Azure is the only cloud that enables speed while maintaining control through Azure Governance capabilities.
Please read the full blog.
The ACS Engine provides users two ways to deploy Kubernetes to Azure Stack, recently certified as a Kubernetes Cloud Provider:
- Marketplace: Users simply fill out a few parameters to deploy a Kubernetes cluster to the Azure Stack
- Command Line: Users download the ACS-Engine tool from GitHub, specify a few parameters for a custom Kubernetes cluster definition that generates an ARM template and deploy it to Azure Stack
For more information about deploying Kubernetes on Azure Stack, visit:https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-solution-template-kubernetes-deploy
To download the ACS Engine tool and to learn about its capabilities, visit https://aka.ms/azsacseng.
Application Gateway is pleased to announce public preview of autoscaling functionality as part of the new zone redundant SKU, in all public Azure regions. With this support, customers no longer need to choose an instance count or size when deploying Application Gateways. Customers can now deploy an autoscaling Application Gateway which can scale up or down automatically based on application traffic load requirements. Autoscaling also takes into account zonal resiliency and spreads its instances across Azure Zones to provide higher resiliency, availability and scale. In addition, application gateway natively integrates with autoscaling backend like VMSS, thus providing end to end elastic experience to the customer.
Perched at the edge of Microsoft’s global network, Azure Frontdoor service’s global anycast based network of “battle-tested” POPs located close to end users hosts your domain and offloads SSL, protects against DDoS, reduces latency and increases throughput for dynamic global web applications.
You can also easily scale-out and join your distributed microservice backends into a single, global application using HTTP load balancing and path-based routing rules. Automate turning up new regions and scale-out with API-driven global actions and independent fault-tolerance to your back end microservices in Azure—or anywhere.
To help keep your service safe, Azure Frontdoor service stops network and application layer attacks at the edge with global application firewall and built-in DDoS protection.
Azure Frontdoor is your one secure entry point for delivering globally performant highly scalable apps.
For more information please visit the Azure Frontdoor service overview page.
We are announcing the Public Preview of new Azure Managed Disks SKUs with greater storage capacity and increased performance. We are increasing the sizes and throughput associated with our Azure Managed Disks offerings. Specifically:
- All existing Azure Managed Disk offerings (Premium SSD, Standard SSD and Standard HDD) will now feature 8, 16 and 32 TiB disk sizes
- Premium SSD performance will now reach up to 20,000 IOPS and 750MBps
- Standard SSD and Standard HDD performance will now reach up to 2,000 IOPS and 500MBps
These capabilities will allow our customers to significantly expand storage capacity while simplifying management and achieving better performance. We are now in public Preview in the West Central US region and we plan to include additional regions in the near future.
We’re extending Azure Site Recovery to support the failover of applications running within Azure. The features you’ve used for replication and disaster recovery from on-premises to Azure are now available from one Azure region to another. You can create recovery plans and test failovers, between Azure regions, and replicate your applications to any other region. Set up Azure-to-Azure site recovery in a few minutes and have full confidence that it meets your compliance needs.
Learn more about Azure Site Recovery between Azure regions.
- One metric, One log and One alert – A consistent, consolidated experience for metrics, logs and alerts across all tools
- Insights for resource groups – Shows the state of all resources in a resource group in a single view. It is the full stack view that you always wanted! If your application has any issues – whether it be in the code, or a container or a VM or anything else, you should see it immediately in the resource group view.
- Insights for virtual machines – Provides an in-depth view of all your VM’s. You can get the performance and a map of the dependencies and interactions between VMs and other services (if you liked the Service Map feature, you will love this new Map view!). Plus, we are introducing a new notion of health for VM’s.
In addition to these features, we are announcing several more exciting new capabilities. Read our blog post to learn more.
