Microsoft Azure News, Entwicklungen, Updates, HowTos - Seite 48 von 256

We are excited to announce the preview of Premium SSD v2, the next generation of Microsoft Azure Premium SSD Disk Storage. This new disk offering provides the most advanced block storage solution designed for a broad range of input/output (IO)-intensive enterprise production workloads that require sub-millisecond disk latencies as well as high input/output operations per second (IOPS) and throughput—at a low cost. With Premium SSD v2, you can now provision up to 64TiBs of storage capacity, 80,000 IOPS, and 1,200 MBPS throughput on a single disk. With best-in-class IOPS and bandwidth, Premium SSD v2 provides the most flexible and scalable general-purpose block storage in the cloud, enabling you to meet the ever-growing demands of your production workloads such as—SQL Server, Oracle, MariaDB, SAP, Cassandra, Mongo DB, big data, analytics, gaming, on virtual machines, or stateful containers. Moreover, with Premium SSD v2, you can provision granular disk sizes, IOPS, and throughput independently based on your workload needs, providing you more flexibility in managing performance and costs.

With the launch of Premium SSD v2, our Azure Disk Storage portfolio now includes one of the most comprehensive sets of disk storage offerings to satisfy workloads ranging from Tier-1 IOPS intensive workloads such as SAP HANA to general purpose workloads such as RDMS and NoSQL databases and cost-sensitive Dev/Test workloads.

Benefits of Premium SSD v2

As customers transition their production workloads to the cloud or deploy new cloud-native applications, balancing performance and cost is top of mind. For example, transaction-intensive database workloads may require high IOPS on a small disk size or a gaming application may need very high IOPS during peak hours. Similarly, big data applications like Cloudera/Hadoop may require very high throughput at a low cost. Hence, customers need the flexibility to scale their IOPS and throughput independent of the disk size. With Premium SSD v2, you can customize disk performance to precisely meet your workload requirements or seasonal demands, without the need to provision additional storage capacity.

Premium SSD v2 also enables you to provision storage capacity ranging from 1 GiB up to 64 TiB with GiB increments. All Premium SSD v2 disks provide a baseline performance of 3,000 IOPS and 125 MB/sec. If your disk requires higher performance, you can provision the required IOPS and throughput at a low cost, up to the max limits shown below. You can dynamically scale up or scale down the IOPS and throughput as needed without downtime, allowing you to manage disk performance cost-effectively while avoiding the maintenance overhead of striping multiple disks to achieve more performance. Summarizing the key benefits:

Granular disk size in 1 GiB increments.
Independent provisioning of IOPS, throughput, and GiB.
Consistent sub-millisecond latency.
Easier maintenance with scaling performance up and down without downtime.

Premium SSD v2, like all other Azure Disk Storage offerings, will provide our industry-leading data durability and high availability at general availability.

Following is a summary comparing Premium SSD v2 with the current Premium SSD and Ultra Disk.

Ultra Disk

Premium SSD v2

Premium SSD

Disk Size

4 GiB – 64 TiB

1 GiB – 64 TiB

4 GiB – 32 TiB

Baseline IOPS

Varies by disk size

3,000 IOPS free

Varies by disk size

Baseline throughput

Varies by disk size

125 MBPS free

Varies by disk size

Peak IOPS

160,000 IOPS

80,000 IOPS

20,000 IOPS

Peak Throughput

4,000 MBPS

1,200 MBPS

900 MBPS

Durability

99.999999999% durability

(~0% annual failure rate)

99.999999999% durability

(~0% annual failure rate)

99.999999999% durability

(~0% annual failure rate)

Supported Azure Virtual Machines

Premium SSD v2 can be used with any premium storage-enabled virtual machines sizes enabling you to leverage a diverse set of virtual machine sizes. Currently, Premium SSD v2 can only be used as data disks. Premium SSDs and Standard SSDs can be used as OS disks for virtual machines using Premium SSD v2 data disks.

Pricing

Premium SSD v2 disks are billed hourly based on the provisioned capacity, IOPS, and MBPS. Let’s take an example of a disk that you provision with 100 GiB capacity, 5000 IOPS, and 150 MB/sec throughput.

The disks are billed per GiB of the provisioned capacity. Hence, you will be charged for 100 GiB of the provisioned capacity.
The disks are billed for any additional IOPS provisioned over the free baseline of 3,000 IOPS. In this case, since you provisioned 5000 IOPS, you will be billed for the additional 2,000 IOPS.
The disks are billed for any additional throughput over the free baseline throughput of 125 MB/s. In this case, since you provisioned 150 MB/sec throughput, you will be billed for the additional 25 MB/s throughput.

You can learn more on the Azure Managed Disks pricing page.

Getting Started

Premium SSD v2 is currently available in preview in select regions. If you are interested in participating in the preview, you can request access to get started. Once enrolled in the preview program, you will be able to create and manage Premium SSD v2 via the Azure portal, PowerShell, and CLI SDKs. You can refer to the Premium SSD v2 documentation to learn more.

We look forward to hearing your feedback. Please email us at AzureDisks@microsoft.com with any questions.
Quelle: Azure

15. Juli 2022

da Agency

Microsoft joins Jakarta EE and MicroProfile Working Groups at Eclipse Foundation

We’re excited to announce that Microsoft has joined the Eclipse Foundation Jakarta EE and MicroProfile Working Groups as an Enterprise and Corporate member, respectively. Our goal is to help advance these technologies to deliver better outcomes for our Java customers and the broader community. We’re committed to the health and well-being of the vibrant Java ecosystem, including Spring (Spring utilizes several key Jakarta EE technologies). Joining the Jakarta EE and MicroProfile groups complements our participation in the Java Community Process (JCP) to help advance Java SE.

