Azure Marketplace new offers – Volume 34

We continue to expand the Azure Marketplace ecosystem. From February 16 to February 28, 2019, 50 new offers successfully met the onboarding criteria and went live. See details of the new offers below:

Virtual machines

Analytics Zoo: A unified Analytics + AI platform: Analytics Zoo provides a unified analytics and AI platform that unites Spark, TensorFlow, Keras, and BigDL programs into an integrated pipeline. The pipeline can then transparently scale out to a large Hadoop/Spark cluster.

Blender 3D On Windows Server 2016: Studios around the world use Blender as their go-to 3-D software for remodeling, rendering, animation, video editing, compositing, texturing, and more. Apps4Rent helps you deploy Blender on Microsoft Azure.

 

CIS CentOS 7.5 Benchmark L1: This image of CentOS 7.5 is preconfigured by CIS to the recommendations in the associated CIS Benchmark. CIS Benchmarks are vendor-agnostic, consensus-based security configuration guides.

IBM DB2 Advanced Enterprise Server Edition 11.1: Install IBM DB2 Advanced Enterprise Server Edition in just a few minutes. IBM DB2 is ideal for development, test, and production infrastructure, and MidVision’s RapidDeploy is shipped for streamlined administration.

IBM DB2 Advanced Workgroup Server Edition 11.1: Install IBM DB2 Advanced Workgroup Server Edition in just a few minutes. IBM DB2 is ideal for development, test, and production infrastructure, and MidVision’s RapidDeploy is shipped for streamlined administration.

Kotlin Programming Language Windows Server 2012R2: Kotlin is flexible and interoperable with other platforms and native languages, offering code sharing between JVM and JavaScript platforms. It's also tool-friendly, as any Java IDE can be chosen.

Kotlin Programming Language Windows Server 2016: Kotlin is flexible and interoperable with other platforms and native languages, offering code sharing between JVM and JavaScript platforms. It's also tool-friendly, as any Java IDE can be chosen.

MayaNAS Cloud Enterprise: MayaNAS Cloud is a full-featured, enterprise-grade, software-defined storage solution that provides high-performance unified file and block services using cloud-native disks and object storage.

MayaScale Cloud Data Platform: MayaScale Cloud Data Platform offers high-performance shared storage using NVMe (non-volatile memory express) fabric over TCP and iSCSI protocols.

Qorus Integration Engine 4.0 on Oracle Linux 7: This agile and scalable platform for back-office IT business process automation serves as a low-cost and low-code enterprise integration solution.

Robotic Process Automation (RPA): Download and use the trial edition of Kryon Studio to experience how easy it can be to automate processes. This free trial is a useful tool for anyone looking to evaluate Kryon’s robotic process automation solutions.

XCFrontier – Virtualisation Services: XCFrontier is an innovative cloud virtualization solution for faster internet browsing that works with the Microsoft Office suite and other software applications.

Web applications

Azure Monitor Agent for Citrix Environments: Use the power of Azure Monitor and Log Analytics with this agent for your Citrix workers, servers and desktops. You don’t need an SQL server or additional infrastructure for monitoring data.

Azure Monitor for RDS and Windows Virtual Desktop: Monitor user experiences within Remote Desktop Services and Windows Virtual Desktop.

Check Point CheckMe: CheckMe runs simulations that test if your security technologies are equipped to mitigate advanced threats, and it provides a comprehensive report on your security state.

D3 Security: Rapidly validate threats with out-of-the-box security integrations and adaptable playbooks that guide your security operations platform to automated incident response.

Discovery Hub with Azure Data Lake: Deploy the Discovery Hub application server and Azure Data Lake. Discovery Hub is a high-performance data management platform that accelerates your time to data insights.

Forscene Edge – BYOL: The Forscene Edge is a professional two-way video transcoding engine for generating lightweight Blackbird video-editing proxies. The Blackbird proxy provides frame-accurate navigation and plays media and edits completely render-free.

Integris Data Privacy Automation: Use Integris to discover and classify sensitive data across any system, apply data-handling policies, assess risk, and take action.

Intel Optimized Data Science VM for Linux (Ubuntu): This preconfigured data science virtual machine comes with Python environments optimized for deep learning on Intel Xeon processors.

Jira Service Desk Data Center: By linking Jira Service Desk with Jira Software, IT and developer teams can collaborate on one platform to fix incidents faster and push changes with confidence.

SCOM Alert Management: SCOM Alert Management extends the capabilities of Microsoft Alert Management with automation of alert rules for the System Center Operations Manager group connected to the Log Analytics workspace.

Security for Microsoft 365: SoftwareONE's Security for Microsoft 365 is a managed security service helping customers improve the return on their Microsoft security investments. SoftwareONE security consultants will plan, set up, enhance, and maintain threat detection.

SIMBA Chain: SIMBA Chain's Blockchain-as-a-Service platform allows users to quickly deploy decentralized applications (dApps). These dApps allow secure, direct connections between users and providers, eliminating third parties.

Container solutions

Decent Blockchain Node: DCT is the platform cryptographic asset on the DCore blockchain that serves as the fundamental currency for publishing and purchasing. It also funds the miners and seeders who maintain the platform. This image contains the DCore node and CLI wallet.

Consulting services

Active Directory Assessment: 4-Week Assessm. (GB): This assessment by Dots. will review your Active Directory environment, architecture, DNS configuration, backup policy, and administrative procedures to provide audit findings and best-practice recommendations.

AD Connect: 1 Day Implementation: CDW will assist your organization in creating storage accounts in Microsoft Azure for use with an on-premises, cloud-enabled storage appliance, resulting in a hybrid cloud storage solution.

