Microsoft Ignite has wrapped up for another year! This time the event was hybrid with both in-person and virtual sessions. Let’s take a moment to explore some of the biggest Azure Infrastructure announcements Microsoft made this year.
We’ll start with management and monitoring improvements, then dive into networking, and wrap up with some new ways to save money on Azure compute and licensing costs.
Your keys to a better career
Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
Management and monitoring made easier
The big advantages of Platform as a Service (PaaS) and Software as a Service (SaaS) offerings is that Microsoft takes care of more of the management of the underlying infrastructure for you.
But with this ease of management, you lose some of the flexibility you get by being able to fully manage the underlying infrastructure, including the operating system.
So up until recently, you had to choose between easier management or more flexibility. This is no longer the case. With Azure Automanage, you can get all the flexibility of Infrastructure as a Service (IaaS) Virtual Machines with heaps of the management niceties that come with PaaS and SaaS.
With Azure Automanage, you can automatically monitor, backup, and secure your virtual machines. Azure Automanage is now generally available, and comes with a few notable new features, including:
- Support for Windows 10 virtual machines
- Support for Microsoft Antimalware
- The ability to specify custom Log Analytics workspaces and backup settings
What’s great about Azure Automanage is that it works across your Azure VMs as well as the VMs you have outside of Azure, including on-premises servers.
And speaking of on-premises servers, Microsoft has also made improvements to Azure Arc-enabled private clouds, allowing you to create, start and stop VMs on both VMware vSphere and Azure Stack HCI in preview. There is also increasing support for System Center Virtual Machine Manager (SCVMM) in preview, including VM start, stop and delete.
Expect Microsoft to continue to invest in Azure Arc. My prediction is that we will see Azure become your one-stop shop for managing your Hybrid cloud.
For anyone that’s been using Azure Monitor and the associated Log Analytics Workspaces for some time, you will know that it has kind of been in this transition phase where you have to use either the older Log Analytics Agent or the Azure Monitor Agent. For some scenarios, you need to deploy the Azure Monitor Agent (e.g. Sentinel) and for others you need the Log Analytics Agent (e.g. Update Management).
Microsoft has been busy moving all of the existing functionality over to the Azure Monitor Agent, and now, they’ve provided an agent migration tool that will help guide and automate the move from the old Log Analytics Agent to the new Azure Monitor Agent. So when the time is right for you, you can migrate more easily. Just make sure you move over before August 2024 when the legacy agents are set to retire.
Windows Admin Center
And finally to wrap up the management and monitoring news, Windows Admin Center, accessed from the Azure Portal, is now generally available.
If you’re not familiar with this functionality, Windows Admin Center allows you to easily manage the Windows operating system of your Azure Virtual Machines directly from the Azure portal. This includes key Windows Server functionality, like Active Directory Domain Services and Storage Replica just to name a few.
Tying up networking loose ends
Azure Domain Name System (DNS) private resolver
Microsoft has also been busy tying up some loose ends on the networking front. Hybrid DNS resolution has always been tricky, especially when you mix on-premises DNS servers and Azure Private DNS Zones.
Previously you needed to deploy your own custom DNS Server in Azure if you wanted on-premises servers to resolve DNS resource records in Azure Private DNS zones. This was because only virtual machines in virtual networks that are linked to the Azure Private DNS zone can resolve resource records in the zone.
Azure Domain Name System (DNS) private resolver, now generally available, removes this requirement. Instead of deploying your own custom DNS server virtual machines, you can simply deploy the private resolver. And in case you’re thinking, “what about conditional forwarding, I still need VMs for that, don’t I?” Nope, Private Resolver supports that too.
Azure Private Link
Microsoft has also tidied up some loose ends around Private Endpoints, the network interfaces that power Azure Private Link.
You can now use Static IP addresses for your Private Endpoints, enabling you to use reserved IP addresses when you deploy, instead of random IP addresses. This is useful when you have to deal with issues like DNS caching or security rules. It’s nice to have.
If you, like me, are a stickler for good naming conventions, it might have bugged you that you always got fairly random names when you created private endpoints. I mean, I love a Globally Unique Identifier (GUID) as much as the next person, but maybe I’d prefer to name my Private Endpoint network interface. Well, now you can. Go forth and name your network interfaces appropriately.
Azure distributed denial-of-service (DDoS) Protection
You know that feature that everyone with publicly accessible services should be using, but doesn’t because it’s too expensive? Yeah, I’m referring to Azure DDoS Protection.
Well, Microsoft intends to fix this and make DDoS protection available to companies of all sizes by introducing a new SKU.
You’ll still get Azure DDoS infrastructure protection for free, but if you want a greater level of protection you will be able to choose between DDoS IP Protection (currently in preview) and DDoS Network Protection. DDoS Network Protection is the carry over from DDoS Protection Standard, with a new name.
The new DDoS IP Protection SKU allows you to protect individual Public IP addresses with the same level of protection without such a large upfront cost. You do miss out on a couple of sideline features like cost protection and rapid response support, but it’s great for businesses of all sizes to finally be able to get the level of protection they need for their critical workloads.
As the global economy puts pressure on IT budgets, it’s good to know Microsoft is enabling further savings flexibility across Azure and Hybrid Cloud.
Azure savings plan for compute
A lot of companies run a standard set of compute resources, 24 hours a day, 365 days a year. These compute resources might be critical to your business, but due to the nature of your business they might also need to be flexible.
For example, you might have a Web Server Virtual Machine that currently hosts a website your company relies on, and you plan to move it to App Service or a Container Instance in the next few years. You decide not to purchase a reserved instance to cover the cost of this VM because you know it’s not going to be a VM for long.
Well, now with Azure savings plan for compute, you can determine a fixed amount upfront that you plan to use for a range of compute services like Virtual Machines, Container Instances, Azure App Service, Dedicated hosts or Premium Functions and move that workload between these services while still realizing the savings of up to 65%.
You can also combine Azure savings plan for compute with Reserved Instances or Azure Hybrid Use Benefit for even further savings on Microsoft software and operating systems. When multiple discounts apply, the greater discount is applied automatically.
Hybrid Use Benefit
And speaking of hybrid compute, Microsoft has expanded Hybrid Use Benefit to cover two new scenarios.
If you have Windows Server Software Assurance, you can now run Azure Kubernetes Service on Windows Server or Azure Stack HCI at no additional cost.
The expansion also includes the ability for Windows Server Datacenter Software Assurance license holders to use Azure Stack HCI at no additional cost. This essentially means you can stretch your investment as you modernize your workloads using both VMs and containers and Azure management capabilities whether you are modernizing on-premises or in Azure.
Want to learn more about Azure certifications?
Check out our Azure Certifications and Learning Paths.
Keep up with all things Azure
That’s my wrap up for Microsoft Ignite, as always there is more to cover, check out Azure This Week for more details on some of the other news that was announced and check out the Microsoft Ignite Book of News for a comprehensive list of announcements across all Microsoft software and services.