Over the past few years, Microsoft has made substantial investments in offerings for Java, Jakarta EE, MicroProfile, and Spring technologies on Azure in collaboration with our strategic partners. With Red Hat, we’ve built a managed service for JBoss EAP on Azure App Service. We’re also collaborating with Red Hat to enable robust solutions for JBoss EAP on Virtual Machines (VMs) and Azure Red Hat OpenShift (ARO). With VMware, we jointly develop and support Azure Spring Apps (formerly Azure Spring Cloud), a fully managed service for Spring Boot applications. And with Oracle and IBM, we’ve been building solutions for customers to run WebLogic and WebSphere Liberty/Open Liberty on VMs, Azure Kubernetes Service, and ARO (WebSphere). Other work includes a first-party managed service to run Tomcat and Java SE (App Service) and Jakarta Messaging support in Azure Service Bus. Learn more about these Java EE, Jakarta EE, and MicroProfile on Azure offerings.

Our strategic partners

Microsoft is actively improving our support for running Quarkus on Azure, including on emerging platforms such as Azure Container Apps. The expanded investment in Jakarta EE and MicroProfile is a natural progression of our work to enable Java on Azure. Our broad and deep partnerships with key Java ecosystem stakeholders such as Oracle, IBM, Red Hat, and VMware power our Java on Azure work. These strategic partners share our enthusiasm for the Jakarta EE and MicroProfile journeys that Microsoft has embarked upon.

"We're thrilled to have an organization with the influence and reach of Microsoft joining the Jakarta EE Working Group. Microsoft has warmly embraced all things Java across its product and service portfolio, particularly Azure. Its enterprise customers can be confident that they will be actively participating in the further evolution of the Jakarta EE specifications which are defining enterprise Java for today's cloud-native world."—Mike Milinkovich, Executive Director, Eclipse Foundation.

“We welcome Microsoft to the Jakarta EE and MicroProfile Working Groups. We are pleased with our collaboration with Microsoft in delivering Oracle WebLogic Server solutions in Azure, which are helping customers to use Jakarta EE in the cloud. We look forward to more collaboration in the Jakarta EE and MicroProfile Working Groups.”—Tom Snyder, Vice President, Oracle Enterprise Cloud Native Java.

“IBM’s collaboration with Microsoft has shown Jakarta EE and MicoProfile running well in a number of Azure environments on the Liberty runtime, so it’s exciting to see Microsoft now joining the Jakarta EE and MicroProfile Working Groups. I look forward to seeing Microsoft bringing another perspective to the Working Groups based on their experience and needs for Azure customers.”—Ian Robinson, Chief Technology Officer, IBM Application Platform.

"It is great to see Microsoft officially join both MicroProfile and Jakarta EE as they'd been informally involved in these efforts for a long time. I hope to see Microsoft's participation bring experience from their many users and partners who have developed and deployed enterprise Java applications on Azure for several years."—Mark Little, Vice President, Software Engineering, Red Hat.

"We are excited to see Microsoft supporting the Jakarta EE Working Group. Jakarta EE serves as a key integration point for Spring applications and we look forward to the future evolution of common specifications like Servlet, JPA, and others. Microsoft delights developers with their continued support of the Java ecosystem along with their work with VMware on bringing a fully managed Spring service to Azure.”—Ryan Morgan, Vice President, Software Engineering, VMware.

Looking to the future

As part of the Jakarta EE and MicroProfile working groups, we’ll continue to work closely with our long-standing partners. We believe our experience with running Java workloads in the cloud will be valuable to the working groups, and we look forward to building a strong future for Java together with our customers, partners, and the community.

Learn more about Java on Azure offerings for Jakarta EE and MicroProfile.
Quelle: Azure

15. Juli 2022

da Agency

Gateway Load Balancer now generally available in all regions

Previously, we announced the public preview release of Gateway Load Balancer (GWLB), a new SKU of Azure Load Balancer targeted for transparent NVA (network virtual appliance) insertion supported by a growing list of NVA providers. Today, placing NVAs in the path of traffic is a growing need for customers as their workloads scale. Common use cases of NVAs we’ve seen are:

Allowing or blocking specific IPs using virtual firewalls.
Protecting applications from DDoS attacks.
Analyzing or visualizing traffic patterns.

And GWLB now offers the following benefits for NVA scenarios:

Source IP preservation.
Flow symmetry.
Lightweight NVA management at scale.
Auto-scaling with Azure Virtual Machines Scale Sets (VMSS).

With GWLB, bump-in-the-wire service chaining becomes easy to add on to new or existing architectures in Azure. This means customers can easily “chain” a new GWLB resource to both Standard Public Load Balancers and individual virtual machines with Standard Public IPs, covering scenarios involving both highly available, zonally resilient deployments and simpler workloads.

Figure 1: GWLB can be associated to multiple consumer resources, including both Standard Public Load Balancers and Virtual Machines with Standard Public IPs. When GWLB is chained to the front-end configuration or VM NIC IP configuration, unfiltered traffic from the internet will first be directed to the GWLB and then reach the configured NVAs. The NVAs will then inspect the traffic and send the filtered traffic to the final destination, the consumer application hosted on either the load balancer or virtual machine.

