Choose the best global distribution solution for your applications with Azure

This post was co-authored by Dave Burkhardt and Sami Modak.

As part of your cloud journey, critical applications need to be deployed in multiple Azure regions to ensure high availability for your global customer base. When reviewing Azure’s various global traffic distribution solutions, ask yourself, “Which option is the best one for my application?”.

In this blog, you will learn about each global traffic distribution solution Azure offers, and which solution is the best one for your internet-facing cloud architecture. Currently, Azure offers different options for distributing global traffic. Microsoft Azure Front Door is a content delivery network (CDN) service with application layer load balancing capabilities. Azure cross-region Load Balancer is a global network layer load balancer. Finally, Azure Traffic Manager is a domain name service (DNS)-based traffic distribution solution. 

Choosing the right global traffic distribution solution

You will learn about three example companies—Contoso1, Contoso2, and Contoso3. For each company, we will dive into their application’s scenario and decide which global traffic distribution solution is the best one for them.

Customer scenario 1—wholesale distributor

Contoso1 is a large wholesale distributor that has locations all over the globe. Contoso1 has been going through a large technological transformation and has been migrating services to Azure. One of the applications being moved to Azure is their backend inventory management software. This application is responsible for providing users with information about inventory status and updating inventory records after a transaction has occurred. As part of their migration the team at Contoso1 has strict requirements that need to be met by a global distribution solution.

First, all traffic type will be layer 4 and must be served with ultra-low latency. In addition, the application requires a regional redundancy with automatic traffic fail-over in the event a region is down, to ensure high availability.
Second, the application requires a static IP address that the application’s frontend will consistently ping.
Finally, any updates made to regional deployments shouldn’t have an impact on the overall backend inventory application.

Given all the requirements laid out by Contoso1’s, Azure cross-region Load Balancer is a perfect solution for their application. Azure cross-region Load Balancer is highly optimized at serving layer-4 traffic with ultra-low latency. Furthermore, cross-region load balancer provides geo-proximity routing, which means all Contoso1’s stores traffic will be forwarded to the closest regional deployment to them. Azure cross-region Load Balancer also provides automatic failover. In the event one of Contoso1’s regional deployment is unhealthy, all traffic will be serviced by the next healthy regional deployment. In addition, cross-region load balancers provide users with a static globally anycast IP address, in which Contoso1 doesn’t have to worry about their IP address changing. Finally, Azure cross-region Load Balancer will allow Contoso1 to update its regional deployments behind a single global endpoint without any impact on its end users.

Customer scenario 2—social media company

Contoso2 is a global social media platform. As a social media site, they need to serve both interactive and static content to their users around the globe as quickly and reliably as possible. Most recently, due to Contoso2’s prominent status as a social media platform, they have experienced an outage with their on-premises hosted website because of a DDoS attack. That said, Contoso2 has the following strict requirements as they migrate to Azure:

A platform that can deliver both static and dynamic content to their consumers around the globe with the utmost performance and reliability.
Ability to route content to both their mobile and desktop users as quickly as possible.
Easily integrate with Azure’s DNS, Web Application, Storage, and Application Gateway products.
DDoS protection.
Reduce secure sockets layer (SSL) load on Contoso2’s application servers, and instead process SSL requests on the edge for faster user experience for Contoso2’s global clients.

Azure Front Door is an ideal solution to enable accelerated and highly resilient web application performance for optimal delivery of static and dynamic content around the globe:

Static Content—Contoso2’s cached static content can be served from Azure Front Door’s 185 global edge points of presence (PoP) locations. To ensure the utmost performance and resiliency, Azure Front Door utilizes the Anycast protocol to make sure the Contoso2’s client’s requests are served from the nearest global edge locations.
Dynamic Content—Azure Front Door has an arsenal of traffic acceleration features. Client to Azure Front Door PoP traffic is again optimized via the Anycast protocol. Although as it specifically pertains to dynamic workloads, edge PoP to customer’s origin connections are optimized via split TCP. This technique enables the traffic to terminate the TCP connection to the nearest edge PoP and uses long living connections over Microsoft’s global private wide area network (WAN) to reduce the round-trip-time (RTT). Additionally, in the event Cotoso2 deployed multiregional origin deployments, Azure Front Door utilizes health probes to fetch content from the least latent origin.

Moreover, Azure Front Door also has SSL offload capabilities which can improve performance further. In addition, Azure Front Door is highly optimized for HTTP and web-based applications. With Azure Front Door, customers are equipped with various layer 7 routing features. These features allow customers to apply business routing and advanced routing within Azure Front Door. For example, Azure Front Door can route requests to mobile or desktop versions of Contoso2’s web application based on the client device type. Additional examples include SSL offload, path-based routing, fast failover, caching, and more.

Today Azure provides end-to-end solutions for every aspect of application management. Azure Front Door provides seamless integration with other Azure services such as DNS, Web App, and Storage. These integrations allow customers to easily create powerful web applications built using the integration of multiple Azure services.

Finally, Azure Front Door provides built-in support for various security products to help protect customers’ web applications. For example, customers can secure their origins with layer 3, 4, and 7 DDOS mitigation, and seamlessly enable Azure Web Application Firewall protection.

Customer scenario 3—sustainable fashion retailor

Contoso3 is a large retail store focused on sustainable fashion items. Contoso3 has a large online presence and has historically been hosting all their applications on-premises. However, given the advantage of the cloud and Azure, Contoso3 has begun migrating their applications to Azure. One of these applications is their online store platform. As the team at Contoso3 is evaluating different Azure global traffic distribution solutions, they have outlined several requirements that must be addressed.

First, the team at Contoso3 will be doing a rolling migration where part of their application will remain on-premises and the other part will be hosted on Azure. Any viable solution should be able to direct traffic to on-premises servers to support this rolling migration plan.
Second, latency is critical for Contoso3 and client traffic needs to be routed to healthy endpoints in a timely manner. 
Finally, the solution needs to be able to direct users to the correct backend type based on their geographical location. Contoso3 caters to a wide range of customers and often has clothing items specific to certain geographical areas.

With all the requirements stated prior, Azure Traffic Manager would be the optimal solution for Contoso3. With Azure Traffic Manager, users can add on-premises servers in the backend to support burst-to-cloud, failover-to-cloud, and migrate-to-cloud scenarios. In addition, Azure Traffic Manager provides automatic failover and multi-region support, which all result in traffic being served with low latency. DNS name resolution is fast, and results are cached. The speed of the initial DNS lookup depends on the DNS servers the client uses for name resolution. Typically, a client can complete a DNS lookup within approximately 50 ms. The results of the lookup are cached for the duration of the DNS time-to-live (TTL). The default TTL for Traffic Manager is 300 seconds (about five minutes). The Traffic Manager can also help Contoso3 with their geofencing needs, specifically with the geographic routing feature. This feature will allow Contoso3 to direct users to the correct backend instance based on their geographical location.

Summary

The following section discusses common use cases for each load balancing solution, and what each solution is optimized for.  

