Microsoft Ignite: Azure updates part two

Microsoft Ignite: Azure updates part two

Following Microsoft’s Spring 2021 Ignite event, our cloud specialist, Damian Reffin, lists his top Azure-related infrastructure announcements and updates and shares what they mean for us. Read part one here.

 

Azure Networking

Looking at Azure load-balancing, Networking routing, Azure Front Door and Firewall Premium.

 

Azure load-balancing options

Azure load-balancing preview

 

Azure load-balancing options were released in March 2021. A guided experience helps you choose the options that match your architectural and application requirements.

The functionality gives the flexibility to balance loads across containers and virtual machines (VMs) and VM scale sets associated with their load balancer.

An Azure Public IP SKU upgrade is now generally available, enabling you to upgrade and retain the same IPs without management overheads or notices to your end customers.

It also supports the ability to upgrade from Basic to Standard SKU.

Any basic public load balancer can now be upgraded to a standard public load balancer and retain the same public IP address.

 

Azure Networking routing preference

Now generally available, Azure Networking routing preference lets you choose how your traffic routes between Azure and the internet. This update gives you greater flexibility to optimise your underlying routing network.  ​

You can choose to optimise:

  • For performance with Microsoft network – ‘cold potato routing’
  • For cost per workload, with ISP network/open Internet – ‘hot potato routing’

Egress data transfer prices vary according to the routing selection. ​

 

Azure Front Door

Azure Front Door with CDN is now available in preview mode. The upgrade provides a secure cloud content delivery network (CDN) service with integrated intelligent security capabilities.

The upgrade enables cybersecurity teams to protect and accelerate apps, APIs, websites and content delivery with a few clicks.

 

Azure Firewall Premium

Azure firewall diagram

 

Azure Firewall Premium, now available in preview, has been upgraded with a next-generation firewall.

With intrusion detection and prevention system capabilities​, the upgrade offers enhanced security for sensitive and highly regulated environments.

 

Summary

The hottest item is the Azure Firewall Premium feature, which is set to improve parity with the third-party marketplace.

 

Azure Hybrid Networking

Addressing Azure Route Server, ExpressRoute – IPv6, Gateway and Portal, Virtual WAN, Scalable Bastion Gateway and advanced VPN diagnostics.

 

Azure Route Server

Now available for preview, the Azure Route Server facilitates dynamic routing between a network virtual appliance (NVA) and virtual networks.

By establishing the Border Gateway Protocol (BGP) peering between an NVA and an Azure Route Server, you can inject IP addresses from your NVA to your virtual network. The BGP lets the NVA learn what IP addresses your virtual network has.

Azure Route Server is a fully managed service with built-in high availability.

 

ExpressRoute IPv6 Support

Released in preview mode in March 2021, ExpressRoute IPv6 Support supports IPv4 and IPv6 private peering in availability zones.

IPv6:

  • Enables IoT (the internet of things) scenarios
  • Simplifies your enterprise migration or expansion to Azure, even if you run out of IPv4 addresses in your on-premises network

 

ExpressRoute Gateway

New ExpressRoute Gateway metrics are now available for preview. These metrics allow you to monitor the:

  • Counts of routes learned and routes advertised
  • Number of VMs in your virtual network
  • Frequency of routes changed for their ExpressRoute gateways

You can also set up alerts to manage capacity accordingly.

 

ExpressRoute Portal

Now generally available, the new ExpressRoute Portal gives you a more comprehensive peering and Global Reach configuration experience in the Azure Portal.

 

Azure Virtual WAN

Azure Virtual WAN diagram

Azure Virtual WAN now offers integration with VMware SD-WAN in preview. It lets you connect all branch offices and remote locations to Azure through VMware SD-WAN.

You can manage last-mile connectivity and dynamic path optimisation through VMware SD-WAN. And for a complete secure access service edge solution, you can leverage global connectivity by routing intelligence and security through Azure Virtual WAN.

