Monat: Juni 2023

Introducing Microsoft Fabric: Data analytics for the era of AI

Today’s world is awash with data—ever-streaming from the devices we use, the applications we build, and the interactions we have. Organizations across every industry have harnessed this data to digitally transform and gain competitive advantages. And now, as we enter a new era defined by AI, this data is becoming even more important.  

Generative AI and language model services, such as Azure OpenAI Service, are enabling customers to use and create everyday AI experiences that are reinventing how employees spend their time. Powering organization-specific AI experiences requires a constant supply of clean data from a well-managed and highly integrated analytics system. But most organizations’ analytics systems are a labyrinth of specialized and disconnected services.  

And it’s no wonder given the massively fragmented data and AI technology market with hundreds of vendors and thousands of services. Customers must stitch together a complex set of disconnected services from multiple vendors themselves and incur the costs and burdens of making these services function together. 

Introducing Microsoft Fabric 

Today we are unveiling Microsoft Fabric—an end-to-end, unified analytics platform that brings together all the data and analytics tools that organizations need. Fabric integrates technologies like Azure Data Factory, Azure Synapse Analytics, and Power BI into a single unified product, empowering data and business professionals alike to unlock the potential of their data and lay the foundation for the era of AI. 

Watch a quick overview:  

What sets Microsoft Fabric apart? 

Fabric is an end-to-end analytics product that addresses every aspect of an organization’s analytics needs. But there are five areas that really set Fabric apart from the rest of the market:

1. Fabric is a complete analytics platform 

Every analytics project has multiple subsystems. Every subsystem needs a different array of capabilities, often requiring products from multiple vendors. Integrating these products can be a complex, fragile, and expensive endeavor.  

With Fabric, customers can use a single product with a unified experience and architecture that provides all the capabilities required for a developer to extract insights from data and present it to the business user. And by delivering the experience as software as a service (SaaS), everything is automatically integrated and optimized, and users can sign up within seconds and get real business value within minutes.  

Fabric empowers every team in the analytics process with the role-specific experiences they need, so data engineers, data warehousing professionals, data scientists, data analysts, and business users feel right at home.  

Fabric comes with seven core workloads: 

Data Factory (preview) provides more than 150 connectors to cloud and on-premises data sources, drag-and-drop experiences for data transformation, and the ability to orchestrate data pipelines.

Synapse Data Engineering (preview) enables great authoring experiences for Spark, instant start with live pools, and the ability to collaborate.

Synapse Data Science (preview) provides an end-to-end workflow for data scientists to build sophisticated AI models, collaborate easily, and train, deploy, and manage machine learning models. 

Synapse Data Warehousing (preview) provides a converged lake house and data warehouse experience with industry-leading SQL performance on open data formats.

Synapse Real-Time Analytics (preview) enables developers to work with data streaming in from the Internet of Things (IoT) devices, telemetry, logs, and more, and analyze massive volumes of semi-structured data with high performance and low latency.

Power BI in Fabric provides industry-leading visualization and AI-driven analytics that enable business analysts and business users to gain insights from data. The Power BI experience is also deeply integrated into Microsoft 365, providing relevant insights where business users already work.  

Data Activator (coming soon) provides real-time detection and monitoring of data and can trigger notifications and actions when it finds specified patterns in data—all in a no-code experience. 

You can try these experiences today by signing up for the Microsoft Fabric free trial. 

2. Fabric is lake-centric and open 

Today’s data lakes can be messy and complicated, making it hard for customers to create, integrate, manage, and operate data lakes. And once they are operational, multiple data products using different proprietary data formats on the same data lake can cause significant data duplication and concerns about vendor lock-in.  

OneLake—The OneDrive for data 

Fabric comes with a SaaS, multi-cloud data lake called OneLake that is built-in and automatically available to every Fabric tenant. All Fabric workloads are automatically wired into OneLake, just like all Microsoft 365 applications are wired into OneDrive. Data is organized in an intuitive data hub, and automatically indexed for discovery, sharing, governance, and compliance.  