Airnet Azure Foundations: 2-day Implementation: Migrate to the cloud quickly and easily with an automated setup of your Azure environment using a scalable, standardized, and pre-architected framework from Airnet Group Inc.

Airnet Systems Assessment Tool: 1-day Assessment: Review tiered budgeting options for your move to Azure based on Airnet Group Inc.'s detailed reports of server core level inventory, cost, and performance data from your entire IT infrastructure.

App Modernization: 2 Hour Briefing: Oakwood Systems Group will review your business drivers, establish goals for modernization, discuss approaches, provide recommendations for Azure services, and help you develop a better understanding of the options available.

Application Modernization: 2 Week Assessment: RDA will work with your technical team to collect data about identified applications and then design, plan, and document key considerations for an application modernization effort using Azure.

Azure AD Single Sign-On (SSO): 2-Day Implementation: Mismo Systems LLP will configure Azure Active Directory Single Sign-On, enabling you to centrally manage users' access across Software-as-a-Service applications.

Azure Assessment: 1-Week Assessment: Tallan will work with your team to review your on-premises and cloud environments, cover best practices for deployment and app modernization, and provide documentation and recommendations.

Azure DevOps: 1 Hour Briefing: This comprehensive briefing by Oakwood Systems Group will help you develop a better understanding of how to implement Azure DevOps within your business, no matter how big your IT department or what tools you’re using.

Azure Disaster Recovery: 1-Day Workshop: You will walk away with a comprehensive understanding of Azure Backup and Azure Site Recovery. In many cases, a partial or complete implementation can be achieved in this workshop from InsITe Business Solutions.

Azure Migration 6-Wk Assessment & Implementation: TapLogic’s Azure Platform Migration Service gives service providers in the agricultural industry the tools and resources to develop a plan for adopting the best Microsoft Azure solution for their business needs.

Azure Site Recovery: 3-Day Implementation: CDW will install and configure Azure Site Recovery, establishing a Disaster Recovery-as-a-Service solution that allows you to replicate up to five of your virtual machines to Microsoft Azure.

Azure Storage for Backup: 1-Day Implementation: The Microsoft Azure Storage for Backup engagement by CDW will provide best practices and knowledge transfer in demonstrating and maximizing the benefits of utilizing Azure Storage.

CCG Customer Intelligence for Retail: In this engagement, CCG Analytics will implement Customer Intelligence, an analytics platform developed for mid-market retailers who want to elevate the customer experience and dominate the retail omnichannel.

Cloud Aware – Events: 5 Week Implementation: This implementation by Meylah Corporation involves Cloud Aware – Event in a Box, a collection of event planning resources to simplify the process of the customer acquisition.

Cloud Migration Assessment – 6 Days Assessment: Incremental Group’s Cloud Migration Assessment is carried out by one of our senior cloud engineers and will involve compiling a complete review and cloud migration proposal for your organization.

Connecting with S2S VPN: 1-Day Implementation: CDW will assist you in configuring Azure to allow connectivity between your Azure tenant resources and on-premises resources via a site-to-site VPN.

Data Compliance Monitoring – 1 Hour Briefing: Discover how you can automate your data compliance and governance strategy by leveraging Azure, Azure Cosmos DB, and Brilliant IG. Brilliant IG, by CTO Boost, is an automated compliance monitoring platform on Azure.

Data Science Discovery Pack: 2-wk Assessment: Elastacloud combines the delivery of a data architecture blueprint using the latest Azure platform tools and services with an innovative data science work package.

ERP to Azure Migration: 2 Week Implementation: DXC will provide a streamlined migration for organizations desiring to move their Dynamics GP, Dynamics SL, or Dynamics NAV solution to Azure Infrastructure-as-a-Service.

Optimized Architecture: 1-Day Workshop (Virtual): Compare Infrastructure-as-a-Service and Platform-as-a-Service hosting options to save money through the use of Azure App Service. This workshop by Dynamics Edge is intended for cloud architects and IT professionals.

QuickBooks DT on Azure single install: 4-hr imp: Get your existing QuickBooks desktop software running on your Azure cloud server, complete with integrated applications, in this implementation by Mendelson Consulting.

TCO & Cloud Readiness Assessment – 6 Wk Assessment: Ensono's assessment will involve data gathering, creation of an HCP tenant, ingestion of the initial server list, data tagging, application readiness scoring, and a presentation of the findings.

TFS to Azure DevOps Migration: 2-Wk Implementation: Tallan will work with your team to create an Azure DevOps migration plan to be developed during the assessment portion of this implementation. From there, we will start the migration process to Azure DevOps.

TFS to Azure DevOps: 4-week Implementation: Oakwood Systems Group's three-phase migration plan will move your on-premises Team Foundation Server (TFS) to Azure DevOps Services.

Quelle: Azure

Announcing the public preview of Data Discovery & Classification for Azure SQL Data Warehouse

Today we’re announcing the public preview of Data Discovery & Classification for Azure SQL Data Warehouse, an additional capability for managing security for sensitive data. Azure SQL Data Warehouse is a fast, flexible, and secure cloud data warehouse tuned for running complex queries fast and across petabytes of data.

While it’s critical to protect the privacy of your customers and other sensitive data, it becomes unmanageable to discover, classify, and protect such sensitive data as your businesses and data assets are growing rapidly. The Data Discovery & Classification feature that we’re introducing natively with Azure SQL Data Warehouse helps alleviate this pain-point. The overall benefits of this capability are:

Meeting data privacy standards and regulatory compliance requirements such as General Data Protection Regulation (GDPR).
Restricting access to and hardening the security of data warehouses containing highly sensitive data.
Monitoring and alerting on anomalous access to sensitive data.
Visualization of sensitive data in a central dashboard on the Azure portal.

