Kategorie: Microsoft Azure

Agile teams align and get to market faster with Mural and Microsoft

This blog post was authored by Jason Morris, Global Partner Technology Strategist and co-authored by Joyce Balas, Global Partner Development Manager and Ashley Kovich Ternan, Partner Marketing Specialist

During the last two years navigating changing economic climates and a global pandemic that shifted the way we work, we’ve learned that teams can continue to collaborate together productively and effectively in remote and hybrid settings. A recent Microsoft study shows that hybrid work works.1 The biggest risk of a hybrid workforce is not unproductive team members—it's that people are becoming burnt out from too many meetings and a lack of clear, defined priorities.

But it takes intention and leadership to design a company culture where collaboration workflows let everyone contribute equally in retrospectives, standups, planning, and other agile projects where bold ideas and clear alignment are critical to staying competitive in the market. Now, more than ever, agile teams, or any team focused on planning and strategizing are expected seamlessly connect and collaborate regardless of where everyone is working.

Microsoft, in partnership with Mural’s leading collaborative intelligence system, is filling a critical need. Powered by Microsoft Azure and integrated with Microsoft Teams, Mural enables dynamic meetings and teamwork turning ideas and insights into reality so remote work no longer inhibits co-creation. Mural's latest integration with the Microsoft ecosystem connects Azure DevOps to an intuitive workspace for teams to collaborate visually. Mural centers around a digital whiteboard and includes pre-built frameworks that guide and structure collaborative work, including templates for agile ceremonies and LUMA design thinking practices. Facilitation tools built into the product, like voting and a timer, make it intuitive for teams to work together intentionally and make it easier for everyone to contribute. Mural’s new integration with Azure DevOps is the connective tissue for agile teams, no matter where they’re working.

Level up your team’s next collaboration session with Mural and Azure DevOps

With Mural’s new integration, Mural and Azure DevOps customers can now save time and jumpstart collaboration by easily importing work items as sticky notes onto a Mural canvas. Teams can use Mural’s visual canvas and templates to refine work items in a backlog, review a sprint plan, break down a feature into smaller chunks of work, have a retrospective, or even build a program board. Having work items on the canvas where collaboration is happening keeps workflows connected and teams focused without incurring a toggle tax by switching between applications.2

93 percent of surveyed organizations who leverage agile experienced an increase in collaboration and productivity following the implementation of Mural.3

Everything from user story mapping to retrospectives are more productive, inclusive, and engaging when you connect Mural and Azure DevOps.

How Mural and Azure DevOps work

Connect Azure DevOps to your Mural account to view your projects and easily import work items as sticky notes. Use filters or run your own query to find the work items you want to import.

Design your import in Mural by choosing which fields, including custom fields, to import as tags on your sticky. Stickies are automatically color coded by work item type to visualize and organize next steps and prevent delays in decision making.

Be even more effective with Mural’s templates for hybrid agile ceremonies like program implement (PI) planning, sprint planning, sprint reviews, and more to level up collaboration and reduce time to market.

Partners in collaboration transformation

Mural is a Microsoft Partner of the Year award winner, which recognizes partners based on their commitment to customers, the impact of their solutions, and their exemplary use of Microsoft technologies. We are thrilled to collaborate with Mural, an ISV building the next generation of solutions with Azure technology, to help teams everywhere plan smarter, collaborate better, and ship faster. Integration with Azure DevOps improves agility and can optimize your existing cloud investments by helping decrease costs and saving developer time. With comprehensive security and compliance built in, Mural is paving the way for organizations to adopt a DevOps culture. Mural integration with Azure DevOps is truly a “better together” story as both teams recognized early on a need for the integration across both end users, DevOps, and developers. In the early stages of development, both Microsoft and Mural not only helped test the integration, but also incorporated it into their main development lifecycle of Azure DevOps, quickly realizing the full potential of both Mural and Azure DevOps as an all-in-one platform.

“In a hybrid, modern workplace, organizations need to collaborate and brainstorm with virtual teams to develop innovative solutions for their businesses. We’re thrilled to partner with Mural and deliver its latest integration with Azure DevOps to enable teams everywhere to do their best work using a shared collaboration space across platforms.”—Casey McGee, VP of Global ISV Sales and Digital Natives, Microsoft

If you’re already a Mural customer, check out the user guide to get started using the Azure DevOps integration. If you haven’t tried Mural yet, get started for free at the Mural website or connect with Mural to learn more about purchasing Mural through Azure Marketplace.

Sources

1 Microsoft Work Lab.

2 Harvard Business Review.

3 TechValidate.
Quelle: Azure

Azure private MEC delivers modern connected applications for industries

Since introducing Azure private multi-access edge compute (MEC) in public preview (June 2021), we have continued to further our mission of empowering enterprises and governments to achieve more with modern connected applications. Azure private MEC simplifies adoption of these applications by enterprises with cloud-managed edge infrastructure and services combined with edge networking. Private 5G is paving the way to unlock innovative Industry 4.0 services for enterprises worldwide. As part of our ongoing efforts, we are also introducing new capabilities to provide wider connectivity choices, increased reliability, unified management, and broader platform options to serve global enterprises at scale.

Azure private MEC is continually being built and delivered by an expanding set of operators, SIs, and ISV partners. Our partners serve a wide range of industries, including manufacturing, transportation, logistics, energy, retail, and defense. Enterprises now have a choice to select the right application, deploy quickly, and scale at their own pace. Click the logos to watch these digital transformation stories from our partners and their customers:

 

Enterprises customers in their own words

“NEXCOM understands that collaborating with partners is crucial to success. Inventec’s complete 5G end-to-end connectivity and Smart Factory solutions using Azure Private 5G Core perfectly complement our own offerings and fill the Communications Technology gap. What impressed us most is Inventec’s pioneering efforts to adopt the solutions in its own factory, with proven ROI. And with the high speed and ultra-low latency of a secured, private 5G network vs. Wi-Fi, the AMR can be deployed in our factory more efficiently, while improving productivity and overall operations.”—Clement Lin, CEO NEXCOM.

“Q-tainer is a rugged device that can withstand the harsh environment of construction sites. Rhomberg Sersa brings the know-how of construction to the table, and Datwyler helps solve our IT challenges, and enables us to support and scale the system globally. We have a long-standing relationship with Microsoft for their hardware and software solutions. We are using Azure Stack Edge and Azure Private 5G Core to integrate the Q-tainer) with our construction sites.”—Hubert Rhomberg, Co-Owner Rhomberg Sersa Rail.

Azure Private 5G Core is now generally available

Last year at MWC Barcelona, we introduced the public preview of Azure Private 5G Core—a simple, scalable, and secure deployment of a 5G standalone core network deployed on the Azure Stack Edge platform. Azure Private 5G Core enables deployment and management of 5G core network functions on a small footprint edge compute for a private mobile network on enterprise premises. It connects with 4G and 5G radio access networks, devices, SIM, and applications supplied by a growing list of solution partners.

