AZURE Cloud Monthly Updates Newsletter – August 2024.
Santhosh (Santhoshkumar) Anandakrishnan
Cloud Solution Architect | Azure MVP | Cloud & Infrastructure Consulting | Co-Organiser Azure Builders Meetup
Welcome to our monthly Azure Cloud newsletter! Stay up to date with the latest news, updates, and tips to make the most of Azure cloud services. Whether you're an experienced Azure user or just getting started, we've got you covered with insights and information to help you harness the power of the cloud. Let's dive into the exciting world of Azure together!
1. Azure Compute Services
1.1 Generally Available: Azure Red Hat OpenShift Now Supports Clusters Up to 250 Nodes
Azure Red Hat OpenShift (ARO) is a fully managed Red Hat OpenShift service on Azure. Microsoft announced two significant enhancements to ARO's capabilities:
What is changing with this update?
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/openshift/howto-large-clusters
1.2 Public Preview: Instance Mix on Virtual Machine Scale Sets
It's a new feature to optimise Virtual Machine Scale Set (VMSS) deployments. Instance Mix allows you to specify multiple VM sizes within a single Virtual Machine Scale Set (VMSS), providing greater flexibility and cost efficiency. To further optimise deployments, Instance Mix allows you to specify an allocation strategy to optimise price or capacity.
What is changing with this update? Instance Mix enables you to specify multiple Virtual Machine (VM) sizes in your Virtual Machine Scale Set with Flexible Orchestration Mode and an allocation strategy to further optimise your deployments.
Instance Mix is best suited for workloads that are flexible in computing requirements and can be run on various VMs of different sizes. Using Instance Mix, Deploy a heterogeneous mix of VM sizes in a single scale set.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-instance-mix?tabs=arm-1
1.3 Generally Available: Attach and detach VMs on Virtual Machine Scale Sets for a single fault domain
With attach and detach support for Virtual Machines (VMs), you can quickly bring your existing VMs to Virtual Machine Scale Sets (VMSS) with Flexible Orchestration Mode and a fault domain count of 1. After attaching a VM to the VMSS, it’s considered part of the scale set, and it benefits from scale set features like autoscale, instance repair, automatic OS upgrades, and more. Attaching the VM to the VMSS requires?no downtime.?
What is changing with this update? You can attach a VM to an existing Virtual Machine Scale Set by specifying which scale set you want to attach to. The VM doesn't have to be the same as the VMs already running in the scale set, meaning it can have a different operating system, network configuration, priority, disk, and more.
If you need to troubleshoot your VM outside of the scale set, you can detach it from the VMSS and investigate further. Likewise, you can use this functionality to move VMs between scale sets.? This feature is now generally available in all regions.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?tabs=portal-1%2Cportal-2%2Cportal-3#attach-an-existing-virtual-machine-to-a-virtual-machine-scale-set
2. Azure Data and Storage Services
2.1 Generally Available: Azure NetApp Files storage with cool access for all service levels
With the general availability of the cool access feature, your standard service level capacity pools, in addition to volumes created in premium and ultra service level capacity pools, can transparently store data more cost-effectively on Azure storage accounts based on their access pattern.
What is changing with this update? Using Azure NetApp Files storage with cool access, you can configure inactive data to move from Azure NetApp Files storage (the hot tier) to an Azure storage account (the cool tier). In doing so, you reduce the total cost of ownership of your data stored in Azure NetApp Files.
Data access latency will differ as data blocks might be tiered to Azure storage accounts. The cool access feature provides options for the “coolness period” to optimise the days infrequently accessed data moves to a cool tier and network transfer cost based on your workload and read/write patterns. The “coolness period” feature is provided at the volume level.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-netapp-files/manage-cool-access?tabs=standard
2.2 Public Preview: Customer-managed planned failover for Azure Storage
Azure Storage strives to provide you with adequate disaster recovery offerings, and we are excited to introduce our new feature, planned failover (in preview) for Azure Storage. Planned failover allows the failover of a storage account while maintaining geo-redundancy, with no data loss or additional cost. After your failover operation, you will no longer need to reconfigure geo-redundant storage (GRS). Planned failover lets you swap your primary and secondary endpoints while your storage service endpoints are available. Once the planned failover is complete, all new writes will be directed to the region previously your secondary region, which becomes your new primary region.
