Kategorie: Microsoft Azure

Better security with enhanced access control experience in Azure Files

We are making it easier for customers to “lift and shift” applications to the cloud while maintaining the same security model used on-premises with the general availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. By integrating Azure AD DS, you can mount your Azure file share over SMB using Azure Active Directory (Azure AD) credentials from Azure AD DS domain joined Windows virtual machines (VMs) with NTFS access control lists (ACLs) enforced.

Azure AD DS authentication for Azure Files allows users to specify granular permissions on shares, files, and folders. It unblocks common use cases like single writer and multi-reader scenario for your line of business applications. As the file permission assignment and enforcement experience matches that of NTFS, lifting and shifting your application into Azure is as easy as moving it to a new SMB file server. This also makes Azure Files an ideal shared storage solution for cloud-based services. For example, Windows Virtual Desktop recommends using Azure Files to host different user profiles and leverage Azure AD DS authentication for access control.

Since Azure Files strictly enforces NTFS discretionary access control lists (DACLs), you can use familiar tools like Robocopy to move data into an Azure file share persisting all of your important security control. Azure Files access control lists are also captured in Azure file share snapshots for backup and disaster recovery scenarios. This ensures that file access control lists are preserved on data recovery using services like Azure Backup that leverages file snapshots.

Follow the step-by-step guidance to get started today. To better understand the benefits and capabilities, you can refer to our overview Azure Azure AD DS authentication for Azure Files.

What’s new in general availability?

Based on your feedback, there are several new features to share since the preview:

Seamless integration with Windows File Explorer on permission assignments: When we demoed this feature at Microsoft Ignite 2018, we showed changing and view permissions with a Windows command line tool called icacls. There were clearly some challenges, since icacls is not easily discoverable or consistent with common user behavior. Starting with general availability, you can view or modify the permissions on a file or folder with Windows File Explorer, just like any regular file shares.

New built-in role-based access controls to simplify share level access management: To simplify share-level access management, we have introduced three new built-in role-based access controls—Storage File Data SMB Share Elevated Contributor, Contributor, and Reader. Instead of creating custom roles, you can use the built-in roles for granting share-level permissions for SMB access to Azure Files.

What is next for Azure Files access control experience?

Supporting authentication with Azure Active Directory Domain Services is most useful for application lift and shift scenarios, but Azure Files can help with moving all on-premises file shares, regardless of whether they are providing storage for an application or for end users. Our team is working to extend authentication support to Windows Server Active Directory hosted on-premises or in the cloud.

If you are interested to hear future updates on Azure Files Active Directory Authentication, sign up today. For general feedback on Azure Files, email us at AzureFiles@microsoft.com.
Quelle: Azure

Disaster recovery of Azure disk encryption (V2) enabled virtual machines

Choosing Azure for your applications and services allows you take advantage of a wide array of security tools and capabilities. These tools and capabilities help make it possible to create secure solutions on Azure. Among these capabilities is Azure disk encryption, designed to help protect and safeguard your data to meet your organizational security and compliance commitments. It uses the industry standard BitLocker Drive Encryption for Windows and DM-Crypt for Linux to provide volume encryption for OS and data disks. The solution is integrated with Azure Key Vault to help you control and manage disk encryption keys and secrets, and ensures that all data on virtual machine (VM) disks are encrypted both in-transit and at rest while in Azure Storage.

Beyond securing your applications, it is important to have a disaster recovery plan in place to keep your mission critical applications up and running when planned and unplanned outages occur. Azure Site Recovery helps orchestrate replication, failover, and recovery of applications running on Azure Virtual Machines so that they are available from a secondary region if you have any outages in the primary region.

Azure Site Recovery now supports disaster recovery of Azure disk encryption (V2) enabled virtual machines without Azure Active Directory application. While enabling replication of your VM for disaster recovery, all the required disk encryption keys and secrets are copied from the source region to the target region in the user context. If the user managing disaster recovery does not have the appropriate permissions, the user can hand over the ready-to-use script to the security administrator to copy the keys and secrets and proceed with configuration.

