Kategorie: Microsoft Azure

Enterprise-grade DDoS protection for SMBs now available in preview

This blog has been co-authored by Anupam Vij, Principal PDM Manager.

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. While cyber-attacks are on the rise, they typically make the news only when a large organization has fallen victim to an attack. However, contrary to what many may think, small and medium businesses (SMBs) are just as enticing to cybercriminals.1 While large organizations have the resources needed to protect themselves, small businesses often lack the budget and qualified staff to defend against DDoS attacks.

At Microsoft, we continuously enhance our product offerings to meet the needs of all organizations, including helping SMBs on their digital transformation journey by ensuring that they are protected against the latest DDoS attack vectors. As we shared at Microsoft Ignite, Azure DDoS IP Protection SKU, a new SKU of Azure DDoS Protection built for SMBs, is now available in preview.

Cost-effective, enterprise-grade DDoS protection for small businesses

DDoS IP Protection is designed to meet the needs of SMBs, providing enterprise-grade DDoS protection at an affordable price point. It offers the same essential capabilities as Azure DDoS Network Protection (previously known as Azure DDoS Protection Standard) to protect your resources and applications against evolving DDoS attacks, including L3/L4 automatic attack detection and mitigation, metrics and alerts, mitigation flow logs, mitigation policies tuned to customer applications, and tight integration with Azure Firewall Manager, Microsoft Sentinel, and Microsoft Defender for Cloud.

With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses. SMB customers who have a few public IP addresses to protect will benefit from this cost-effective DDoS protection option.

Key features of Azure DDoS IP Protection

Massive mitigation capacity and scale: Defend your workloads against the largest and most sophisticated attacks with cloud-scale DDoS protection backed by Azure’s global network.
Adaptive tuning: Protect your apps and resources while minimizing false negatives with adaptive tuning tuned to the scale and actual traffic patterns of your application.
Attack analytics, metrics, and logging: Monitor DDoS attacks near real-time and respond quickly to attacks with visibility into the attack lifecycle, vectors, and mitigation.
Integration with Azure Firewall Manager: Centrally manage your DDoS protection across your environment alongside other network security services.
Integration with Microsoft Sentinel and Microsoft Defender for Cloud: Strengthen your security posture with rich attack analytics and telemetry integrated with Microsoft Sentinel and security alerts and recommendations provided by Microsoft Defender for Cloud.

Choosing the right DDoS protection SKU for your needs

Azure DDoS protection now offers two SKUs:

DDoS IP Protection is recommended for SMB customers with a few public IP resources who need a comprehensive DDoS protection solution that is fully managed, and easy to deploy and monitor.
DDoS Network Protection (previously known as Azure DDoS Protection Standard) is recommended for larger enterprises and organizations looking to protect their entire deployment that spans multiple virtual networks and includes many public IP addresses. It also offers value-added features like cost protection, DDoS Rapid Response, and discounts on Azure Web Application Firewall.

Let’s see a detailed comparison of these two SKUs:

Azure DDoS IP Protection pricing

With DDoS IP Protection SKU, you only pay for the public IP resources protected. The monthly cost is fixed for each public IP resource protected with no additional variable costs. Prices may vary by region. Billing for IP Protection will be effective starting on February 1, 2023. For more details on pricing, visit the Azure DDoS Protection pricing page.

Get Started

DDoS IP Protection is currently available in preview in select regions and can only be enabled on Public IP Standard SKU. DDoS IP Protection is currently only available in the Azure Preview Portal and will be made available on the Azure Portal soon.

For more information on DDoS IP Protection, see the following:

Azure DDoS IP Protection documentation.
DDoS Protection pricing page.

1Diving back into SMB breaches, Data Breach Investigation Report, 2021, Verizon.com.
Quelle: Azure

Announcing Azure DNS Private Resolver general availability

A successful hybrid networking strategy demands DNS services that work seamlessly across on-premises and cloud networks. Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks. Using this service, you will be able to resolve DNS names hosted in Azure DNS private zones from on-premises networks as well as DNS queries originating from Azure virtual networks that can be forwarded to a specified destination server to resolve them.

This service will provide a highly available and resilient DNS infrastructure on Azure for a fraction of the price of running traditional IaaS VMs running DNS servers in virtual networks. You will be able to seamlessly integrate with Private DNS Zones and unlock key scenarios with minimal operational overhead.

We are excited to share that Azure DNS Private Resolver is now in general availability.

A quick overview of Azure DNS

We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records. In the preceding illustration, multi-region workloads running on Azure with Azure DNS Private Resolver are provisioned in two regional, centralized virtual networks with one or more spokes peered to each centralized virtual network. These virtual networks have inbound and outbound endpoints provisioned. From on-premises, there are two distinct locations (East and West) and each location connects via Express Route to the centralized virtual network where Private Resolver is provisioned. These on-premises locations have one or more local DNS servers configured to do conditional forwarding to the inbound endpoint of Private Resolver. The local DNS servers in East have the IP address of the East inbound endpoint as the primary DNS target, and the West inbound endpoint as secondary. Alternatively, the local DNS servers in West have the IP address of the West inbound endpoint as the primary DNS target, and the East inbound endpoint as secondary. There is a single private DNS zone linked to both regions and both on-premises locations can resolve names from this zone even in the event of a regional failure.

Azure Private DNS: Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment.
Azure Public DNS: DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

What is being announced today?

Azure DNS Private Resolver enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying virtual machine-based DNS servers.

Azure DNS Private Resolver general availability is being announced to all customers and will have regional availability in the following regions:

East US
East US 2
Central US
South Central US
North Central US
West Central US
West US 3
Canada Central
Brazil South

West Europe
North Europe
UK South
France Central
Sweden Central
Switzerland North

East Asia
Southeast Asia
Japan East
Korea Central
South Africa North
Australia East

 

What will customers be able to do with Azure Private Resolver?

Apart from the features which were announced earlier in preview, customers will now be able to leverage the following additional functionality and content:

Additional architectural guidance for higher resiliency and enabling disaster recovery scenarios.
In-depth information on how to configure conditional forwarding rules.
Configuring hybrid name resolution from on-premises.

In the following diagram, an on-premises network connects to Azure via ExpressRoute and has on-premises DNS servers configured to conditionally forward queries to the private IP address of the inbound endpoint. The inbound endpoint then resolves names available on Azure Private DNS zones which are linked to the virtual network where private resolver is provisioned. If there is no matching private DNS zone in the virtual network, it will use the outbound endpoint and resolve using the ruleset rules via longest suffix match. If no match in the ruleset is found it will recurse to the internet for public name resolution.