We are pleased to announce that it is now generally available to deploy and manage core network deployments at any enterprise site around the world. This release includes a range of new and enhanced features: support for 4G LTE and 5G standalone radios, rapid deployment on Azure Kubernetes Service (AKS) on Azure Stack Edge Pro with GPU, and multi-site deployment.

This release introduces a built-in metrics dashboard, enhanced availability (including a disconnected mode for increased resilience), advanced SIM security, custom policy with QoS support, and support for select Azure Stack Edge and HCI hardware platforms. Multi-slicing and multi-DNN capability provides granular integration with appropriate enterprise LAN or WAN data networks.

If you are ready to deploy a private 4G or 5G network, get started today with Azure Private 5G Core from Azure Marketplace.

Introducing Azure Edge Network Fabric

Operational technology (OT) devices require an enterprise to choose from a variety of access methods and physical network devices for network capabilities. However, a lack of unified lifecycle management, policy configuration, and troubleshooting make it complex for the enterprise to run such multi-access networks in support of their Industry 4.0 initiatives.

To solve these complex issues, Azure Edge Network Fabric provides secure, policy-based routing between multi-access devices at a customer’s premises to local applications, cloud, and edge networking like firewall or SD WAN, hosted on Azure private MEC. It is a high-performance, small footprint container network function, managed from the cloud, that simplifies private MEC deployments. At private preview, Azure Edge Network Fabric will converge traffic from IoT devices across both Wi-Fi and 5G connectivity into a common enterprise network environment.

In collaboration with CommScope, with their enterprise-grade Wi-Fi solution, and Azure Edge Network Fabric, private MEC now supports Wi-Fi and 5G access as one unified network, simplifying operation and management of private networks.

Introducing Radio Access Network (RAN) Observability

The flexibility to choose from pre-validated RAN vendors introduces complexity for monitoring multi-vendor networks. Today, this is solved either by vendor-specific implementations that create lock-ins, or with complex and non-standard implementations.

Now, we are introducing RAN Observability to collect, adapt, monitor, and analyze RAN Key Performance Indicators (KPIs) from the RAN elements with Azure Private 5G Core online dashboards. This provides our solution partners and enterprise customers with combined observability, network insights, and analytics capability for the complete private 4G/5G network from a single portal, simplifying multi-vendor, multi-site deployments.

We invite RAN vendors to the Azure private MEC ecosystem to conduct 3GPP functional inter-operability, to onboard network management software on Azure, and to integrate metrics to simplify the deployment and management of private networks by enterprises.

ISV program for Azure private MEC

The launch of the ISV Program for Azure private MEC gives enterprises access to a robust ecosystem of validated full-stack solutions, to unlock the value of their private 5G investments, and accelerate time-to-value. With this access, enterprises can quickly deploy validated low-latency and high-reliability ISV solutions that leverage 4G/5G networks and edge compute.

The program helps ISVs to accelerate the development of modern connected applications, as well as time-to-market. ISVs get technical guidance on best practices for integrating solutions with Azure private MEC, including testing and validation in the Azure private MEC ISV Lab.

Several innovative ISV solutions with a wide range of use cases that include robotics, Video AI, and IoT serving in different industries, have adopted Azure private MEC. Their solutions are available today on Azure Marketplace.

Watch this video to learn more about the ISV program.

Private MEC partner solution offers

Our telco partners—including AT&T, British Telcom, Deutsche Telekom, Etisalat, STC, Tampnet, and Telefonica—offer private MEC solutions for their enterprise customers. The following SI and ISV partners are creating innovative Azure private MEC solutions, published on Azure Marketplace, to serve enterprises across multiple industries:

Manufacturing solutions

Accenture’s Manufacturing Quality Inspection on 5G Cloud Box delivers high-speed, flexible connectivity to high-definition wireless cameras, detecting in real-time any product defect on the production line.
Capgemini’s Computer Vision uses object recognition, crowd mobility analysis, and facial recognition to process real-time, mission-critical data necessary for operational insights.
Cognitiwe’s Health and Safety Monitoring provides in-line quality control, stock monitoring, and health and safety monitoring for manufacturers with real-time and predictive analysis.
Cognizant’s Vision AI for Worker Health & Safety enhances workforce safety by identifying when workers enter a hazardous work-zone and whereby taking proactive actions to protect workers from injury.
ILink Digital's built MIDAS, is a vision platform using AI and machine learning to perform real-time video processing and analytics for quick actions/triggers for object classification, object detection, or pattern matching on a real-time video that can be used for a wide variety of use cases to deliver revenue growth, operational efficiency, and process insights.
Inventec‘s factories with latency-sensitive edge AI and IoT applications such as Automated Optical Inspection, remote collaboration, image recognition, Autonomous Mobile Robot (AMR), and Digital Twins.
RedViking’s Argonaut Industry 4.0 solution enables risk reduction and resilient operations through machine-to-machine communications, automated data traceability, and real-time decision-making features with 5G connected AGV systems.
Tech Mahindra’s private 5G solutions includes an AI-based video analytics solution to derive insights into factors causing variations in step and cycle times, as well as AR headsets to enable remote expert assist and training to line workers on a real-time basis.
TCS’s Cognitive Plant Operations Adviser helps to make plant operations more predictive, prescriptive, and self-aware with deep causal reasoning that reduces operations and maintenance costs, improves product quality, reduces emissions, increases throughput, and makes production lines more agile and safe.
weavix, the Internet of Workers platform, is a single source of truth that allows facility owners, manufacturers, and general contractors to realize the future of work.

Transportation and critical infrastructure

Amdocs’ Smart Lighting for Smart Cities delivers not only smart, efficient lighting services but also public/private internet access capabilities and real-time environmental and movement data for municipal analytical insights.
Avanade’s Private 5G-Enabled Utilities – Worker Safety Solution delivers connectivity, push-to-talk, and location tracking of utility workers across field sites.
Datwyler and Rhomberg Sersa Group have joined forces to develop the Q-tainer, a mobile data center that provides easy plug and play, state-of-the-art connectivity for edge computing within the construction industry.
HARMAN’s Real Time Cargo Tracking Solution is deployed at airports for tracking cargo movements from planes to warehouses to enable faster plane turnaround times and reduction in lost cargo
HCL’s 5G-Enabled Airports delivers innovative solution like Airport Ambulance Tracking to automate medical assistance and Water Uplifting to reduce airplane turnaround times that are impacted by delivery of high-quality water for roaming portable water trucks.
Ipsotek’s VI Suite of products provides edge-based AI and machine learning video analytics solutions for applications from intrusion detection, high-accuracy people counting, traffic analysis, and business intelligence for object tracking.
NTT AG’s Smart Airport solution is helping airports to digitally transform their operations, including baggage handling, passenger screening, and data transfer.
Tech Mahindra’s ContainerSight and DockSight video analytics solutions provide real-time visibility with data-driven decision making to reduce shipping container transport costs and optimize the use of trucking containers.
Sensing Feeling’s SensorMAXTM Edge helps owners and operators of real-world spaces better manage the risks, safety, and well-being of people who work in them and the assets they work with.