OneLake serves developers, business analysts, and business users alike, helping eliminate pervasive and chaotic data silos created by different developers provisioning and configuring their own isolated storage accounts. Instead, OneLake provides a single, unified storage system for all developers, where discovery and sharing of data are easy with policy and security settings enforced centrally. At the API layer, OneLake is built on and fully compatible with Azure Data Lake Storage Gen2 (ADLSg2), instantly tapping into ADLSg2’s vast ecosystem of applications, tools, and developers.  

A key capability of OneLake is “Shortcuts.” OneLake allows easy sharing of data between users and applications without having to move and duplicate information unnecessarily. Shortcuts allow OneLake to virtualize data lake storage in ADLSg2, Amazon Simple Storage Service (Amazon S3), and Google Storage (coming soon), enabling developers to compose and analyze data across clouds. 

Open data formats across analytics offerings 

Fabric is deeply committed to open data formats across all its workloads and tiers. Fabric treats Delta on top of Parquet files as a native data format that is the default for all workloads. This deep commitment to a common open data format means that customers need to load the data into the lake only once and all the workloads can operate on the same data, without having to separately ingest it. It also means that OneLake supports structured data of any format and unstructured data, giving customers total flexibility.  

By adopting OneLake as our store and Delta and Parquet as the common format for all workloads, we offer customers a data stack that’s unified at the most fundamental level. Customers do not need to maintain different copies of data for databases, data lakes, data warehousing, business intelligence, or real-time analytics. Instead, a single copy of the data in OneLake can directly power all the workloads.  

Managing data security (table, column, and row levels) across different data engines can be a persistent nightmare for customers. Fabric will provide a universal security model that is managed in OneLake, and all engines enforce it uniformly as they process queries and jobs. This model is coming soon.  

3. Fabric is powered by AI  

We are infusing Fabric with Azure OpenAI Service at every layer to help customers unlock the full potential of their data, enabling developers to leverage the power of generative AI against their data and assisting business users to find insights in their data. With Copilot in Microsoft Fabric in every data experience, users can use conversational language to create dataflows and data pipelines, generate code and entire functions, build machine learning models, or visualize results. Customers can even create their own conversational language experiences that combine Azure OpenAI Service models and their data and publish them as plug-ins.   

Copilot in Microsoft Fabric builds on our existing commitments to data security and privacy in the enterprise. Copilot inherits an organization’s security, compliance, and privacy policies. Microsoft does not use organizations’ tenant data to train the base language models that power Copilot. 

Copilot in Microsoft Fabric will be coming soon. Stay tuned to the Microsoft Fabric blog for the latest updates and public release date for Copilot in Microsoft Fabric.  

4. Fabric empowers every business user 

Customers aspire to drive a data culture where everyone in their organization is making better decisions based on data. To help our customers foster this culture, Fabric deeply integrates with the Microsoft 365 applications people use every day.  

Power BI is a core part of Fabric and is already infused across Microsoft 365. Through Power BI’s deep integrations with popular applications such as Excel, Microsoft Teams, PowerPoint, and SharePoint, relevant data from OneLake is easily discoverable and accessible to users right from Microsoft 365—helping customers drive more value from their data

With Fabric, you can turn your Microsoft 365 apps into hubs for uncovering and applying insights. For example, users in Microsoft Excel can directly discover and analyze data in OneLake and generate a Power BI report with a click of a button. In Teams, users can infuse data into their everyday work with embedded channels, chat, and meeting experiences. Business users can bring data into their presentations by embedding live Power BI reports directly in Microsoft PowerPoint. Power BI is also natively integrated with SharePoint, enabling easy sharing and dissemination of insights. And with Microsoft Graph Data Connect (preview), Microsoft 365 data is natively integrated into OneLake so customers can unlock insights on their customer relationships, business processes, security and compliance, and people productivity.  

5. Fabric reduces costs through unified capacities 

Today’s analytics systems typically combine products from multiple vendors in a single project. This results in computing capacity provisioned in multiple systems like data integration, data engineering, data warehousing, and business intelligence. When one of the systems is idle, its capacity cannot be used by another system causing significant wastage.  