What is Data Discovery & Classification?

Data Discovery & Classification introduces a set of advanced capabilities aimed at protecting data and not just the data warehouse itself.

Auto-discovery and recommendations – Underlying classification engine automatically scans your data warehouse and identifies columns containing potentially sensitive data. It also provides you an easy way to review and apply appropriate classification recommendations through the Azure portal.
Classification/Labeling – Sensitivity classification labels tagged on the columns can be persisted in the data warehouse itself.
Reporting – Data classification can be centrally viewed on a dashboard in the Azure portal. In addition, you can download a report in Microsoft Excel format for compliance and auditing purposes.
Monitoring/Auditing – Auditing has been enhanced to log sensitivity classifications or labels of the actual data that were returned by the query. This would enable you to gain insights on who is accessing sensitive data.

How does Data Discovery & Classification work?

The Data Discovery & Classification capability have built-in automated classification engines that identify columns containing potentially sensitive data and provides a list of recommendations for you to choose from. This data can be persisted as sensitivity metadata on top of the columns directly in the data warehouse. You can manually classify and label your columns. You can also define custom labels and information types in addition to those generated by the system.

You can also use T-SQL to add, remove, and retrieve column classifications across all tables in your data warehouse:

Add/update the classification of one or more columns, add sensitivity classification
Remove the classification from one or more columns, drop sensitivity classification
View all classifications on the database, sys.sensitivity classifications

Additionally, Azure SQL Data Warehouse engine utilizes the column classifications to determine the sensitivity of query results. Combined with Azure SQL Data Warehouse Auditing, this enables you to audit the sensitivity of the actual data being returned by queries.

This capability is now available in all Azure regions as part of Advanced Data Security and including Vulnerability Assessment and Threat Detection. For more information on Data Discovery & Classification in Azure SQL Data Warehouse, refer to our online documentation “Azure SQL Database Data Discovery & Classification.”

Azure SQL Data Warehouse continues to lead in the areas of security, compliance, privacy, and auditing. Check out our latest videos on Azure SQL Data Warehouse security related topics:

Monitoring Access for threats and Securing Data
Virtual Networks and Security Roadmap

Next steps

For more information about Azure SQL Data Warehouse security capabilities, refer to the “Guide to enhancing privacy and addressing GDPR requirements with the Microsoft SQL platform” from the Microsoft Trust Center, or our online documentation.
To get started today, create an Azure SQL Data Warehouse.
To stay up-to-date on the latest Azure SQL Data Warehouse news and features, follow us on Twitter @AzureSQLDW.
For feature requests, please vote on our UserVoice.

Quelle: Azure

Get an official service issue root cause analysis with Azure Service Health

After you experience a Microsoft Azure service issue, you likely need to explain what happened to your customers, management, and other stakeholders. That’s why Azure Service Health provides official incident reports and root cause analyses (RCAs) from Microsoft.

Azure Service Health helps you stay informed and take action when Azure service issues like incidents and planned maintenance affect you by providing a personalized health dashboard, customizable alerts, and expert guidance. In this blog, we’ll cover how you can use Azure Service Health’s health history to review past health issues and get official root cause analyses (RCAs) to share with your internal and external stakeholders.

Review past health issues and get official root cause analyses (RCAs)

You can see 90 days of history about past incidents, maintenance, and health advisories in Azure Service Health’s “Health history” section. This is a tailored view of the Azure Activity Log provided by Azure Monitor.

If you experienced downtime, your internal or external stakeholders might expect an official report or RCA. As soon as they become available, RCAs can be found under any incident. Meanwhile, you can download and share Microsoft’s issue summary as a PDF.

Learn more about getting downloadable explanations in the Service Health documentation.

Get started with Azure Service Health

Azure Service Health provides a large amount of information about incidents, planned maintenance, and other health advisories that could affect you. While you can always visit the dashboard in the portal, the best way to stay informed and take action is to set up Azure Service Health alerts. With alerts, as soon as we publish any health-related information, you’ll get notified on whichever channels you prefer, including email, SMS, push notification, webhook into ServiceNow, and more. We’ll also notify you when we publish RCAs.

Next steps

Review your Azure Service Health dashboard and set up alerts in the Azure portal. If you need help getting started visit the Azure Service Health documentation. We always welcome feedback. Submit your ideas at Azure Service Health feedback forum or email us with any questions and comments at servicehealth@microsoft.com.
Quelle: Azure

Hannover Messe 2019: Azure IoT Platform updates power new, highly-secured Industrial IoT Scenarios