 

Azure Front Door

Azure cross-region Load Balancer

Azure Traffic Manager

Traffic type

HTTP/HTTPS

TCP/UDP

DNS

Routing policies

Latency, priority, round robin, weighted round robin, path-based, advanced http rules engine

Geo-proximity and Hash Based

Geographical, latency, weighted, priority, subnet, multi-value

Supported environments.

Azure, non-Azure cloud, on-premises

Azure

Azure, non-Azure cloud, on-premises

Backend Types

Azure Application Gateway, Azure Load balancer, Azure Traffic Manger

Azure Load Balancer

Azure Application Gateway, Azure Load balancer, Azure Traffic Manager, Azure Front Door, Azure Cross Region Load Balancer

Session affinity

X

X

NA

Site acceleration

X

NA

NA

Caching

X

NA

NA

Static IP

NA

X

NA

Security

DDOS, Web Application Firewall, Private Link

Network Security Group

Azure Resource Logs, Azure Policies

SLA

99.99%

99.99%

99.99%

Pricing

Pricing

Pricing

Pricing

Learn More

To learn more about the products discussed in the blog please visit the following sites:

Azure cross-region Load Balancer
Azure Front Door
Azure Traffic Manager

Quelle: Azure

4 cloud cost optimization strategies with Microsoft Azure

We have seen many businesses make significant shifts toward cloud computing in the last decade. The Microsoft Azure public cloud offers many benefits to companies, such as increased flexibility, scalability, and availability of resources. However, with the increased usage of resources, implementing best practices in cloud efficiency is a necessity to validate spending and avoid waste.

What is cloud efficiency? It is the capacity to utilize cloud resources in the best possible way, and at the lowest possible cost while, at the same time, minimizing the waste of resources, and thus of energy and carbon emissions. It’s a combination of cost—how you handle and govern your cloud infrastructure, carbon—how you can keep carbon emissions at a minimum, and energy—how the application uses electricity, and how you can optimize these three areas to make the cheapest, more modern, efficient, and sustainable application. In this post, we will explore why you should immediately start your cloud cost management and governance process.

Cloud cost optimization is essential for companies as it directly impacts their bottom line and OPEX expenses. The cost of cloud computing can quickly add up, especially for businesses with a high volume of data or high traffic, and mission-critical applications.

Cloud cost optimization is what makes workloads more efficient, but what are its benefits?

Understanding, measuring, optimizing, and tracking your cloud costs. Having full control of your monthly bill should be your primary goal.

Reduce carbon emissions. Cloud computing consumes a significant amount of energy, and the increased usage of cloud resources has resulted in a substantial increase in carbon emissions. Cloud providers are taking steps to reduce their carbon footprint, but businesses can also play a significant role in reducing carbon emissions by optimizing their cloud resources.

Improve the performance of applications. This can significantly impact user experience, as slow or unresponsive applications can lead to frustrated customers and lost revenue. By optimizing cloud resources, companies can ensure that their applications run smoothly, improving customer satisfaction, and decreasing cloud spend.

Saving on your application’s cost in a systematic way can give you a budget for additional features, refactoring, and innovation.

The four main cloud cost optimization strategies are usually:

1. Right sizing

Right-sizing is probably the most important aspect of controlling cloud costs. The impact is not simply saving money—in many cases, there is a balance between performance and spending and, more specifically, between meeting your internal customer service-level agreements (SLAs) efficiently. You need to find this balance to keep both your application managers, financial operations (finops) team, and cloud team happy.

2. Clean-up

Another important part of cloud computing cost saving is cleanup operations. When dealing with many workloads or complex projects, lots of resources are created just as a transitional step and are often forgotten about and paid for. This is particularly valid during lift and shift migration where customers choose to initially match resources that were in a fixed, non-flexible environment, ending up with overallocated services. Cleaning up unused items—as a first approach—represents one of the short-term, quick wins for cost-saving. When inserted into a recurring process, this will also help you uncover any unassigned or unutilized infrastructure (with operational downfalls) and, in general, uncover gaps in your processes that might have a wider impact than costs. You should plan to periodically assess the evolution of your infrastructure for any resources that may have been left unassigned and add this to your technical debt management operations.

3. Azure reservations and savings plans

These are a 1- or 3-year commitment to specific Microsoft Azure services or compute use. In exchange for this, significant cloud computing cost savings are granted. This is a very important area of cost governance, as it can amount to very large savings, even though it has practically zero impact on the carbon footprint. We recommend using reservations and savings plans once the right-sizing and cleanup processes have successfully started and periodically track and adjust their usage to match up to 100 percent of your requirements.

4. Database and application tuning

We often see customers migrate applications that rely on legacy databases. Sometimes, even cloud-native applications are developed using old data handling patterns, mostly because companies have a history that needs to be retained and cannot be wiped out by switching to a new database. But a large, stratified database that was doing well in an on-premises environment, has immediate drawbacks in the cloud—queries may be slow and resource-intensive, and data is uselessly exchanged and in large quantities which all adds up to the monthly bill. Optimizing the database so that the application is leaner and faster will also save you money by downsizing the original infrastructure and using fewer data and networking resources.

Having fully optimized your databases can, sometimes, not be enough. Your freshly migrated application came from one of the cloud migration patterns—lift and shift, refactor, rearchitect, and rebuild. Their cloud efficiency is higher when applications are designed for the cloud, as they will utilize all the flexibility and scaling of infrastructure as a service (IaaS) and platform as a service (PaaS) services, with the result of higher performance and lower costs. Investing some of the savings from your cloud cost reduction exercise will not only improve your application performance but in the end improve your overall cloud resource optimization.

What can you do to kickstart your cloud computing efficiency today:

Start your recurrent cloud cost management meeting this week. Make sure to invite all the stakeholders—the cloud and finops teams, your finance controller, and anyone in your company who is dealing with cloud costs directly or indirectly.

Search for quick wins (cleaning up, downsizing, optimizing logs or backups, and more) so that this will fund the upcoming wave of cost-saving tasks and the refactoring and innovation of your applications.

In conclusion, cloud computing efficiency is a crucial element for any company that is operating in the cloud. By adopting cloud spend optimization practices, businesses can reduce their overall cloud spend and carbon emissions, improve the performance of their applications, and finance future elements of innovation.

Learn more

If you’d like more on optimizing your Azure costs, download the full e-book The Road to Azure Cost Governance by Paola Annis and Giuliano Caglio.
Quelle: Azure

Unleash the power of APIs: Strategies for innovation

Modern businesses increasingly rely on technology to drive growth and deliver innovative experiences to their customers. Application programming interfaces (APIs) are the building blocks that power these connected digital experiences. And more than ever, effective API management has become critical to accelerate time-to-market and deliver compelling customer and partner interactions.

We are excited to announce, "Unleash the Power of APIs: Strategies for Innovation", the latest in the Microsoft Azure webinar series on April 26, 2023, from 10:00 AM to 11:30 AM PT. In this 90-minute interactive virtual session, you will hear from analysts, product leaders, and Microsoft Azure API Management customers on how API management can maximize your investments and accelerate your API programs.