Retail and Entertainment

Cognitiwe’s Fresh Food Monitoring enables retailers to gain real-time insights and data-driven predictions to help retailers become more sustainable and ensures that products are always fresh and of the highest quality, while reducing the risk of fraud and shrinkage.
HCL 5G-Enabled Theme Park delivers an immersive guest experience comprising of a multi-drone light show performance; 5G-Enabled Casino uses real time video analytics to identify malicious behavior in order to maintain a safe environment for its players.
Neal Analytics, a Fractal company, accelerates retailers’ data-driven business transformation with proven edge-to-cloud, engineering, and AI expertise, showcased in their StockView solutions.

Private 5G connectivity

Accenture: 5G Cloud Box
British Telecom: Private 5G Networks
Capgemini: 5G Private Networks
Cognizant: Private 5G Network Solution
Compal: Private 5G sub6 and mmWave
HCL: Private 5G Consultancy Service
Infosys: Enterprise Private 5G-as-a-Service
Inventec: 5G Private Network Solution
NTT: P5G Private Wireless for Enterprise
Pegatron: 5G Private Network
Tech Mahindra: Private 5G Wireless Network

Learn more about Azure private MEC

It’s easy to get started with Azure private MEC.

As innovative use cases for private wireless networks continue to develop and digital transformation accelerates across many industries, we welcome ISVs, platform partners, operators, and SIs to learn more about Azure private MEC.

Enterprises interested in any of the solutions listed above can contact our partners via the Azure Marketplace listings, or by contacting the Azure private MEC team.

Operators, SIs, and networking and application ISVs interested in partnering with Microsoft to build solutions with private MEC can get started by registering here.

To learn more about how Microsoft can help organizations embrace 5G with modern connected applications, sign up for news and updates.
Quelle: Azure

Empowering operators and enterprises with the next wave of Azure for Operators services shaping the future of cloud

The future of connectivity and the cloud

Over the past decade, we at Microsoft have seen a tremendous amount of change—digital transformation enabled by the cloud. But the cloud’s biggest impact is yet to come. McKinsey estimates that by 2030, we’ll see more than a trillion dollars impacted by the cloud across the Fortune 500.1 In an industry currently experiencing large-scale transformation, this represents a huge opportunity.

The future cloud, however, will look very different from the cloud of today. It will expand to become a highly distributed fabric, spanning 5G to space. It will be powered by a modern network infrastructure and will enable a new application and connectivity paradigm—what we call modern connected apps—that puts compute even closer to the problems we need to solve.

This new generation of highly distributed, low latency, and network-aware applications uses 5G innovation to enable computing where it’s needed most and opens entirely new scenarios for operators, enterprises, and developers across a range of industries. 

Unlocking the opportunity for the telecommunications ecosystem

At Microsoft, our aim is to be the most trusted co-innovation partner through every stage of the digital evolution, committed to working with communications service providers (CSPs), enterprises, developers, and ISVs alike on the future of a ubiquitous cloud that unlocks the true potential of modern connected apps.

We are empowering operators to accelerate their network transformation with our carrier-grade, trusted platform and helping them unlock new opportunities with automation and AI.
We are enabling enterprises with ubiquitous computing that spans from cloud to edge.
And we are helping developers and ISVs build more innovative, network-aware applications.

Microsoft is providing the key solutions that are shaping the future cloud, and we have some exciting news in each of these areas to help operators, enterprises, and developers get started.

Accelerate network transformation with carrier-grade trusted platform

One of our goals is to enable operators to optimize their existing investments and services and to accelerate network transformation on our carrier-grade, trusted hybrid platform. Central to this goal is our Azure for Operators portfolio.

Last year, we unveiled a new wave of Azure for Operators solutions and services, which continue to enable the secure development of high-performance, low-latency applications, and next-generation wireless solutions. 

Introducing Microsoft Azure Operator Nexus

Today we are announcing the public preview of Azure Operator Nexus—the next-generation hybrid cloud platform created for communications service providers (CSPs). Since we debuted the private preview at MWC 2022, we’ve expanded the capabilities of Operator Nexus to meet the needs of operators that are looking to modernize and transform their network. Operator Nexus enables operators to use cloud technology to modernize and monetize their network investments—lowering total cost of ownership (TCO), driving operational efficiency and resiliency with advanced AI and automation, improving the security of highly distributed, software-based networks.

Operator Nexus enables operators to run their workloads on-premises or on Azure, where they can seamlessly deploy, manage, secure, and monitor everything—from the bare metal to the network to the tenant. It is purpose-built for carrier-grade workloads, using the same Azure experience offered by the hyperscale public cloud, supporting our first-party solutions as well as a wide variety of our partner ecosystem offerings from industry-leading network equipment provider (NEP) partners. Proven to run network functions at a tier-one operator scale, Operator Nexus meets the security, resiliency, observability, manageability, and performance needs required by operators to achieve meaningful business results throughout the digital transformation of their mobile network.

“As a pioneer in network virtualization and SDN, AT&T is confident in our decision to run our multi-vendor 5G Standalone Mobile Core on Operator Nexus platform while we continue to deploy and operate the platform in AT&T data centers. AT&T made the decision to adopt Operator Nexus platform over time with expectation to lower total cost of ownership (TCO), leverage the power of AI to simplify operations, improve time to market, and focus on our core competency of building the world’s best 5G service. We appreciate the efforts of our Network Function ecosystem collaborators to support the evolution of our Mobility Core platform.”—Igal Elbaz, Senior Vice President, Network CTO, AT&T

“Through the combination of Ericsson’s market-leading, cloud-native 5G Core applications and orchestration suite with Microsoft’s carrier-grade Operator Nexus platform, we envision many opportunities for CSPs to digitally transform their core networks while improving customer experiences and creating exciting, new mobile services. Building on our success at mutual customers such as AT&T, Ericsson, and Microsoft are investing together to ensure Ericsson 5G Core cloud-native applications run on the Operator Nexus platform efficiently, securely, and reliably."—Monica Zethzon, Vice President and Head of Solution Area Core Networks, Ericsson

“With the addition of Mavenir’s open cloud-native architecture end-to-end solutions including Converged Packet Core to Operator Nexus platform we look forward to working with Microsoft to help operators drive their core network transformations.”—Bejoy Pankajakshan, EVP, Chief Technology and Strategy Officer, Mavenir

"We’re excited to further strengthen our growing partnership with Microsoft to Nokia’s Cloud and Network Services portfolio that enables operators to run Nokia’s cloud-native 5G Core on Operator Nexus’ carrier-grade hybrid cloud platform as well as for Nokia to provide the network functions and platform to make operator network APIs available to developers through the Azure platform."—Fran Heeran, SVP, Core Networks, Nokia Cloud and Network Services, Nokia

Learn more about Operator Nexus in this Operator Nexus blog and this Operator Nexus video.

