Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Everything You Need to Know About Azure Infrastructure – November 2019 Edition

Microsoft Ignite 2019 has passed, and as one would expect, there were many Azure announcements. I’m not going to do my usual and list every announcement in this article – I would still be writing this article in 2020! Instead, check out the “book of news” to learn about all (actually, many) of the announcements that were made that week. In this post, I’ll highlight a few things and what was announced since Ignite.

Azure Arc

Day 1 of Ignite started with lots of shiny new toys, including Azure Arc. Arc is a new hybrid management solution, promising to bring the management power of Azure to on-premises deployments. Many were dazzled by the lights and the potential of this announcement. Me, not so much. I’ve become a bit of a cynic about certain things. I’ve been that person who has deployed a preview on day 1, learned everything I could about it, put it into to production, dealt with the massive feature gaps, and then wondered where that product went 18 months later.
What is Arc? Azure can do a lot of things inside of Azure, including:

Manage policy via Azure Resource Manager (ARM)
Deploy updates
Manage Azure Kubernetes Service (AKS) at scale
Deploy data (Azure SQL) services

Arc, in public preview with ARM policy today, aims to bring these services to on-premises compute environments.
The problem with all that is:

Azure Policy is in a never-ending preview and is quite buggy
Azure Update Management doesn’t scale well in Azure, let alone on-premises.
Kubernetes … sure … but on-premises?
And the same goes for deploying SQL

I get it, many of us are in a hybrid world, but is the on-prem world not shrinking? And to be quite frank, I would never replace System Center Configuration Manager (or whatever it’s called after Ignite) with Azure Update Management. Heck, I’d prefer WSUS to Azure Update Management!
In my opinion, Azure Arc is mud on a wall. It’s been thrown to see what sticks and what doesn’t. It will be great fodder at conferences and user groups, but rarely adopted in production.

Micro-Segmentation

This phrase became my drinking game phrase. I went to a lot of Azure networking sessions because I knew that this was a big year for the teams behind that technology. If you attended the many sessions on networking and security, you’ll have been bombarded by this phrase and how to implement network security for infrastructure and platform/data services using existing features such as Network Security Groups, Route Tables, Azure Firewall, Web Application Firewall, Azure Frontdoor, and the new Secure Virtual Hub, Azure Firewall Manager, and Private Link.
The days of deploying flat & open networks like you’ve been doing on-premises are over. The cloud makes it easy to micro-segment and that combined with CI/CD pipelines allows you to lock down, govern, and automate your production environments in a way to prevent, limit, or contain advanced persistent threats.
The big point that Microsoft wanted to make was that this can be done for infrastructure workloads today, a little bit for platform services today, but next year, we will see big changes to extend the coverage for platform & data services and that the technologies will be easier to implement at scale.

Azure Norway is Open for Business … Sort Of

Norway is a market that I know fairly well; my employer is Norwegian, and all my customers are Norwegian. Some of my customers have been waiting for the two new regions to open for over a year! Norway is an interesting economy. For a relatively small country, it is quite wealthy and self-sufficient thanks to the oil industry (which the state uses to finance the security of the country) and large indigenous companies. These factors combined with a thirst to compete means that Microsoft has a pretty hungry cloud consumer in Norway.
Two regions opened for business November – Norway East in Oslo (the capital and home to many large enterprises) and Norway West in Stavanger (on the southwest coast and the home of the oil industry).
The regions are open for business, but one must apply to get access. I’ve been declined access as have many of my colleagues. However, some of my customers have been accepted, so I think Microsoft is prioritizing known large enterprises to drive local consumption.
The design of the regions is similar to that seen in other European local region pairs, such as the recently launched regions in Germany. Norway East is considered the production region and Norway West is the DR region. In fact, access to Norway West is not being allowed today; the rumor is that one oil or telecom company has been given exclusive access to Norway West until it is large enough to handle more customers.
Feature availability is very limited. When the regions opened, there were very few services available in Norway East – but some of the critical pieces were added last week. But even with that, many features for developing cloud-based services aren’t there yet, and some won’t even be there until H2 2020! That would make me consider where I am placing services – both North Europe and West Europe offer many more capabilities and offer the same legal protections, as well as higher SLAs with availability zones.

Other Announcements from Microsoft (Since Ignite)

Here are other Azure IaaS headlines from the past month:

And Now for Something Different

Windows Server is dead, and Linux is the successor! That’s what some would have you believe – wait, is it 1998 all over again and am I back sitting in an office pod with a weird penguin-hugger from Berkley, California?
Azure is confusing for those who work with it, let alone those who don’t but cover the world of computing. They hear news like “over 50% of Azure is Linux” and they really think that half (and that figure has been going up by 10% every year) of all of Azure is running Linux. That statement needs to be corrected.

Over half of customer workloads are running Linux. That includes Linux virtual machines, but I strongly suspect it is mostly Linux containers where the tiny OS footprint makes it much quicker to deploy than a Windows Server-based container.
Some parts of Azure’s network are based on Linux.
Azure is built on Windows Server Hyper-V.

Let me state that again, just to be clear. Azure … is … built … on … Windows Server … Hyper-V. All those millions and millions of hosts, in those hundreds of data centers, in those 54 globally located regions are built on Windows Server. Azure is probably Microsoft’s single biggest Windows Server customer. And businesses continue to pay a large amount of money every year to run Windows Server on-premises and in Azure.
Windows Server is not dead. Far from it. It might be boring to cover because very little changes between releases anymore, but it still has a huge customer base and it does gradually improve to support Azure and extreme on-premises workloads, such as Azure Stack HCI (Storage Spaces Direct).

by Aidan Finn
Dec 2, 2019

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where...

Top Azure Cloud Security Controls to Understand

Oct 31, 2023
Jan 08, 2024
Making Microsoft Azure Penetration Testing Work to Combat Threats

Nov 21, 2023
Azure VMware Solution – Maximizing Security and Control with Customer-Managed Keys

Oct 3, 2023
Oct 10, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.