We’re proud to be showcasing at Hannover Messe once again next week. Manufacturing continues to be one of the leading industries adopting IoT for a growing set of scenarios to improve safety, efficiency, and reliability for people and devices. Every year, I get to meet with partners and customers and learn about how their needs and use cases are growing and changing, as they continue to digitize their operations and deliver on the promise of Industry 4.0. They want security more integrated into every layer, protecting data from different industrial processes and operations from the edge to the cloud. They want to enable proof-of-concepts quickly to improve the pace of innovation and learning, and then scale quickly and effectively. And they want to manage digital assets at scale, not dozens of devices and sensors. Over the last year, we’ve made several significant additions to our IoT platform to address these needs, including the launch of Azure Digital Twins and Azure Sphere and the general availability of Azure IoT Central and Azure IoT Edge. Next week at Hannover Messe, we’re introducing a set of new product capabilities and programs that make it easier for our customers to build enterprise-grade industrial IoT solutions with open standards, while ensuring security and innovation protection across cloud boundaries.
Securing IoT solutions
Securing IoT solutions requires new capabilities to protect the thousands of devices deployed on the edge. To truly secure an IoT solution, you must secure devices, their connectivity to the cloud, the services running in the cloud, and the applications built on top of them. 
At Hannover Messe, we’re thrilled to announce Azure Security Center for IoT, the worlds first comprehensive security offering for IoT.
With Azure Security Center for IoT, customers can benefit from a holistic view of their IoT security and take measures aligned with industry best practices, such as monitoring devices for open ports. The ever-evolving threat landscape requires customers to go far beyond this, by also inspecting and monitoring the security properties of devices and workloads for potential attacks. Azure has unique threat intelligence sourced from the more than 6 trillion signals that Microsoft collects every day and makes that available to customers in Azure Security Center.
Beyond the security posture management and threat protection capabilities provided in Azure Security Center many SecOps teams rely on SIEM tools for advanced hunting and threat mitigation across their entire enterprise. At RSA earlier this month we announced Azure Sentinel which is the first cloud-native SIEM from a major public cloud provider. Today, we take it a step further by enhancing the capabilities of Azure Sentinel by enabling customers to combine their IoT security data with the security data from across the enterprise, to then apply analysis techniques or machine learning to identify and mitigate threats.
This announcement empowers manufacturers to reduce the attack surface of Azure IoT solutions running across all their operations, remediate issues before they become serious, and apply analytics and machine learning to prevent attacks. Azure is the first major public cloud provider to deliver the breadth of these security innovations for end-to-end IoT solutions and this announcement marks an important leap forward as we offer new security layers for your IoT workloads. 
We also want to continue driving innovation in IoT, which requires us to take measures to protect our customers’ and partners’ innovations. That’s why today we’re extending the Azure IP Advantage benefits to Azure customers with IoT devices connected to Azure, and devices that are powered by Azure Sphere and Windows IoT. Thyssenkrupp, Bühler, and MediaTek are three companies that see the benefit of added protections from IP risk as they transition into Industry 4.0 and generate value from their IoT workloads. The program offers customers uncapped indemnification coverage for Azure Sphere and Windows IoT and access to 10,000 Microsoft patents that are available to Azure customers and can be critical in deterring competitors from suing for patent infringement. More detail about the new program is available on the Microsoft on the Issues blog.
Accelerate Industrial IoT Solutions with an Open Cloud Platform, Open Interoperability Standards and Open Source
We’ve continued to innovate by developing additional open-source components based on open interoperability standards (OPC UA) for our open cloud platform. These new components provide security management as well as performance optimization and simplify the experience for our customers. Today we’re announcing OPC Twin, which creates a digital twin for OPC UA-enabled machines, makes their information model available in the cloud, and enables machine interaction from the cloud. We’ve also extended our OPC UA security and certificate management by launching OPC Vault. OPC Vault automates security management by creating, managing, and revoking certificates for OPC UA-enabled machines on a global scale. Both components simplify their integration into existing or new cloud applications by providing REST interfaces and are available on GitHub today. In addition, we’re excited announce enhancements to the Connected Factory solution accelerator, which now also integrates an OPC Twin dashboard. Connected Factory is designed to accelerate proof-of-concepts in Industrial IoT and additionally offers OEE data across customers’ factories via a centralized dashboard.
For Industrial IoT scenarios, time series data is a critical component to unlocking exciting opportunities to drive growth by providing operational insights in fractions of a second on a global scale. Later in the summer we will be building on our recent momentum with Azure Time Series Insights (TSI) by enabling our customers to take advantage of integrating both warm and cold path analytics into a single offering under the pay-as-you-go version that was announced in December of last year. This provides customers a more predictable, cost-effective, and flexible analytics platform for their Industrial IoT scenarios. We are also working towards delivering a wide variety of analytics scenarios by offering support for storage tier configuration based on retention and released enhancements to the user experience.
Build enterprise-grade Industrial IoT solutions across cloud boundaries
Last year we announced Azure IoT Hub on Azure Stack in limited preview to meet industrial manufacturers’ latency and connectivity requirements, as well as their specific regulatory and compliance policies. Customers that are working with us are benefiting from running their IoT solutions on a hybrid model. Rockwell Automation has partnered with us to build IoT solutions that stretch from the intelligent cloud to the intelligent edge. It’s not uncommon to have facilities that are in remote areas or immersed in conditions that cause inconsistent network connectivity. Rockwell Automation is participating in the Azure IoT Hub on Azure Stack limited preview to extend a consistent solution at the edge of your production. Running IoT on Azure Stack in a hybrid model has empowered ZEISS to continue providing clients with new insights about their products, production, and processes. ZEISS spectroscopy helps clients to optimize their processes based on valuable insights about their products and production, when they need it and where they need it – thanks to smart solutions and connected technology. Their solutions for the food industry provide real-time measurement of important quality indicators, such as fat, moisture, and salt content directly on the production line. This data is then sent to the cloud, allowing production managers to optimize quality almost immediately, while enabling a more efficient way of using raw materials and energy.
It’s an exciting time to be a manufacturer, when you have the power of data and connected devices at your fingertips to drive real-time insights and actions. We hope to see you at Hannover Messe where you can see and learn more about these announcements as well as see partners and customers’ showcasing these solutions. We will be at the Digital Factory Fair in Hall 7 – stop by and meet us.
Quelle: Azure

Azure Blob Storage lifecycle management generally available

Data sets have unique lifecycles. Some data is accessed often early in the lifecycle, but the need for access drops drastically as the data ages. Some data remains idle in the cloud and is rarely accessed once stored. Some data expires days or months after creation while other data sets are actively read and modified throughout their lifetimes.