This feature currently supports only Windows VMs using managed disks. The support for Linux VMs using managed disks will be available in the coming weeks. This feature is available in all Azure regions where Azure Site Recovery is available. Configure disaster recovery for Azure disk encryption enabled virtual machines using Azure Site Recovery today and become both secure and protected from outages.
Quelle: Azure

When to use Azure Service Health versus the status page

If you’re experiencing problems with your applications, a great place to start investigating solutions is through your Azure Service Health dashboard. In this blog post, we’ll explore the differences between the Azure status page and Azure Service Health. We’ll also show you how to get started with Service Health alerts so you can stay better informed about service issues and take action to improve your workloads’ availability.

How and when to use the Azure status page

The Azure status page works best for tracking major outages, especially if you’re unable to log into the Azure portal or access Azure Service Health. Many Azure users visit the status page regularly. It predates Azure Service Health and has a friendly format that shows the status of all Azure services and regions at a glance.

The Azure status page, however, doesn’t show all information about the health of your Azure services and regions. The status page isn’t personalized, so you need to know exactly which services and regions you’re using and locate them in the grid. The status page also doesn’t include information about non-outage events that could affect your availability. For example, planned maintenance events and health advisories (think service retirements and misconfigurations). Finally, the status page doesn’t have a means of notifying you automatically in the event of an outage or a planned maintenance window that might affect you.

For all of these use cases, we created Azure Service Health.

How and when to use Azure Service Health

At the top of the Azure status page, you’ll find a button directing you to your personalized dashboard. One common misunderstanding is that this button allows you to personalize the status page grid of services and regions. Instead, the button takes you into the Azure portal to Azure Service Health, the best option for viewing Azure events that may impact the availability of your resources.

In Service Health, you’ll find information about everything from minor outages that affect you to planned maintenance events and other health advisories. The dashboard is personalized, so it knows which services and regions you’re using and can even help you troubleshoot by offering a list of potentially impacted resources for any given event.

Service Health’s most useful feature is Service Health alerts. With Service Health alerts, you’ll proactively receive notifications via your preferred channel—email, SMS, push notification, or even webhook into your internal ticketing system like ServiceNow or PagerDuty—if there’s an issue with your services and regions. You don’t have to keep checking Service Health or the status page for updates and can instead focus on other important work.

Set up your Service Health alerts today

Feel free to keep using the status page for quick updates on major outages. However, we highly encourage you make it a habit to visit Service Health to stay informed of all potential impacts to your availability and take advantage of rich features like automated alerting.

Set up your Azure Service Health alerts today in the Azure portal. For more in-depth guidance, visit the Azure Service Health documentation. Let us know if you have a suggestion by submitting an idea here.
Quelle: Azure

Azure and Informatica team up to remove barriers for cloud analytics migration

Today, we are announcing the most comprehensive and compelling migration offer available in the industry to help customers simplify their cloud analytics journey.

This collaboration between Microsoft and Informatica provides customers an accelerated path for their digital transformation. As customers modernize their analytics systems, it enables them to truly begin integrating emerging technologies, such as AI and machine learning, into their business. Without migrating analytics workloads to the cloud, it becomes difficult for customers to maximize the potential their data holds.

For customers that have been tuning analytics appliances for years, such as Teradata and Netezza, it can seem overwhelming to start the journey towards the cloud. Customers have invested valuable time, skills, and personnel to achieve optimal performance from their analytics systems, which contain the most sensitive and valuable data for their business. We understand that the idea of migrating these systems to the cloud can seem risky and daunting. This is why we are partnering with Informatica to help customers begin their cloud analytics journey today with an industry-leading offer.

Free evaluation

With this offering, customers can now work with Azure and Informatica to easily understand their current data estate, determine what data is connected to their current data warehouse, and replicate tables without moving any data in order to conduct a robust proof of value.

This enables customers to get an end-to-end view of their data, execute a proof of value without disrupting their existing systems, and quickly see the possibilities of moving to Azure.