From security to development, first-hand customer accounts to analyst insights, this event will cover why APIs are so important today and in the future. Here’s a preview of what we’ll have featured at the webinar:

API-first businesses transformation

Amanda Silver, Corporate Vice President and Head of the Product Developer Division at Microsoft

We’re all hearing a lot about API-first development these days, and for good reason. The impact of API-first development is huge—An API-first approach promotes faster development, better collaboration, scalability, reusability, and enhanced security for developers. But what does API-first mean for businesses? And how do you implement this strategy?

The event will kick off with Amanda sharing insights on what API-first means and how it’s a game changer for businesses to achieve faster time-to-market, better integration, and accelerated innovation. She will also discuss the role of the Azure API Management platform in supporting an API-first strategy.

Market trends and API-driven innovation

Shari Lava, IDC Research Director Automation, and Ashmi Chokshi, General Manager Azure Digital and Application Innovation, Microsoft

Businesses are increasingly adopting digital-first strategies to stay competitive in today’s fast-moving market and economy, and as a result, interest in APIs is surging as they become critical to these strategies.

Join Shari and Ashmi in a conversation about what’s driving the adoption of APIs now and why APIs are critical to driving competitive innovation and business differentiation. Shari will also discuss why it is crucial to invest in an API management solution, the market trends in the adoption of API management tools, and the factors to consider when choosing one based on your business needs.

Enterprise scale API management with Azure

Balan Subramanian, Partner Director of Product Management Azure App Platform, Microsoft

If you’ve been curious about how Azure API Management is empowering our customers to drive superior business outcomes, don’t miss this overview on Azure API Management from Balan.

With Azure API Management, organizations can manage every aspect of an API's lifecycle, from its inception to productization, across their API footprint, whether it's on-premises, on Azure, or on other clouds. Additionally, the developer portal and customizations allow platform engineering teams to create their API platforms on top of Azure API Management, tailoring it to their unique business requirements. Azure API Management is also fully integrated into Azure, making it an ideal solution for organizations migrating application workloads to the cloud without any overhead of using disparate solutions for building and managing their APIs.

API-first approach in the mortgage industry

Matt Cesarz, Chief Technology Officer, Optimal Blue, and Ali Powell, Vice President, Customer Success Digital and Application Innovation, Microsoft

In this customer session, Optimal Blue, a leading mortgage provider in the United States, talks about their successful partnership and journey with Azure API Management. Matt explains how adopting an API-first mindset enabled them to create frictionless customer experiences, deliver innovations faster, and drive growth.

Comprehensive defense-in-depth security with Azure API Management

APIs have become a popular attack vector, making defense-in-depth a crucial strategy for protecting enterprise data vaults against security threats. Without that level of protection, organizations are leaving themselves vulnerable to a range of security threats, including malicious attacks and data exfiltration.

Attend this session and learn how Azure API Management enables a defense-in-depth strategy through multiple layers of protection to prevent, detect, and respond to API threats. Balan will also cover the latest innovations that can further strengthen the security posture of your APIs.

Customer-centric healthcare with APIs

Blake Wilson, Integration and Site Reliability Engineering Manager, Technology, Bupa, and Ali Powell, Vice President, Customer Success Digital and Application Innovation, Microsoft

In this customer session, Bupa, one of the largest global medical insurance providers—with a large presence in Australia—talks about their successful innovations built with Azure API Management. Blake explains how leading with APIs has enabled them to enhance partner collaboration, improve security posture, and increase developer productivity.

Line of business innovation with Azure API Management

For businesses, low-code development and enterprise integration are two key strategic areas of investment that can drive innovation. By enabling seamless collaboration among application, integration, and low-code developers, these integrations can help accelerate innovation across all areas of your organization.

Hear from Balan about the Azure API Management integrations with Microsoft Power Platform to facilitate low-code development. You will also learn that Azure API Management is a core component of Azure Integration Services and is tightly integrated with other services such as Azure Logic Apps, Azure Functions, Azure Service Bus, and managed connectors enabling API-centered integration.

Join the live event to connect with experts

Join the live event to participate in a live question and answer chat and have your most pressing API questions answered by Microsoft experts. Connect with business leaders and peers who are also making the journey to app modernization.

Register now for the “Unleash the Power of APIs: Strategies for Innovation” event to learn how we can deliver innovation faster together.

Discover more about Azure API Management.
Quelle: Azure

Isovalent Cilium Enterprise in Azure Marketplace

This post was co-authored by Narayan Annamalai, Partner PM Manager, Microsoft Azure.

In December 2022, Microsoft and Isovalent announced the collaboration to bring the Isovalent Cilium Enterprise offering onto Azure Kubernetes Services (AKS) via Azure Marketplace. Today, we are happy to announce that Isovalent Cilium Enterprise offering is now available on the Azure Marketplace.

Isovalent Cilium Enterprise on Azure is a powerful tool for securing and managing Kubernetes’ workloads on Azure. Isovalent Cilium Enterprise's range of advanced features and easy-to-deploy ability makes it an ideal solution for organizations of all sizes looking to secure their cloud-native applications.

Enterprises realize that to achieve accelerated business growth, they can leverage AKS. However, as applications scale, there is increased complexity with security and networking. Isovalent Cilium Enterprise, which is built on top of the open-source Cilium project, addresses these gaps by providing additional functionality such as advanced observability and security policy enforcement across multiple layers of the stack. It uses eBPF technology to deliver network and application-layer security, while also providing observability and tracing for Kubernetes workloads. Isovalent Cilium Enterprise also provides seamless integration with popular Kubernetes platforms and tools, including Istio, Helm, and more, thereby making it a trusted offering among organizations. Azure Marketplace is an online store for buying and selling cloud computing solutions that allows you to deploy Isovalent Cilium Enterprise to Azure with ease.

With such a tight and native integration of Isovalent Cilium Enterprise with Azure Marketplace, customers can deploy and upgrade Isovalent Cilium Enterprise features to a new or existing AKS cluster (running Azure CNI powered by Cilium) with a few clicks. Isovalent Cilium Enterprise is built with native integration with the Azure networking platform to offer advanced features and capabilities with best-in-class performance and scale. Furthermore, customers can seamlessly perform lifecycle management of the application by receiving version updates, auto-upgrades, and vulnerability scans thus allowing them to achieve their business goals effectively. They also benefit from the simplified billing from Azure Marketplace. Whether customers are just getting started with AKS or have a large-scale production deployment, Isovalent Cilium Enterprise on Azure Marketplace will help them achieve better visibility, security, and compliance. The myriad benefits of a trusted and secure platform such as Azure Marketplace will accrue savings by limiting management overhead and driving productivity for enterprises at scale.

Key capabilities for Azure Kubernetes Services customers

To recapture, Isovalent Cilium Enterprise provides a range of advanced features built on Kubernetes networking, security, and observability. Here are just a few of the key capabilities that Isovalent Cilium Enterprise exposes to AKS customers:

•    Enhanced observability: Isovalent Cilium Enterprise provides deep visibility into your Kubernetes networking and security via Hubble. This includes detailed flow-level visibility, service mesh tracing, and more.