Today we are excited to share the general availability of Blob Storage lifecycle management so that you can automate blob tiering and retention with custom defined rules. This feature is available in all Azure public regions.

Lifecycle management

Azure Blob Storage lifecycle management offers a rich, rule-based policy which you can use to transition your data to the best access tier and to expire data at the end of its lifecycle.

Lifecycle management policy helps you:

Transition blobs to a cooler storage tier such as hot to cool, hot to archive, or cool to archive in order to optimize for performance and cost
Delete blobs at the end of their lifecycles
Define up to 100 rules
Run rules automatically once a day
Apply rules to containers or specific subset of blobs, up to 10 prefixes per rule

To learn more visit our documentation, “Managing the Azure Blob storage Lifecycle.”

Example

Consider a data set that is accessed frequently during the first month, is needed only occasionally for the next two months, is rarely accessed afterwards, and is required to be expired after seven years. In this scenario, hot storage is the best tier to use initially, cool storage is appropriate for occasional access, and archive storage is the best tier after several months and before it is deleted seven years later.

The following sample policy manages the lifecycle for such data. It applies to block blobs in container “foo”:

Tier blobs to cool storage 30 days after last modification
Tier blobs to archive storage 90 days after last modification
Delete blobs 2,555 days (seven years) after last modification
Delete blob snapshots 90 days after snapshot creation

{
"rules": [
{
"name": "ruleFoo",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": [ "blockBlob" ],
"prefixMatch": [ "foo" ]
},
"actions": {
"baseBlob": {
"tierToCool": { "daysAfterModificationGreaterThan": 30 },
"tierToArchive": { "daysAfterModificationGreaterThan": 90 },
"delete": { "daysAfterModificationGreaterThan": 2555 }
},
"snapshot": {
"delete": { "daysAfterCreationGreaterThan": 90 }
}
}
}
}
]
}

Pricing

Lifecycle management is free of charge. Customers are charged the regular operation cost for the “List Blobs” and “Set Blob Tier” API calls initiated by this feature. To learn more about pricing visit the Block Blob pricing page.

Next steps

We are confident that Azure Blob Storage lifecycle management policy will simplify your cloud storage management and cost optimization strategy. We look forward to hearing your feedback on this feature and suggestions for future improvements through email at DLMFeedback@microsoft.com. As a reminder, we love hearing all of your ideas and suggestions about Azure Storage, which you can post at Azure Storage feedback forum.
Quelle: Azure

Happy birthday to managed Open Source RDBMS services in Azure!

March 20, 2019 marked the first anniversary of general availability for our managed Open Source relational database management system (RDBMS) services, including Azure Database for PostgreSQL and Azure Database for MySQL. A great year of learning and improvements lays behind us, and we are looking forward to an exciting future!

Thank you to all our customers, who have trusted Azure to host their Open Source Software (OSS) applications with MySQL and PostgreSQL databases. We are very grateful for your support and for pushing us to build the best managed services in the cloud!

It’s amazing to the see the variety of mission critical applications that customers run on top of our services. From line of business applications over real-time event processing to internet of things applications, we see all possible patterns running across our different OSS RDBMS offerings. Check out some great success stories by reading our case studies! It’s humbling to see the trust our customers put in the platform! We love the challenges posed by this variety of use cases, and we are always hungry to learn and provide even more enhanced support.

We wouldn’t have reached this point without ongoing feedback and feature requests from our customers. There have been asks for functionality such as read replicas, greater performance, extended regional coverage, additional RDBMS engines like MariaDB, and more. In response, over the year since our services became generally available, we have delivered features and functionality to address these asks. Just check out some of the announcements we have made over the past year:

Latest updates to Azure Database for MySQL – July 2018
Latest updates to Azure Database for PostgreSQL – July 2018
Latest updates to Open Source Database Services for Azure – September 2018 (Ignite)
Announcing the general availability of Azure Database for MariaDB – December 2018
Read Replicas for Azure Database for PostgreSQL in public preview – January 2019
Scaling out read workloads in Azure Database for MySQL – March 2019
Service update announcements for:

Azure Database for MySQL
Azure Database for PostgreSQL
Azure Database for MariaDB

We also want to enable customers to focus on using these features when developing their applications. To that end, we are constantly enhancing our compliance certification portfolio to address a broader set of standards. This gives customers the peace of mind, knowing that our services are increasingly safe and secure. We have also introduced features such as Threat Protection (MySQL, PostgreSQL) and Intelligent Performance (PostgreSQL) to the OSS RDBMS services, so there are two fewer things to worry about!

Open Source is all about the community and the ecosystem built around the Open Source products delivered by the community. We want to bring this goodness to our platform and support it so that customers can leverage the benefits when using our managed services. For example, we have recently announced support for GraphQL with Hasura and TimescaleDB! However, we want to be more than a consumer and make significant contributions to the community. Our first major contribution was the release of the Open Source Azure Data Studio with support for PostgreSQL.

While we are proud to highlight these developments, we also understand that we are still at the outset of the journey. We have a lot of work to do and many challenges to overcome, but we are continuing to move ahead at full steam. We are very thrilled to have Citus Data joining the team, and you can expect to see a lot of focus on enabling improved performance, greater scale, and more built-in intelligence. Find more information about this acquisition by visiting the blog post, “Microsoft and Citus Data: Providing the best PostgreSQL service in the cloud.”