Azure Operator Nexus Ready and systems integrator programs

We are also introducing the Operator Nexus Ready and systems integrator (SI) programs to ensure that our platform has a broad and trusted ecosystem of support. To accelerate deployment and integration, the  Operator Nexus Ready program certifies that the ecosystem of cloud-native network functions (CNFs), virtual network functions (VNFs), and other software interoperate with the Operator Nexus platform. We are in the process of certifying VNFs and CNFs from a range of partners with two certification levels.

Level one is a base level that assures interoperability with the Operator Nexus platform.
Level two adds Azure deployment automation using the Azure Network Function Manager and offers entrance into the Azure Marketplace for ready availability to operators.

Additionally, our Operator Nexus SI program includes a select group of systems integrators known for both their telecommunications expertise, as well as their broad Azure skills. Each of these partners will work closely with the Operator Nexus engineering team to build their Operator Nexus platform skills, and to assure customer success in deployment and integration.

Voice Core reimagined 

Another crucial aim of ours is to help optimize operators’ existing communications investments and services. To this end, we are announcing the general availability of Azure Communications Gateway and the private preview of Azure Operator Voicemail. We developed these voice services to support fixed and mobile operators as they continue to migrate critical voice workloads to the cloud.

Azure Communications Gateway provides operators with the critical interworking functionality required to connect an operator’s established public switched telephone network (PSTN) directly to Microsoft Teams, enabling them to deliver Operator Connect and Teams Phone Mobile services. Communications Gateway is a globally available, managed service that offers an alternative to on-premises solutions for session initiation protocol (SIP) interworking and API automation, thereby simplifying network integration and expediting operators’ time to market. To learn more, read the Azure Communications Gateway Tech Community blog.

Azure Operator Voicemail enables operators to migrate their voicemail services to Azure and take advantage of a fully managed service, reducing the operational support burden and allowing for greater focus on revenue-producing projects. To learn more, read the Azure Operator Voicemail Tech Community blog.

With these announcements, we remain committed in our effort to accelerate network transformation and meet operators exactly where they are on their cloud journey.

Unlock opportunities with automation and AI

The world has been inspired by the transformative power of AI thanks to the recent success of ChatGPT and our ongoing partnership with OpenAI. Now, operators can take advantage of specialized, advanced AI solutions that help to unlock new business opportunities from data and insights in their operations, such as AIOps.

Next-gen AI operations for operators

The complexity of managing 5G services requires a new way of managing networks dependent on real-time analysis of massive quantities of data that applies predictive AI to inform the configuration of the product environments. AIOps employs the same operational techniques and capabilities that Microsoft uses to manage Azure, one of the world’s most complex services, packaged specifically for operators’ needs.

Today, we are announcing the public preview of two AIOps services Azure Operator Insights and Azure Operator Service Manager. These hybrid services simplify the management of existing networks as well as ensure new Microsoft services, such as Azure Operator Nexus, Voice Communications Gateway, and Operator 5G Core, are managed with consistent approaches for monitoring, diagnostics, and lifecycle management.

Azure Operator Insights enables the collection and analysis of massive quantities of network data gathered from complex multi-part or multi-vendor network functions. It delivers insights for operator-specific workloads to help operators understand the health of their networks and the quality of their subscribers' experiences.
Azure Operator Service Manager provides seamless management of complex services deployed across hybrid cloud sites. Combined with consolidated management across Azure cloud and edge platforms, Operator Service Manager helps to accelerate operator service deployment. Together, these new services generate insights from data to inform the configuration of the network—with changes tested thoroughly using Safe Deployment Processes. We are making them available to operators, NEPs, and SIs directly for managing workloads in operators’ networks, Azure, and hybrid environments. We look forward to the opportunities these new AIOps services bring operators in the future.

“3UK is laser-focused on delivering world-class gaming experience to mobile users and we are excited to be working with the Microsoft Azure for Operators organization whose new operator-specific analytics services are delivering near real-time insights with quality, timeliness, and cost-effectiveness not otherwise possible.”—Iain Milligan, Chief Network Officer, 3UK

“2degrees delivers world-class mobile services to our customers. We are excited to be working with Microsoft Azure for Operators and their new operator-specific analytics services. Together we are exploring innovative capabilities using the new Azure Operator Insights analytics service, focusing on ensuring we continue to provide our customers with the exceptional mobile services they expect.”—Saul Parkinson, Core Network Architect, 2degrees

Azure for Operators brings together a truly better-together portfolio that encompasses many aspects of the operator’s network. It’s rooted in Azure Operator 5G Core and deployed by Azure Operator Service Manager on Azure Operator Nexus. Using AI from Azure Operator Insights, it’s intelligently operated and monitored. And importantly, it includes opportunities for our ecosystem of partners. Watch the video to learn more about how we are empowering operators to modernize and monetize their 5G investments. 

Build innovative, network-aware applications with new Azure Programmable Connectivity 

Along with operators, we are also working hard to enable developers for the evolution of cloud and edge. Today, we are announcing the private preview of Azure Programmable Connectivity, a solution for developers to build network-aware modern connected applications. Azure Programmable Connectivity provides a unified, standard interface across operator networks, enabling developers to create cloud and edge-native applications that interact with the intelligence of networks. This solution will deliver a consistent, transparent experience across multiple connectivity environments such as public and private LTE/5G networks, as well as wired and satellite networks. By exposing aspects of the underlying network to applications, Azure Programmable Connectivity provides a large developers ecosystem enabling operators to monetize their infrastructure investments.

Azure Programmable Connectivity helps application developers deliver the best user experience for highly distributed, modern connected applications by offering a seamless and enriched connection between networks and diverse compute targets, such as cloud regions, private and public MEC, IoT edge, and satellite for example, ensuring that developers can access the underlying network capabilities with ease. We are also collaborating with a growing ecosystem of operators, network technology companies, and API platform providers to help unlock the potential of Azure Programmable Connectivity. These include a global operator ecosystem including AT&T, Rogers, and T-Mobile in North America; Deutsche Telekom and Telefonica in Europe; and Singtel in Asia. Microsoft is also working with network technology partners and API platform providers Ericsson including its Vonage/Ericsson Global Network Platform and Nokia including its Network as Code platform, with more partners coming soon.

Watch demo videos with some of our partners AT&T, DT/T-Mobile, and Telefonica.

Developers can apply and signup for access to the private preview program.

Enable ubiquitous computing from cloud to edge 

As the cloud continues to grow in capability, agility, and reach, so does our platform, which enables ubiquitous computing and connectivity extending from cloud to edge—including private MEC, public MEC, on-premises, cloud regions, and even space.

Azure Private 5G Core now generally available 

As part of this expansion, today we are excited to announce that Azure Private 5G Core is now generally available. Since introducing Azure private MEC in public preview in June 2021 and Azure Private 5G Core at MWC 2022, we continue our mission to empower enterprises and governments to achieve more with multi-access edge compute, networking, and applications.

Azure private MEC will be built and delivered by an increasing set of operators, SIs, and ISV partners, serving enterprises across a wide range of industries around the world, including manufacturing, transportation, logistics, energy, and defense sectors. To date, more than 25 partners have published their offers on Azure Marketplace, making it easy for enterprises to quickly deploy these solutions, and to take advantage of private 5G. Learn more about our partner solutions in this private MEC blog.