Purchasing and managing resources is massively simplified with Fabric. Customers can purchase a single pool of computing that powers all Fabric workloads. With this all-inclusive approach, customers can create solutions that leverage all workloads freely without any friction in their experience or commerce. The universal compute capacities significantly reduce costs, as any unused compute capacity in one workload can be utilized by any of the workloads. 

Explore how our customers are already using Microsoft Fabric  

Ferguson 

Ferguson is a leading distributor of plumbing, HVAC, and waterworks supplies, operating across North America. And by using Fabric to consolidate their analytics stack into a unified solution, they are hoping to reduce their delivery time and improve efficiency. 

“Microsoft Fabric reduces the delivery time by removing the overhead of using multiple disparate services. By consolidating the necessary data provisioning, transformation, modeling, and analysis services into one UI, the time from raw data to business intelligence is significantly reduced. Fabric meaningfully impacts Ferguson’s data storage, engineering, and analytics groups since all these workloads can now be done in the same UI for faster delivery of insights.”
—George Rasco, Principal Database Architect, Ferguson

See Fabric in action at Ferguson: 

T-Mobile 

T-Mobile, one of the largest providers of wireless communications services in the United States, is focused on driving disruption that creates innovation and better customer experiences in wireless and beyond. With Fabric, T-Mobile hopes they can take their platform and data-driven decision-making to the next level. 

“T-Mobile loves our customers and providing them with new Un-Carrier benefits! We think that Fabric’s upcoming abilities will help us eliminate data silos, making it easier for us to unlock new insights into how we show our customers even more love. Querying across the lakehouse and warehouse from a single engine—that’s a game changer. Spark compute on-demand, rather than waiting for clusters to spin up, is a huge improvement for both standard data engineering and advanced analytics. It saves three minutes on every job, and when you’re running thousands of jobs an hour, that really adds up. And being able to easily share datasets across the company is going to eliminate so much data duplication. We’re really looking forward to these new features.”
—Geoffrey Freeman, MTS, Data Solutions and Analytics, T-Mobile

Aon  

Aon provides professional services and management consulting services to a vast global network of customers. With the help of Fabric, Aon hopes that they can consolidate more of their current technology stack and focus on adding more value to their clients. 

“What’s most exciting to me about Fabric is simplifying our existing analytics stack. Currently, there are so many different PaaS services across the board that when it comes to modernization efforts for many developers, Fabric helps simplify that. We can now spend less time building infrastructure and more time adding value to our business.”   
—Boby Azarbod, Data Services Lead, Aon

What happens to current Microsoft analytics solutions? 

Existing Microsoft products such as Azure Synapse Analytics, Azure Data Factory, and Azure Data Explorer will continue to provide a robust, enterprise-grade platform as a service (PaaS) solution for data analytics. Fabric represents an evolution of those offerings in the form of a simplified SaaS solution that can connect to existing PaaS offerings. Customers will be able to upgrade from their current products into Fabric at their own pace.  

Get started with Microsoft Fabric

Microsoft Fabric is currently in preview. Try out everything Fabric has to offer by signing up for the free trial—no credit card information is required. Everyone who signs up gets a fixed Fabric trial capacity, which may be used for any feature or capability from integrating data to creating machine learning models. Existing Power BI Premium customers can simply turn on Fabric through the Power BI admin portal. After July 1, 2023, Fabric will be enabled for all Power BI tenants. 

Microsoft Fabric resources 

If you want to learn more about Microsoft Fabric, consider:  

Signing up for the Microsoft Fabric free trial.

Visiting the Microsoft Fabric website.

Reading the more in-depth Fabric experience announcement blogs: 

Data Factory experience in Fabric blog

Synapse Data Engineering experience in Fabric blog

Synapse Data Science experience in Fabric blog

Synapse Data Warehousing experience in Fabric blog

Synapse Real-Time Analytics experience in Fabric blog

Power BI announcement blog

Data Activator experience in Fabric blog

Administration and governance in Fabric blog

OneLake in Fabric blog

Fabric event streams blog

Microsoft 365 data integration in Fabric blog

Dataverse and Microsoft Fabric integration blog

Exploring the Fabric technical documentation.

Reading the free e-book on getting started with Fabric. 

Exploring Fabric through the Guided Tour.

Joining the Fabric community to post your questions, share your feedback, and learn from others. 