•    Advanced security: Isovalent Cilium Enterprise provides multi-layer security policy enforcement, including layer 7 application security policies. This allows you to protect your Kubernetes environment from advanced threats while also ensuring compliance with industry regulations.

•    Better Scalability: Isovalent Cilium Enterprise is designed to scale with your Kubernetes workloads, providing security and observability for large-scale Kubernetes clusters.

•    Enterprise-grade support: Isovalent Cilium Enterprise includes enterprise-grade support from Isovalent, including everyday support and access to patches and updates.

Start your journey with Isovalent Cilium Enterprise on Azure

To get started with Isovalent Cilium Enterprise on Azure, simply navigate to the Azure Marketplace from the Azure Portal and search for "Cilium Enterprise." You can choose between different options based on the number of nodes in your cluster and the level of support you require. Once you have selected your subscription and accepted the terms, you can deploy Isovalent Cilium Enterprise to your Kubernetes cluster with just a few clicks.

The benefits of Isovalent Cilium Enterprise through Azure Marketplace

The key benefits of using Isovalent Cilium Enterprise in the Azure Marketplace include:

•    Easy deployment: You can deploy Isovalent Cilium Enterprise on Azure with just a few clicks from the Azure Marketplace. You can either create a new AKS cluster or seamlessly upgrade an existing AKS cluster running Azure CNI powered by Cilium with the Isovalent Cilium Enterprise package.

•    Zero data path downtime while upgrading Cilium OSS to Isovalent Cilium Enterprise via Azure Marketplace.

•    Enhanced billing experience: Azure Marketplace provides a unified billing experience and an integrated experience for your Isovalent Cilium Enterprise usage.

•    Limited management overhead for customers in maintaining the upgrades. Azure Marketplace supports configurable auto-upgrades for minor versions.

Get started today

Try Isovalent Cilium Enterprise out today on the Azure Marketplace.

Read the blog post "Isovalent Cilium Enterprise now Available on Microsoft Azure Marketplace."

For more information on the Isovalent Cilium Enterprise product and capabilities, visit Isovalent Cilium Enterprise: Observability, security, networking.
Quelle: Azure

Inside Azure for IT: 3 cloud strategies to navigate market uncertainty

The saying, “the only thing constant is change,” is one I can’t seem to get out of my head these days, and also seems to resonate with customers I talk to given the dynamic market changes, macroeconomic headwinds, geopolitical tensions, and labor constraints we're all living in currently. That’s why for this episode of Inside Azure for IT, we’re bringing you three discussions about cloud strategies that can help you not only successfully navigate some of today's uncertainties, but also build agility and increase efficiency while you move ahead.

In part one, we discuss how migrating and modernizing your business with the cloud can help you achieve efficiencies and the scalability you need to meet changing business demands. The pandemic fundamentally shifted the technology landscape and accelerated the pace of digital transformation across all industries. If you’re working with existing IT platforms that limit the agility you need to be successful, moving strategic workloads to the cloud can help you deliver on customer demand and gain a competitive advantage.

In part two, we dive into how you can optimize your IT investments and realize the full power of the cloud quickly by configuring workloads for maximum efficiency and cost savings. As technology evolves, many orginizations will need to re-think how their technology strategy aligns with their business objectives. For example, if you're operating your business primarily on premises, you might decide that you can’t afford, or don’t want to invest in, running more of your own servers, hardware, or storage to keep up with continually evolving IT infrastructure. Taking advantage of the economies of scale that a cloud provider offers can help you reduce technical debt and optimize your operations for better efficiency.

Finally, in part three, we look at today’s ever-changing security landscape and why a strong security posture is critical to growing your business. Now more than ever, IT leaders need to adopt the right security strategy to protect against ransomware attacks, supply chain software compromises, and data breaches. Microsoft shares best practices and invests heavily in cybersecurity so you can run your business more securely and efficiently—because when your business is protected, teams can innovate fearlessly and focus on what they do best.

As I reflect on my own personal strategies managing through change, I find it always helps to focus on what you can control. That gives you a way to anchor your thinking and build certainty out of the uncertain. Each of these strategies offers a point of view on what you can control within your environment and a place to start.

Inside Azure for IT, Episode 5: Three cloud strategies to help you navigate market uncertainty

The episode is divided into three separate segments so you can watch them individually, on demand, and at your convenience.

Part one: Navigate market uncertainty by migrating and modernizing with Azure

Guest: Sathish Rajappa, Vice President of Global Platform Technology Sales at Blue Yonder

In the first segment, Sathish Rajappa from software provider Blue Yonder joins me to share some insights from their own modernization journey, and how their strategic partnership with Microsoft enhances their software as a service (SaaS) solutions to help customers accelerate digital transformation. We also talk about how you can optimize spending by consolidating systems to a few solution providers, and how adopting AI and machine learning at scale can help you solve specific use cases and gain a competitive advantage.

Watch now >

Part two: Optimize IT investments to maximize efficiency and reduce cloud spend

Guest: Henry O’Connell, Chief Executive Officer and Co-Founder of Canary Speech

In the second segment, I talk with Henry O’Connell at Canary Speech about how they use Microsoft Azure to power their vocal biomarker screening technology to help healthcare professionals use conversational speech to screen for mood changes and diseases. With this technology, clinicians can recognize conditions such as depression, anxiety, stress, and more in a matter of seconds. Henry shares a few reasons why Canary Speech chose to move from another cloud provider to Azure to grow their business, how they used resources like the Azure Well-Architected Framework to configure workloads for maximum efficiency and cost savings, as well as some exciting innovations Canary Speech is pursuing with Azure. 

Watch now >

Part three: Strengthen your security posture to innovate fearlessly and grow your business

Guest: Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity and Privacy

In the third segment, I’m joined by my friend and colleague Vasu Jakkal to talk about how Microsoft is navigating the ever-changing global challenges of today’s security landscape. Vasu explains how Microsoft’s investments in cybersecurity are helping customers run their businesses more securely and efficiently while minimizing disruptions, and we end with an inspiring discussion about how strengthening your security posture can help you innovate fearlessly in challenging times.  

Watch now >

What’s next for Inside Azure for IT

Beyond this latest episode, there are many more fireside chat videos, tutorials, and cloud-skilling resources available through Inside Azure for IT. Learn more about empowering an adaptive IT environment with best practices and resources designed to enable productivity, digital transformation, and innovation. You can also take advantage of technical training videos and learn about implementing some of the scenarios we discuss in this episode.

Watch past episodes of the Inside Azure for IT fireside chats
Register for the free Securely Migrate and Optimize with Azure digital event on April 26, 2023.
Future-proof your business and do more with less on Azure. 

Quelle: Azure

Announcing the general availability of Azure CNI Overlay in Azure Kubernetes Service

This post was co-authored by Qi Ke, Corporate Vice President, Azure Kubernetes Service.

Today, we are thrilled to announce the general availability of Azure CNI Overlay. This is a big step forward in addressing networking performance and the scaling needs of our customers.