Azure Private 5G Core provides a simple, scalable, and secure deployment of a 5G standalone core network deployed on Azure Stack Edge. This release includes a range of enhanced features such as support for 4G LTE and 5G standalone radios, rapid deployment on Azure Kubernetes Service (AKS) on Azure Stack Edge Pro, and multi-site deployment. It also includes a built-in metrics dashboard, enhanced availability, advanced SIM policy with QoS support, and support for select Azure Stack Edge and HCI hardware platforms. 

Hosted on Azure private MEC, we are also unveiling Azure Edge Network Fabric which provides secure policy-based routing between multi-access devices at a customer’s premises and local applications, cloud, and edge networks, simplifying private MEC deployments. We are also previewing Radio Access Network (RAN) Observability capability to integrate RAN key performance indicators (KPI) with online dashboards. This feature provides partners and enterprises with combined observability, network insights, and analytics capability for the complete private 4G or 5G network—all from a single Azure portal.

“Reliable network connections are key for many processes and applications throughout the airport, especially the bridging point between Wi-Fi networks and public networks, as this is becoming an increasing issue with large amounts of data and real-time applications. NTT’s solution, powered by Azure private MEC, is helping us deploy the infrastructure and applications that will increase our operational efficiencies. NTT’s knowledge of 5G networks, combined with their experience in the aviation industry, is the perfect combination.”—Sebastian Mueller, CIO Cologne Bonn Airport

Expanding Azure public MEC solutions across North America and Asia 

Finally, our public MEC capabilities continue to expand to enable enterprises and developers to deploy latency-sensitive applications in densely populated metros for use cases such as venues, airports, and connected cities. At Microsoft Ignite, we announced the general availability of Azure public MEC with AT&T in Atlanta and Dallas. Now, we are extending the general availability of new sites with AT&T in Detroit, with New York, Los Angeles, and Miami coming soon. We are also happy to announce the private preview of the Azure public MEC with Singtel in Singapore, the first public offering in Asia, which extends the capability of Azure to Singtel’s 5G network edge. 

“Combining AT&T 5G with the Azure public MEC solution is laying the foundation for low-latency use cases, especially across transportation. With vehicles becoming the ultimate connected device, these edge zones will allow for new and improved driving experiences. With each new site, we’re one step closer to seeing the true breadth and depth 5G will unleash for businesses and consumers alike.”—Mike Troiano, SVP, Products, AT&T Business

“Singtel is excited about the collaboration with Microsoft to be the first telco in Asia to launch an Azure public MEC offering powered by Azure and Singtel Paragon Platform. The Azure public MEC is now available for enterprises in Singapore to deploy latency-sensitive applications. Enterprises can also leverage the ecosystem of partner apps from Singtel’s Paragon Platform and Microsoft at the Azure public MEC.”—Bill Chang, CEO Group Enterprise and Regional Data Center, Singtel

Learn more in Azure public MEC with this Singtel video.

MEC ISV programs enable rapid enterprise solution deployments 

We invite technology partners to join our ISV programs for Azure public MEC and Azure private MEC to receive technical benefits and platform capabilities designed specifically for ISVs, including discounted demos, training, and go-to-market support. 

Azure private MEC ISV program: Watch and read this blog to learn more about the Azure private MEC ISV program featuring Cognitiwe, Ipsotek, RedViking, and weavix. Register here to learn more.
Azure public MEC ISV program: Watch the video to learn more about the Azure public MEC ISV program featuring Multicasting.io, Palo Alto Networks, and Veeam. Register here to learn more.

Get started today

Along with our ecosystem partners, we are truly building a "better together" architecture that holistically addresses the needs of CSPs as they look to transform their networks. Our aim is to be the most trusted co-innovation partner through every stage of the digital evolution, committed to working with operators and enterprises on the future of modern networks and the cloud.

Invitation to operators, system integrators, and network function partners

For CSPs interested to modernize and monetize their network investments, signup today.
Operators and System Integrators interested in collaborating with Microsoft to build solutions with private MEC can get started by registering now.

Invitation to enterprise, developers, and ISVs 

Enterprises interested in any of the solutions listed above can contact our partners via the Azure Marketplace listings, or by contacting the Azure private MEC team.
Developers who are interested to create network-aware applications with Azure Programmable Connectivity can sign up now.
Discover transformative 5G use cases, training, solution accelerators, and 5G starter kits.
Application ISVs interested in collaborating with Microsoft to build MEC solutions can get started by registering here for private MEC and here for public MEC.
To learn more about how Microsoft is helping organizations embrace 5G with modern connected applications, sign up for news and updates delivered to your inbox.

1Cloud’s trillion-dollar prize is up for grabs, McKinsey.
Quelle: Azure

Farming from space: How orbital data is unlocking novel agriculture insights

High-performance computing (HPC) and orbital data deliver unprecedented insights into weather patterns, improving planning, forecasting, and decision-making, in an ever-evolving agriculture supply chain.

Consequently, global food security may be one of the defining challenges of the coming decades. By 2050, The World Bank estimates that global food production will have to rise by a staggering 70 percent to feed the growing global population.

Although population growth in several Western countries is slowing down or declining, many emerging markets are experiencing exponential growth in their populations.

By the turn of the century, it is expected that many of the most populated cities in the world will be located across Africa—with Lagos, Nigeria leading the pack with an estimated population of 88.3 million by 2100. The African continent will also play a leading role in global food security, with 60 percent of the world's uncultivated arable land situated in Africa.

Agriculture is also a major job creator in emerging economies such as in Africa. An estimated 80 percent of farmland in Africa and Asia is managed by smallholder farmers, who in turn produce up to 80 percent of the food supply in sub-Saharan Africa and Asia. It is also not only agriculture that will generate and drive employment in Africa over the next decades, but also the respective businesses that support the agriculture industry, such as processing, packaging, logistics, financial services, and security, that will be able to add to the growing number of jobs in the sector, especially in rural areas.

Many smallholder farmers operate without the benefit of accurate weather data, which can undermine crop yields, lead to crop losses, and negatively impact regional and global food security. Innovation by Microsoft and industry partners powered by Azure HPC is set to change this, at scale.

The Agri-industry adapts to climate change

A newly established collaboration between Microsoft and Tomorrow.io, a global leader in weather and climate security, will support businesses, governments, and farmers across Africa in adapting to the growing impact of climate change.

Announced at the recently concluded COP27, the collaboration will provide near real-time data from a global multi-sensor satellite constellation with an AI-powered, high-resolution global weather model that will be deployed to Azure HPC.

This follows calls from United Nations (UN) Secretary-General António Guterres, who noted that high-quality weather forecasts, early warning systems, and climate information are "essential to improve protection and build resilience." Secretary-General Guterres further added that the UN has set an ambitious target of deploying a global, extreme weather, and climate change alert system within five years.

