This weeks Azure updates & news. This time around the big news is WPC (Worldwide Partner Conference) in Toronto Canada where most announcements occurred.
Next year WPC will be in Washington DC.
Don’t forget, Azure news can also be heard on the ‘Need to Know‘ podcast with Robert Crane and myself.
New Azure Regions
Just in case you didn’t think there was already enough Azure regions in the US, there’s now two new regions that have just opened for business, US West 2 & US West Central Region. This takes the total Azure region count in the US to a total of 10, which includes the two government regions.
So in total:
- 34 Azure regions have been announced so far
- 26 regions are generally available
Azure SQL Server Stretch Database | Generally Available
With the news of the release of SQL Server 2016 last month, we mentioned that one of the features of SQL Server 2016 is a stretch database. It is a technology that aims to reduce storage costs while keeping large amounts of historical data available for querying in Azure.
The most recent announcement is the fact that you can now use Stretch Databases for Azure SQL and is available in Australia Azure regions.
You can:
- Stretch both warm and cold transactional data from Microsoft SQL Server 2016 to Azure SQL
- Scale up or down as needed
- Doesn’t require any application changes
- Use Stretch Database with new Always Encrypted technology
More info: https://azure.microsoft.com/en-us/services/sql-server-stretch-database
Azure SQL Database with Always Encrypted | Generally Available
To coincide with the Azure SQL stretch database and also to shut people up who complain about not trusting Microsoft with hosting their data comes the general availability of ‘Always Encrypted‘. This is a pretty cool service which encrypts both ‘data at rest‘ and ‘data in transit‘ – encrypted for the entire time that the data is sitting on the server. The people who own the data are the only ones that have the key, they can decrypt and gain access to the data. In fact it’s done transparently by the application by an Always Encrypted driver installed on the client computer. It automatically encrypts and decrypts sensitive data seamlessly while using the client application.
Best of all, Always Encryped works with Azure SQL stretch databases.
Now there’s no security based excuse not to host SQL data in Azure.
Name Change
The popular Enterprise Mobility Suite has a name change to Enterprise Mobility + Security.
- The existing Enterprise Mobility Suite becomes Enterprise Mobility + Security E3, with no change for existing EMS customers.
- A new expanded plan will be generally available in Q4 2016 and known as Enterprise Mobility + Security E5.
- The existing Azure AD Premium becomes Azure AD Premium P1, with no change for existing customers.
- Azure AD Premium P2 will be generally available later in Q3 2016 which includes all the capabilities in Azure AD Premium as well new features like Identity Protection and AD Privileged Identity Management.
- We discussed last time that Azure Rights Management + Secure Islands becomes Azure Information Protection
- The existing Azure Rights Management Premium becomes Azure Information Protection Premium P1, generally available in Q4 2016, with no change for existing Azure RMS customers
- A new P2 tier offer adds automatic classification, labeling and everything else included in Azure Information Protection Premium P1.
Azure AD Privileged Identity Management
Azure AD Privileged Identity Management adds new security features like Just in time admin to Azure AD. Not only this, you can now easily manage, control and monitor access to all admin identities in Azure AD which is the directory for both Azure and Office 365. You can now fully manage admin access to all the built-in Azure AD roles such as Global Admin or Service Administrator.
- Easily see which users are Azure AD admins
- Get reports about administrator access history and changes in administrator assignments
- Get alerts about access to a privileged role
- Easily see which accounts are setup for Multi-Factor Authentication
This introduced a new concept of an ‘eligible admin’. Eligible admins should be users that need privileged access now and then, but not every day. The eligible admin role is inactive until the user needs access, they complete an activation process and become an active admin for a predetermined amount of time.
It’s all managed by the Azure Ibiza portal where you can also see a break down on the amount of eligible admins versus normal admins.
Azure Stack release details
Azure Stack had an announcement at WPC 2016. Microsoft say Azure Stack will be released half way through 2017. However the product will be released as a turn-key solution similar to buying a car and will come in a complete package all pre-built from the software down to the hardware layer. When Microsoft say that Azure Stack is just like Azure in your own datacenter, they’re not kidding. What’s more, the 3 vendors they announced that would sell Azure Stack appliances at the time of launch will be HP Enterprise, Dell and Lenovo. It sort of makes sense as these players have the best experience with their hardware being vetted and have proved their reliability in Azure. It’s no secret that Azure has a mix of Dell and HP servers in their public datacenters and as Lenovo is Chinese, there’s speculation that Lenovo have their IBM servers in Azure China run by 21Vianet.
New Azure VMs for for Australia
At the beginning of 2015, Azure announced general availability in the US for new G-Series of virtual machines which offer up to 32 CPUs using the latest Intel® Xeon® processor E5 v3 family, 448GB of memory and a local SSD drive up to 6.59 TB.
Now the G-series of virtual machines are available in Australia East. This includes both the G & GS series. The difference being, the GS series has the allowance for you to attach premium SSD based storage accounts.
Marc Kean 