Ultra SSDs can deliver unprecedented and extremely scalable performance with sub-millisecond latency for business-critical workloads:
- Choose a disk size from 4GiB up to 64 TiB
- Achieve the optimal performance you need per disk even at low storage capacities
- Scale performance up to 160,000 IOPS and throughput up to 2 GB/s per disk without restarting your virtual machines using our flexible and innovative architecture
Please note that while in Public Preview the offering may not be available in all regions.
We are happy to announce that the Azure CDN Standard Microsoft tier is now GA within the Azure CDN ecosystem of CDNs.
Azure CDN Standard Microsoft makes Microsoft’s own global Edge and CDN network available to you. Now with 62 locations in 57 countries with 16 regional caches strategically placed on Microsoft’s global network, Azure CDN Standard Microsoft enables more consistent, more predictable cache fill performance by providing direct access to your content in Azure from each CDN edge location. With new features such as on-by-default Regional Caching and Bring-your-own-SSL Certificate you have more options to better tailor your services, improve performance and reduce load on your origins.
We are announcing the Public Preview of NVv2 Azure Virtual Machines, which have been architected to support remote visualization workloads and other graphics intensive applications.
The new NVv2 will feature up to 448GiB of RAM – twice the amount of memory present in the prior NVv1 generation – and are backed by the NVIDIA Tesla M60 GPU. The NVv2 VMs also support Premium SSDs.
As detailed in the announcement blog post, the Public Preview of Azure Digital Twins is another step taken in the direction of addressing our customers’ needs and helping them navigate their digital transformation through IoT.
Additionally, a feature available only in the Virtual WAN will enable the ability for branches to access resources connected to the ExpressRoute circuit and vice-versa. This enables a new class of capabilities between branches connected over VPN and sites, VNets, and customer premises connected over ExpressRoute.
- Unique hybrid capabilities with Azure: Extend your datacenter to Azure to maximize existing investments and gain new hybrid capabilities.
- Advanced multi-layer security: Elevate your security posture by protecting the datacenter starting with the Operating System
- Faster innovation for applications: Enable Developers and IT Pros to create cloud native, modernize their traditional apps using containers and micro-services
- Unprecedented Hyper-converged Infrastructure: Evolve your datacenter infrastructure to achieve greater efficiency and security.
Network packet brokers or aggregators: Gigamon, Bigswitch, Ixia,
Security tools: ExtraHop, Fidelis Cybersecurity, Nubeva
Application and Network Performance management tools: Netscout
ExpressRoute Direct will allow you to find the best location or locations where you require 100Gbps of capacity, generate a letter of authorization to physical connect in our peering location, complete physical testing of ports, and create many circuits on the physical ports.
ExpressRoute provides customers with the ability to privately connect utilizing a service provider in our over 50 peering locations to a either a virtual network or a Microsoft public service, like Azure SQL or Storage. This provides customers with increased reliability and speed, lower latency, and private connectivity bypassing the Internet and connecting to Microsoft’s global network.
ExpressRoute Direct changes the way that customers access public cloud at hyperscale with the fastest private edge connectivity in the world.
Application Gateway is pleased to announce Public Preview of a new zone redundant SKU in all public Azure regions. Customers can now deploy a single Application Gateway whose instances are spread across multiple Azure Zones, offering customers increased zone failure resiliency and high availability. Customers can choose to deploy into single or multiple zones during provisioning time in Azure regions where Zones are available.
This SKU also offers customers better provisioning and update time as well as up to 6 times increase in SSL termination performance! Support for Static VIP is also available by default in this SKU. Customers can avail benefits of above features by choosing this SKU in all public Azure regions. In regions where Azure Zones is not available they will not be able to use zone redundancy, but still be able to avail benefits of other features of this SKU.
The new SKU is available with portal, PowerShell, CLI, and ARM templates support. This platform would also support autoscaling, which is currently in preview form. All customers would benefit from moving to the newer platform which will offer many more enhancements in future.