More than five billion people lack access to reliable and actionable weather information, the bulk of which reside in Africa and Asia. Improving smallholder farmers' access to accurate weather data can reduce the risks of reduced yields and diminishing crop viability. In addition, it can also improve access to crop insurance, a vital step in agricultural industry development.

Tomorrow.io and Microsoft’s collaboration will enable access to localized, high-resolution weather forecasting models, and will focus primarily on supporting climate-resilient farming and helping smallholder farmers optimize their yield productivity.

Not only will this collaboration with African government agencies empower existing meteorological agencies to deliver weather intelligence, early warnings for severe weather, and state-of-the-art climate information, but it will also increase local farmers’ ability to become more resilient in the face of extreme weather events, thus increasing the protection of the food production chain across the continent.

Powering weather research and forecasting to scale

Applying HPC capabilities to weather prediction can also aid responses to major storms which may help prevent catastrophic agricultural losses, as one ground-breaking project shows.

When the Category 5 storm Hurricane Maria struck the Caribbean in 2017, the National Centre for Atmospheric Research leveraged the power of Azure HPC to develop a one-kilometer resolution model of the storm with 371 million grid points. Powered by Azure HBv2 VMs featuring AMD's EPYCTM 7002 series processors, the researchers were able to scale the model to over 80,000 processes while maintaining 70 percent efficiency—more than double the performance of a supercomputer that ranks among the top 20 globally.

The Azure HBv2 VMs offer supercomputer performance and MPI scalability while still driving cost efficiencies for a variety of real-world HPC workloads. Each Azure HBv2 VM sports 120 AMD EPYCTM CPU cores and 480GB of memory that power applications in computational fluid dynamics, explicit finite element analysis, seismic processing, reservoir modeling, and weather simulation.

This reduces time to forecast by rapidly delivering actionable weather predictions, improving agility, and providing high-fidelity simulations of atmospheric conditions through physics and data assimilation.

For governments, businesses, and smallholder farmers that seek to safeguard the global food supply, access to accurate weather data powered by Azure HPC and AMD could be a game-changer. Uncertainty would become obsolete. Risks due to severe weather could be more optimally mitigated. And losses could be better protected. This is evident from a recent survey of farmers in the southern districts of India, where more than 70 percent of them misjudged the onset of the monsoon season and had to replant their crops.

With improved access to data, farmers and decision-makers can improve their response to weather events and ensure maximum crop yields, thereby building greater resilience and ensuring maximum crop yields.

Find out more about Azure HPC

To request a demo, contact HPCdemo@microsoft.com.
Learn more about Azure HPC + AI.
High-performance computing documentation.

Quelle: Azure

Microsoft Azure innovation powers leading price-performance for SQL Server

As part of our commitment to ensuring that Microsoft Azure is the best place to run SQL Server and Windows Server, Microsoft is excited to announce that SQL Server on Azure Virtual Machines just achieved new, faster performance benchmarks than ever before. According to a report from analyst firm GigaOm, customers can get mission-critical performance for SQL Server on Azure Virtual Machines up to 57 percent faster and costing up to 54 percent less than AWS EC2 on a price-performance basis, with Azure Hybrid Benefit and a three-year commitment.1 As Pam Lahoud wrote, this steady increase in performance and value is the result of an ongoing series of investments in the core Azure infrastructure, including the Ebdsv5 virtual machine (VM) series that are optimized for your database workloads and new Premium SSD v2 Disk Storage that brings you faster performance than before, up to 70 percent faster than a year ago. But great hardware isn’t all we have for your SQL Server—Azure also has unmatched price offers, unique Windows Server and SQL Server manageability features, and tools and programs to get your workload to the cloud.

Azure provides the most value for your Windows Server and SQL Server workloads with unique capabilities and offers that allow you to save costs, time, and reduce complexity to do more with less. You can save up to 85 percent over the standard pay-as-you-go rate leveraging Windows Server and SQL Server licenses with Azure Hybrid Benefit when migrating to Azure virtual machines. Not only do we help you save when you move, but we want to help you optimize your workloads in Azure. You can get the most out of Azure on an ongoing basis with recommendations to optimize your workloads and costs with Azure Advisor.

In addition, customers can purchase Azure Reserved Virtual Machine Instances to lock in the best pricing on a specific virtual machine instance series for a one- or three-year period. If you need flexibility for dynamic workloads, consider the new Azure savings plan for compute, a flexible pricing model that unlocks savings when you commit to spending a fixed hourly amount on select compute services for one or three years. Save regardless of region, instance series, or operating system. Learn more in the Azure saving plan for compute announcement blog.

Azure provides unmatched manageability for Windows Server and SQL Server. By registering your SQL Server on Azure Virtual Machines with SQL IaaS Agent Extension, you can access a plethora of benefits: lower total cost of ownership (TCO), robust and simple high availability/disaster recovery (HA/DR), and built-in and free security and manageability. Registering SQL Server virtual machines enables you to switch between pay-as-you-go licenses or using Azure Hybrid Benefit to bring SQL Server licenses from on-premises to Azure directly within the Azure portal. Registration also simplifies the complex administrative task of Always On availability group deployment and enables you to use the disaster recovery license type, which is included with your Azure Hybrid Benefit or pay-as-you-go licensed primary SQL Server instance. Optional automated backup can be configured with backup encryption, configurable retention period, and custom backup schedules. You can also set up automated SQL Server security updates within customer-defined maintenance windows and easy configuration of database encryption through Azure Key Vault integration, both of which allow you to manage your patching to better meet your security and compliance needs.

Save hours of day-to-day IT overhead for Windows Server applications and data by simplifying IT management with Azure Automanage. Further increase efficiency and workload uptime through reboot-less patching of Windows Server VMs with Hotpatch, available only on Azure.

Azure has virtual machine and storage hardware designed for your most critical SQL Server workloads. Azure Ev5 VMs are designed for memory-intensive, business-critical applications, relational database servers, and in-memory data analytics workloads. The Ebdsv5 series of VMs, part of the Ev5 family, are ideal for database and other I/O-intensive workloads because they offer higher remote storage throughput and IOPS per vCPU than any other VM series in Azure. We recently added to this lineup Azure Premium SSD v2, the next generation of Premium SSD Disk Storage that offers the most advanced general-purpose block storage solution with the best price performance. Premium SSD v2 offers sub-millisecond disk latencies for demanding IO-intensive workloads at a low cost.

Azure has great destinations for modernizing SQL Server. Azure SQL Managed Instance is a managed, always up-to-date SQL instance in the cloud, and it makes a great destination for database modernization in Azure. It has great performance as well: as I have mentioned previously, SQL Managed Instance has up to five times faster performance while costing up to 93 percent less than AWS RDS.2 Spend more time innovating and less time patching, updating, and backing up your databases and realize up to 40 percent faster time to value.3 The link feature of Azure SQL Managed Instance connects SQL Servers hosted anywhere (supporting SQL Server 2019 and SQL Server 2022) to Azure SQL Managed Instance, providing hybrid flexibility and database mobility. Using near real-time data replication to the cloud, shift workloads to read-only secondaries on Azure to take advantage of cloud-only features, performance, and scale. You can also choose to migrate one or more applications at the same time, at your own pace, with minimum downtime.