Next steps

In the interim, be sure to take advantage of the following, helpful resources.

Azure Database for PostgreSQL

Performance best practices for using Azure Database for PostgreSQL – Connection Pooling
Performance troubleshooting using new Azure Database for PostgreSQL features
Performance updates and tuning best practices for using Azure Database for PostgreSQL
Best practices for alerting on metrics with Azure Database for PostgreSQL monitoring
Securely monitoring your Azure Database for PostgreSQL Query Store

Azure Database for MySQL

Best practices for alerting on metrics with Azure Database for MySQL monitoring

Azure Database for MariaDB

Best practices for alerting on metrics with Azure Database for MariaDB monitoring

We look forward to continued feedback and feature requests from our customers. More than ever, we are committed to ensuring that our OSS RDBMS services are top-notch leaders in the cloud! Stay tuned, as we have a lot more in the pipeline!
Quelle: Azure

Analysis of network connection data with Azure Monitor for virtual machines

Azure Monitor for virtual machines (VMs) collects network connection data that you can use to analyze the dependencies and network traffic of your VMs. You can analyze the number of live and failed connections, bytes sent and received, and the connection dependencies of your VMs down to the process level. If malicious connections are detected it will include information about those IP addresses and threat level. The newly released VMBoundPort data set enables analysis of open ports and their connections for security analysis.

To begin analyzing this data, you will need to be on-boarded to Azure Monitor for VMs.

Workbooks

If you would like to start your analysis with a prebuilt, editable report you can try out some of the Workbooks we ship with Azure Monitor for VMs. Once on-boarded you navigate to Azure Monitor and select Virtual Machines (preview) from the insights menu section. From here, you can navigate to the Performance or Map tab to see a link for View Workbook that will open the Workbook gallery which includes the following Workbooks that analyze our network data:

Connections overview
Failed connections
TCP traffic
Traffic comparison
Active ports
Open ports

These editable reports let you analyze your connection data for a single VM, groups of VMs, and virtual machine scale sets.

Log Analytics

If you want to use Log Analytics to analyze the data, you can navigate to Azure Monitor and select Logs to begin querying the data. The logs view will show the name of the workspace that has been selected and the schema within that workspace. Under the ServiceMap data type you will find two tables:

VMBoundPort
VMConnection

You can copy and paste the queries below into the Log Analytics query box to run them. Please note, you will need to edit a few of the examples below to provide the name of a computer that you want to query.

Common queries

Review the count of ports open on your VMs, which is useful when assessing which VMs configuration and security vulnerabilities.

VMBoundPort
| where Ip != "127.0.0.1"
| summarize by Computer, Machine, Port, Protocol
| summarize OpenPorts=count() by Computer, Machine
| order by OpenPorts desc

List the bound ports on your VMs, which is useful when assessing which VMs configuration and security vulnerabilities.

VMBoundPort
| distinct Computer, Port, ProcessName

Analyze network activity by port to determine how your application or service is configured.

VMBoundPort
| where Ip != "127.0.0.1"
| summarize BytesSent=sum(BytesSent), BytesReceived=sum(BytesReceived), LinksEstablished=sum(LinksEstablished), LinksTerminated=sum(LinksTerminated), arg_max(TimeGenerated, LinksLive) by Machine, Computer, ProcessName, Ip, Port, IsWildcardBind
| project-away TimeGenerated
| order by Machine, Computer, Port, Ip, ProcessName

Bytes sent and received trends for your VMs.

VMConnection
| summarize sum(BytesSent), sum(BytesReceived) by bin(TimeGenerated,1hr), Computer
| order by Computer desc
//| limit 5000
| render timechart

If you have a lot of computers in your workspace, you may want to uncomment the limit statement in the example above. You can use the chart tools to view either bytes sent or received, and to filter down to specific computers.

Connection failures over time, to determine if the failure rate is stable or changing.

VMConnection
| where Computer == <replace this with a computer name, e.g. ‘acme-demo’>
| extend bythehour = datetime_part("hour", TimeGenerated)
| project bythehour, LinksFailed
| summarize failCount = count() by bythehour
| sort by bythehour asc
| render timechart

Link status trends, to analyze the behavior and connection status of a machine.

VMConnection
| where Computer == <replace this with a computer name, e.g. ‘acme-demo’>
| summarize dcount(LinksEstablished), dcount(LinksLive), dcount(LinksFailed), dcount(LinksTerminated) by bin(TimeGenerated, 1h)
| render timechart

Getting started with log queries in Azure Monitor for VMs

To learn more about Azure Monitor for VMs, please read our overview, “What is Azure Monitor for VMs (preview).” If you are already using Azure Monitor for VMs, you can find additional example queries in our documentation for querying data with Log Analytics.
Quelle: Azure

Azure Stack IaaS – part six

Pay for what you use

In the virtualization days I used to pad all my requests for virtual machines (VM) to get the largest size possible. Since decisions and requests took time, I would ask for more than I required just so I wouldn’t have delays if I needed more capacity. This resulted in a lot of waste and a term I heard often–VM sprawl.

The behavior is different with Infrastructure-as-a-Service (IaaS) VMs in the cloud. A fundamental quality of a cloud is that it provides an elastic pool for your resource to use when needed. Since you only pay for what you use, you don’t need to over provision. Instead, you can optimize capacity based on demand. Let me show you some of the ways you can do this for your IaaS VMs running in Azure and Azure Stack.

Resize

It’s hard to know exactly how big your VM should be. There are so many dimensions to consider, such as CPU, memory, disks, and network. Instead of trying to predict what your VM needs for the next year or even month, why not take a guess, let it run, and then adjust the size once you have some historical data.