The post Introducing Microsoft Fabric: Data analytics for the era of AI appeared first on Azure Blog.
Quelle: Azure

Microsoft Cost Management updates—May 2023

Whether you’re a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you’re spending, where it’s being spent, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.

We’re always looking for ways to learn more about your challenges and how Microsoft Cost Management can help you better understand where you’re accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Customize the lookback period for virtual machine right-sizing recommendations.

Updates for Azure.com pricing experiences.

Automate cost savings with Azure Resource Graph in Azure Government and Azure China.

Four cost optimization strategies with Microsoft Azure.

Help shape the future of Cost Management.

What’s new in Cost Management Labs.

New ways to save money with Microsoft Cloud.

New videos and learning opportunities.

Documentation updates.

Let’s dig into the details.

Customize the lookback period for virtual machine right-sizing recommendations

Optimization isn’t purely about cutting costs—it’s about maximizing efficiency and maximizing value with the cloud. The biggest way to drive efficiency continues to be right-sizing existing investments. Now you can customize the lookback period for virtual machine right-sizing recommendations in Azure Advisor to tune recommendations even further.

You can now customize your virtual machine instance and virtual machine scale set (VMSS) recommendations based on utilization from the previous 7, 14, 21, 30, 60, or 90 days, giving you more flexibility to drive efficiency based on recent changes or longer historical patterns. To learn more, visit Optimize virtual machine (VM) or virtual machine scale set (VMSS) spend by resizing or shutting down underutilized instances.

Updates for Azure.com pricing experiences

We’ve been working hard to make some changes to our Azure pricing experiences, and we’re excited to share them with you. These changes will help make it easier for you to estimate the costs of your solutions.

We’ve added a new feature to our Virtual Machines Selector tool—”Add to Portal”. Now, with the click of a button, you can switch from discovery to deployment when exploring Azure Virtual Machines.

We have brought some notable changes to the Azure pricing experience this month. Azure pricing now supports Poland Central. Additionally, you can estimate your costs using the Azure Savings Plan in the Azure Kubernetes Service and the Azure Virtual Desktop pricing calculators. Additionally, thanks to your feedback, we’ve added a new FAQ about exchange rates to our pricing FAQs.

We’ve released several new updates in Microsoft Build 2023 that we’re excited about! We’ve introduced a new Hyperscale service tier in Elastic Pools on SQL DB services, Azure Deployment Environments is also now generally available, and Azure Spring Apps now includes a new Dedicated Plan pricing.

On top of all that, we have also introduced new pricing offers for various services including: Virtual Machines (new HX & HBv4 series), Computer Vision (pricing for Project Florence), Block Blobs Storage (a new optimized Cold access tier), Azure NetApp files (a new capacity pools capability), Azure Firewall (new Basic tier for Secured Virtual Hub), API Management (estimation for workspaces added to the pricing calculator), Container Apps (new dedicated plan), and a new service Azure Container Storage.

We hope that these changes will streamline your workflow and help you accurately estimate the cost of your solutions in Azure. Please feel free to leave us feedback or make suggestions for future pricing improvements—we’re always eager to hear your thoughts!

Automate cost savings with Azure Resource Graph in Azure Government and Azure China

You already know Azure Advisor helps you reduce and optimize costs without sacrificing quality. And you may already be familiar with the Azure Advisor APIs that enable you to integrate recommendations into your own reporting or automation. Now you can also get recommendations via Azure Resource Graph in Azure Government and Azure China.

Azure Resource Graph enables you to explore your Azure resources across subscriptions. You can use advanced filtering, grouping, and sorting based on resource properties and relationships to target specific workloads and even take that further to automate resource management and governance at scale. Now, with the addition of Azure Advisor recommendations, you can also query your cost saving recommendations.