What is changing with this update? Customer-managed planned failover can be helpful in scenarios such as disaster and recovery planning and testing, proactive remediation of anticipated large-scale disasters, and nonstorage-related outages. Your storage account's primary and secondary regions are swapped during the planned failover process.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/storage/common/storage-failover-customer-managed-planned?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=grs-ra-grs
2.3 Public Preview: Azure NetApp Files now supports 50 GiB minimum volume sizes
?Azure NetApp Files volume enhancement with support for 50 GiB minimum volume sizes.
What is changing with this update? Customers can now create an Azure NetApp file volume as small as 50 GiB, compared to the initial minimum size of 100 GiB. 50 GiB volumes will save costs for customer workloads, which need smaller than 100 GiB volumes, by allowing customers to right-size their storage volume
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-resource-limits
2.4 Generally Available: Cross Region Restore of SQL and HANA database backups from a vault with Private Endpoints enabled
Azure Backup users can now perform Cross-Region Restore (CRR) of SQL and HANA backups if the vault has private endpoints enabled. You can create secondary private endpoints in the vault and initiate CRR in the secondary region.
What is changing with this update? Azure Backup allows you to securely perform the backup and restore operations of your data from the Recovery Services vaults using private endpoints. Private endpoints use one or more private IP addresses from your Azure Virtual Network (VNet), effectively bringing the service into your VNet.
To learn more about this update, visit https://learn.microsoft.com/en-us/azure/backup/backup-azure-private-endpoints-configure-manage#cross-region-restore-to-a-private-endpoint-enabled-vault
2.5 Generally Available: Double encryption at rest for Azure NetApp Files
Azure NetApp Files double encryption at-rest feature now provides multiple independent encryption layers, protecting against attacks to any single encryption layer.
What is changing with this update? Users can now optionally select double encryption with this capability when creating Azure NetApp file capacity pools. Volumes can be created on these capacity pools and automatically protected with double encryption without any additional steps.
When using FIPS-140-certified double encryption, there is negligible performance impact. This allows existing applications to utilise double encryption protection without sacrificing performance. This feature is generally available in these regions.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-netapp-files/double-encryption-at-rest
2.6 Generally Available: Azure NetApp Files cross-zone replication
The cross-zone replication feature allows you to replicate your Azure NetApp file volumes asynchronously from one Azure availability zone (AZ) to another within the same region. It uses SnapMirror? technology, similar to the Azure NetApp Files cross-region replication feature and Azure NetApp Files availability zone volume placement feature, to replicate data in-region across different zones; only changed blocks are sent over the network in a compressed, efficient format.
What is changing with this update? This helps you protect the data from unforeseeable zone failures without the need for host-based data replication. In such situations, the user must break the peering relationship and mount the destination volume to fail over to the destination volume. This feature minimises the amount of data required to replicate across the zones, limiting the data transfers required and shortening the replication time to achieve a smaller Restore Point Objective (RPO).
Cross-zone replication doesn’t involve network transfer costs, so it is highly cost-effective. This feature is generally available in all AZ-enabled regions with an Azure NetApp Files presence.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/azure-netapp-files/cross-region-replication-introduction
2.7 Generally Available: Azure NetApp Files zone volume placement enhancement – Populate existing volume
With this capability, you can enhance workloads previously deployed regionally and align them with VMs in the same failure domain, for example, to enable HA architectures across availability zones. Populating existing volumes will facilitate data protection, as it is a prerequisite for supporting replication?across availability zones.
What is changing with this update? Azure NetApp Files availability zone volume placement feature lets you deploy new volumes in the availability zone of your choice in alignment with Azure Compute and other services in the same zone. With this enhancement, you can now obtain and, if desired, populate previously deployed existing volumes with the logical availability zone information. This feature will not move any volumes between zones.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/azure-netapp-files/use-availability-zones
2.8 Generally Available: Azure Container Storage for Ephemeral (Local NVMe/Temp SSD) and Azure Disk
Azure Container Storage is used to run production-level stateful container workloads. It orchestrates the placement and lifecycle of persistent volumes (PV) on your behalf, simplifying container storage management and optimising scalability, flexibility, and cost efficiency.