What’s new with Gateway Load Balancer

GWLB borrows a majority of the same concepts as the Standard Load Balancers that customers are familiar with today. You’ll have most of the same components such as frontend IPs, load balancing rules, backend pools, health probes, and metrics, but you’ll also see a new component unique to GWLB—VXLAN tunnel interfaces.

VXLAN is an encapsulation protocol utilized by GWLB. This allows traffic packets to be encapsulated and decapsulated with VXLAN headers as they traverse the appropriate data path, all while maintaining their original source IP and flow symmetry without requiring Source Network Address Translation (SNAT) or other complex configurations like user-defined routes (UDRs).

The VXLAN tunnel interfaces are configured as part of the GWLB’s back-end pool and enable the NVAs to isolate “untrusted” traffic from “trusted” traffic. Tunnel interfaces can either be internal or external and each backend pool can have up to two tunnel interfaces. Typically, the external interface is used for “untrusted” traffic—traffic coming from the internet and headed to the appliance. Correspondingly, the internal interface is used for “trusted” traffic—traffic going from your appliances to your application.

Contoso case study

To better understand the use case of GWLB, let’s dive deeper into example retail company Contoso’s use case.

Who is Contoso?

Contoso is a retail company that uses Azure Load Balancer today to make their web servers supporting their retail platform regionally resilient. In the past few years, they’ve experienced exponential growth and now serve over 20 million visitors per month. When faced with the need to scale their retail platform, they chose Azure Load Balancer because of its high performance coupled with ultra-low latency. As a result of their success, they’ve begun to adopt stricter security practices to protect customer transactions and reduce the risk of harmful traffic reaching their platforms.

What does Contoso’s architecture look like today?

One of their load balancers supporting the eastus region is called contoso-eastus and has a front-end IP configuration with the public IP 101.22.462. Today, traffic headed to 101.22.462 on port 80 is distributed to the backend instances on port 80 as well.

What’s the problem?

The security team recently identified some potentially malicious IP addresses that have been attempting to access their retail platform. As a result, they’re looking to place a network-layer virtual firewall to protect their applications from IP addresses with poor reputations.

What’s the plan?

Contoso has decided to go with a third-party NVA vendor whose appliances the team has used in other contexts such as smaller scale applications or other internal-facing tools. The security team wants to keep the creation of additional resources to a minimum to simplify their NVA management architecture, so they decide map one GWLB with an auto-scaling backend pool of NVAs using Azure VMSS to each group of load balancers deployed in the same region.

Deploying Gateway Load Balancer

The cloud infrastructure team at Contoso creates a GWLB with their NVAs deployed using Azure VMSS. Then, they chain this GWLB to their 5 Standard Public LBs for the eastus region. After verifying that their Data Path Availability and Health Probe Status metrics are 100 percent on both their GWLB and on each chained Standard Public LB, they run a quick packet capture to ensure everything is working as expected.

What happens now?

Now, traffic packets whose destination are any of the frontend IPs of the Standard Public LBs for eastus will be encapsulated using VXLAN and sent to the GWLB first. At this point, the firewall NVAs will decapsulate the traffic, inspect the source IP, and determine whether this traffic is safe to continue on towards the end application. The NVA will then re-encapsulate traffic packets that meet the firewall’s criteria and send it back to the Standard LB. When the traffic reaches the Standard LB, the packets will be decapsulated, meaning that the traffic will appear as if it came directly from the internet, with its original source IP intact. This is what we mean by transparent NVA insertion, as Contoso’s retail platform applications will behave exactly as they did before, without ever knowing that the packet was inspected or filtered by a firewall appliance prior to reaching the application server.

Gateway Load Balancer partners

Gateway Load Balancer supports a variety of NVA providers, you can learn more about each of our partners on our partners page.

Virtual firewalls

Check Point
Cisco
F5
Fortinet
Palo Alto Networks

Traffic observability

cPacket Networks
Glasnostic

Network security

Citrix
Trend Micro
Valtix

DDoS protection

A10 Networks

Learn more

Try out Gateway Load Balancer today with the help of our quickstart tutorials, or read more about Gateway Load Balancer on our public documentation.
Quelle: Azure

14. Juli 2022

da Agency

Modernize with Azure Migrate

With the pandemic mostly behind us, several large economies have opened in some shape or form. This, despite the uneven supply of goods and services and higher than usual energy costs. The higher energy cost and the resulting increase in the cost of doing business, has led to a tighter economic outlook. Coupled with long lead times for required parts and continued remote work, datacenter management is harder and costlier than it has been. However, maintaining and growing any business requires additional information technology (IT) resources. Thus, there is an increased need for IT solutions to maintain business continuity and sustain innovation. Hyperscalers such as Microsoft’s Azure fill this need and are less affected by these constraints due to the economies of scale. Further, the cloud consumption model allows customers to quickly scale resources up or down to support agile businesses. This is why public cloud spend continues to accelerate and the top cloud initiatives for all organizations are migrating more loads, optimizing existing use, and modernizing through platform as a service (PaaS) or software as a service (SaaS)1.

Customer requirements

The customer requirement is to stay competitive, both on the technical and business fronts, to ensure continued success. Technical competency requires an agile and innovative IT platform with data analytics to provide insights that can help differentiate from the competition. It would be ideal if such an innovative platform is available at a lower cost. Incidentally, modernizing existing IT infrastructure, applications, and data to PaaS/SaaS models in the cloud, delivers on all these requirements, leading to a higher return on investment (ROI) for the customer.