Free code conversion

A critical aspect of migrating on-premises appliances to the cloud is converting existing schemas to take advantage of cloud innovation. This conversion can quickly become expensive even in proof of values.

With this joint offering from Azure and Informatica, customers receive free code conversion for both the proof of value phase and when fully migrating to the cloud, as well as a SQL Data Warehouse subscription for the duration of the proof of value (up to 30 days).

Hands-on approach

Both Azure and Informatica are dedicating the personnel and resources to have analytics experts on-site helping customers as they begin migrating to Azure.

Customers that qualify for this offering will have full support from Azure SQL Data Warehouse experts. They will help with the initial assessment, executing the proof of value, and provide best practice guidance during migration.

Everything you need to start your cloud analytics journey

Get started today

Analytics in Azure is up to 14 times faster and costs 94 percent less than other cloud providers, and is the leader in both the TPC-H and TPC-DS industry benchmarks. Now with this joint offer, customers can easily get started on their cloud analytics journey.

Register for the Azure and Informatica webinar to learn more about this offer.
Sign up for a free Informatica: Cloud Data Warehouse Modernization on Azure workshop.

Quelle: Azure

We’re making Azure Archive Storage better with new lower pricing

As part of our commitment to provide the most cost-effective storage offering, we’re excited to share that we have dropped Azure Archive Storage prices by up to 50 percent in some regions. The new pricing is effective immediately.

In 2017 we launched Azure Archive Storage to provide cloud storage for rarely accessed data with flexible latency requirements at an industry leading price point. Since then we’ve seen both small and large customers from all industries utilize Archive Storage to significantly reduce their storage bill, improve data durability, and meet legal compliance. Forrester Consulting interviewed four of these customers and conducted a commissioned Total Economic Impact™ (TEI) study to evaluate the value customers achieved by moving both on-premises and existing data in the cloud to Archive Storage. Below are some of the highlights from that study.

112 percent return-on-investment (ROI). Forrester’s interviews with four existing customers and subsequent financial analysis found that a composite organization based on these interviewed organizations projects expected benefits of $296,941 over projected three years versus costs of $140,376, adding up to a net present value (NPV) of $156,565 and an ROI of 112 percent.
Reduced or eliminated more than $173 thousand in operational and hardware expenses over a three-year period. Organizations were able to reduce spending in their on-premises storage environments by transitioning data to the cloud. Moving to the cloud enabled users to eliminate their tape and hard disk backups, while also reducing overall operating expenditures.
Reduced monthly cloud storage costs by 95 percent. Organizations identified infrequently accessed data stored in active cloud storage tiers and transitioned them to the Archive tier, reducing their monthly per gigabyte (GB) storage costs by 95 percent. The Archive tier allowed organizations to augment their existing cloud storage savings. Over a three-year period, this saves an estimated $123,692.

How are customers using Archive Storage?

Toshiba America Business Solutions (TABS) sells digital signage and multifunction printers (MFPs), along with a complete set of maintenance and management services to help customers optimize their digital and paper communications. TABS created two Internet of Things (IoT) analytics solutions, e-BRIDGE™ CloudConnect and CloudConnect Data Services that are based on Microsoft Azure platform-as-a-service (PaaS) offerings, including Azure SQL Data Warehouse. Using e-BRIDGE, TABS remotely gathers device health data from thousands of installed devices and preemptively dispatches service technicians with the correct parts to perform repairs. With CloudConnect Data Services, TABS analyzes device health and repair history data to continuously improve product design and component choices. These solutions have helped the company improve device uptime and reduce service costs.

The daily configuration updates from printer devices were being stored in hot Blob Storage for four years even though they were rarely accessed. With Archive Blob Storage, Toshiba now moves these files to Archive Storage after 30 days once the probability of them being accessed goes down significantly. At this point, they also don’t need the files immediately available and can wait hours to get the files back. Archive Storage has allowed Toshiba to reduce their storage costs for this data by almost 90 percent.

