Everything You Need to Know About Azure Infrastructure – September 2019
We are now in the middle of the second Azure (and Windows) semester of 2019. Planning for the first semester of 2020 is underway. And now we are just over 1 month away from Ignite, the week that is usually an explosion of announcements for Microsoft’s enterprise products. In previous years, Ignite was in September and August would be a month when things would enter some phase of availability or quietly sneak in the Azure Portal or the pricing information web pages. This year, with Ignite running in early November, those build-up releases have just begun.
Azure Annexes Germany
Microsoft has opened two new Microsoft-owned Azure regions Germany. The history of Azure in Germany is – I was going to say “interesting” – silly and it’s all because of a myth. Many German IT/business people believe that using an American-owned cloud is “against the law”. You can safely bet that Microsoft wants to win on Cloud in the fourth-largest economy on the planet and the financial heart of Europe. But their efforts to sell Office 365, Azure, and so on, stopped dead with the typical customer response of “we are not allowed to use your cloud”, even though all other European Union countries were quite OK with using Microsoft data centers based in the European Union under the same data protection and export laws as their German colleagues.
Microsoft, with a German partner, built custom “sovereign” versions of their data centers that would be owned by that German company. Now German customers could use German located data centers that were owned by a German company. Plenty of headlines were printed and clicked. But behind the scenes, things were not quite as big.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
I was reliably informed that these “data centers” might have been more like rented space in German data centers. Microsoft and their partner were not that confident in the amount of German business … or maybe Microsoft had a better long-term strategy.
The existence of Azure Germany, as it became known, got Microsoft into the boardrooms of some very big customers to talk about Microsoft’s big 3 clouds: Dynamics 365, Office 365 and Azure. The potential new customers wanted to use Azure Germany to compete with international rivals on services capabilities and agility. And that leads to a couple of interesting questions:
- Why is are there fewer services in Azure Germany?
Azure Germany was smaller than any of the other European regions, even though Germany is the largest market in Europe. Maybe this was going to be a “we’ll build it if you join us” approach, but looking back, I think it might have started that way, but it evolved based on the second question.
- Why are the North Europe & West Europe regions so much cheaper than Azure Germany?
In fact, the Irish and Dutch regions were approximately 25% cheaper, giving competitors to German companies a significant advantage. By this time, the boards of these companies were hooked on the potential of Azure; they wanted it. So they internally asked their legal teams “if our European competition can use normal Azure regions, why are we forced to use these Azure Germany regions that have fewer features, less scalability, and much higher costs?”. And guess what their legal teams advised them?
Germany has no law that forces companies to use German-owned clouds that are located in Germany. Germany has the same data export and data protection laws as the other countries in Europe. A myth, propagated by the early haters of cloud (namely local hosting companies, IT staff afraid of outsourcing, “hardware-touchers”, tin-sellers, and so on) had taken on a life of its own and become an effective reality.
Last year, Microsoft announced:
- The freezing of Azure Germany, with no more development and taking on no more customers.
- The construction of two normal Microsoft-owned Azure regions.
Recently, Microsoft opened those two new German regions:
- Germany West Central (“Frankfurt”): Located close to the financial markets and the German companies most likely to use Microsoft Azure. Access is restricted right now to select customers.
- Germany North (“Berlin”): This region is close to this huge city and government center. Access is currently restricted to those requiring a disaster recovery solution for Germany West.
The story leaves me with a couple of questions:
- Did Microsoft know early on in their Azure Germany partnership that their customers would want a real Azure region instead? Did Microsoft use Azure Germany just as a way to create interest in Azure and lead to the development of two genuine Microsoft Azure regions? Note that Microsoft will only build data center regions with a guarantee of business.
- Are the access restrictions that are in place for the Microsoft Azure regions only indicative of an ongoing build, so current capacities are reserved for strategic German customers? Or is there still a lack of faith in this market as a whole so very little capacity was built and the risk was limited?
By the way, Norway (a much smaller economy and more enthusiastic user of Microsoft cloud services than Germany) will soon have two new Azure regions called Norway East (Oslo – the commercial and government center) and Norway West (Stavanger – the oil industry). Two of my teammates saw Norway East appear in the Azure Portal (Policy locations). It might be no coincidence that Microsoft also started to talk about ExpressRoute connectivity over satellite links which a maritime market, such as Norway, might be interested in.
Azure Sentinel Is Generally Available
Microsoft has announced that their cloud-based security information and event management (SIEM) service, Azure Sentinel, is generally available.
Azure Sentinel (not Sentinel) allows IT security staff to:
- Use built-in and custom connectors to pull in data sources from Azure, other clouds (AWS, Office 365, and more) and on-premises.
