Microsoft Azure News, Entwicklungen, Updates, HowTos - Seite 236 von 255

Can we really have privacy in the cloud, or on the internet generally? There was no escaping this question last week at the CME’s Global Financial Leadership Conference in Naples, Florida, where I spoke on the rise of FinTech services and the use of #cloud computing to drive digital transformation.

Today, nearly every company collects truly extraordinary amounts of data, from purchase and transaction data to browsing histories to driving data from your car to fitness and health data from IoT devices. Should you be worried?

Some may remember Scott McNealy’s (then CEO of Sun Microsystems) famous (or infamous) remark in 1999: “You have zero privacy anyway. Get over it.”

Well: we didn’t get over it. In fact, fueled by public demand, both governments and technology companies like Microsoft, working together, have made concerted efforts in terms of policy and regulation, and advanced technology, to protect your data.

For example, in 2015 Microsoft became the first cloud provider to comply with ISO-27018, the world’s first international standard for cloud privacy. Why is that important — ISO-27018 (based on EU privacy laws) requires:

You know where your data is in the cloud: in which data center, in which country, so that you can appropriately comply.
Your data won’t be used for marketing purposes without your consent.
Personally identifiable information (PII) is handled in an appropriate and transparent fashion; you are in control.
Compliant providers only comply with legally binding requests for customer information, and inform customers of the request, unless legally prevented from doing so.

These are great guidelines not only for cloud providers but also for enterprises that place customer-facing applications in the cloud, and you’ll find a complete overview of privacy and trust in Azure.

Ensuring privacy in the cloud requires technical innovations as well. We’re hard at work here. Below are just some of the innovations we’re focused on to support user privacy:

With a remarkable technology called homomorphic encryption, applications such as business intelligence can operate and extract insights from encrypted data in the cloud – without ever decrypting it (available for your developers to try).
A related innovation called secure multiparty computation lets one group share data with another, without giving away any of the contents.
Yet another technology, originated at Microsoft, called differential privacy, minimizes the chances that a rogue program can infer PII from so-called “anonymized” data. (The need for this was highlighted some years ago when the state of Massachusetts released health records of public officials with names and other data obscured. A graduate student at Carnegie Mellon was nevertheless able to triangulate – based on zip code, gender and other information, cross-linked with voter registration information – the specific records of the governor of the state.) Differential privacy enables statistical analysis of large data sets with customer data while minimizing the probability that any particular customer record can be identified.

We’d love your feedback on these new areas of innovation in privacy. Which do you think is most important to bring to market first?

* * *

Privacy is just one anchor of a cloud that you can rely upon. Recently, Microsoft published A Cloud for Global Good, in which we advocate a framework both simple and elegant for a cloud that is trusted; a cloud that is responsible; and a cloud that is inclusive.

Bolstering trust and transparency, driving inclusion, protecting user privacy, promoting human rights and preventing cybercrime: these are imperatives that we need to collectively address as an industry, working with customers and governments globally, to make sure everyone benefits from the cloud, that no one is left behind.

We know we don’t have all the answers and maybe not even all the questions: with A Cloud for Global Good we hope to create a conversation among technology vendors, including our competitors, governments, and our customers. We’d love to hear your thoughts. Leave us your ideas in the comments. Thanks!
Quelle: Azure

22. November 201622. November 2016

da Agency

Introducing the Azure IoT Hub IP Filter

As more businesses turn to the Internet of Things (IoT), security and privacy are often top of mind. Our goal at Microsoft is to keep our customers' IoT solutions secure. As part of our ongoing security efforts, we recently launched the Security Program for Azure IoT, which provides customers with a choice of security auditors who can assess their IoT solutions from device to cloud. Microsoft also offers comprehensive guidance on IoT security and state of the art security built into Azure IoT Suite and Azure IoT Hub. Today, we’re excited to announce another important security feature: IP filtering.

IP filtering enables customers to instruct IoT Hub to only accept connections from certain IP addresses, to reject certain IP addresses or a combination of both. We’ve made it easy for administrators to configure these IP filtering rules for their IoT Hub. These rules apply any time a device or a back-end application is connecting on any supported protocols (currently AMQP, MQTT, AMQP/WS, MQTT/WS, HTTP/1). Any application from an IPv4 address that matches a rejecting IP rule receives an unauthorized 401 status code without specific mention of the IP rule in the message.

The IP filter allows maximum 10 rules each rejecting or accepting an individual IPv4 address or a subnet using the CIDR-notation format. The following two examples demonstrate how to blacklist an IP address and whitelist a certain subnet.

Tutorial: How to Blacklist an IP address

By default, Azure IoT Hub is configured to accept all IP addresses to be compatible with the existing customer configurations prior to providing this feature.