As detailed in the blog post announcing the release, the new recommendations will advise you when you could boost performance for Azure SQL Data Warehouse by creating or updating table statistics and correcting data skew in your tables, better protect your data from accidental deletion by enabling soft delete on Azure Storage blobs, take advantage of the latest security features and more by migrating to Azure Resource Manager from Azure Storage accounts, and avoid single points of failure with Azure ExpressRoute circuits when using Microsoft Peering for Office 365. We have also enabled a tighter integration between the Azure Virtual Machines experience in the Azure portal and Advisor and started surfacing Advisor cost recommendations in Azure Cost Management.
As detailed in the blog post announcing the release, you will now be able to configure alerts to notify you via email, SMS, push notification, webhook, and more when changes in the health status for individual resources occur, so you can stay better informed about the availability of your resources minute by minute and whether an issue is due to a problem on the Azure side or your own.
To learn more, please read the announcement blog.
|Azure Functions now supports Python development using Python 3.6 on the Functions v2 (cross-platform) runtime. You can now use your Python code and dependencies on Linux-based Functions, or build/publish a Docker container, while enjoying an end-to-end development experience – build, debug/test, publish – using local tooling, such as Functions CLI and VS Code.|
The Mitigation Report will provide a summary of the details at the end of the DDoS attack. This will contain the details of the traffic that was mitigated. Customers can turn on mitigation reporting for the specific VIPs they want to receive the report by enabling the diagnostic settings on the VIP. We will provide an incremental report every 5 minutes, summarizing the mitigation in that 5 minutes; and provide a post-mitigation report when the attack and mitigation stops.
Existing Azure DDoS Protection customers can use the features at no additional cost.
For more information, including pricing details, please visit the Azure DDoS Protection documentation page and Pricing page.
You can now enable Connection Monitor and Connection Troubleshoot with Application Gateway as the source and monitor your connectivity from your Application Gateway to any Destination (Virtual Machine, URI, FQDN, IPv4 Address)
Connection Monitor and Troubleshoot can either be initiated from Portal or through REST API, PowerShell, CLI and SDK.
Customers can use this capability to route traffic to endpoints that do not have a DNS name associated with them. Furthermore, this also decreases the overall DNS lookup latency by removing the need to do a second DNS query to get an IP address of a DNS name returned.
This feature is now generally available and there are no additional costs to use it.
One of the ways in which this new capability benefits customers is by having health checks to endpoints in a multi-tenant environment be routed correctly to their destination. Another way this helps customers is by adding unique headers that can be used to identify Traffic Manager originated HTTP(S) requests and processes them differently.
This feature is now generally available and there are no additional costs to use it.
Specifically, we are announcing:
- General availability of the ACR build feature: ACR Build enables inner-loop development in the cloud with on-demand container image builds, and automated builds on source code commit and base image update. You can trigger container image builds automatically when code is committed to a Git repository, or when a container’s base image is updated. With base image update triggers, you can automate your OS and application framework patching workflow, only available with Azure, to maintain secure environments while adhering to the principals of immutable containers.
- Public preview of the ACR Tasks feature: As customers build and patch their containers, testing before deployment is key to managing a secure and stable environment. With tasks, customers can define a series of steps to build, validate and deploy their applications and services.
- Public preview of ACR support for Docker’s content trust model: Consumers of the container images need to be able to verify both the publisher (source) of the data, as well as ensure it’s not been modified after it was published (integrity). Today, Azure Container Registry supports both by implementing Docker’s content trust model, only available with Azure. As an image publisher, content trust allows you to sign the images you push to your registry. Consumers of your images (people or systems pulling images from your registry) can configure their clients to pull only signed images. When an image consumer pulls a signed image, their Docker client then verifies the integrity of the image. In this model, consumers of the container images are assured that the signed images in your registry were indeed published by you, and that they’ve not been modified since being published.
- Public preview of Helm repositories – As customers deploy multi-container applications, Helm has evolved as the defacto standard to describe Kubernetes-based applications. With Helm repositories, customers can push their Helm Charts to ACR, providing a single source of truth for their images and deployment definitions running in Kubernetes.