Features and benefits

Cross-subscription support to link virtual networks from different subscriptions to rulesets.
Resource Health Check Integration to provide visibility of endpoint health to our customers.

Visibility of query metrics per endpoint to plan for future capacity:

PrivateLink enabled services integration in conditional forwarding to exclude Azure infra zones from being resolved on-premises.

Private Resolver general availability is also available to use via PowerShell, CLI, .NET, Java, Python, REST, Typescript, Go, ARM, and Terraform.

Key use cases for this service

Conditionally forward from on-premises with Azure ExpressRoute/VPN and resolve names hosted on Azure Private DNS Zones via private IP address.
Seamlessly resolve Private Endpoints which are registered in Azure Private DNS Zones.
Configure default DNS servers and forward all DNS queries to either a Protective DNS service or other target DNS servers with a wildcard rule.
Conditionally forward to any reachable target DNS server using a simple rule.
Access resources on-premises with Azure Bastion using names hosted on DNS servers on-premises or Azure Private DNS zones.

Fully managed

Built-in high availability, zone redundancy, and low latency name resolution.

Reduces cost

Reduce operating costs and run at a fraction of the price of traditional IaaS solutions.

Private access to your Private DNS Zones

Conditionally forward from your Virtual Networks to any reachable DNS server and from on-premises to Azure Private DNS Zones.

Scalability

High performance per endpoint.

Highly available

Availability Zone aware and resilient to failures within a region. Service-legal agreement (SLA) of 99.99 percent during general availability.

DevOps-friendly

Build your pipelines with Terraform, ARM, or Bicep.

Get started and share your feedback

You can try Azure DNS Private Resolver today. For more information about the capabilities available, please visit the Azure DNS Private Resolver technical documentation webpage. Post your ideas and suggestions on the networking community page.
Quelle: Azure

Delivering consistency and transparency for cloud hardware security

This post was co-authored by Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure.

When it comes to building the Microsoft Cloud, our work to standardize designs for systems, boards, racks, and other parts of our datacenter infrastructure is paramount to facilitating forward progress and innovation across the computing industry. Microsoft has made a number of contributions to and collaborated with various members of the Open Compute Project (OCP) community, the leading industry group dedicated to open source hardware innovation. This year, we are excited to showcase some of our newest projects at the OCP Global Summit and share our learnings on the path of building a more reliable, trusted, and sustainable cloud. One of the key areas where we’ve seen continued focus and opportunity is driving industrywide standards around platform security. To dive deeper into our contributions in this area, I’ve invited Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure, to share more about Microsoft’s newest security contributions to OCP that standardize the foundations of trust, integrity, and reliability in computing.

Securing customer workloads from the cloud to the edge

Microsoft Azure is a leader in cloud security and privacy offering a broad range of confidential computing services to help organizations run workloads that keep business and customer data private with advanced levels of security. As the demand for confidential computing grows from cloud to edge, so do the requirements for consistency and transparency of the security mechanisms that protect workloads. With the rise of edge computing, the resultant growth in the exposed attack surface also presents a need for stronger physical security solutions. In this context, there is an increased need for greater transparency in the infrastructure that underpins these technologies and upholds hardware security promises.

Caliptra: Integrating trust into every chip

At the Open Compute Project (OCP) Summit, we are jointly announcing Caliptra, an open source root of trust (RoT) that produces cryptographic proofs about the hardware protections in place for confidential workloads. Designed with security experts and industry leaders in confidential computing across AMD, Google, Microsoft, and NVIDIA, Caliptra is a forward-looking approach casting transparency into hardware security. As a reusable open source, silicon-level block for integration into systems on a chip (SoCs)—such as CPUs, GPUs, and accelerators—Caliptra provides trustworthy and easily verifiable attestation.

At its core, Caliptra provides foundational security properties that underpin the integrity of higher-level security protection for confidential workloads. The Caliptra RoT has the following essential security properties:

Identity: A unique device manufacturer’s cryptographic identity for attestation endorsement. The identity is consistent with TCG DICE and includes intrinsic attestation of the Caliptra firmware.

Compartmentalization: Hardware protection barriers that isolate Caliptra’s security assets.

Measurement: Cryptographic digests that represent the SoC security configuration in a concise, cryptographically verifiable manner.

Renewable security: The security state of the hardware can be brought forward to a secure state and the life cycle management extends through manufacturing, field operations, circular economy, and eventually end of life.

Ownership: Provides verification of both authenticity and integrity of all mutable firmware loaded into an SoC. This property uses hardware-enforced digital signatures to ensure integrity policies are upheld.

Attestation: The endorsement of measurement claims with Caliptra’s cryptographic identity. These measurements provide precise information about the security state of the trusted computing base.

The initial Caliptra 0.5 contribution release to OCP contains a series of specifications describing architecture, integration, and implementation. An open sourced register-transfer level (RTL) code implementation of Caliptra that can be synthesized into current SoC designs will be made available, along with the cloud-designed firmware written entirely in Rust. With this trusted foundation designed for confidential cloud devices, Caliptra supports the consistent scaling of confidential workloads across distributed systems.

With deep ecosystem collaboration at the heart of Microsoft’s open source philosophy, we look forward to continuing working closely with our partners and engaging the industry to advance Caliptra. Caliptra RTL and firmware project collaboration will be done under the auspices of the CHIPS Alliance.

Hydra: A new secure Baseboard Management Controller (BMC)

We are also introducing Hydra, a new secure BMC in partnership with Nuvoton. A BMC is typically designed into every server system and expansion chassis—for example, JBOD or GPU. As a diagnostic and recovery controller, the BMC has special privileged hardware interfaces for acquiring debug data and telemetry from CPUs. These interfaces present security concerns, as they are targets for attacks that bypass conventional security defenses.

Azure uses Cerberus, a contribution we made to OCP in 2017 for hardware security, to improve BMC security by enforcing firmware integrity and preventing the persistence of malware in the BMC. However, as threat models evolve to restrict admins with physical access to hardware, the BMC needs security properties to establish secure links to an external RoT.

Microsoft collaborated with Nuvoton to design a new security-focused BMC, with enhanced hardware security throughout the BMC SoC. The silicon-integrated root of trust supports TCG DICE identity flows with hardware engines for fast cryptographic operations and hardware-managed keys. The RoT has a one-way bridge for activity monitoring and controlling the BMC security configuration, including which internal security peripherals the BMC can assess. This unique feature allows fine-grained BMC interface authorization, enabling scenarios whereby temporary access to a debug interface can be granted to the BMC only after it attests its trustworthiness.

