So Ignite it is. In this installment you’ll find the notable updates for Azure from Ignite 2019 with the exception of AI and Machine Learning related news (I always tried to keep the news on AI at a minimum in this weekly updates, due to the fact the fast pacing AI world would need much more space and time). Also I tried to just list technologies that you can try today (either GA or preview).
Azure Arc is probably the biggest announcement in terms of infrastructure. It enables Azure services anywhere and extends Azure management to any infrastructure for unified management, governance and control across clouds, datacenters and edge. Every resource looks and feels just like Azure resources, also it provides unified auditing, compliance, and role-based access control across multiple environments and at scale. Microsoft is releasing Azure Arc-enabled API Management, which helps organizations manage APIs across any environment, including hybrid and multicloud. It consists of a containerized API gateway that can be deployed in any environment, while still allowing users to manage all their APIs within the Azure API Management plane. This capability, now available in public preview, is configured through the Azure API Management plane but keeps data localized to the deployment environment to ensure security and compliance for APIs.
Azure SQL Data Warehouse is now Azure Synapse Analytics. Azure Synapse is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics. It allows to ingest and query both relational and non-relational data. If you’re in the data analytics space this is something you must take a look at.
Azure Data Services leverages the containerized nature of Azure databases services to extend them to any K8 cluster. It is the same piece of technology Azure Arc uses to bring Azure data services everywhere. It will start with the ability to run Azure SQL Database and Azure Database for PostgreSQL Hyperscale on any Kubernetes and any hardware of choice, to be followed by additional Azure data services based on customer needs
Azure Monitor continues to improve. First it adds more capabilities for netwok monitoring:
• Network Insights – single console gor health information on your Azure networking
• Traffic Analytics – can now process data at 10′ intervals
Also you can now monitor any Kubernetes Cluster not just AKS. Azure Log integration has been improved to make it easier to ingest logs the Azure fabric produces.
Azure Security Center is expanding support for threat protection for Azure Kubernetes Service.The new capabilities in this release include:
- Discovery & Visibility – Continuous discovery of managed AKS instances within Security Center’s registered subscriptions
- Recommendations – Actionable items to help customers in complying to security best practices in AKS
- Threat Detection – Host and cluster-based analytics
- Vulnerability assessments for Azure Container Registry
On a general standpoint Security Center adds:
- built-in vulnerability assessment for virtual machines for no additional fee included in the Standard profile. The vulnerability assessment is powered by Qualys
- Workflow automation with Azure Logic Apps (GA)
- Advanced integrations with continuous export of Security Center
- Improved reporting for Security Center alerts and recommendations
- Onboard on-premises servers to Azure Security Center from Windows Admin Center
- Azure Security Center Community – Centralized GitHub, open for contribution, with additional scripts and content
Also Security Center extends to SQL Server running in IaaS:
- Vulnerability assessment to discover, track, and help remediate potential database vulnerabilities.
- Advanced Threat Protection detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit a customer’s SQL Server.
Serveless computing is gaining more and more momentum, at Ignite Azure Functions announced:
- premium plan went GA
- Powershell support is now GA
- Durable functions 2.0
- Reference to secrets stored in KeyVault in application settings
The Azure Compute platform adds more VMs families and expand exiting ones:
- The Azure Da v4 and Das v4 virtual machines feature high performance at competitive price points suitable for enterprise-grade applications, relational databases, and application servers. They provide up to 96 vCPUs, 384 GBs of RAM, and 2,400 GBs of SSD-based temporary storage.
- Generation 2 virtual machines are now GA. They include increased memory and Intel Software Guard Extensions. They will also provide support for large VMs (up to 12 TBs) and allow our customers to provision OS Disk sizes that exceed 2 TBs.
- Azure Ea v4 and Eas v4 Azure VM-series for memory-intensive workloads. They provideup to 96 vCPUs, 672 GBs of RAM and 2,400 GBs of SSD-based temporary storage.