The higher efficiency and lower cost due to the adoption of modern cloud-native architectures, such as PaaS and SaaS, also leads to greater levels of flexibility. Thus, setting the stage for the customer to realize greater value as they progress from IaaS to PaaS and onto SaaS models. Please download our analyst report for details on options and value due to application modernization in Azure.

Microsoft’s commitment to modernization

This week at Microsoft Inspire, we are highlighting our commitment to modernization with integrated, at-scale modernization of ASP.NET applications to Azure Application Service. Also, in preview is Azure Migrate’s support of discovery and assessment of SQL Server running in Microsoft Hyper-V and Physical environments and IaaS services of other public clouds. Please see our tech community blog for more details on this, and other Azure Migrate features available for Linux and Windows workloads.

Enabling deeper integration with our ISV partners

Azure Migrate’s extensible framework is ideal for deeper integration of first-party features to drive automation, while also leveraging third-party tools. Here is a brief view of partner capabilities that can be added to this flexible framework:

Over the years, enterprises have built and expanded custom applications, which require modernization to better support fast-changing business needs. See how Microsoft and CAST partner by combining Azure Migrate and software intelligence produced by CAST technology to automate migration and modernization under the Azure Migration and Modernization Program (AMMP).
Operability of your cloud infrastructure and workloads is key to cloud adoption success and Azure landing zones provide prescriptive guidance to set a well architected foundation for your Azure infrastructure. In partnership with HashiCorp and our Terraform Azure community, we now have the reference implementation for deploying and managing Azure resources at enterprise scale.

Learn more

Attend this Microsoft Inspire on-demand session to learn more about cloud migration and modernization. Check out this FastTrack link for moving to Azure efficiently and get best practice guidance from the Azure migration and modernization center (AMMC). AMMP is now one comprehensive program for all migration and modernization needs of our customers. Learn more and join AMMP today.

Sources:

1. Trends in Cloud Computing: 2022 State of the Cloud Report, Flexera.com.
Quelle: Azure

14. Juli 2022

da Agency

Accelerating capital markets workloads for Murex on Azure

The financial services industry is constantly evolving to meet customer and regulatory demands. It is facing a variety of challenges spanning people, processes, and technology. Financial institutions (FIs) need to continuously accelerate to achieve technology and innovation while maintaining scale, quality, speed, and safety. Simultaneously, they need to handle evolving regulatory frameworks, manage risk, digitally transform, process financial transaction volumes, and accelerate cost reductions and restructuring efforts.

Murex is a leading global software provider of trading, risk management, processing operations, and post-trade solutions for capital markets. FIs around the world deploy Murex’s MX.3 platform to better manage risk, accelerate transformation, and simplify compliance while driving revenue growth.

Murex MX.3 on Azure

Murex MX.3 has been certified for Microsoft Azure since version 3.1.35. We have been collaborating with Murex and global strategic partners like Accenture and DXC to provide Murex customers with a simple way to create and scale MX.3 infrastructure and achieve agility in business transformation. With the recent version 3.1.48, SQL Server is supported and customers can now benefit from the performance, scalability, resilience, and cost savings facilitated by SQL Server. With SQL Server IaaS Extension, Murex customers can run SQL Server virtual machines (VMs) in Azure with PaaS capabilities for Windows OS (with automated patching setting disabled in order to prevent the installation of a cumulative update that may not yet be supported by MX3).

Architecture

Murex customers can now refer to the architecture to implement MX.3 application on Azure. Azure enables a secure, reliable, and efficient environment, significantly reducing the infrastructure cost needed to operate the MX.3 environment and providing scalability and a highly performant environment. Customers running MX.3 on Azure can take advantage of multilayered security provided by Microsoft across physical data centers, infrastructure, and operations in Azure. They can benefit from the Compliance Program that helps accelerate cloud adoption with proactive compliance assurance for highly critical and regulated workloads. Customers can maximize their existing on-premises investments using an effective hybrid approach. Azure provides a holistic, seamless, and more secure approach to innovation across customers’ on-premises, multicloud, and edge environments.

The architecture is designed to provide high availability and disaster recovery. Murex customers can achieve threat intelligence and traffic control using Azure Firewall, cost optimization using Reserved Instances and VM scale sets, and high storage throughout using Azure NetApp Files Ultra Storage.

“With the deployment of large scale—originally specialized platform-based—Murex workloads, Azure NetApp Files has proven to deliver the ideal Azure landing zone for storage-performance intensive, mission-critical enterprise applications and to live up to its promise to Migrate the Un-migratable," says Geert van Teylingen, Azure NetApp Files Principal Product Manager from NetApp.

Customers running Murex on Azure

Customers around the world are migrating the Murex platform from on-premises to Azure.

ABN AMRO has moved their MX.3 trading and treasury front-to-back-to-risk platform to Azure, achieving flexibility, agility, and improved time to market. ABN AMRO’s journey to Azure progressed from proof of concept to production, with the Murex MX.3 platform now entirely operational on Azure.

“The key focus for us was always to make sure that we could automate most processes while preserving its operational excellence and key features,” says Kees van Duin, IT Integrator at ABN AMRO.

“Thanks to Microsoft, we were able to preserve nearly 90 percent of our original design and move our platform to the cloud, while in-production, as efficiently as possible. We couldn’t be happier with the result,” he continues.

For Pavilion Energy, Upskills helped drive implementation for Murex Trading in Azure, helping reduce the risk of errors, increase the volume of trading activities, and optimize the management of their Murex MX.3 platform environments.