Kirkland: A secure Trusted Platform Module (TPM)

While Microsoft provides multilayered security across our datacenters, infrastructure, and operations, we believe in defense-in-depth and that all interconnects should be cryptographically secured from interposer-based attack vectors. In partnership with Google, Infineon, and Intel, we are announcing Project Kirkland at OCP. Project Kirkland demonstrates how, using firmware-only updates to the TPM stack and CPU RoT, the interconnect between the TPM and CPU can be secured in a way that prevents substitution attacks, interposing, and eavesdropping. We are open sourcing this methodology and plan to work with the Trusted Computing Group on standardizing this approach while working with other TPM manufacturers to adopt the same methodology, so these techniques become available to all.

A discrete TPM is a chip typically used to protect secrets for the software running on the CPU and conditionally released based on the CPU's boot measurements. Historically, the bus between the CPU and the TPM is susceptible to attack from physical adversaries wishing to falsify attested measurements or obtain TPM-bound secrets. The standards-based firmware techniques used in Project Kirkland defend against such attacks by using cryptography to authenticate the caller and protect the transmission of secrets over the bus.

 

Open hardware innovation at cloud scale

A community-driven approach to infrastructure innovation is vital—not just for continued advancements in trust, efficiency, and scalability, but in service of a larger vision of empowering the ecosystem towards building the for computing needs of tomorrow.

We are also contributing several new hardware designs such as a new modular chassis (Mt. Shasta), a converged architecture that brings form factor, power, and management interface into a modular design—optimized for advanced workloads like high-performance computing, artificial intelligence, and video codecs. In partnership with Quanta and Molex, Mt. Shasta is designed to be fully compatible with Open Rack V3, with flexibility in changing module-module connectivity. Earlier this year, we also collaborated with Intel and contributed the Scalable I/O Virtualization (SIOV) specification to OCP. SIOV enables device and platform manufacturers to an industry standard for hyperscale virtualization of PCI Express and Compute Express Link devices in cloud servers, enabling more scalable, efficient, and cost-effective hardware designs for datacenters.

As the demand for cloud-scale computing and digital services continues to grow, Microsoft is committing to deep ecosystem collaboration with OCP and industry partners to deliver the systems and infrastructure that maximize performance, trust, and resiliency for cloud customers.

Connect with Microsoft at the OCP Global Summit 2022 and beyond

Visit Microsoft at OCP Global Summit: Booth A1
Check out sessions delivered by Microsoft & partners at OCP Global Summit.
Take a virtual tour of Microsoft datacenters.
Learn more about Microsoft’s global infrastructure.
Learn more about cloud hardware innovation at Microsoft

Quelle: Azure

Drive efficiency through automation and AI with the Microsoft Cloud

This year at Microsoft Ignite we explore how organizations can activate AI and automation directly in their business workflows and empower developers to use those same intelligent building blocks to deliver their own differentiated experiences.

The global pandemic has created unprecedented levels of uncertainty, as well as the need to sense and reshape our physical and digital environments, sometimes in completely new ways. Leaders across industries recognize innovation as the only path forward. Critically, we’ve seen a shift from “innovation for innovation’s sake” toward a desire to lower operating costs, anticipate trends, reduce carbon footprints, and improve customer and employee experiences. We’re calling this commitment to innovation “digital perseverance.”

Do more with less with the Microsoft Cloud

Automation and AI are key ingredients for digital perseverance and helping organizations drive efficiency. Komatsu Australia, for example, a leading industrial equipment manufacturer, used Power Automate and AI Builder to automate over 1,000 invoices annually and realize an efficiency gain of 300 hours per year—and that was just for one supplier. These capabilities also improve employee engagement. Of those surveyed in a recent Microsoft study, the use of no-code or low-code platforms or apps is shown to have led to an 83 percent positive impact on work satisfaction. When people are freed from tedious, low-value tasks and feel empowered to contribute their best work, everyone wins.

Organizations are also using AI and automation to reinvent their businesses to stand out from competitors and drive growth. In a recent survey, of respondents investing in AI, 47 percent indicated the main driver was to create new products or services, while only 43 percent indicated the main driver was to improve existing products and services.1 With the Microsoft Cloud, technical and non-technical roles can access leading AI and automation capabilities directly in their flow of work to be more productive. For example, Fashable, a technology startup in Portugal, is using Azure Machine Learning to reduce “fast fashion” waste by forecasting customer interest in computer-generated fashion designs before ever touching a sewing machine. Another great example is Investec, a global financial services company, which uses conversation intelligence in Microsoft Dynamics 365 Sales to help their sellers be more productive on sales calls, follow up quickly, and preserve valuable customer information, which raises the bar in the sales journey and drives growth.

Automation and AI everywhere and for everyone

We believe everyone should have access to these transformative technologies, so we’re infusing AI and automation throughout the Microsoft Cloud, from Viva Sales to Power Platform and Azure AI. This means customers can leverage the skills and resources they already have and confidently combine platforms as needed, all while building on a secure, flexible, and integrated foundation within the Microsoft Cloud.

Drive seller productivity and deeper customer engagement with Dynamics 365 and Viva Sales

We are infusing automation and AI into Dynamics 365 to help professionals focus on what matters most—creating great customer experiences. Microsoft Viva Sales, a seller experience application now generally available, captures customer and deal insights from Microsoft 365 and Teams and populates it within any customer relationship management (CRM) system, eliminating manual data entry and freeing time to focus on selling. Today, we are announcing that conversation intelligence capabilities will be available to all Dynamics 365 Sales and Viva Sales customers at no additional cost. With conversation intelligence, AI guides sales conversations in real time by recommending talking points and sales literature to share with the customer. In addition, sellers receive insights on customer emails within Outlook, which can be updated directly in their CRM.

Read our Dynamics 365 blog and watch the breakout session for more announcements and information.

Empower people and automate processes with Microsoft Syntex

Content is everywhere, in the form of videos, audio files, documents, and more. Microsoft research estimates organizations spend nearly $46 billion a year storing and managing content while netting countless hours of manual processing. Content AI transforms how this content is created, processed, and discovered to turn content from a cost into an advantage.

We’re excited to introduce Microsoft Syntex: Content AI integrated in the flow of work. It integrates innovations across the Microsoft Cloud, from Microsoft 365 to Azure, to Power Platform and Microsoft Purview. Syntex automatically reads, tags, and indexes high volumes of content and connects it where it’s needed in context—in search, in applications, and as reusable knowledge. It puts people at the center, with content integrated into collaboration and workflows like eSignature. Customers like TaylorMade Golf Company, a global golf equipment provider, are using Syntex to empower their people and automate workflows at scale.