Oceaneering uses remotely operated vehicles (ROVs) to capture video of operations and inspection work. The increase in overall video quality over the last few years has predicated the use of more efficient storage capabilities provided by the Azure platform. The satellite links provided onboard the vessels provide limited bandwidth to stream the video, so the traditional transport of media such as Data Box sometimes requires manual transport. The large amount of data per inspection, 2 TB a day in some instances, is maintained on Azure Storage. For the larger library of historical video, Azure Archive Storage is used to provide the most cost-effective solution for our customers who access the video via the Oceaneering Media Vault (OMV). Oceaneering has experienced 60 percent savings utilizing Azure Archive capabilities.

Regional availability

Archive Storage is currently available in a total of 29 regions worldwide, and we’re continuing to expand that list. Over the past year we have added support for Archive Storage in Australia East, Australia Southeast, East Asia, Southeast Asia, UK West, UK South, Japan East, Japan West, Canada Central, Canada East, US Gov Virginia, US Gov Texas, US Gov Arizona, China East 2, and China North 2.

Additional information

Azure Archive Storage provides an extremely cost-effective alternative to on-premises storage for cold data as highlighted in the Forrester TEI study. Customers can significantly reduce operational and hardware expenses to realize an ROI of up to 112 percent over three years by moving their data to the Archive tier.

Archive exists alongside the Hot and Cool access tiers. All archive operations are consistent with the other tiers so you can seamlessly move your data among tiers programmatically or using lifecycle management policies. Archive is supported by a broad and diverse set of storage partners.

For more information on Archive Storage features and capabilities, please visit our product page. For more information on Archive Storage pricing, please visit the Azure Block Blob Pricing page. If you have any further questions or feedback, please reach out to us at archivefeedback@microsoft.com.
Quelle: Azure

Improved developer experience for Azure Blockchain development kit

As digital transformation expands beyond the walls of one company and into processes shared across organizations, businesses are looking to blockchain as a way to share workflow data and logic.

This spring we introduced Azure Blockchain Service, a fully-managed blockchain service that simplifies the formation, management, and governance of consortium blockchain networks. With a few simple clicks, users can create and deploy a permissioned blockchain network and manage consortium membership using an intuitive interface in the Azure portal.

To help developers building applications on the service, we also introduced our Azure Blockchain development kit for Ethereum. Delivered via Visual Studio Code, the dev kit runs on all major operating systems, and brings together the best of Microsoft and open source blockchain tooling, including deep integration with leading OSS tools from Truffle. These integrations enable developers to create, compile, test, and manage smart contract code before deploying it to a managed network in Azure.

We’re constantly looking and listening to feedback for areas where we can lean in and help developers go further, faster. This week for TruffleCon, we’re releasing some exciting new features that make it easier than ever to build blockchain applications:

Interactive debugger: Debugging of Ethereum smart contracts, has been so far, a challenging effort. While there are some great command line tools (e.g., Truffle Debugger), these tools aren’t integrated into integrated development environments (IDE) like Visual Studio Code. Native integration of the Truffle Debugger into Visual Studio Code brings all the standard debugging features developers have come to rely on (e.g, breakpoints, step in/over/out, call stacks, watch windows, and Intellisense pop ups) that let developers quickly identify, debug, and resolve issues.
Auto-generated prototype UI: The dev kit now generates a UI that is rendered and activated inside of Visual Studio Code. This allows developers to interact with their deployed contracts, directly in the IDE environment without having to build other UI or custom software simply to test out basic functionality of their contracts. Having a simple, graphical user interface (GUI) driven interface that allows developers to interact and test out basic functionality of their contracts inside the IDE, without writing code, is a huge improvement in productivity.

With the addition of these new debugger capabilities, we are bringing all the major components of software development, including build, debug, test, and deploy, for Smart Contracts into the popular Visual Studio Code developer environment.

If you’re in Redmond, Washington this weekend, August 2-4, 2019, come by TruffleCon to meet the team or head to the Visual Studio Marketplace to try these new features today!
Quelle: Azure