“We have been working on the Murex technology for over 10 years. Implementing Murex Trading Platform fully into Azure has proven to be the right decision to reduce the risk of delivery, optimize the environments management, and provide sustainable solutions and support to Pavilion Energy” says Thong Tran, Chief Executive Officer (CEO) of Upskills.

Strategic partners helping accelerate Murex workloads

Murex customers can modernize MX.3 workloads, reduce time-to-market and operational costs, and increase acceleration, leveraging accelerators, scripts, and blueprints from our partners—Accenture and DXC.

Accenture and Microsoft have decades of experience partnering with each other and building joint solutions that help customers achieve their goals. Leveraging our strategic alliance to better serve our customers, Accenture has designed and created specific accelerators, tools, and methodologies for MX.3 on Azure that could help organizations develop richer DevOps and become more agile while controlling costs.

Luxoft, a DXC Technology Company, with Microsoft as a global strategic partner for more than 30 years and Murex as a top-tier alliance partner for more than 13 years, helps modernize solutions to connect people, data, and processes with tangible business results. DXC has developed execution frameworks that adopt market best practices to accelerate and minimize risks of cloud migration of MX.3 to Azure.

Keeping pace with the changing regulatory and compliance constraints, financial innovation, computation complexity, and cyber threats is essential for FIs. FIs around the world are relying on Murex MX.3 to accelerate transformation and drive growth and innovation while complying with complex regulations. Customers are using Azure to enhance business agility and operation efficiency, reduce risk and total cost of ownership, and achieve scalability and robustness.

Additional resources

Microsoft and Murex team to help FIs move to Azure
Murex MX.3 architecture
ABN AMRO digital transformation journey with Murex

Quelle: Azure

13. Juli 2022

da Agency

MLOps Blog Series Part 4: Testing security of secure machine learning systems using MLOps

The growing adoption of data-driven and machine learning–based solutions is driving the need for businesses to handle growing workloads, exposing them to extra levels of complexities and vulnerabilities.

Cybersecurity is the biggest risk for AI developers and adopters. According to a survey released by Deloitte, in July 2020, 62 percent of adopters saw cybersecurity risks as a significant or extreme threat, but only 39 percent said they felt prepared to address those risks.

In Figure 1, we can observe possible attacks on a machine learning system (in the training and inference stages).

Figure 1: Vulnerabilities of a machine learning system.

To know more about how these attacks are carried out, check out the Engineering MLOps book. Here are some key approaches and tests for securing your machine learning systems against these attacks:

Homomorphic encryption

Homomorphic encryption is a type of encryption that allows direct calculations on encrypted data. It ensures that the decrypted output is identical to the result obtained using unencrypted inputs.

For example, encrypt(x) + encrypt(y) = decrypt(x+y).

Privacy by design

Privacy by design is a philosophy or approach for embedding privacy, fairness, and transparency in the design of information technology, networked infrastructure, and business practices. The concept brings an extensive understanding of principles to achieve privacy, fairness, and transparency. This approach will enable possible data breaches and attacks to be avoided.

Figure 2: Privacy by design for machine learning systems.

Figure 2 depicts some core foundations to consider when building a privacy by design–driven machine learning system. Let’s reflect on some of these key areas:

Maintaining strong access control is basic.
Utilizing robust de-identification techniques (in other words, pseudonymization) for personal identifiers, data aggregation, and encryption approaches are critical.
Securing personally identifiable information and data minimization are crucial. This involves collecting and processing the smallest amounts of data possible in terms of the personal identifiers associated with the data.
Understanding, documenting, and displaying data as it travels from data sources to consumers is known as data lineage tracking. This covers all of the data's changes along the journey, including how the data was converted, what changed, and why. In a data analytics process, data lineage provides visibility while considerably simplifying the ability to track data breaches, mistakes, and fundamental causes.
Explaining and justifying automated decisions when you need to are vital for compliance and fairness. High explainability mechanisms are required to interpret automated decisions.
Avoiding quasi-identifiers and non-unique identifiers (for example, gender, postcode, occupation, or languages spoken) is best practice, as they can be used to re-identify persons when combined.

As artificial intelligence is fast evolving, it is critical to incorporate privacy and proper technological and organizational safeguards into the process so that privacy concerns do not stifle its progress but instead lead to beneficial outcomes.

Real-time monitoring for security

Real-time monitoring (of data: inputs and outputs) can be used against backdoor attacks or adversarial attacks by:

Monitoring data (input and outputs).
Accessing management efficiently.
Monitoring telemetry data.

One key solution is to monitor inputs during training or testing. To sanitize (pre-process, decrypt, transformations, and so on) the model input data, autoencoders, or other classifiers can be used to monitor the integrity of the input data. The efficient monitoring of access management (who gets access, and when and where access is obtained) and telemetry data can result in being aware of quasi-identifiers and help prevent suspicious attacks.

Learn more

For further details and to learn about hands-on implementation, check out the Engineering MLOps book, or learn how to build and deploy a model in Azure Machine Learning using MLOps in the Get Time to Value with MLOps Best Practices on-demand webinar. Also, check out our recently announced blog about solution accelerators (MLOps v2) to simplify your MLOps workstream in Azure Machine Learning.
Quelle: Azure

12. Juli 2022

da Agency

How Microsoft Azure Cross-region Load Balancer helps create region redundancy and low latency

In this blog, we’ll walk through Microsoft Azure Cross-region Load Balancer (also known as the Global tier of Standard Load Balancer) through a case study with a retail customer. By incorporating Azure Cross-region Load Balancer into their end-to-end architecture, the customer was able to achieve region redundancy, high availability, and low latency for their end applications with a quick turnaround time for scaling events while retaining their IPs for TCP and UDP connections. DNS-based global load balancing solution was considered but not adopted due to long failover time caused by time-to-live not being honored.