Querying for recommendations is easy. Just open Azure Resource Graph in the Azure portal and explore the advisorresources table. Let’s say you want a summary of your potential cost savings opportunities:

advisorresources// First, we trim down the list to only cost recommendations| where type == ‘microsoft.advisor/recommendations’| where properties.category == ‘Cost’//// Then we group rows…| summarize// …count the resources and add up the total savings     resources = dcount(tostring(properties.resourceMetadata.resourceId)),     savings = sum(todouble(properties.extendedProperties.savingsAmount))     by// …for each recommendation type (solution)     solution = tostring(properties.shortDescription.solution),     currency = tostring(properties.extendedProperties.savingsCurrency)//// And lastly, format and sort the list| project solution, resources, savings = bin(savings, 0.01), currency| order by savings desc

Take this one step further using Logic Apps or Azure Functions and send out weekly emails to subscription and resource group owners. Or pivot this on resource ID and set up an approval workflow to automatically delete unused resources or downsize underutilized virtual machines. The sky’s the limit! To learn more, visit Query for Advisor data in Resource Graph Explorer. 

Four cost optimization strategies with Microsoft Azure

We’ve seen many businesses make significant shifts toward cloud computing in the last decade. The Microsoft Azure public cloud offers many benefits to companies, such as increased flexibility, scalability, and availability of resources. However, with the increased usage of resources, implementing best practices in cloud efficiency is a necessity to validate spending and avoid waste.

Paulo Annis explores how right-sizing, cleaning up resources, leveraging commitment-based discounts, and tuning databases and applications can help you achieve your optimization and efficiency goals in 4 cloud cost optimization strategies with Azure.

Help shape the future of Cost Management

Are you responsible for managing cost using Microsoft Cost Management and Billing? We’re exploring new capabilities to improve your experience and would love to hear from you in two 10-minute surveys about your use of and interest in AI systems and your experience with cost monitoring.

Please share these surveys with others involved in cost management and optimization and if you’re interested in participating in future research topics, we encourage you to join our research panel.

What’s new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what’s coming in Microsoft Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

Update: Settings in the Cost analysis preview—Now available in the public portal.Get quick access to cost-impacting settings from the Cost analysis preview. You will see this by default in Labs and can enable the option from the Try preview menu.

Update: Customers view for Cloud Solution Provider (CSP) partners—Now available in the public portal.View a breakdown of costs by customer and subscription in the Cost analysis preview. Note this view is only available for CSP billing accounts and billing profiles. You will see this by default in Labs and can enable the option from the Try preview menu.

Update: Merge cost analysis menu items—Now enabled by default in Labs.Only show one cost analysis item in the Cost Management menu. All classic and saved views are one-click away, making them easier than ever to find and access. You can enable this option from the Try preview menu.

Recommendations view.View a summary of cost recommendations that help you optimize your Azure resources in the cost analysis preview. You can opt in using the Try preview menu.

Forecast in the cost analysis preview.Show your forecast cost for the period at the top of the cost analysis preview. You can opt in using Try preview.

Group related resources in the cost analysis preview.Group related resources, like disks under virtual machines or web apps under App Service plans, by adding a “cm-resource-parent” tag to the child resources with a value of the parent resource ID.

Charts in the cost analysis preview.View your daily or monthly cost over time in the cost analysis preview. You can opt in using Try Preview.

View cost for your resources.The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that resource.

Change scope from the menu.Change scope from the menu for quicker navigation. You can opt-in using Try Preview.

Of course, that’s not all. Every change in Microsoft Cost Management is available in Cost Management Labs a week before it’s in the full Azure portal or Microsoft 365 admin center. We’re eager to hear your thoughts and understand what you’d like to see next. What are you waiting for? Try Cost Management Labs today.

New ways to save money in the Microsoft Cloud

Six new and updated offers to help you save:

General availability: Ebsv5 and Ebdsv5 NVMe-enabled VM sizes.

General availability: Serverless SQL for Azure Databricks.

Preview: Azure Cold Storage.

Preview: Palo Alto Networks SaaS Cloud NGFW Integration with Virtual WAN.

Preview: Cloud Next-Generation Firewall (NGFW) Palo Alto Networks—an Azure Native ISV Service.

Preview: DCesv5 and ECesv5-series Confidential VMs with Intel TDX.

New videos and learning opportunities

Lots of videos helping you manage and optimize costs this month:

Block storage options with Azure Disk Storage and Elastic SAN (11 minutes).

Azure Backup for SAP HANA Databases on Azure VM (19 minutes).

