Modernize with Microsoft Cloud, the most complete developer platform

Developers are essential to the world we live in, and the work you do is critical to the success of organizations in every industry. Microsoft empowers innovators like you on your unique journey. With an end-to-end cloud platform, Microsoft Cloud lets you quickly and easily innovate and create a secure foundation for all your applications.

At Microsoft Ignite, we explore how to increase productivity and flexibility with Azure’s cloud-native solutions and low-code app development enables you to iterate quickly and go to market faster—and how to access the most comprehensive set of tools for development at Microsoft. There’s so much we can learn from each other on this journey, let’s dive into the key topics, announcements, and trends you’ll leave with after Microsoft Ignite.

Accelerate innovation with the most complete cloud developer platform

The Microsoft Cloud is a comprehensive platform that enables developers to build incredible solutions. At the core of the Microsoft Cloud is Azure, the underlying infrastructure that enables you to build anything you can imagine. Using Azure DevOps and Azure Kubernetes Service, Ernst and Young Global Limited (EY) has built more agile practices and shifted into a rolling product-delivery approach of software and services. They have been able to develop and deploy solutions faster and with more confidence across a wide range of environments.

We are committed to helping you do more with less. With the Microsoft Cloud toolbox filled with Visual Studio, Azure, GitHub, and Power Platform, you can build reliable, scalable, and high-performance cloud-native applications.

Surging demand for digital solutions and an increasing shortage of technical skills is forcing organizations to adapt their IT development strategies. By empowering everyone to contribute to development processes, IT can multiply technical capacity, accelerate development cost-effectively, and innovate with the business. Adopting the world’s most complete set of integrated low-code development tools means organizations can modernize operations at scale, differentiate services and experiences, and accelerate their journey to the cloud in a secure, governable, and cost-effective way.

During Microsoft Ignite, I’m excited to share some news and updates designed to address these needs and improve the overall developer and maker experience even further with our beloved tools and Microsoft Cloud platform—all designed to help you quickly code and ship from anywhere with confidence.

Increasing productivity and quality for hybrid development teams

Microsoft’s developer cloud is purpose-built to support teams through the entire software development lifecycle. Azure provides the cloud infrastructure that quickly builds a robust, resilient application that scales and is easy to maintain and operate.

I am happy to announce Azure Deployment Environments is available for preview.

Microsoft Dev Box and Azure Deployment Environments pair together to give developers a complete cloud-powered workflow for any project that can be fully managed by IT admins.
Dev Box offers developers high-performance, cloud-based workstations that help get you coding quickly.
Azure Deployment Environments enables teams to spin up the infrastructure needed to run their project in the cloud quickly and on demand.
Azure Load Testing helps teams test and meet scale and performance goals with confidence.

I am excited to announce the preview of GitHub Advanced Security for Azure DevOps.

Which brings GitHub’s industry-leading, developer-focused security tooling to Azure DevOps.
GitHub streamlines our workflows and processes through better collaboration and automation.
GitHub Advanced Security provides a native application security solution within our development workflow, enabling the management of open-source dependencies, custom code, and secrets across the software lifecycle.

Drive application innovation and modernization at scale with cloud-native architectures

Cloud-native apps can deliver new levels of scale and performance and provide even greater reliability. Using cloud-native design patterns helps achieve the agility, efficiency, and speed of innovation that organizations need to deliver value to end users. Azure Kubernetes Service enables developers to take full advantage of the Kubernetes ecosystem and scale cloud-native applications. For example, the Forza team utilized autoscaling Azure Kubernetes Service during the launch of Forza Horizon 5 to meet the challenging performance demand of 10 million concurrent players at launch—the biggest first week in Xbox Game Studios history.

The goal of using cloud-native technologies is to abstract the infrastructure from developers, freeing them to focus on building more cloud-optimized applications. Today, I’m proud to announce Azure Kubernetes Fleet Manager preview, which allows you to easily manage fleets of Kubernetes clusters, run multi-cluster workloads and services, and ensure consistent configuration, access, and governance across your Kubernetes environment.

How modernizing enterprise applications enables you to do more with less

Azure’s fully managed application platform service offerings such as Azure App Service and Azure Spring Cloud are uniquely differentiated for .NET and Java customers in that they enable customers to modernize applications with minimal code changes and increased developer velocity. With Azure application platform services, you offload the management of the underlying cloud infrastructure to Azure, which allows you and your developers to focus on app innovation rather than managing, configuring, securing, and updating the underlying infrastructure (because Azure does that for you). This helps streamline costs by modernizing your apps using readily available skills. Further, generates trust and customer loyalty thanks to industry-leading platform security from Azure, which is built right into the platform. Easily integrate your internal and external stakeholders in the modernization journey and get maximum scale without having to worry about over-provisioning or under-provisioning resources. With Azure App Service and other Azure application platform services, you can innovate more and build more value for your business.

One example of a customer taking advantage of Azure’s managed services and serverless compute options is COFCO International, China’s largest food and agricultural business corporation. COFCO International utilized Azure Logic Apps and Azure Functions to create new solutions for application integration, data aggregation and reporting, and data governance, which has enabled them to make decisions faster and provide better visibility with improved analytics capabilities.

Streamline low-code governance in your organization

With Power Platform, Microsoft provides a central low-code platform that allows makers to enjoy shared components and common building blocks, allowing organizations to bring low-code assets into a central framework and give IT the visibility to govern centrally at scale. Power Platform runs on top of Azure and benefits from the strengths of Azure’s security, advanced management capabilities, and rich set of industry-specific certifications.

Power Platform enables IT to gain visibility and control over applications at scale with Managed Environments, now generally available. Managed Environments is a brand-new capability to streamline and simplify governance at scale. It gives you more control with sharing limits, security and reliability validations, and the ability to customize the maker onboarding experience.

Power Pages: low-code web development

Power Pages is now generally available. Power Pages is an enterprise-grade connectivity platform for organizations to build and launch external self-service websites. The Power Pages platform allows them to connect with their customers, partners, and communities and share business data, collaborate, and automate business processes with them at scale and securely. Learn more about building secure business websites.

Low-code is a critical tool for skilling today’s workforce

Power Platform has empowered millions of people to do more with less and build mission-critical apps for their businesses. Now with the new Power Up program, people without development backgrounds can transform their careers through a guided training program and community. The Power Up upskilling program provides training, offers certification, and recognizes people who excel.

There are so many new and exciting capabilities to experience and dive into at Microsoft Ignite. You can learn more about these announcements and how Microsoft is committed to delivering the best development experience at the session Accelerate innovation with the world's most complete cloud developer platform. Join us throughout the entire event for breakout sessions, demos, opportunities to connect with experts, learning experiences, and much more.

