Azure Announcements March 2018

azureIt’s been a few months since I wrote my last ‘Azure Announcements’ blog post so thought it would be worth sharing a number of features which I have my eye on.

Reserved Instances

VM’s we all love them, and guess what they will probably continue to be part of all public cloud deployments.

Certain IaaS VM’s that run applications such as Active Directory Domain Services will be on 24x7x365, why not reserve these instances and enjoy up to 82% savings versus Pay As You Go.

Essentially you commit to either a year or three years upfront.  The good news is, if anything changes you get an adjusted refund.

More details here.

Azure Network Watcher

Azure Network Watcher went GA on 29th January 2018.  A great tool to have in your toolkit, features include:

  • Connectivity Checks
  • Hop by hop latency
  • A graphical view from source to destination
  • Number of packets dropped

It also enables a connectivity check for ExpressRoute which is in preview.

More details here.

Cost Management

Monitoring spend in the cloud has always been a pain.  With the acquisition of Cloudyn last year, Microsoft have made consumption insights much easier.

  • Ability to schedule reports to be emailed to recipents
  • Carry Tags across to view application service or grouped component cost
  • Review ‘heavy hitters’ in terms of consumption

Great news is until June 2018, Cost Management is free.

More details here.

Azure Availability Zones (Preview)

This is a key features that customer have been crying out for (shame it’s still in preview).  Essentially Availability Zones protect from data centre level failures, something with Availability Sets do not currently do.

More details here.

Azure Migrate

To start the journey to public cloud services, you need to understand your application estate.  This is a process which should not be under estimated as many customer environments are poorly documented, application owners have left the business, operations and IT don’t really understand how an application is coupled together so trying to migrate anything but low hanging fruit often gets placed into the ‘too hard to deal with bucket’.

To counter act this, Microsoft have announced Azure Migrate which uses an application based approach for the following:

  • Discovery and assessment for on-premises virtual machines
  • Inbuilt dependency mapping for high-confidence discovery of multi-tier applications
  • Intelligent rightsizing to Azure virtual machines
  • Compatibility reporting with guidelines for remediating potential issues
  • Integration with Azure Database Management Service for database discovery and migration

More details here.

Just in Time Access (Preview)

Consider for a moment, the attack vector on your virtual machines.  You may have some ports exposed to the public internet , however these are likely to be protected using Next Generation Firewalls and perhaps even a DDoS scrubbing service from your ISP.

Perhaps the largest attack vector are your management ports such as SSH, RDP and WMI to name but a few.  When these ports are open, it allows anyone to try and obtain access  whether it is a authorised or not.

This is where ‘Just in Time Virtual Machine Access’ steps in to reduce your overall attack surface.  Access to management ports are closed and access is only granted from either trusted IP’s or per request.

More details here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s