For the purposes of this tutorial, let’s assume the IoT Hub administrator notices suspicious activity from address 184.13.152.8 and wants to reject traffic from that IP address. To block the address 184.13.152.8, the IoT Hub administrator simply needs to add a rule that rejects this IP (as illustrated below):

In this example, any time a device or a back-end application with the rejected IP address connects to this IoT Hub, it will receive 401 Unauthorized error. The IoT Hub administrator will see this being logged, but the malicious attacker will not receive any further error messages.

Tutorial: How to Whitelist a Subnet

For our next tutorial, let’s assume that the administrator wants to configure the Azure IoT Hub to accept only the IPv4 range from 192.168.100.0 to 192.168.103.255 and reject everything else. This can be simply achieved by adding only two rules using the CIDR notation:

Accept the CIDR notation mask 192.168.100.0/22
Reject all IP addresses

The CIDR (Classless Inter Domain Routing) format makes it easy for the IoT Hub network administrator to accept or reject a range of addresses in one rule, so 192.168.100.0/22 will translate into a range from 192.168.100.0 to 192.168.103.255. For those who are not network administrators, there is plenty of documentation online that explains the complexity of the CIDR format or provide calculators. By adding a last rule that rejects 0.0.0.0/0, the administrator changes the default to be blacklist.

The illustration below shows an IoT Hub that whitelists only the 192.168.100.0 to 192.168.103.255 range. Note that the order is important and the first rule that matches the IP decides the action.

Finally, while IoT Hub already supports private connections using Azure Express Route, IP filtering enables an additional level of security by enabling administrators to only accept private Express Route connections. To enable this, you would use IP filtering to accept connections from Express Route and then reject all others.
Quelle: Azure

21. November 201621. November 2016

da Agency

Connect your things with the Azure IoT Gateway SDK

The Internet of Things (IoT) has the potential to transform virtually every facet of how a company operates. Yet if an IoT platform doesn’t work with the assets a business already has in place, or requires employees to acquire new skills, the opportunity can be less impactful – or appealing.

The Microsoft Azure IoT platform operates on your terms. It easily integrates your existing devices and services, is extensible with programming languages your developers already know, and seamlessly integrates with the back-end platforms already deployed in your business. Your solution can run on-premises, in a hosted or private cloud, or a hybrid cloud/on-premises combination. That’s why we call it the Internet of Your Things.

Today, we’re expanding that promise with enhancement of the Azure IoT Gateway SDK, giving you the ability to extend the power of IoT and advanced analytics beyond datacenters in the Azure cloud to the very edge of your network, where many of a business’s assets and devices are connected. The modular architecture of the SDK enables developers to string together individual pieces of logic, creating solutions that transform data at the edge of the network. Whether through encryption, filtering, annotation or performing custom analytics, data is processed close to the devices that create it, so only truly necessary pieces are sent to the cloud for further processing.

This is especially critical in industries such as oil and gas, retail, and smart cities, where companies need the ability to run real-time computations out in the field, many times in disparate geographic locations. In some cases, devices at the network’s edge may not have sufficient bandwidth to leverage data analysis in the cloud, which is why it’s important that they can use edge computing capabilities on gateways to run analytics on premises.

The open source Azure IoT Gateway SDK ecosystem gives developers and ISVs more choices in how they develop solutions, ultimately reducing time to market and cost of maintenance. Developers can leverage others’ work or extend the SDK in the language of their choice. Individual pieces of logic and modules can be written in Node.js, Java, C#, or C languages. Even better, an end-to-end gateway solution can be composed of modules implemented in different languages. You can use code from anywhere in the ecosystem regardless of whether you’re an expert in a specific programming language.

Finding hardware to power your gateway solution based on the SDK is also a seamless process. We’ve partnered with Intel to produce a commercial gateway kit and our partner ecosystem already includes many Azure Certified for IoT gateway hardware. With support for multiple operating systems, including Wind River Linux, Ubuntu, Windows 10, and Windows Server 2012, choosing the gateway device that fits your needs is completely up to your needs.

Azure IoT is the most complete IoT ecosystem. With the extension of the Azure IoT Gateway SDK today, we’re delivering even greater flexibility in how you can design and deploy the internet of your things.

To learn more about the Azure IoT Gateway SDK and start developing your own gateway solution, visit us here. For more information on how Microsoft IoT can transform your business, visit internetofyourthings.com.
Quelle: Azure

18. November 201618. November 2016

da Agency

Continuous integration and deployment to Azure Container Service

Today’s businesses need to innovate at a rapid pace to be competitive in the marketplace. A ride sharing company may have to update its app several times a day to respond to daily demand fluctuations and adjust its pricing. A location-based social gaming app has to constantly engage users with new features to increase daily active users and stay at the top of app store rankings. Delivering high-quality, modern applications requires DevOps tools and processes that are critical to enable this constant cycle of innovation. With the right DevOps tools, developers can streamline continuous deployment and get innovative applications into user’s hands faster. Again and again.