- Public preview of Open Container Initiative (OCI) Support– ACR now supports OCI image format. Using projects like BuildKit, customers can build and push OCI formatted container images.
You can learn more from Azure Container Registry blog.
Azure IoT Hub | Device Provisioning Service additional capabilities
The latest major wave of functionality to automate device provisioning is now available in preview. We’ve taken your feedback on Device Provisioning Service, made changes, built features, and are happy to make the following features available in preview:
- Increased limit on number of CA certificates stored
- Increased limit on number of enrollments
- Symmetric key attestation support
- Re-provisioning support
- Enrollment-level allocation rules
- Custom allocation logic
You can now deploy VPN and ExpressRoute gateways in Azure Availability Zones. This physically and logically separates them across different Availability Zones protecting your on-premises network connectivity to Azure from zone-level failures. Additionally, we have made fundamental performance improvements including reducing the deployment time to create a virtual network gateway.
Enhancements to ExpressRoute monitoring capabilities in NPM, enables discovery and monitoring of multiple ExpressRoute circuits that may be distributed across several subscriptions belonging to an enterprise.
Enterprises with multiple branches connecting to their workloads in Azure via ExpressRoute, can now onboard all ExpressRoute circuits into
NPM, with a single click. Bandwidth utilization data is available for each peered VNet, without the need for agents, in each of the VNet.
NPM is now available in East Japan region. The complete list of regions is available online.
This new ability allows you to declare which public IP or public IP prefix should be used for outbound connectivity from your virtual network. You can modify the default SNAT port allocations to fine tune your scenario. New configurable outbound idle timeouts and bidirectional TCP Resets on outbound idle timeout provide more control and real time release of idle connections for more predictable application behavior.
Outbound Rules can be managed through Resource Manager templates, CLI, and PowerShell.
For more information, including pricing details, please visit the Azure Load Balancer Outbound Rules page.
Outbound rules charges as part of load balancing rules.
This new ability allows you to visibility into when Standard Load Balancer terminates connections due to idle timeout. When enabled, Standard Load Balancer will generate a TCP Reset packet to the client and server side of a TCP connection on idle timeout. This allows applications more predictable behavior and detect the termination of a connection, remove expired connections, and initiate new connections.
TCP Resets can be enabled on Standard Load Balancers using Resource Manager templates, CLI, and PowerShell.
For more information, including pricing details, please visit the Azure Load Balancer TCP Reset page.
These headers can be specified at a profile level to be applicable for all endpoints in that profile and / or at an endpoint level applicable only to that endpoint.
This will help customers load balance across endpoints that may respond with response codes other than the default value while being healthy.
This feature is now generally available and there are no additional costs to use it.
This will help customers with increased reliability in their client applications since multiple healthy endpoints are returned and if any endpoint is not responding, the client can retry another endpoint without having to do a new DNS lookup or timeout.
This feature is now generally available and queries against a profile marked with this routing method is charged at the same rate as other routing methods.
- Reduced management overhead: A Public IP Prefix enables you to associate your Azure resources with public IP addresses from a fixed range. Having knowledge of the range ahead of time eliminates the need to change firewall rules as you assign IP addresses to new Azure resources. This significantly reduces management overhead when scaling out.
- Simplified IP address management: When using public IP addresses from a prefix, the static public IP address comes from a pre-determined range. This enables ease of management when building a network in Azure. Instead of having to keep track of individual IPs, customers now merely need to know the size of their Public IP Prefix
A feature overview and getting started examples will be available at http://aka.ms/publicipprefix
Combined with NSG service tags, this capability provides additional layer of security for VNets, allowing you to connect your VNets securely to access only specific service resources (say, Azure storage accounts)
The feature is available in preview for Azure Storage, in WestCentralUS and USWest2.
For more information, please visit the Azure Service Endpoint Policies overview page