Low latency with geo-proximity-based routing algorithm

Figure 1: With Azure Load Balancer all traffic will be routed to a random backend server based on 5-tuple hash.

Figure 2: With Cross-region Load Balancer traffic will be routed to the closest regional deployment.

With the previous setup, all traffic regardless of source IP location will be first forwarded to the load balancer’s region. This could take several hops across data centers which could introduce additional latency to network requests. With Azure Cross-region Load Balancer’s geo-proximity-based routing, end customers are being routed to the closest regional deployment which dramatically improves latency.

Automatic failover for disaster recovery

Figure 3: With Standard SKU Load Balancer, when the only regional deployment or the Load Balancer goes down, all traffic can be impacted.

Figure 4: Cross-region Load Balancer ensures seamless failover for disaster recovery.

Even though Standard Load Balancer offers zone redundancy, it is a regional resource. If a regional outage occurs causing the Load Balancer or all the backend servers to go unavailable, traffic will not be able to be forwarded as it arrives at the Load Balancer frontend. As a result, the website will be unavailable to the end customers. By adding a Cross-region Load Balancer on top of several existing regional deployments, the customer is now armed with region redundancy which ensures high availability of their end application. If web server one goes down, the end customer's traffic will be re-routed to web server two to ensure no packet gets dropped.

Scale up and down with no downtime

Figure 5: Easy scaling when using Microsoft Azure Virtual Machine Scale Sets (VMSS) combined with Cross-region Load Balancer.

Like many other industries, the retail industry faces frequent changes in traffic volume due to seasonality and other spontaneous trends. As a result, the customer’s top concern is to scale up and down in real-time. There are two ways to achieve this today with a Cross-region Load Balancer. One way is to directly add or remove a regional Public Load Balancer behind the Cross-region Load Balancer. Another way is to use Microsoft Azure Virtual Machine Scale Sets with a pre-configured autoscaling policy.

Zero friction for adoption

Azure Load Balancer has been an important part of the customer’s end-to-end architecture for stable connectivity and smart load balancing. By leaving the existing network architecture as is and simply adding a Cross-region Load Balancer on top of the existing load balancer set up, the customer is saved from any additional overhead or friction due to the addition of a Cross-region Load Balancer.

Client IP preservation

Cross-region load balancer is a Layer-4 pass-through network load balancer, which ensures that the Load Balancer preserves the original IP address of the network packet. IP preservation allows you to apply logic in the backend server that is specific to the original client IP address.

Next steps

Cross-region Load Balancer is now in preview.

Read our Microsoft Docs page to learn about creating a Cross-region Load Balancer using the Azure portal.
Quelle: Azure

8. Juli 2022

da Agency

Digital transformation for manufacturers requires additional IT/OT security

While every industry is vulnerable to a ransomware attack, manufacturers are at a particular risk. While digitization and automation have helped transform the industry, it has simultaneously opened up new attack vectors within organizations. Now the most targeted industry, the manufacturing industry, has seen a 300 percent increase in cyberattacks in a single year.

Beyond the tremendous growth in attacks, manufacturing companies make an ideal target for hackers due to the high value of the companies themselves, the high costs of unplanned downtime, and the highly visible impact that downtime has on consumers’ daily lives. With the risks so high, an enterprise-level solution that provides visibility and protection like Microsoft Defender for IoT is essential.

Visibility is the first step to network protection

The number of connected industrial control system (ICS)/operational technology (OT) devices in manufacturing facilities continues to grow. The benefits for the operations side of the house are clear, but the lack of visibility into them poses serious security risks for chief information security officers (CISOs).

Manufacturers often have no way to identify and monitor what all their connected devices are doing and with whom or what they are communicating. Worse, all too often they lack even a simple inventory of all the connected devices they have in their facilities. In case of an attack, the lack of visibility means that they have no way of tracing the attack vector the hacker took, making them vulnerable to a second wave and delaying recovery and remediation.

Continuous monitoring without impacting productivity

Microsoft Defender for IoT not only creates asset maps within minutes of being turned on, but it also provides continuous monitoring of every device in every facility around the world. Microsoft’s Section 52 has access to tens of trillions of identity, endpoint, and other signals each day. The threat intelligence from this specialized IoT and ICS research team produces high-impact insights that help keep manufacturers safe from attacks.

The agentless nature of the system protects companies without impacting production, no matter the topology of the network or the regulations governing the industry. And, with round-the-clock protection, Microsoft Defender for IoT can alert the SecOps team about an intrusion any time, any place.

Security for networks in an age of IT and OT convergence

As their digital transformations have progressed, manufacturers have seen their IT and OT environments converge. The air gap between them that ensured production would continue even if IT assets were taken offline is increasingly a thing of the past. With these trendlines, forward-thinking CISOs and their boards are taking proactive steps to protect the entire company from cyber-physical attacks that could have huge costs to safety, production, reputation, and the bottom line.

Fortunately, Microsoft Defender for IoT can usually be deployed in less than a single day per facility and works right out of the box for large enterprises and small, niche facilities. With it, defenders of OT networks have a powerful new tool at their disposal to help keep hackers out and people, production, and profits safe.

