Nadella’s Microsoft. Microsoft and Sony aren’t enemies; they compete in one line of business. In other lines, they have been partners. And in other ways, Sony is a customer of Microsoft.  Mature people can compete and still get along. I don’t think that this could have happened in the Gates/Ballmer era, at least not successfully. Stories like “Microsoft Loves Linux”, “VMware running in Azure”, and “Sony Uses Azure” shouldn’t be surprising, but I guess those of us who remember the “fun days” will always be surprised.
This story about Sony reminds us that the Cloud is more than just mail boxes and running VMs in The Cloud. There are all kinds of interesting ways to use Azure, and the companies that innovate on it to be unique and competitive will bring us new and, sometimes, unexpected things.