What is changing with this update? Tightly integrated with Kubernetes allows you to perform all storage operations via the Kubernetes API, such as creating PVs and scaling up capacity on demand, eliminating the need to interact with control plan APIs of the underlying storage infrastructure. With our general availability, two backing storage options are fully supported:
Ephemeral disk (Local NVMe/Temp SSD): With the Ephemeral disk backing storage option, you can take advantage of the local storage that comes with your nodes. For instance, workloads requiring low latencies could benefit from locally attached storage. You can also enable replication on your local NVMe storage to experience added resiliency.
领英推荐
Azure Disk: The Azure Disk storage option lets you choose from Ultra, Premium SSD, Premium SSD v2, and Standard SSD disk types to back your storage pool. With Azure Container Storage, your PVs are optimally placed on your disk, mapping multiple volumes to a disk, overcoming traditional persistent volume scale limitations and saving you storage costs in the long run.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/storage/container-storage/container-storage-aks-quickstart
3. Azure Network and Security Services:
3.1 Generally Available: Generally Available: Dedicated log analytics tables in Application Gateway
Application Gateway now offers general availability for storing logs in a dedicated log analytics table. With a dedicated log analytics table, customers can use resource-specific tables instead of Azure Diagnostic tables.
What is changing with this update? In resource-specific mode, individual tables in the selected workspace are created for each category selected in the diagnostic setting. This new mode helps you with better log querying capabilities and reduces ingestion latencies and query times.
To learn more about this update, visit: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#storage-locations
3.2 Public Preview: Azure CNI Powered by Cilium & Azure CNI Overlay support in AKS
A public preview of Azure CNI Overlay dual-stack with Azure CNI powered by Cilium for Linux& Windows clusters in AKS is now available.
What is changing with this update? This enhancement enables AKS clusters to support IPv4 and IPv6 network policies, providing greater flexibility and control over network traffic within your Kubernetes environments.
Additionally, Azure CNI powered by Cilium offers improved performance with its efficient data plane, enhancing the overall networking performance of your workloads. Cilium enforces network policies to allow or deny traffic between pods. With Cilium, you don't need to install a separate network policy engine such as Azure Network Policy Manager or Calico.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/aks/azure-cni-powered-by-cilium
4 Azure Containers Services:
4.1 Public Preview: Private registry support in Azure Deployment Environments
Private registry support for the extensibility model in Azure Deployment Environments allows platform engineers and development teams to use private Azure Container Registry (ACR) to host and reference container images that define their deployment patterns.
What is changing with this update? Private ACR support in Azure Deployment Environments enables customers to secure customised project-specific templates further. As a result, customers can achieve standardised and secure deployments while maintaining compliance and best practices.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/deployment-environments/how-to-configure-extensibility-generic-container-image?tabs=build-the-image-with-docker-cli#use-acr-with-secured-access
4.2 Public Preview: High Scale mode for Azure Monitor – Container Insights
Container Insights is an Azure Monitor for collecting logs from Azure Kubernetes Service clusters.
What is changing with this update? Container Insights mode will help customers achieve a higher log collection throughput from their AKS clusters. When High-Scale mode is enabled, Container Insights makes multiple configuration changes, leading to a higher overall throughput. The service makes all the changes in the background and does not require input or configuration from customers.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/azure-monitor/containers/container-insights-high-scale
4.3 Generally Available: OS SKU in-place migration for AKS
Traditional OS SKU migration today involves creating a new node, cordoning and draining existing nodes, and then deleting existing nodes. This can involve a significant surge of new nodes and operational overhead to cordon and drain existing node pools.