For more information on how Microsoft Defender for IoT can help protect your business, visit Microsoft Defender for IoT | Microsoft Azure today.
Quelle: Azure

8. Juli 2022

da Agency

What is desktop as a service (DaaS) and how can it help your organization?

Today’s workers want the freedom to respond to email and collaborate with colleagues from anywhere, on any device—whether they’re working at their kitchen table, at the airport waiting for their flight to board, or in the carpool line waiting for their kids to get out of school. The pandemic proved that remote teams could succeed, no matter where they worked and how far-flung they were.

Even so, many companies are still scrambling to accommodate the technological needs of their hybrid and remote workers. Desktop as a service, sometimes known by the acronym DaaS, can help.

What is desktop as a service (DaaS)?

DaaS is a high-performing, secure, cost-effective type of desktop virtualization. DaaS frees businesses from tethering their computer operating systems and productivity software to any physical hardware. Instead, businesses can use DaaS to access virtual desktops over the internet from a cloud provider. Cloud providers that offer this service distribute and manage virtual desktops from their own datacenters.

DaaS vs. on-premises

DaaS solutions differ from on-premises software in a number of ways, most notably:

Pricing. With DaaS, companies can avoid making advance purchases of hardware that they anticipate their employees needing, such as expensive desktops and laptops. Instead, companies pay cloud providers only for the data, resources, and services that they use.

Scalability. Cloud providers offer companies the freedom to use any amount of desktops on a fluctuating basis. This gives companies instant access to the precise number of desktops they need, whenever and wherever they need them.

Management. Cloud providers offering DaaS conduct maintenance, data storage, updates, backup, and other desktop management for companies that outsource these solutions. DaaS providers often manage their customers’ desktops, applications, and security as well.

What are the benefits of DaaS?

The financial, performance, and administrative benefits of using DaaS are numerous. Let’s look at some of the biggest reasons businesses use this type of desktop virtualization.

Enables remote work. The rise of hybrid and remote workplaces calls for a different approach to accessing applications and data. With DaaS, IT teams can easily move data between different platforms and users can easily access the data they need from multiple machines, no matter where they work.

Supports BYOD. Besides freeing employees from physical offices, DaaS can free employees from solely working on company-issued devices or with one particular device. With DaaS, IT teams can more easily support bring your own device, or BYOD, policies that let employees work on their own phones, tablets, and laptops.

Simplifies desktop management. For IT teams, outsourcing the deployment, configuration, and management of virtual desktops helps reduce the administrative load. The ability to quickly scale up or down the use of desktops, applications, and data based on user need also helps to ease IT duties.

Helps increase security. DaaS poses fewer security risks because the data resides in the cloud provider’s datacenter, not on the laptops, tablets, and phones that employees use. If a computer or device is lost or stolen, it can easily be disconnected from the cloud service.

Reduces IT costs. DaaS solutions save businesses money by shifting IT costs from traditional on-premises hardware and software purchased up front and in bulk to cloud-based services and desktops purchased as needed. DaaS can run on devices that require far less computing power than a standard laptop or desktop machine, which helps companies save money. Allowing employees to use their own devices also helps save on hardware costs, as does reducing the workload of IT teams.

Extends the life of legacy machines. Companies that lack the immediate funds to upgrade all of their outdated machines can use DaaS to install a newer operating system on them. Serving the newer operating system from the cloud is a more affordable prospect than replacing an entire fleet of on-premises equipment all at once.

Real-world uses for DaaS

Cloud providers usually offer two flavors of DaaS, persistent desktop and nonpersistent desktop:

Persistent desktop offers the greatest degree of application compatibility and personalization and is necessary for users that require elevated permissions. This usually results in a higher cost per user than a nonpersistent desktop. A persistent desktop is a good fit for developers and IT professionals.
Nonpersistent desktop offers the lowest cost solution by separating the personalization layer from the underlying operating system. This enables any user to log onto any virtual machine (VM) and maintain a personalized environment. This option is a good fit for knowledge workers and task workers.

We’ve already looked at how DaaS benefits remote and hybrid workforces, BYOD programs, and companies looking to optimize their IT assets and costs. But there are many other business uses for DaaS, including:

Modernizing call centers. Organizations with shift workers who require the same software to do task-based work can optimize IT resources by using nonpersistent desktops and remote applications.
Accelerating deployment and decommissioning. Nonpersistent desktops can help seasonal businesses that routinely undergo staffing fluctuations reduce the time and costs associated with deploying and decommissioning desktop users.
Granting contractors and partners secure data access. Companies can increase the login security of their contractors, vendors, and business partners by enabling them to work on virtual desktops from their own devices.
Ensuring business continuity. Companies can help safeguard their data against natural disasters and other threats to daily operations by outsourcing desktop management to cloud providers that offer airtight data protection at remote datacenters.
Increasing sustainability. By using cloud-based virtual desktops to reduce the amount of hardware used onsite, businesses can decrease their power consumption and electronic waste, thus reducing their environmental impact.

Explore the flexibility of Azure Virtual Desktop

Azure Virtual Desktop is a desktop and application solution that enables your remote workforce to stay productive regardless of location or device—all while being secure, scalable, and cost-effective. With Azure Virtual Desktop, you can:

Deliver Windows 10 and Windows 11 desktops virtually anywhere. Give employees the only virtual desktop solution that’s fully optimized for Windows 10, Windows 11, and Microsoft 365 with multisession capabilities—no matter what device they’re using, no matter where they’re using it.

Keep your applications and data secure and compliant. Use the built-in, reliable security features of Azure to stay ahead of potential threats and take remedial action against breaches.