While continuous integration and deployment practices are well established, the introduction of containers brings new considerations, particularly when working with multi container applications. On Nov. 7, we announced a series of updates to Azure Container Service (ACS) that continue to demonstrate ACS is the most streamlined, open and flexible way to run your container applications in the cloud — providing even more customer choice in their cloud orchestrator.

Today, the preview of continuous integration and deployment of multicontainer Linux applications is now available using Visual Studio, Visual Studio Team Services, and the open source Visual Studio Code. To continue enabling deployment agility, these tools provide excellent dev-to-test-to-prod deployment experiences for container workloads using a choice of development and CI/CD solutions.

Key uses

Create a continuous pipeline to Azure Container Service with Visual Studio Team Services

You can write your app using the language of your choice (Java, C#, PHP, etc) and your favorite IDE (Eclipse, Visual Studio, IntelliJ, etc), with standard Docker assets. Then, using the Azure Command Line Interface (CLI), you can run a simple command to connect your source repository to a target Azure Container Service (ACS) cluster and set up a containerized build and deployment pipeline for a multi-container Docker application. So now anytime source code is pushed to a repository in GitHub, it can automatically trigger VSTS to build and tag container images, run unit tests, push to the Azure Container Registry, and deploy to ACS with zero-downtime. For Preview, we support creating pipelines that deploy to DC/OS only.

In addition to the Azure CLI, similar experiences for setting up CI/CD are also available directly in the Azure Portal (in the ACS blade) and the Visual Studio IDE.

Use the Azure Container Registry to store images

Azure Container Registry is a private registry for hosting container images. Using the Azure Container Registry, customers can store Docker-formatted images for all types of container deployments. Azure Container Registry integrates well with orchestrators hosted in Azure Container Service, including Docker Swarm, DC/OS and Kubernetes. The continuous integration and deployment tools will push the container images to the Azure Container Registry after a build. Later, it will pull images from the container registry and deploy them into the ACS cluster.

Easily promote images across environments

The continuous integration and deployment tools support the immutable services principle. Which means, you can easily promote images from development to downstream release environments such as Test and Production and importantly, you don’t have to rebuild the container image each time you promote the image.

These innovations demonstrate our continued investment in the container ecosystem and highlight our unique strategy of offering the only public cloud container orchestration service that offers a choice of open source orchestration technologies — DC/OS, Docker Swarm and Kubernetes. The support for continuous integration and deployment tools amplifies our strategy to make it easier for organizations to adopt containers in the cloud.

Customers will be able to access the preview of continuous integration and deployment tools starting Nov. 16 — watch for more details at Microsoft Connect();!

Learn more

Check out this tutorial for setting up continuous integration and deployment of a multi-container app to Azure Container Service.
Quelle: Azure

18. November 201618. November 2016

da Agency

Announcing the public preview of Azure Advisor

The post was co-authored by Manbeen Kohli, Senior Program Manager, CloudES.

While it’s easy to start building applications on Azure, making sure that the underlying Azure resources are setup correctly and being used optimally can be a challenging task. Today, we are excited to announce the public preview of Azure Advisor, a personalized recommendation engine that provides proactive best practices guidance for optimally configuring your Azure resources.

Azure Advisor analyzes your resource configuration and usage telemetry to detect risks and potential issues. It then draws on Azure best practices to recommend solutions that will reduce your cost and improve the security, performance, and reliability of your applications. In this blog post, we will do a quick tour of Azure Advisor and discuss how it can help optimize your Azure resources.

View recommendations

To get started with Azure Advisor, login to the Azure portal. Pick your subscription and click on the Get recommendations button. Depending on resources provisioned in the selected subscription, you should see a total number and the list of recommendations.

You can filter the recommendations by resource group and see the business impact for each recommendation. You can also view the recommendations based on category.

Category
Description

High Availability
Azure Advisor can inspect your resource configuration and provide recommendations that improve the availability of your application. For example, as a best practice, Azure Advisor will recommend that you move your single instance VMs into an availability set. This configuration ensures that during either a planned or unplanned maintenance event, at least one virtual machine will be available and meet the Azure VM SLA.

Cost
Azure Advisor can look at your resource utilization and suggest ways to save money! For example, you may have VM’s that are underutilized. Azure Advisor will show you the estimated cost of running the VM and recommend either stopping the VM or downsize the VM.

