Everything You Need to Know About Azure Infrastructure – September 2018 Edition
This article is a summary of all the Azure IaaS news from the month of September. I’ve been promising that Microsoft Ignite, which ran last week in Orlando, Florida, would be a gigantic dump of news. I was not wrong; this post can also be called The Monster Azure News Drop From Microsoft Ignite 2018.
Microsoft actually published a 27-page “book of announcements” – I read it last week and it was far from complete because much more news was released during the keynotes and many breakouts. I’ll do my best to hit the big items here, but if Microsoft’s blog posts and “book” couldn’t include everything, then I know I won’t either – any of the items that don’t have a hyperlink were noted during sessions. And note that there were hundreds of breakout sessions so I was not everywhere and there probably are things that I did not hear about.
Microsoft Ignite – Compute
This is the news related to virtual machines and other ways of running your applications:
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
- Windows Server 2019: WS2019 will be available and supported on virtual machines in early-mid October.
- DC-Series virtual machines: These machines, coming in October, will offer confidential computing.
- NV_v2 and ND_v2 virtual machines: Entering limited preview, the ND_v2 is for HPC workloads and the NV_v2 improves the spec of desktop virtualization, CAD, and gaming machines.
- HB-Series and HC-Series virtual machines: Specialized hardware focused performance on memory bandwidth (HB) and CPU-intensive (HC) workloads.
- Serial Console: Serial console access for Azure virtual machines is GA.
- Tomcat and Java SE on App Service on Linux: These app services options are GA.
- 12 TB RAM virtual machines: These were announced as coming soon, based on the M-Series if I had to guess.
- Windows Virtual Desktop: This is what happened to Remote Desktop Modern Infrastructure (RDmi). Unfortunately for ISVs, this is now a per-user licensing benefit. But it is an Azure service, consuming and billing for Azure resources based on Windows 10 Enterprise with VDA (VDI), Windows 10 Enterprise Multi-User (multi-user RDS session host version of Windows 10), or Windows Server 2016 (session host).
- Windows 10 Enterprise Multi-User: A new edition of Windows 10 Enterprise that is only available via Windows Virtual Desktop. It offers RDS session host functionality but on Windows 10, solving some app (particularly Office 365 Pro Plus) performance/compatibility issues seen on Windows Server 2016 RDS session hosts.
- Linux: Linux runs on over 50% of Azure virtual machines now.
- Hyper-V support for Azure Migrate: This was announced as coming soon in the Scott Guthrie keynote but it was emphatically walked back by the product team in the expo hall.
Microsoft Ignite – Networking
Some of these networking announcements were earlier than I expected and some were completely unexpected.
- Azure WAN: The software-defined WAN option is GA.
- Azure Firewall: The new fabric-based cloud-scale firewall is GA and has new features, including filtering inbound traffic.
- Front Door: This preview service is an edge site (outside of Azure and closer to customers) load balancer and performance improving solution that was built 5 years previously and used for other Microsoft cloud services, such as Office 365.
- ExpressRoute Direct: The preview WAN offering supplies up to 100 Gbps private connectivity to Azure.
- ExpressRoute Global Reach: Another preview offering from ExpressRoute, which allows two locations with different Azure global peerings to connect to each other over Microsoft’s private global fiber WAN.
- Azure DDoS Standard New Features: Added are attack mitigation reports, attack mitigation flow logs, and DDoS Rapid Response (specialized support from Microsoft security engineers).
- Public IP address prefix: Instead of getting random public IP addresses, you can request a set of sequential addresses.
- Load Balancer – Outbound Rules and TCP Reset on Idle: You can control IP address associations for SNAT and cleanly shut down connections with an idle timeout.
- Virtual Network for Containers: The power of controlled isolation is expanding into Azure containers.
- Alias DNS Records: You can reference Azure resources using your own name, even after lifecycle events.
- Azure CDN: Microsoft own content delivery network is now GA.
- Application Gateway Improvements: The web application gateway (WAG) is getting instance auto-scaling and 5x performance improvements. It’s is also adding support for the Ingress Controller of Azure Kubernetes Service (AKS).
- Web Application Firewall (WAF): New preview features allow configurable request size & file upload limits and attribute exclusions lists.
- WAF & Availability Zones: Support for availability zones is in preview.
- WAF & Static public IP address: Support for static addresses is in preview.
- Virtual Network TAP: Like with Hyper-V port mirroring, you can reflect packets to another virtual machine, enabling the use of third-party network diagnostics and captures.
- Expanded Service Endpoint: The list of services you can connect to an Azure VNet has expanded quite a bit.
- Service Endpoint Policies: In region limited preview, you can limit access to specific Azure resources from the subnet.
Microsoft Ignite – Storage
This is the storage news from Ignite:
- Managed Disk Capacity: New 8 TiB, 16 TiB, and 32 TiB sizes are in preview in limited regions – the Premium options have increased IOPS and MB/s throughput rates.
- Standard SSD: The new entry-level flash storage option is generally available. Azure Backup support is imminent. Note that the price doubled from the preview.
- Ultra SSD Managed Disks: A new form of flash storage for virtual machines has entered preview, offering up to 160,000 IOPS and 2,000 MB/s throughput with sub-millisecond latency.
- Azure Premium Files: This preview, based on flash storage, offers up to 100,000 IOPS per share and ultra-low latency.
- 100 TiB Azure Files Shares: A limited preview has launched to increase the maximum size of a single Azure Files share.
- Data Box: The 100 TB tamper-proof box of disks that you can rent from Microsoft to move data into Azure has been made generally available.
- Data Box Heavy: This is a 1 PB version of Data Box that is in preview.