Simplify deployment and management. The Azure portal enables you to configure your network settings, add users, deploy desktops and applications, and enable security with just a few clicks. Citrix and VMware customers also can streamline the delivery of virtual desktops and applications with Azure.

Reduce costs with multisession and existing licenses. Optimize costs with the eligible Microsoft 365 or Windows licenses that you already have. Use Windows 10 and Windows 11 multisession support to reduce infrastructure costs. Plus, take advantage of flexible, consumption-based pricing to pay for only what you use.

To explore how to get started with Azure Virtual Desktop, read the Quickstart Guide to Azure Virtual Desktop. In it, you’ll find:

Guidance on planning a successful deployment of Azure Virtual Desktop.
Steps to set up and optimize your virtual desktops with just a few clicks.
Best practices, recommendations, and troubleshooting tips.

If you’d like to continue your exploration of Azure:

Try Azure Virtual Desktop free.
Get started with 12 months of free services.

Quelle: Azure

6. Juli 2022

da Agency

Choose the right size for your workload with NVads A10 v5 virtual machines, now generally available

Visualization workloads entail a wide range of use cases: from computer-aided design (CAD), to virtual desktops, to high-end simulations. Traditionally, when running these graphics-heavy visualization workloads in the cloud, customers have been limited to purchasing virtual machines (VMs) with full GPUs, which increased costs and limited flexibility. So, in 2019, we introduced the first GPU-partitioned (GPU-P) virtual machine offering in the cloud. And today, your options just got wider. Introducing the general availability of NVads A10 v5 GPU accelerated virtual machines, now available in US South Central, US West2, US West3, Europe West, and Europe North regions. Azure is the first public cloud to offer GPU partitioning (GPU-P) on NVIDIA GPUs.

NVads A10 v5 virtual machines feature NVIDIA A10 Tensor Core GPUs, up to 72 AMD EPYC™ 74F3 vCPUs with clock frequencies up to 4.0 GHz, 880 GB of RAM, 256 MB of L3 cache, and simultaneous multithreading (SMT).

Pay-as-you-go, one-year and three-year Azure Reserved Instances, and Spot virtual machines pricing for Windows and Linux deployments are now available.

Flexible and affordable NVIDIA GPU-powered workstations in the cloud

Many enterprises today use NVIDIA vGPU technology on-premises to create virtual GPUs that can be shared across multiple virtual machines. We are always innovating to provide cloud infrastructure that makes it easy for customers to migrate to the cloud. By working with NVIDIA, we have implemented SR-IOV-based GPU partitioning that provides customers cost-effective options, similar to the vGPU profiles configured on-premises to pick the right-sized GPU-powered virtual machine for the workload. The SR-IOV-based GPU partitioning provides a strong, hardware-backed security boundary with predictable performance for each virtual machine.

With support for NVIDIA vGPU, customers can select from virtual machines with one-sixth of an A10 GPU and scale all the way up to two full A10 GPU configurations. This offers cost-effective entry-level and low-intensity GPU workloads on NVIDIA GPUs, while still giving customers the option to scale up to powerful full-GPU and multi-GPU processing power. Each GPU partition in the NVads A10 v5 series virtual machines includes the full NVIDIA RTX(GRID) license and customers can either deploy a single virtual workstation per user or offer multiple sessions using the Windows Enterprise multi-session operating system. Our customers love the integrated license validation feature as it simplifies the user experience by eliminating the need to deploy dedicated license server infrastructure and provides customers with a unified pricing model.

"The NVIDIA A10 GPU-accelerated instances in Azure with support for GPU partitioning are transformational for customers seeking cost-effective cloud options for graphics- and compute-intensive workloads. Now, enterprises can access powerful RTX Virtual Workstation instances accelerated by NVIDIA Ampere architecture-based A10 GPUs—sized to meet the performance requirements of creative and technical professionals working across industries such as manufacturing, architecture, and media and entertainment."— Anne Hecht, Senior Director, Product Marketing, NVIDIA.

NVIDIA RTX Virtual Workstations include the latest enhancements in AI, ray tracing, and simulation to enable incredible 3D designs, photorealistic simulations, and stunning visual effects—at faster speeds than ever.

Pick the right-sized GPU virtual machine for any workload

The NVads A10 v5 virtual machine series is designed to offer the right choice for any workload and provide the optimum configurations for both single-user and multi-session environments. The flexible GPU-partitioned virtual machine sizes enable a wide variety of graphics, video, and AI workloads—some of which weren’t previously possible. These include virtual production and visual effects, engineering design and simulation, game development and streaming, virtual desktops/workstations, and many more.

“In the world of CAD design, cost performance and flexibility are of prime importance for our users. Microsoft has completed extensive testing with Siemens NX and we found significant benefits in performance for multiple user scenarios. With GPU partitioning, Microsoft Azure can now enable multiple users to use Siemens NX and efficiently utilize GPU resources offering customers great performance at a reasonable hardware price point.”—George Rendell, Vice President Product Management, Siemens NX.

High performance for GPU-accelerated graphics applications

The NVIDIA A10 Tensor core GPUs in the NVads A10 v5 virtual machines offer great performance for graphics applications. The AMD EPYC™ 74F3 vCPUs with clock frequencies up to 4.0 GHz offer impressive performance for single-threaded applications.

Next steps

For more information on topics covered here, see the following documentation:

NVads A10 v5 virtual machine documentation
Virtual machine pricing
Learn more about Azure HPC + AI
Read about visualization workloads on Azure

Quelle: Azure