Azure and Azure Stack makes it easy for you to resize your VM from the portal. Pick the new size and you’re done. No need to call the infrastructure team and beg for more capacity. No need to over spend for a huge VM that isn’t even used.

Learn more:

Resize an Azure Virtual Machine
Azure Virtual Machine sizes
Azure Stack Virtual Machine sizes

Scale out

Another dimension of scale is to make multiple copies of identical VMs to work together as a unit. When you need more, create additional VMs. When you need less, remove some of the VMs. Azure has a feature for this called Virtual Machine Scale Sets (VMSS) which is also available in Azure Stack. You can create a VMSS with a wizard. Fill out the details of how the VM should be configured, including which extensions to use and which software to load onto your VM. Azure takes care of wiring the network, placing the VMs behind a load balancer, creating the VMs, and running the in guest configuration.

Once you have created the VMSS, you can scale it up or down. Azure automates everything for you. You control it like IaaS, but scale it like PaaS. It was never this easy in the virtualization days.

Learn more:

Azure Virtual Machine Scale Sets
Virtual Machine Scale Sets in Azure Stack

Add, remove, and resize disk

Just like virtual machines in the cloud, storage is pay per use. Both Azure and Azure Stack make it easy for you to manage the disks running on that storage so you only need to use what your application requires. Adding, removing, and resizing data disks is a self-service action so you can right-size your VM’s storage based on your current needs.

Learn more:

Add a disk to an Azure Virtual Machine
Remove a disk on an Azure Virtual Machine
Resize a disk of an Azure Virtual Machine

Usage based pricing

Just like Azure, Azure Stack prices are based on how much you use. Since you take on the hardware and operating costs, Azure Stack service fees are typically lower than Azure prices. Your Azure Stack usage will show up as line items in your Azure bill. If you run your Azure Stack in a network which is disconnected from the Internet, Azure Stack offers a yearly capacity model.

Pay-per-use really benefits Azure Stack customers. For example, one organization runs a machine learning model once a month. It takes about one week for the computation. During this time, they use all the capacity of their Azure Stack, but for the other three weeks of the month, they run light, temporary workloads on the system. A later blog will cover how automation and infrastructure-as-code allows you to quickly set this up and tear it down, allowing you to just use what the app needs in the time window it’s needed. Right-sizing and pay-per-use saves you a lot of money.

Learn more:

Microsoft Azure Stack packaging and pricing

In this blog series

We hope you come back to read future posts in this blog series. Here are some of our past and upcoming topics:

Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform
Start with what you already have
Protect your stuff
Fundamentals of IaaS
Do it yourself
It takes a team
If you do it often, automate it
Build on the success of others
Journey to PaaS

Quelle: Azure

Azure Sphere ecosystem accelerates innovation

The Internet of Things (IoT) promises to help businesses cut costs and create new revenue streams, but it also brings an unsettling amount of risk. No one wants a fridge that gets shut down by ransomware, a toy that spies on children, or a production line that’s brought to a halt through an entry point in a single hacked sensor.

So how can device builders bring a high level of security to the billions of network-connected devices expected to be deployed in the next decade?

It starts with building security into your IoT solution from the silicon up. In this piece, I will discuss the holistic device security of Azure Sphere, as well as how the expansion of the Azure Sphere ecosystem is helping to accelerate the process of taking secure solutions to market. For additional partner-delivered insights around Azure Sphere, view the Azure Sphere Ecosystem Expansion Webinar.

A new standard for security

Small, lightweight microcontrollers (or MCUs) are the most common class of computer, powering everything from appliances to industrial equipment. Organizations have learned that security for their MCU-powered devices is critical to their near-term sales and to the long-term success of their brands (one successful attack can drive customers away from the affected brand for years). Yet predicting which devices can endure attacks is difficult.

Through years of experience, Microsoft has learned that to be highly secured, a connected device must possess seven specific properties:

Hardware-based root of trust: The device must have a unique, unforgeable identity that is inseparable from the hardware.
Small trusted computing base: Most of the device's software should be outside a small trusted computing base, reducing the attack surface for security resources such as private keys.
Defense in depth: Multiple layers of defense mean that even if one layer of security is breached, the device is still protected.
Compartmentalization: Hardware-enforced barriers between software components prevent a breach in one from propagating to others.
Certificate-based authentication: The device uses signed certificates to prove device identity and authenticity.
Renewable security: Updated software is installed automatically and devices that enter risky states are always brought into a secure state.
Failure reporting: All device failures, which could be evidence of attacks, are reported to the manufacturer.

These properties work together to keep devices protected and secured in today's dynamic threat landscape. Omitting even one of these seven properties can leave devices open to attack, creating situations where responding to security events is difficult and costly. The seven properties also act as a practical framework for evaluating IoT device security.

How Azure Sphere helps you build secure devices

Azure Sphere – Microsoft’s end-to-end solution for creating highly-secure, connected devices – delivers these seven properties, making it easy and affordable for device manufacturers to create devices that are innately secure and prepared to meet evolving security threats. Azure Sphere introduces a new class of MCU that includes built-in Microsoft security technology and connectivity and the headroom to support dynamic experiences at the intelligent edge.

Multiple levels of security are baked into the chip itself. The secured Azure Sphere OS runs on top of the hardware layer, only allowing authorized software to run. The Azure Sphere Security Service continually verifies the device's identity and authenticity and keeps its software up to date. Azure Sphere has been designed for security and affordability at scale, even for low-cost devices. 