 

Virtual WAN remote user VPN

Virtual WAN remote user VPN features are now available in preview.

The new features enable 100,000 remote users, an increase from the previous limit of 10,000, to connect to a Virtual WAN hub in a region. The Virtual WAN also:

  • Allows remote users to authenticate using any combination of Certificates, Azure Active Directory and Radius Servers
  • Offers custom IPsec parameters for remote user VPN
  • Connects multiple Radius servers to a single Virtual WAN Hub for remote-user authentication

 

Scalable Bastion Gateway

Scalable Bastion Gateway became available in preview in March 2021.

You can increase the Bastion Gateway’s size to support as many as 500 concurrent sessions and decrease when usage demand drops.

Bastion will support native Azure Active Directory (Azure AD) authentication integration for Linux VMs deployed on Azure.

 

Advanced VPN diagnostics

In March 2021, advanced VPN diagnostics, including Packet Capture, the BGP dashboard, and VPN connection features, were released in preview.

Summary

Given the volume of IaaS-related announcements, Microsoft is building on current offerings by bringing more features, capability and scalability.

Community feedback allows for rapid feature gap discovery and an agile supplier response. Much of this is driven by the Azure Connect forum, with regular pulse taking and feedback channels informing Microsoft’s Azure roadmap.

 

Windows Server 2022

Windows Server 2022, now available in preview mode, enables you to run existing and new business-critical applications with confidence on Azure, on-premises and at the edge.

Windows Server 2022 introduces the following:

  • Advanced multi-layer security
  • Hybrid capabilities with Azure and a flexible application platform
  • Improved hybrid server management, an enhanced event viewer and several other new Windows Admin Centre capabilities
  • Improvements to Windows containers, like smaller image sizes for faster download, simplified network policy implementation and containerisation tools for .NET applications

As part of this release, Windows Server is getting secured-core capabilities to secure systems that will run workloads on Windows Server 2022.

Secured-core server builds on technologies such as Windows Defender System Guard and virtualisation-based security to minimise risks from firmware vulnerabilities and advanced malware.

 

Summary

No flashy new name, but it’s here at last. As well as improved security and running containers, I’m excited about improved native integration with Azure, wherever you use it.

We can expect significant time savings and disruption-reducing advances in hot patch (update) management. I sense many more time-saving elements are on their way, which will help with day-to-day management and governance. Further details here.

 

Windows Virtual Desktop (WVD)

Picking up EU metadata, smartcard authentication and Azure Monitor.

WVD subscription diagram

 

EU metadata storage

Public preview of the Europe (EU) geography as a storage option for service metadata in Windows Virtual Desktop is now available.

You can choose between West or North Europe when creating your service objects. The service objects and metadata for the WVD host pools will be stored in the Azure geography associated with each region, rather than just the East US region.

 

Smartcard authentication

You can now use smartcard authentication, available in public preview mode, with the Windows client from outside your corporate network without requiring line-of-sight to the domain controller.

 

Azure Monitor for Windows Virtual Desktop

Azure Monitor for Windows Virtual Desktop will be generally available in the next few weeks. It provides a centralised view with all the monitoring insights and visualisations necessary for debugging, troubleshooting and operating at scale.

With the latest updates, you can perform the following functions:

  • View a summary of host pool status and health
  • Find and troubleshoot problems in a deployment
  • Address user feedback
  • Understand resource utilisation and make scaling and cost management decisions

 

Summary

New metadata locations is a long-awaited feature and further announcements on regional availability will be greatly anticipated.

The more passwordless options for desktops, the better – which is moving at pace. And monitoring WVD was always a challenge without third-party solutions. If Azure Monitor for WVD provides suitable tools for minor problems, it’s a win.

 

Security

Addressing confidential computing, Azure Security Centre and Azure Defender.

