All the latest Ignite 2017 Announcements plus heaps more on the latest Need to Know podcast.
Keep up to date with all the latest Azure announcements, what in and out of preview – https://azure.microsoft.com/en-au/roadmap
Microsoft have invested over $15 billion in building our global cloud infrastructure since they opened their first datacenter in 1989.
Azure Compute Announcements – Ignite 2017
- Virtual network service endpoints for Azure Storage and SQL Database are currently in Public preview. You can now secure Azure Storage and Azure SQL Database endpoints to only your virtual networks, by using virtual network service endpoints. Endpoints provide a direct connection from your virtual network to the Azure services, extending your virtual network’s private address space and identity to the services. Traffic from your virtual network to the services will always remain on the Microsoft Azure network backbone. More info.
- Burstable VM sizes, you have a baseline, if you normally run under this baseline, you build up credits, then when you need to with enough credits you can burst to higher CPU usage higher than the baseline. As an example, one of the ‘B’ VM family of VMs: Standard_B8ms this has 8 CPUs with 135% baseline performance shared across all of the 8 CPUs. If your application leverages 4 of the 8 cores working on batch processing and each of those 4 CPUs are running at 30% utilisation, you are only using half of the total amount of CPUs, so effectively only 15% utilisation calculated out across all the CPUs, so the total amount of VM CPU performance left over would be 120%. Meaning that your VM would be building credit time based on the 15% delta of the baseline performance. It means that when you have credits available, with this same VM you can use 100% of all 8 CPUs giving you a Max CPU performance of 800%.Preview today. More Info.
- Privileged Identity Management – Azure AD Privileged Identity Management (PIM) is already generally available for managing Azure AD roles. Now Azure AD PIM offers just-in-time role activation, access reviews and reports to Azure resources. This will help you address the challenges of large-scale IaaS administration.
- Ensure the right users are assigned to Azure subscriptions
- Control exposure of business-critical Azure assets by making users, either individually or via a group, eligible to activate a role to manage resources
- Limit how long a user can be activated in a role, and set an expiration date for a user’s or group’s role membership
- Get reports about users and groups with role assignments in Azure subscriptions, resource groups and resources, who activated their roles, and what users did in Azure while activated
- Let users take charge of their own role activity and requiring them to provide a justification or requiring that they authenticate with multi-factor authentication prior to when they need to activate a role
- Confidential Computing – Azure is the first public cloud provider to allow for a secure TEE (Trusted Execution Enclave) inside the Intel Skylake chip. A subset of operations running inside the CPU can be encrypted with a key which Microsoft don’t have access to. There’s several TEE’s Azure is launching with, one of them is Windows Server Virtual Secure Mode which is built into Hyper-V where Hyper-V protects an enclave so even an admin on a server can’t get access. The other TEE Azure are launching with is SGX (Software Guard Extension) which Intel pioneered.
- Prevent unauthorised data access
- Block admin malicious insider
- Enable new business (blockchain)
- More Info.
- Azure Migrate. A new service in preview that provides the guidance, insights, and mechanisms needed to assist you in migrating on-premises virtual machines and servers to Azure. Azure migrate leverages Service Map and the dependency agent. More Info.
- Adaptive threat protection, intelligent threat detection and response, investigation into security risks. Now there are Security Playbooks in the Azure Security Center which leverage logic apps. You are notified for any security risks like suspicious executables and then have the option to run play books (logic apps) to respond to security alerts. As an example, you can post a message to teams and log a ticket in ServiceNow all automatically. More Info.
- Azure Availability Zones With 42 announced regions worldwide (more than any other cloud provider) you can begin using Azure Availability Zones in preview for resiliency and high availability. Availability Zones are fault-isolated locations within an Azure region, providing redundant power, cooling and networking. Availability Zones allow you to run mission-critical applications with higher availability and fault tolerance to datacenter failures. Azure Availability Zones will come with a whopping 99.99% virtual machine uptime SLA when generally available.Availability Zones are now in preview in two regions, East US 2 in Virginia & West Europe in the Netherlands, and before the end of the year to additional regions in the US, Europe and Asia including the new France Central region in Paris. More Info.
- Global VNet Peering – currently in preview, Global VNet Peering enables peering virtual networks in different Azure regions. Traffic that flows through peered virtual networks never leaves the Microsoft backbone network. You can create a global, private peered virtual network through Global VNet Peering, enabling a variety of scenarios such as data replication, disaster recovery, and database failover through private IPs alone. Global VNet Peering is currently available in the following regions:
- US West Central
- Canada Central
- US West 2
- Azure Policy Center – this was around before, however now much easier in the portal. You can create policy definitions which deny, allow or audit activities in your subscription, then you can assign those policies to subscriptions, resource groups or resources which come into effect at the time of deployment. However now you can see any resources which are not in compliance.
- Azure SmartNIC – The Azure SmartNIC incorporates Field Programmable Gate Arrays (FPGAs), which enable reconfigurable network hardware. Through FPGA’s, it allows Microsoft to reprogram the hardware to meet new needs, as they appear — reprogramming, not redeploying hardware.