Azure offers free tools before, during, and after migration. Automate the move, gain rightsizing insights to drive efficiencies, and stay optimized after the move: Azure Migrate and Azure Database Migration Service provide integrated discovery, assessment, migration, and modernization capabilities for SQL Server and Windows Server workloads, including extensibility features for ISV tool integration. Reduce your migration costs and accelerate your journey with expert support from Microsoft and partners through the Azure Migration and Modernization Program. The new Microsoft SQL + Apps Migration Factory Program can help you assess and migrate qualifying low-complexity SQL Server and Windows Server applications and databases to Azure at no cost to you.4

Getting started with SQL Server on Azure

Read the full benchmark report for SQL Transaction Processing and Analytic Performance Price-Performance Testing.
Watch and learn with Microsoft Mechanics: Best option for Database Migration into Azure.
Learn more about saving time and enhancing security by registering your SQL Server on Azure Virtual Machines from this datasheet and our documentation.
Accelerate your modernization with our on-demand webinar: How to Migrate SQL Server from VM to SQL Managed Instance.

 

 

1 Price-performance claims based on data from a study commissioned by Microsoft and conducted by GigaOm in January 2023. The study compared price performance between SQL Server 2019 Enterprise Edition on Windows Server 2022 in Azure E32bds_v5 instance type with Premium SSD v2 disks and SQL Server 2019 Enterprise Edition on Windows Server 2022 in Amazon Web Services Elastic Cloud Compute instance type r5b.8xlarge with General Purpose (gp3) volumes. Benchmark data is taken from a GigaOm Transactional Field Test derived from a recognized industry standard, TPC Benchmark™ E (TPC-E) The Field Test does not implement the full TPC-E and as such is not comparable to any published TPC-E benchmarks. Prices are based on publicly available US pricing in East US for SQL Server on Azure Virtual Machines and Oregon for AWS EC2 as of January 2023. The pricing incorporates three-year reservations for Azure and AWS compute pricing, and Azure Hybrid Benefit for SQL Server and Windows Server, and License Mobility for SQL Server in AWS, excluding Software Assurance and support costs. Actual results and prices may vary based on configuration and region.

2 Price-performance claims based on data from a study commissioned by Microsoft and conducted by Principled Technologies in April 2022. The study compared performance and price performance between a 16 vCore, 64 vCore and 80 vCore Azure SQL Managed Instance using premium-series hardware on the business-critical service tier and the db.m6i.32xlarge, db.r5b.4xlarge and db.r5b.16xlarge offerings for Amazon Web Services Relational Database Service (AWS RDS) on SQL Server. Benchmark data is taken from a Principled Technologies report using recognized standards, HammerDB TPROC-C, HammerDB TPROC-H and Microsoft MSOLTPE, a workload derived from TPC-E. The MSOLTPE is derived from the TPC-E benchmark and as such is not comparable to published TPC-E results, as MSOLTPE results do not comply with the TPC-E Specification. The results are based on a mixture of read-only and update intensive transactions that simulate activities found in complex OLTP and analytics application environments. Price-performance is calculated by Principled Technologies as the cost of running the cloud platform continuously divided by transactions per minute or per second throughput, based upon the standard. Prices are based on publicly available US pricing in South Central US for Azure SQL Managed Instance and US East for AWS RDS as of April 2022 and incorporates Azure Hybrid Benefit for SQL Server, excluding Software Assurance and support costs. Performance and price-performance results are based upon the configurations detailed in the Principled Technologies report. Actual results and prices may vary based on configuration and region.

3 Results are based on customers interviews. “The Economic Value of Migration On-premises SQL Server Instances to Microsoft Azure SQL Solutions,” a commissioned study conducted by The Enterprise Strategy Group on behalf of Microsoft, October 2020.

4 Subject to the limitations described in the full SQL + Apps Migration Factory program specifications here, and provided that the SQL Server workloads are low complexity with no code changes, Microsoft agrees to assess and migrate SQL Server databases and SQL Server-associated applications from your datacenter or AWS EC2 to Azure at no cost to customer. Migrations must be completed by June 30, 2023.
Quelle: Azure

Azure Managed Lustre—Parallel file system for HPC and AI workloads

Today, Microsoft is announcing the public preview of Azure Managed Lustre, a new addition to the storage offerings in our Azure HPC + AI solution. Lustre is an open-source parallel file system renowned for high-performance computing (HPC) and is adept at large-scale cluster computing. Azure Managed Lustre provides the high-performance storage of Lustre with the control and consistency of Microsoft’s cloud. As a result, customers can focus on their business goals, whether that’s building a fraud detection system based on SAS analytics, decoding the human genome to create the next breakthrough in medicine, leading the frontiers of energy exploration with seismic data processing and sustainable energy solution, or predicting the climate and weather patterns impacting human life on planet earth.

Lustre as an Azure Managed Service

With Lustre as a managed service, users can now focus on building and running their HPC and AI applications without managing an advanced parallel file system. HPC and AI workloads can seamlessly migrate to the cloud, retaining their compatibility with Lustre and protecting existing automation and platform investments developed when previously run on premises. Azure Managed Lustre enables a fast on-demand deployment of clusters serving global regions, alleviating advance planning while meeting the compliance and data residency requirements. With a palette of performance options, Azure Managed Lustre delivers an elastic solution where users can deploy independent and exclusive clusters with predictable performance eliminating the noisy-neighbor problem commonly experienced in the on-premises shared infrastructures.

The public preview includes two durable SSD-based SKUs which deliver a choice in performance options for mission critical workloads: 125 MB/s and 250 MB/s for every provisioned TiB of capacity. During the preview, you can create cluster sizes up to 128 TiB by default, with an option to scale up to 768 TiB upon request. Azure Managed Lustre is built on the highly durable Azure managed disks with locally-redundant storage consisting of 3 replicas so even if one or two replicas experience issues you still have tolerance against failures. Azure Managed Lustre delivers POSIX-compliant Lustre version 2.15 (LTS), which offers several performance improvements. We focused on capabilities that enable users to consume Azure Managed Lustre easily without worrying about how to build and deploy the Lustre clients on their compute VMs and containers. With the Azure Managed Lustre preview, customers can choose from:

Use Azure HPC images prebuilt with Lustre client packages for Ubuntu 18.04 and 20.04 (or)
Download Lustre client packages from packages.microsoft.com for Linux distros – Ubuntu 18.04, 20.04 & 22.04; RHEL 7.8 & RHEL 8.0

Data tiering using hierarchical storage management allows users to import and export data between Azure Managed Lustre and Azure Blob. This capability enables users to define data archival, retention and protection based on pre-defined policies. Users of large data sets can import the data which is hot and relevant for their active data processing in Azure Managed Lustre clusters and archive/retain the remaining in Azure Blob. This enables them to keep their run-time costs low. Additionally, data tiering to Azure Blob allows the users to leverage its global presence and availability to instantiate Azure Managed Lustre clusters in multiple regions on demand. Integration with Azure Blob additionally facilitates multiprotocol data access via NFS, HDFS and REST. Modern containerized applications in AI/machine learning (ML) and analytics can now run on Azure Kubernetes Service leveraging the CSI driver for Azure Managed Lustre. For example, analytics applications built on top of SAS Viya can seamlessly leverage the high per-core storage performance that they require by integrating with the Azure Managed Lustre CSI driver.