- The Azure NVv4 virtual machine offers unprecedented GPU resourcing flexibility. Customers can select from VMs with a whole GPU all the way down to 1/8th of a GPU.
- The NDv2-series virtual machines are designed for the cutting-edge demands of distributed HPC, AI, and machine learning workloads. They feature 8 NVIDIA Tesla V100 NVLINK interconnected GPUs with 32 GB of memory each, 40 nonhyperthreaded Intel Xeon Platinum 8168 processor cores, and 672 GB of system memory. The NDv2-series VMs also feature 100 Gb/sec EDR InfiniBand with support for standard Mellanox OFED drivers and all MPI types and versions.
New features for Azure virtual machine scale sets include the ability to create an empty virtual machine scale set and add various virtual machines
belonging to different series later. That will allow them to achieve high availability by deploying a set of virtual machines to a single availability zone and/or across different fault domains in an available zone. Additionally, customers can now provision VMs with custom images using a shared image gallery. A new scale-in policy lets customers determine the order in which VMs should be scaled in, or deprovisioned. Instance protection from scale-in helps customers protect designated VMs from being deprovisioned during a scale-in action.
Azure Bastion is now GA. For those who miseed what Azure Bastion is, it provides an integrated platform alternative to manually deploying and managing jump servers to shield your virtual machines. It allows secure access to your VMs either via RDP or SSH.
Azure Peering Service (preview) is a partnership with service providers to provide highly reliable and optimized internet connectivity to Microsoft services. It also provides internet latency telemetry and route monitoring, and alerting against hijacks, leaks, and any other Border Gateway Protocol Misconfigurations.
Azure Peering Service is an answer for customers looking for an internet-first network strategy when accessing SaaS services such as Office 365 or other SaaS services running on Azure.
Speaking of Azure Networking, Point-to-site VPNs now support Azure Active Directory Authentication, make it way easier to deploy them (previously we had certificate based authentication). Singing along ExpressRoute and Point to Site are now Generally Available with Virtual WAN.
Azure Firewall Manager is a new service that provides enterprise customers with a single pane of glass to centrally configure multiple Azure Firewall instances in a hub-and-spoke architecture. Central IT teams can also automate Azure Firewall deployment and enforce firewall policies at the same time to ensure traffic governance and protection across the enterprise.
Azure App Service now offers managed certificates that make it easy for customers to secure their sites with Transport Layer Security (TLS).
Azure Migrate now provides a dedicated experience for migrating .NET and PHP web applications running on Windows to Azure App Service. It provides tooling in the form of a local agent that performs app discovery
and general assessment of your app’s configuration settings, runs readiness checks and then walks you through the migration process.
In addition to storing Docker container images and Helm charts, Azure Container Registry can now store Open Container Initiative (OCI) artifacts and images built to the OCI Image Format Specification.
The Azure Data Platform released several new capabilities:
- TDE with customer-managed keys for SQL DB Managed Instances
- Azure Database for PostgreSQL Hyperscale (powered by Citus Data technology).
Azure SQL Database also gets more powerful with the addition of new hardware options with greater memory and compute. Maximum memory increases by over 400%.
- Autopilot mode for Azure Cosmos DB provides automatic scaling of provisioned throughput based on workload patterns. Customers no longer have to preplan their provisioned throughput and overestimate capacity required, as scaling will be automatic.
- Azure Database for PostgreSQL, MySQL, and MariaDB are launching a Reserved Capacity pricing option
- Azure SQL Database Edge is now available in preview, it is available in the regions where Azure IoT Edge is available.
Azure Active Directory Connect cloud provisioning allows customers to leverage “sync as a service” for their cloud identities. The solution provides a lightweight, on-premises agent that will enable provisioning from multiple, disconnected on-premises Azure Directory forests and move all the sync complexity and data transformation logic to the cloud.
Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.
Additionally, it allows organizations to create access packages that make it easier for employees and partners to request access to the information they need—and ensures that only the right people have access to the appropriate resources.
Azure HDInsight—Autoscale is now generally available