As cloud-native workloads continue to grow, customers are constantly pushing the scale and performance boundaries of our existing networking solutions in Azure Kubernetes Service (AKS). For Instance, the traditional Azure Container Networking Interface (CNI) approaches require planning IP addresses in advance, which could lead to IP address exhaustion as demand grows. In response to this demand, we have developed a new networking solution called "Azure CNI Overlay".

In this blog post, we will discuss why we needed to create a new solution, the scale it achieves, and how its performance compares to the existing solutions in AKS.

Solving for performance and scale

In AKS, customers have several network plugin options to choose from when creating a cluster. However, each of these options have their own challenges when it comes to large-scale clusters.

The "kubenet" plugin, an existing overlay network solution, is built on Azure route tables and the bridge plugin. Since kubenet (or host IPAM) leverages route tables for cross node communication it was designed for, no more than 400 nodes or 200 nodes in dual stack clusters.

The Azure CNI VNET provides IPs from the virtual network (VNET) address space. This may be difficult to implement as it requires a large, unique, and consecutive Classless Inter-Domain Routing (CIDR) space and customers may not have the available IPs to assign to a cluster.

Bring your Own Container Network Interface (BYOCNI) brings a lot of flexibility to AKS. Customers can use encapsulation—like Virtual Extensible Local Area Network (VXLAN)—to create an overlay network as well. However, the additional encapsulation increases latency and instability as the cluster size increases.

To address these challenges, and to support customers who want to run large clusters with many nodes and pods with no limitations on performance, scale, and IP exhaustion, we have introduced a new solution: Azure CNI Overlay.

Azure CNI Overlay

Azure CNI Overlay assigns IP addresses from the user-defined overlay address space instead of using IP addresses from the VNET. It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work. This also allows this overlay addressing space to be reused for different AKS clusters even when connected via the same VNET.

When a node joins the AKS cluster, we assign a /24 IP address block (256 IPs) from the Pod CIDR to it. Azure CNI assigns IPs to Pods on that node from the block, and under the hood, VNET maintains a mapping of the Pod CIDR block to the node. This way, when Pod traffic leaves the node, VNET platform knows where to send the traffic. This allows the Pod overlay network to achieve the same performance as native VNET traffic and paves the way to support millions of pods and across thousands of nodes.

Datapath performance comparison

This section sneaks into some of the datapath performance comparisons we have been running against Azure CNI Overlay.

Note: We used the Kubernetes benchmarking tools available at kubernetes/perf-tests for this exercise. Comparison can vary based on multiple factors such as underlining hardware and Node proximity within a datacenter among others. Actual results might vary.

Azure CNI Overlay vs. VXLAN-based Overlay

As mentioned before, the only options for large clusters with many Nodes and many Pods are Azure CNI Overlay and BYO CNI. Here we compare Azure CNI Overlay with VXLAN-based overlay implementation using BYO CNI.

TCP Throughput – Higher is Better (19% gain in TCP Throughput)

Azure CNI Overlay showed a significant performance improvement over VXLAN-based overlay implementation. We found that the overhead of encapsulating CNIs was a significant factor in performance degradation, especially as the cluster grows. In contrast, Azure CNI Overlay's native Layer 3 implementation of overlay routing eliminated the double-encapsulation resource utilization and showed consistent performance across various cluster sizes. In summary, Azure CNI Overlay is a most viable solution for running production grade workloads in Kubernetes.

Azure CNI Overlay vs. Host Network

This section will cover how pod networking performs against node networking and see how native L3 routing of pod networking helps Azure CNI Overlay implementation.

Azure CNI Overlay and Host Network have similar throughput and CPU usage results, and this reinforces that the Azure CNI Overlay implementation for Pod routing across nodes using the native VNET feature is as efficient as native VNET traffic.

TCP Throughput – Higher is Better (Similar to HostNetwork)

Azure CNI Overlay powered by Cilium: eBPF dataplane

Up to this point, we’ve only taken a look at Azure CNI Overlay benefits alone. However, through a partnership with Isovalent, the next generation of Azure CNI is powered by Cilium. Some of the benefits of this approach include better resource utilization by Cilium’s extended Berkeley Packet Filter (eBPF) dataplane, more efficient intra cluster load balancing, Network Policy enforcement by leveraging eBPF over iptables, and more. To read more about Cilium’s performance gains through eBPF, see Isovalent’s blog post on the subject.

In Azure CNI Overlay Powered by Cilium, Azure CNI Overlay sets up the IP-address management (IPAM) and Pod routing, and Cilium provisions the Service routing and Network Policy programming. In other words, Azure CNI Overlay Powered by Cilium allows us to have the same overlay networking performance gains that we’ve seen thus far in this blog post plus more efficient Service routing and Network Policy implementation.

It's great to see that Azure CNI Overlay powered by Cilium is able to provide even better performance than Azure CNI Overlay without Cilium. The higher pod to service throughput achieved with the Cilium eBPF dataplane is a promising improvement. The added benefits of increased observability and more efficient network policy implementation are also important for those looking to optimize their AKS clusters.

TCP Throughput – Higher is better

To wrap up, Azure CNI Overlay is now generally available in Azure Kubernetes Service (AKS) and offers significant improvements over other networking options in AKS, with performance comparable to Host Network configurations and support for linearly scaling the cluster. And pairing Azure CNI Overlay with Cilium brings even more performance benefits to your clusters. We are excited to invite you to try Azure CNI Overlay and experience the benefits in your AKS environment.

To get started today, visit the documentation available.
Quelle: Azure

5 reasons to join us at Securely Migrate and Optimize with Azure

Did you know you can lower operating costs by 40 percent1 when you migrate Windows Server and SQL Server to Azure versus on-premises? Furthermore, you can improve IT efficiency and operating costs by 53 percent by automating management of your virtual machines in cloud and hybrid environments2. To maximize the value of your existing cloud investments, you can utilize tools like Microsoft Cost Management and Azure Advisor. A recent study showed that our customers achieve up to 34 percent reduction in Azure spend in the first year by using Microsoft Cost Management3. To learn more about how to achieve efficiency and maximize cloud value with Azure, join us at Securely Migrate and Optimize with Azure digital event on Wednesday, April 26, 2023, at 9:00 AM–11:00 AM Pacific Time.

When migrating to the cloud, consider that Windows Server and SQL Server perform best on Azure. Using managed Azure SQL Server in the cloud can help maximize performance and value. Azure SQL meets your mission-critical requirements up to 5 times faster and costs up to 93 percent less than AWS4. Additionally, you can cost-effectively retire legacy workloads that are reaching end-of-support by reducing your technical debt in a secure way with free Extended Security Updates on Azure for Windows Server 2012/R25. Plus, save up to 85 percent over the standard pay-as-you-go rate by bringing your Windows Server and SQL Server on-premises licenses to Azure6.

Maximize the value of your existing cloud investments by controlling cloud spend, improving workload efficiency, and optimizing workload costs. Microsoft Cost Management helps you understand your Azure bill, provides data analysis to costs, sets spending thresholds, and identifies opportunities for workload changes to optimize your costs. Azure Advisor provides personalized best practices for you to optimize your Azure workloads. Use guidance within the Cloud Adoption Framework and Azure Well-Architected Framework to ensure your teams follow Microsoft best practices for cost optimization throughout the cloud journey.

