What’s New with Azure – July 2021 Edition
July – a month that many take a vacation in, and it’s the start of the commercial year for Microsoft. That year kicks off with Microsoft Inspire, a conference for the partner community to learn about what Microsoft is launching and how Microsoft wants their partners to sell to customers. Most of the content is the commercial stuff that bores many of us. But this year had one interesting announcement that media insiders have been expecting for around a year.
Cloud PC Announced as Windows 365
Yes! At last! Your Windows license becomes a subscription – not! Rumors have been flying around for quite some time that Microsoft was building a new “managed desktop” on top of Azure Virtual Desktop. In June, Microsoft rebranded Windows Virtual Desktop as Azure Virtual Desktop – that was the first step in the launch.
At Inspire, Microsoft revealed a tiny bit of information about Windows 365, a service that was internally called Cloud PC – Azure Resource Manager (the API and infrastructure-as-code language) still uses “Cloud PC” in the Azure Virtual Desktop resources to designate Cloud PC resource deployments. We’ll put some conspiracy-oriented minds at ease: Windows is not a subscription-only service – it’s been a subscription option for enterprises for many years (at least since the early 2000s) but the buy-the-rights-upfront option is still there and continues. Windows 365 (they could have picked a better name … like Cloud PC) is a service where you can subscribe to a Windows virtual machine running the desktop OS that is hosted in Azure and built on Azure Virtual Desktop. Microsoft will provide “management services” for the desktop but I doubt that will be very much to be honest because there is still going to be an enterprise and partner play. To be clear, this is a commercial offering, not a personal offering.
A lot has been written about Windows 365, but little is actually known. The reveal and availability will be on August 2nd, and that’s when we’ll learn:
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
· What services Microsoft will add?
· How does the pricing look? Expect Generation 2 VM prices plus a margin so it won’t be cheap and many media types will be disappointed.
· What Windows 365 really is from a technical perspective?
That last question is a big one for me. What does Windows 365 really do? Will it be some service that runs in an isolated Microsoft tenant and has no direct connectivity to existing on-premises or cloud services? Most of the customers I have dealt with use RDS/Citrix to access legacy workloads that have been migrated to Azure; they need low-latency network connections – not some VPN or HTTPS thing – being close to the service was the reason that RDS/Citrix was brought online in the first place. If Windows 365 is just “here’s Office and other web clients in the cloud” then I can’t see it being of any use to many of the enterprise customers that it will be pitched at – remember that press releases often “fuzz the facts”.
Azure Firewall Premium is Generally Available
I’ve been looking forward to this release – I’ve even spent a nice chunk of July getting to know some of the new features of Azure Firewall. The new Premium SKU adds some new features:
· TLS Inspection: Outbound or east-west HTTPS traffic can be decrypted and re-encrypted by the firewall to allow deeper inspection for URL filtering, improve Threat Intelligence filtering and the new IDPS feature. You will need to provide the firewall with a subordinate CA certificate that internal machines trust to make this feature work.
· IDPS: The firewall is adding an intrusion detection and prevention system that will run in the heart of your network – the hub should see all north-south to/from workloads and east-west traffic between workloads. This inspection uses a pattern-matching program to identity threats communicating on the network and can create alerts and automatically deny the traffic, even if it is allowed by a rule. There is a whitelist/override system for false positives that I have already used for legitimate DNS traffic.
· Web Categories: You might want to block outbound access to certain types of sites, for example, adult or gambling content. If you route Internet traffic from on-premises through your firewall (Azure Virtual WAN) or you run Azure Virtual Desktop/Citrix in the cloud, then you can use this feature to prevent access to unsuitable material. The feature works, but it is very basic compared to established ADDS-integrated proxy products, lacking user identity (only IP address), supplied reporting, and category edit/override.
· URL Filtering: Up to now we have only been able to allow or deny access to a site, but not to control access to pages on a site. For example, I can allow access to bing.com, but that also means that people get access to bing.com/travelguide. URL Filtering gives you deeper control over site content access.
Other Announcements from Microsoft
Azure Virtual Machines
Azure Backup & Site Recovery
Azure Security Center
And Now for Something Different
Unless you’ve been hiding under a rock for the last few decades, you’ve probably heard of climate change. We can disagree on causes, but climate change is happening – evidence can be seen all over the world. I remember doing a road trip along the western shores of Lake Mead National Recreation Area, near Las Vegas, in 2004. I stopped at a boat dock on the northern end of the lake for lunch while watching the boats bob up and down. I returned in 2007 and that part of the lake was dry. Today, the city of Las Vegas is banning “useless grass” to save water because the supply from the Colorado River is drying up.
Climate change has an impact on The Cloud too. Cloud data centers are huge. Take a look at “East US” near Boydton, Virginia, in satellite view. Imagine all those servers and disks, consuming electricity, and then requiring 1-3 times as much electricity again to cool the same hardware! Those same data centers require a lot of water too. With the US southwest being a popular place for data center construction, is it any wonder why we’re starting to see stories such as:
· Drought-stricken communities push back against data centers: NBC reporting on the US southwest.
· Amazon’s second Drogheda data center on hold following An Taisce objection: The Irish times discussing the huge consumption of resources by data centers with little return for the country.
The water consumption of data centers is huge. The demands for electricity and infrastructure are insatiable. And one can certainly argue that there is little return for the locality – the promised jobs mostly last for the very short construction project. The truth is that the global clouds are designed to require very little human presence on the ground – they are even designed to make it an unpleasant place to be.
I suspect that Microsoft has anticipated this resistance for years. If you have been paying attention then you have heard about things such as:
· Microsoft’s commitment to recycling
· The acquisition of power from renewable providers
· Two-phase immersion cooling for server motherboards
· Project Natick, the experiment to develop an under-sea data center module
The required changes won’t happen quickly. I will not be surprised if the likes of Amazon, Google, and Microsoft face increased resistance to data center construction and one day we will have cloud resource shortages.