Everything You Need to Know About Azure – March 2020 Edition
At times like this, chatting about cool new features in Azure is a lot less important than what’s surrounding us all, and impacting some of us either directly or indirectly, now. But you know what? A distraction from the fear, worry, or self-imposed incarceration can be a good thing. So let’s crack on with it, and let’s talk about the cool new IaaS features that Azure launched during the last month.
COVID19 Hits Azure
So much for the distractions from the pandemic, eh? A couple of weeks ago, most of schools across Europe closed down. Kids still need to be taught so online alternatives were implemented in a hurry. My eldest daughter came home on a Thursday and told me that she had gotten an email address (old school!) and would be getting lessons with that. I was shocked – hadn’t the school got something better? And the next day she proudly held her phone up to me and I spotted the Microsoft Teams icon – she was going to be using the same tool that I use all day.
At the end of that week, we learned that Teams usage had doubled worldwide. Schools and businesses had to find alternatives and quickly rolled out platforms such as Microsoft Teams. The performance did suffer because of this unusual spike in demand – it’s not like Microsoft keeps 50% of their capacity sitting idle. They use predictions based on patterns and their own plans to gradually add capacity to data centers, data centers to regions, and to add regions. And then …. BOOM! COVID19 hit the world, things go crazy, billions of us go into lockdown, and kids and office workers start working online via the cloud.
Microsoft posted an article called “Our commitment to customers and Microsoft cloud services continuity” on Saturday, March 21st. The below was an omen of what was to happen in Microsoft Azure on the following week:
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
We are actively monitoring performance and usage trends 24/7 to ensure we are optimizing our services for customers worldwide, while accommodating new demand. We are working closely with first responder organizations and critical government agencies to ensure we are prioritizing their unique needs and providing them our fullest support.
This impacted Azure users, those with paid-for, DevTest, and free/benefit subscriptions, in a few ways:
- Virtual machines that were scheduled to power down/up to save money would not power up.
- New resources could not be created/started.
- Burst resources, such as Azure Container Instances (ACI), could not be used.
Remember that virtual machine shortages impact more than just virtual machine resources that you may/may not deploy. Other resource types are affected because they are built on virtual machines, such as containers, Azure SQL, and so on.
Microsoft added a bit more clarity to the issue with a post called “Update #2 on Microsoft cloud services continuity”, where they said:
… we’ve seen usage increases in services that support these scenarios—including Microsoft Teams, Windows Virtual Desktop, and Power BI … Windows Virtual Desktop usage has grown more than 3x. We’re implementing a few temporary restrictions designed to balance the best possible experience for all of our customers. We have placed limits on free offers to prioritize capacity for existing customers. We also have limits on certain resources for new subscriptions. These are ‘soft’ quota limits, and customers can raise support requests to increase these limits. If requests cannot be met immediately, we recommend customers use alternative region.
The shortages impact resource types and affect Azure regions differently. For example, one of my colleagues at work couldn’t deploy a Bs-Series virtual machine but could deploy an Fas_v2 virtual machine. You can contact Microsoft Support; they’ll tell you to try another region (which is flat-out stupid when your services are already running in the desired region!) or to wait … allegedly until April according to social media.
There’s not much that you can do here. Microsoft are refusing to respond other than through support calls. Meanwhile, I have heard that AWS does not have shortages. We might survive CORVID19, but will Microsoft Azure survive the not-so-bottomless cloud message that it is sending out right now?
Private Link & Private Endpoints Rollout Continues
I’m pretty excited about this because Azure network security has been my focus for the last year-plus.
The first post, Announcing Azure Private Link GA for Azure Services, let us know that the underlying service, Private Link, is generally available. Private Link is the service that allows Private Endpoints to connect instances of platform services to be allocated an IP address in your chosen subnet.
With that GA announcement out of the way, we started to see some announcements on general availability for Private Endpoints – Private Endpoints are the connection of the platform resource to a subnet that results in an IP address for that resource instance:
- Private Endpoints for Azure Storage are now Generally Available
- Private Link for Azure SQL Database is now available
- Azure Private Link for Azure Cosmos DB is now generally available
- Azure Private Link for Azure Database for MySQL is now available
- Private Link for Azure Database for PostgreSQL Single Server is now available
- Azure Private Link for Azure Database for MariaDB is now generally available
A service that I am quite interested in seeing getting this functionality is App Services. We were told at Ignite that a public preview for Private Endpoints for App Services (inbound connections) would follow the GA of Regional VNet Integration (outbound connections) – an so it was:
- App Service regional Virtual Network integration is now available
- Public Preview of Private Link on App Service
Microsoft plans for all platform services to have Private Endpoint support. I guess we can thank the JEDI project for that.
