Azure Announcements (February 2023)

Microsoft Azure, being a constantly evolving, updating and changing environment, makes it difficult to sometimes follow all that happens around it. I will try to condense some of the announcements based on status – generally available, preview or update features.

Be aware that generally available features/updates might incur costs. Anything that is part of a public preview, does not incur any costs, but also does not have Service-Level Agreement (SLA) attached to it.

Previous articles:

Cloud Section (Ituziast)

Blogs

Scale Azure Firewall SNAT ports with NAT Gateway for large workloads

Encountering source network address translation (SNAT) port exhaustion is a common issue when dealing with large-scale outbound traffic. For each new connection made to the same destination endpoint over the internet, a new SNAT port is utilized. Once all SNAT ports are used up, it results in port exhaustion. Environments that necessitate frequent connections to the same destination, such as accessing a database hosted in a service provider’s data center, are particularly vulnerable to this issue. Customers who want to connect outbound to the internet should not only consider potential risks such as SNAT port exhaustion, but also how to safeguard their outbound traffic.

Separate the Azure Firewall from the production workloads in a hub and spoke topology and attach NAT gateway to the Azure Firewall Subnet in the hub virtual network. Once configured, all outbound traffic from your spoke virtual networks is directed through NAT gateway and all return traffic is directed back to the Azure Firewall Public IP to maintain flow symmetry.
Architecture diagram of Azure Firewall and NAT Gateway

Azure Firewall is a sophisticated security service designed to safeguard cloud infrastructures from new and evolving cyber threats through network traffic filtering. All outbound internet traffic routed through Azure Firewall is thoroughly examined, fortified, and subjected to source network address translation (SNAT) to mask the original client IP address. To enhance outbound connectivity, Azure Firewall can be expanded by associating multiple public IPs with the service.

Additional information:

Link to blog
What is Azure Virtual Network NAT? | Microsoft Learn
Azure Firewall documentation | Microsoft Learn
Scale SNAT ports with Azure Virtual Network NAT | Microsoft Learn
Tutorial: Integrate NAT gateway with Azure Firewall in a hub and spoke network – Azure Virtual Network NAT | Microsoft

6 ways to improve accessibility with Azure AI

Globally, more than one billion people live with disabilities and often confront obstacles in areas such as employment, education, and social inclusion. To tackle these challenges, Microsoft introduced a new five-year initiative in 2021, prioritizing three areas: creating more accessible technology, leveraging this technology to generate job opportunities for individuals with disabilities, and establishing a more inclusive work environment for disabled individuals. The objective is to narrow the disability gap and utilize the unexplored talent pool of disabled people. Digital technology can play a pivotal role in enhancing communication, interaction, and information accessibility for this community.

Microsoft and Azure AI provide various accessibility solutions to assist organizations in developing more inclusive experiences for their users. These solutions encompass speech transcription and captioning, content readers, translation services, voice assistants, facial recognition, and computer vision. These AI-driven tools can facilitate better access and engagement with digital content for individuals with disabilities, be it through speech-to-text transcription, image captioning, or text-to-speech translation.

Additional information:

6 ways to improve accessibility with Azure AI | Azure Blog and Updates | Microsoft Azure
Ability Summit | Home (microsoft.com)
Cognitive Speech Services – Text/Speech Analysis | Microsoft Azure
Immersive Reader – Immersion Reading Tools | Microsoft Azure
Translator – Translation Software as a Service | Microsoft Azure
Speech to Text – Audio to Text Translation | Microsoft Azure
Computer Vision | Microsoft Azure
Azure OpenAI Service – Advanced Language Models | Microsoft Azure

Automate your attack response with Azure DDoS Protection solution for Microsoft Sentinel

Azure delivers numerous network security products that aid organizations in safeguarding their applications: Azure DDoS Protection, Azure Firewall, and Azure Web Application Firewall (WAF). Customers can deploy and configure each of these services individually to heighten the security stance of their safeguarded environment and application in Azure. While each product offers distinct capabilities to tackle specific attack vectors, the most significant advantage lies in their combined power. These three products provide more extensive protection when used in conjunction. In fact, to combat contemporary attack campaigns, a product suite should be employed, and security signals from one service should be correlated with another to detect and prevent multi-vector attacks.

The latest addition to this portfolio is  Azure DDoS Protection Solution for Microsoft Sentinel. It allows customers to identify bad actors from Azure’s DDoS security signals and block possible new attack vectors in other security products, such as Azure Firewall.