Read our Microsoft 365 blog and watch the breakout session for more information.

Improve operational efficiency by automating repetitive processes with Power Platform

Low-code enables people and organizations to punch above their weight in IT resources, doing more and at a lower cost, and when it comes to revolutionizing day-to-day processes, there’s nothing quite like Power Platform. Power Platform makes it easy for anyone to build apps and webpages, automate workflows, create virtual agents, and analyze data. At Microsoft Ignite, we’re excited to share new innovations that make AI and low-code more intuitive for users of all skill levels.

Building on the success of GitHub Copilot, we’re bringing natural language capabilities to Power Automate with description to cloud flows. Now, a maker only needs to describe in natural language the flow they want to build and a suggestion of relevant flows is generated—the maker then adds connections to finalize their flow. It’s that easy. In AI Builder, feedback loop gives you the ability to flag and retrain documents for higher accuracy, and there is now additional support for unstructured data and text recognition to identify 164 languages.

Read our Power Platform blog and watch the breakout session for more announcement and information.

Quickly and easily embed AI into business apps with Azure Applied AI and Cognitive Services

Azure Applied AI Services and Azure Cognitive Services provide developers with pre-built and customizable models to quickly deploy intelligent applications. While AI adoption increased overall during the pandemic, it particularly accelerated use cases like document processing for H&R Block, knowledge mining for Beiersdorf, and natural language understanding in sales and service scenarios for Progressive Insurance. These companies are using Azure AI services to remove friction in business-critical processes to help end-users and employees focus their time and energy on valuable work.

Now customers can use a new pre-built model for contracts in the Azure Form Recognizer Studio to extract entities such as parties and payment terms for downstream processing. Azure OpenAI Service, available in preview, now offers access to DALL·E 2 by invitation. Azure Cognitive Service for Language now offers expanded summarization, contact center capabilities, language support, and Language Studio enhancements.

For more information, please visit the Microsoft AI blog and TechCommunity blog.

Build and deploy responsible machine learning models faster to enhance productivity at any scale with Azure Machine Learning

For organizations building custom predictive models, Azure Machine Learning provides a powerful, unified machine learning platform to help teams get models into production more quickly. To enhance collaboration, we’re excited to announce Azure Machine Learning registries, enabling teams to share registries at the tenant and organization level for greater repeatability and scale. To help customers do more with less, we’ve also consolidated open source tools within the Responsible AI Dashboard, now generally available, for easier debugging directly within a data scientist’s workflow. Finally, we’re helping organizations build with the frameworks they already know and love. Our latest release for Azure Container for PyTorch enables teams to optimize training for PyTorch models directly within the Azure Machine Learning Studio or SDK.

Visit the TechCommunity blog and watch the breakout session for more information and announcements.

Drive the next level of insights, efficiency, and sustainability with the industrial metaverse

When you think about how data, automation, and AI can combine to make a real impact, one of the most compelling scenarios is in the industrial metaverse. One example is how Bosch built their industrial metaverse with different users’ needs in mind.

Bosch is reducing complexity on their factory floors by using the Internet of Things (IoT) and Azure Digital Twins to optimize predictive maintenance. Their machines trigger an alert when there’s an issue and before something breaks down. The alerts are automatically routed through Microsoft Teams—for simple issues—or Microsoft Dynamics 365 Field Service, when a service ticket is needed. And all the data from this system feeds back into itself, continuously improving Bosch’s predictive maintenance models over time. By combining platforms, Bosch empowers everyone from their frontline workers, to operations managers, and data scientists to contribute their expertise and deliver greater efficiency. That’s the kind of disruption that makes Bosch a leader in the manufacturing industry.

To learn more about how Microsoft is helping customers build their industrial metaverse, watch the keynote by Judson Althoff and the breakout session with CBRE.

Digital perseverance is inclusive and responsible

Digital perseverance allows organizations to thrive despite uncertainty by harnessing digital technology to achieve their business goals and do more with less. Microsoft provides an unmatched foundation for this, combining leading platforms for CRM, Robotic Process Automation, and Cloud AI Developer Services, among others. We’re also committed to the advancement of AI that’s driven by principles that put people first, enabling our customers and partners to innovate responsibly for the future of work. By democratizing leading and responsible innovation across the Microsoft Cloud, we’re helping customers get the most out of their technology stack and ensuring everyone from the frontline to the back office can contribute their best work.

Learn more about Azure and AI at Microsoft Ignite

Watch Microsoft Ignite on-demand sessions to learn how to do more with less using the Microsoft Cloud.
Explore all Microsoft Ignite announcements on the Azure Blog.
Sign up to receive the latest updates on how DALL·E is being used in Azure OpenAI Service and across Microsoft.
Get started with Microsoft Learn to build automation and AI skills.
Learn more about how AI is built into Microsoft apps and features that you use every day.

1Gartner: Forecast Analysis: Artificial Intelligence Software, Worldwide, By Analyst(s): Alys Woodward, Anna Griffen, Alan Priestley, Jim Hare, Eric Hunter, Kevin Quinn, October 20, 2021

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Quelle: Azure

How Microsoft Azure helps drive agility and optimization for your business

Welcome to Microsoft Ignite! I’m incredibly inspired by this global community and how you’ve navigated your organizations through significant changes over the past few years.

In a world where business leaders are feeling the pressure to do more with less, organizations of all sizes and industries are increasingly embracing cloud technologies as the path toward digital and business resilience.

I've had the opportunity to speak with our customers about their business needs and the challenges they’re facing. Customers, we hear you, and that's what this year's Microsoft Ignite is all about—empowering you through cloud technology so you can focus on what your organization does best—create, innovate, and differentiate.

We aim to be the world’s computer and most trusted cloud partner for all workloads. No matter where you are on your cloud journey, we have the expertise, capabilities, and platform to help increase agility, optimize technology investments, and create data-driven experiences. To that end, we’re announcing several new developments to help our customers optimize their resources and get the most out of their existing investments.

Performance, scale, mission-critical capabilities: Azure delivers to keep your business efficient and resilient

As our customers continue to embrace digital capabilities with strong cloud fundamentals, the “how” of cloud migration is top of mind, especially for mission-critical workloads.

