Azure Virtual Machine Service Gets Isolated and GPU Size Options
Microsoft expanded its Azure Virtual Machine (VM) sizes this month with new isolated and GPU offerings.
On Monday, Microsoft announced two new VMs, "E64i_v3" and "E64is_v3." The "E" part of the name stands for "extra RAM," while the "i" indicates "isolated." While these VMs get the "i" nomenclature, Microsoft offers a number of other isolated Azure VMs that don't use the "i" designation. These two new VMs are designed for "workloads that require a high degree of isolation from other customers for compliance and regulatory requirements," the announcement explained.
Azure datacenters are shared infrastructure with "multitenancy" for customers, unless the customer uses some kind of a dedicated offering, an expensive option. Azure Active Directory and tenant container technologies are used to keep customer identities and data separate, as described in this Microsoft Azure document.
The new isolated VMs offer greater isolation in some undescribed way. They have the "exact same performance and pricing structure as their cousins E64_v3 and E64s_v3" and use "Intel Xeon Processor E5-2673 v4 2.3GHz hardware," Microsoft explained. Since they are based on specific Intel hardware, Microsoft will maintain them "until at least December 2021." Customers will get 12 months advance notice before Microsoft switches out the hardware.
The isolated VM versions are currently available in the same regions as their cousins and can be ordered today using the "on-demand portal." On May 1 of this year, they will be available as part of Microsoft's "one-year Reserved VM Instances" plan, which promises discounts to organizations that make upfront payments. Microsoft uses "consumption recommendation APIs" to estimate the cost savings for organizations wanting to use Reserved VM Instances, Microsoft previously explained.
Last week, Microsoft announced that its NCv3 Azure VMs reached "general availability" (GA), meaning that they're deemed ready for production use. The "C" in NCv3 stands for "compute." These VMs use Nvidia's Tesla 100 graphic processing units (GPUs), and are designed for high-performance computing, artificial intelligence and machine learning kinds of workloads.
The NCv3 Azure VMs are at the GA stage in the "US East region," and they'll be coming to "EU West and US South Central later this month," the announcement explained. In April, the NCv3 Azure VMs will be available in "AP Southeast." In May, they'll be available in "UK South and IN Central."
Microsoft also is planning to expand its NV Azure VMs using Nvidia Tesla M60 GPUs in the "US East 2, US Gov Virginia and Central India regions." The "V" in the product name stands for "virtualization."
The ND Azure VM series using NVIDIA Tesla P40 GPUs will be coming to the "US South Central, AP Southeast, US East and EU West regions." The "D" in the name indicates "deep computing."
Azure Just-in-Time VM Access
If that weren't enough VM news, Microsoft also announced this month that Azure Security Center now has "Just-in-Time VM Access," a security feature for IT pros that has reached the GA stage. It's part of Azure Security Center with the Standard offering.
Just-in-Time VM Access allows organizations to enable "controlled access" to Azure VMs by IT personnel.
"When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed," the announcement explained. "The policy helps you stay in control of what users can do when they request access."
Users of Azure Just-in-Time VM Access can see which Azure VMs are protected under this scheme and which lack protection. Access requests by users get recorded in the Azure Activity Log for auditing purposes.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.