Purpose-built for HPC and AI workloads

We are thankful to our private preview customers who helped us build and perfect the product while addressing their key needs. We are committed to building and supporting Azure Managed Lustre as it helps you with your journey of running your high-performance applications in Azure.

“We work with customers who have many different types of HPC workloads, and we frequently hit storage performance constraints because their projects can involve anything from thousands to tens of thousands of files, all of which need to be read and written in parallel. When we encounter storage bottlenecks or throttling errors on our HPC platforms, we know it is time to turn to Azure Managed Lustre. With Azure Managed Lustre we can add extremely performant storage that can readily keep up with the HPC compute, and automatically sync input and results data with persistent blob storage. Because it can be started and stopped on demand, within a few minutes, Azure Managed Lustre is quite cost efficient and pays for itself by giving us the ability to scale up or scale out our HPC compute, generating results much faster.”—Felipe Ayora, Director—Research and Advanced Computing, BizData.

“The new Azure Managed Lustre file system is a real game changer. It accelerates HPC deployment of our software and eliminates the need to run persistent storage servers. Setup is simple, and parallel i/o performance is fast enough to support very high-throughput workloads.”—Bill Shea, CEO Sharp Reflections.

Next Steps

To trial Azure Managed Lustre for free, complete the registration form. Learn more about how to use Azure Managed Lustre and its various supported features from our documentation.

Learn more about HPC and AI solutions

Read the Azure Managed Lustre documentation.
Read our Azure Managed Lustre technical blog.
Visit our Azure HPC hub for more technical content developed for HPC.
Read about our Azure HPC + AI solution.

Quelle: Azure

Exploring mTLS setup to send a client certificate to the backend and OCSP validation

In our previous blog we discussed what mutual transport layer security (mTLS) is and what some of its use cases are. In this blog I want to discuss two of those use cases. First, how to send client certificate to the backend application server and validate the setup by curl command and second how to set up OCSP validation and do verification by openssl commands.

Insert client certificate as HTTP header

In some cases, backend applications may need a client certificate that is received by Application Gateway. Client certificates can serve different purposes as per the need of the backend applications. Some backend servers may need client certificate information for audit purposes or may want to issue token or cookie to a client certificate. In that case we may have to supply the client certificate to the backend. One way to solve this is by supplying the certificate in base64 encoded format within a nonstandard HTTP (Hypertext Transfer Protocol) header. Please note, for security purposes and to prevent header injections, backend server must accept the custom header from trusted Application Gateway. Let’s discuss first how to send client certificate to backend application as custom http header. To achieve that you can set up a rewrite rule to send client certificate as HTTPS header.

Find more details on how to set up a rewrite rule in our rewrite URL and query string with Azure Application Gateway documentation.

Below is the rewrite rule that you can create to send client certificate to the backend as an HTTP header. Setup rewrite action as below.

Above is screenshot of Create rewrite set explaining values that need to be populated for Rewrite rule.

Once a rewrite rule is created you can verify if the backend server is receiving client certificate in the HTTP header. To test the setup prerequisite is to have openssl and curl tool installed in your machine. You should have access to the client certificate and client private key.

Verification steps to check client certificate in custom HTTP header:

Capture the client certificate output.

more client.crt

Above is screen shot showing client certificate output.

Run the following commad to send a request to Application Gateway:

curl -vk HTTPS://<yourdomain.com> –key client.key –cert client.crt

In the backend server you should see the header you created in the Application gateway rewrite rule. You will have to run network capturing tools like tcpdump at the backend server.

Above screenshot shows Client certificate that backend has received.

Above you can see the X-Client-cert header received by backend that we have created in the rewrite rule. This header has the client certificate that we have sent. The backend server can extract this value and use it based on the desired use case.

OCSP

Online certificate status protocol (OCSP) is now supported by Application gateway. Let’s discuss here how to setup OCSP and validate the setup with openssl command. With OCSP support you can verify the status of the client certificate in real time. This can prevent man-in-the-middle attacks by ensuring that the certificate being present is still valid and has not been compromised. You can get more details about OCSP in RFC 2560. It is easy to setup. When a client initiates a connection to an Application Gateway configured with mutual TLS authentication, not only can the certificate chain and issuer's distinguished name be validated, but revocation status of the client certificate can be checked with OCSP (Online Certificate Status Protocol). During validation, the certificate presented by the client will be looked up via the defined OCSP responder defined in its Authority Information Access (AIA) extension. In the event the client certificate has been revoked, the application gateway will respond to the client with an HTTP 400 status code and reason. If the certificate is valid, the request will continue to be processed by application gateway and forwarded on to the defined backend pool.

Please check this OCSP link to enable this capability. I have summarized the PowerShell command to setup OCSP.

$AppGw = Get-AzApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"

$profile = Get-AzApplicationGatewaySslProfile -Name "SslProfile01" -ApplicationGateway $AppGw

Set-AzApplicationGatewayClientAuthConfiguration -SslProfile $profile -VerifyClientCertIssuerDN -VerifyClientRevocation OCSP

Once you have set up OCSP, you can verify your client certificate with the OCSP endpoint using openssl command.

openssl ocsp -issuer <ca-bundle> -cert client.crt -text -url <HTTP://FQDN>

Ca-bundle—certificate authority (CA) that has issued the certificate (uploaded per the link step 8 from our previous blog)

Client.crt—Client certificate

url—This will be OCSP endpoint URL address. If you do not know what the URL is you can find the OCSP endpoint of client certificate by using following command:

openssl x509 -in client.crt -text | grep -I OCSP

OCSP—URL:HTTP://ocsp.sectigo.com

Above is screen shot of openssl command showing status of client certificate verification.

You should see the following response if certificate is valid:

Response verify OK

client.crt: good

After verification of your client certificate through OCSP endpoint, you can verify the traffic by sending a request to Application Gateway that has OCSP check-enabled.

curl -vk HTTPS://yourdomain.com –key client. Key –cert client.crt

In case the certificate is not a valid client certificate, OCSP will respond with either “revoked” or “unknown”. Below is the error for “unknown” certificate.

Conclusion

In this blog we have discussed two cases that application gateway supports. You have learned how to send client certificate to backend as HTTP header and verify the setup by using curl command. Also, you have learned how to set up OCSP and verify the setup by openssl command line.

Learn more and get started with Azure Application Gateway

What is Azure Application Gateway | Microsoft Learn
Overview of mutual authentication on Azure Application Gateway | Microsoft Learn
Frequently asked questions about Azure Application Gateway | Microsoft Learn
Overview of mutual authentication on Azure Application Gateway | Microsoft Learn

Quelle: Azure