Thank you, and enjoy Microsoft Ignite!

Learn more about Azure at Microsoft Ignite

Watch Microsoft Ignite session topics featured in this blog.
Start building skills with Microsoft Learn collections.
Explore Microsoft Ignite announcements on the Azure blog.
Attend an Azure Virtual Training Day to continue learning.

Quelle: Azure

Cost optimization using Azure Migrate

The higher energy cost and the resulting increase in the cost of doing business have led to a tighter economic outlook for most businesses around the world. This, in turn, is a major contributing factor to customers becoming more cost-conscious, leading to an increased need for optimization features in products and services. Azure Migrate’s comprehensive suite includes many features to optimize cost, while catering to your performance needs to meet service level agreements (SLAs). Agentless discovery and mapping of your entire on-premises IT estate, software inventory analysis for assessment and planning, and right-sized migration using a single portal to start, run, and track your projects, are a few cost-effective features that also contribute to ease of use. Once in Azure, the path towards greater optimization and cost savings continues through modernization to platform as a service (PaaS) and software as a service (SaaS).

Customer requirements and benefits

The customer must stay competitive, both on the technical and business fronts, to ensure continued success. Technical competency requires an agile and innovative IT platform with data analytics to provide insights that can help differentiate from the competition. It would be ideal if such an innovative platform were available at a competitive cost. Incidentally, modernizing existing IT infrastructure, applications, and data-to-PaaS/SaaS models in the cloud delivers on all these requirements, leading to a higher return on investment (ROI) for the customer.

The higher efficiency and lower cost due to the adoption of modern cloud-native architectures also lead to greater levels of flexibility and reduced vendor lock-in. Thus, setting the stage for the customer to realize greater value as they progress from IaaS to PaaS and onto SaaS models. Please download our analyst report for details on options and value due to application modernization in Azure.

Microsoft’s focus on cost optimization

During Microsoft Ignite, we are highlighting our continued commitment to cost optimization through support for SQL Server assessments, prior to migration and modernization using Azure Migrate. Customers can now perform unified, at-scale, agentless discovery and assessment of SQL Servers on Microsoft Hyper-V, bare-metal servers, and infrastructure as a service (IaaS) of other public clouds, such as AWS EC2, in addition to VMware environments. The capability will allow customers to analyze existing configurations, performance, and feature compatibility to help with right-sizing and estimating cost. It will also check on readiness and blockers for migrating to Azure SQL Managed instance, SQL Server on Azure virtual machine, and Azure SQL Database. All this information can also be presented in a single coherent report for easy consumption while reducing cost for customers.

Please see our tech community blog for more details. The blog presents a step-by-step procedure to get started, followed by details on scaling and support. Post-assessment options and more details on related topics are covered as well.

Learn more

Attend this Microsoft Ignite breakout session to learn more about how you can do more with less on Azure. For more details on other migration and modernization topics, including best-practice guidance and procedures for containers, networking and storage components, third-party tool integrations and hybrid management, please refer to the relevant blog topic in our migrate and modernize section.

Check out this FastTrack link for moving to Azure efficiently and get best practice guidance from the Azure migration and modernization center. The Azure migration and modernization program (AMMP) is now one comprehensive program for all migration and modernization needs of our customers. Learn more and join AMMP today.

 

Source:

Trends in Cloud Computing: 2022 State of the Cloud Report | Flexera Blog
Quelle: Azure

Scalable management of virtualized RAN with Kubernetes

Among the many important reasons why telecommunication companies should be attracted to Microsoft Azure are our network and system management tools. Azure has invested many intellectual and engineering cycles in the development of a sophisticated, robust framework that manages millions of servers and several hundred thousand network elements distributed in over one hundred and forty countries around the world. We have built tools and expertise to maintain these systems, use AI to predict problem areas and solve them before they become issues, and provide transparency in the performance and efficiency of a very large and complicated system.

At Microsoft, we believe these tools and expertise can be repurposed to manage and optimize telecommunication infrastructure as well. This is because the evolving infrastructure for telecommunication operators includes elements of edge and cloud computing that lend themselves well to global management. In this article, I will describe some of the more interesting technologies that fit into the management of a cloud-based telecommunications infrastructure.

Up and running in just a few clicks

If you want to set up a 5G cellular site, there are a few key requirements. After gathering and interconnecting your hardware (servers, network switches, cables, power supplies, and other components), you then plug in your edge server machines to power and networking outlets. Each machine will be accessible via a standards-based board management controller (BMC) that usually runs a lightweight operating system, Linux, for example, to remotely manage the machine via the network.

When powered up, the BMC will obtain an IP address, most likely from a networked DHCP server. Next, an Azure VPN Gateway will be instantiated—this is a Microsoft Azure-managed service that is deployed into an Azure Virtual Network (VNet), and provides the endpoint for VPN connectivity for point-to-site VPNs, site-to-site VPNs, and Azure ExpressRoute. This gateway is the connection point into Azure from either the on-premises network (site-to-site) or the client machine (point-to-site). Using private VNet peering allows Azure to talk to the BMC on each machine.

Once this is working, the network operator can enable scripts that talk to the BMC via Azure to run automatically and can install the basic input/output system (BIOS) and proper software operating system (OS) images on the machine. Once these edge machines have an OS, a Kubernetes (K8s) cluster can be created, encompassing multiple machines by using tools such as Kubeadm. The K8s cluster is connected to Microsoft Azure Arc so that workloads can be scheduled onto the cluster using Azure APIs.

Management via Azure Arc

Microsoft Azure Arc is a set of technologies that extend Azure management to any infrastructure, enabling the deployment of Azure data services anywhere. Specifically, Azure management can be extended to Linux and Windows physical and virtual servers, and to K8s clusters so Azure data services can run on any K8s infrastructure. In this way, Azure Arc provides a unified management experience across the entire telecommunications infrastructure estate, whether it’s on-premises, in a public cloud, or in multiple public clouds.

This creates a single pane view and automation control plane of its heterogeneous environments, as well as the ability to govern and manage all these resources in a consistent way. Microsoft Azure portal, role-based access control, resource groups, search, and services like Azure Monitor and Microsoft Sentinel are also enabled. Security for next-generation networks, like the ones telecommunications operators are lighting up, is a topic I recently wrote about.

For developers, this unified framework delivers the freedom to use the tools they are familiar with while focusing more on the business logic in their applications. Microsoft Arc along with other existing and new Microsoft technologies and services forms the basis of our Azure Operator Distributed Services which will bring a carrier-grade hybrid cloud service to the market.

