Customer Provided Keys with Azure Storage Service Encryption

Azure storage offers several options to encrypt data at rest. With client-side encryption you can encrypt data prior to uploading it to Azure Storage. You can also choose to have Azure storage manage encryption operations with storage service encryption using Microsoft managed keys or using customer managed keys in Azure Key Vault. Today, we present enhancement to storage service encryption to support granular encryption settings on storage account with keys hosted in any key store. Customer provided keys (CPK) enables you to store and manage keys in on-premises or key stores other than Azure Key Vault to meet corporate, contractual, and regulatory compliance requirements…
Read More

Azure Ultra Disk Storage: Microsoft’s service for your most I/O demanding workloads

Inside Ultra Disk Storage Ultra Disk Storage is our next generation distributed block storage service that provides disk semantics for Azure IaaS VMs and containers. We designed Ultra Disk Storage with the goal of providing consistent performance at high IOPS without compromising our durability promise. Hence, every write operation replicates to the storage in three different racks (fault domains) before being acknowledged to the client. Compared to Azure Premium Storage, Ultra Disk Storage provides its extreme performance without relying on Azure Blob storage cache, our on-server SSD-based cache, and hence it only supports un-cached reads and writes. We also introduced a…
Read More

Windows Virtual Desktop is now generally available worldwide

Since Microsoft announced the preview of Windows Virtual Desktop in March, thousands of customers have piloted the service, providing valuable feedback and insights for Microsoft to integrate into the service. Today, we are excited to announce the worldwide general availability of Windows Virtual Desktop. It is the only service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes. Now available in all geographies, customers will…
Read More

Satellite connectivity expands reach of Azure ExpressRoute across the globe

Staying connected to access and ingest data in today's highly distributed application environments is paramount for any enterprise. Many businesses need to operate in and across highly unpredictable and challenging conditions. For example, energy, farming, mining, and shipping often need to operate in remote, rural, or other isolated locations with poor network connectivity. With the cloud now the de facto and primary target for the bulk of application and infrastructure migrations, access from remote and rural locations becomes even more important. The path to realizing the value of the cloud starts with a hybrid environment access resources with dedicated and…
Read More

Azure Availability Zones

Azure Availability Zones, a high-availability solution for mission-critical applications, is now generally available in UK South. Availability Zones are physically separate locations within an Azure region. Each Availability Zone consists of one or more datacenters equipped with independent power, cooling, and networking. With the introduction of Availability Zones, Microsoft now offer a service-level agreement (SLA) of 99.99% for uptime of virtual machines.
Read More

Azure Firewall Preview

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.  Azure Firewall is currently a managed public preview that you need to explicitly enable using the Register-AzureRmProviderFeature PowerShell command. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for…
Read More

Azure New isolated VM sizes now available

Microsoft are pleased to announce two new Virtual Machine (VM) sizes, E64i_v3 and E64is_v3, which are isolated to hardware and dedicated to a single customer. These VMs are best suited for workloads that require a high degree of isolation from other customers for compliance and regulatory requirements. You can also choose to further subdivide the resources by using Azure support for nested VMs. The E64i_v3 and E64is_v3 will have the exact same performance and pricing structure as their cousins E64_v3 and E64s_v3. These size additions will be available in each of the regions where E64_v3 and E64s_v3 are available today. The…
Read More

Azure backup and restore improvements

Today, Microsoft announced the support for backup of large disk VMs and set of improvements aimed at reducing the time taken for backup and restore. These set of improvements and large disk support is based on a new VM backup stack and are available for both managed and unmanaged disks. You can seamlessly upgrade to this new stack without any impact to your on-going backup jobs and there is no change to how you setup backup or restore. This announcement combines multiple feature improvements: Large disk support – Now you can backup VMs with disk sizes up to 4TB(4095GB), both managed and unmanaged.…
Read More

Azure Just-in-Time VM Access

Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is Just-in-Time (JIT) VM Access. Today Microsoft announced the general availability of Just-in-Time VM Access, which reduces your exposure to network volumetric attacks by enabling you to deny persistent access while providing controlled access to VMs when needed. When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed. The policy helps you stay in…
Read More

Nested Virtualization in Azure

Today Microsoft announced that you can now enable nested virtualisation using the Dv3 and Ev3 VM sizes. Microsoft will continue to expand support to more VM sizes in the coming months. For software and hardware prerequisites, configuration steps and limitations for nested virtualisation please see the document here. In this blog Microsoft discuss a couple of interesting use cases and provide a short video demo for enabling a nested VM. Now not only you can create a Hyper-V container with Docker (see instructions here), but also by running nested virtualisation, you can create a VM inside a VM. Such nested environment provides…
Read More