Additional information:

Automate your attack response with Azure DDoS Protection solution for Microsoft Sentinel | Azure Blog and Updates | Microsoft Azure
Azure DDoS Protection Overview | Microsoft Learn
What is Azure Web Application Firewall on Azure Application Gateway? – Azure Web Application Firewall | Microsoft Learn
What is Microsoft Sentinel? | Microsoft Learn
New Azure DDoS Solution for Microsoft Sentinel – Microsoft Community Hub


General Availability Announcements

Apply Azure storage access tiers to append blobs and page blobs with blob type conversion

Azure Storage offers different access tiers. Access tiers include hot tier, cool tier, and archive tier. Azure Storage access tiers support only block blobs natively. When you need to save cost of storing append blobs or page blobs, you can convert them to block blobs. Blob type conversion along with tiering is now supported by PowerShell, CLI and AzCopy.

Additional information:

Generally available: Apply Azure storage access tiers to append blobs and page blobs with blob type conversion | Azure updates | Microsoft Azure
Best practices for using blob access tiers – Azure Storage | Microsoft Learn

Azure Kubernetes Service introduces two pricing tiers: Free and Standard

AKS’s unique Free tier allows you to only pay for the virtual machines, and associated storage and networking resources consumed. It provides the managed Kubernetes control plane for free. This allows you to deploy unlimited free test clusters. The Free tier is recommended for clusters with less than 10 nodes and for experimenting, learning, and simple testing. 

The new Standard tier is the recommended pricing option which comes with greater control, scalability and uptime support. Standard tier will also include additional features – support for up to 5000 nodes per cluster and API server autoscaling.

Additional information:

Generally Available: Azure Kubernetes Service introduces two pricing tiers: Free and Standard | Azure updates | Microsoft Azure
Introduction to Azure Kubernetes Service – Azure Kubernetes Service | Microsoft Learn
Azure Kubernetes Service (AKS) Free and Standard pricing tiers for cluster management – Azure Kubernetes Service | Microsoft Learn

Managed Run Command – Execute PowerShell or shell scripts on Virtual Machines and Scale Sets

The ability to manage VMs by remotely executing scripts has been improved with the updated  Managed Run Command feature. Now it’s possible to execute multiple scripts at the same time, manage their progress and persist the execution outputs. Scripts and parameters can be used in ARM templates to automate the deployment. For long running scripts, asynchronous mode is supported to prevent blocking the VM provisioning. 

  • RunCommand script timeout can be specified to manage the execution timeline. 
  • Scripts can run under different user accounts (default to system account or root if not specified). 
  • If the script output streams are expected to be large, external storage location can be specified to write the output directly. 
  • Its possible to execute multiple scripts at the same time or sequentially if they have a dependency on one another.

Additional information:

General Availability: Managed Run Command – Execute PowerShell or shell scripts on Virtual Machines and Scale Sets | Azure updates | Microsoft Azure
Run scripts in a Windows VM in Azure using managed Run Commands – Azure Virtual Machines | Microsoft Learn

Durable Functions support for .NET isolated model

This is an extension of Azure Functions that lets you write stateful functions in a serverless compute environment. 

Durable Function’s support for .NET 7.0 running in the isolated worker process is now generally available. Note that this release also supports .NET 6.0 and .NET Framework. 

Additional resources: 

Create your first C# durable function running in the isolated worker | Microsoft Learn
Overview of Durable Functions in the .NET isolated worker – Azure | Microsoft Learn
Guide for running C# Azure Functions in an isolated worker process | Microsoft Learn
Durable Functions Overview – Azure | Microsoft Learn

Azure SQL—General availability updates for mid-February 2023

In mid-February 2023, the following updates and enhancements were made to Azure SQL: 

  • Optimized locking improves database concurrency and lowers lock memory in Azure SQL Database.
  • Enable automatic key rotation for Customer Managed Key in Azure SQL Database and Azure SQL Managed Instance.
  • Configure your TempDB maximum size in Azure SQL Managed Instance.

Additional information:

Optimized locking – SQL Server | Microsoft Learn
Automated key rotation for TDE BYOK is now generally available for Azure SQL! – Microsoft Community Hub
Configure your TempDB max size in Azure SQL Managed Instance – Microsoft Community Hub

Availability zones support for Azure Functions in new regions

The new regions include Norway East, South Africa North, Switzerland North, and UAE North regions. This works for both Premium (Elastic Premium) and Dedicated (App Service) plans. 

For apps running in a zone-redundant plan, the function app platform automatically spreads the instances in the plan across all zones of the selected region.

Additional information:

Generally Available: Availability zones support for Azure Functions in new regions | Azure updates | Microsoft Azure
Azure Functions documentation | Microsoft Learn
Reliability in Azure Functions | Microsoft Learn

Azure Monitor Query client module for Go

This new, idiomatic module joins the Azure Monitor Query SDK. Its comprised of client libraries for .NET, Java, JavaScript, and Python. The module allows developers to build apps that execute read-only queries in Azure Monitor’s Logs and Metrics platforms. Apps can then analyze and display logs and metrics data in custom ways.