We work closely with the technology vendors you have traditionally relied upon to run all your workloads and ensure Azure is ready for you to modernize your on-premises applications. We’re announcing several new capabilities to support this:

Nutanix Cloud Clusters on Microsoft Azure is now available for easy extension or migration of your existing on-premises Nutanix workloads and a consistent environment with no need to modify or retool.
Updates to Azure VMware Solution (AVS): Beginning today, this native VMware environment previews stretched clusters, providing 99.99 percent uptime for mission-critical applications requiring the highest availability, and Customer Managed Keys for maximum control over access to encrypted data.
The collaborative SAP ERP is now in preview and increases user productivity and focus by integrating workflows across SAP S/4HANA Cloud, Microsoft Teams, and Microsoft Office for close collaboration without application or context switching.
Updates to Azure Center for SAP solutions, an end-to-end deployment and management experience running SAP on Azure, now previews support for registering Windows-based systems and installing SAP S/4HANA 2020/2021, while providing cost transparency through integration with the cost analysis feature and even more quality checks.

The National Basketball Association (NBA) is a great example of an organization that chose to migrate its SAP solutions and other resources to Microsoft Azure to improve operations and boost fan engagement. Azure enabled them to spend less time managing technology and focus more on generating fan-centric experiences that bring together business, game, and fan data to enhance the way people can enjoy interacting with the NBA.

We know that optimizing investments frees up the resources you need to build the experiences that are most meaningful for your customers.

We’re pleased to announce several advancements to deliver new levels of price performance, mission-critical capabilities, and security—while increasing efficiency and ensuring your business stays resilient, including:

The expansion of the Azure Disk Storage portfolio with the general availability of Premium SSD v2 for greater flexibility when managing performance and costs.
We are investing to help you modernize your infrastructure, from the ground up by taking a system-level approach. We recently introduced new Azure Virtual Machines and Azure Kubernetes Service that feature Ampere Altra Arm–based processors and deliver excellent price performance when running scale-out Linux workloads.
Azure Elastic SAN, a new cloud-native, fully managed, and massively scalable storage area network service—only available through Azure.
New foundational Azure confidential computing service to help protect data in use, and the addition of confidential computing capabilities to services like Azure Virtual Desktop and SQL Server on Azure Virtual Machines.

Delivering data-driven experiences that give you more time and value

We continue to enhance the way Microsoft Azure integrates across infrastructure and data services so you can keep your business efficient and resilient.

In May, we launched the Microsoft Intelligent Data platform, integrating our best-in-class database, analytics, and data governance products for a seamless experience.

Today’s announcements empower our customers to do more with less, add layers of intelligence to applications, unlock predictive insights, and govern data anywhere.

Developers can build on their terms with the new innovation in cloud-native distributed data and open-source. Azure Cosmos DB is expanding beyond NoSQL to support distributed PostgreSQL, bringing everything developers love about PostgreSQL to Azure Cosmos DB.
General availability of the SAP Change Capture Data Connector in Azure Data Factory enables customers to bring in SAP data for advanced analytics. Azure Data Factory’s new Microsoft Graph Data Connector for Microsoft 365 datasets transports your office data into Azure, so you can unlock collaboration and productivity insights. We’re also continuing to remove friction from end-user experiences, allowing you to share your Power BI datasets across tenants through Power BI B2B data sharing.
Microsoft Purview combines unified data governance with risk and compliance solutions. Business Workflows, now generally available, and Business Metamodel, now in preview, make it easier to maximize the business value of your data and drive cross-functional data governance.

And, our new Partner Ecosystem, enables ISVs to build on top of the open and governed Microsoft Intelligent Data platform, delivering an enriched, cost-optimized experiences for customers across all industries.

Transform your business with Azure, anywhere

We want you to be able to stay agile and flexible when extending Azure to your on-premises, multicloud, and edge environments. We meet you where you are, so you can blend your own enterprise and operational edge investments with Azure’s global infrastructure to leverage the best Azure has to offer—on your own terms.

With Azure Arc, we built a bridge that extends the Azure platform so our customers can build cloud-native applications and services with the flexibility to run them across their existing datacenters, edge, and multicloud environments.

For example, Wells Fargo turned to Azure Arc to streamline a scalable compute platform across on-premises and cloud environments. And to get that same fully managed, cloud-native experience, they are extending Azure Kubernetes Service (AKS) to their own datacenters. This offers the flexibility to adapt to ever-changing regulations and compliance requirements by running AKS wherever it’s needed. In turn, they’re able to bring new products and services to market faster and delight their customers.

I’m pleased to announce new Azure Arc capabilities to save you money and enable further innovation.

Expansion of the Azure Hybrid Benefit to include AKS so you can deploy the Azure Kubernetes Service on Azure Stack HCI or Windows Server in your own datacenters or edge environments at no additional cost. This ensures a consistent, managed Kubernetes experience from cloud to edge for both Windows and Linux containers.
Azure Automanage is now generally available for Azure Virtual Machines and Arc-enabled servers. Within minutes, you can automatically configure servers to best-practice Azure services with a simple "point, click, set, forget" experience—whether they run Windows, Linux, or are already located in Azure, on-premises, or even in other clouds.

Do more with less: migrate, optimize, reinvest

We’re focused on finding ways to help you save and get maximum value out of your cloud investments, wherever your business might be in its journey.

We already have pricing benefits and offers, like Azure Hybrid Benefit, to help you achieve savings while adopting and operating in Azure. We also understand you may need additional help to ensure workloads remain secure and protected with hybrid flexibility as you move.

At Microsoft Ignite we’re announcing enhancements and benefits to make this even easier.

Our flagship Azure Migration and Modernization program (AMMP) now helps you plan and deploy cloud security services as you migrate, including support for Microsoft Defender for Cloud and Microsoft Sentinel. You can also take advantage of Azure innovation across hybrid environments with Azure Arc deployment support for workloads that need to remain on-premises.
A new Azure savings plan for compute allows you to save up to 65 percent on select compute services compared to pay-as-you-go prices.1

If you’re further along in the journey to cloud, you need to optimize what you’ve already invested. Tools like Microsoft Cost Management and Azure Advisor help you better manage and understand your cloud spend with best practice guidance and personalized insights.

We want you to be able to take these cloud savings and reinvest them into critical areas like crisis management, security, and intelligent cloud-native solutions that help your business stay resilient, grow, and create new value.

You can read more about how we’re investing in Azure to help you do more with less and there’s a great breakout session this week that will help you bring it all together for your business.

Our commitment to you

Whether you’re getting started with migration, ready to optimize existing investments, or looking to reinvest your savings and keep innovation with cloud-native technologies, we’re here to help you make it happen.

Our commitment is to be the cloud partner you can trust along your entire cloud journey, helping you build agility, optimize your business, and create data-driven experiences.