The graphic below, looking at the comparison between traditional on the left which is where you go through the virtual switch on the CPUs into the NIC, versus the FPGA acceleration on the right side where the CPUs are completely bypassed.
- New VM sizes for SQL & Oracle deployments (DS, ES, GS, and MS) which massively helps with CPU core based licensing. These VMs constrain the vCPU count to one half or one quarter of the original VM size, while maintaining the same memory, storage and I/O bandwidth. One of the biggest challengers with running SQL & Oracle, you want high memory and IO, but not as many cores. You can now use these new Azure VMs.More Info.
- SAP HANA on Azure – Largest SAP HANA system in the cloud – Support for SAP HANA applications – from S/4HANA to BW on HANA to Suite on HANA – with industry-leading, high-performance infrastructure and SAP-certified, on-demand virtual machines. Run SAP applications across dev-test and production scenarios in Azure – and be fully supported.
- Instances with memory from 768 GB to 20 TB
- 960 CPUs
- 99.99 percent Service-level Agreements (SLA) for high-availability pairs
- Cutting-edge Intel Xeon E7-8890 V4 processors
- Microsoft is now offering Blob storage accounts with up to 5PB (petabytes) of maximum capacity, a 10x increase. Both incoming and outgoing data can now move at up to 50Gbps and an increase of IOPS from 20,000 to 50,000 IOPS, a 2.5x jump. contact Azure Support to get your Blob storage accounts raised to these new limits.
Resource New Limit Max capacity for Blob storage accounts 5PB (10x increase) Max TPS/IOPS for Blob storage accounts 50K (2.5x increase) Max ingress for Blob storage accounts 50Gbps (2.5-10x increase) Max egress for Blob storage accounts 50Gbps (2.5-5x increase)
- Management Groups – If you have multiple subscriptions, you can organise them into containers called “management groups” to help you manage access, policy, costs, and compliance across your subscriptions.
- Organisational alignment for Azure subscriptions
- Targeted resource policy, access control and budgets
- Compliance, security and reporting by team
- New VM sizes Dv3, DSv3 and Ev3, ESv3 – These new sizes introduce Hyper-Threading Technology running on the Intel® Xeon Broadwell E5-2673 v4 2.3GHz processor, and the Intel® Xeon Haswell 2.4 GHz E5-2673 v3. Hyper-Threading enables parallelization, enabling a single physical core to process two threads of execution at once.Without Hyper-Threading, the quantity of physical cores Vs logical processors will be equal. With Hyper-Threading is enabled, the quantity of logical processors will be double to that of the physical cores. Each vCPU executes on a logical processor.By more grunt from the underlying hardware, Microsoft are able to provide better performance and efficiency, resulting in cost savings that are being passed onto customers. The new Dv3 and Ev3 sizes will be priced up to 28% lower than the previous Dv2 sizes.
The difference between Ev3 and Dv3 is that the Ev3 family of VMs offer twice as much RAM when comparing the the number of vCPUs in each family and in the premium family ESv3 and DSv3, the ESv3 offers a local SSD drive double the size to that of the DSv3 family of VMs.
The Dv3 and Ev3 sizes are some of the first VM’s to be running Windows Server 2016, which enable Nested Virtualisation and Hyper-V Containers. Other VM families which support nested virtualisation is the Azure M-Series of VM.
- ND & NCv2 VM sizes The ND-series, powered by NVIDIA Tesla P40 GPUs based on the new Pascal & NVLINK Architecture, is excellent for training and inference. These instances will provide over twice the performance over the previous generation for FP32 (single precision floating point operations), for AI workloads utilizing CNTK, TensorFlow, Caffe, and other frameworks.
- Top of the line GPUs for AI/ML
- nVidia Pascal generation P100 & P40s GPUs
- Azure Archive Storage – will be a low-cost cloud storage option for data that’s archived and rarely accessed. It will be highly durable and secure, enabling scenarios such as archiving data that could require it for many years like medical reports, compliance documents, and exchange mails.Archive storage will offer life-cycle management capabilities of moving between archival, and hot and cool storage.
- Azure Reserved VM Instances. Available later this year, you’ll will be able to reserve virtual machines on Azure for a one or three year term with significant cost savings of up to 82% over pay-as-you-go prices when combined with Azure Hybrid Benefit and up to 72% on all VMs. Simply select the VM type, term, and datacenter region, the compute resources will be available when and where needed. Improve budgeting with a single up-front payment while maintaining the flexibility to exchange or cancel at any time. More Info.
- VMSS – VM Scale Sets allow you to easily scale-out up to 1000 VMs in a scale set using managed disks. New things coming:
- Auto-OS upgrade
- IPv6 load balancer support
- Zone redundant VMSS
- Managed Disks, no storage account to worry about plus with encryption at rest. New things coming:
- Incremental snapshots
- Larger disk sizes
- Cross-subscription/region sharing
- Private repository – within a company, only specific people can get access to disks
- Azure free account, now available. A new Azure free account helps you dramatically try Azure. It comes with 12-months free access to a whole bunch of Azure services including compute, storage, database and networking, along with more than 25 always-free services, including Azure Automation (500 minutes), Log Analytics and Azure Functions. It also includes a $200 credit to be consumed within 30 days so you can try any other Azure service. More information at azure.com/free and Azure Free Account FAQ.