Opportunities for ecosystem expansion

In today’s world, device manufacturing partners view security as a necessity for creating connected experiences. The end-to-end security of Azure Sphere creates a potential for significant innovation in IoT. With a turnkey solution that helps prevent, detect, and respond to threats, device manufacturers don’t need to invest in additional infrastructure or staff to secure these devices. Instead, they can focus their efforts on rethinking business models, product experiences, how they serve customers, and how they predict customer needs.

To accelerate innovation, we’re working to expand our partner ecosystem. Ecosystem expansion offers many advantages. It reduces the overall complexity of the final product and speeds time to market. It frees up device builders to expand technical capabilities to meet the needs of customers. Plus, it enables more responsive innovation of feature sets for module partners and customization of modules for a diverse ecosystem. Below we’ve highlighted some partners who are a key part of the Azure Sphere ecosystem.

Seeed Studio, a Microsoft partner that specializes in hardware prototyping, design and manufacturing for IoT solutions, has been selling their MT3620 Development Board since April 2018. They also sell complementary hardware that enables rapid, solder-free prototyping using their Grove system of modular sensors, actuators, and displays. In September 2018, they released the Seeed Grove starter kit, which contains an expansion shield and a selection of sensors. Besides hardware for prototyping, they are going to launch more vertical solutions based on Azure Sphere for the IoT market. In March, Seeed also introduced the MT3620 Mini Dev Board, a lite version of Seeed’s previous Azure Sphere MT3620 Development Kit. Seeed developed this board to meet the needs of developers who need smaller sizes, greater scalability and lower costs.

AI-Link has released the first Azure Sphere module that is ready for mass production. AI-Link is the top IoT module developer and manufacturer in the market today and shipped more than 90 million units in 2018.

Avnet, an IoT solution aggregator and Azure Sphere chips distributor, unveiled their Azure Sphere module and starter kit in January 2019. Avnet will also be building a library of general and application specific Azure Sphere reference designs to accelerate customer adoption and time to market for Azure Sphere devices and solutions.

Universal Scientific Industrial (Shanghai) Co., Ltd. (USI) recently unveiled their Azure Sphere combo module, uniquely designed for IoT applications, with multi-functionality design-in support by standard SDK. Customers can easily migrate from a discrete MCU solution to build their devices based on this module with secured connectivity to the cloud and shorten design cycle.

Learn more about the Azure Sphere ecosystem

To learn more, view the on-demand Azure Sphere Ecosystem Expansion webinar. You’ll hear from each of our partners as they discuss the Azure Sphere opportunity from their own perspective, as well as how you can take full advantage of Azure Sphere ecosystem expansion efforts.

For in-person opportunities to gain actionable insights, deepen partnerships, and unlock the transformative potential of intelligent edge and intelligent cloud IoT solutions, sign up for an in-person IoT in Action event coming to a city near you.
Quelle: Azure

High-Throughput with Azure Blob Storage

I am happy to announce that High-Throughput Block Blob (HTBB) is globally enabled in Azure Blob Storage. HTBB provides significantly improved and instantaneous write throughput when ingesting larger block blobs, up to the storage account limits for a single blob. We have also removed the guesswork in naming your objects, enabling you to focus on building the most scalable applications and not worry about the vagaries of cloud storage.

HTBB demo of 12.5GB/s single blob throughput at Microsoft Ignite

I demonstrated the significantly improved write performance at Microsoft Ignite 2018. The demo application orchestrated the upload of 50,000 32MiB (1,600,000 MiB) block blobs from RAM using Put Block operations to a single blob. When all blocks were uploaded, it sent the block list to create the blob using the Put Block List operation. It orchestrated the upload using four D64v3 worker virtual machines (VMs), each VM writing 25 percent of the block blobs. The total time to upload the object took around 120 seconds which is about 12.5GB/s. Check out the demo in the video below to learn more.

GB+ throughput using a single virtual machine

To illustrate the possible performance using just a single VM, I created a D32v3 VM running Linux in US West2. I stored the files to upload on a local RAM disk to reduce local storage performance affecting the results. I then created the files using the head command with input from /dev/urandom to fill them with random data. Finally I used AzCopy v10 (v10.0.4) to upload the files to a standard storage account in the same region. I ran each iteration 5 times and averaged the time to upload in the table below.

Data set
Time to upload
Throughput

1,000 x 10MB
10 seconds
1.0 GB/s

100 x 100MB
8 seconds
1.2 GB/s

10 x 1GB
8 seconds
1.2 GB/s

1 x 10GB
8 seconds
1.2 GB/s

1 x 100GB
58 seconds
1.7 GB/s

HTBB everywhere

HTBB is active on all your existing storage accounts, and does not require opt-in. It also comes without any extra cost. HTBB doesn’t introduce any new APIs and is automatically active when using Put Block or Put Blob operations over a certain size. The following table lists the minimum required Put Blob or Put Block size to activate HTBB.

Storage Account type
Minimum size for HTBB

StorageV2 (General purpose v2)
>4MB

Storage (General purpose v1)
>4MB

Blob Storage
>4MB

BlockBlobStorage (Premium)
>256KB

Azure Tools and Services supporting HTBB

There is a broad set of tools and services that already support HTBB, including:

AzCopy v10 preview
Azure Data Lake Storage Gen2
Data Box
Azure Data Factory

Conclusion

We’re excited about the throughput improvements and application simplifications High-Throughput Block Blob brings to Azure Blob Storage! It is now available in all Azure regions and automatically active on your existing storage accounts at no extra cost. We look forward to hearing your feedback. To learn more about Blob Storage, please visit our product page.
Quelle: Azure