#Azure notable updates w16-38-39

Now this has been the Ignite week, so there have been a ton of new announcements as usual I list the ones I consider of interest, but remember this is just my perspective.

Azure Services

  • Azure AD Application Proxy new connector version (1.3.1135.0). This update included the following fixes and improvements:
    • Improved exception handling and retry mechanism for machines that encounter network glitches
    • Added connector telemetry for bootstrap operations to allow better identification of any connector issues
    • Updated Azure Service Bus relay infrastructure to improve connectivity success rates and stay up to date
  • H-Series virtual machines start to roll out in Azure. the H-Series will be among the fastest virtual machines available in Azure in terms of performance per core (ACU benchmark). Depending on application and scenario offering, it gets as much as a 30 to 50 percent performance increase compared to other virtual machines.

  • VNet peering is now GA
  • Azure DNS is now GA
  • and eventually IPv6 meets Azure VMs and goes GA
  • Azure adds its own Web Application Firewall (WAF) to the picture. The web application firewall (WAF) in Azure Application Gateway helps protect web applications from common web-based attacks like SQL injection, cross-site scripting attacks, and session hijacks. It comes preconfigured with protection from threats identified by the Open Web Application Security Project (OWASP) as the top 10 common vulnerabilities.
  • Microsoft Azure Log Integration (Preview) is now available. It promises to integrate raw logs from your Azure cloud resources into your SIEM systems.
  • Azure networking is getting a facelift with new hardware that promises better bandwidth (+30%), accelerated networking currently in preview that brings 25Gps and reduced latency to your VMs. A new gateway SKU for ExpressRoute has been announced as well. Speaking of gateways now they can be configured in a HA active/active mode for standard Site 2 Site VPNs. Plus multiple VIPs on internal load balancers, QL AlwaysOn with Multiple Listeners and Effective Routes and security rules views.
  • Disk Encryption for Windows and Linux VMs is now generally available. For those who missed it, it is a solution for encrypting data at rest, basically your vhds can be encrypted on azure storage. Azure Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription, while ensuring that all data in the virtual machine disks are encrypted at rest in your Azure storage.
  • Azure Monitor goes in public preview. Now I must say that while this was long overdue, it must be positioned as basic monitoring solution. If you’re serious about monitoring your workloads on Azure you must think to a solution that can give visibility into all your workloads and not just send an email or run a runbook based on a threshold.

System Center

Operations Management Suite (OMS)

  • The OMS licensing has changed, this is a huge disruption, I don’t want to comment, at least not yet, so here it goes:

    • now OMS requires an Azure Subscription
    • now OMS Log Analytics is not billed just on consumption but based on the solutions you chose, it has different fees based on virtual machines.
  • The enterprise licensing includes System Center licensing, single components of the suite can include single System Center Components.
  • There are upgrade and add-ons plans from System Center, but don’t get too excited because adding OMS to System Center is pretty expensive (imho)
  • There are four components now
    • Insight & Analytics: Gain visibility across your workloads, giving you all the information needed on what’s happening in your environment. Insight and Analytics includes log collection and search, application and server dependency mapping, as well as network health monitoring. Releases this week include:
      • New application and service monitoring capabilities for Azure SQL, MySQL, and VMware hosts
      • Connector for Application Insights enabling integrated application and workload analytics
      • Azure activity log search
      • New ingestion APIs for expanded data and log collection
    • Automation & Control: Enable consistent control and compliance for Azure, third-party clouds and on-premises datacenters. Automation and Control includes services to assist with process automation, desired state configuration, change tracking and new update management capabilities, as well as hybrid runtime.
      • Enhanced Update Management features including insights into time estimates as well as sequencing of updates needed to keep Windows Server and Linux systems up-to date
      • Change tracking enhanced with granular file-based tracking to support Windows Server and Linux environments
    • Security & Compliance: Drive security across your hybrid environment. Security and Compliance delivers instant insight into security vulnerabilities, uses advanced analytics to detect threats, and offers built-in threat intelligence and rapid search of security data to enable rapid investigation.
      • Azure Security Center availability as part of Operations Management Suite
      • Expanded security data ingestion using Common Event Format, including new Cisco ASA
      • New behavioral analytics designed to detect insider threats and attempts that persist within a compromised system
    • Protection & Recovery: Ensure availability of important applications and data. Protection and Recovery helps you keep critical data protected through integrated cloud backup, and applications available, while minimizing the impact of disruptions to the business. Including both Backup and Site Recovery, the service provides an integrated experience for customers.
      • Expanded Linux and VMware backup and recovery support
      • Integrated monitoring with Log Analytics, including Site Recovery capacity planning
  • The OMS Gateway has been updated with SCOM support(https://www.microsoft.com/en-us/download/details.aspx?id=53891). The OMS Gateway is a self managing proxy solution for OMS, or better said for the Microsoft Monitoring Agent. It takes care of all the access rules required to reach the OMS cloud from a corporate network. For setup instruction see this post.

  • OMS Update Management solution is now GA
  • Azure Security Center has been enhanced with several new features(https://azure.microsoft.com/en-us/updates/azure-security-center-enhancements/). And yes I add it under OMS becouse basically the OMS Security Solution team and the Azure Security team are one.
  • VMWare monitoring is now in public preview
  1. What I learned about Operations Manager 2016 and OMS by (not) attending Ignite

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: