Azure New isolated VM sizes now available

Microsoft
Microsoft are pleased to announce two new Virtual Machine (VM) sizes, E64i_v3 and E64is_v3, which are isolated to hardware and dedicated to a single customer. These VMs are best suited for workloads that require a high degree of isolation from other customers for compliance and regulatory requirements. You can also choose to further subdivide the resources by using Azure support for nested VMs. The E64i_v3 and E64is_v3 will have the exact same performance and pricing structure as their cousins E64_v3 and E64s_v3. These size additions will be available in each of the regions where E64_v3 and E64s_v3 are available today. The small letter ‘i’ in the VM name denotes that they are isolated sizes. Unlike the E64_v3 and E64s_v3, the two new sizes E64i_v3 and E64is_v3 are hardware bound sizes. They…
Read More

Azure backup and restore improvements

Microsoft
Today, Microsoft announced the support for backup of large disk VMs and set of improvements aimed at reducing the time taken for backup and restore. These set of improvements and large disk support is based on a new VM backup stack and are available for both managed and unmanaged disks. You can seamlessly upgrade to this new stack without any impact to your on-going backup jobs and there is no change to how you setup backup or restore. This announcement combines multiple feature improvements: Large disk support – Now you can backup VMs with disk sizes up to 4TB(4095GB), both managed and unmanaged. Instant recovery point – A recovery point is available as soon as the snapshot is done as part of the backup job. This eliminates the need to wait to trigger restore…
Read More

Azure Just-in-Time VM Access

Microsoft
Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is Just-in-Time (JIT) VM Access. Today Microsoft announced the general availability of Just-in-Time VM Access, which reduces your exposure to network volumetric attacks by enabling you to deny persistent access while providing controlled access to VMs when needed. When you enable JIT for your VMs, you can create a policy that determines the ports to be protected, how long ports remain open, and approved IP addresses from where these ports can be accessed. The policy helps you stay in control of what users can do when they request access. Requests are logged in the Azure Activity Log, so you can easily monitor and audit access. The policy will also…
Read More

Nested Virtualization in Azure

Microsoft
Today Microsoft announced that you can now enable nested virtualisation using the Dv3 and Ev3 VM sizes. Microsoft will continue to expand support to more VM sizes in the coming months. For software and hardware prerequisites, configuration steps and limitations for nested virtualisation please see the document here. In this blog Microsoft discuss a couple of interesting use cases and provide a short video demo for enabling a nested VM. Now not only you can create a Hyper-V container with Docker (see instructions here), but also by running nested virtualisation, you can create a VM inside a VM. Such nested environment provides great flexibility in supporting your needs in various areas such as development, testing, customer training, demo, etc. For example, suppose you have a testing team using Hyper-V hosts on-prem today.…
Read More

Azure VPN Gateways New SKU

Microsoft
A VPN gateway is a type of virtual network gateway that sends encrypted traffic across a public connection to an on-premises location. You can also use VPN gateways to send encrypted traffic between Azure virtual networks over the Microsoft network.  To send encrypted network traffic between your Azure virtual network and your on-premises site, you must create a VPN gateway for your virtual network. Microsoft have recently released a new set of gateway SKU's which provides an increase in aggregate throughput, you can see the increase in throughput and new SKU below. If you haven't got the luxury of Express Route then you'll be jumping for joy knowing that you can go beyond the old restriction of 200MB (High Performance SKU), but hang on for a second there are some…
Read More

Azure ASR for IaaS virtual machines

Microsoft
Microsoft this week announced the public preview of disaster recovery for Azure IaaS virtual machines (VMs) using Azure Site Recovery (ASR). You can now easily replicate and protect IaaS based applications running on Azure to a different Azure region of your choice within a geographical cluster without deploying any additional infrastructure components or software appliances in your subscription. This new capability, along with Azure Backup for IaaS virtual machines, allows you to create a comprehensive business continuity and disaster recovery strategy for all your IaaS based applications running on Azure. As you move production applications to the cloud, Azure natively provides you the high availability and reliability that your mission critical workloads need. However, compliance requirements such as ISO 27001 still require that you have a provable disaster recovery solution…
Read More

Azure IaaS Virtual Machines Temporary Drives

Microsoft
I’ve seen many posts on forums asking for more detail on the temporary disks assigned to Azure IaaS Windows and Linux VMs so here is a quick post explaining what they are. When you create a VM either in the portal or command line utilities (i.e. PowerShell) you automatically receive an additional drive or mount point which is available for you to use at no additional cost for storage or transactions.  The primarily use case is to provide faster storage (IOPS and Latency) but although this sounds great it isn’t to be used for any data that you wish to keep. You typically store temporary data on these drives like Windows page files and Linux Swap files or even SQL TempDBs.  As you can see from the images below it…
Read More

Azure IP address 168.63.129.16

Microsoft
Have you ever wondered what this IP address is?  Well 168.63.129.16 is a virtual public IP address that is used to facilitate a communication channel to internal platform resources for the bring-your-own IP Virtual Network scenario.  Because the Azure platform allow customers to define any private or customer address space, this resource must be a unique public IP address.  It cannot be a private IP address as the address cannot be a duplicate of address space the customer defines.  This virtual public IP address facilitates the following things: Enables the VM Agent to communicating with the platform to signal it is in a “Ready” state Enables communication with the DNS virtual server to provide filtered name resolution to customers that do not define custom DNS servers.  This filtering ensures that…
Read More

Microsoft Azure Security

Microsoft
As we all know in this day and age our workloads are more likely to migrate to the cloud which I'm sure you all know has it's benefits and it's inherent downsides.  One discussion point on everyone's mind is always security (so it should be), just how secure is the cloud. One thing to bear in mind is that your time and approach to defining security principles should be no different to that of on-premises.  Having worked with Azure for a number years I just wanted to share some pertinent information around the security model specifically with Azure. The following diagram shows various layers of security Azure provides to customers both native in the Azure platform itself and through customer defined features Before Internet traffic can get to the Azure…
Read More

Microsoft Azure Backup Certificate Not Available

Microsoft
If you are running your server backups using Microsoft Azure Backup you may now receive the following error message in Azure Backup since 21st August:- Following error occurred during Microsoft Azure Backup SnapIn Operation. Error Details: A server registration certificate was not available to authenticate this server with the backup service. Ensure that you signed in with an administrator account and try again. If the issue persists, register the server again. The reason for this issue is Microsoft have recently released a new Azure Backup agent which is a mandatory update. Download the Azure Backup agent update now The version number of this update is 2.0.8719.0 If you are using System Center 2012 R2 Data Protection Manager (DPM) you must apply the Update Rollup 6 for System Center R2 Data…
Read More