Azure Backup for SQL Server Databases on Azure VM (19 minutes).

How to Leverage Centrally-managed Azure Hybrid Benefit to Save Money, Manage Cost and Stay Compliant (10 minutes).

Onboarding and Partner Management in the Azure Portal (4 minutes).

Managing Enrollments in the Azure Portal (5 minutes).

Managing Partner Administrators in the Azure Portal (4 minutes).

Managing Markup in the Azure Portal (3 minutes).

Managing Purchase Order (PO) Number in the Azure portal (3 minutes).

Follow the Microsoft Cost Management YouTube channel to stay in the loop with new videos as they’re released and let us know what you’d like to see next.

Want a more guided experience? Start with Control Azure spending and manage bills with Microsoft Cost Management.

Documentation updates

Here are a few documentation updates you might be interested in:

New: Copy billing roles from one MCA to another MCA across tenants with a script.

New: Reservation utilization alerts.

New: EA billing administration for partners in the Azure portal.

Updated: Azure EA agreements and amendments.

Updated: SQL IaaS extension registration options for Cost Management administrators.

Updated: Tutorial – Optimize centrally managed Azure Hybrid Benefit for SQL Server.

15 updates based on your feedback.

Want to keep an eye on all documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request. You can also submit a GitHub issue. We welcome and appreciate all contributions!

What’s next?

These are just a few of the big updates from last month. Don’t forget to check out the previous Microsoft Cost Management updates. We’re always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @MSCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Microsoft Cost Management.

We know these are trying times for everyone. Best wishes from the Microsoft Cost Management team. Stay safe and stay healthy.
The post Microsoft Cost Management updates—May 2023 appeared first on Azure Blog.
Quelle: Azure

Azure Virtual WAN now supports full mesh secure hub connectivity

In May 2023, we announced the general availability of Routing intent and routing policies for all Virtual WAN customers. This feature is powered by the Virtual WAN routing infrastructure and enables Azure Firewall customers to set up policies for private and internet traffic. We are also extending the same routing capabilities to all Firewall solutions deployed within Azure Virtual WAN including Network Virtual Appliances and software-as-a-service (SaaS) solutions that provide Firewall capabilities.

Routing Intent also completes two secured hub use cases wherein users can secure traffic between Virtual WAN hubs as well as inspect traffic between different on-premises (branch/ExpressRoute/SD-WAN) that transits through Virtual WAN hubs.

Azure Virtual WAN (vWAN), networking-as-a-service, brings networking, security, and routing functionalities together to simplify networking in Azure. With ease of use and simplicity built in, vWAN is a one-stop shop to connect, protect, route traffic, and monitor your wide area network.

In this blog, we will first describe routing intent use cases, product experiences, and summarize with some additional considerations and resources for using routing intent with Virtual WAN.

Use cases for Virtual WAN

You can use Routing Intent to engineer traffic within Virtual WAN in multiple ways. Here are the main use cases:

Apply routing policies for Virtual Networks and on-premises

Customers implementing hub-and-spoke network architectures with large numbers of routes often find their networks hard to understand, maintain, and troubleshoot. In Virtual WAN, these routes can be simplified for traffic between Azure Virtual Networks and on-premises (ExpressRoute, VPN, and SD-WAN).

Virtual WAN makes this easier for customers by allowing customers to configure simple and declarative private routing policies. It is assumed that private routing policies will be applied for all Azure Virtual Networks and on-premises networks connected to Virtual WAN. Further customizations for Virtual Network and on-premises prefixes are currently not supported. Private routing policies instruct Virtual WAN to program the underlying Virtual WAN routing infrastructure to enable transit between two different on-premises (1) via a security solution deployed in the Virtual Hub. It also enables traffic transiting between two Azure Virtual Networks (2) or between an Azure Virtual Network and an on-premises endpoint (3) via a security solution deployed in the Virtual Hub. The same traffic use cases are supported for Azure Firewall, Network Virtual Appliances, and software-as-a-service solutions deployed in the hub.

Figure 1: Diagram of a Virtual Hub showing sample private traffic flows (between on-premises and Azure).

