In-Depth
What Microsoft Is Prioritizing with Azure Updates at Ignite: Multicloud, Security and Storage
Microsoft announced a range of new Azure features at this week's virtual Ignite conference, with several services moving out of public preview and into general availability.
- By Joey D'Antoni
- 11/03/2021
Microsoft Azure is constantly changing, and there's always a steady flow of updates. However, the 2021 Microsoft Ignite conference, taking place virtually this week, introduces some interesting changes.
Below is a summary of the news that I thought would be of particular interest. You can find the complete list of Ignite announcements here.
Faster and Bigger Data
Let's talk about what's brand-new in Azure with a lean toward data.
In my column on Tuesday about the just-announced SQL Server 2022, you learned about some of the forthcoming changes to Azure SQL Managed Instance. Beyond the changes mentioned in that article, Microsoft announced that Managed Instance is growing from a maximum volume of 8TB to 16TB in both general-purpose and business-critical service tiers.
Managed Instance is also moving to newer hardware, supporting more memory per core to provide greater overall throughput. Also, Kerberos authentication is now supported without code changes. I'd be curious to see if this Kerberos authentication shows up in any other Azure PaaS services.
Azure Synapse Analytics (formerly known as Azure SQL Data Warehouse) introduces real-time analytics for telemetry, time series and log data. This functionality is known as Azure Synapse Data Explorer. As part of this capability, there are specific engine optimizations for analyzing this time series data. Additionally, the Synapse Link for SQL Server 2022 functionality allows customers to sync tables from their SQL Server workloads in real-time to tables in Synapse without bulky ETL processes and minimal latency of reporting. This allows customers to report in real-time against operational data, without impacting those operational workloads.
More Storage Throughput
One of the challenges of running large workloads on cloud virtual machines (VMs) is the amount of storage throughput. While on-premises, VMs can commonly reach 4,000MB and even 8,000MB per second of storage (MBPS) throughput, typically over a fibre-optic connection. In Azure VMs, this number has typically topped out at 2,000 MBPS, and to get that level of throughput you had to provision some of the largest VMs. While there is a storage-optimized VM series (Lv2) with that level of throughput, the storage in those VMs is ephemeral (meaning the data is lost when the machine is de-provisioned), requiring elaborate high-availability to ensure data protection.
At Ignite, Microsoft announced a preview of the Ebs v5 series of VMs, which will have a high memory-to-CPU ratio and support for 120,000 I/O operations per second (IOPs) at that magic 4,000 MBPS bandwidth to remote storage. Enhanced storage throughput will be a terrific addition for data-intensive workloads like busy database servers.
Another interesting VM feature, Automanage for Windows Server, has introduced some new features, including the ability to apply security patches without rebooting, secure file server access over untrusted networks without a VPN, and the ability to migrate VMs to Azure while preserving their original IP addresses.
Better Network Management
One of the challenges faced by cloud administrators in large organizations is managing Azure virtual networks across subscriptions.
Azure Virtual Network Manager is now in preview. It allows for administrators to quickly build complex networks across subscriptions, and provides templates for building complex network topologies like mesh and hub-and-spoke, including security rules to secure that traffic.
Beyond this new toolset are some other network enhancements to ExpressRoute, including IPv6 and network performance enhancements. There are also some improvements to the Azure Bastion service, which allows administrators to log in to secured VMs securely through the Azure portal.
Let's Break Some Stuff
Years ago, Netflix introduced a concept to the technology world called "chaos engineering," then took it a step further by building a tool called "Chaos Monkey" that randomly terminated production workloads so development teams could design their workloads to be fault-tolerant.
At Ignite, Microsoft introduced a new service called Chaos Studio, a fully managed service that allows you to use prebuilt faults to replicate various types of failure in your application. You will also have the ability to limit the scope of Chaos Studio's impact to prevent any production outages.
A More Secure Defender
Microsoft has rebranded its Azure Security Center and Azure Defender offerings to Microsoft Defender for Cloud, and has enhanced its support for multicloud. The service has removed any dependencies on the Amazon Web Services (AWS) Security hub, and can now assess AWS configuration as part of its baseline security standards, and includes support for AWS' managed Kubernetes service. These assessments will be included in Microsoft Secure Score, which will allow IT security teams to have a single place to view security across cloud environments.
Beyond the multicloud support, Defender has also introduced support for enterprise IoT devices such as Voice over Internet Protocol (VoIP) phones, smart conferencing systems and building automation. These IoT systems are notorious for lacking good security challenges (the long-running joke is that the "s" in "IoT" stands for "security"). This integration can also protect industrial control systems, which is important in the age of ransomware.
Microsoft Defender for Business, Microsoft's antivirus offering, will provide endpoint security across all platforms (mobile, Windows and Mac), with promises of a better antivirus experience. It leverages the endpoint detection and response features that Azure Sentinel contains. This service will be coming into preview in the coming weeks.
Confidential Computing
Earlier this year, Microsoft introduced secure enclaves for Azure SQL Database, which allows for deeper levels of encryption for database workloads. That technology is built on top of Azure confidential VMs. At Ignite, Microsoft is introducing confidential VMs built on both AMD EPYC 3 and Intel SGX processors, with larger encrypted memory offerings.
Microsoft has also installed a trusted boot process into all Azure generation 2 VMs to protect against advanced attack techniques.
Ignite is always overwhelming in terms of announcements, and the virtual nature of this year's event makes it feel even more so. A main theme of the event is growing support for multicloud; we're seeing Microsoft extend support for services that can run anywhere, like Azure Arc, and updating tools like Defender to better support multicloud. The event also underscores Microsoft's emphasis on security -- obvious in light of the growing threat of ransomware. Finally, you can see Microsoft building support for larger workloads that previously might not have been able to run on the cloud.
About the Author
Joseph D'Antoni is an Architect and SQL Server MVP with over two decades of experience working in both Fortune 500 and smaller firms. He holds a BS in Computer Information Systems from Louisiana Tech University and an MBA from North Carolina State University. He is a Microsoft Data Platform MVP and VMware vExpert. He is a frequent speaker at PASS Summit, Ignite, Code Camps, and SQL Saturday events around the world.