 

Azure Confidential Computing and Key Vault

Azure Key Vault Managed Hardware Security Module (HSM) – a fully managed, highly available, single-tenant management service with FIPS 140-2 Level 3 validated hardware security modules (HSMs) – is available in preview mode.

Sectors like finance require HSMs to store cryptographic keys used for cryptographic functionality, e.g., Transport Layer security, data encryption, public key infrastructure, digital rights management and signing documents.

Always encrypted with secure enclaves are protected regions of memory that enable confidential queries, is now available in preview mode for SQL Server 2019 and Azure SQL Database.

Trusted Launch, which protects against boot kits, rootkits and kernel-level malware, is now available for both confidential and non-confidential VMs (virtual machines).

 

For overviews, see Confidential computing on Azure and Trusted launch for Azure virtual machines (preview).

 

Summary

In a fast-evolving threat landscape, extra and improved security controls and options are to be welcomed.

 

Azure Security Centre (ASC) and Azure Defender

 

Windows Server 2019 in Azure Defender has enhanced security alerts and Endpoint detection and response (EDR) support.

The Azure Security Centre also has improved network security integration and new reporting capabilities.

The alerts experience includes the following:

  • Better triaging experiences
  • Enhanced performance for larger alert lists
  • Alignment with Azure Sentinel’s incident experience
  • Additional alerts from the Azure Resource Graph

 

EDR support for Windows 2019 has been added to Microsoft Defender for Endpoint, which is included in Azure Defender.

The security status of Azure Firewalls is now available in the Azure Security Centre dashboard through integration with the Azure Firewall Manager.

New reporting capabilities, in preview mode, in the Azure Security Centre enable you to create quick reports on top of security data. You can use out-of-the-box reports or write custom reports with Azure Workbooks.

 

Summary

By improving integration, monitoring and alerting while continuing to extend coverage in and outside of Azure, there is a move to make ASC one of the best cloud workload protection platforms.

On top of modern workplace, data compliance and Sentinel advancements, Microsoft is driving demand for in-house and outsourced SOC services.

Specialists in Azure and Office 365 security are highly sought after. An external cyber security operations centre addresses the challenges related to the current skills deficit in this industry and can allow businesses to put cyber security measures in place affordably.

 

Windows Server 2022 Secured-core

Microsoft Server Operating Systems Preview

 

Windows Server 2022, in preview mode, supports the latest security innovations.

This release brings Secured-core to Windows Server, helping secure systems that will run workloads on Windows Server 2022.

Secured-core builds on technologies like System Guard and Windows Server Virtualisation-based security, minimising the risks from firmware vulnerabilities and advanced malware.

The new release also provides secured connectivity enabled by industry-standard AES 256 encryption.

 

Summary

For organisations that still require on-premises Windows server workloads, this is an excellent enhancement for hybrid cloud environments.

 

Training and certifications: Windows Virtual Desktop

A new certification is launching for developers and IT administrators working on Windows Virtual Desktop.

The beta exam for the Microsoft Certified: Windows Virtual Desktop Specialty is now available.

Once these beta exams are scored, the exam will be generally available. Those who pass will earn the new Microsoft Certification.

 

Summary

It appears the trend is towards more, not fewer, specialisations, which is good as some knowledge is just too broad and high-level.

This is a welcome improvement in terms of specialist certification. Designing and delivering presentation solutions was often just a short chapter in any Windows Server training course, leaving many engineers to develop best practice through experience.

 

Explore our Cloud Services

At Content+Cloud, we have a portfolio of professional cloud services.  So, wherever you are on your cloud journey, we can help.

Related Content

Find out more

Transform your workplace with a multi award-winning Microsoft partner

Whether your organisation is in the initial stages of looking at moving to the cloud with Microsoft 365 (formerly Office 365), looking for a Microsoft partner to help ensure solution adoption, or requires a fully managed IT support service, Content+Cloud can help. As Microsoft’s leading partner serving clients across the UKget in touch with your exact requirements and a Content+Cloud consultant will get back to you at a time that suits you.