- Data Box Edge: Edge is a different form of Data Box that is in preview; it is installed on-premises and allows Azure services to run in your data center, offering a gateway to storage in the cloud.
- Azure AD Authentication for Azure Files: In preview, you can apply NTFS permissions to Azure Files shares – do not mix this with Azure File Sync where in-cloud user/app changes do not synchronized to on-premises for up to 12 hours. This of this as enabling the replacement of file servers in the cloud.
- Premium Blob Storage: Aimed at customers with large amounts of data that need fast access speed, Blob storage has launched a limited preview for flash-based blob storage.
Microsoft Ignite – Security & Governance
Here are the announcements related to Azure security and governance:
- Microsoft Secure: You can view a summary score of the security of your subscription in the Azure Security Center.
- Azure Blueprints: Blue prints combine resource groups, RBAC, and ARM templates into a packaged & governed solution that can be assigned to subscriptions.
- Azure Policy for Guest OS: Azure Policy will be able to assess and enforce policy in the guest OS of virtual machines – this is in preview.
- Azure Quickstart Center: This new preview tool allows you to configure a new Azure tenant or subscription, as well as providing shortcuts to deploys Azure resources.
- Virtual machine Azure-to-Azure Replication Compliance: A new Azure Policy feature will assess if virtual machines have inter-region replication enabled or not
- Virtual machine Azure Backup compliance: A new policy will enable you to force backup of all Azure virtual machines that fall within scope.
Microsoft Ignite – Management
There was also some interesting news on systems management at Ignite:
- Azure Monitor GA: The new metrics view in Azure Monitor is GA.
- Virtual Machine & Containers Insights: A deeper level of monitoring is being provided. Note that this required Log Analytics and the per GB of monitoring data consumption charge.
- Azure VM Image Builder: A private preview of a new in-Azure image builder has been launched.
- Azure Deployment Manager: The preview of ADM allows more complex deployments, such as an ARM deployment across multiple regions.
- Custom Metrics in Azure Monitor: There are new ways to gather custom metrics in the central monitoring, reporting, and alerting system.
- Virtual Machines – Replace on Restore: Azure Backup will be adding a new feature to restore the disks of a virtual machine to the existing machine.
- Azure Backup central reporting: Coming in the mid-term, the Power BI reporting solution will support aggregating backup reporting data from many tenants – great for Microsoft partners.
- Recovery from Across Zones: A new ZRS/availability zones feature coming to Azure Backup sometime in the future.
- Azure Files Backup: Secondary backup storage, premium files, and 100 TiB shares are on the roadmap.
- Backup Center: Intended for large enterprises with a single tenant, this feature will provide centralized management and reporting of Azure Backup, starting with Azure virtual machines when it is launched in preview.
Microsoft Ignite – Hybrid
Some Windows Server 2019 / Windows Admin Center integrations to Azure were announced too:
- Azure Backup: A MARS agent alternative can be deployed to protect folders/files and system state from Windows Admin Center.
- Azure Site Recovery: One-click replication can be enabled from Windows Admin Center.
- Storage Replica: In preview today, you can enable Storage Replica to an Azure virtual machine.
- Azure Update Management: Patch deployment automation in Azure will be extended to on-premises through a new simple wizard.
Microsoft Ignite – Miscellaneous
These are the Azure announcements from Ignite that are relevant but don’t fall into the above categories:
- Microsoft Learn: Microsoft has launched a new self-learning site to help IT pros with Azure.
- Role-Specific Certification: New exams have been launched by Microsoft, aiming to offer more targeted questions. IT pros new to Azure certification should focus on AZ-100.
- Announcing Azure user experience improvements at Ignite 2018: The Azure Portal has started to change, including new tabbed UIs for creating resources instead of the old blade approach.
Announcements from Microsoft Outside of Ignite
This is usually the longest part of this monthly article, but this month, it’s rather short: Avere vFXT for Microsoft Azure now in public preview
My Azure Posts on Petri
Here are my Azure posts from the month of August. One of my articles was News Forecast – Ignite Downpour – you can judge if I was right or not (see above).
- Tips for Troubleshooting Azure File Sync
- What Is Tiering in Azure File Sync
- What Happened to Microsoft’s Clouds Last Week?
- Replicating Between File Servers Using Azure File Sync
- Understanding Application Security Groups in the Azure Portal
- New Features Start Showing up in Azure Portal Ahead of Ignite
My remaining posts were summaries of announcements as I knew them to be at the start of last week – this post is more complete.
And Now for Something Different
I always try to attend something a bit different from my “track” at Microsoft Ignite. This year I attended a session on Service Fabric Mesh. Service Fabric is a “server-based” solution where code can be deployed across a virtual machine scale set; this involves traditional virtual machines and virtual networking. Considering that Service Fabric, originally developed to host other Microsoft cloud services such as Azure SQL and Skype, is aimed at developers of cloud scale applications such as IoT processing or gaming, this might be considered a distraction from focus or an unavailable skill set.
Service Fabric mesh is a new server-less option in Azure. Unlike Service Fabric, Mesh is entirely focused on microservices built using containers. It offers pay-per second and elastic computing, enabling anything that can run in a container to be scaled out at huge scales and near-instant speeds. Unlike Service Fabric, Mesh appears to be focused on Linux, even though a Windows option is available – Windows containers are much slower to deploy.
Many of the concepts of Service Fabric carry over to Mesh, even if the implementation and naming is different. Workers (tasks deployed as containers) take the role of services, and reliable collections take the role of reliable services. Storage can be mounted into the containers either from Azure Files (Premium might be interesting) or from the local host (low latency).
If you are designing a new service that could require huge scales and elastic compute, then consider Service Fabric Mesh.