Don’t make an assumption about Private Link. An important note is that they do not support inbound Network Security Group (NSG) rules yet. You will still need to use & configure firewall/access rules on the platform resources. Experience has told us that some services (Azure SQL) do this better than others (Storage Accounts).
Azure Backup Reports
This is a quick note. If you’ve needed a way to centrally monitor backups being done by Azure Backup with Recovery Services Vaults, then please check out this post: Announcing preview of Backup Reports.
Other Announcements from Microsoft
Here are other Azure IaaS headlines from the past month:
- Plan migration of physical servers using Azure Migrate
- Power your Azure GPU workstations with flexible GPU partitioning
- Announcing the general availability of Azure Monitor for virtual machines
- Unified network monitoring with Connection Monitor now in preview
- New Deploy to Azure extension for Visual Studio Code
- Azure Dedicated Host: New capabilities and benefits
- Announcing general availability of incremental snapshots of Managed Disks
- Virtual machine scale sets now simpler to manage
- Active Directory for authentication on SMB access to Azure File in preview
- NVv4-Series VMs are now generally available
- NDv2-Series VMs are now generally available
- Azure Security Center supports integration with Azure Monitor alerts
- Web Application Firewall with Azure Front Door service now supports exclusion lists
- Azure Security Center – Improved just-in-time experience
- Virtual Network NAT now generally available
- Azure SQL Database default configurations are changing
- Power your Azure GPU workstations with flexible GPU partitioning
- Azure Web Application Firewall integration with Azure Content Delivery Network service now in preview
- Azure Shared Disks for clustered applications preview now available
- Onboard on-prem servers to Security Center from Windows Admin Center
- Azure Storage—Append Blob immutability support now generally available
- A New Look for App Service Diagnostics
And Now for Something Different
Many of you reading this post are working from home. That’s not an experience that’s new to me. In a previous job, my employer closed the office because we all worked just as well from home. I spent two years working from my home office, alone in the house (I was single then), and the poor takeaway delivery guy would be stuck talking to me when bringing my dinner. In my current role, I work as a cloud consultant for a Norwegian services company from my home in Ireland. I’ve been doing that for 15 months.
Three weeks ago, the Irish government closed the schools & pre-schools, and encourage employers to enable employees to work from home in response to the COVID19 pandemic. Since then we’ve had various degrees of isolation ordered by the government. Today, we must have a legitimate reason (exercise, food or medical services) to leave our houses – there are police roaming checkpoints and patrols to question citizens. As a result, the only reason I’ve seen anything other then the 4 walls of my house has been to visit a food store – and my zombie apocalypse shopping runs mean that those visits to the local corner store need only be short and for stocking up on fresh vegetables and fruit.
I’m not going to sit here and give you tips on how to work from home. To be quite honest, if you can’t just sit down and work, then I don’t think putting on a suit, commuting around the block, or any of that malarkey will get you started. I literally have breakfast and then sit down in the morning. I sometimes joke with my colleagues on Teams video meetings that I’m not even wearing pants – maybe I am, maybe I’m not!
The biggest challenge of this whole mess, I think, is looking after the kids while trying to work. My wife is not used to working from home and cannot wait to get back to the office. We have a teenage girl doing homework, that is assigned & checked by teachers using Teams, at the kitchen table. Our 4-year old daughter is home too, running amuck, bored silly, even with endless repeats of Elsa & Anna on Disney +. Stress levels are rising. Today, I think I figure out a routine to handle that … but it comes at a cost. I typically have customer or colleague “face-to-face” (Teams) engagements in the morning. In the afternoon, it’s typically quiet. Today, after the last of my meetings, I took my youngest daughter aside and entertained her as best as I could for the afternoon. That brings us to dinnertime, and then I can sit down to do a few hours work to make up my hours. So that means sacrificing time later at night. Will it work? Is it right for anyone else? Who knows! And I cannot wait to get outside the confines of our house and garden.
But I guess that’s a minor issue. We’ve gone from near-zero unemployment to the government having to introduce emergency social welfare procedures and payments because of the number of business closures that are happening in Ireland. The country is in lockdown, people are dying, and people are scared. I guess there are bigger things to worry about right now. Stay safe!