However, running radio access network (RAN) functions on a vanilla Arc-connected Kubernetes cluster is difficult. It requires manual and vendor-specific tuning, resource management, and monitoring capabilities, making it difficult to deploy across servers with different specs and to scale as more virtual RAN (vRAN) deployments come up. Therefore, in addition to Microsoft Azure Arc and Azure Operator Distributed Services, we have developed the Kubernetes for Operator RAN (KfOR) framework, which provides extensions that are installed on top of vanilla K8s clusters to specifically enhance the deployment, management, and monitoring of RAN workloads on the cluster. These are the essential components necessary for lighting up the automatic management and self-healing properties of next-generation telecommunication cloud networks, creating an edge platform that turns the vRAN into yet another cloud-managed application.

Kubernetes for Operator RAN (KfOR) extensions for virtualized RAN

To optimally utilize edge server resources and provide reliability, telecommunication RAN network functions (NFs) typically run in containers within a server cluster, utilizing K8s for container orchestration. Although Kubernetes allows us to take advantage of a rich ecosystem of components, there are several challenges related to running high service-level agreements, high-performance, and latency-sensitive RAN NFs in edge datacenters.

For example, RAN NFs run close to the cell tower in the far-edge, which in many cases is owned by the telecommunications operator. Performance requirements for high availability, high performance, and low latency needed by vRAN necessitate the use of single root I/O virtualization(SR-IOV) working with a data plane development kit (DPDK), programmable switches, accelerators, and custom workload lifecycle controllers. This is well beyond what standard K8s offer.

To address these challenges, we have developed KfOR, which patches this hole and enables end-to-end deployment, RAN management, monitoring, and analytics experience through Azure.

The figure shows how the various components of Azure and Kubernetes (blue) and those developed by the Azure for Operators team (green) fit together. Specifically, it shows the use of an Azure Resource Provider (RP) and an Azure Managed App, which allows the spin-up of a Management Azure Kubernetes Service (AKS) cluster on Azure. This control-plane management cluster can then utilize open source and in-house developed components to deploy and manage the edge cluster (the Azure Arc–enabled Kubernetes workload cluster).

The control plane manages both the provisioning of the bare-metal nodes on the workload cluster, as well as the Kubernetes components running on these nodes. Within the workload cluster, KfOR provides custom Kubernetes extensions to simplify the development, deployment, management, and monitoring of multi-vendor NFs. KfOR utilizes extension points available in Kubernetes such as custom controllers, DaemonSets, mutating webhooks, and custom runtime hooks. Here are some examples of its capabilities:

Container suspension capability. KfOR can create pods that have containers that start in a suspended state but can be automatically activated in the future. This capability can be used for creating "warm standbys," which means these pods can immediately replace active pods that unfortunately fail, reducing downtime from several seconds to under one. In addition, this feature can also be used to ensure that pods launch in a predetermined order by specifying pod dependencies. vRAN workloads have some pods that require another pod to have reached a particular state prior to launching.
Advanced Kubernetes networking stack. KfOR provides an advanced networking library using DPDK and a method to auto-inject this library into any pod using a sidecar container. KfOR also provides a mechanism to autoload this library ahead of the standard sockets library. This allows for code written using standard User Datagram Protocol sockets to achieve microsecond latency using DPDK underneath, without modifying a single line of code.
Cloud-native user-space eBPF codelets. Extended Berkeley packet filter (eBPF) is used to extend the capabilities of the kernel safely and efficiently without requiring changing the kernel source code or loading kernel modules. KfOR provides a mechanism to submit user-space eBPF codelets to the K8s cluster, as well as a method for insertion of these codelets by using K8s pod annotations. The codelets attach dynamically to hook points in running code in the network functions and can be used for monitoring and analytics.
Advanced scheduling and management of cluster resources. KfOR provides a K8s device plugin that allows for the scheduling and usage of isolated CPU cores as a resource separate from standard CPU cores. This enables RAN workloads to run on a K8s cluster with no manual configuration, such as pinning threads to predefined cores. KfOR also provides a custom runtime hook to isolate resources so containers cannot use CPUs, network interface controllers, or accelerators that have not been assigned to them.

With these capabilities, we have accomplished one-click deployment of RAN workloads as well as real-time workload migration and defragmentation. As a result, KfOR is able to shut off unused nodes to save energy. KfOR is also able to properly configure programmable switches that are used to route traffic from one server to the next. Furthermore, with KfOR, we can deliver fine-grain RAN analytics, which will be discussed in a future blog.

KfOR goes beyond simple automation. It turns the far-edge into a true platform that treats the vRAN as yet another app that you can install, uninstall, and swap easily with a simple click of a button. It provides APIs and abstractions that allow vRAN vendors to fine-tune their functions for real-time performance without needing to know the details of the bare metal. This is in contrast to existing vRAN solutions that even though virtualized, still treat the vRAN as an appliance, which needs to be manually tuned and is not easily portable across servers with even slightly different configurations.

Deployment of KfOR extensions is completed by using the management cluster to launch the add-ons on the workload cluster. KfOR capabilities can be used by any K8s deployment by simply adding annotations to the workload manifest.

Robust stress-free RAN management

What I have described here is how the full power of preexisting cloud management tools along with the new KfOR technology can be put together to manage, monitor, automate, and orchestrate the near-edge and far-edge machines and software deployed within the emerging telecommunications infrastructure. Once the hardware and network are available, these capabilities can light up a cell site impressively quickly, without any pain, and without requiring deep expertise. KfOR, developed specifically for virtual RAN management, has significant built-in value for our customers. It enables Azure to plug in artificial intelligence for sophisticated automation along with tried-and-true technologies needed for self-managing and self-healing networks. Overall, it creates a differentiation of our offering in the telecommunications and enterprise markets.

Learn more

Follow us for additional developments in this space and more.
Learn more about Microsoft Azure Arc and Azure Kubernetes Service (AKS).
Sign up for Microsoft Azure today.

Quelle: Azure

Microsoft and INT deploy IVAAP for OSDU Data Platform on Microsoft Energy Data Services

This post was co-authored by Fabrice Buron, Chief Commercial Officer, INT.

Energy companies are currently going through a massive transformation by moving hundreds of applications to monitor, interpret, and administer their data into the cloud. In addition, they have embarked on adopting a common data standard, the OSDUTM Data Platform, to simplify interoperability between applications to facilitate data access, exchange, and collaboration.

With Microsoft Energy Data Services, energy companies can leverage new cloud-based advanced data visualization capabilities for geoscientists provided by INT and Microsoft Energy Data Services. 

Microsoft Energy Data Services is a data platform fully supported by Microsoft, that enables efficient data management, standardization, liberation, and consumption in energy exploration. The solution is a hyperscale data ecosystem that leverages the capabilities of the OSDU Data Platform and Microsoft's secure and trustworthy cloud services with our partners’ extensive domain expertise.

INT is proud to be among the early adopters who have been involved since the preview of Microsoft Energy Data Services. INT is a very active member of the OSDU Forum that offers IVAAPTM, an advanced data visualization platform that allows geoscientists to easily access, interact with, and visualize data to create dashboards within Microsoft Azure, leveraging Microsoft Energy Data Services. 

The IVAAP data visualization platform helps geoscientists and data scientists simplify their data work with the following features:

Access to the OSDU Data Platform is already supported (well, seismic, reservoir) and any other data sources from a single application in the cloud. 
Full interoperability, which means data types aligned with the OSDU Data Platform can be extended to support custom formats and aggregate custom DDMS.
Intuitive, user-defined dashboards for engineers, geophysicists, and managers to visualize and interact with large datasets of well logs and seismic schematics, build data collections, and launch their machine learning—all from one place.
Many standard data connectors, powerful APIs, and SDKs that provide developers and architects ways to implement their own workflow easily.
Accelerated delivery of geoscience, drilling, and production cloud-enabled solutions with seamless support on Microsoft Azure.

"Providing a reliable, trusted platform as a service that accelerates the deployment of the OSDU Data Platform is key for any successful cloud transformation. Through the IVAAP platform’s integration with Microsoft Azure, customers will now have immediate access to these capabilities. This integration will simplify the access and provisioning of the massive amount of data generated by the energy industry, enabling impeccable and secure digital interactions. Our partnership with Microsoft in deploying Microsoft Energy Data Services is an important step toward our goal of providing reliable, cost-effective solutions for energy ISVs in the OSDU Data Platform."—Dr. Hughes Thevoux-Chabuel, VP Cloud Solutions, INT.

Get started with IVAAP and Microsoft Energy Data Services for the OSDU Data Platform

Please visit INT's website for detailed information on the IVAAP: Upstream Data Visualization and Analytics Platform and schedule a demo session.

Microsoft Energy Data Services is an enterprise-grade, fully managed OSDU Data Platform for the energy industry that is efficient, standardized, easy to deploy, and scalable for data management—ingesting, aggregating, storing, searching, and retrieving data. The offering will provide the scale, security, privacy, and compliance expected by our enterprise customers. The platform offers out-of-the-box compatibility with INT IVAAP, an advanced data visualization platform that allows geoscientists to easily access, interact with, and visualize the OSDU Data Platform to create dashboards with data contained in Microsoft Energy Data Services.

Learn more

Get started with Microsoft Energy Data Services today.
Watch the INT demo: IVAAP Data Visualization on Microsoft Azure using Microsoft Energy Data Services.

Quelle: Azure

Azure Firewall Basic now in preview

This blog was co-authored by Gopikrishna Kannan, Principal Program Manager, Azure Networking.

Organizations are experiencing an increase in both the volume and sophistication of cyberattacks with the acceleration of digital transformation and the increase in hybrid work. While organizations of all sizes face similar security risks, cybersecurity is rapidly becoming a top concern for small and medium businesses (SMBs) with the shift to remote work and new digital business models. SMBs are particularly vulnerable as they are faced with budget constraints and gaps in specialized security skills. In a recent research study, over 60 percent of small businesses experienced a cyberattack and were left unable to operate.

Microsoft is constantly innovating to help secure customers’ digital assets in an evolving threatened landscape and help SMB customers with their cloud adoption journey. Today, we are excited to announce the preview of Azure Firewall Basic.

Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all of their traffic flows with essential capabilities at scale.

Cost-effective, enterprise-grade security built for SMBs

Azure Firewall Basic includes Layer 3–Layer 7 filtering and alerts on malicious traffic with built-in threat intelligence from Microsoft Threat Intelligence. With tight integration with other Azure services, such as Azure Monitor, Azure Events Hub, Microsoft Sentinel, and Microsoft Defender for Cloud, you can gain more visibility into your environment and identify and respond to threats quicker.

Key features of Azure Firewall Basic

Comprehensive, cloud-native network firewall security.

Network and application traffic filtering.
Threat intelligence to alert on malicious traffic.
Built-in high availability.
Seamless integration with other Azure services.

Simple setup and easy to use.

Set up in just a few minutes.
Automate deployment (deploy as code).
Zero maintenance with automatic updates.
Central management via Azure Firewall Manager.

Cost-effective.

Designed to deliver essential, cost-effective Firewall protection for your resources within your virtual network.

Choosing the right Azure Firewall SKU to meet your needs

Azure Firewall now supports three different SKUs to cater to a wide range of customer use cases and preferences.

Azure Firewall Premium is recommended to secure highly sensitive applications (such as payment processing). It supports advanced threat protection capabilities like malware and TLS inspection.
Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and needs auto-scaling to handle peak traffic periods of up to 30 Gbps. It supports enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 Mbps.

Let’s take a closer look at the features across the three Azure Firewall SKUs.

Azure Firewall Basic pricing

Similar to the Standard and Premium SKUs, Azure Firewall Basic pricing includes both deployment and data processing charges.

For more details, visit the Azure Firewall pricing page.

Next steps

For more information on everything we covered in this blog post, see the following:

Azure Firewall documentation.
Azure Firewall Manager documentation.
Deploy and configure Azure Firewall Basic.
Watch this video for a guided walkthrough of Azure Firewall Basic deployment.

Quelle: Azure

Advancing anomaly detection with AIOps—introducing AiDice

This blog post has been co-authored by Jeffrey He, Product Manager, AIOps Platform and Experiences Team.

In Microsoft Azure, we invest tremendous efforts in ensuring our services are reliable by predicting and mitigating failures as quickly as we can. In large-scale cloud systems, however, we may still experience unexpected issues simply due to the massive scale of the system. Given this, using AIOps to continuously monitor health metrics is fundamental to running a cloud system successfully, as we have shared in our earlier posts. First, we shared more about this in Advancing Azure service quality with artificial intelligence: AIOps. We also shared an example deep dive of how we use AIOps to help Azure in the safe deployment space in Advancing safe deployment with AIOps. Today, we share another example, this time about how AI is used in the field of anomaly detection. Specifically, we introduce AiDice, a novel anomaly detection algorithm developed jointly by Microsoft Research and Microsoft Azure that identifies anomalies in large-scale, multi-dimensional time series data. AiDice not only captures incidents quickly, it also provides engineers with important context that helps them diagnose issues more effectively, providing the best experience possible for end customers.

Why are AIOps needed for anomaly detection?

We need AIOps for anomaly detection because the data volume is simply too large to analyze without AI. In large-scale cloud environments, we monitor an innumerable number of cloud components, and each component logs countless rows of data. In addition, each row of data for any given cloud component might contain dozens of columns such as the timestamp, the hardware type of the virtual machine, the generation number, the OS version, the datacenter where the nodes hosting the virtual machine stay in, or the country. The structure of the data we have is essentially multi-dimensional time series data, which contains an exponential number of individual time series due to the various combinations of dimensions. This means that iterating through and monitoring every single time series is simply not practical—applying AIOps is necessary.

How did we approach this, before AiDice?

Before AiDice, the way we handled anomaly detection in large-scale, high-dimensional time series data was to conduct anomaly detection on a selected set of dimensions that were the most important. By focusing on a scoped subset, we would be able to detect anomalies within those combinations quickly. Once these anomalies were detected, engineers would then dive deeper into the issues, using pivot tables to drill down into the other dimensions not included to better diagnose the issue. Although this approach worked, we saw two key opportunities to improve the process. First, the old approach required a lot of manual effort by engineers to determine the exact pivot of anomalies. Second, the approach also limited the scope of direct monitoring by only allowing us to input a limited number of dimensions into our anomaly detection algorithms. Given these reasons, Microsoft Research and Azure worked together to develop AiDice, which improves both of these areas.

How do we approach this now with AiDice, and how does it work?

Now with AiDice, we can automatically localize pivots on time series data even if looking at dozens of dimensions at the same time. This allows us to add a lot more attributes, whether that be the hardware generation or hardware microcode, the OS version, or the networking agent version. Though this makes the search space much larger, AiDice encodes the problem as a combinatorial optimization problem, allowing it to search through the space more efficiently than traditional approaches. Brief details of AiDice are described below, but to see a full explanation of the algorithm, please see the paper published at the ESEC/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020).

Part 1: AiDice algorithm—formulation as a search problem

The AiDice algorithm works by first turning the data into a search problem. Search nodes are formed by starting at a given pivot and building the relationships out to the neighbors. For example, if we take a node, "Country=USA, Datacenter=DC1, DiskType=SSD", we can form out the neighboring nodes by swapping, adding, or removing a dimension-value pair, as shown in the diagram below.

Part 2: AiDice algorithm—objective function

Next, the AiDice algorithm searches through the search space in a smart manner by maximizing an objective function that emphasizes two key components. First, the bigger the sudden burst or change in errors, the higher AiDice scores the objective function. Second, the higher the proportion of the errors that occur in this pivot in relation to the total number of errors, the higher AiDice scores the objective function. For example, if there are 5,000 total errors that occurred, it is more important to alert the user about the pivot that went from 3000 errors to 4000 errors than the pivot that went from 10 to 20 errors.

Part 3: Customization of alerts to reduce noise

Next, the alerts that AiDice produces need to be filtered and customized to be less noisy and more actionable since the results so far are optimized from a mathematical perspective but have not yet incorporated domain knowledge around the meaning of the input data. This step can vary widely depending on the nature of the input data, but an example could be that consecutive alerts that share the same error code may be grouped together to reduce the number of total alerts.

AiDice in action—an example

The following is a real example in which AiDice helped detect a real issue early on. The details are altered for confidentiality reasons.

We applied AiDice to monitor low memory error events in a certain type of virtual machine with more than a dozen dimensions of attribute information alongside the fault count, including the region, the datacenter location, the cluster, the build, the RAM, or the event type.
AiDice identified an increase in the number of low memory events on distinct nodes in a particular pivot, which indicated a memory leak.

Build=11.11111, Ram=00.0, ProviderName=Xxxxx-x-Xxxxxx, EventType=8888 (details have been altered for privacy).

When looking at the aggregate trend, this issue is hidden and without AiDice it would take manual effort to detect the exact location of the issue (see graphs below, data normalized for privacy).
The engineer responsible for the ticket looked at the alert and some example cases shown in the alerts to quickly able figure out what was going on.

In this real-world example, AiDice was able to detect an issue in a dimension combination that was causing a particular error type in an automatic fashion, quickly and efficiently. Soon after, the memory leak was discovered and Azure engineers were able to mitigate the issue.

Looking forward

Looking ahead, we hope to improve AiDice to make Azure even more resilient and reliable. Specifically, we plan to:

Support additional scenarios in Azure: AiDice is being applied to many scenarios in Azure already, but the algorithm has room to improve with respect to the types of metrics it can operate on. Microsoft Azure and the Microsoft Research team are working together to support more metric scenarios.
Prepare additional data feeds in Azure for AiDice: In addition to upgrading the AiDice algorithm itself to support more scenarios, we are also working to add supporting attributes to certain data sources to fully leverage the power of AiDice.

Learn more

Sign up for Microsoft Azure today.
Visit the Advancing Reliability Series.

Quelle: Azure

Ensure zone resilient outbound connectivity with NAT gateway

Our customers—across all industries—have a critical need for highly available and resilient cloud frameworks to ensure business continuity and adaptability of ever-growing workloads. One way that customers can achieve resilient and reliable infrastructures in Microsoft Azure (for outbound connectivity) is by setting up their deployments across availability zones in a region.

When customers need to connect outbound to the internet from their Azure infrastructures, Network Address Translation (NAT) gateway is the best way. NAT gateway is a zonal resource that is configured to subnets from the same virtual network, which means that it can be deployed to individual zones to allow outbound connectivity. Subnets and virtual networks, on the other hand, are regional constructs that are not restricted to individual zones. Subnets can contain virtual machine instances or scale sets spanning across multiple availability zones.

Even without being able to traverse multiple availability zones, NAT gateway still provides a highly resilient and reliable way to connect outbound to the internet. This is because it does not rely on any single compute instance like a virtual machine. Instead, NAT gateway leverages software-defined networking to operate as a fully managed and distributed service with built-in redundancy. This built-in redundancy means that customers are unlikely to experience individual NAT gateway resource outages or downtime in their Azure infrastructures.

To ensure that you have the optimal outbound configuration to meet your availability and security needs while also safeguarding against zonal outages, let’s look at how to create zone resilient setups in Azure with NAT gateway.

Zone resilient outbound connectivity scenarios with NAT gateway

Customer setup

Let's say you are a retailer who is preparing for an upcoming Black Friday event. You anticipate that traffic to your retail website will increase significantly on the day of the sale. You decide to deploy a virtual machine scale set (VMSS) so that way your compute resources can automatically scale out to meet the increased traffic demands. Scalability is not the only requirement you have in preparation for this event, but also resiliency and security. To ensure that you safeguard against potential zonal outages that could impact traffic flow, you decide to deploy these VMSS across multiple availability zones. In addition to using VMSS in multiple availability zones, you plan to use NAT gateway to handle all outbound traffic flow in a scalable, secure, and reliable manner.

How should you set up your NAT gateway with your VMSS across multiple availability zones? Let’s take a look at a few different configurations along with which setups will and won’t work.

Scenario 1: Set up a single zonal NAT gateway with your zone-spanning VMSS

First, you decide to deploy a single NAT gateway resource to availability zone 1 and your VMSS across all three availability zones within the same subnet. You then configure your NAT gateway to this single subnet and to a /28 public IP prefix, which provides you a contiguous set of 16 public IP addresses for connecting outbound. Does this setup safeguard you against potential zone outages? No.

Figure 1: A single zonal NAT gateway configured to a zone-spanning set of virtual machines does not provide optimal zone resiliency. NAT gateway is deployed out of zone 1 and configured to a subnet that contains a VMSS that spans across all three availability zones of the Azure region. If availability zone 1 goes down, outbound connectivity across all three zones will also go down.

Here’s why:

If the zone that goes down is also the zone in which NAT gateway has been deployed then all outgoing traffic from virtual machines across all zones will be blocked.
If the zone that goes down is different than the zone that NAT gateway has been deployed in, then outgoing traffic from the other zones will still occur and only virtual machines from the zone that has gone down will be impacted.

Scenario 2: Attach multiple NAT gateways to a single subnet

Since the previous configuration will not provide the highest degree of resiliency, you decide you will instead deploy 3 NAT gateway resources, one in each availability zone, and attach them to the subnet that contains the VMSS. Will this setup work? Unfortunately, no.

Figure 2: Multiple NAT gateways cannot be attached to a single subnet by design.

Here’s why:

A subnet cannot have more than one NAT gateway attached to it and it is not possible to set up multiple NAT gateways on a single subnet. When NAT gateway is configured to a subnet, NAT gateway becomes the default next hop type for network traffic before reaching the internet. Consequently, virtual machines in a subnet will source NAT to the public IP address(es) of NAT gateway before egressing to the internet. If more than one NAT gateway were to be attached to the same subnet, the subnet would not know which NAT gateway to use to send outbound traffic.

Scenario 3: Deploy zonal NAT gateways with zonally configured VMSS for optimal zone resiliency

What is the optimal solution then for creating a secure, resilient, and scalable outbound setup? The solution is to deploy a VMSS in each availability zone, configure each to their own respective subnet and then attach each subnet to a zonal NAT gateway resource.

Figure 3: Zonal NAT gateways configured to individual subnets for zonal VMSS provide optimal zone resiliency for outbound connectivity.

Deploying zonal NAT gateways to match the zones of the VMSS provides the greatest protection against zonal outages. Should one of the availability zones go down, the other two zones will still be able to egress outbound traffic from the other two zonal NAT gateway resources.

Summary of zone resilient scenarios with NAT gateway

Scenario

Description

Rating

Scenario 1

Set up a single zonal NAT gateway with your VMSS that spans across multiple availability zones but confined to a single subnet.

Not recommended: if the zone that NAT gateway is located in goes down then outbound connectivity for all VMs in the scale set goes down.

Scenario 2

Attach multiple zonal NAT gateways to a subnet that contains zone-spanning virtual machines.

Not possible: multiple NAT gateways cannot be associated to a single subnet by design.

Scenario 3

Deploy zonal NAT gateways to separate subnets with zonally configured VMSS.

Optimal configuration to provide zone resiliency and protect against outages.

FAQ on NAT gateway and availability zones

What does it mean to have a "no zone" NAT gateway?

"No zone" is the default availability zone selected when you deploy a NAT gateway resource. No zone means that Azure places the NAT gateway resource into a zone for you, but you do not have visibility into which zone it is specifically placed. It is recommended that you deploy your NAT gateway to specific zones so that you know in which zone your NAT gateway resource resides. Once NAT gateway is deployed, the availability zone designation cannot be changed.

If I have Load Balancer or instance-level public IPs (IL PIPs) on virtual machines and NAT gateway deployed in the same virtual network and NAT gateway or an availability zone goes down, will Azure fall back to using Load Balancer or IL PIPs for all outbound traffic?

Azure will not failover to using Load Balancer or IL PIPs for handling outbound traffic when NAT gateway is configured to a subnet. After NAT gateway has been attached to a subnet, the user-defined route (UDR) at the source virtual machine will always direct virtual machine–initiated packets to the NAT gateway even if the NAT gateway goes down.

Learn more

NAT gateway and availability zones.
Design virtual networks with NAT gateway.
Create a NAT gateway with the portal.

Quelle: Azure

Strengthen your security with Policy Analytics for Azure Firewall

This blog was co-authored by Gopikrishna Kannan, Principal Program Manager, Azure Networking.

Network security policies are constantly evolving to keep pace with the demands of workloads. With the acceleration of workloads to the cloud, network security policies—Azure Firewall policies in particular—are frequently changing and often updated multiple times in a week (in many cases several times in a day). Over time, the Azure Firewall network and application rules grow and can become suboptimal, impacting the firewall performance and security. For example, high volume and frequently hit rules can be unintentionally prioritized lower. In some cases, applications are hosted in a network that has been migrated to a different network. However, the firewall rules referencing older networks have not been deleted.

Optimizing Firewall rules is a challenging task for any IT team. Especially for large, geographically dispersed organizations, optimizing Azure Firewall policy can be manual, complex, and involve multiple teams across the world. Updates are risky and can potentially impact a critical production workload causing serious downtime. Well, not anymore!

Policy Analytics has been developed to help IT teams manage Azure Firewall rules over time. It provides critical insights and recommendations for optimizing Azure Firewall rules with a goal of strengthening your security posture. We are now excited to share that Policy Analytics for Azure Firewall is now in preview.

Optimize Azure Firewall rules with Policy Analytics

Policy Analytics helps IT teams address these challenges by providing visibility into traffic flowing through the Azure Firewall. Key capabilities available in the Azure Portal include:

Firewall flow logs: Displays all traffic flowing through the Azure Firewall alongside hit rate and network and application rule match. This view helps identify top flows across all rules. You can filter flows matching specific sources, destinations, ports, and protocols.
Rule analytics: Displays traffic flows mapped to destination network address translation (DNAT), network, and application rules. This provides enhanced visibility of all the flows matching a rule over time. You can analyze rules across both parent and child policies.
Policy insight panel: Aggregates policy insights and highlights policy recommendations to optimize your Azure Firewall policies.
Single-rule analysis: The single-rule analysis experience analyzes traffic flows matching the selected rule and recommends optimizations based on those observed traffic flows.

Deep dive into single-rule analysis

Let’s investigate single-rule analysis. Here we select a rule of interest to analyze the matching flows and optimize thereof.

Users can analyze Firewall rules with a few easy clicks.

Figure 1: Start by selecting Single-rule analysis.

With Policy Analytics, you can perform rule analysis by picking the rule of interest. You can pick a rule to optimize. For instance, you may want to analyze rules with a wide range of open ports or a large number of sources and destinations.

Figure 2: Select a rule and Run analysis.

Policy Analytics surfaces the recommendations based on the actual traffic flows. You can review and apply the recommendations, including deleting rules which don’t match any traffic or prioritizing them lower. Alternatively, you can lock down the rules to specific ports matching traffic.

Figure 3: Review the results and Apply selected changes.

Pricing

While in preview, enabling Policy Analytics on a Firewall Policy associated with a single firewall is billed per policy as described on the Azure Firewall Manager pricing page. Enabling Policy Analytics on a Firewall Policy associated with more than one firewall is offered at no additional cost.

Next steps

Policy Analytics for Azure Firewall simplifies firewall policy management by providing insights and a centralized view to help IT teams have better and consistent control of Azure Firewall. To learn more about Policy Analytics, see the following resources:

Get started with Azure Firewall and Policy Analytics.
Watch this video for a detailed walkthrough of the Policy Analytics capabilities.
Firewall Manager documentation.
Azure Firewall Standard features, Microsoft Learn.
Azure Firewall Premium features, Microsoft Learn.

Quelle: Azure

RoQC and Microsoft simplify cloud migration with Microsoft Energy Data Services

This post was co-authored by Ian Barron, Chief Technology Officer, RoQC.

The vast amount of data in energy companies slows down their digital transformation. Together with RoQC solutions, Microsoft Energy Data Services will accelerate your journey in democratizing access to data by providing an easy-to-deploy managed service fully supported by Microsoft.

Managing large data sets is complicated, and few industries have larger and more complex data sets than the energy industry. Data complexity and large investments in on-premises storage solutions and multitudes of computer systems prevent the transition to cloud-based sub-surface data management. A single company can have tens of petabytes of structured and unstructured data, which if not quality-assured, can lead to an increase in cost if it goes wrong.

Solutions from RoQC, a Norwegian software company, clean up structured data for energy companies. This makes data management more efficient from a time and cost perspective, and also makes decision-making more reliable.

With Microsoft Energy Data Services, energy companies can leverage new cloud-based data management capabilities provided by RoQC and Microsoft Energy Data Services.

Microsoft Energy Data Services is a data platform fully supported by Microsoft, that enables efficient data management, standardization, liberation, and consumption in energy exploration. The solution is a hyperscale data ecosystem that leverages the capabilities of the OSDU Data Platform™, Microsoft's secure and trustworthy cloud services with our partners’ extensive domain expertise.

"Through machine learning, our software gives energy companies complete control of their data and assets. When the amounts of data are reduced, we eliminate uncertainty and duplication, and optimize the quality of the data sets. Traditionally a petrophysicist might spend a day or two cleaning up the logs for one well before they can be used for detailed analysis—with RoQC LogQA the same petrophysicist can clean hundreds of thousands of logs in the same timeframe. By cooperating with one of the largest platform providers in the world, we gain access to technology, competency, and markets it would be hard for us to get otherwise."—Bjørn Thorsen, CEO of RoQC.

New possibilities through cooperation

RoQC, a certified independent software vendor with Microsoft, has been able to expand its technology globally through the partnership.

Partner development manager for Microsoft Norway, Ole Christian Smerud, assures that the cooperation is mutually beneficial. "As a platform provider, we depend on strong partners to give our customers the best solutions. While we provide a platform, cloud competency, and access to an ecosystem for RoQC, they bring domain knowledge and relevance to their industry," he says.

Save millions with better data

RoQC believes that the energy industry struggles to take the step into the cloud, simply because of the data complexity and that most companies lack control over their data. By qualifying and quantifying data sets by identifying and deleting duplicates, RoQC Tools can reduce the data set size with commensurate dramatic savings in storage costs.

By reducing the amount of data by 10 to 30 percent, we’re talking millions of dollars in savings. The bigger the organization, the bigger the effect.

RoQC Tools are primarily designed so that data managers can perform tasks that are usually time-consuming as efficiently as possible. Very often they can complete a task that usually takes months, in a minute or two. Sometimes, the tasks would not be possible at all without the tools.

There is an obvious and well-documented correlation between increasing the quality of your data and reducing the risk of decisions based on that data. Geoscientists and project leaders in this field make decisions worth millions, maybe billions. You don’t want to make a decision of that magnitude based on insufficient or weak data.

RoQC believes the energy companies’ data is the key to shifting away from fossil resources. In the data sets, subsea energy companies have knowledge of "everything" about the ocean floor and sub-sea.

"Minerals from the ocean floor and sub-surface might be the next big thing for subsea oil-dependent nations like Norway. It is an already overused statement, but data is literally the new oil for this industry," says Bjørn Thorsen.

Preparing efficient data migration

RoQC provides both tools and consultants to enable a client to prepare their data prior to migrating the data to Azure. This preparation can include everything from simply identifying and removing duplicates to developing and implementing standards and then cleaning the data to comply with the standards. These preparations can be done directly in the clients’ normal (e.g., Halliburton/Schlumberger) interpretation platforms.

Furthermore, RoQC’s LogQA provides extremely powerful native, machine learning–based QA and cleanup tools for log data once the data has been migrated to Microsoft Energy Data Services, an enterprise-grade OSDU Data Platform on the Microsoft Cloud.

LogQA monitors the quality of the well log data that a client has stored on OSDU Data Platform. LogQA was partially developed in collaboration with Microsoft as part of Microsoft Energy Data Services, and LogQA is maintained on the latest OSDU Data Platform APIs and version/schema.

As LogQA is native to the Microsoft Cloud infrastructure there is no customer deployment required before a customer can utilize LogQA to monitor, identify, and rapidly rectify the data quality issues. LogQA is designed to work with typically energy industry client datasets, which is potentially millions of well logs.

How to work with RoQC Solutions on Microsoft Energy Data Services

For access to RoQC solutions, reach out to Bjørn Thorsen, CEO, RoQC Data Management AS, Norway at Bjorn@roqc.no.

Microsoft Energy Data Services is an enterprise-grade, fully managed, OSDU Data Platform for the energy industry that is efficient, standardized, easy to deploy, and scalable for data management—for ingesting, aggregating, storing, searching, and retrieving data. The platform will provide scale, security, privacy, and compliance that are expected by our enterprise customers. The platform offers out-of-the-box compatibility with RoQC applications, which accelerates time-to-market and being able to run their domain workflows with ease, with data contained in Microsoft Energy Data Services, and minimal effort.

Get started with Microsoft Energy Data Services today.
Quelle: Azure

Cost Management updates—September 2022

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to the bill, and this is where Microsoft Cost Management comes in.

We're always looking for ways to learn more about your challenges and how Microsoft Cost Management can help you better understand where you're accruing costs in the cloud, identify and prevent bad spending patterns, and optimize costs to empower you to do more with less. Here are a few of the latest improvements and updates based on your feedback:

Monitor your budgets from the Azure mobile app.
Cost savings insights in the cost analysis preview.
We want to learn about your cloud commerce experience.
What's new in Cost Management Labs.
New licensing benefits make bringing workloads and licenses to partners’ clouds easier.
New ways to save money with Microsoft Cloud.
Documentation updates.
Join the Microsoft Cost Management team.

Let's dig into the details.

Monitor your budgets from the Azure mobile app

In June, we shared the addition of your current cost to the Azure mobile app. This was great because it gave you direct access to your costs whenever you need it, wherever you are. The experience has now been expanded and you can now track your budgets on the go.

To view your budgets, simply open any subscription or resource group and select the Cost Management tile. You’ll see a new screen with your current cost, forecast, last month’s cost, and any budgets you’ve created.

What would you like to see next?

Cost savings insights in the cost analysis preview

Cost optimization is arguably the number one goal for organizations using Cost Management. When I talk to people about how to drive cost efficiency, I always start with Azure Advisor. Advisor recommendations are the quickest way to address some of the most common inefficiencies. Unfortunately, many still don’t know about Azure Advisor or forget to check in to see if there are any new recommendations. In an effort to help you drive the most efficient solutions, the cost analysis preview now includes a summary of your subscription cost recommendations.

We hope this helps you drive cost efficiency across your resources. You can find this today on subscriptions and we’re working on expanding that to resource groups as well.

Learn more about Cost savings insights or check it out yourself in the cost analysis preview. Let us know what you’d like to see next!

We want to learn about your cloud commerce experience

Are you responsible for managing Microsoft 365 and Azure cloud costs? We’d love to learn more about your experience and business process when it comes to your cloud costs. If interested in connecting with us for a 60-minute interview, please reach out to ce-uxr@microsoft.com.

What's new in Cost Management Labs

With Cost Management Labs, you get a sneak peek at what's coming in Microsoft Cost Management and can engage directly with us to share feedback and help us better understand how you use the service, so we can deliver more tuned and optimized experiences. Here are a few features you can see in Cost Management Labs:

Updated: Cost savings insights in the cost analysis preview—Now available in the public portal. 
Identify potential savings available from Azure Advisor cost recommendations for your Azure subscription. You can opt in using Try preview.
Updated: Product column experiment in the cost analysis preview—Now available in the public portal.
We’re testing new columns in the Resources and Services views in the cost analysis preview for Microsoft Customer Agreement. You may see a single Product column instead of the Service, Tier, and Meter columns. Please leave feedback to let us know which you prefer. 
Forecast in the cost analysis preview.
Show your forecast cost for the period at the top of the cost analysis preview. You can opt in using Try preview.
Group related resources in the cost analysis preview.
Group related resources, like disks under VMs or web apps under App Service plans, by adding a “cm-resource-parent” tag to the child resources with a value of the parent resource ID.
Charts in the cost analysis preview.
View your daily or monthly cost over time in the cost analysis preview. You can opt in using Try Preview.
View cost for your resources.
The cost for your resources is one click away from the resource overview in the preview portal. Just click View cost to quickly jump to the cost of that resource.
Change scope from the menu.
Change scope from the menu for quicker navigation. You can opt-in using Try Preview.

Of course, that's not all. Every change in Microsoft Cost Management is available in Cost Management Labs a week before it's in the full Azure portal or Microsoft 365 admin center. We're eager to hear your thoughts and understand what you'd like to see next. What are you waiting for? Try Cost Management Labs today.

New licensing benefits make bringing workloads and licenses to partners’ clouds easier

On October 1, 2022, Microsoft will implement significant upgrades to our outsourcing and hosting terms that will benefit customers worldwide. Added benefits will enable new scenarios for how customers can license and run workloads with cloud providers, including partners in the Cloud Solution Provider program. These changes will support customers’ ability to move their licenses to a partners’ cloud, leverage shared hardware, and have more flexibility in deployment options for their software licenses. With these changes, customers have additional choices to deploy their solutions with more flexibility. See Microsoft Licensing News for further details on what we’re doing to give customers more flexibility and choice. You can also see how we’re working with partners to make hosted cloud easier for customers, whether they bring their licenses or get them from a partner. Partners can learn more at the Microsoft Partner blog.

New ways to save money in the Microsoft Cloud

Check out these seven generally available updates that can help you save money:

Reserved capacity for Azure Backup Storage.
Azure Virtual Machines with Ampere Altra Arm–based processors.
Up to 45 percent performance gains in stream processing.
Azure Dedicated Host support for Azure Kubernetes Service.
Microsoft Azure available from new cloud region in Qatar.
Azure Arc–enabled servers in South Africa North and China East 2 and China North 2.
Azure VMware Solution now in Sweden Central.

Documentation updates

Here are a few documentation updates you might be interested in:

New: Customize views in cost analysis.
New: Optimize costs for Azure Backup Storage with reserved capacity.
Updated: Added new option for How to buy Marketplace software reservations.
Plus 12 updates based on your feedback.

Want to keep an eye on all documentation updates? Check out the Cost Management and Billing documentation change history in the azure-docs repository on GitHub. If you see something missing, select Edit at the top of the document and submit a quick pull request. You can also submit a GitHub issue. We welcome and appreciate all contributions!

Join the Microsoft Cost Management team

Are you excited about helping customers and partners better manage and optimize costs? We're looking for passionate, dedicated, and exceptional people to help build best in class cloud platforms and experiences to enable exactly that. If you have experience with big data infrastructure, reliable and scalable APIs, or rich and engaging user experiences, you'll find no better challenge than serving every Microsoft customer and partner in one of the most critical areas for driving cloud success.

Watch the video below to learn more about the Microsoft Cost Management team:

Join our team.

What's next?

These are just a few of the big updates from last month. Don't forget to check out the previous Microsoft Cost Management updates. We're always listening and making constant improvements based on your feedback, so please keep the feedback coming.

Follow @MSCostMgmt on Twitter and subscribe to the YouTube channel for updates, tips, and tricks. You can also share ideas and vote up others in the Cost Management feedback forum or join the research panel to participate in a future study and help shape the future of Microsoft Cost Management.

We know these are trying times for everyone. Best wishes from the Microsoft Cost Management team. Stay safe and stay healthy.
Quelle: Azure