On behalf of the entire Azure team here at Microsoft, thanks for letting us be that partner for you. However you’re experiencing the Microsoft Ignite sessions this week—from the home office, gathered in Seattle, or around the world—we hope you enjoy the event!

Learn more about Azure at Microsoft Ignite this year

Watch Microsoft Ignite session topics featured in this blog.
View the Microsoft Ignite session on how to do more with less.
Start building skills with Microsoft Learn collections.
Explore all Microsoft Ignite announcements on the Azure blog.
View Microsoft Ignite sessions on how to Deliver efficiency with automation + AI.
View Microsoft Ignite sessions on how to Innovate with a cloud developer platform.
Discover how we’re building for the future with Microsoft Industry Cloud news and updates.

 

 

1Customers may see savings estimated to be between 11 percent and 65 percent. The 65 percent savings is based on one M64dsv2 Azure Virtual Machines for CentOS or Ubuntu Linux in the East US region running for 36 months at a pay-as-you-go rate vs. a reduced rate for a 3-year savings plan. Based on Azure pricing as of October 2022. Prices subject to change. Actual savings may vary based on location, instance type, or usage.
Quelle: Azure

Modernize with Microsoft Cloud, the most complete developer platform

Developers are essential to the world we live in, and the work you do is critical to the success of organizations in every industry. Microsoft empowers innovators like you on your unique journey. With an end-to-end cloud platform, Microsoft Cloud lets you quickly and easily innovate and create a secure foundation for all your applications.

At Microsoft Ignite, we explore how to increase productivity and flexibility with Azure’s cloud-native solutions and low-code app development enables you to iterate quickly and go to market faster—and how to access the most comprehensive set of tools for development at Microsoft. There’s so much we can learn from each other on this journey, let’s dive into the key topics, announcements, and trends you’ll leave with after Microsoft Ignite.

Accelerate innovation with the most complete cloud developer platform

The Microsoft Cloud is a comprehensive platform that enables developers to build incredible solutions. At the core of the Microsoft Cloud is Azure, the underlying infrastructure that enables you to build anything you can imagine. Using Azure DevOps and Azure Kubernetes Service, Ernst and Young Global Limited (EY) has built more agile practices and shifted into a rolling product-delivery approach of software and services. They have been able to develop and deploy solutions faster and with more confidence across a wide range of environments.

We are committed to helping you do more with less. With the Microsoft Cloud toolbox filled with Visual Studio, Azure, GitHub, and Power Platform, you can build reliable, scalable, and high-performance cloud-native applications.

Surging demand for digital solutions and an increasing shortage of technical skills is forcing organizations to adapt their IT development strategies. By empowering everyone to contribute to development processes, IT can multiply technical capacity, accelerate development cost-effectively, and innovate with the business. Adopting the world’s most complete set of integrated low-code development tools means organizations can modernize operations at scale, differentiate services and experiences, and accelerate their journey to the cloud in a secure, governable, and cost-effective way.

During Microsoft Ignite, I’m excited to share some news and updates designed to address these needs and improve the overall developer and maker experience even further with our beloved tools and Microsoft Cloud platform—all designed to help you quickly code and ship from anywhere with confidence.

Increasing productivity and quality for hybrid development teams

Microsoft’s developer cloud is purpose-built to support teams through the entire software development lifecycle. Azure provides the cloud infrastructure that quickly builds a robust, resilient application that scales and is easy to maintain and operate.

I am happy to announce Azure Deployment Environments is available for preview.

Microsoft Dev Box and Azure Deployment Environments pair together to give developers a complete cloud-powered workflow for any project that can be fully managed by IT admins.
Dev Box offers developers high-performance, cloud-based workstations that help get you coding quickly.
Azure Deployment Environments enables teams to spin up the infrastructure needed to run their project in the cloud quickly and on demand.
Azure Load Testing helps teams test and meet scale and performance goals with confidence.

I am excited to announce the preview of GitHub Advanced Security for Azure DevOps.

Which brings GitHub’s industry-leading, developer-focused security tooling to Azure DevOps.
GitHub streamlines our workflows and processes through better collaboration and automation.
GitHub Advanced Security provides a native application security solution within our development workflow, enabling the management of open-source dependencies, custom code, and secrets across the software lifecycle.

Drive application innovation and modernization at scale with cloud-native architectures

Cloud-native apps can deliver new levels of scale and performance and provide even greater reliability. Using cloud-native design patterns helps achieve the agility, efficiency, and speed of innovation that organizations need to deliver value to end users. Azure Kubernetes Service enables developers to take full advantage of the Kubernetes ecosystem and scale cloud-native applications. For example, the Forza team utilized autoscaling Azure Kubernetes Service during the launch of Forza Horizon 5 to meet the challenging performance demand of 10 million concurrent players at launch—the biggest first week in Xbox Game Studios history.

The goal of using cloud-native technologies is to abstract the infrastructure from developers, freeing them to focus on building more cloud-optimized applications. Today, I’m proud to announce Azure Kubernetes Fleet Manager preview, which allows you to easily manage fleets of Kubernetes clusters, run multi-cluster workloads and services, and ensure consistent configuration, access, and governance across your Kubernetes environment.

How modernizing enterprise applications enables you to do more with less

Azure’s fully managed application platform service offerings such as Azure App Service and Azure Spring Cloud are uniquely differentiated for .NET and Java customers in that they enable customers to modernize applications with minimal code changes and increased developer velocity. With Azure application platform services, you offload the management of the underlying cloud infrastructure to Azure, which allows you and your developers to focus on app innovation rather than managing, configuring, securing, and updating the underlying infrastructure (because Azure does that for you). This helps streamline costs by modernizing your apps using readily available skills. Further, generates trust and customer loyalty thanks to industry-leading platform security from Azure, which is built right into the platform. Easily integrate your internal and external stakeholders in the modernization journey and get maximum scale without having to worry about over-provisioning or under-provisioning resources. With Azure App Service and other Azure application platform services, you can innovate more and build more value for your business.

One example of a customer taking advantage of Azure’s managed services and serverless compute options is COFCO International, China’s largest food and agricultural business corporation. COFCO International utilized Azure Logic Apps and Azure Functions to create new solutions for application integration, data aggregation and reporting, and data governance, which has enabled them to make decisions faster and provide better visibility with improved analytics capabilities.

Streamline low-code governance in your organization

With Power Platform, Microsoft provides a central low-code platform that allows makers to enjoy shared components and common building blocks, allowing organizations to bring low-code assets into a central framework and give IT the visibility to govern centrally at scale. Power Platform runs on top of Azure and benefits from the strengths of Azure’s security, advanced management capabilities, and rich set of industry-specific certifications.

Power Platform enables IT to gain visibility and control over applications at scale with Managed Environments, now generally available. Managed Environments is a brand-new capability to streamline and simplify governance at scale. It gives you more control with sharing limits, security and reliability validations, and the ability to customize the maker onboarding experience.

Power Pages: low-code web development

Power Pages is now generally available. Power Pages is an enterprise-grade connectivity platform for organizations to build and launch external self-service websites. The Power Pages platform allows them to connect with their customers, partners, and communities and share business data, collaborate, and automate business processes with them at scale and securely. Learn more about building secure business websites.

Low-code is a critical tool for skilling today’s workforce

Power Platform has empowered millions of people to do more with less and build mission-critical apps for their businesses. Now with the new Power Up program, people without development backgrounds can transform their careers through a guided training program and community. The Power Up upskilling program provides training, offers certification, and recognizes people who excel.

There are so many new and exciting capabilities to experience and dive into at Microsoft Ignite. You can learn more about these announcements and how Microsoft is committed to delivering the best development experience at the session Accelerate innovation with the world's most complete cloud developer platform. Join us throughout the entire event for breakout sessions, demos, opportunities to connect with experts, learning experiences, and much more.

Thank you, and enjoy Microsoft Ignite!

Learn more about Azure at Microsoft Ignite

Watch Microsoft Ignite session topics featured in this blog.
Start building skills with Microsoft Learn collections.
Explore Microsoft Ignite announcements on the Azure blog.
Attend an Azure Virtual Training Day to continue learning.

Quelle: Azure

Scalable management of virtualized RAN with Kubernetes

Among the many important reasons why telecommunication companies should be attracted to Microsoft Azure are our network and system management tools. Azure has invested many intellectual and engineering cycles in the development of a sophisticated, robust framework that manages millions of servers and several hundred thousand network elements distributed in over one hundred and forty countries around the world. We have built tools and expertise to maintain these systems, use AI to predict problem areas and solve them before they become issues, and provide transparency in the performance and efficiency of a very large and complicated system.

At Microsoft, we believe these tools and expertise can be repurposed to manage and optimize telecommunication infrastructure as well. This is because the evolving infrastructure for telecommunication operators includes elements of edge and cloud computing that lend themselves well to global management. In this article, I will describe some of the more interesting technologies that fit into the management of a cloud-based telecommunications infrastructure.

Up and running in just a few clicks

If you want to set up a 5G cellular site, there are a few key requirements. After gathering and interconnecting your hardware (servers, network switches, cables, power supplies, and other components), you then plug in your edge server machines to power and networking outlets. Each machine will be accessible via a standards-based board management controller (BMC) that usually runs a lightweight operating system, Linux, for example, to remotely manage the machine via the network.

When powered up, the BMC will obtain an IP address, most likely from a networked DHCP server. Next, an Azure VPN Gateway will be instantiated—this is a Microsoft Azure-managed service that is deployed into an Azure Virtual Network (VNet), and provides the endpoint for VPN connectivity for point-to-site VPNs, site-to-site VPNs, and Azure ExpressRoute. This gateway is the connection point into Azure from either the on-premises network (site-to-site) or the client machine (point-to-site). Using private VNet peering allows Azure to talk to the BMC on each machine.

Once this is working, the network operator can enable scripts that talk to the BMC via Azure to run automatically and can install the basic input/output system (BIOS) and proper software operating system (OS) images on the machine. Once these edge machines have an OS, a Kubernetes (K8s) cluster can be created, encompassing multiple machines by using tools such as Kubeadm. The K8s cluster is connected to Microsoft Azure Arc so that workloads can be scheduled onto the cluster using Azure APIs.

Management via Azure Arc

Microsoft Azure Arc is a set of technologies that extend Azure management to any infrastructure, enabling the deployment of Azure data services anywhere. Specifically, Azure management can be extended to Linux and Windows physical and virtual servers, and to K8s clusters so Azure data services can run on any K8s infrastructure. In this way, Azure Arc provides a unified management experience across the entire telecommunications infrastructure estate, whether it’s on-premises, in a public cloud, or in multiple public clouds.

This creates a single pane view and automation control plane of its heterogeneous environments, as well as the ability to govern and manage all these resources in a consistent way. Microsoft Azure portal, role-based access control, resource groups, search, and services like Azure Monitor and Microsoft Sentinel are also enabled. Security for next-generation networks, like the ones telecommunications operators are lighting up, is a topic I recently wrote about.

For developers, this unified framework delivers the freedom to use the tools they are familiar with while focusing more on the business logic in their applications. Microsoft Arc along with other existing and new Microsoft technologies and services forms the basis of our Azure Operator Distributed Services which will bring a carrier-grade hybrid cloud service to the market.

However, running radio access network (RAN) functions on a vanilla Arc-connected Kubernetes cluster is difficult. It requires manual and vendor-specific tuning, resource management, and monitoring capabilities, making it difficult to deploy across servers with different specs and to scale as more virtual RAN (vRAN) deployments come up. Therefore, in addition to Microsoft Azure Arc and Azure Operator Distributed Services, we have developed the Kubernetes for Operator RAN (KfOR) framework, which provides extensions that are installed on top of vanilla K8s clusters to specifically enhance the deployment, management, and monitoring of RAN workloads on the cluster. These are the essential components necessary for lighting up the automatic management and self-healing properties of next-generation telecommunication cloud networks, creating an edge platform that turns the vRAN into yet another cloud-managed application.

Kubernetes for Operator RAN (KfOR) extensions for virtualized RAN

To optimally utilize edge server resources and provide reliability, telecommunication RAN network functions (NFs) typically run in containers within a server cluster, utilizing K8s for container orchestration. Although Kubernetes allows us to take advantage of a rich ecosystem of components, there are several challenges related to running high service-level agreements, high-performance, and latency-sensitive RAN NFs in edge datacenters.

For example, RAN NFs run close to the cell tower in the far-edge, which in many cases is owned by the telecommunications operator. Performance requirements for high availability, high performance, and low latency needed by vRAN necessitate the use of single root I/O virtualization(SR-IOV) working with a data plane development kit (DPDK), programmable switches, accelerators, and custom workload lifecycle controllers. This is well beyond what standard K8s offer.

To address these challenges, we have developed KfOR, which patches this hole and enables end-to-end deployment, RAN management, monitoring, and analytics experience through Azure.

The figure shows how the various components of Azure and Kubernetes (blue) and those developed by the Azure for Operators team (green) fit together. Specifically, it shows the use of an Azure Resource Provider (RP) and an Azure Managed App, which allows the spin-up of a Management Azure Kubernetes Service (AKS) cluster on Azure. This control-plane management cluster can then utilize open source and in-house developed components to deploy and manage the edge cluster (the Azure Arc–enabled Kubernetes workload cluster).

The control plane manages both the provisioning of the bare-metal nodes on the workload cluster, as well as the Kubernetes components running on these nodes. Within the workload cluster, KfOR provides custom Kubernetes extensions to simplify the development, deployment, management, and monitoring of multi-vendor NFs. KfOR utilizes extension points available in Kubernetes such as custom controllers, DaemonSets, mutating webhooks, and custom runtime hooks. Here are some examples of its capabilities:

Container suspension capability. KfOR can create pods that have containers that start in a suspended state but can be automatically activated in the future. This capability can be used for creating "warm standbys," which means these pods can immediately replace active pods that unfortunately fail, reducing downtime from several seconds to under one. In addition, this feature can also be used to ensure that pods launch in a predetermined order by specifying pod dependencies. vRAN workloads have some pods that require another pod to have reached a particular state prior to launching.
Advanced Kubernetes networking stack. KfOR provides an advanced networking library using DPDK and a method to auto-inject this library into any pod using a sidecar container. KfOR also provides a mechanism to autoload this library ahead of the standard sockets library. This allows for code written using standard User Datagram Protocol sockets to achieve microsecond latency using DPDK underneath, without modifying a single line of code.
Cloud-native user-space eBPF codelets. Extended Berkeley packet filter (eBPF) is used to extend the capabilities of the kernel safely and efficiently without requiring changing the kernel source code or loading kernel modules. KfOR provides a mechanism to submit user-space eBPF codelets to the K8s cluster, as well as a method for insertion of these codelets by using K8s pod annotations. The codelets attach dynamically to hook points in running code in the network functions and can be used for monitoring and analytics.
Advanced scheduling and management of cluster resources. KfOR provides a K8s device plugin that allows for the scheduling and usage of isolated CPU cores as a resource separate from standard CPU cores. This enables RAN workloads to run on a K8s cluster with no manual configuration, such as pinning threads to predefined cores. KfOR also provides a custom runtime hook to isolate resources so containers cannot use CPUs, network interface controllers, or accelerators that have not been assigned to them.

With these capabilities, we have accomplished one-click deployment of RAN workloads as well as real-time workload migration and defragmentation. As a result, KfOR is able to shut off unused nodes to save energy. KfOR is also able to properly configure programmable switches that are used to route traffic from one server to the next. Furthermore, with KfOR, we can deliver fine-grain RAN analytics, which will be discussed in a future blog.

KfOR goes beyond simple automation. It turns the far-edge into a true platform that treats the vRAN as yet another app that you can install, uninstall, and swap easily with a simple click of a button. It provides APIs and abstractions that allow vRAN vendors to fine-tune their functions for real-time performance without needing to know the details of the bare metal. This is in contrast to existing vRAN solutions that even though virtualized, still treat the vRAN as an appliance, which needs to be manually tuned and is not easily portable across servers with even slightly different configurations.

Deployment of KfOR extensions is completed by using the management cluster to launch the add-ons on the workload cluster. KfOR capabilities can be used by any K8s deployment by simply adding annotations to the workload manifest.

Robust stress-free RAN management

What I have described here is how the full power of preexisting cloud management tools along with the new KfOR technology can be put together to manage, monitor, automate, and orchestrate the near-edge and far-edge machines and software deployed within the emerging telecommunications infrastructure. Once the hardware and network are available, these capabilities can light up a cell site impressively quickly, without any pain, and without requiring deep expertise. KfOR, developed specifically for virtual RAN management, has significant built-in value for our customers. It enables Azure to plug in artificial intelligence for sophisticated automation along with tried-and-true technologies needed for self-managing and self-healing networks. Overall, it creates a differentiation of our offering in the telecommunications and enterprise markets.

Learn more

Follow us for additional developments in this space and more.
Learn more about Microsoft Azure Arc and Azure Kubernetes Service (AKS).
Sign up for Microsoft Azure today.

Quelle: Azure

Azure Firewall Basic now in preview

This blog was co-authored by Gopikrishna Kannan, Principal Program Manager, Azure Networking.

Organizations are experiencing an increase in both the volume and sophistication of cyberattacks with the acceleration of digital transformation and the increase in hybrid work. While organizations of all sizes face similar security risks, cybersecurity is rapidly becoming a top concern for small and medium businesses (SMBs) with the shift to remote work and new digital business models. SMBs are particularly vulnerable as they are faced with budget constraints and gaps in specialized security skills. In a recent research study, over 60 percent of small businesses experienced a cyberattack and were left unable to operate.

Microsoft is constantly innovating to help secure customers’ digital assets in an evolving threatened landscape and help SMB customers with their cloud adoption journey. Today, we are excited to announce the preview of Azure Firewall Basic.

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all of their traffic flows with essential capabilities at scale.

Cost-effective, enterprise-grade security built for SMBs

Azure Firewall Basic includes Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft Threat Intelligence. With tight integration with other Azure services, such as Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud, you can gain more visibility into your environment and identify and respond to threats quicker.

Key features of Azure Firewall Basic

Comprehensive, cloud-native network firewall security.

Network and application traffic filtering.
Threat intelligence to alert on malicious traffic.
Built-in high availability.
Seamless integration with other Azure services.

Simple setup and easy to use.

Set up in just a few minutes.
Automate deployment (deploy as code).
Zero maintenance with automatic updates.
Central management via Azure Firewall Manager.

Cost-effective.

Designed to deliver essential, cost-effective Firewall protection for your resources within your virtual network.

Choosing the right Azure Firewall SKU to meet your needs

Azure Firewall now supports three different SKUs to cater to a wide range of customer use cases and preferences.

Azure Firewall Premium is recommended to secure highly sensitive applications (such as payment processing). It supports advanced threat protection capabilities like malware and TLS inspection.
Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and needs auto-scaling to handle peak traffic periods of up to 30 Gbps. It supports enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 Mbps.

Let’s take a closer look at the features across the three Azure Firewall SKUs.

Azure Firewall Basic pricing

Similar to the Standard and Premium SKUs, Azure Firewall Basic pricing includes both deployment and data processing charges.

For more details, visit the Azure Firewall pricing page.

Next steps

For more information on everything we covered in this blog post, see the following:

Azure Firewall documentation.
Azure Firewall Manager documentation.
Deploy and configure Azure Firewall Basic.
Watch this video for a guided walkthrough of Azure Firewall Basic deployment.

Quelle: Azure