Security
You may be already familiar with Azure Security Center. Azure Advisor integrates with Azure Security Center to show you the security related recommendations, so you have a unified Azure recommendation experience.

Performance
Each Azure service typically has its own set of performance optimization recommendations. For example, the Redis cache advisor provides performance recommendations for Redis clusters. Instead of navigating to each Azure service used by your application, you can leverage Azure Advisor for a convenient and consolidated view of all your Redis, SQL DB, and webapps performance recommendations.

Manage recommendations

Azure Advisor not only provides suggested actions for each recommendation but also provides step by step guidance and walks you through implementing the fixes. Azure Advisor also provides inline actions – a convenient way to click through and implement recommendations without leaving the Azure Advisor portal. If you don’t intend to take an immediate action, you can snooze a recommendation for a period. You can also dismiss a recommendation (choose snooze and select “Never”).

We are excited to launch Azure Advisor – your personalized Azure best practices recommendation engine. Visit the Azure portal today to get started and check if you have any recommendations. You can learn more about Azure Advisor including the list of supported recommendations here. As always, we look forward to your feedback.
Quelle: Azure

18. November 201618. November 2016

da Agency

Redaction Preview available globally

Starting today the Azure Media Redactor public preview will be available in all public Azure regions as well as US Government and China datacenters. This preview is free of charge for the time being. There is currently a ten minute limit on processed video length which will be removed with the next release.

Please see the previous blog post for general information. In this post we will cover step-by-step how to run a full redaction workflow using AMSE (Azure Media Services Explorer) and an overview of open source sample code to help you get started.

Azure Media Services Explorer workflow

The easiest way to get started with Redactor is to use the open source AMSE tool on GitHub. You can run a simplified workflow the Combined mode if you don’t need access to the annotation JSON or the face jpg images.

Once you upload an asset, right click, find Azure Media Redactor, and run it in either Combined, Analyze, or Redact modes. For the specific input and output assets for each mode, please see our documentation page.

Azure Media Redactor Visualizer open source tool

We have also released an open source visualizer tool which is designed to help developers just starting with the annotations format with parsing and using the output.

After you clone the repo, you will need to download FFMPEG from their official site in order to run the project.

If you are a developer trying to parse the JSON annotation data, look inside Models.MetaData for sample code examples. Note that you must download and include a couple ffmpeg executables in the output folder of the project to run. See the GitHub page for full details.

Keep up Azure Media Services on the Azure blog for more updates on the Face Detection Media Processor and the Media Analytics initiative.

Send your feedback and feature requests to our UserVoice page.

If you have any questions about any of the Media Analytics products, send an email to amsanalytics@microsoft.com.
Quelle: Azure

18. November 201618. November 2016

da Agency

Announcing VMware backup with Azure Backup Server

Microsoft Azure Backup Server (MABS) is a cloud-first backup solution of Azure Backup to protect data and workloads across heterogeneous IT environments of enterprises. It is available as a free download with Azure Backup without the requirement of System Center License or an SQL license for the server DB. We are excited to announce that Azure Backup Server now supports VMware VM backup to disk and to cloud for offsite copy or long term retention. Prior to this update, Azure Backup Server protected workloads such as SQL, Exchange, Sharepoint and files on Windows servers running either on physical machines or Hyper-V, VMware virtual machines.

What can customers expect from VMware VM backup with Azure Backup Server

Agentless Backup: Azure Backup Server uses VMware’s VADP API to protect VMware VMs remotely without installing agents on vCenter or ESXi servers, freeing administrators from the hassle of managing agents for VMware VM backup.
Discoverability and Auto-Protection: Customers can seamlessly discover and protect VMware VMs residing on external storage targets too such as NFS and cluster storage. Managing large environments is effortless since VMs are discovered and protected at folder level. Any future VMs added to a protected folder are backed up automatically.
Integrated Hybrid backup: Customers can back up to disk for faster operational recovery and to cloud for offsite copy or long term retention.

Get started with VMware backup with Azure Backup Server

If you are new to Azure Backup Server and want to enable Microsoft Azure Backup Server, you can download Microsoft Azure Backup Server and start protecting your infrastructure today.

After installing Azure Backup Server, please download and install Update 1 to get started with VMware backup.

Be sure to go through 4 simple steps to protect VMware VMs using Azure Backup Server. Please reach out to VMwareVMBkp@microsoft.com for any questions or clarifications.

In Aug 2016, we announced VMware backup using System Center Data Protection Manager for customers who already have System Center license.

Additional resources:

Browse documentation or reach out to the Azure Backup forum to support
Tell us how we can improve Azure Backup: Contribute new ideas and vote on existing ones
Follow us on Twitter and Channel9

Quelle: Azure