Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

Everything You Need to Know About Azure Infrastructure – October 2018 Edition


You might think that Microsoft had no more news after the crazy announce-a-palooza that was Ignite, but you would be wrong! Some things were quietly released the following week, and then new features started to appear a week later. In The Cloud, no one can hear you scream “no more changes”.

October was a very busy month for those of us working in the community. It’s typically a very big conference month with lots of sessions diving deep into the new information from Microsoft Ignite. I helped organize and spoke at an event in Dublin (Ireland) that my employer sponsored. The theme of that event was change – the idea that cloud has changed business, and whether you like it or not, you must go through a digital transformation or someone else will do it for your employer/competitor instead of you. We need to change how we learn, how we design, and how we maintain systems – the days of 1 web server + 1 database server and upgrade machines/skills every 6-9 years are long over.

Ephemeral OS Disk

Microsoft has announced an Ephemeral OS Disk in limited preview for virtual machine scale sets (VMSS).

In case you don’t know, a VMSS is a cluster of virtual machines that perform a specific task. I can tell Azure to create up to 1000 identical virtual machines to run a task, such as a job or to host a service. Azure can measure the performance of the VMSS and expand (deploy new machines) or shrink (remove machines) the cluster as required. As one might consider, there is a lot of automation/DevOps work to maintain a current & consistent image for all instances in the VMSS.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

If you have worked with Azure virtual machines then you have worked with ephemeral disks; this is a term that Microsoft uses to describe what we often call the temp drive. The temp drive, where the paging file resides, is stored on a host and not in a storage cluster where the OS disk and data disks normally are – there are exceptions to OS disk and data disk placement such as the L-Series machines. The disk is ephemeral or temporary because it is on the host and cannot move, so you should never keep anything you cannot afford to lose on this disk. The benefit of placement on the host is that it is closer to the CPU and makes for faster disk-based caching, such as the guest OS paging file, and this is further improved by using flash storage on the host (everything except the A-Series).

The ephemeral OS disk is a new concept for VMSS deployments. Instead of the OS disk of up to 1000 machines being stored on a storage cluster(s), the OS disk will reside on the host. This solution is intended for VMSS deployments that will be stateless (the state is stored externally to the virtual machines). In return, you will get lower latency and higher performance for the OS disk – my guess is that deployment time for new instances should be much better.

There are some things to know about before you consider ephemeral OS disks so check out Microsoft’s documentation first.

Customer Lockbox for Azure VMs

Some customers are really worried that Microsoft will start poking around inside their virtual machines. Firstly, Microsoft is not Google. Secondly, as any person that has been lucky enough to visit a Microsoft data centre will tell you, these systems were designed to be operator proof. And thirdly, you have lots of ways to stop unwanted inspection, starting with disk encryption.

Another system that Microsoft is adding to Azure is one that comes from Office 365 called Customer Lockbox. Once you enable this service, in the preview for Azure VMs, you will lock down operator access to your services in Azure.

If you open a support case for a virtual machine, if Customer Lockbox is enabled on the tenant, the access method changes for support engineers; they must request access from you via the Azure Portal. Only with this access can they access your machines.

Customer Lockbox for Azure virtual machines [Image Credit: Microsoft]
Customer Lockbox for Azure virtual machines [Image Credit: Microsoft]

Other Announcements from Microsoft

Here are other Azure IaaS headlines from the past month:

My Azure Posts on Petri

Here are my Azure posts from the month of August:

And Now for Something Different

What the heck happened to Windows Server 2019? Where is it? Why can’t I use it? These are all valid questions. Some of it is related to the well documented issues with Windows 10. And some of it I wrote about on my own blog on October 4th – before it hit the news last week.

WS2019 did not “release to manufacturing” (RTM). This was the traditional process where Microsoft would share the finished bits with companies such as Dell, HPE, and so on, to let them get ready for general availability. Their work required updating firmware and drivers to be ready for the changes and, specifically, any features that leveraged hardware such as VSS, VMQ, or RSS. Some weeks or months later, general availability (GA) would be reached and the OEMs would have updated installers for their hardware ready for customers – the results were often hit-and-miss.

This time around, Microsoft made WS2019 generally available to everyone at the same time. The intention was to get the bits out earlier to those requiring the software (without hardware dependencies). If they had stuck to the old schedule, RTM would have happened in October, and GA would have happened in January/February of next year – so don’t start complaining!

This alteration has complicated things and the Windows 10 issues have not helped us much either – remember the server and desktop OS share the same core.

Those of you working on hardware probably should not elect to use WS2019 when they get the bits. This is because your manufacturer probably won’t have supported drivers and firmware until early 2019. In fact, Microsoft is soft-blocking deployments of software-defined networking (Network Controller) and storage (Storage Spaces Direct) until there is widespread support from manufacturers. You can choose to “go it alone” by opening a free support call to get the required registry key to bypass the soft-block.

the first place that we expected to see support for the new server OS was Microsoft Azure. But as of this time, Windows Server 2019 is still not available on Microsoft Azure, this is probably related to the Windows 10 issues.

My attitude to WS2019 is to wait until a post-RTM GA would have happened, which is early 2019. Yes, there are some cool bits in WS2019, but I like not being sacked because I chose to run an unsupported system that bluescreened all the time on unready hardware. Be patient, and the cool features will be there for you in due time.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: