Kategorie: Microsoft Azure

Azure Virtual WAN simplifies networking needs

Today we are excited to make announcements in multiple areas of Azure Virtual WAN (vWAN), networking as a service that brings networking, security, and routing functionalities together to provide a single operational interface. As enterprises increasingly adopt the cloud while reducing their costs, IT teams looking to consolidate, accelerate, or even revamp their wide area network should consider Azure Virtual WAN. You don't need to have all these use cases to start using Virtual WAN—you can get started with just one. With ease of use and simplicity built in, vWAN is a one-stop shop to connect, protect, route traffic, and monitor your wide area network.

“Microsoft Azure Virtual WAN is driving outcomes for Accenture. Migrating 250+ corporate networks to Virtual WAN with code-based deployments creates flexible, cheaper, and consistent networks for our customers. We can now easily connect new work sites in hours.”—Conrad Johnson, Cloud Networks Service Director, Accenture.

The following areas have key announcements:

Remote user connectivity (also known as point-to-site VPN).
Routing.
Branch connectivity (also known as site-to-site VPN).
Private connectivity (also known as ExpressRoute).
Third-Party Network Virtual Appliance Integrations.

Remote-user connectivity (also known as point-to-site VPN)

Multipool user group support preview

Multipool user group support for remote-user (point-to-site) VPN allows you to assign different IP address pools to connecting users based on their credentials. With this feature, you can segment your remote users into distinct groups, assign each group unique IP addresses and use the assigned IPs to control and restrict access to business-critical applications hosted both in Azure and on-premises.

User groups within a Virtual WAN can be defined based on Azure Active Directory membership, Certificate Common Name domain or custom RADIUS attributes.

In this example, Contoso corporation has three departments, human resources, finance, and engineering. Contoso also has an on-premises datacenter hosting several business applications connected to Virtual WAN via an ExpressRoute circuit. Contoso leverages Azure Active Directory groups and Virtual WAN remote user/point-to-site VPN groups to segment and assigns different IPs to HR, finance, and engineering users.

Contoso then configures Azure Firewall and on-premises Firewall rules to allow each functional department to only access relevant applications. For example, Azure Firewall is configured to restrict access to applications in the HR VNet to HR Users. Likewise, on-premises firewalls are also configured to allow users access to applications based on need.

To learn more, read about the underlying concepts behind remote-user connectivity and watch a step-by-step tutorial.

Routing

Secure hub routing intent preview

Routing intent and routing policies allow you to simplify securing your Azure Virtual WAN deployments. With a single click, you can send all traffic (including inter-region and branch-to-branch) to be inspected by Azure Firewall or select Next-Generation Firewall (NGFW) Network Virtual Appliances deployed in the virtual WAN hub. Virtual WAN’s router manages this all for you dynamically by using BGP so that you can avoid error-prone configurations.1

Configuring a routing policy on a hub makes that hub a regional security boundary—all traffic entering or leaving that hub will be sent to Azure Firewall or NVA of choice for inspection before being forwarded to its destination. Routing policies allow you to deploy Azure Firewall/NVA as a bump-in-the-wire solution to inspect East-West (VNet-to-VNet, branch-to-branch (ExpressRoute, P2S VPN, S2S VPN), North-South (branch-to-VNet) traffic between resources connected to the same hub and different hubs. Azure Firewall or a Network virtual appliance Firewall can also serve as the egress point for internet traffic for Virtual Networks and on-premises.

For more information on how to use routing intent and policies, please see how to configure Virtual WAN Hub routing policies.
For a list of available Next-Generation Firewall (NGFW) NVA’s deployed in the hub and appropriate instructions for deploying and accessing previews, please see our Network Virtual Appliances documentation.

Hub routing preference (HRP) is generally available

When a virtual hub router learns multiple routes across S2S VPN, ER, and SD-WAN NVA connections for a destination route prefix on-premises, the virtual hub router makes routing decisions using a built-in route selection algorithm. Being able to select virtual hub routing preference provides the ability to influence routing decisions in a virtual hub router for traffic flowing towards on-premises.

Hub routing preference gives you more control over your infrastructure by allowing you to select how your traffic is routed when a virtual hub router learns multiple routes across S2S VPN, ER and SD-WAN NVA connections. Hub routing preference provides the ability to select between ExpressRoute, AS Path, and VPN to create your desired traffic flow.

Routes are selected in the following order:

Select routes with Longest Prefix Match (LPM).
Prefer static routes over BGP routes.
Hub routing preference lets you select between ExpressRoute, AS Path, and VPN.

For more information on hub routing preference, please see Virtual WAN virtual hub routing preference – Preview – Azure Virtual WAN | Microsoft Learn.

Bypass next hop IP for workloads within a spoke VNet connected to the virtual WAN hub generally available

One of Virtual WANs most popular routing use cases is deploying an NVA in a spoke VNet attached to a virtual WAN hub, then routing traffic through the NVA. Bypassing next hop IP for workloads within a spoke VNet connected to the virtual WAN hub lets you deploy and access other resources in the VNet with your NVA without any additional configuration.

Bypassing next hop IP for workloads within a spoke VNet connected to the virtual WAN hub allows you to have greater flexibility in how you deploy NVAs. This feature allows you to deploy NVAs and other workloads into the same VNet without forcing all the traffic through the NVA.

Learn how to configure virtual hub routing and more about Bypass next hop IP for workloads within a spoke VNet connected to the virtual WAN hub.

Border Gateway Protocol (BGP) Peering with a virtual hub is generally available

BGP Peering with a virtual hub exposes the ability to peer with the virtual hub router directly using the Border Gateway Protocol (BGP) routing protocol. This feature now eliminates the need to configure static routes between a Network Virtual Appliance (NVA) and the virtual hub router.

BGP Peering with a virtual hub enables you to deploy an NVA in a spoke VNet and dynamically exchange routes with your branch and on-premises sites. You can then peer that same NVA with the virtual hub dynamically using BGP. Now you can exchange routes between your branch and the virtual hub without using static routes!

Read more about BGP peering with a virtual hub on Microsoft Learn.
Learn how to configure BGP peering to an NVA virtual hub.

Branch connectivity (also known as site-to-site VPN)

BGP dashboard is now generally available

The BGP dashboard provides the ability to monitor BGP peers, advertised routes, and learned routes for your site-to-site VPNs configured to use BGP in one place.

The BGP dashboard provides greater visibility into your branch offices connected to Virtual WAN. You now have the ability to see what routes your branch office is sending to the virtual WAN router, while also seeing what routes the Virtual WAN router is sending to your branch offices.

See more information on how to monitor S2S VPN BGP routes on the BGP dashboard.

For customers that want to use a non-vWAN VPN gateway, also known as a Virtual Network gateway, which can be used to set up a site-to-site connection within Azure to a Virtual WAN system, the following Virtual WAN–enabled capabilities are worth checking out.

Virtual Network Gateway VPN over ExpressRoute private peering (AZ and non-AZ regions) is generally available

Customers can now use VPN over ExpressRoute private peering connectivity in non-AZ regions. Earlier, this feature was only available for regions having availability zones. The following gateway SKUs can be used for setting up VPN connectivity:

VpnGw1/2/3/4/5 SKUs with standard public IP for regions with no availability zones
VpnGw1AZ/2AZ3AZ/4AZ/5AZ SKUs with standard public IP for regions having one or more availability zones

Point-to-site users connecting to a virtual network gateway can use ExpressRoute (via the site-to-site tunnel) to access on-premises resources.

Customers can deploy site-to-site VPN connections over ExpressRoute private peering at the same time as site-to-site VPN connection via the Internet on the same VPN gateway.

Read more information on this new feature.

Custom traffic selectors (portal)–generally available

Customers may want to set traffic selectors to narrow down address prefixes from both ends of a VPN tunnel. Custom traffic selectors are particularly useful for customers who have large VNet address spaces but want to use one of their subnets for IPsec/IKE negotiation. Customers can add custom traffic selectors when creating a new connection or update an existing connection.

Earlier, we enabled custom traffic selectors using PowerShell. Customers can now also use the portal to set custom traffic selectors on their Virtual Network Gateway VPN connections.

The TrafficSelectorPolicy parameter consists of an array of traffic selectors, with each traffic selector holding a collection of local and remote address ranges in CIDR format.

See more information on setting up traffic selectors.

High availability for Azure VPN client using secondary profile is generally available

Customers can now use Azure VPN client in Windows to add a secondary gateway preference in their primary gateway configuration. This feature improves connection availability for point-to-site customers by having a pre-configured additional profile. If for some reason, the primary gateway encounters an outage, VPN client will automatically failover to connect with the secondary gateway.

See more information on Azure VPN client using secondary profile.

Private connectivity (also known as ExpressRoute)

ExpressRoute circuit with visibility of Virtual WAN connection

Previously in Azure Portal, when navigating to an ExpressRoute circuit connected to a Virtual WAN hub, the ExpressRoute circuit’s Connections page did not display the connections to the virtual hub’s ExpressRoute gateway. With this feature, these connections to the virtual hub’s ExpressRoute gateways are now visible.

By displaying these connections to the ExpressRoute gateways in the virtual hub, this feature provides you with more visibility into your Azure architecture. Not only does this enable you to gain a deeper understanding of your topology, but this will allow you to better monitor and troubleshoot your ExpressRoute connectivity.

Watch a tutorial on how to create an ExpressRoute association to Azure Virtual WAN.

Third-party integrations

Fortinet SDWAN is generally available

We are pleased to announce the general availability of Fortinet SD-WAN in Virtual WAN. Fortinet’s security-driven approach consolidates next-generation Azure Firewall and SD-WAN into a single set of hassle-free solutions to deploy and bootstrap highly available virtual appliances and provide full security inspection at the point of cloud connectivity.

Fortinet SD-WAN dynamically exchanges routes with the Virtual Hub Router using BGP to effortlessly simplify routing between Fortinet SD-WAN branch devices, your applications hosted in Azure Virtual Networks, and services hosted on ExpressRoute-connected on-premises.2

Find more information about Network Virtual Appliances in Virtual WAN on Microsoft Learn.
Read more about Fortinet SD-WAN in Virtual WAN.

Aruba EdgeConnect Enterprise SDWAN preview

We are pleased to announce the preview of Aruba EdgeConnect Enterprise SD-WAN solution in Azure Virtual WAN. The Aruba EdgeConnect Enterprise SD-WAN solution delivers optimized, secured, and automated branch connectivity to, and through, Azure.

The Aruba EdgeConnect Enterprise solution provides a fully-automated, scalable, and software-defined experience connecting branch offices and data centers to Azure Virtual WAN with application-aware traffic steering.

See more on how to deploy the Aruba EdgeConnect Enterprise SD-WAN in Virtual WAN.
Read about Integrated Network Virtual Appliances in Virtual WAN on Microsoft Learn.

Checkpoint NG Firewall preview

We are pleased to announce the preview of Check Point’s Next-Generation Firewall in Virtual WAN. This deep integration allows you to deploy a Check Point Cloud Guard Network Security (CGNS) NVA in the Virtual WAN hub, which lets you enjoy Check Point capabilities without having to worry about provisioning high availability, bootstrapping, or managing upgrades. A major benefit of this NVA integration is simplified routing, as the NVA peers use BGP with the Virtual WAN hub router, which intelligently handles routing decisions within and across Virtual WAN hubs.

Check Point CGNS provides many next-generation firewall capabilities, such as advanced threat detection to prevent malware attacks. In addition, you can configure Check Point security policies via a single pane of glass with Check Point Security Management.2

Watch a demo on this integration.
Read more about the Check Point Azure Virtual WAN security solution announcement.
Find more information about Integrated Network Virtual Appliances on Microsoft Learn.

We want your feedback

We look forward to continuing to build out Azure Virtual WAN and adding more capabilities in the future. We encourage you to try out Azure Virtual WAN and its new features and look forward to hearing more about your experiences and so we can incorporate your feedback into the product.

Learn more

For additional information, please explore these resources:

What's new in Azure Virtual WAN?.
Virtual WAN documentation.

 

 

1. Support for inter-region traffic inspection is currently rolling out and is available today for a limited set of regions. To learn more, please reach out to previewinterhub@microsoft.com.

2. NGFW use cases for Routing Intent are currently in preview. Please see Routing Intent section above for more details.
Quelle: Azure

Leverage SFTP support for Azure Blob Storage to build a unified data lake

Today, we are announcing that SSH File Transfer Protocol (SFTP) support for Azure Blob Storage is generally available. SFTP support for Azure Blob Storage is a fully managed, highly scalable SFTP service that enables simple, secure, and easy-to-manage file transfers. This empowers you to modernize your data transfer workflows and eliminate data silos.

The addition of SFTP to Azure Blob Storage, our object storage platform, expands on our vision of multi-protocol access and enables you to run your SFTP workloads with minimal management effort and low infrastructure costs. SFTP support, combined with protocol support for NFS 3.0, Blob REST, and Azure Data Lake Storage, helps customers migrate their applications without any changes. Building on top of the Blob Storage foundation also allows SFTP-enabled accounts to inherit the security, durability, scalability, and cost efficiency of Azure Blob Storage.

This new feature is a one-click enablement solution to transfer files to and from object storage using SFTP without having to monitor or maintain the underlying infrastructure. Customers no longer need to spend resources and time to deploy, manage, scale, and maintain virtual machine (VM)–based SFTP servers.

During our public preview, thousands of customers from various industries such as consulting, retail, healthcare, telecom, financial services, and governments have embraced this feature and are eager to deploy their workloads in production. These customers have been using SFTP for a variety of data transfer scenarios such as exchanging data with customers and partners, modernizing legacy data workflows, syncing data across on-premises and cloud, and collecting data from nodes in a network to unlock insights via a unified data lake.

Manage hybrid workloads using SFTP support for Azure Blob Storage

AT&T, the world’s largest telecommunications company, has a goal to move the majority of its applications to the cloud using private networks. As an organization, it wants to modernize legacy apps and adopt a hybrid architecture where some critical applications are running on-premises and some on Azure.

"As a part of its hybrid architecture, AT&T transfers data between on-premises to Azure and one of the primary methods used is SFTP. Now, instead of creating, maintaining, and patching VMs to keep an SFTP service running, AT&T leverages Blob SFTP to eliminate these repetitive tasks. By providing one-click enablement to create an SFTP endpoint for our Blob Storage accounts, Azure abstracts the infrastructure complexity and provides a highly available SFTP service. The cherry on top of the cake is Local Users, a lightweight identity that complements SFTP, which is very easy to set up, manage, and allows granular permission setting at container level."—Chirag Choksi, Principal Software Engineer, AT&T.

Unlock insights via a unified data lake

Kraft Heinz is an American multinational food company with many beloved brands across the globe. The company has a deep partnership with Microsoft and Azure is its preferred cloud platform for various IT modernization, digital transformation, data science, and analytics workloads that drive its business forward. Kraft Heinz’s data analytics processes involve collaborating with multiple partners and vendors who share data that needs to be ingested into their Enterprise Data Warehouse.

“Managing data sharing pipelines with a wide range of data providers, partners, and retailers is extremely complicated and becomes messy if many different tools are used. SFTP is the common denominator that helps us exchange data in a scalable and secure manner with all collaborators, but we have been incurring tech debt by managing our own SFTP VM servers that require constant maintenance. With SFTP support for Azure Blob Storage, we can easily enable an SFTP endpoint for our data lake for both inbound and outbound file transfers without compromising security or creating additional tech debt. This frees up valuable resources which were previously used to maintain our own SFTP servers. Most importantly, it allows us to create a unified data lake that can be used to generate business insights.”—Ashish Agrawal, Director of Cloud Engineering, Kraft Heinz Company.

Migrate business-critical applications to the cloud

SNCF Réseau is the leading French railway network management company that orchestrates traffic on more than 28,000 kilometers of railway lines. It is responsible for 5 million passengers and 250K tons of freight every day and strives to provide cost-effective and environmentally friendly mobility solutions. To modernize its billing application, SNCF utilizes SFTP support for Azure Blob Storage.

“SFTP servers enable SNCF to communicate data between Azure cloud and their on-premises data centers. In SFTP support for Azure Blob Storage, SNCF found the perfect fully managed, highly available, massively scalable SFTP PaaS that vastly simplified our data transfer workflows. Blob Storage’s native SFTP solution decreases maintenance overhead, freeing up resources that enable SNCF to focus on their goal to innovate and enrich the lives of millions of travelers.”—Taij Triki, Solution Architect, SNCF.

Get Started

Accelerate your migration to the cloud for SFTP workloads with SFTP support for Azure Blob Storage today! Get started by checking out the introductory video and reviewing how to connect to Azure Blob Storage using SFTP.

Learn more

Optimize performance with the guidance in performance Considerations for SFTP in Azure Blob Storage.

Assess limitations of known issues with SFTP support for Azure Blob Storage.

Verify host keys by referring to host keys for SFTP support for Azure Blob Storage.

 

 

SFTP support for Azure Blob Storage is not currently available with GA support in West Europe. This will be resolved in the coming weeks.
Quelle: Azure

Visualize and monitor Azure & hybrid networks with Azure Network Watcher

There is a critical need for increased visibility and control over the operational state of complex networks running sophisticated workloads. Multi-cloud and hybrid network environments power new demands of remote work, 5G/Edge connectivity, microservices based workloads, and increased cloud adoption. The advent of the cloud has added agility, cost benefits, and brought along the need for management of the infrastructure. Management and monitoring of the network underlying these complex applications plays a key role in ensuring end-user satisfaction.

Azure Network Watcher provides an entire suite of tools to visualize, monitor, diagnose, and troubleshoot network issues across Azure and Hybrid cloud environments. Network Watcher enables customers to detect anomalies across Azure and hybrid networks with comprehensive wide coverage, through a guided and intuitive drilled-down experience. Network Watcher helps customers monitor, manage, and understand their own networks for performance, connectivity, security, and compliance issues and furthermore, empowers customers to troubleshoot efficiently with actionable insights and proactive alerting, thus effectively reducing the mean time to resolve network issues.

The following new feature enhancements across Network Watcher suite aim to provide timely and complete visibility and actionable insights to customers of their hybrid networks in a manner that is easily accessible, readily usable, and reliable.

Visualize resource and network health with Topology

Topology enables users to quickly acquire system context, comprehend state, and troubleshoot issues efficiently by visualizing the resources in a network. It offers a visually connected experience for monitoring and managing inventory.

This new topology experience in Azure, which replaces the Network Watcher topology, will enable customers to create a consistent and dynamic topology across multiple subscriptions, regions, and resource groups (RGs)—comprising of numerous resources.

Allowing deep dives into the customer’s environment, Topology lets users drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure.

Stitching the end-to-end monitoring and diagnostics story for all Network Monitoring needs, topology offers the capability to run Next Hop directly from a VM selected in the topology.

Significant features available with this preview: 

Multi-region and multi-subscription–dynamic drill-down visualization.
Health status of resources using resource health (RHC) status.
Diagnostics tool Next Hop integration.
Resource view diagram for all supported resources.

Monitor connectivity using Azure Monitor Agent with Connection Monitor

 

Integration of Azure Monitor Agent’s support consolidates multi-monitoring agents into a single connectivity monitoring agent in Azure Network Watcher’s Connection Monitor.

Connection Monitor, a multi-agent solution, monitors connectivity at regular intervals across Azure and Hybrid endpoints and provides aggregated data for packet loss, latency, and status codes over TCP, ICMP, and HTTP(s) pings.

Connection Monitor helps you troubleshoot network issues with faster alerts for lack of connectivity or reachability to the endpoints. The unified topology rendered provides a complete end-to-end visualization of the network path from source to destination, with actionable insights.

This agent integration enhancement addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC-enabled on-premises machines, thus eliminating the overhead of management and enablement of multiple monitoring agents. Additionally, Azure Monitor Agent provides enhanced security and performance capabilities, effective cost savings, and ease of troubleshooting with simpler management of data collection. With this support, dependency on the soon-to-be-retired Log Analytics agent is eliminated, while increasing the coverage for on-premises machines with support for ARC-enabled endpoints.

Significant features available with preview:

Connectivity monitoring support for ARC-enabled on-premises endpoints.
Simpler management of monitoring extension.
One agent for monitoring Azure and non-Azure endpoints.
Enhanced security through Managed Identity and Azure Active Directory (Azure AD) tokens.             

Learn More

Please navigate to the Network Insights portal to try out Azure Topology.
Refer here to learn more about Network Insights.
Please navigate to the Connection Monitor portal to try out Connection Monitor with Azure Monitor Agent. 
Refer here to learn more about Connection Monitor.

Quelle: Azure

Enterprise-grade DDoS protection for SMBs now available in preview

This blog has been co-authored by Anupam Vij, Principal PDM Manager.

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. While cyber-attacks are on the rise, they typically make the news only when a large organization has fallen victim to an attack. However, contrary to what many may think, small and medium businesses (SMBs) are just as enticing to cybercriminals.1 While large organizations have the resources needed to protect themselves, small businesses often lack the budget and qualified staff to defend against DDoS attacks.

At Microsoft, we continuously enhance our product offerings to meet the needs of all organizations, including helping SMBs on their digital transformation journey by ensuring that they are protected against the latest DDoS attack vectors. As we shared at Microsoft Ignite, Azure DDoS IP Protection SKU, a new SKU of Azure DDoS Protection built for SMBs, is now available in preview.

Cost-effective, enterprise-grade DDoS protection for small businesses

DDoS IP Protection is designed to meet the needs of SMBs, providing enterprise-grade DDoS protection at an affordable price point. It offers the same essential capabilities as Azure DDoS Network Protection (previously known as Azure DDoS Protection Standard) to protect your resources and applications against evolving DDoS attacks, including L3/L4 automatic attack detection and mitigation, metrics and alerts, mitigation flow logs, mitigation policies tuned to customer applications, and tight integration with Azure Firewall Manager, Microsoft Sentinel, and Microsoft Defender for Cloud.

With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses. SMB customers who have a few public IP addresses to protect will benefit from this cost-effective DDoS protection option.

Key features of Azure DDoS IP Protection

Massive mitigation capacity and scale: Defend your workloads against the largest and most sophisticated attacks with cloud-scale DDoS protection backed by Azure’s global network.
Adaptive tuning: Protect your apps and resources while minimizing false negatives with adaptive tuning tuned to the scale and actual traffic patterns of your application.
Attack analytics, metrics, and logging: Monitor DDoS attacks near real-time and respond quickly to attacks with visibility into the attack lifecycle, vectors, and mitigation.
Integration with Azure Firewall Manager: Centrally manage your DDoS protection across your environment alongside other network security services.
Integration with Microsoft Sentinel and Microsoft Defender for Cloud: Strengthen your security posture with rich attack analytics and telemetry integrated with Microsoft Sentinel and security alerts and recommendations provided by Microsoft Defender for Cloud.

Choosing the right DDoS protection SKU for your needs

Azure DDoS protection now offers two SKUs:

DDoS IP Protection is recommended for SMB customers with a few public IP resources who need a comprehensive DDoS protection solution that is fully managed, and easy to deploy and monitor.
DDoS Network Protection (previously known as Azure DDoS Protection Standard) is recommended for larger enterprises and organizations looking to protect their entire deployment that spans multiple virtual networks and includes many public IP addresses. It also offers value-added features like cost protection, DDoS Rapid Response, and discounts on Azure Web Application Firewall.

Let’s see a detailed comparison of these two SKUs:

Azure DDoS IP Protection pricing

With DDoS IP Protection SKU, you only pay for the public IP resources protected. The monthly cost is fixed for each public IP resource protected with no additional variable costs. Prices may vary by region. Billing for IP Protection will be effective starting on February 1, 2023. For more details on pricing, visit the Azure DDoS Protection pricing page.

Get Started

DDoS IP Protection is currently available in preview in select regions and can only be enabled on Public IP Standard SKU. DDoS IP Protection is currently only available in the Azure Preview Portal and will be made available on the Azure Portal soon.

For more information on DDoS IP Protection, see the following:

Azure DDoS IP Protection documentation.
DDoS Protection pricing page.

1Diving back into SMB breaches, Data Breach Investigation Report, 2021, Verizon.com.
Quelle: Azure

Announcing Azure DNS Private Resolver general availability

A successful hybrid networking strategy demands DNS services that work seamlessly across on-premises and cloud networks. Azure DNS Private Resolver now provides a fully managed recursive resolution and conditional forwarding service for Azure virtual networks. Using this service, you will be able to resolve DNS names hosted in Azure DNS private zones from on-premises networks as well as DNS queries originating from Azure virtual networks that can be forwarded to a specified destination server to resolve them.

This service will provide a highly available and resilient DNS infrastructure on Azure for a fraction of the price of running traditional IaaS VMs running DNS servers in virtual networks. You will be able to seamlessly integrate with Private DNS Zones and unlock key scenarios with minimal operational overhead.

We are excited to share that Azure DNS Private Resolver is now in general availability.

A quick overview of Azure DNS

We offer two types of Azure DNS Zones—private and public—for hosting your private DNS and public DNS records. In the preceding illustration, multi-region workloads running on Azure with Azure DNS Private Resolver are provisioned in two regional, centralized virtual networks with one or more spokes peered to each centralized virtual network. These virtual networks have inbound and outbound endpoints provisioned. From on-premises, there are two distinct locations (East and West) and each location connects via Express Route to the centralized virtual network where Private Resolver is provisioned. These on-premises locations have one or more local DNS servers configured to do conditional forwarding to the inbound endpoint of Private Resolver. The local DNS servers in East have the IP address of the East inbound endpoint as the primary DNS target, and the West inbound endpoint as secondary. Alternatively, the local DNS servers in West have the IP address of the West inbound endpoint as the primary DNS target, and the East inbound endpoint as secondary. There is a single private DNS zone linked to both regions and both on-premises locations can resolve names from this zone even in the event of a regional failure.

Azure Private DNS: Azure Private DNS provides a reliable and secure DNS service for your virtual network. Azure Private DNS manages and resolves domain names in the virtual network without the need to configure a custom DNS solution. By using private DNS zones, you can use your own custom domain name instead of the Azure-provided names during deployment.
Azure Public DNS: DNS domains in Azure DNS are hosted on Azure's global network of DNS name servers. Azure DNS uses anycast networking. Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for your domain.

What is being announced today?

Azure DNS Private Resolver enables you to query Azure DNS private zones from an on-premises environment and vice versa without deploying virtual machine-based DNS servers.

Azure DNS Private Resolver general availability is being announced to all customers and will have regional availability in the following regions:

East US
East US 2
Central US
South Central US
North Central US
West Central US
West US 3
Canada Central
Brazil South

West Europe
North Europe
UK South
France Central
Sweden Central
Switzerland North

East Asia
Southeast Asia
Japan East
Korea Central
South Africa North
Australia East

 

What will customers be able to do with Azure Private Resolver?

Apart from the features which were announced earlier in preview, customers will now be able to leverage the following additional functionality and content:

Additional architectural guidance for higher resiliency and enabling disaster recovery scenarios.
In-depth information on how to configure conditional forwarding rules.
Configuring hybrid name resolution from on-premises.

In the following diagram, an on-premises network connects to Azure via ExpressRoute and has on-premises DNS servers configured to conditionally forward queries to the private IP address of the inbound endpoint. The inbound endpoint then resolves names available on Azure Private DNS zones which are linked to the virtual network where private resolver is provisioned. If there is no matching private DNS zone in the virtual network, it will use the outbound endpoint and resolve using the ruleset rules via longest suffix match. If no match in the ruleset is found it will recurse to the internet for public name resolution.

Features and benefits

Cross-subscription support to link virtual networks from different subscriptions to rulesets.
Resource Health Check Integration to provide visibility of endpoint health to our customers.

Visibility of query metrics per endpoint to plan for future capacity:

PrivateLink enabled services integration in conditional forwarding to exclude Azure infra zones from being resolved on-premises.

Private Resolver general availability is also available to use via PowerShell, CLI, .NET, Java, Python, REST, Typescript, Go, ARM, and Terraform.

Key use cases for this service

Conditionally forward from on-premises with Azure ExpressRoute/VPN and resolve names hosted on Azure Private DNS Zones via private IP address.
Seamlessly resolve Private Endpoints which are registered in Azure Private DNS Zones.
Configure default DNS servers and forward all DNS queries to either a Protective DNS service or other target DNS servers with a wildcard rule.
Conditionally forward to any reachable target DNS server using a simple rule.
Access resources on-premises with Azure Bastion using names hosted on DNS servers on-premises or Azure Private DNS zones.

Fully managed

Built-in high availability, zone redundancy, and low latency name resolution.

Reduces cost

Reduce operating costs and run at a fraction of the price of traditional IaaS solutions.

Private access to your Private DNS Zones

Conditionally forward from your Virtual Networks to any reachable DNS server and from on-premises to Azure Private DNS Zones.

Scalability

High performance per endpoint.

Highly available

Availability Zone aware and resilient to failures within a region. Service-legal agreement (SLA) of 99.99 percent during general availability.

DevOps-friendly

Build your pipelines with Terraform, ARM, or Bicep.

Get started and share your feedback

You can try Azure DNS Private Resolver today. For more information about the capabilities available, please visit the Azure DNS Private Resolver technical documentation webpage. Post your ideas and suggestions on the networking community page.
Quelle: Azure

Delivering consistency and transparency for cloud hardware security

This post was co-authored by Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure.

When it comes to building the Microsoft Cloud, our work to standardize designs for systems, boards, racks, and other parts of our datacenter infrastructure is paramount to facilitating forward progress and innovation across the computing industry. Microsoft has made a number of contributions to and collaborated with various members of the Open Compute Project (OCP) community, the leading industry group dedicated to open source hardware innovation. This year, we are excited to showcase some of our newest projects at the OCP Global Summit and share our learnings on the path of building a more reliable, trusted, and sustainable cloud. One of the key areas where we’ve seen continued focus and opportunity is driving industrywide standards around platform security. To dive deeper into our contributions in this area, I’ve invited Mark Russinovich, CTO and Technical Fellow, Azure, and Bryan Kelly, Partner Architect, Azure Hardware Systems and Infrastructure, to share more about Microsoft’s newest security contributions to OCP that standardize the foundations of trust, integrity, and reliability in computing.

Securing customer workloads from the cloud to the edge

Microsoft Azure is a leader in cloud security and privacy offering a broad range of confidential computing services to help organizations run workloads that keep business and customer data private with advanced levels of security. As the demand for confidential computing grows from cloud to edge, so do the requirements for consistency and transparency of the security mechanisms that protect workloads. With the rise of edge computing, the resultant growth in the exposed attack surface also presents a need for stronger physical security solutions. In this context, there is an increased need for greater transparency in the infrastructure that underpins these technologies and upholds hardware security promises.

Caliptra: Integrating trust into every chip

At the Open Compute Project (OCP) Summit, we are jointly announcing Caliptra, an open source root of trust (RoT) that produces cryptographic proofs about the hardware protections in place for confidential workloads. Designed with security experts and industry leaders in confidential computing across AMD, Google, Microsoft, and NVIDIA, Caliptra is a forward-looking approach casting transparency into hardware security. As a reusable open source, silicon-level block for integration into systems on a chip (SoCs)—such as CPUs, GPUs, and accelerators—Caliptra provides trustworthy and easily verifiable attestation.

At its core, Caliptra provides foundational security properties that underpin the integrity of higher-level security protection for confidential workloads. The Caliptra RoT has the following essential security properties:

Identity: A unique device manufacturer’s cryptographic identity for attestation endorsement. The identity is consistent with TCG DICE and includes intrinsic attestation of the Caliptra firmware.

Compartmentalization: Hardware protection barriers that isolate Caliptra’s security assets.

Measurement: Cryptographic digests that represent the SoC security configuration in a concise, cryptographically verifiable manner.

Renewable security: The security state of the hardware can be brought forward to a secure state and the life cycle management extends through manufacturing, field operations, circular economy, and eventually end of life.

Ownership: Provides verification of both authenticity and integrity of all mutable firmware loaded into an SoC. This property uses hardware-enforced digital signatures to ensure integrity policies are upheld.

Attestation: The endorsement of measurement claims with Caliptra’s cryptographic identity. These measurements provide precise information about the security state of the trusted computing base.

The initial Caliptra 0.5 contribution release to OCP contains a series of specifications describing architecture, integration, and implementation. An open sourced register-transfer level (RTL) code implementation of Caliptra that can be synthesized into current SoC designs will be made available, along with the cloud-designed firmware written entirely in Rust. With this trusted foundation designed for confidential cloud devices, Caliptra supports the consistent scaling of confidential workloads across distributed systems.

With deep ecosystem collaboration at the heart of Microsoft’s open source philosophy, we look forward to continuing working closely with our partners and engaging the industry to advance Caliptra. Caliptra RTL and firmware project collaboration will be done under the auspices of the CHIPS Alliance.

Hydra: A new secure Baseboard Management Controller (BMC)

We are also introducing Hydra, a new secure BMC in partnership with Nuvoton. A BMC is typically designed into every server system and expansion chassis—for example, JBOD or GPU. As a diagnostic and recovery controller, the BMC has special privileged hardware interfaces for acquiring debug data and telemetry from CPUs. These interfaces present security concerns, as they are targets for attacks that bypass conventional security defenses.

Azure uses Cerberus, a contribution we made to OCP in 2017 for hardware security, to improve BMC security by enforcing firmware integrity and preventing the persistence of malware in the BMC. However, as threat models evolve to restrict admins with physical access to hardware, the BMC needs security properties to establish secure links to an external RoT.

Microsoft collaborated with Nuvoton to design a new security-focused BMC, with enhanced hardware security throughout the BMC SoC. The silicon-integrated root of trust supports TCG DICE identity flows with hardware engines for fast cryptographic operations and hardware-managed keys. The RoT has a one-way bridge for activity monitoring and controlling the BMC security configuration, including which internal security peripherals the BMC can assess. This unique feature allows fine-grained BMC interface authorization, enabling scenarios whereby temporary access to a debug interface can be granted to the BMC only after it attests its trustworthiness.

Kirkland: A secure Trusted Platform Module (TPM)

While Microsoft provides multilayered security across our datacenters, infrastructure, and operations, we believe in defense-in-depth and that all interconnects should be cryptographically secured from interposer-based attack vectors. In partnership with Google, Infineon, and Intel, we are announcing Project Kirkland at OCP. Project Kirkland demonstrates how, using firmware-only updates to the TPM stack and CPU RoT, the interconnect between the TPM and CPU can be secured in a way that prevents substitution attacks, interposing, and eavesdropping. We are open sourcing this methodology and plan to work with the Trusted Computing Group on standardizing this approach while working with other TPM manufacturers to adopt the same methodology, so these techniques become available to all.

A discrete TPM is a chip typically used to protect secrets for the software running on the CPU and conditionally released based on the CPU's boot measurements. Historically, the bus between the CPU and the TPM is susceptible to attack from physical adversaries wishing to falsify attested measurements or obtain TPM-bound secrets. The standards-based firmware techniques used in Project Kirkland defend against such attacks by using cryptography to authenticate the caller and protect the transmission of secrets over the bus.

 

Open hardware innovation at cloud scale

A community-driven approach to infrastructure innovation is vital—not just for continued advancements in trust, efficiency, and scalability, but in service of a larger vision of empowering the ecosystem towards building the for computing needs of tomorrow.

We are also contributing several new hardware designs such as a new modular chassis (Mt. Shasta), a converged architecture that brings form factor, power, and management interface into a modular design—optimized for advanced workloads like high-performance computing, artificial intelligence, and video codecs. In partnership with Quanta and Molex, Mt. Shasta is designed to be fully compatible with Open Rack V3, with flexibility in changing module-module connectivity. Earlier this year, we also collaborated with Intel and contributed the Scalable I/O Virtualization (SIOV) specification to OCP. SIOV enables device and platform manufacturers to an industry standard for hyperscale virtualization of PCI Express and Compute Express Link devices in cloud servers, enabling more scalable, efficient, and cost-effective hardware designs for datacenters.

As the demand for cloud-scale computing and digital services continues to grow, Microsoft is committing to deep ecosystem collaboration with OCP and industry partners to deliver the systems and infrastructure that maximize performance, trust, and resiliency for cloud customers.

Connect with Microsoft at the OCP Global Summit 2022 and beyond

Visit Microsoft at OCP Global Summit: Booth A1
Check out sessions delivered by Microsoft & partners at OCP Global Summit.
Take a virtual tour of Microsoft datacenters.
Learn more about Microsoft’s global infrastructure.
Learn more about cloud hardware innovation at Microsoft

Quelle: Azure

Drive efficiency through automation and AI with the Microsoft Cloud

This year at Microsoft Ignite we explore how organizations can activate AI and automation directly in their business workflows and empower developers to use those same intelligent building blocks to deliver their own differentiated experiences.

The global pandemic has created unprecedented levels of uncertainty, as well as the need to sense and reshape our physical and digital environments, sometimes in completely new ways. Leaders across industries recognize innovation as the only path forward. Critically, we’ve seen a shift from “innovation for innovation’s sake” toward a desire to lower operating costs, anticipate trends, reduce carbon footprints, and improve customer and employee experiences. We’re calling this commitment to innovation “digital perseverance.”

Do more with less with the Microsoft Cloud

Automation and AI are key ingredients for digital perseverance and helping organizations drive efficiency. Komatsu Australia, for example, a leading industrial equipment manufacturer, used Power Automate and AI Builder to automate over 1,000 invoices annually and realize an efficiency gain of 300 hours per year—and that was just for one supplier. These capabilities also improve employee engagement. Of those surveyed in a recent Microsoft study, the use of no-code or low-code platforms or apps is shown to have led to an 83 percent positive impact on work satisfaction. When people are freed from tedious, low-value tasks and feel empowered to contribute their best work, everyone wins.

Organizations are also using AI and automation to reinvent their businesses to stand out from competitors and drive growth. In a recent survey, of respondents investing in AI, 47 percent indicated the main driver was to create new products or services, while only 43 percent indicated the main driver was to improve existing products and services.1 With the Microsoft Cloud, technical and non-technical roles can access leading AI and automation capabilities directly in their flow of work to be more productive. For example, Fashable, a technology startup in Portugal, is using Azure Machine Learning to reduce “fast fashion” waste by forecasting customer interest in computer-generated fashion designs before ever touching a sewing machine. Another great example is Investec, a global financial services company, which uses conversation intelligence in Microsoft Dynamics 365 Sales to help their sellers be more productive on sales calls, follow up quickly, and preserve valuable customer information, which raises the bar in the sales journey and drives growth.

Automation and AI everywhere and for everyone

We believe everyone should have access to these transformative technologies, so we’re infusing AI and automation throughout the Microsoft Cloud, from Viva Sales to Power Platform and Azure AI. This means customers can leverage the skills and resources they already have and confidently combine platforms as needed, all while building on a secure, flexible, and integrated foundation within the Microsoft Cloud.

Drive seller productivity and deeper customer engagement with Dynamics 365 and Viva Sales

We are infusing automation and AI into Dynamics 365 to help professionals focus on what matters most—creating great customer experiences. Microsoft Viva Sales, a seller experience application now generally available, captures customer and deal insights from Microsoft 365 and Teams and populates it within any customer relationship management (CRM) system, eliminating manual data entry and freeing time to focus on selling. Today, we are announcing that conversation intelligence capabilities will be available to all Dynamics 365 Sales and Viva Sales customers at no additional cost. With conversation intelligence, AI guides sales conversations in real time by recommending talking points and sales literature to share with the customer. In addition, sellers receive insights on customer emails within Outlook, which can be updated directly in their CRM.

Read our Dynamics 365 blog and watch the breakout session for more announcements and information.

Empower people and automate processes with Microsoft Syntex

Content is everywhere, in the form of videos, audio files, documents, and more. Microsoft research estimates organizations spend nearly $46 billion a year storing and managing content while netting countless hours of manual processing. Content AI transforms how this content is created, processed, and discovered to turn content from a cost into an advantage.

We’re excited to introduce Microsoft Syntex: Content AI integrated in the flow of work. It integrates innovations across the Microsoft Cloud, from Microsoft 365 to Azure, to Power Platform and Microsoft Purview. Syntex automatically reads, tags, and indexes high volumes of content and connects it where it’s needed in context—in search, in applications, and as reusable knowledge. It puts people at the center, with content integrated into collaboration and workflows like eSignature. Customers like TaylorMade Golf Company, a global golf equipment provider, are using Syntex to empower their people and automate workflows at scale.

Read our Microsoft 365 blog and watch the breakout session for more information.

Improve operational efficiency by automating repetitive processes with Power Platform

Low-code enables people and organizations to punch above their weight in IT resources, doing more and at a lower cost, and when it comes to revolutionizing day-to-day processes, there’s nothing quite like Power Platform. Power Platform makes it easy for anyone to build apps and webpages, automate workflows, create virtual agents, and analyze data. At Microsoft Ignite, we’re excited to share new innovations that make AI and low-code more intuitive for users of all skill levels.

Building on the success of GitHub Copilot, we’re bringing natural language capabilities to Power Automate with description to cloud flows. Now, a maker only needs to describe in natural language the flow they want to build and a suggestion of relevant flows is generated—the maker then adds connections to finalize their flow. It’s that easy. In AI Builder, feedback loop gives you the ability to flag and retrain documents for higher accuracy, and there is now additional support for unstructured data and text recognition to identify 164 languages.

Read our Power Platform blog and watch the breakout session for more announcement and information.

Quickly and easily embed AI into business apps with Azure Applied AI and Cognitive Services

Azure Applied AI Services and Azure Cognitive Services provide developers with pre-built and customizable models to quickly deploy intelligent applications. While AI adoption increased overall during the pandemic, it particularly accelerated use cases like document processing for H&R Block, knowledge mining for Beiersdorf, and natural language understanding in sales and service scenarios for Progressive Insurance. These companies are using Azure AI services to remove friction in business-critical processes to help end-users and employees focus their time and energy on valuable work.

Now customers can use a new pre-built model for contracts in the Azure Form Recognizer Studio to extract entities such as parties and payment terms for downstream processing. Azure OpenAI Service, available in preview, now offers access to DALL·E 2 by invitation. Azure Cognitive Service for Language now offers expanded summarization, contact center capabilities, language support, and Language Studio enhancements.

For more information, please visit the Microsoft AI blog and TechCommunity blog.

Build and deploy responsible machine learning models faster to enhance productivity at any scale with Azure Machine Learning

For organizations building custom predictive models, Azure Machine Learning provides a powerful, unified machine learning platform to help teams get models into production more quickly. To enhance collaboration, we’re excited to announce Azure Machine Learning registries, enabling teams to share registries at the tenant and organization level for greater repeatability and scale. To help customers do more with less, we’ve also consolidated open source tools within the Responsible AI Dashboard, now generally available, for easier debugging directly within a data scientist’s workflow. Finally, we’re helping organizations build with the frameworks they already know and love. Our latest release for Azure Container for PyTorch enables teams to optimize training for PyTorch models directly within the Azure Machine Learning Studio or SDK.

Visit the TechCommunity blog and watch the breakout session for more information and announcements.

Drive the next level of insights, efficiency, and sustainability with the industrial metaverse

When you think about how data, automation, and AI can combine to make a real impact, one of the most compelling scenarios is in the industrial metaverse. One example is how Bosch built their industrial metaverse with different users’ needs in mind.

Bosch is reducing complexity on their factory floors by using the Internet of Things (IoT) and Azure Digital Twins to optimize predictive maintenance. Their machines trigger an alert when there’s an issue and before something breaks down. The alerts are automatically routed through Microsoft Teams—for simple issues—or Microsoft Dynamics 365 Field Service, when a service ticket is needed. And all the data from this system feeds back into itself, continuously improving Bosch’s predictive maintenance models over time. By combining platforms, Bosch empowers everyone from their frontline workers, to operations managers, and data scientists to contribute their expertise and deliver greater efficiency. That’s the kind of disruption that makes Bosch a leader in the manufacturing industry.

To learn more about how Microsoft is helping customers build their industrial metaverse, watch the keynote by Judson Althoff and the breakout session with CBRE.

Digital perseverance is inclusive and responsible

Digital perseverance allows organizations to thrive despite uncertainty by harnessing digital technology to achieve their business goals and do more with less. Microsoft provides an unmatched foundation for this, combining leading platforms for CRM, Robotic Process Automation, and Cloud AI Developer Services, among others. We’re also committed to the advancement of AI that’s driven by principles that put people first, enabling our customers and partners to innovate responsibly for the future of work. By democratizing leading and responsible innovation across the Microsoft Cloud, we’re helping customers get the most out of their technology stack and ensuring everyone from the frontline to the back office can contribute their best work.

Learn more about Azure and AI at Microsoft Ignite

Watch Microsoft Ignite on-demand sessions to learn how to do more with less using the Microsoft Cloud.
Explore all Microsoft Ignite announcements on the Azure Blog.
Sign up to receive the latest updates on how DALL·E is being used in Azure OpenAI Service and across Microsoft.
Get started with Microsoft Learn to build automation and AI skills.
Learn more about how AI is built into Microsoft apps and features that you use every day.

1Gartner: Forecast Analysis: Artificial Intelligence Software, Worldwide, By Analyst(s): Alys Woodward, Anna Griffen, Alan Priestley, Jim Hare, Eric Hunter, Kevin Quinn, October 20, 2021

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Quelle: Azure

How Microsoft Azure helps drive agility and optimization for your business

Welcome to Microsoft Ignite! I’m incredibly inspired by this global community and how you’ve navigated your organizations through significant changes over the past few years.

In a world where business leaders are feeling the pressure to do more with less, organizations of all sizes and industries are increasingly embracing cloud technologies as the path toward digital and business resilience.

I've had the opportunity to speak with our customers about their business needs and the challenges they’re facing. Customers, we hear you, and that's what this year's Microsoft Ignite is all about—empowering you through cloud technology so you can focus on what your organization does best—create, innovate, and differentiate.

We aim to be the world’s computer and most trusted cloud partner for all workloads. No matter where you are on your cloud journey, we have the expertise, capabilities, and platform to help increase agility, optimize technology investments, and create data-driven experiences. To that end, we’re announcing several new developments to help our customers optimize their resources and get the most out of their existing investments.

Performance, scale, mission-critical capabilities: Azure delivers to keep your business efficient and resilient

As our customers continue to embrace digital capabilities with strong cloud fundamentals, the “how” of cloud migration is top of mind, especially for mission-critical workloads.

We work closely with the technology vendors you have traditionally relied upon to run all your workloads and ensure Azure is ready for you to modernize your on-premises applications. We’re announcing several new capabilities to support this:

Nutanix Cloud Clusters on Microsoft Azure is now available for easy extension or migration of your existing on-premises Nutanix workloads and a consistent environment with no need to modify or retool.
Updates to Azure VMware Solution (AVS): Beginning today, this native VMware environment previews stretched clusters, providing 99.99 percent uptime for mission-critical applications requiring the highest availability, and Customer Managed Keys for maximum control over access to encrypted data.
The collaborative SAP ERP is now in preview and increases user productivity and focus by integrating workflows across SAP S/4HANA Cloud, Microsoft Teams, and Microsoft Office for close collaboration without application or context switching.
Updates to Azure Center for SAP solutions, an end-to-end deployment and management experience running SAP on Azure, now previews support for registering Windows-based systems and installing SAP S/4HANA 2020/2021, while providing cost transparency through integration with the cost analysis feature and even more quality checks.

The National Basketball Association (NBA) is a great example of an organization that chose to migrate its SAP solutions and other resources to Microsoft Azure to improve operations and boost fan engagement. Azure enabled them to spend less time managing technology and focus more on generating fan-centric experiences that bring together business, game, and fan data to enhance the way people can enjoy interacting with the NBA.

We know that optimizing investments frees up the resources you need to build the experiences that are most meaningful for your customers.

We’re pleased to announce several advancements to deliver new levels of price performance, mission-critical capabilities, and security—while increasing efficiency and ensuring your business stays resilient, including:

The expansion of the Azure Disk Storage portfolio with the general availability of Premium SSD v2 for greater flexibility when managing performance and costs.
We are investing to help you modernize your infrastructure, from the ground up by taking a system-level approach. We recently introduced new Azure Virtual Machines and Azure Kubernetes Service that feature Ampere Altra Arm–based processors and deliver excellent price performance when running scale-out Linux workloads.
Azure Elastic SAN, a new cloud-native, fully managed, and massively scalable storage area network service—only available through Azure.
New foundational Azure confidential computing service to help protect data in use, and the addition of confidential computing capabilities to services like Azure Virtual Desktop and SQL Server on Azure Virtual Machines.

Delivering data-driven experiences that give you more time and value

We continue to enhance the way Microsoft Azure integrates across infrastructure and data services so you can keep your business efficient and resilient.

In May, we launched the Microsoft Intelligent Data platform, integrating our best-in-class database, analytics, and data governance products for a seamless experience.

Today’s announcements empower our customers to do more with less, add layers of intelligence to applications, unlock predictive insights, and govern data anywhere.

Developers can build on their terms with the new innovation in cloud-native distributed data and open-source. Azure Cosmos DB is expanding beyond NoSQL to support distributed PostgreSQL, bringing everything developers love about PostgreSQL to Azure Cosmos DB.
General availability of the SAP Change Capture Data Connector in Azure Data Factory enables customers to bring in SAP data for advanced analytics. Azure Data Factory’s new Microsoft Graph Data Connector for Microsoft 365 datasets transports your office data into Azure, so you can unlock collaboration and productivity insights. We’re also continuing to remove friction from end-user experiences, allowing you to share your Power BI datasets across tenants through Power BI B2B data sharing.
Microsoft Purview combines unified data governance with risk and compliance solutions. Business Workflows, now generally available, and Business Metamodel, now in preview, make it easier to maximize the business value of your data and drive cross-functional data governance.

And, our new Partner Ecosystem, enables ISVs to build on top of the open and governed Microsoft Intelligent Data platform, delivering an enriched, cost-optimized experiences for customers across all industries.

Transform your business with Azure, anywhere

We want you to be able to stay agile and flexible when extending Azure to your on-premises, multicloud, and edge environments. We meet you where you are, so you can blend your own enterprise and operational edge investments with Azure’s global infrastructure to leverage the best Azure has to offer—on your own terms.

With Azure Arc, we built a bridge that extends the Azure platform so our customers can build cloud-native applications and services with the flexibility to run them across their existing datacenters, edge, and multicloud environments.

For example, Wells Fargo turned to Azure Arc to streamline a scalable compute platform across on-premises and cloud environments. And to get that same fully managed, cloud-native experience, they are extending Azure Kubernetes Service (AKS) to their own datacenters. This offers the flexibility to adapt to ever-changing regulations and compliance requirements by running AKS wherever it’s needed. In turn, they’re able to bring new products and services to market faster and delight their customers.

I’m pleased to announce new Azure Arc capabilities to save you money and enable further innovation.

Expansion of the Azure Hybrid Benefit to include AKS so you can deploy the Azure Kubernetes Service on Azure Stack HCI or Windows Server in your own datacenters or edge environments at no additional cost. This ensures a consistent, managed Kubernetes experience from cloud to edge for both Windows and Linux containers.
Azure Automanage is now generally available for Azure Virtual Machines and Arc-enabled servers. Within minutes, you can automatically configure servers to best-practice Azure services with a simple "point, click, set, forget" experience—whether they run Windows, Linux, or are already located in Azure, on-premises, or even in other clouds.

Do more with less: migrate, optimize, reinvest

We’re focused on finding ways to help you save and get maximum value out of your cloud investments, wherever your business might be in its journey.

We already have pricing benefits and offers, like Azure Hybrid Benefit, to help you achieve savings while adopting and operating in Azure. We also understand you may need additional help to ensure workloads remain secure and protected with hybrid flexibility as you move.

At Microsoft Ignite we’re announcing enhancements and benefits to make this even easier.

Our flagship Azure Migration and Modernization program (AMMP) now helps you plan and deploy cloud security services as you migrate, including support for Microsoft Defender for Cloud and Microsoft Sentinel. You can also take advantage of Azure innovation across hybrid environments with Azure Arc deployment support for workloads that need to remain on-premises.
A new Azure savings plan for compute allows you to save up to 65 percent on select compute services compared to pay-as-you-go prices.1

If you’re further along in the journey to cloud, you need to optimize what you’ve already invested. Tools like Microsoft Cost Management and Azure Advisor help you better manage and understand your cloud spend with best practice guidance and personalized insights.

We want you to be able to take these cloud savings and reinvest them into critical areas like crisis management, security, and intelligent cloud-native solutions that help your business stay resilient, grow, and create new value.

You can read more about how we’re investing in Azure to help you do more with less and there’s a great breakout session this week that will help you bring it all together for your business.

Our commitment to you

Whether you’re getting started with migration, ready to optimize existing investments, or looking to reinvest your savings and keep innovation with cloud-native technologies, we’re here to help you make it happen.

Our commitment is to be the cloud partner you can trust along your entire cloud journey, helping you build agility, optimize your business, and create data-driven experiences.

On behalf of the entire Azure team here at Microsoft, thanks for letting us be that partner for you. However you’re experiencing the Microsoft Ignite sessions this week—from the home office, gathered in Seattle, or around the world—we hope you enjoy the event!

Learn more about Azure at Microsoft Ignite this year

Watch Microsoft Ignite session topics featured in this blog.
View the Microsoft Ignite session on how to do more with less.
Start building skills with Microsoft Learn collections.
Explore all Microsoft Ignite announcements on the Azure blog.
View Microsoft Ignite sessions on how to Deliver efficiency with automation + AI.
View Microsoft Ignite sessions on how to Innovate with a cloud developer platform.
Discover how we’re building for the future with Microsoft Industry Cloud news and updates.

 

 

1Customers may see savings estimated to be between 11 percent and 65 percent. The 65 percent savings is based on one M64dsv2 Azure Virtual Machines for CentOS or Ubuntu Linux in the East US region running for 36 months at a pay-as-you-go rate vs. a reduced rate for a 3-year savings plan. Based on Azure pricing as of October 2022. Prices subject to change. Actual savings may vary based on location, instance type, or usage.
Quelle: Azure

Modernize with Microsoft Cloud, the most complete developer platform

Developers are essential to the world we live in, and the work you do is critical to the success of organizations in every industry. Microsoft empowers innovators like you on your unique journey. With an end-to-end cloud platform, Microsoft Cloud lets you quickly and easily innovate and create a secure foundation for all your applications.

At Microsoft Ignite, we explore how to increase productivity and flexibility with Azure’s cloud-native solutions and low-code app development enables you to iterate quickly and go to market faster—and how to access the most comprehensive set of tools for development at Microsoft. There’s so much we can learn from each other on this journey, let’s dive into the key topics, announcements, and trends you’ll leave with after Microsoft Ignite.

Accelerate innovation with the most complete cloud developer platform

The Microsoft Cloud is a comprehensive platform that enables developers to build incredible solutions. At the core of the Microsoft Cloud is Azure, the underlying infrastructure that enables you to build anything you can imagine. Using Azure DevOps and Azure Kubernetes Service, Ernst and Young Global Limited (EY) has built more agile practices and shifted into a rolling product-delivery approach of software and services. They have been able to develop and deploy solutions faster and with more confidence across a wide range of environments.

We are committed to helping you do more with less. With the Microsoft Cloud toolbox filled with Visual Studio, Azure, GitHub, and Power Platform, you can build reliable, scalable, and high-performance cloud-native applications.

Surging demand for digital solutions and an increasing shortage of technical skills is forcing organizations to adapt their IT development strategies. By empowering everyone to contribute to development processes, IT can multiply technical capacity, accelerate development cost-effectively, and innovate with the business. Adopting the world’s most complete set of integrated low-code development tools means organizations can modernize operations at scale, differentiate services and experiences, and accelerate their journey to the cloud in a secure, governable, and cost-effective way.

During Microsoft Ignite, I’m excited to share some news and updates designed to address these needs and improve the overall developer and maker experience even further with our beloved tools and Microsoft Cloud platform—all designed to help you quickly code and ship from anywhere with confidence.

Increasing productivity and quality for hybrid development teams

Microsoft’s developer cloud is purpose-built to support teams through the entire software development lifecycle. Azure provides the cloud infrastructure that quickly builds a robust, resilient application that scales and is easy to maintain and operate.

I am happy to announce Azure Deployment Environments is available for preview.

Microsoft Dev Box and Azure Deployment Environments pair together to give developers a complete cloud-powered workflow for any project that can be fully managed by IT admins.
Dev Box offers developers high-performance, cloud-based workstations that help get you coding quickly.
Azure Deployment Environments enables teams to spin up the infrastructure needed to run their project in the cloud quickly and on demand.
Azure Load Testing helps teams test and meet scale and performance goals with confidence.

I am excited to announce the preview of GitHub Advanced Security for Azure DevOps.

Which brings GitHub’s industry-leading, developer-focused security tooling to Azure DevOps.
GitHub streamlines our workflows and processes through better collaboration and automation.
GitHub Advanced Security provides a native application security solution within our development workflow, enabling the management of open-source dependencies, custom code, and secrets across the software lifecycle.

Drive application innovation and modernization at scale with cloud-native architectures

Cloud-native apps can deliver new levels of scale and performance and provide even greater reliability. Using cloud-native design patterns helps achieve the agility, efficiency, and speed of innovation that organizations need to deliver value to end users. Azure Kubernetes Service enables developers to take full advantage of the Kubernetes ecosystem and scale cloud-native applications. For example, the Forza team utilized autoscaling Azure Kubernetes Service during the launch of Forza Horizon 5 to meet the challenging performance demand of 10 million concurrent players at launch—the biggest first week in Xbox Game Studios history.

The goal of using cloud-native technologies is to abstract the infrastructure from developers, freeing them to focus on building more cloud-optimized applications. Today, I’m proud to announce Azure Kubernetes Fleet Manager preview, which allows you to easily manage fleets of Kubernetes clusters, run multi-cluster workloads and services, and ensure consistent configuration, access, and governance across your Kubernetes environment.

How modernizing enterprise applications enables you to do more with less

Azure’s fully managed application platform service offerings such as Azure App Service and Azure Spring Cloud are uniquely differentiated for .NET and Java customers in that they enable customers to modernize applications with minimal code changes and increased developer velocity. With Azure application platform services, you offload the management of the underlying cloud infrastructure to Azure, which allows you and your developers to focus on app innovation rather than managing, configuring, securing, and updating the underlying infrastructure (because Azure does that for you). This helps streamline costs by modernizing your apps using readily available skills. Further, generates trust and customer loyalty thanks to industry-leading platform security from Azure, which is built right into the platform. Easily integrate your internal and external stakeholders in the modernization journey and get maximum scale without having to worry about over-provisioning or under-provisioning resources. With Azure App Service and other Azure application platform services, you can innovate more and build more value for your business.

One example of a customer taking advantage of Azure’s managed services and serverless compute options is COFCO International, China’s largest food and agricultural business corporation. COFCO International utilized Azure Logic Apps and Azure Functions to create new solutions for application integration, data aggregation and reporting, and data governance, which has enabled them to make decisions faster and provide better visibility with improved analytics capabilities.

Streamline low-code governance in your organization

With Power Platform, Microsoft provides a central low-code platform that allows makers to enjoy shared components and common building blocks, allowing organizations to bring low-code assets into a central framework and give IT the visibility to govern centrally at scale. Power Platform runs on top of Azure and benefits from the strengths of Azure’s security, advanced management capabilities, and rich set of industry-specific certifications.

Power Platform enables IT to gain visibility and control over applications at scale with Managed Environments, now generally available. Managed Environments is a brand-new capability to streamline and simplify governance at scale. It gives you more control with sharing limits, security and reliability validations, and the ability to customize the maker onboarding experience.

Power Pages: low-code web development

Power Pages is now generally available. Power Pages is an enterprise-grade connectivity platform for organizations to build and launch external self-service websites. The Power Pages platform allows them to connect with their customers, partners, and communities and share business data, collaborate, and automate business processes with them at scale and securely. Learn more about building secure business websites.

Low-code is a critical tool for skilling today’s workforce

Power Platform has empowered millions of people to do more with less and build mission-critical apps for their businesses. Now with the new Power Up program, people without development backgrounds can transform their careers through a guided training program and community. The Power Up upskilling program provides training, offers certification, and recognizes people who excel.

There are so many new and exciting capabilities to experience and dive into at Microsoft Ignite. You can learn more about these announcements and how Microsoft is committed to delivering the best development experience at the session Accelerate innovation with the world's most complete cloud developer platform. Join us throughout the entire event for breakout sessions, demos, opportunities to connect with experts, learning experiences, and much more.

Thank you, and enjoy Microsoft Ignite!

Learn more about Azure at Microsoft Ignite

Watch Microsoft Ignite session topics featured in this blog.
Start building skills with Microsoft Learn collections.
Explore Microsoft Ignite announcements on the Azure blog.
Attend an Azure Virtual Training Day to continue learning.

Quelle: Azure