Apply routing policies for internet traffic

Virtual WAN lets you set up routing policies for internet traffic in order to advertise a default (0.0.0.0/0) route to your Azure Virtual Networks and on-premises. Internet traffic routing configurations allow you to configure Azure Virtual Networks and on-premises networks to send internet outbound traffic (1) to security appliances in the hub. You can also leverage Destination-Network Address Translation (DNAT) features of your security appliance if you want to provide external users access to applications in an Azure Virtual Network or on-premises (2).

Figure 2: Diagram of a Virtual Hub showing internet outbound and inbound DNAT traffic flows.

Apply routing policies for inter-hub cross-region traffic

Virtual WAN automatically deploys all Virtual Hubs across your Virtual WAN in a full mesh, providing zero-touch any-to-any connectivity region-to-region and hub-to-hub using the Microsoft global backbone. Routing policies program Virtual WAN to inspect inter-hub and inter-region traffic between two Azure Virtual Networks (1), between two on-premises (2), and between Azure Virtual Networks and on-premises (3) connected to different hubs. Every packet entering or leaving the hub is routed to the security solution deployed in the Virtual Hub before being routed to its final destination.

Figure 3: Diagram of inter-region and inter-hub traffic flows inspected by security solutions in the hub.

User experience for routing intent

To use routing intent, navigate to your Virtual WAN hub. Under Routing, select Routing Intent and routing policies.

Configure an Internet or Private Routing Policy to send traffic to a security solution deployed in the hub by selecting the next hop type (Azure Firewall, Network Virtual Appliance, or SaaS solution) and corresponding next hop resource.

Figure 4: Example configuration of routing intent with both Private and Internet routing policy in Virtual WAN Portal.

Azure Firewall customers can also configure routing intent using Azure Firewall Manager by enabling the ‘inter-hub’ setting.

Figure 5: Enabling Routing Intent through Azure Firewall Manager.

After configuring routing intent, you can view the effective routes of the security solution by navigating to your Virtual Hub, then select Routing, and click Effective Routes. The effective routes of the security solution provide additional visibility to troubleshoot how Virtual WAN routes traffic that has been inspected by the Virtual hub’s security solution.

Figure 6: View of getting the effective routes on a security solution deployed in the hub.

Before you get started with this feature, here are some key considerations:

The feature caters to users that consider Virtual Network and on-premises traffic as private traffic. Virtual WAN applies private routing policies to all Virtual Networks and on-premises traffic.

Routing intent is mutually exclusive with custom routing and static routes in the ‘defaultRouteTable’ pointing to Network Virtual Appliance (NVA) deployed in a Virtual Network spoke connected to Virtual WAN. As a result, use cases where users are using custom route tables or NVA-in-spoke use cases are not applicable.

Routing Intent advertises prefixes corresponding to all connections to Virtual WAN towards on-premises networks. Users may use Route Maps to summarize and aggregate routes and filter based on defined match conditions.

Learn more about Azure Virtual WAN

We look forward to continuing to build out Azure Virtual WAN and adding more capabilities in the future. We encourage you to try out the Routing Intent feature in Azure Virtual WAN and look forward to hearing more about your experiences to incorporate your feedback into the product.

How to configure Virtual WAN Hub routing policies

What’s new in Azure Virtual WAN?

Tutorial: Secure your virtual hub using Azure Firewall Manager

Fortinet Next-Generation Firewall

Check Point Cloud Guard for Virtual WAN

Install Palo Alto Networks Cloud NGFW in a Virtual WAN hub

The post Azure Virtual WAN now supports full mesh secure hub connectivity appeared first on Azure Blog.
Quelle: Azure

Explore the latest features for Datadog—An Azure Native ISV Service

Datadog – An Azure Native ISV Service, that brings the power of Datadog’s observability capabilities to Azure, is generally available since 2021. The natively integrated service allows you to monitor and diagnose issues with your Azure resources by automatically sending logs and metrics to your Datadog organization.

The service is easy to provision and manage, like any other Azure resource, using the Azure Portal, Azure Command-Line Interface (CLI), software development kits (SDKs), and more. You do not need any custom code or connectors to start viewing your logs and metrics on the Datadog portal.