Drive market differentiation and emerge stronger with intelligent apps infused with AI. When you modernize using App Service you get built-in infrastructure maintenance, security patching, and scaling so you can quickly build apps instead of managing infrastructure. Production-ready cloud AI services enable you to infuse intelligence into your cloud apps and drive new efficiency and market differentiation for common business processes and unlock new scenarios with Azure AI.

Here are five reasons why you should attend this event:

Get expert guidance to gain efficiency by securely migrating and optimizing your Windows Server and SQL Server workloads.
Maximize cloud value with tools, resources, and expertise from Azure to optimize your existing cloud investments.
See demos with step-by-step guidance on how to stay secure and manage complex hybrid IT environments.
Get a walkthrough of tools for self-guided migration including how to discover, assess, and migrate with Azure Migrate.
Ask the experts by posting your questions during the live chat Q&A. This event features a live forum so you can exchange questions and answers with subject matter experts.

Learn more

Learn more from Azure experts on how to increase efficiency and maximize the value of your Windows Server and SQL Server investments. Discover best practices and tips to migrate, optimize, and modernize your infrastructure, apps, and data in the cloud with Azure. Hear customer success stories and learn how to make a business case for migration. And get hands-on experience with demos on how to discover, assess, and start migrating your Windows Server and SQL Server workloads. Register for Securely Migrate and Optimize with Azure free digital event today and join us on Wednesday, April 26, 2023, 9:00 AM–11:00 AM Pacific Time.

Source:

1 The Business Value of Microsoft Azure for Windows Server and SQL Server Workloads

2 The Business Value of Migrating and Modernizing with Azure

3 The Total Economic Impact™ of Microsoft Cost Management and Billing

4 Microsoft Azure SQL Managed Instance (principledtechnologies.com)

5 Free Extended Security Updates for Windows Server 2012/R2, only on Azure

6 Azure Hybrid Benefit
Quelle: Azure

Manage your APIs with Azure API Management’s self-hosted gateway v2

Our industry has seen an evolution in how we run software. Traditionally, platforms were running in on-premises datacenters but started to transition to the cloud. However, not all workloads can move or customers want to have resiliency across clouds and edge which introduced multi-cloud scenarios.

With our self-hosted gateway capabilities, customers can use our existing tooling to extend to their on-premises and multi-cloud APIs with the same role-based access controls, API policies, observability options, and management plane that they are already using for their Azure-based APIs.

New to the self-hosted gateway, how does it work?

When deploying an Azure API Management instance in Azure customers get three main building blocks:

A developer portal (also called user plane) for allowing internal and external users to find documentation, test APIs, get access to APIs, and see basic usage data among other features.
An API gateway (also called data plane), which contains the main networking component that exposes API implementations, applies API policies, secures APIs, and captures metrics and logs of usage among other features.
Finally, a Management Plane, which is used through the Azure Portal, Azure Resource Manager (ARM), Azure Software Development Kits (SDKs), Visual Studio and Code extensions, and command-line interfaces (CLIs) that allow to manage and enforce permissions to the other components. Examples of this are setting up APIs, configuring the infrastructure, and defining policies.

Figure 1: Architecture diagram depicting the components and features of Azure API Management Gateway.

In the case of the self-hosted gateway, we provide customers with a container image that hosts a version of our API Gateway. Customers can run multiple instances of this API Gateway in non-Azure environments and the only requirement is to allow outbound communications to the Management Plane of an Azure API Management instance to fetch configuration and expose APIs running in those non-Azure environments.

Figure 2: Architecture diagram depicting the components of a distributed API Gateway solution using the self-hosted gateway.

Supported Azure API Management tiers

The self-hosted gateway v2 is now generally available and fully supported. However, the following conditions apply:

You need an active Azure API Management instance; this instance should be on the Developer tier or Premium tier.

In the developer tier, in this case the feature is free for testing, with limitations of one active instance.
In the Premium tier, you can run as many instances as you want. Learn more about pricing at our pricing table.

Azure API Management will always provision an API Gateway in Azure, which we typically call our managed API gateway.

Be aware that there are differences in features between our various API gateway offerings. Learn more about the differences in our documentation.

Pricing and gateway deployment

In the case of the self-hosted gateway, we can define a self-hosted gateway by assigning a name to our gateway, a location (which is a logical grouping that aligns with your business, not an Azure region), a description, and finally what APIs we want to expose in this gateway. This allows us to do physical isolation of APIs at the gateway level, which is only possible in the self-hosted gateway at this moment. This combination of location, APIs, and hostname is what defines a self-hosted gateway deployment, this “self-hosted gateway deployment” should not be confused with a Kubernetes “deployment” object.

For example, using a single deployment, where the same APIs are configured in all locations:

Figure 3: Architecture diagram describing the pricing model for a single deployment of a self-hosted gateway.

However, you can also create multiple self-hosted gateway deployments to have more granular control over the different APIs that are being exposed:

Figure 4: Architecture diagram describing the pricing model for two deployments of a self-hosted gateway.

Supportability and shared responsibilities

Another important aspect is the support, in the case of the self-hosted gateway, the infrastructure is not necessarily managed by Azure, therefore as a customer you have more responsibilities to ensure the proper functioning of the gateway:

Microsoft Azure

Shared Responsibilities

Customers

Managed service service level agreements ( SLA), for the management plane, access to configuration and ability to receive telemetry.

Securing self-hosted gateway communication with Configuration endpoint: the communication between the self-hosted gateway and the configuration endpoint is secured by an access token, this token expires automatically every 30 days and needs to be updated for the running containers.

Gateway hosting, deploying, and operating the gateway infrastructure: virtual machines with container runtime or Kubernetes clusters.

Gateway maintenance, bug fixes and patches to container image.

Keeping the gateway up to date: regularly updating the gateway to the latest version and latest features.

Network configuration, necessary to maintain management plane connectivity and API access.

Gateway updates, performance, and functional improvements to container image.

 

Gateway SLA, capacity management, scaling, and uptime

 

 

Keeping the gateway up to date, regularly updating the gateway to the latest version and latest features.

 

 

Providing diagnostics data to support, collecting, and sharing diagnostics data with support engineers

 

 

Third party open-source software (OSS ) software components, adding additional layers like Prometheus, Grafana, service meshes, container runtimes, Kubernetes distributions, proxies are customer responsibility.

New features and capabilities of v2 and v1 retirement

When using the latest versions of our v2 container image, tag 2.0.0 and or higher, you would be able to use the following features:

Opentelemetry metrics: the self-hosted gateway can be configured to automatically collect and send metrics to an OpenTelemetry Collector. This allows you to bring your own metrics collection and reporting solution for the self-hosted gateway. Here you can find a list of supported metrics.
New image tagging: we provide four tagging strategies to meet your needs regarding updates, stability, patching, and production environments.
Helm chart: a new deployment option with multiple variables for you to configure at deployment time like backups, logs, OpenTelemetry, ingress, probes, and also Distributed Application Runtime (DAPR) configurations. This helm chart together with our sample Yaml files can be used for automated deployments with continuous integration and continuous delivery (CI and CD ) tools or even Gitops tools.
Artifact registry: you can find all our artifacts in our centralized Microsoft Artifact Registry for all the container images provided by Microsoft.
New EventGrid events: a new batch of supported EventGrid events related to the self-hosted gateway operations and configurations. The full list of events can be found here.