What is changing with this update? The OS SKU in-place migration feature allows you to trigger a node image upgrade from one Linux SKU (e.g., Ubuntu) to another (e.g., Azure Linux) on an existing node pool.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/azure-linux/tutorial-azure-linux-migration?tabs=azure-cli#in-place-os-sku-migration-preview
5. Azure PaaS Services:
5.1 Generally Available: Workspaces in Azure API Management
Workspaces enable organisations to manage APIs more productively, securely, and reliably using a federated approach. Workspaces bring a new level of autonomy to API teams, enabling them to create, manage, and publish APIs faster, more reliably, securely, and productively within an API Management service.
What is changing with this update? Workspaces function like "folders" within the API Management service. Workspaces empower API teams by providing isolated administrative access and API runtime while allowing the API platform team to retain oversight with central monitoring, enforcement of API policies and compliance, and publishing APIs for discovery through a unified developer portal.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/api-management/workspaces-overview
6. Other Azure Services:
6.1 Generally Available: Vaulted backup for Azure Blob Storage
This is a native, managed, and secure backup solution that keeps an offsite copy of your data and comprehensively safeguards your business-critical data stored in Azure Blob Storage against accidental deletion, corruption, and malicious attacks. It allows quick data recovery and business continuity, minimising the impact of data loss.?
What is changing with this update? Vaulted backups can also help you meet compliance requirements through long-term retention and enhance the security of your backups, helping you recover your data even in cases of cyberattacks. You can also use vaulted backups and the existing operational backup solution for blob storage. The general availability also brings more enhancements to the vaulted backup solution.
Vaulted backup for Azure Blob is available in these regions.
To learn more about this update, visit: https://learn.microsoft.com/en-au/azure/backup/blob-backup-overview?tabs=vaulted-backup
6.2 Generally Available: Enable multifactor authentication for your tenant by 15 October 2024
Starting 15 October 2024, we will require users to use multifactor authentication (MFA) to sign in to the?Azure portal,?Microsoft Entra admin centre, and?Intune admin centre. You'll need to?enable MFA?by 15 October 2024 to make sure your users can maintain access.?
If you can’t enable MFA for your users by that date, you must apply to postpone the enforcement date. If you don’t enable MFA for your tenant or apply to postpone by 15 October 2024, your users will be required to set up MFA for the Azure portal, Microsoft Entra admin centre, or Intune admin centre.
Action Required:
7. Retirement Azure Services:
7.1 Azure Logic Apps Integration Service Environment is retired as of August 31, 2024
In August 2021, Azure announced that?Cloud Services (classic)?would retire
on August 31, 2024. As Azure Logic Apps Integration Service Environments (ISE) run on Cloud Services (classic), we announced that they would retire on the same date. Now that we have passed that date, decommissioning of the ISE workflow hardware has begun, which may affect the availability and performance of your apps and data.??
Starting September 1, 2024, Service Level Agreement (SLA) and Service Credits will no longer apply for Logic Apps workflows deployed in ISE environments that continue to be in production.?
Customers must complete migration to Logic Apps Standard immediately, or their apps and resources may be deleted. From September 1, 2024, your ISE Developer instances will become read-only, meaning no executions will occur, but Logic Apps deployed to these instances will remain available for export. Starting October 1, 2024, your ISE Premium instances will also become read-only. No executions will occur in these instances, but the deployed Logic Apps will still be exportable. So that you know, read-only instances will continue to incur standard charges. To avoid unnecessary costs, delete any instances that are no longer used.
Required Action: To avoid service disruption, please follow the?steps?to export your Logic Apps workflow from ISE to Logic Apps Standard as soon as possible.?
7.2 Migrating to TLS 1.2+ with the Deprecation of Outdated Security Protocols
On October 31, 2024, Azure Resource Manager will retire TLS 1.0 and TLS 1.1 support. After that date, any incoming calls to Azure using TLS 1.0/1.1 will fail. This is part of an?Azure-wide initiative to enhance security.
Required Action: To avoid service disruptions,?update TLS 1.2?and remove any dependencies on TLS 1.0/1.1 by?October 31, 2024.
Microsoft has compiled a series of recommendations and resources?to assist with your migration.
I appreciate you taking the time to read our newsletter. Your feedback is valuable to us, so please don't hesitate to share any suggestions you have for improving it.