- Visualize information using workbooks
- Generate alerts
- Hunt for threats
- Automatically react to common events using playbooks
You might say that some of the features, such as connectivity and playbooks sound familiar. That’s true because they’re features that are moving (or have moved) from the Standard tier of Azure Security Center. Azure Sentinel is building those features out a lot, enabling third party development. Already, a small community has been building connectivity features for non-Microsoft services, and you’ll find other clouds and on-premises network appliances are now supported natively in the user interface.
One of the things that I like about Sentinel is how easy it is to get started with it. If you are using Azure Monitor Logs (AKA Log Analytics, Workspace, or “OMS”) to monitor your Azure resources then you are most of the way there. You can attach Azure Sentinel to that Workspace and some of the connectors will automatically turn on and present intelligence via the workbooks straight away. Once you have it enabled, the work really begins – customizing the service to get what you really need from it – just like any monitoring service.
One of the things that I dislike about Sentinel is the confusing pricing because it has its own per-GB data charge on top of the previous data charge for Azure Monitor Logs. I expect a fourth (or is it eight) pricing model for Azure Monitor Logs will fix that!?!?!
Other Announcements from Microsoft
Here are other Azure IaaS headlines from the past month:
- Azure Cost Management updates – August 2019
- Microsoft acquires Movere to help customers unlock cloud innovation with seamless migration tools
- Satellite connectivity expands reach of Azure ExpressRoute across the globe
- Announcing user delegation SAS tokens preview for Azure Storage Blobs
- Announcing Azure Private Link
- Azure Files premium tier gets zone redundant storage
- Hot Patching SQL Server Engine in Azure SQL Database
- Introducing cost-effective increment snapshots of Azure managed disks in preview
- 12 TB [RAM] VMs, Expanded SAP partnership on Blockchain, Azure Monitor for SAP Solutions
- New disk support capabilities in Azure Storage Explorer
- Announcing Azure Storage Explorer 1.10.0
And Now for Something Different
I found myself getting into two conversations about Azure Stack in the last couple of weeks. First, let me get this straight: I have never seen an Azure Stack production deployment in person. I would not be surprised if actual Azure Stack sales were in the 4 figures and that over 90% of running installations were just the free proof-of-concept kit that you constantly see in blog posts and community events.
But I also believe the same exact thing about Surface Studio, and I think that Microsoft would be crazy not to continue the development of this crazy-priced PC … and Azure Stack.
I’d like you to sit back and think. Try to remember a really good marketing/advertising campaign that Microsoft ran. You will think it was the X-Box Adaptive Controller advert from last Christmas which still makes me tear up when I play it – it just did. There’s a product that will not sell in huge numbers but (a) it will make a huge impact on the lives of some people and their friends/families and (b) it made Microsoft the good guys after 3 decades of stomping to the Imperial March.
Think back to when Surface Studio was launched. What did you think of it? Did “wow”, “cool”, and “I want it” come to mind even though it had a rubbish hard drive instead of a pair of M.2 SSDs and no Thunderbolt? The media, not just the tech media, and Wall Street fell for that device. Apple fanboys (members of the media) questioned Apple’s cool factor. Surface Studio is an abysmal sales failure, but a stroke of marketing genius. Why would Microsoft pay millions to create a video of dancing/clicking keyboards and buy airtime for that claptrap when they can let the press do the job for them with Surface Studio? Maybe this is why so many members of Microsoft marketing lost their jobs in the last few years?
I am convinced that Azure Stack (partly) falls into this strategy – develop a striking product, knowing that few will really use it, and let it create mindshare for you so you can sell something else of more importance.
Microsoft makes most of their money from a small percentage of their business customers – the enterprise (above 1000 users). And from the enterprise, a small percentage of those are what create the big revenue for Microsoft. These are companies doing big and complex tasks, such as Petro/Chem. Microsoft makes a big fuss about certain Azure features that very few of us can afford to turn on, even for a few minutes. I work with large enterprises, and I have never deployed SAP in Azure or M-series virtual machines. These items are like those expensive stores you see in the airport – rarely a customer in there, but there are staff and pricey products. But when a customer does come in, they buy and more than cover the cost of that brand being there.
These small number of customers are the treasure that Microsoft Azure seeks and needs. They are why Azure Stack exists. Primarily, Azure Stack answers a question and differentiates from the competition:
- Yes, Azure has a consistent hybrid solution that can operated in disconnected locations, such as oil rigs, ships, and remote mining locations.
- And no, the competition does not have a good answer to Azure Stack. In fact, AWS is probably expending a lot of effort to match Azure Stack – probably more than it costs Microsoft to build upon their Windows Server-based stack.
With those questions answered, Microsoft account managers can move the conversation to where the real revenue is – getting those customers to sign enterprise agreements with large pre-paid commitments to Microsoft Azure (not Azure Stack). And maybe once in a while, Azure Stack is purchased – to be honest, I do see the genuine potential of Edge for the type of customer in question but those developments might be years away – and will be funded by consumption of Microsoft Azure.