- Azure Reboot – global planned On-Demand maintenance is happening right across Azure.
- 2-4 week notice period
- You initiate the maintenance. When logging into the portal, you’ll see a notification against your VMs, you simply restart your VM at a time that is suitable for you – that’s it! Azure will ensure your VM will come up on another host that’s already been updated
New submarine cable
Only days ago they completed the MAREA transatlantic subsea cable, the latest addition to Microsoft’s global network. MAREA is a joint project between Microsoft, Facebook and Telxius. It represents our latest infrastructure initiative to support customer demand and service innovation across the globe. MAREA is the highest-capacity cable to ever cross the Atlantic, and the first to connect Virginia and Spain. It will help support the growing demand for high speed, reliable connections to the U.S. and Europe, including our newest Azure regions coming to France, and beyond.
How Microsoft builds its fast and reliable global network
Every day, customers around the world connect to Microsoft Azure, Bing, Dynamics 365, Office 365, OneDrive, Xbox, and many other services through trillions of requests. These requests are for diverse types of data, such as enterprise cloud applications and email, VOIP, streaming video, IoT, search, and cloud storage.
Customers expect instant responsiveness and reliability from our services. The Microsoft global wide-area network (WAN) plays an important part in delivering a great cloud service experience. Connecting hundreds of datacenters in 38 regions (42 announced) around the world, Azure’s global network offers near-perfect availability, high capacity, and the flexibility to respond to un-predictable demand spikes.
Azure relies on three guiding principles:
- Be as close as possible to our customers for optimal latency.
- Stay in control of capacity and resiliency to guarantee that the network can survive multiple failures.
- Proactively manage network traffic at scale via software-defined networking (SDN).
- Azure is as close to customers as possible
Data travels over Microsoft’s network at nearly the speed of light. Azure uses innovative software to optimise network routing and to build and deploy network paths that are as direct as possible between customers and their data and services. This reduces latency to the limits imposed by the speed of light.
Customer traffic enters our global network through strategically placed Microsoft edge nodes (Microsoft’s Points of Presence). Microsoft’s POPs (Points of Presence) are located in more than 130 locations. Azure ExpressRoute can be used to create private network connections to Azure, Dynamics 365, Office 365, and Skype for Business which bypass the Internet and offer more reliability, faster speeds and low latency. You can connect to Azure at an ExpressRoute location at specific Microsoft edge sites, such as an Internet exchange provider facility, or by using a Multi-Protocol Label Switching (MPLS) provided by a network service provider.
Azure traffic between our datacenters stays Microsoft’s network and does not flow over the Internet. This includes all traffic between Microsoft services anywhere in the world. For example, within Azure, traffic between virtual machines, storage, and SQL communication traverses only the Microsoft network, regardless of the source and destination region. Intra-region VNet-to-VNet traffic, as well as cross-region VNet-to-VNet traffic, stays on the Microsoft network.
For example, customers can connect to a local ExpressRoute site in Dallas and access virtual machines in Amsterdam, Busan, Dublin, Hong Kong, Osaka, Seoul, Singapore, Sydney, Tokyo, (or any of our datacenters) and the traffic will stay on our global backbone network. We have 37 ExpressRoute sites, and growing, with one near each Azure region, as well as other strategic locations. Every time we announce a new Azure region, like we recently did in Korea, you can expect that ExpressRoute will also be there, along with our global ecosystem of ExpressRoute partners.
The general availability of Service Fabric on Linux
Azure Service Fabric is the foundational microservices and orchestration platform that powers core Azure infrastructure which Microsoft has been working on since 2007. It went into production for the first time as the foundation for Azure DB. Other services that runs on Service Fabric are Bing, Cosmos DB, Skype for Business, Service Bus, Event Hubs, Intune, Event Hubs, Event Grid, Power BI, Cortana and more. Service Fabric is a general purpose hosting platform, supporting containers, PaaS based solutions, serverless functions in a container and now you can run Azure Container Instances on top of Service Fabric. Service Fabric supports the deployment of Docker containers on Linux, and Windows Server containers on Windows Server 2016.
Previously Service Fabric was just Service Fabric for Windows only, and recently announced is the general availability of Service Fabric for Linux for container orchestration in all regions. You can now run containerised applications on Service Fabric for both Windows Server and Linux. Microsoft currently support Ubuntu 16.04 for the Linux clusters with other Linux OS’s including Red Hat Enterprise Linux are on the roadmap.
The runtime experience on Linux is identical to what you are familiar with on Windows as they use the same codebase using runtime v6.0 and SDK v2.8.
Azure File Sync
The preview of a great new feature in Azure Files that enables you to get the best of both the cloud and on-premises worlds: Azure File Sync. Azure File Sync keeps your Azure File share in-sync and the ability to tier files with on-prem Window File Servers. It enables you to keep only the newest and most recently accessed files locally as well as the ability to see and access the entire namespace through seamless cloud recall. With Azure File Sync, you can effectively transform your Windows File Server into an on-prem tier of Azure Files.