Please remember that we will be retiring support for the v1 version of our self-hosted gateway, so this is the perfect time to upgrade to v2. We also provide a migration guide and a guide for running the self-hosted gateway in production.
Quelle: Azure

How 5G and wireless edge infrastructure power digital operations with Microsoft

As enterprises continue to adopt the Internet of Things (IoT) solutions and AI to analyze processes and data from their equipment, the need for high-speed, low-latency wireless connections are rapidly growing. Companies are already seeing benefits from deploying private 5G networks to enable their solutions, especially in the manufacturing, healthcare, and retail sectors.

The potential of 5G and multi-access edge computing (MEC) has evolved substantially. As they are fully ready to enable the next-generation of digital operations, it is important to highlight some recent successful deployments that provide high speeds and ultra-low latency.

These findings have been included in the latest Digital Operations Signals report. Where our previous industry trends report, IoT Signals, gave insight for audiences into IoT, we thought it was important for this latest report to go beyond IoT and into the world of digital operations. The report now encompasses the business outcomes that organizations are pursuing to unlock the next level of improvements in efficiency, agility, and sustainability in their physical operations utilizing AI, machine learning, digital twins, 5G, and more.

As 5G connections and mobile edge computing continue to advance, so does the demand for its adoption. Interestingly, the Digital Operations Signals report found that cloud radio access networks (C-RAN), private Wi-Fi networks, and MEC technologies are not just continuing to develop, but they are also likely to converge. This means we could see more unified on-site network architectures with faster, more powerful computing.

What can 5G infrastructure deliver?

Traditionally, local connectivity in business sites—such as hospitals, clinics, warehouses, and factories—was provided by Ethernet and Wi-Fi. While Wi-Fi is still in common use for enterprise on-premises connections, it doesn’t always offer the bandwidth, latency, security, and reliability needed for demanding IoT solutions, particularly for rugged operational environments. The wider availability of 5G connectivity is spurring growth in new edge solutions and an increasing number of IoT device connections. It is now possible to have higher throughput and latency as low as 100 milliseconds or less for a device to respond to a hosting server’s request.

But the adoption of 5G is more than just a network upgrade. Instead, it’s ushering in a new category of network-intelligent applications that can solve problems that were once out of reach. With 5G, you can deploy edge applications based on cloud-native distributed architecture for solutions that demand low latency and dedicated quality of service. By using 5G and leveraging APIs to interact with networks, these applications can deliver high-performing, optimized experiences.

How is 5G being used by enterprises today?

In factory settings, for example, AI requires low latency to improve control processes and robotic systems, recognize objects through advanced computer vision, and effectively manage warehouse and supply chain operations. In this scenario, 5G and MEC can help power computer vision-assisted product packing and gather near-real-time data on any mistakes. This opens the potential to improve on-site quality assurance for logistics and supply chain companies and reduce processing times.

In healthcare, 5G connections support AI’s use in medical diagnoses, health monitoring, predictive maintenance and monitoring of medical systems, and telemedicine applications. In retail operations, low-latency connections allow AI to help with real-time inventory management, in-store video traffic, and in-store real-time offers.

The 5G architecture consists of three different network tiers—low band, midband, and millimeter wave (mmWave) high band—that offer different advantages and disadvantages in coverage distances and speed. Additionally, key 5G services specialize in providing different features:

Enhanced mobile broadband (eMBB): By defining a minimum level of data transfer rate, eMBB can provide ultra-high wireless bandwidth capabilities, handling virtual reality, computer vision, and large-scale video streaming.
Massive machine-type communications (mMTC): Designed for industrial scenarios and other environments requiring numerous devices to be connected to each other, mMTC could be used with IoT solutions or large spaces with a variety of devices that would need to communicate together.
Ultra-reliable low-latency communications (URLLC): This is designed for use cases that require extremely low latency and high reliability. This would benefit situations where responsiveness is critical, such as public safety and emergency response uses, remote healthcare, industrial automation, smart energy grids, and controlling autonomous vehicles.

Using these services to achieve high speeds and performance, however, requires businesses to upgrade network technology and update their older wireless and edge architectures. To help overcome these challenges, enterprises are turning to the right combination of hardware, software, and cloud services that can optimize 5G at the edge.

How are Microsoft and Intel empowering 5G solutions?

Microsoft and Intel understand the many challenges that enterprises face. By working with telecom hyper scalers, independent solution providers, and other partners, we are providing 5G infrastructure and network services that are easily adaptable for use cases in many sectors. Azure private multi-access edge compute (MEC) helps operators and system integrators simplify the delivery of ultra-low-latency solutions over 4G and 5G netwworks. By reducing integration complexity, enterprises can innovate new solutions and generate new revenue streams.

Intel has designed a range of hardware to power 5G edge network activities and improve content transmission and processing. By providing foundational technology to run 5G, they are working to help standardize and simplify its use and create more unified edge applications and services. By helping customers securely and efficiently deploy 5G across industries, they can reap the benefits of 5G without complicated or extended timelines.

Learn more about 5G at the edge

For the manufacturing industry, 5G can bring compute power closer to challenges that need to be solved. While 5G adoption is still in its early stages in many industries, Microsoft and Intel are advancing the evolution and growing deployment of 5G and supporting the development of new solutions and use cases with their hardware, software, and services.

For additional insights on the current trends and recent findings, check out the Digital Operations Signals report.

We also have smart factory use cases available, and you can download the business use case and technical use case for more information on the value drivers, total cost of ownership, and technical design. Enterprises interested in any of the solutions listed above can contact our partners via Azure Marketplace, or contact the Azure private MEC team.

Finally, to learn more about how Microsoft is helping organizations adopt 5G with connected applications, sign up for news and updates delivered to your inbox.
Quelle: Azure

Announcing Project Health Insights Preview: Advancing AI for health data

We live in an era with unprecedented increases in the size of health data. Digitization of medical records, medical imaging, genomic data, clinical notes, and more all contributed to an exponential increase in the amount of medical data. The potential benefit of leveraging this health data is enormous. However, with this growth in health data, new challenges arise, including the focus on data privacy and security, the need for data standardization and interoperability. There is a need for effective tools for extracting information that is buried in this data and using it to derive valuable insights, inferences, and deep analytics that can make sense of the data and support clinicians.

Today, I’m excited to announce Project Health Insights Preview. Project Health Insights is a service that derives insights based on patient data and includes pre-built models that aim to power key high value scenarios in the health domain. The models receive patient data in different modalities, perform analysis, and enable clinicians to obtain inferences and insights with evidence from the input data. These insights can assist healthcare professionals in understanding clinical data, like patient profiling, clinical trials matching, and more.