The service has continued to grow and has been adopted well by our joint customers. This service is developed and managed by Microsoft and Datadog and based on your feedback, we continue to invest in deeper integrations to make the experience smoother for you. Here are some of the top features shipped recently that we would like to highlight:

Monitor multiple subscriptions with a single Datadog Resource

We are excited to announce a scalable multi-subscription monitoring capability that allows you to configure monitoring for all your subscriptions through a single Datadog resource. This simplifies the process of monitoring numerous subscriptions as you do not need to setup a separate Datadog resource in every single subscription that you wish to monitor.

To start monitoring multiple subscriptions through a single “Datadog—An Azure Native ISV Service” resource, click on the Monitored Subscriptions blade under the Datadog organizations configurations section.

The subscription in which the Datadog resource is created is monitored by default. To include additional subscriptions, click on the “Add subscriptions” button and on the window that opens, select the subscriptions that you want to monitor using the same resource.

We recommend deleting redundant Datadog resources linked to the same organization and consolidating multiple subscriptions into a single Datadog resource wherever possible. This would help avoid duplicate data flow and issues like throttling. For example, in the image shown below, there is a resource named DatadogLinkingTest linked to the same organization in one of the subscriptions. You should ideally delete the resource before proceeding to add the subscription.

Click on Add to include the chosen subscriptions to the list of subscriptions being monitored through the Datadog resource.

The set of tag rules for metrics and logs defined for the Datadog resource apply to all subscriptions that are added for monitoring. If you wish to reconfigure the tag rules at any point, check Reconfigure rules for metrics and logs.

And now you are done. Go to the “Monitored Resources” blade in your Datadog resource and filter the subscription of your choice to check the status of logs and metrics being sent to Datadog for the resources in that subscription.

Likewise, agent management experience for App Services and virtual machines (VMs) also spans multiple subscriptions now. 

Check out Monitor virtual machines using the Datadog agent and Monitor App Services using the Datadog agent as an extension.

If at any point you wish to stop monitoring resources in a subscription via the Datadog resource, you can remove the subscription from the Monitored subscriptions list. In the Monitored Subscriptions blade, choose the subscription you no longer wish to monitor and click on “Remove subscriptions”. The default subscription (the one in which the Datadog resource is created) can’t be removed.

Log forwarder

The automatic log forwarding capability available out of the box with Datadog’s native integration on Azure eliminates time-consuming steps that require you to setup additional infrastructure and write custom code.

We are constantly working to support all resource categories on Azure Monitor to ship logs to Datadog. For customers who have setup monitoring tag rules in an Azure subscription, new resource types or categories get automatically enrolled for sending logs, without the need for customers to manually do any changes to enable new resource types. As of today, the native integration on Azure supports logs from 126 resource types to flow to Datadog.

Cloud Security Posture Management

In the Datadog Azure Native integration, enabling Cloud Security Posture Management (CSPM) for your Azure Resources is a straightforward operation in your Datadog resource. Navigate to the Cloud Security Posture Management blade, click on the checkbox to enable CSPM and click Save. The setting can be disabled at any point.

You can learn more about Datadog’s CSPM product here. 

Mute monitor for expected virtual machine shutdowns

Imagine alerts being sent for expected VM shutdowns and waking you up in the middle of the night. Yikes! Now, with just the click of a checkbox, you can avoid scenarios where Datadog’s disaster prevention alert notifications get triggered during scheduled shutdowns. To mute the monitor for expected Azure Virtual Machine shutdowns, select the checkbox shown below in the Metrics and Logs blade.

Hope you are excited to try out all the cool features highlighted in this blog!

Next steps

If you would like to subscribe to the service, check out Datadog – An Azure Native ISV Service from Azure marketplace.

If you already use the Datadog—an Azure Native ISV Service, and have feedback or feature requests, please share below in the comments.

To learn more about the service, check out our documentation—Get started with Datadog – an Azure Native ISV Service.

Share additional information about how you use resource and subscription logs to monitor and manage your cloud infrastructure and applications by responding to this survey.

The post Explore the latest features for Datadog—An Azure Native ISV Service appeared first on Azure Blog.
Quelle: Azure