Additional information:

Now Available: Azure Monitor Query client module for Go | Azure updates | Microsoft Azure
Announcing the stable release of the Azure Monitor Query client module for Go – Azure SDK Blog (microsoft.com)

Azure IoT Edge supports Ubuntu 22.04

Azure IoT Edge’s set of Tier 1 operating systems has been expanded to include Ubuntu Server 22.04 on AMD64 and ARM64.  Official installation packages targeting AMD64 and ARM64 for the latest IoT Edge releases (1.4.9) are now available from Microsofts package repository

Additional information:

What is Azure IoT Edge | Microsoft Learn
IoT Edge supported platforms | Microsoft Learn
Create an IoT Edge device – Azure IoT Edge | Microsoft Learn

Scale improvements and metrics enhancements on Azure’s regional WAF

You can now use the increased scale limits for Azure’s regional Web Application Firewall (WAF) running on Application Gateway. These increased scale limits allow you greater flexibility, and scale. Application Gateway v2 WAF enabled SKUs, running Core Rule Set (CRS) 3.2 or higher, now supports:

  • Higher number of front-end ports
  • HTTP load-balancing rules
  • Back-end HTTP settings: SSL certificates, number of sites, and redirect configurations

The regional WAF also increased the number of HTTP listeners from 40 to 200.

Additional information:

General availability: Scale improvements and metrics enhancements on Azure’s regional WAF | Azure updates | Microsoft Azure
WAF engine on Azure Application Gateway – Azure Web Application Firewall | Microsoft Learn
Azure subscription limits and quotas – Azure Resource Manager | Microsoft Learn
Monitoring metrics for Azure Application Gateway Web Application Firewall metrics | Microsoft Learn

Public Preview

Azure NetApp Files volume user and group quotas

Azure NetApp Files volumes provide flexible, large and scalable storage shares for applications and users. Storage capacity and consumption by users is only limited by the size of the volume. In some scenarios you may want to limit this storage consumption of users and groups within the volume.

Additional information:

Public Preview: Azure NetApp Files volume user and group quotas | Azure updates | Microsoft Azure
Understand default and individual user and group quotas for Azure NetApp Files volumes | Microsoft Learn

Incremental snapshots for Premium SSD v2 Disk Storage

Microsoft just announced the preview of incremental snapshots for Premium SSD v2 Disks. This Preview is available in US East and West Europe regions. This fresh capability is of particular importance to customers who desire to create a backup copy of their disk-stored data. It enables them to recuperate from accidental deletions, fortify against ransomware attacks, or ensure business continuity.

Customers can now generate incremental snapshots for Premium SSD v2 Disk Storage on Standard HDD. Moreover, snapshot resources can be leveraged to store incremental backups of the disk. As well as build or recover to new disks, or download snapshots to on-premises locations. This new feature offers an additional layer of data protection and flexibility for users.

Additional information:

Public preview: Incremental snapshots for Premium SSD v2 Disk Storage | Azure updates | Microsoft Azure
Create an incremental snapshot – Azure Virtual Machines | Microsoft Learn

Azure Communication Services Chat for Bot Framework

Azure Communication Services Chat for Bot Framework is now in public preview. This new capability enables developers to connect their conversational bots built on Azure Bot Service to Azure Communication Services Chat. This new functionality will be especially helpful in customer support scenarios where bots can provide the first line of support rather than live agents.

The key use cases addressed are:

  • Reduce time to resolution
  • Meet customers outside of your normal business hours
  • Build AI powered smart chat experiences

Additional information:

Public Preview: Azure Communication Services Chat for Bot Framework | Azure updates | Microsoft Azure
Microsoft Bot Framework
Add a bot to your chat app – An Azure Communication Services quickstart | Microsoft Learn
Communication/2022-11-15.md at master · Azure/Communication (github.com)

Azure Digital Twins connector for Microsoft Power Platform

Azure Digital Twins (ADT) connector for Microsoft Power Platform enables you to incorporate Azure Digital Twins into Microsoft Power Automate flows, Power Apps applications, or Azure Logic Apps flows.  With this connector, you can also integrate ADT with 700 other Power Platform connectors to build flows or apps by ingesting from other systems into twins or responding to events. For example, you can use the ADT connector for Power Platform to develop a flow that creates a digital twin when an external system emits an event. 

Additional information:

Public preview: Azure Digital Twins connector for Microsoft Power Platform | Azure updates | Microsoft Azure
Azure Digital Twins Documentation – Tutorials, API Reference | Microsoft Learn
Integrate with Power Platform and Logic Apps – Azure Digital Twins | Microsoft Learn
About Dimitar Grozdanov 27 Articles
Engineer. 20+ years “in the field”. Cloud Solution Architect. Trainer, Consultant. Co-founder/Supporter of Tech Communities. Speaker. Blogger. Parent. Passionate about craft beer tasting and hanging out with family and friends.

Be the first to comment

Leave a Reply

Your email address will not be published.


*