Project Health Insights—leveraging patient data to power actionable insights

Project Health Insights supports pre-built models that receive patient data in multiple modalities as their input, and produce insights and inferences that include:

Confidence scores: The higher the confidence score is, the more certain the model was about the inference value provided.
Evidence: linking model output with specific evidence within the input provided, such as references to spans of text reflecting the data that led to an insight.

Project Health Insights Preview includes two enterprise grade AI models that can be provisioned and deployed in a matter of minutes: Oncology Phenotype and Clinical Trial Matcher.

Oncology Phenotype is a model that enables healthcare providers to rapidly identify key cancer attributes within their patient populations with an existing cancer diagnosis. The model identifies cancer attributes such as tumor site, histology, clinical stage, tumor, nodes, and metastasis (TNM) categories and pathologic stage TNM categories from unstructured clinical documents.

Key features of the Oncology Phenotype model include:

Cancer case finding.
Clinical text extraction for solid tumors.
Importance ranking of evidence.

Clinical Trial Matcher is a model that matches patients to potentially suitable clinical trials, according to the trial’s eligibility criteria and patient data. The model helps with finding relevant clinical trials, that patients could be qualified for, as well as with finding a cohort of potentially eligible patients for a list of clinical trials.

Key Features of the Clinical Trial Matcher model include:

Support for scenarios that are:

Patient Centric: Helping patients find potentially suitable clinical trials and assess their eligibility against the trials criteria.
Trial Centric: Matching a trial with a database of patients to locate a cohort of potentially suitable patients.

Interactive Matching where the model provides insights into missing information that is needed to further narrow down the potential clinical trial list via an interactive experience.
Support for various modalities of patient data such as unstructured clinical notes, structured patient data, and Fast Healthcare Interoperability Resources (FHIR®) bundles.
Support for search across built-in knowledge graphs for clinical trials from clinicaltrials.gov as well as against a custom trial protocol with specific eligibility criteria.

Streamlining clinical trial matching and cancer research

According to the World Health Organization, the number of registered clinical trials increased by more than 4800 percent from 1999 to 2021. Today there are more than 82,000 clinical trials actively recruiting participants worldwide (based on clinicaltrials.gov), with increasingly complicated trial eligibility criteria. However, enrollment in clinical trials is based on manual screening of millions of patients, each with up to hundreds of clinical notes requiring review and analysis by a healthcare professional, making it an unsustainable process. Given this, it is not surprising that up to 80 percent of clinical trials miss their clinical trial enrollment timelines, and up to 48 percent fail to meet clinical trial enrollment targets according to data provided by Tufts University. The Clinical Trial Matcher model aims to solve this exact problem by effectively matching patients with diverse conditions to clinical trials for which they are potentially eligible through analysis of patient’s data and the complex eligibility criteria of clinical trials.

The Oncology Phenotype model allows physicians to effectively analyze cancer patients’ data based on their tumor site, tumor histology, and cancer staging. These models deliver crucial building blocks to realize the goals set out by the White House Cancer Moonshot initiative: to develop and test new treatments, to share more data and knowledge, to collaborate on tools that can benefit all, and to make progress towards ending cancer as we know it.

Providing value across the health and life sciences industry

John’s Hopkins University Medical Center is an early user of Project Health Insights. Dr. Srinivasan Yegnasubramanian is using the Oncology Phenotype model to leverage unstructured data to accelerate Cancer Registry curation efforts for patients with solid tumors.

Pangaea Data is a Microsoft partner working in health AI. “At Pangaea Data we help companies discover 22 times more undiagnosed, misdiagnosed, and miscoded patients by characterizing them through unlocking and summarization of clinically valid actionable intelligence from patient records in a federated privacy-preserving, scalable, and evolving manner. We are exploring using Project Health Insights to augment our own advanced capabilities for characterizing patients.”—Vibhor Gupta, Director and Founder, Pangaea Data.

Akkure Genomics helps patients utilize their own genomic data or DNA to improve their chances of finding a clinical trial. “At AKKURE GENOMICS we leverage Project Health Insights, which empowers our own AI and digital DNA platform capabilities, to help patients get matched to clinical trials based on their individual medical diagnoses, thus boosting enrollment, improving the chances of finding a precision-matched trial and accelerating discovery of new therapeutics and cures.”—Professor Oran Rigby, Chief Engineering Officer and Founder, Akkure.

Built with the end user in mind

Initial models were validated in a research setting through a strategic partnership between Microsoft and Providence to accelerate digital transformation in health and life sciences. These models can enable oncologists to substantially scale up their precision oncology capabilities and generate intelligence and insights useful to clinicians as well as beneficial to patients.

“Microsoft’s ability to structure complex concepts with their natural language processing tools for cancer has contributed significantly to our ability to build research cohorts and discuss cancer treatment options.”—Dr. Carlo Bifulco, Chief Medical Officer, Providence Genomics.

Microsoft will continue to expand capabilities within Project Health Insights to support additional health workloads and enable insights that will guide key decision-making in healthcare.

Microsoft continues to grow its portfolio of AI services for health

Microsoft continues to invest in AI services for the health and life sciences industry. Along with other new offerings in the Microsoft Cloud for Healthcare, we are pleased to announce new enhancements to Text Analytics for Health (TA4H).

The new enhancements include:

Social Determinants of Health (SDoH) and Ethnicity information extraction. The newly introduced SDoH and Ethnicity features enable extraction of social, environmental, and demographics factors from unstructured text. These factors will empower the development of more inclusive healthcare applications. Read more about it in our blog.
Temporal assertions—past, present, and future. The ability to identify the temporal context of TA4H entities whether in the past, present or future.

Customers can now extend TA4H to support custom entities based on their own data. Customers can now also extend the entities extracted by the service.

We are also excited to share that Azure Health Bot now has a new Azure OpenAI template in preview. The Azure Health Bot OpenAI template allows customers to extend their Azure Health Bot instance with Azure OpenAI Service for answering unrecognized utterances in a more intelligent way. This feature will be enabled through the Azure Health Bot template catalogue. Customers can choose to import this template into their bot instance using their Azure OpenAI resource endpoint and key, enabling fallback answers generated by GPT from trusted, medically viable sources that can be provisioned by customers. This feature provides a mechanism for customers to experiment with this capability as preview.1 Read more about this and how to apply responsible AI principles when implementing your own Health Bot instance in this blog.

We look forward to what the coming years will bring for the health and life sciences industry empowered by these new capabilities and the continued innovation we are seeing across AI and machine learning. The potential for improved precision care, quicker and more efficient clinical trials, and thereby drug and therapy availability and medical research is unparalleled. Microsoft looks forward to partnering with you and your organizations on this journey to improve the health of humankind.

Learn more

Project Health Insights Preview
Text analytics for Health
Azure Health Bot
Microsoft Cloud for Healthcare

1 At this time, we are offering the preview for internal testing and evaluation purposes only.

®FHIR is a registered trademark of Health Level Seven International, registered in the U.S. Trademark Office and are used with their permission.
Quelle: Azure