Microsoft Azure IaaS Announcements at Build and Ignite 2015

It’s been a busy time for Microsoft Azure lately, where the confluence of Build 2015 and Ignite 2015 saw numerous announcements for Microsoft’s public and hybrid cloud, many of which I will cover here.

Premium Storage General Availability

A new shared storage system that’s used by DS-Series virtual machines became available. Shared SSD storage allows higher throughput and lower latency for huge-scale and time-sensitive applications.

A DS-Series virtual machine using shared SSD storage for data disks (Image Credit: Microsoft)
A DS-Series virtual machine using shared SSD storage for data disks (Image Credit: Microsoft)

Azure Files Technical Support

Any customer with a technical support contract for Azure can troubleshoot issues with this SMB 2.01 storage system for sharing application configurations and files.

Azure Import/Export for Japan & Australia

Japan and Australian regions now have the ability to perform out-of-band bulk import or export jobs for data in and out of Azure.

Azure ExpressRoute for Office 365

Microsoft is working with three partners — AT&T, British Telecom, and Equinix — to make it possible for customers to connect to Office 365 using the Azure WAN connectivity solution, ExpressRoute. Microsoft hopes to bring this to market in Q3 2015.

Azure DNS Preview

Microsoft will be offering public DNS services to Azure customers. This will provide customers with Microsoft’s global DNS service, providing greater performance and rapid replication that only a cloud-scale service can offer. Note that Azure DNS is managed via your Azure subscription and responds using AnyCast.

Azure ExpressRoute Premium Add-On Package

A new package is available now that allows customers to have more BGP Routes, global connectivity, and more Azure VNETs per circuit. The limit for public routes is increased from 4000 to 10000. A vNET in one region can be accessed by an ExpressRoute connection in another region. A Premium Add-On Package will allow more than 10 VNET links per ExpressRoute circuit, depending on available bandwidth.

User-Defined Routing

You can define your own routes in an Azure vNET to control how traffic flows. This allows you to introduce virtual appliances through which all traffic must flow. For example, virtual-edge devices that supply tenant-managed auditing or additional security on top of the Azure fabric.

User-Defined Routing with a virtual appliance (Image Credit: Microsoft)
User-Defined Routing with a virtual appliance (Image Credit: Microsoft)

Virtual Network Appliances

A number of Microsoft partners, such as the likes of Cisco, Barracuda, Check Point, Fortinet, Websense, Palo Alto Networks, F5, and Alert Logic, have launched or will be launching virtual appliances in the Azure Marketplace. This will provide Azure customers with more choice in how they manage networking within their Azure deployments.

Azure ExpressRoute and VPN Co-Existence

A vNET can support both ExpressRoute and VPN connections at the same time. A new Standard Gateway supports this kind of deployment, as well as offering greater throughput for ExpressRoute than the dynamic gateway can offer.

Multiple VIPs per Cloud Service

A single application deployment, such as an n-tier application powered by a collection of virtual machines, can now have more than one public virtual IP (VIP) address. For example, you will be able to deploy two load balance VIPs that point to two web farms in the same cloud service.

IP Address Enhancements

You will be able to move reserved VIP addresses between services. This ability might be used to instantly upgrade or rollback a service by switching between Azure cloud services. You will also be able to reserve a existing non-reserved cloud service VIP.
Instance-level public IP addresses allow you to route to an individual VM from the Internet. You can now associate a DNS name with one of these addresses and access that VM on all ports using the FQDN.

Cloud App Discovery General Availability

Microsoft made their shadow IT auditing tool generally available. Information from Cloud App Discovery can be used by IT to take control of SaaS applications that have been deployed by users without supervision.

Privileged Identity Management (PIM) Preview

This is a feature of Azure AD Premium, and it minimizes the risks of administrator access to cloud services, such as Azure, Office 365, or Microsoft Intune. Instead of administrators having permanent high-privilege access to SaaS resources, PIM provides just-in-time access to those administrators via Azure AD control. All actions are audited and can be subject to multi-factor authentication, human approval, and ticketing systems.

Disk Encryption for Windows & Linux Virtual Machines

Tenants will be able to encrypt all of their virtual machine disks, with the Azure KeyVault service managing encryption keys. More details will be shared by Microsoft at a later date.

Virtual Machine Scale Sets

VM Scale Sets allow you to create, delete, or update a group of virtual machines through a single API call. All members of the set are identical, so this is a means of rapid expansion, reduction, and patching for hyper-scale applications. Think of this as Auto-Scale on steroids.

Template-Based Deployments of Compute, Networking, and Storage

Azure Resource Manager (ARM) allows you to create JSON templates of complex IaaS deployments. This provides you with an easy and rapid-to-deploy stamp of an infrastructure that can be reused to quickly deploy new services.